[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via 9b6bc91254c VERSION: Bump version up to Samba 4.20.2... via 0ba948cba0b VERSION: Disable GIT_SNAPSHOT for the 4.20.1 release. via d01b50ec4f3 WHATSNEW: Add release notes for Samba 4.20.1. from db658c40f5d s3:utils: Fix Inherit-Only flag being automatically propagated to children https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit 9b6bc91254c96a248047c01d68a074edea3f0e6a Author: Jule Anger Date: Wed May 8 10:00:33 2024 +0200 VERSION: Bump version up to Samba 4.20.2... and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger commit 0ba948cba0b8b0dd4fddbc94999a61b883a3326d Author: Jule Anger Date: Wed May 8 10:00:17 2024 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.20.1 release. Signed-off-by: Jule Anger commit d01b50ec4f3cc3c91677703677e3b45cd1d94758 Author: Jule Anger Date: Wed May 8 09:59:43 2024 +0200 WHATSNEW: Add release notes for Samba 4.20.1. Signed-off-by: Jule Anger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 55 +++ 2 files changed, 56 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 81c319ddc0c..e279f2933b8 100644 --- a/VERSION +++ b/VERSION @@ -27,7 +27,7 @@ SAMBA_COPYRIGHT_STRING="Copyright Andrew Tridgell and the Samba Team 1992-2024" SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=20 -SAMBA_VERSION_RELEASE=1 +SAMBA_VERSION_RELEASE=2 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 5c97836d36f..8249e9326f9 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,58 @@ + == + Release Notes for Samba 4.20.1 +May 08, 2024 + == + + +This is the latest stable release of the Samba 4.20 release series. + + +Changes since 4.20.0 + + +o Douglas Bagnall + * BUG 15630: dns update debug message is too noisy. + +o Alexander Bokovoy + * BUG 15635: Do not fail PAC validation for RFC8009 checksums types. + +o Pavel Filipenský + * BUG 15605: Improve performance of lookup_groupmem() in idmap_ad. + +o Anna Popova + * BUG 15636: Smbcacls incorrectly propagates inheritance with Inherit-Only + flag. + +o Noel Power + * BUG 15611: http library doesn't support 'chunked transfer encoding'. + +o Andreas Schneider + * BUG 15600: Provide a systemd service file for the background queue daemon. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical:matrix.org matrix room, or +#samba-technical IRC channel on irc.libera.chat. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + == Release Notes for Samba 4.20.0 March 27, 2024 -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via db658c40f5d s3:utils: Fix Inherit-Only flag being automatically propagated to children via d28a889aed2 python/samba/tests/blackbox: Add tests for Inherit-only flag propagation from 83da49f3489 tests: Add a test for "all_groups=no" to test_idmap_ad.sh https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit db658c40f5d8aeef9dcc190753b7d14b1fa3f5fb Author: Anna Popova Date: Fri Apr 12 17:32:37 2024 +0300 s3:utils: Fix Inherit-Only flag being automatically propagated to children Inherit-only flag applies only to the container it was set to and it shouldn't be automatically propagated to children. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15636 Signed-off-by: Anna Popova Reviewed-by: Noel Power Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Mon Apr 29 10:56:48 UTC 2024 on atb-devel-224 (cherry picked from commit 80159018e411c643fbfe7ef82bd33e30b6147901) Autobuild-User(v4-20-test): Jule Anger Autobuild-Date(v4-20-test): Tue May 7 08:52:48 UTC 2024 on atb-devel-224 commit d28a889aed25ac98ba4ef34b26190224e5ebe907 Author: yuzu367 Date: Thu Apr 11 11:31:07 2024 +0300 python/samba/tests/blackbox: Add tests for Inherit-only flag propagation BUG: https://bugzilla.samba.org/show_bug.cgi?id=15636 Signed-off-by: Anna Popova Reviewed-by: Noel Power Reviewed-by: Ralph Boehme (cherry picked from commit eba2bfde347041a395f0fbd3c57235be63b1890d) --- Summary of changes: .../blackbox/smbcacls_propagate_inhertance.py | 108 + source3/utils/smbcacls.c | 4 + 2 files changed, 112 insertions(+) Changeset truncated at 500 lines: diff --git a/python/samba/tests/blackbox/smbcacls_propagate_inhertance.py b/python/samba/tests/blackbox/smbcacls_propagate_inhertance.py index cc13727b8fb..5b3a27111d5 100644 --- a/python/samba/tests/blackbox/smbcacls_propagate_inhertance.py +++ b/python/samba/tests/blackbox/smbcacls_propagate_inhertance.py @@ -1288,3 +1288,111 @@ class InheritanceSmbCaclsTests(SmbCaclsBlockboxTestBase): except BlackboxProcessError as e: self.fail(str(e)) + +def test_simple_iocioi_add(self): +"""test smbcacls '--propagate-inheritance --add' which attempts to add the ACL +for the file and additionally use inheritance rules to propagate appropriate +changes to children + +This test adds an ACL with (IO)(CI)(OI)(READ) + +before: + ++-tar_test_dir/(OI)(CI)(I)(F) + +-oi_dir/(OI)(CI)(I)(F) + | +-file.1(I)(F) + | +-nested/ (OI)(CI)(I)(F) + | +-file.2 (I)(F) + | +-nested_again/ (OI)(CI)(I)(F) + | +-file.3 (I)(F) + +after/expected: + ++-tar_test_dir/(OI)(CI)(I)(F) + +-oi_dir/(OI)(CI)(I)(F), (IO)(CI)(OI)(READ) + | +-file.1(I)(F), (I)(READ) + | +-nested/ (OI)(CI)(I)(F), (I)(CI)(OI)(READ) + | +-file.2 (I)(F), (I)(READ) + | +-nested_again/ (OI)(CI)(I)(F), (I)(CI)(OI)(READ) + | +-file.3 (I)(F), (I)(READ)""" + +dir_add_acl_str = "ACL:%s:ALLOWED/OI|CI|IO/READ" % self.user +obj_inherited_ace_str = "ACL:%s:ALLOWED/I/READ" % self.user +dir_inherited_ace_str = "ACL:%s:ALLOWED/OI|CI|I/READ" % self.user + +try: + +self.smb_cacls(["--propagate-inheritance", "--add", +dir_add_acl_str, self.oi_dir]) + +# check top level container 'oi_dir' has IO|CI|OI/READ +dir_ace = self.ace_parse_str(dir_add_acl_str) +self.assertTrue(self.file_ace_check(self.oi_dir, dir_ace)) + +# file 'oi_dir/file-1' should have inherited I/READ +child_file_ace = self.ace_parse_str(obj_inherited_ace_str) +self.assertTrue(self.file_ace_check(self.f1, child_file_ace)) + +# nested dir 'oi_dir/nested/' should have I|CI|OI/READ +child_dir_ace = self.ace_parse_str(dir_inherited_ace_str) +self.assertTrue(self.file_ace_check(self.nested_dir, child_dir_ace)) + +# nested file 'oi_dir/nested/file-2' should have inherited I/READ +self.assertTrue(self.file_ace_check(self.f2, child_file_ace)) + +# nested_again dir 'oi_dir/nested/nested_again' should have I|CI|OI/READ +child_dir_ace = self.ace_parse_str(dir_inherited_ace_str) +self.assertTrue(self.file_ace_check(self.nested_again_dir, child_dir_ace)) +# nested_again file 'oi_dir/nested/nested_again/file-3' should have
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via 83da49f3489 tests: Add a test for "all_groups=no" to test_idmap_ad.sh via 84f82a09ffd selftest: Add "winbind expand groups = 1" to setup_ad_member_idmap_ad via 83701298384 s3:winbindd: Improve performance of lookup_groupmem() in idmap_ad via 8857cf29979 docs-xml: Add parameter all_groupmem to idmap_ad from 215bb9bd48e Do not fail checksums for RFC8009 types https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit 83da49f348921a21a22ff93ffecbd638ff004541 Author: Pavel Filipenský Date: Thu Mar 14 15:24:21 2024 +0100 tests: Add a test for "all_groups=no" to test_idmap_ad.sh BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605 Signed-off-by: Pavel Filipenský Reviewed-by: Andreas Schneider Autobuild-User(master): Pavel Filipensky Autobuild-Date(master): Tue Apr 2 13:25:39 UTC 2024 on atb-devel-224 (cherry picked from commit f8b72aa1f72881989990fabc9f4888968bb81967) Autobuild-User(v4-20-test): Jule Anger Autobuild-Date(v4-20-test): Wed Apr 17 14:38:42 UTC 2024 on atb-devel-224 commit 84f82a09ffd1336bf79cffbe4caa3045aedbd16e Author: Pavel Filipenský Date: Mon Mar 25 22:38:18 2024 +0100 selftest: Add "winbind expand groups = 1" to setup_ad_member_idmap_ad BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605 Signed-off-by: Pavel Filipenský Reviewed-by: Andreas Schneider (cherry picked from commit 2dab3a331b5511b4f2253f2b3b4513db7e52ea9a) commit 837012983840d10488404fac2ebad07dd75a6f1c Author: Pavel Filipenský Date: Tue Mar 12 13:20:24 2024 +0100 s3:winbindd: Improve performance of lookup_groupmem() in idmap_ad The LDAP query of lookup_groupmem() returns all group members from AD even those with missing uidNumber. Such group members are useless in UNIX environment for idmap_ad backend since there is no uid mapping. 'test_user' is member of group "Domanin Users" with 200K members, only 20K members have set uidNumber. Without this fix: $ time id test_user real1m5.946s user0m0.019s sys 0m0.012s With this fix: $ time id test_user real0m3.544s user0m0.004s sys 0m0.007s BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605 Signed-off-by: Pavel Filipenský Reviewed-by: Andreas Schneider (cherry picked from commit 5d475d26a3d545f04791a04e85a06b8b192e3fcf) commit 8857cf299792f50e5917319a38d450c068fa07f4 Author: Pavel Filipenský Date: Wed Mar 13 13:55:41 2024 +0100 docs-xml: Add parameter all_groupmem to idmap_ad BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605 Signed-off-by: Pavel Filipenský Reviewed-by: Andreas Schneider (cherry picked from commit a485d9de2f2d6a9815dcac6addb988a8987e111c) --- Summary of changes: docs-xml/manpages/idmap_ad.8.xml | 10 ++ nsswitch/tests/test_idmap_ad.sh | 22 ++ selftest/target/Samba3.pm| 1 + source3/winbindd/winbindd_ads.c | 11 +++ 4 files changed, 40 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages/idmap_ad.8.xml b/docs-xml/manpages/idmap_ad.8.xml index 32df8d066c2..c7fcc65d763 100644 --- a/docs-xml/manpages/idmap_ad.8.xml +++ b/docs-xml/manpages/idmap_ad.8.xml @@ -105,6 +105,16 @@ + all_groupmem = yes/no + + If set to yes winbind will retrieve all + group members for getgrnam(3), getgrgid(3) and getgrent(3) calls, + including those with missing uidNumber. + + Default: no + + + deny ous This parameter is a list of OUs from which objects will not be mapped via the ad idmap diff --git a/nsswitch/tests/test_idmap_ad.sh b/nsswitch/tests/test_idmap_ad.sh index 7ae112ada71..1d4bd395ba9 100755 --- a/nsswitch/tests/test_idmap_ad.sh +++ b/nsswitch/tests/test_idmap_ad.sh @@ -94,6 +94,14 @@ gidNumber: 201 unixHomeDirectory: /home/forbidden loginShell: /bin/tcsh gecos: User in forbidden OU + +dn: CN=no_posix_id,CN=Users,$BASE_DN +changetype: add +objectClass: user +samaccountName: no_posix_id +unixHomeDirectory: /home/no_posix_id +loginShell: /bin/sh +gecos: User without uidNumber and gidNumber EOF # @@ -171,6 +179,17 @@ then failed=$(($failed + 1)) fi +# +# Test 6: Make sure that with the default "all_groups=no" +# the group "domain users" will not show user "no_posix_id" +# but will show "SAMBA2008R2/administrator" +# + +dom_users="$DOMAIN/domain users" # Extra step to make sure that all is
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated
via 215bb9bd48e Do not fail checksums for RFC8009 types
via db60a1947b8 s4:dns_server: less noisy, more informative debug
messages
via 9155d89a2ae packaging: Provide a systemd service file for samba-bgqd
from 077f39baf7c libcli/http: Detect unsupported Transfer-encoding type
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test
- Log -
commit 215bb9bd48e9aae04ff39633f6dd9255a989bf98
Author: Alexander Bokovoy
Date: Thu Jun 22 09:56:12 2023 +0300
Do not fail checksums for RFC8009 types
While Active Directory does not support yet RFC 8009 encryption and
checksum types, it is possible to verify these checksums when running
with both MIT Kerberos and Heimdal Kerberos. This matters for FreeIPA
domain controller which uses them by default.
[2023/06/16 21:51:04.923873, 10, pid=51149, effective(0, 0), real(0, 0)]
../../lib/krb5_wrap/krb5_samba.c:1496(smb_krb5_kt_open_relative)
smb_krb5_open_keytab: resolving: FILE:/etc/samba/samba.keytab
[2023/06/16 21:51:04.924196, 2, pid=51149, effective(0, 0), real(0, 0),
class=auth] ../../auth/kerberos/kerberos_pac.c:66(check_pac_checksum)
check_pac_checksum: Checksum Type 20 is not supported
[2023/06/16 21:51:04.924228, 5, pid=51149, effective(0, 0), real(0, 0),
class=auth] ../../auth/kerberos/kerberos_pac.c:353(kerberos_decode_pac)
PAC Decode: Failed to verify the service signature: Invalid argument
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15635
Signed-off-by: Alexander Bokovoy
Reviewed-by: Andreas Schneider
Reviewed-by: Andrew Bartlett
(cherry picked from commit 8e931fce126e8c1128da893c806702731c08758a)
Autobuild-User(v4-20-test): Jule Anger
Autobuild-Date(v4-20-test): Tue Apr 16 12:24:55 UTC 2024 on atb-devel-224
commit db60a1947b88a8ddb289f63ac22a6d7b1500f0df
Author: Douglas Bagnall
Date: Thu Apr 11 11:52:14 2024 +1200
s4:dns_server: less noisy, more informative debug messages
This shouldn't have been DBG_ERR, and it might as well say something
about the tombstone.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15630
Signed-off-by: Douglas Bagnall
Reviewed-by: Andreas Schneider
Autobuild-User(master): Andreas Schneider
Autobuild-Date(master): Fri Apr 12 15:18:05 UTC 2024 on atb-devel-224
(cherry picked from commit dde973d170e479632d1a411279f4f0fad6608539)
commit 9155d89a2ae04f45d809c46129687c6f5a510a0d
Author: Andreas Schneider
Date: Mon Mar 4 10:58:23 2024 +0100
packaging: Provide a systemd service file for samba-bgqd
There might be scenarios where the background queue daemon should be
running all the time instead of being started on demand. This makes
especially sense for bigger printing servers with a lot of printers. It
takes ~1 sec to get a printer from cups, so a print server with 100
printers needs 100 seconds to update the printer_list.tdb. The service
will be killed because of idle in the meantime.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15600
Signed-off-by: Andreas Schneider
Reviewed-by: Guenther Deschner
(cherry picked from commit c97071726e163b40f0e391af70e81b3e6c1ab0eb)
---
Summary of changes:
auth/kerberos/kerberos_pac.c | 47 +-
lib/krb5_wrap/krb5_samba.h | 28 +
.../{samba.service.in => samba-bgqd.service.in}| 9 ++---
packaging/wscript_build| 3 +-
source4/dns_server/dnsserver_common.c | 9 +++--
5 files changed, 67 insertions(+), 29 deletions(-)
copy packaging/systemd/{samba.service.in => samba-bgqd.service.in} (50%)
Changeset truncated at 500 lines:
diff --git a/auth/kerberos/kerberos_pac.c b/auth/kerberos/kerberos_pac.c
index ae4557bbd6f..b6272ac15eb 100644
--- a/auth/kerberos/kerberos_pac.c
+++ b/auth/kerberos/kerberos_pac.c
@@ -33,6 +33,7 @@
#include "librpc/gen_ndr/auth.h"
#include "auth/common_auth.h"
#include "auth/kerberos/pac_utils.h"
+#include "lib/krb5_wrap/krb5_samba.h"
krb5_error_code check_pac_checksum(DATA_BLOB pac_data,
struct PAC_SIGNATURE_DATA *sig,
@@ -44,26 +45,34 @@ krb5_error_code check_pac_checksum(DATA_BLOB pac_data,
krb5_keyusage usage = 0;
krb5_boolean checksum_valid = false;
krb5_data input;
-
- switch (sig->type) {
- case CKSUMTYPE_HMAC_MD5:
- /* ignores the key type */
- break;
- case CKSUMTYPE_HMAC_SHA1_96_AES_256:
- if (KRB5_KEY_TYPE(keyblock) != ENCTYPE_AES256_CTS_HMAC_SHA1_96)
{
- return EINVAL;
- }
- /* ok */
- break;
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via 077f39baf7c libcli/http: Detect unsupported Transfer-encoding type via 2fb1bf0205f selftest: Add new test for testing non-chunk transfer encoding via 30bf3d1430f selftest: fix potential reference before assigned error via a70e3a36c82 libcli/http: Handle http chunked transfer encoding via 7e17e4809d5 tests: add test for chunked encoding with http cli library via 26206392153 libcli/http: Optimise reading for content-length via 71eac5a065f selftest: Add basic content-lenght http tests via 19250e13ab6 Add simple http_client for use in black box tests (in following commits) from eaefe50327d VERSION: Bump version up to Samba 4.20.1... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit 077f39baf7cc7f4e4ee8709d48b1cb23b8736c1c Author: Noel Power Date: Thu Mar 28 10:48:58 2024 + libcli/http: Detect unsupported Transfer-encoding type Also removes knownfail for test that now passes BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611 Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett (cherry picked from commit a18c53a9b98e2e8dea08cf0ef08efc59e58ec137) Autobuild-User(v4-20-test): Jule Anger Autobuild-Date(v4-20-test): Thu Apr 11 12:24:08 UTC 2024 on atb-devel-224 commit 2fb1bf0205f9b5f72d8e1f51e55cf86997639a46 Author: Noel Power Date: Thu Mar 28 09:16:33 2024 + selftest: Add new test for testing non-chunk transfer encoding And add a known fail because there is a bug :-( BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611 Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett (cherry picked from commit 93709d31590d4ca25fbac813b9e499755b81ddb5) commit 30bf3d1430f96a42c7b90ef215daa33b427da8b9 Author: Noel Power Date: Thu Mar 28 09:09:02 2024 + selftest: fix potential reference before assigned error This would only happen if the test failed (but the message would be incorrect as 'e' the exception to be stringified doesn't exist. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611 Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett (cherry picked from commit efdbf0511e0a89f865210170001fbebf17a45278) commit a70e3a36c8244a324f5e8fa7b138dae5684055e0 Author: Noel Power Date: Mon Mar 25 19:44:10 2024 + libcli/http: Handle http chunked transfer encoding Also removes the knownfail for the chunked transfer test Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611 (cherry picked from commit 03240c91fb6ffcf5afe47c14a1ba7a8bc12f2348) commit 7e17e4809d593e1ce2d51583a351b38300a20e2a Author: Noel Power Date: Thu Sep 23 12:18:22 2021 +0100 tests: add test for chunked encoding with http cli library Adds http test client to excercise the http client library and a blackbox test to run the client. This client is built only with selftest also adds a knownfail for the test Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611 (cherry picked from commit 30acd609f560352d3edb0c931b9a864110025b2c) commit 26206392153248fb2be1ec95a2e3ac14f9356125 Author: Noel Power Date: Fri Mar 22 08:55:49 2024 + libcli/http: Optimise reading for content-length Instead of reading byte-by-byte we know the content length we want to read so lets use it. Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611 (cherry picked from commit 5f03d84e3b52bf5a31a0f885cb83bdcb48ec96f7) commit 71eac5a065fac4023601b067b850d209a7dec149 Author: Noel Power Date: Mon Mar 25 16:25:55 2024 + selftest: Add basic content-lenght http tests very simple test of basic http request/response plus some checks to ensure http response doesn't exceed the response max length set by the client call. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611 Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett (cherry picked from commit 74cdebeae3d1bc35eea96b51b9491f6c52844b10) commit 19250e13ab6c654405baf7c7d9c18f514ceade0f Author: Noel Power Date: Mon Mar 25 19:21:54 2024 + Add simple http_client for use in black box tests (in following commits) BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611 Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett (cherry picked from commit cd6c075476c820b4fe8bdc10a24d8fc8ac74e9c9) --- Summary of changes: libcli/http/http.c | 309 +++-- libcli/http/http_internal.h | 4 +
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via eaefe50327d VERSION: Bump version up to Samba 4.20.1... via 8fdd82c8b9c VERSION: Disable GIT_SNAPSHOT for the 4.20.0 release. via 797464b7624 WHATSNEW: Add release notes for Samba 4.20.0. from 5cedf3b5eb0 Revert "token_util.c: prefer capabilities over become_root" https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit eaefe50327d05834dd35fb49ad5c38eabf527f03 Author: Jule Anger Date: Wed Mar 27 17:13:13 2024 +0100 VERSION: Bump version up to Samba 4.20.1... and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger commit 8fdd82c8b9ccc39f0b5f5d6cc22fa69f67c913a4 Author: Jule Anger Date: Wed Mar 27 17:12:54 2024 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.20.0 release. Signed-off-by: Jule Anger commit 797464b762469d5261aaa920fe4b2738042f42f7 Author: Jule Anger Date: Wed Mar 27 17:10:58 2024 +0100 WHATSNEW: Add release notes for Samba 4.20.0. Signed-off-by: Jule Anger --- Summary of changes: VERSION | 4 ++-- WHATSNEW.txt | 44 +--- 2 files changed, 35 insertions(+), 13 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 35bf60077a8..81c319ddc0c 100644 --- a/VERSION +++ b/VERSION @@ -27,7 +27,7 @@ SAMBA_COPYRIGHT_STRING="Copyright Andrew Tridgell and the Samba Team 1992-2024" SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=20 -SAMBA_VERSION_RELEASE=0 +SAMBA_VERSION_RELEASE=1 # If a official release has a serious bug # @@ -89,7 +89,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=5 +SAMBA_VERSION_RC_RELEASE= # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 9385a05f99e..5c97836d36f 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,16 +1,11 @@ -Release Announcements -= + == + Release Notes for Samba 4.20.0 + March 27, 2024 + == -This is the fourth release candidate of Samba 4.20. This is *not* -intended for production environments and is designed for testing -purposes only. Please report any defects via the Samba bug reporting -system at https://bugzilla.samba.org/. -Samba 4.20 will be the next version of the Samba suite. - - -UPGRADING -= +This is the first stable release of the Samba 4.20 release series. +Please read the release notes carefully before upgrading. NEW FEATURES/CHANGES @@ -280,6 +275,33 @@ smb.conf changes smb3 share cap:SCALE OUTnew see 'man smb.conf' +Changes since 4.20.0rc4 +=== + +o Douglas Bagnall + * BUG 15606: Avoid null-dereference with bad claims. + * BUG 15613: ndr_pull_security_ace can leave resource attribute ACE coda + claim struct undefined. + +o Ralph Boehme + * BUG 15527: fd_handle_destructor() panics within an smbd_smb2_close() if + vfs_stat_fsp() fails in fd_close(). + +o Björn Jacke + * BUG 15583: set_nt_acl sometimes fails with NT_STATUS_INVALID_PARAMETER - + openat() EACCES. + +o Noel Power + * BUG 15527: fd_handle_destructor() panics within an smbd_smb2_close() if + vfs_stat_fsp() fails in fd_close(). + +o Andreas Schneider + * BUG 15599: libgpo: Segfault in python bindings. + +o Jo Sutton + * BUG 15607: Samba AD is missing some authentication policy tests. + + CHANGES SINCE 4.20.0rc3 === -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via 5cedf3b5eb0 Revert "token_util.c: prefer capabilities over become_root" via f7491b29941 Revert "dosmode.c: prefer use of capabilities at two places over become_root" via 6ca9461a1db Revert "nfs4_acls.c: prefer capabilities over become_root" via 52b1d9d7cb8 Revert "vfs_acl_common.c: prefer capabilities over become_root" via 6e0986b2c30 Revert "vfs_default.c: prefer capabilities over become_root" via f6d549de47c Revert "vfs_posix_eadb.c: prefer capabilities over become_root" via d0c295e5344 Revert "vfs_recycle.c: prefer capabilities over become_root" via 4f38859f5d8 Revert "open.c: prefer capabilities over become_root" via dc161626303 Revert "posix_acls.c: prefer capabilities over become_root" via bb68b730290 Revert "dosmode: prefer capabilities over become_root" from aee05f11670 s3/smbd: If we fail to close file_handle ensure we should reset the fd https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit 5cedf3b5eb02c3050cb2e82d4602d63c565d4a7f Author: Björn Jacke Date: Thu Jan 25 00:46:38 2024 +0100 Revert "token_util.c: prefer capabilities over become_root" This reverts commit 944cb51506a94084d7ab52ee044fe6f66e1aaeb9. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Mar 27 10:47:23 UTC 2024 on atb-devel-224 (cherry picked from commit 0dec2ef188a93504da873d927ca2b26f8c491fb8) Autobuild-User(v4-20-test): Jule Anger Autobuild-Date(v4-20-test): Wed Mar 27 16:51:00 UTC 2024 on atb-devel-224 commit f7491b2994157615032e80b5f10df5953ae0543a Author: Björn Jacke Date: Mon Mar 25 17:04:45 2024 +0100 Revert "dosmode.c: prefer use of capabilities at two places over become_root" This reverts commit c1e2fbb1b9a7551becf5caa0f08d434edf9ad862. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme (cherry picked from commit 32aa11e9b570ce1c0bec889b699bc4897c9d9843) commit 6ca9461a1dbee5762220f0ae9e0b67c846d4feae Author: Björn Jacke Date: Mon Mar 25 17:04:23 2024 +0100 Revert "nfs4_acls.c: prefer capabilities over become_root" This reverts commit 06e5c1e32ea7907523cc19f021225e7541e2075f. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme (cherry picked from commit 33e88911ee7a8974d52021632ca25c1ddfcb6f45) commit 52b1d9d7cb8d70fc1137c26c4a38c530116802c4 Author: Björn Jacke Date: Mon Mar 25 17:04:17 2024 +0100 Revert "vfs_acl_common.c: prefer capabilities over become_root" This reverts commit 12734848dc9901b932644139aaa7e3f78e55c8dc. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme (cherry picked from commit af7b930e2bfe2275cee14dc2154f2aea8875fa63) commit 6e0986b2c30e78e0c9ffec62fb0666cd85dad316 Author: Björn Jacke Date: Mon Mar 25 17:03:57 2024 +0100 Revert "vfs_default.c: prefer capabilities over become_root" This reverts commit 62464bd2db2a95b1253364f4493bbb6770b73193. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme (cherry picked from commit 52ad635b2705bcfc8166bd90b1ad35ebb9cbc986) commit f6d549de47c463905c5d95bc6556e2c7c4a25540 Author: Björn Jacke Date: Mon Mar 25 17:03:50 2024 +0100 Revert "vfs_posix_eadb.c: prefer capabilities over become_root" This reverts commit 92278418dc885ed411f545e73c800ce93f858090. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme (cherry picked from commit 10c7a3e47c62dcb1dfe7e384960d60cafcb9e44e) commit d0c295e5344d7858cf75e19184e3842de06f27ab Author: Björn Jacke Date: Mon Mar 25 17:03:44 2024 +0100 Revert "vfs_recycle.c: prefer capabilities over become_root" This reverts commit 4227b011f6ada97a4cd72a440ed887ffdb3f219e. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme (cherry picked from commit 7f19afbd40d3ad3c8d186d0a2a64d07a2a8bd00a) commit 4f38859f5d861a5f77c223ad720416b719e8e2f8 Author: Björn Jacke Date: Mon Mar 25 17:03:35 2024 +0100 Revert "open.c: prefer capabilities over become_root" This reverts commit b250f25fe407f9a6269b804382de4854501f2d86. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme (cherry picked from commit 88eb58af6783ad23d2e2b602ee9fdbbdf556b354) commit
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated
via aee05f11670 s3/smbd: If we fail to close file_handle ensure we
should reset the fd
via 72f70868257 smbd: simplify handling of failing fstat() after
unlinking file
from 3be368ff2bc ndr: always attempt ACE coda pull if ACE type suggests
a coda
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test
- Log -
commit aee05f11670df006e50c225bbd7bce597482e856
Author: Noel Power
Date: Tue Feb 20 09:26:29 2024 +
s3/smbd: If we fail to close file_handle ensure we should reset the fd
if fsp_flags.fstat_before_close == true then close_file_smb will call
vfs_stat which can fail. If it does fail then the fd associated
with the file handle will still be set (and we will hit an assert
is the file handle destructor) when calling file_free.
We need to set fd to -1 to avoid that. To achieve that we capture and
return the vfs_stat_fsp failure status while still processing the rest
of the fd_close logic.
[2024/02/20 09:23:48.454671, 0, pid=9744]
../../source3/smbd/smb2_close.c:226(smbd_smb2_close)
smbd_smb2_close: close_file[]: NT_STATUS_ACCESS_DENIED
[2024/02/20 09:23:48.454757, 0, pid=9744]
../../source3/smbd/fd_handle.c:40(fd_handle_destructor)
PANIC: assert failed at ../../source3/smbd/fd_handle.c(40): (fh->fd ==
-1) || (fh->fd == AT_FDCWD)
[2024/02/20 09:23:48.454781, 0, pid=9744]
../../lib/util/fault.c:178(smb_panic_log)
===
[2024/02/20 09:23:48.454804, 0, pid=9744]
../../lib/util/fault.c:185(smb_panic_log)
INTERNAL ERROR: assert failed: (fh->fd == -1) || (fh->fd == AT_FDCWD) in
smbd (smbd[192.168.10) (client [192.168.100.15]) pid 9744
(4.21.0pre1-DEVELOPERBUILD)
[2024/02/20 09:23:48.454844, 0, pid=9744]
../../lib/util/fault.c:190(smb_panic_log)
If you are running a recent Samba version, and if you think this problem
is not yet fixed in the latest versions, please consider reporting this bug,
see https://wiki.samba.org/index.php/Bug_Reporting
[2024/02/20 09:23:48.454869, 0, pid=9744]
../../lib/util/fault.c:191(smb_panic_log)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15527
Signed-off-by: Noel Power
Reviewed-by: Jeremy Allison
Autobuild-User(master): Noel Power
Autobuild-Date(master): Wed Mar 13 10:34:45 UTC 2024 on atb-devel-224
(cherry picked from commit 6ee3f809a54d7b833ff798e68a93ada00a215d4d)
Autobuild-User(v4-20-test): Jule Anger
Autobuild-Date(v4-20-test): Wed Mar 27 15:41:37 UTC 2024 on atb-devel-224
commit 72f7086825778ac434afdcab7251fecb5751ea44
Author: Ralph Boehme
Date: Mon Feb 5 15:03:48 2024 +0100
smbd: simplify handling of failing fstat() after unlinking file
close_remove_share_mode() already called vfs_stat_fsp(), so we can skip the
fstat() triggered in fd_close() by fsp->fsp_flags.fstat_before_close being
true.
This avoids getting an EACCESS error when doing an fstat() on the removed
file
which seems to happen with some FUSE filesystems.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15527
Signed-off-by: Ralph Boehme
Reviewed-by: Jeremy Allison
(cherry picked from commit 6e6324cff29089a636823786183222a73fe7cb28)
---
Summary of changes:
source3/smbd/close.c | 1 +
source3/smbd/open.c | 27 ---
2 files changed, 9 insertions(+), 19 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index 538435ca834..bbca474a28a 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -603,6 +603,7 @@ static NTSTATUS close_remove_share_mode(files_struct *fsp,
*/
fsp->fsp_flags.delete_on_close = false;
+ fsp->fsp_flags.fstat_before_close = false;
lck_state.reset_delete_on_close = true;
done:
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index 08656c42521..c9c64fc4b76 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -943,7 +943,7 @@ NTSTATUS fd_openat(const struct files_struct *dirfsp,
NTSTATUS fd_close(files_struct *fsp)
{
- NTSTATUS status;
+ NTSTATUS stat_status = NT_STATUS_OK;
int ret;
if (fsp == fsp->conn->cwd_fsp) {
@@ -951,23 +951,12 @@ NTSTATUS fd_close(files_struct *fsp)
}
if (fsp->fsp_flags.fstat_before_close) {
- status = vfs_stat_fsp(fsp);
- if (!NT_STATUS_IS_OK(status)) {
- /*
-* If this is a stream and delete-on-close was set, the
-* backing object (an xattr from streams_xattr) might
-* already be deleted so fstat() fails with
-* NT_STATUS_NOT_FOUND. So if fsp
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated
via 3be368ff2bc ndr: always attempt ACE coda pull if ACE type suggests
a coda
from 1273cb7e10b tests/krb5: Add tests for AllowedToAuthenticateTo with
an AS-REQ
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test
- Log -
commit 3be368ff2bc6d7818d41a36ae99a7c9b19ba77b8
Author: Douglas Bagnall
Date: Sat Mar 23 08:27:41 2024 +1300
ndr: always attempt ACE coda pull if ACE type suggests a coda
We were skipping the pull in cases where the coda size was calculated
to be zero. This has the right result for empty conditional ACEs, but
not for Resource Attribute ACEs where the
CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 coda was not intialised.
The situation is made a bit worse, because the function that
calculates the coda size (ndr_subcontext_size_of_ace_coda()) can
return zero in conditions that are not exactly errors, but in which
the would-be calculated value makes so little sense that zero is
thought to be a safer default.
Credit to OSS-Fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66577
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15613
Signed-off-by: Douglas Bagnall
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Mon Mar 25 06:00:21 UTC 2024 on atb-devel-224
(cherry picked from commit 6fb98f70c6274e172787c8d5f73aa93920171e7c)
Autobuild-User(v4-20-test): Jule Anger
Autobuild-Date(v4-20-test): Tue Mar 26 11:17:58 UTC 2024 on atb-devel-224
---
Summary of changes:
librpc/ndr/ndr_sec_helper.c | 5 ++---
1 file changed, 2 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/librpc/ndr/ndr_sec_helper.c b/librpc/ndr/ndr_sec_helper.c
index f870a17aafc..1a156b01d40 100644
--- a/librpc/ndr/ndr_sec_helper.c
+++ b/librpc/ndr/ndr_sec_helper.c
@@ -104,7 +104,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_ace(struct
ndr_pull *ndr, ndr_flags
{
NDR_PULL_CHECK_FLAGS(ndr, ndr_flags);
if (ndr_flags & NDR_SCALARS) {
- ssize_t sub_size;
NDR_CHECK(ndr_pull_align(ndr, 5));
NDR_CHECK(ndr_pull_security_ace_type(ndr, NDR_SCALARS,
>type));
NDR_CHECK(ndr_pull_security_ace_flags(ndr, NDR_SCALARS,
>flags));
@@ -112,12 +111,12 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_ace(struct
ndr_pull *ndr, ndr_flags
NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, >access_mask));
NDR_CHECK(ndr_maybe_pull_security_ace_object_ctr(ndr,
NDR_SCALARS, r));
NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, >trustee));
- sub_size = ndr_subcontext_size_of_ace_coda(r, r->size,
ndr->flags);
- if (!sec_ace_has_extra_blob(r->type) || sub_size == 0) {
+ if (!sec_ace_has_extra_blob(r->type)) {
r->coda.ignored.data = NULL;
r->coda.ignored.length = 0;
} else {
struct ndr_pull *_ndr_coda;
+ ssize_t sub_size = ndr_subcontext_size_of_ace_coda(r,
r->size, ndr->flags);
NDR_CHECK(ndr_pull_subcontext_start(ndr, &_ndr_coda, 0,
sub_size));
NDR_CHECK(ndr_pull_set_switch_value(_ndr_coda,
>coda, r->type));
NDR_CHECK(ndr_pull_security_ace_coda(_ndr_coda,
NDR_SCALARS|NDR_BUFFERS, >coda));
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via 1273cb7e10b tests/krb5: Add tests for AllowedToAuthenticateTo with an AS-REQ from 28fc1850e5c libcli/security: check again for NULL values https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit 1273cb7e10b79d005be822b805fa1775421ebfc7 Author: Jo Sutton Date: Tue May 2 15:42:24 2023 +1200 tests/krb5: Add tests for AllowedToAuthenticateTo with an AS-REQ BUG: https://bugzilla.samba.org/show_bug.cgi?id=15607 Signed-off-by: Jo Sutton Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Thu Mar 21 04:19:18 UTC 2024 on atb-devel-224 (cherry picked from commit 4f0ed9b00389fa641a423b88ab5462b32dd7bbca) Autobuild-User(v4-20-test): Jule Anger Autobuild-Date(v4-20-test): Fri Mar 22 11:06:51 UTC 2024 on atb-devel-224 --- Summary of changes: python/samba/tests/krb5/authn_policy_tests.py | 372 ++ selftest/knownfail_mit_kdc| 8 + 2 files changed, 380 insertions(+) Changeset truncated at 500 lines: diff --git a/python/samba/tests/krb5/authn_policy_tests.py b/python/samba/tests/krb5/authn_policy_tests.py index 2f15f8b2417..43db839cee7 100755 --- a/python/samba/tests/krb5/authn_policy_tests.py +++ b/python/samba/tests/krb5/authn_policy_tests.py @@ -295,6 +295,115 @@ class AuthnPolicyBaseTests(AuthLogTestBase, KdcTgsBaseTests): opts=opts, use_cache=cached) +def _fast_as_req(self, + client_creds, + target_creds, + armor_tgt, + expected_error=0, + expect_status=None, + expected_status=None, + expected_groups=None, + expect_device_info=None, + expected_device_groups=None, + expect_device_claims=None, + expected_device_claims=None): +client_username = client_creds.get_username() +client_realm = client_creds.get_realm() +client_cname = self.PrincipalName_create(name_type=NT_PRINCIPAL, + names=[client_username]) + +target_name = target_creds.get_username() +target_sname = self.PrincipalName_create( +name_type=NT_PRINCIPAL, names=[target_name]) +target_realm = target_creds.get_realm() +target_decryption_key = self.TicketDecryptionKey_from_creds( +target_creds) +target_etypes = target_creds.tgs_supported_enctypes + +authenticator_subkey = self.RandomKey(kcrypto.Enctype.AES256) +armor_key = self.generate_armor_key(authenticator_subkey, +armor_tgt.session_key) + +preauth_key = self.PasswordKey_from_creds(client_creds, + kcrypto.Enctype.AES256) + +client_challenge_key = ( +self.generate_client_challenge_key(armor_key, preauth_key)) +fast_padata = [self.get_challenge_pa_data(client_challenge_key)] + +def _generate_fast_padata(kdc_exchange_dict, + _callback_dict, + req_body): +return list(fast_padata), req_body + +etypes = kcrypto.Enctype.AES256, kcrypto.Enctype.RC4 + +if expected_error: +check_error_fn = self.generic_check_kdc_error +check_rep_fn = None +else: +check_error_fn = None +check_rep_fn = self.generic_check_kdc_rep + +pac_options = '1' # claims support + +samdb = self.get_samdb() +domain_sid_str = samdb.get_domain_sid() + +if expected_groups is not None: +expected_groups = self.map_sids(expected_groups, None, domain_sid_str) + +if expected_device_groups is not None: +expected_device_groups = self.map_sids(expected_device_groups, None, domain_sid_str) + +kdc_exchange_dict = self.as_exchange_dict( +creds=client_creds, +expected_crealm=client_realm, +expected_cname=client_cname, +expected_srealm=target_realm, +expected_sname=target_sname, +expected_supported_etypes=target_etypes, +ticket_decryption_key=target_decryption_key, +generate_fast_fn=self.generate_simple_fast, +generate_fast_armor_fn=self.generate_ap_req, +generate_fast_padata_fn=_generate_fast_padata, +fast_armor_type=FX_FAST_ARMOR_AP_REQUEST, +check_error_fn=check_error_fn, +check_rep_fn=check_rep_fn, +
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated
via 28fc1850e5c libcli/security: check again for NULL values
via ce78896e262 libcli/security: claims_conversions: check for NULL in
claims array
from 99b6feac932 WHATSNEW: announce Service Witness Protocol [MS-SWN]
and related options
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test
- Log -
commit 28fc1850e5c0b02f2ca0e0a8516457d56dc17cbd
Author: Douglas Bagnall
Date: Sun Mar 17 23:08:23 2024 +1300
libcli/security: check again for NULL values
BUG: https://bugzilla.samba.org/show_bug.cgi?id=156067
Signed-off-by: Douglas Bagnall
Reviewed-by: Andrew Bartlett
Autobuild-User(master): Andrew Bartlett
Autobuild-Date(master): Mon Mar 18 02:51:08 UTC 2024 on atb-devel-224
(cherry picked from commit b815abe77991d7929717ea3ed4b9d7bef7179715)
Autobuild-User(v4-20-test): Jule Anger
Autobuild-Date(v4-20-test): Wed Mar 20 12:03:45 UTC 2024 on atb-devel-224
commit ce78896e262b3133141f53aa27158a6eee4d53ff
Author: Douglas Bagnall
Date: Sun Mar 17 23:07:17 2024 +1300
libcli/security: claims_conversions: check for NULL in claims array
If by mistake we end up with a NULL in our array of claims pointers,
it is better to return an error than crash.
There can be NULLs in the array if a resource attribute ACE has a
claim that uses 0 as a relative data pointer. Samba assumes this means
a NULL pointer, rather than a zero offset.
Credit to OSS-Fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66777
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15606
Signed-off-by: Douglas Bagnall
Reviewed-by: Andrew Bartlett
(cherry picked from commit 78f728063a1e510966a45f7f1d9515ea3bd16214)
---
Summary of changes:
libcli/security/claims-conversions.c | 13 +
1 file changed, 13 insertions(+)
Changeset truncated at 500 lines:
diff --git a/libcli/security/claims-conversions.c
b/libcli/security/claims-conversions.c
index bbba5973852..ccf1375fc8f 100644
--- a/libcli/security/claims-conversions.c
+++ b/libcli/security/claims-conversions.c
@@ -262,6 +262,9 @@ static bool claim_v1_offset_to_ace_token(
uint8_t f = claim->flags &
CLAIM_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE;
result->flags = f | CONDITIONAL_ACE_FLAG_TOKEN_FROM_ATTR;
+ if (claim->values[offset].int_value == NULL) {
+ return false;
+ }
switch (claim->value_type) {
case CLAIM_SECURITY_ATTRIBUTE_TYPE_INT64:
return claim_v1_int_to_ace_int(claim, offset, result);
@@ -935,6 +938,16 @@ NTSTATUS claim_v1_check_and_sort(TALLOC_CTX *mem_ctx,
.case_sensitive = case_sensitive
};
+ /*
+* It could be that the values array contains a NULL pointer, in which
+* case we don't need to worry about what type it is.
+*/
+ for (i = 0; i < claim->value_count; i++) {
+ if (claim->values[i].int_value == NULL) {
+ return NT_STATUS_INVALID_PARAMETER;
+ }
+ }
+
if (claim->value_type == CLAIM_SECURITY_ATTRIBUTE_TYPE_BOOLEAN) {
NTSTATUS status = claim_v1_check_and_sort_boolean(mem_ctx,
claim);
if (NT_STATUS_IS_OK(status)) {
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via 99b6feac932 WHATSNEW: announce Service Witness Protocol [MS-SWN] and related options from 69b69bb2085 libgpo: Do not segfault if we don't have a valid security descriptor https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit 99b6feac9326673d0ce0d01172f8180c1f2232e7 Author: Stefan Metzmacher Date: Fri Mar 15 23:17:36 2024 +0100 WHATSNEW: announce Service Witness Protocol [MS-SWN] and related options Signed-off-by: Stefan Metzmacher Reviewed-by: Günther Deschner Autobuild-User(v4-20-test): Stefan Metzmacher Autobuild-Date(v4-20-test): Tue Mar 19 13:30:31 UTC 2024 on atb-devel-224 --- Summary of changes: WHATSNEW.txt | 68 +++- 1 file changed, 67 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index dd80f116a10..9385a05f99e 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -191,6 +191,68 @@ The Security Descriptor Definition Language has extensions for conditional ACEs and resource attribute ACEs; these are now supported by Samba. +Service Witness Protocol [MS-SWN] +- + +In a ctdb cluster it is now possible to provide +the SMB witness service that allows clients to +monitor their current smb connection to cluster +node A by asking cluster node B to notify the +client if the ip address from node A or the +whole node A becomes unavailable. + +For disk shares in a ctdb cluster +SMB2_SHARE_CAP_SCALEOUT is now always returned +for SMB3 tree connect responses. + +If the witness service is active +SMB2_SHARE_CAP_CLUSTER is now also returned. + +In order to activate the witness service +"rpc start on demand helpers = no" needs to +be configured in the global section. +At the same time the 'samba-dcerpcd' service +needs to be started explicitly, typically +with the '--libexec-rpcds' option in order +to make all available services usable. +One important aspect is that tcp ports +135 (for the endpoint mapper) and various +ports in the 'rpc server dynamic port range' +will be used to provide the witness service +(rpcd_witness). + +ctdb provides a '47.samba-dcerpcd.script' in order +to manage the samba-dcerpcd.service. +Typically as systemd service, but that's up +to the packager and/or admin. + +Please note that current windows client +requires SMB2_SHARE_CAP_CONTINUOUS_AVAILABILITY +in addition to SMB2_SHARE_CAP_CLUSTER in order +to make use of the witness service. +But SMB2_SHARE_CAP_CONTINUOUS_AVAILABILITY implies +the windows clients always ask for persistent handle +(which are not implemented in samba yet), so +that every open generates a warning in the +windows smb client event log. +That's why SMB2_SHARE_CAP_CONTINUOUS_AVAILABILITY +is not returned by default. +An explicit 'smb3 share cap:CONTINUOUS AVAILABILITY = yes' +is needed. + +There are also new 'net witness' commands in order +to let the admin list active client registrations +or ask specific clients to move their smb connection +to another cluster node. These are available: + + net witness list + net witness client-move + net witness share-move + net witness force-unregister + net witness force-response + +Consult 'man net' or 'net witness help' for further details. + REMOVED FEATURES @@ -210,8 +272,12 @@ smb.conf changes Parameter Name Description Default -- --- --- - smb3 unix extensionsPer share - acl claims evaluation new AD DC only + smb3 unix extensionsPer share - + smb3 share cap:ASYMMETRIC new no + smb3 share cap:CLUSTER new see 'man smb.conf' + smb3 share cap:CONTINUOUS AVAILABILITY new no + smb3 share cap:SCALE OUTnew see 'man smb.conf' CHANGES SINCE 4.20.0rc3 -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated
via 69b69bb2085 libgpo: Do not segfault if we don't have a valid
security descriptor
via 72bd247c97d libgpo: Fix trailing spaces in pygpo.c
from 4d1536f86b9 VERSION: Bump version up to Samba 4.20.0rc5...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test
- Log -
commit 69b69bb2085dfc842292db14eadbcba71b096d69
Author: Andreas Schneider
Date: Tue Mar 5 13:17:19 2024 +0100
libgpo: Do not segfault if we don't have a valid security descriptor
Program received signal SIGSEGV, Segmentation fault.
ndr_push_security_descriptor (ndr=ndr@entry=0x55bf41b0,
ndr_flags=ndr_flags@entry=768, r=r@entry=0x0) at
librpc/gen_ndr/ndr_security.c:713
713
NDR_CHECK(ndr_push_security_descriptor_revision(ndr, NDR_SCALARS, r->revision));
Thread 1 (Thread 0x77ece740 (LWP 21460) "python3"):
#0 ndr_push_security_descriptor (ndr=ndr@entry=0x55bf41b0,
ndr_flags=ndr_flags@entry=768, r=r@entry=0x0) at
librpc/gen_ndr/ndr_security.c:713
_flags_save_STRUCT = 0
_status =
_status =
_status =
_status =
_status =
_status =
_status =
_status =
_status =
_status =
_status =
_status =
_status =
_status =
_status =
_status =
_status =
_status =
_status =
_status =
__FUNCTION__ = "ndr_push_security_descriptor"
#1 0x7617237f in ndr_push_struct_blob
(blob=blob@entry=0x7fffdb20, mem_ctx=0x55aa3bd0, p=0x0,
fn=0x76074ad0 , fn@entry=0x760706c8
) at ../../librpc/ndr/ndr.c:1438
_status =
ndr = 0x55bf41b0
#2 0x7607cccf in marshall_sec_desc (mem_ctx=,
secdesc=, data=data@entry=0x7fffdb80,
len=len@entry=0x7fffdb78) at ../../libcli/security/secdesc.c:241
blob = {data = 0x7fffdb40 "`\333\377\377\377\177", length =
140737352374299}
ndr_err =
__FUNCTION__ = "marshall_sec_desc"
#3 0x729edd94 in GPO_marshall_get_sec_desc_buf (self=, args=, kwds=) at ../../libgpo/pygpo.c:119
gpo_ptr =
status =
data = 0x0
len = 0
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15599
Signed-off-by: Andreas Schneider
Reviewed-by: David Mulder
(cherry picked from commit b13d4359f2f16e391763d1dc6a5718def973fabb)
Autobuild-User(v4-20-test): Jule Anger
Autobuild-Date(v4-20-test): Fri Mar 15 10:29:54 UTC 2024 on atb-devel-224
commit 72bd247c97da62789ab72111df11466dfb2a79fa
Author: Andreas Schneider
Date: Mon Mar 4 16:42:38 2024 +0100
libgpo: Fix trailing spaces in pygpo.c
Signed-off-by: Andreas Schneider
Reviewed-by: David Mulder
(cherry picked from commit 6fb86a0fa62d93c1c84c2000f01c381a9e8217e1)
---
Summary of changes:
libgpo/pygpo.c | 7 ++-
1 file changed, 6 insertions(+), 1 deletion(-)
Changeset truncated at 500 lines:
diff --git a/libgpo/pygpo.c b/libgpo/pygpo.c
index adbd5b4688d..0f7116313f2 100644
--- a/libgpo/pygpo.c
+++ b/libgpo/pygpo.c
@@ -116,6 +116,11 @@ static PyObject *GPO_marshall_get_sec_desc_buf(PyObject
*self, PyObject *args,
uint8_t *data = NULL;
size_t len = 0;
+ if (gpo_ptr->security_descriptor == NULL) {
+ PyErr_SetString(PyExc_RuntimeError, "Uninitialized");
+ return NULL;
+ }
+
status = marshall_sec_desc(gpo_ptr, gpo_ptr->security_descriptor,
, );
if (!NT_STATUS_IS_OK(status)) {
@@ -371,7 +376,7 @@ static int py_ads_init(ADS *self, PyObject *args, PyObject
*kwds)
workgroup,
ldap_server,
ADS_SASL_PLAIN);
-
+
return 0;
}
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via 4d1536f86b9 VERSION: Bump version up to Samba 4.20.0rc5... via 964c0e97e7a VERSION: Disable GIT_SNAPSHOT for the 4.20.0rc4 release. via f485def8104 WHATSNEW: Add release notes for Samba 4.20.0rc4. from 03b6dae6630 python:gp: Implement client site lookup in site_dn_for_machine() https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit 4d1536f86b9281711ce458db28bf699120549607 Author: Jule Anger Date: Mon Mar 11 15:54:24 2024 +0100 VERSION: Bump version up to Samba 4.20.0rc5... and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger commit 964c0e97e7aee4ae8a0b1d0d9a7825e91071e7d6 Author: Jule Anger Date: Mon Mar 11 15:53:57 2024 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.20.0rc4 release. Signed-off-by: Jule Anger commit f485def81040ef8ed761d9a9687545e97a865a3a Author: Jule Anger Date: Mon Mar 11 15:53:16 2024 +0100 WHATSNEW: Add release notes for Samba 4.20.0rc4. Signed-off-by: Jule Anger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 9 - 2 files changed, 9 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index efb4d171a6f..35bf60077a8 100644 --- a/VERSION +++ b/VERSION @@ -89,7 +89,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=4 +SAMBA_VERSION_RC_RELEASE=5 # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index f540dc555c0..dd80f116a10 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements = -This is the third release candidate of Samba 4.20. This is *not* +This is the fourth release candidate of Samba 4.20. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. @@ -214,6 +214,13 @@ smb.conf changes acl claims evaluation new AD DC only +CHANGES SINCE 4.20.0rc3 +=== + +o Andreas Schneider + * BUG 15588: samba-gpupdate: Correctly implement site support. + + CHANGES SINCE 4.20.0rc2 === -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated
via 03b6dae6630 python:gp: Implement client site lookup in
site_dn_for_machine()
via e51e72dd14a librpc:idl: Make netlogon_samlogon_response public
from a09d0ba6eb2 VERSION: Bump version up to Samba 4.20.0rc4...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test
- Log -
commit 03b6dae6630c6de85af1f20276df11e67d7601e2
Author: Andreas Schneider
Date: Wed Feb 21 09:10:47 2024 +0100
python:gp: Implement client site lookup in site_dn_for_machine()
This is [MS-GPOL] 3.2.5.1.4 Site Search.
The netr_DsRGetSiteName() needs to run over local rpc, however we do not
have the call implemented in our rpc_server. What netr_DsRGetSiteName()
actually does is an ldap query to get the sitename, we can just do the
same.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15588
Signed-off-by: Andreas Schneider
Reviewed-by: Andrew Bartlett
(cherry picked from commit e4c3c61302b12419f041867b58350f11dc800318)
Autobuild-User(v4-20-test): Jule Anger
Autobuild-Date(v4-20-test): Fri Mar 1 09:01:06 UTC 2024 on atb-devel-224
commit e51e72dd14afa3e299a54c430f4b4b1e2b17
Author: Andreas Schneider
Date: Wed Feb 21 08:56:06 2024 +0100
librpc:idl: Make netlogon_samlogon_response public
This is required that we can use it with ndrdump or in python to decode
a NETLOGON_SAM_LOGON_RESPONSE_EX ldap response.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15588
Signed-off-by: Andreas Schneider
Pair-Programmed-With: Guenther Deschner
Reviewed-by: Andrew Bartlett
(cherry picked from commit e758425869729a43136ae51e6baecb2061d1525b)
---
Summary of changes:
librpc/idl/nbt.idl | 2 +-
librpc/ndr/ndr_nbt.c | 2 +-
librpc/ndr/ndr_nbt.h | 2 +-
python/samba/gp/gpclass.py | 68 ++
4 files changed, 48 insertions(+), 26 deletions(-)
Changeset truncated at 500 lines:
diff --git a/librpc/idl/nbt.idl b/librpc/idl/nbt.idl
index 11814e7970e..46be2eae7e2 100644
--- a/librpc/idl/nbt.idl
+++ b/librpc/idl/nbt.idl
@@ -490,7 +490,7 @@ interface nbt
[case(NETLOGON_NT_VERSION_5EX)] NETLOGON_SAM_LOGON_RESPONSE_EX
nt5_ex;
} netlogon_samlogon_response_union;
- typedef [nopush,nopull] struct {
+ typedef [nopush,nopull,noprint,public] struct {
uint32 ntver;
[switch_is(ntver)] netlogon_samlogon_response_union data;
} netlogon_samlogon_response;
diff --git a/librpc/ndr/ndr_nbt.c b/librpc/ndr/ndr_nbt.c
index eb186810785..6f54198ffbc 100644
--- a/librpc/ndr/ndr_nbt.c
+++ b/librpc/ndr/ndr_nbt.c
@@ -392,7 +392,7 @@ _PUBLIC_ enum ndr_err_code
ndr_pull_netlogon_samlogon_response(struct ndr_pull *
return NDR_ERR_SUCCESS;
}
-_PUBLIC_ void ndr_print_netlogon_samlogon_response(struct ndr_print *ndr,
const char *name, struct netlogon_samlogon_response *r)
+_PUBLIC_ void ndr_print_netlogon_samlogon_response(struct ndr_print *ndr,
const char *name, const struct netlogon_samlogon_response *r)
{
ndr_print_struct(ndr, name, "netlogon_samlogon_response");
if (r == NULL) { ndr_print_null(ndr); return; }
diff --git a/librpc/ndr/ndr_nbt.h b/librpc/ndr/ndr_nbt.h
index c38422fff6b..00ee8a17364 100644
--- a/librpc/ndr/ndr_nbt.h
+++ b/librpc/ndr/ndr_nbt.h
@@ -37,6 +37,6 @@ enum ndr_err_code
ndr_pull_NETLOGON_SAM_LOGON_RESPONSE_EX_with_flags(struct ndr_
uint32_t
nt_version_flags);
enum ndr_err_code ndr_push_netlogon_samlogon_response(struct ndr_push *ndr,
ndr_flags_type ndr_flags, const struct netlogon_samlogon_response *r);
enum ndr_err_code ndr_pull_netlogon_samlogon_response(struct ndr_pull *ndr,
ndr_flags_type ndr_flags, struct netlogon_samlogon_response *r);
-void ndr_print_netlogon_samlogon_response(struct ndr_print *ndr, const char
*name, struct netlogon_samlogon_response *r);
+void ndr_print_netlogon_samlogon_response(struct ndr_print *ndr, const char
*name, const struct netlogon_samlogon_response *r);
#endif /* _LIBRPC_NDR_NDR_NBT_H */
diff --git a/python/samba/gp/gpclass.py b/python/samba/gp/gpclass.py
index 26c2386847e..08be472e707 100644
--- a/python/samba/gp/gpclass.py
+++ b/python/samba/gp/gpclass.py
@@ -49,7 +49,7 @@ from samba.dsdb import UF_WORKSTATION_TRUST_ACCOUNT,
UF_SERVER_TRUST_ACCOUNT, GP
from samba.auth import AUTH_SESSION_INFO_DEFAULT_GROUPS,
AUTH_SESSION_INFO_AUTHENTICATED, AUTH_SESSION_INFO_SIMPLE_PRIVILEGES
from samba.dcerpc import security
import samba.security
-from samba.dcerpc import netlogon
+from samba.dcerpc import nbt
from datetime import datetime
@@ -611,12 +611,6 @@ def get_dc_hostname(creds, lp):
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via a09d0ba6eb2 VERSION: Bump version up to Samba 4.20.0rc4... via 17bab5c0774 VERSION: Disable GIT_SNAPSHOT for the 4.20.0rc3 release. via f3da62a2bba WHATSNEW: Add release notes for Samba 4.20.0rc3. from 253c5585c91 s3/rpc_client: Fix array offset check https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit a09d0ba6eb2a7303a9186af202bd52c16724a737 Author: Jule Anger Date: Mon Feb 26 12:36:59 2024 +0100 VERSION: Bump version up to Samba 4.20.0rc4... and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger commit 17bab5c077450626e90331d38e4b6b8586a1c80b Author: Jule Anger Date: Mon Feb 26 12:36:25 2024 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.20.0rc3 release. Signed-off-by: Jule Anger commit f3da62a2bba94b883c24384631077504f5089561 Author: Jule Anger Date: Mon Feb 26 12:35:56 2024 +0100 WHATSNEW: Add release notes for Samba 4.20.0rc3. Signed-off-by: Jule Anger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 23 ++- 2 files changed, 23 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 486a47b8f52..efb4d171a6f 100644 --- a/VERSION +++ b/VERSION @@ -89,7 +89,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=3 +SAMBA_VERSION_RC_RELEASE=4 # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index de3b0f03d49..f540dc555c0 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements = -This is the second release candidate of Samba 4.20. This is *not* +This is the third release candidate of Samba 4.20. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. @@ -214,6 +214,27 @@ smb.conf changes acl claims evaluation new AD DC only +CHANGES SINCE 4.20.0rc2 +=== + +o Rob van der Linde + * BUG 15575: Remove unsupported "Final" keyword missing from Python 3.6. + +o Stefan Metzmacher + * BUG 15577: Additional witness backports for 4.20.0. + +o Noel Power + * BUG 15579: Error output with wspsearch. + +o Martin Schwenke + * BUG 15580: Packet marshalling push support missing for + CTDB_CONTROL_TCP_CLIENT_DISCONNECTED and + CTDB_CONTROL_TCP_CLIENT_PASSED. + +o Jo Sutton + * BUG 15575: Remove unsupported "Final" keyword missing from Python 3.6. + + CHANGES SINCE 4.20.0rc1 === -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via 253c5585c91 s3/rpc_client: Fix array offset check via 1ab3de6f46e s3/rpc_client: Ensure max possible row buffer size is not exceeded via 3e226dd1cd5 idl: Add constant for max rows buffer size via c1016224041 s3/rpc_client: cleanup unmarshalling of variant types from row columns via 77cbdf342ca s3/utils: use full 64 bit address for getrows (with 64bit offsets) via ec239d16a97 s3/rpc_client: Remove stray unnecessary comment via 3d47cae71d9 s3/rpc_client: change type of offset to uint64_t from 7107b233346 ctdb-protocol: Add missing push support for new controls https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit 253c5585c91172ebe5cca9ca59ff30a82fbf3fd3 Author: Noel Power Date: Thu Feb 8 14:05:43 2024 + s3/rpc_client: Fix array offset check Previous to this commit we were modifying the offset before the array offset check. This was causing a spurious debug message indicating the offset was out of bounds. An second problem is that upon detecting the error we don't exit the loop. A third problem was that when reading the offset the check didn't cater for the size of the integer address about to be read. This commit moves the offset check to before the first read, additionally when an error is detected now we actually exit the loop and the offset have been corrected to include the size of the integer to be read BUG: https://bugzilla.samba.org/show_bug.cgi?id=15579 Signed-off-by: Noel Power Reviewed-by: Volker Lendecke Autobuild-User(master): Volker Lendecke Autobuild-Date(master): Sat Feb 17 17:58:43 UTC 2024 on atb-devel-224 (cherry picked from commit 885850b6aaabf089f422b1b015481a0ccff4f90e) Autobuild-User(v4-20-test): Jule Anger Autobuild-Date(v4-20-test): Mon Feb 26 10:37:37 UTC 2024 on atb-devel-224 commit 1ab3de6f46e61281348f9275e0ae490b53591845 Author: Noel Power Date: Wed Feb 14 11:19:39 2024 + s3/rpc_client: Ensure max possible row buffer size is not exceeded The max buf size of rows buffer should not exceed 0x4000. Ensuring this value is within limits means we can safely use uint32_t offsets. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15579 Signed-off-by: Noel Power Reviewed-by: Volker Lendecke (cherry picked from commit f487211706a74d516bf447ed393222b4c0dce7b0) commit 3e226dd1cd531dd070c866757e5f79492ce2b664 Author: Noel Power Date: Wed Feb 14 12:01:28 2024 + idl: Add constant for max rows buffer size BUG: https://bugzilla.samba.org/show_bug.cgi?id=15579 Signed-off-by: Noel Power Reviewed-by: Volker Lendecke (cherry picked from commit 01e901ef869a1a87fba0e67bce311dbeb199b717) commit c1016224041060419f26a88e457fa8ac71e5bc12 Author: Noel Power Date: Wed Jan 10 14:43:58 2024 + s3/rpc_client: cleanup unmarshalling of variant types from row columns Prior to this change fn 'extract_variant_addresses' actually returns offsets to the variant stored not the addresses, additionally the param in the signature of the method is named offset where the param in reality is a base address. This change makes fn 'extract_variant_addresses' actually return addresses instead of offsets and also changes the name of the incoming param. The resulting changes are propaged to callers which hopefully makes what the code is actually doing a little clearer Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett Autobuild-User(master): Noel Power Autobuild-Date(master): Tue Jan 30 17:22:37 UTC 2024 on atb-devel-224 (cherry picked from commit 9b2f2302ee4828ae54f5903a3bf649ffd255fb4a) commit 77cbdf342ca05a8f21c316e58395576e954d857b Author: Noel Power Date: Mon Jan 8 15:56:38 2024 + s3/utils: use full 64 bit address for getrows (with 64bit offsets) if 64bit offsets are used the hi 32-bits of address are stored in the ulreserved2 member of the message header field and the low 32-bits are stored in the ulclientbase member of the cpmgetrows message Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett (cherry picked from commit 6ecb614b8ec6953ba15e8061fce9b395615b035a) commit ec239d16a970daae26acadb0c4a732e349e3435d Author: Noel Power Date: Wed Jan 10 10:59:23 2024 + s3/rpc_client: Remove stray unnecessary comment Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett (cherry picked from commit efa60ff3105ac806d2a5d82dd0615ddb7578) commit 3d47cae71d953e05e793ca5dd392fa6e260e23e0 Author: Noel Power Date: Mon Jan 8 15:12:35 2024 + s3/rpc_client: change type of offset to uint64_t Offset can be a 32 or 64 bit address depending on the indexing
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via 7107b233346 ctdb-protocol: Add missing push support for new controls from 22e56d9ea2d python: Remove ‘typing.Final’ https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit 7107b233346f8540384a39b50c4f01ce3f5d2dc3 Author: Martin Schwenke Date: Fri Feb 9 17:29:46 2024 +1100 ctdb-protocol: Add missing push support for new controls CTDB_CONTROL_TCP_CLIENT_DISCONNECTED and CTDB_CONTROL_TCP_CLIENT_PASSED were added in commits c6602b686b4e50d93272667ef86d3904181fb1ab and 037e8e449deb136ad5ed5e4de05439411b545b6d. They were missing test support for the packet push/pull. While adding the testing (for completeness, before adding another new control) I noticed that the push functionality was absent. This adds that, along with the test support. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15580 Signed-off-by: Martin Schwenke Reviewed-by: Volker Lendecke Autobuild-User(master): Volker Lendecke Autobuild-Date(master): Mon Feb 19 10:21:48 UTC 2024 on atb-devel-224 (cherry picked from commit dd9b11acbc4fbde1941719968aeb463b853b0ffb) Autobuild-User(v4-20-test): Jule Anger Autobuild-Date(v4-20-test): Tue Feb 20 13:46:47 UTC 2024 on atb-devel-224 --- Summary of changes: ctdb/protocol/protocol_control.c | 8 ctdb/tests/src/protocol_common_ctdb.c | 33 + ctdb/tests/src/protocol_ctdb_test.c | 2 +- 3 files changed, 42 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/ctdb/protocol/protocol_control.c b/ctdb/protocol/protocol_control.c index 83ed6cb4ee1..e4491159937 100644 --- a/ctdb/protocol/protocol_control.c +++ b/ctdb/protocol/protocol_control.c @@ -693,6 +693,14 @@ static void ctdb_req_control_data_push(struct ctdb_req_control_data *cd, case CTDB_CONTROL_ECHO_DATA: ctdb_echo_data_push(cd->data.echo_data, buf, ); break; + + case CTDB_CONTROL_TCP_CLIENT_DISCONNECTED: + ctdb_connection_push(cd->data.conn, buf, ); + break; + + case CTDB_CONTROL_TCP_CLIENT_PASSED: + ctdb_connection_push(cd->data.conn, buf, ); + break; } *npush = np; diff --git a/ctdb/tests/src/protocol_common_ctdb.c b/ctdb/tests/src/protocol_common_ctdb.c index 384076824a4..8a8e114f67a 100644 --- a/ctdb/tests/src/protocol_common_ctdb.c +++ b/ctdb/tests/src/protocol_common_ctdb.c @@ -593,6 +593,19 @@ void fill_ctdb_req_control_data(TALLOC_CTX *mem_ctx, case CTDB_CONTROL_ENABLE_NODE: break; + + case CTDB_CONTROL_TCP_CLIENT_DISCONNECTED: + cd->data.conn = talloc(mem_ctx, struct ctdb_connection); + assert(cd->data.conn != NULL); + fill_ctdb_connection(mem_ctx, cd->data.conn); + break; + + case CTDB_CONTROL_TCP_CLIENT_PASSED: + cd->data.conn = talloc(mem_ctx, struct ctdb_connection); + assert(cd->data.conn != NULL); + fill_ctdb_connection(mem_ctx, cd->data.conn); + break; + } } @@ -982,6 +995,14 @@ void verify_ctdb_req_control_data(struct ctdb_req_control_data *cd, case CTDB_CONTROL_ENABLE_NODE: break; + + case CTDB_CONTROL_TCP_CLIENT_DISCONNECTED: + verify_ctdb_connection(cd->data.conn, cd2->data.conn); + break; + + case CTDB_CONTROL_TCP_CLIENT_PASSED: + verify_ctdb_connection(cd->data.conn, cd2->data.conn); + break; } } @@ -1378,6 +1399,12 @@ void fill_ctdb_reply_control_data(TALLOC_CTX *mem_ctx, case CTDB_CONTROL_ENABLE_NODE: break; + + case CTDB_CONTROL_TCP_CLIENT_DISCONNECTED: + break; + + case CTDB_CONTROL_TCP_CLIENT_PASSED: + break; } } @@ -1715,6 +1742,12 @@ void verify_ctdb_reply_control_data(struct ctdb_reply_control_data *cd, case CTDB_CONTROL_ENABLE_NODE: break; + + case CTDB_CONTROL_TCP_CLIENT_DISCONNECTED: + break; + + case CTDB_CONTROL_TCP_CLIENT_PASSED: + break; } } diff --git a/ctdb/tests/src/protocol_ctdb_test.c b/ctdb/tests/src/protocol_ctdb_test.c index f6fb5134a00..840d465ae30 100644 --- a/ctdb/tests/src/protocol_ctdb_test.c +++ b/ctdb/tests/src/protocol_ctdb_test.c @@ -277,7 +277,7 @@ PROTOCOL_CTDB4_TEST(struct ctdb_req_dmaster, ctdb_req_dmaster, PROTOCOL_CTDB4_TEST(struct ctdb_reply_dmaster, ctdb_reply_dmaster, CTDB_REPLY_DMASTER); -#define NUM_CONTROLS 159 +#define NUM_CONTROLS 161 PROTOCOL_CTDB2_TEST(struct ctdb_req_control_data, ctdb_req_control_data);
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated
via 22e56d9ea2d python: Remove ‘typing.Final’
via 9366f554862 python: do not make use of typing.Final for python 3.6
via 858090913e3 docs-xml: document "smb3 share cap:{CONTINUOUS
AVAILABILITY,SCALE OUT,CLUSTER,ASYMMETRIC}"
via d8e056d8b0d smb2_tcon: only announce SMB3 related share
capabilities if SMB3 is used
via 3a8a86adc66 smb2_tcon: only announce SMB2_SHARE_CAP_CLUSTER if
rpcd_witness can run
via 87e56ada0db docs-xml: add details for 'net witness'
via c4e4d41f0ac s3:utils: fix help string for 'net witness
force-response'
via f9c0968743d ctdb/events: add 47.samba-dcerpcd.script
via bc89a069b3c ctdb/events: use 'service "$CTDB_SERVICE_NMB" status'
in 48.netbios.script
from d998b68af68 VERSION: Bump version up to Samba 4.20.0rc3...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test
- Log -
commit 22e56d9ea2d4a58c2abec86a278cfa2c896ba096
Author: Jo Sutton
Date: Fri Feb 2 12:23:58 2024 +1300
python: Remove ‘typing.Final’
This is only present in Python 3.8 and above.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15575
Signed-off-by: Jo Sutton
Reviewed-by: Andrew Bartlett
(cherry picked from commit d6fe66ddeeb99c550fa9a0f1abb845e6daf71f8a)
Autobuild-User(v4-20-test): Jule Anger
Autobuild-Date(v4-20-test): Mon Feb 19 15:35:39 UTC 2024 on atb-devel-224
commit 9366f55486254e1641a3ddc73c69e8ace774f6dc
Author: Rob van der Linde
Date: Fri Feb 2 12:54:41 2024 +1300
python: do not make use of typing.Final for python 3.6
Python 3.6 does not have typing.Final yet
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15575
Signed-off-by: Rob van der Linde
Reviewed-by: Douglas Bagnall
Reviewed-by: Andrew Bartlett
(cherry picked from commit ecc84aa448a962f1a224144bbb65f0cef36a4279)
commit 858090913e389c1de8525cefe753642e724c2ac7
Author: Stefan Metzmacher
Date: Thu Feb 8 15:43:39 2024 +0100
docs-xml: document "smb3 share cap:{CONTINUOUS AVAILABILITY,SCALE
OUT,CLUSTER,ASYMMETRIC}"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577
Signed-off-by: Stefan Metzmacher
Reviewed-by: Guenther Deschner
Autobuild-User(master): Günther Deschner
Autobuild-Date(master): Tue Feb 13 21:06:24 UTC 2024 on atb-devel-224
(cherry picked from commit 7a674ee9ffeca047ceed7ac046db1b168d4025a6)
commit d8e056d8b0d6dc5cbe465c1c55c83574d6296f5d
Author: Stefan Metzmacher
Date: Thu Feb 8 15:31:10 2024 +0100
smb2_tcon: only announce SMB3 related share capabilities if SMB3 is used
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577
Signed-off-by: Stefan Metzmacher
Reviewed-by: Guenther Deschner
(cherry picked from commit 32b84c5bce00c4f91191596dc00d9824e82e0f24)
commit 3a8a86adc6674e78927271f9809a74733c7ffb07
Author: Stefan Metzmacher
Date: Thu Feb 8 15:15:28 2024 +0100
smb2_tcon: only announce SMB2_SHARE_CAP_CLUSTER if rpcd_witness can run
rpcd_witness needs ncacn_ip_tcp support and that's only
available if samba-dcerpcd is not started on demand.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577
Signed-off-by: Stefan Metzmacher
Reviewed-by: Guenther Deschner
(cherry picked from commit d8bfd737032c6a8623512fcb2cd01850628a)
commit 87e56ada0db353b06559cb8fdc6460a96a6ef204
Author: Stefan Metzmacher
Date: Thu Feb 8 14:25:05 2024 +0100
docs-xml: add details for 'net witness'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577
Signed-off-by: Stefan Metzmacher
Reviewed-by: Guenther Deschner
(cherry picked from commit 1d0938d6fe46c06432ae5fda9e7491b908a9ac56)
commit c4e4d41f0ac0827587556ea17c1e54d7f760f1e3
Author: Stefan Metzmacher
Date: Thu Feb 8 15:07:42 2024 +0100
s3:utils: fix help string for 'net witness force-response'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577
Signed-off-by: Stefan Metzmacher
Reviewed-by: Guenther Deschner
(cherry picked from commit 7a23429ed6a04bb14509758492bfaee5db6dbd0d)
commit f9c0968743dc526e8d26231a5e91a3419750540c
Author: Stefan Metzmacher
Date: Fri Feb 2 13:54:20 2024 +0100
ctdb/events: add 47.samba-dcerpcd.script
If someone wants to enable the witness service
samba-dcerpcd needs to be started as standalone service
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577
Signed-off-by: Stefan Metzmacher
Reviewed-by: Guenther Deschner
(cherry picked from commit f1f68108cc303b92b8a88728d12c2b699fdfc731)
commit bc89a069b3cda1970ef1e2da9d998f45cbc567b4
Author: Stefan Metzmacher
Date: Fri Feb 2 13:54:20 2024 +0100
ctdb/events: use 'service "$CTDB_SERVICE_NMB" status' in 48.netbios.script
We can easily monitor if the service is
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via d998b68af68 VERSION: Bump version up to Samba 4.20.0rc3... via 0167b75a5b2 VERSION: Disable GIT_SNAPSHOT for the 4.20.0rc2 release. via f06a06b7132 WHATSNEW: Add release notes for Samba 4.20.0rc2. from f8dfce94822 WHATSNEW: Explain new AD DC Claims, authentication policies and Silos https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit d998b68af68b4d06c7b3518b8e18861bbb2535e3 Author: Jule Anger Date: Mon Feb 12 14:05:12 2024 +0100 VERSION: Bump version up to Samba 4.20.0rc3... and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger commit 0167b75a5b2a24942d2d93dfee3cb20284c32d38 Author: Jule Anger Date: Mon Feb 12 14:04:39 2024 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.20.0rc2 release. Signed-off-by: Jule Anger commit f06a06b7132668af8ed3ba48a3b5caf003f4cb12 Author: Jule Anger Date: Mon Feb 12 14:01:59 2024 +0100 WHATSNEW: Add release notes for Samba 4.20.0rc2. Signed-off-by: Jule Anger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 15 ++- 2 files changed, 15 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index c90ef06f13e..486a47b8f52 100644 --- a/VERSION +++ b/VERSION @@ -89,7 +89,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=2 +SAMBA_VERSION_RC_RELEASE=3 # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index f7c38dc9f0e..de3b0f03d49 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements = -This is the first release candidate of Samba 4.20. This is *not* +This is the second release candidate of Samba 4.20. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. @@ -214,6 +214,19 @@ smb.conf changes acl claims evaluation new AD DC only +CHANGES SINCE 4.20.0rc1 +=== + +o Douglas Bagnall + * BUG 15574: Performance regression for NDR parsing of security descriptors. + +o Anoop C S + * BUG 15565: Build and install man page for wspsearch client utility. + +o Andreas Schneider + * BUG 15558: samba-gpupdate logging doesn't work. + + KNOWN ISSUES -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via f8dfce94822 WHATSNEW: Explain new AD DC Claims, authentication policies and Silos via 4872b0abf6b WHATSNEW: Add some information about new conditional aces feature via 8e8b8fc0548 WHATSNEW: note "acl_claims evaluation" smb.conf option via 7f338d6119a ndr: ignore trailing bytes in ndr_pull_security_ace() via 0f81aec9a19 ndr: ndr_push_security_ace: calculate coda size once via 4808478685c ndr: avoid object ACE push overhead for non-object ACE via 276e67fe174 ndr: avoid object ACE pull overhead for non-object ACE via 5c0f6a20745 ndr: do not push ACE->coda.ignored blob via d4547daf5ee ndr: mark invalid pull ndr_flags as unlikely via 5d0d17a92db ndr: skip talloc when pulling empty DATA_BLOB via e61d447690f ndr: ACE push avoids no-op coda pushes via e4cf11b1b39 ndr: make security_ace push manual via c9974e622bf ndr: short-circuit ace coda if no bytes left via 8787185a6ca ndr: shift ndr_pull_security_ace to manual code via f8014cae2eb pidl: calculate subcontext_size only once per pull via b5289d66e9e perftest: ndr_pack runs in none environment via fb49ce47609 perftest:ndr_pack: spin in do_nothing for a while via 14edd0fd1ef perftest:ndr_pack: use a valid dummy SID via 1287f182167 perftest:ndr_pack_performance: remove irrelevant imports, options via 7f0bdf2b99e perftest:ndr_pack: slightly reduce python overhead via 66fa6885551 perftest: ndr_pack_performance gets more SD types via daf5b5f5eb2 perftest:ndr_pack: rename SD tests with object ACEs from 59365287486 docs-xml: Build and install man page for wspsearch https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit f8dfce94822f043d27de2d92a3f0b3d0f27c5de4 Author: Andrew Bartlett Date: Thu Feb 1 11:33:27 2024 +1300 WHATSNEW: Explain new AD DC Claims, authentication policies and Silos BUG: https://bugzilla.samba.org/show_bug.cgi?id=15566 Signed-off-by: Andrew Bartlett Autobuild-User(v4-20-test): Jule Anger Autobuild-Date(v4-20-test): Mon Feb 12 11:55:51 UTC 2024 on atb-devel-224 commit 4872b0abf6b085f7e7ae14524be6fe99887468fe Author: Douglas Bagnall Date: Mon Jan 15 15:21:11 2024 +1300 WHATSNEW: Add some information about new conditional aces feature BUG: https://bugzilla.samba.org/show_bug.cgi?id=15566 Signed-off-by: Douglas Bagnall commit 8e8b8fc0548fc497473aad09e6f0f0a55e572da8 Author: Douglas Bagnall Date: Mon Jan 15 15:22:27 2024 +1300 WHATSNEW: note "acl_claims evaluation" smb.conf option BUG: https://bugzilla.samba.org/show_bug.cgi?id=15566 Signed-off-by: Douglas Bagnall commit 7f338d6119acd5a3129248d4e61df626f4087560 Author: Douglas Bagnall Date: Mon Jan 8 15:05:35 2024 +1300 ndr: ignore trailing bytes in ndr_pull_security_ace() This returns the behaviour with ordinary ACEs to where it was with 4.19. Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574 (cherry picked from commit 0c1f421c107be3156b3f1db75aced24a1bca3d2f) commit 0f81aec9a19fe3f0c7d1bcc26c2d354a22747903 Author: Douglas Bagnall Date: Mon Jan 8 14:50:30 2024 +1300 ndr: ndr_push_security_ace: calculate coda size once Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574 (cherry picked from commit a72c198921f64f2502f543c7158762c64cb3074e) commit 4808478685caea32b5d5580a940b314f785000c3 Author: Douglas Bagnall Date: Mon Jan 1 10:21:55 2024 +1300 ndr: avoid object ACE push overhead for non-object ACE Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574 (cherry picked from commit ecb5da3e49283ca3a03dea81d22db4a081e192e4) commit 276e67fe174caab58d9a020a9357ca0d04631f13 Author: Douglas Bagnall Date: Mon Jan 1 10:21:33 2024 +1300 ndr: avoid object ACE pull overhead for non-object ACE When an ACE is not an object ACE, which is common, setting the switch value and attempting the object ACE GUID pull is just going to do nothing, and we know that ahead of time. By noticing that we can save a bit of time on a common operation. Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574 (cherry picked from commit fce4d51eb492a6fc807c6849cd4bd65ca7714509) commit 5c0f6a207453c1ef11fc8cef42ab0a6b02abf99b Author: Douglas Bagnall Date: Sun Dec 31 17:45:36 2023 +1300 ndr: do not push ACE->coda.ignored blob From 1e80221b2340de5ef5e2a17f10511bbc2c041163 (2008) until c73034cf7c4392f5d3505319948bc84634c20fa5
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated
via 59365287486 docs-xml: Build and install man page for wspsearch
via 9e946a8ddd3 python:gp: Fix logging with gp
from 7908c00dec2 VERSION: Bump version up to Samba 4.20.0rc2...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test
- Log -
commit 593652874866a22a9df7a93b09627c0fbc328129
Author: Anoop C S
Date: Tue Jan 30 14:33:07 2024 +0530
docs-xml: Build and install man page for wspsearch
Commit 49b6137f7c2244aeb3cf9b65fc9d46fcf0b8dc55 switched the default
to install `wspsearch` client from False to True but missed to build
and install the corresponding man page. Therefore adding wspsearch.1
to the list of man pages to be built and installed by default.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15565
Signed-off-by: Anoop C S
Reviewed-by: Andreas Schneider
Autobuild-User(master): Anoop C S
Autobuild-Date(master): Tue Jan 30 14:38:58 UTC 2024 on atb-devel-224
(cherry picked from commit a48f8ae30775bb2dc07768c3df88968800f51470)
Autobuild-User(v4-20-test): Jule Anger
Autobuild-Date(v4-20-test): Mon Feb 5 14:05:01 UTC 2024 on atb-devel-224
commit 9e946a8ddd37ac8286c08293d1509260520f252e
Author: Andreas Schneider
Date: Mon Jan 29 17:46:30 2024 +0100
python:gp: Fix logging with gp
This allows enable INFO level logging with: `samba-gpupdate -d3`
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15558
Signed-off-by: Andreas Schneider
Reviewed-by: Joseph Sutton
Reviewed-by: Andrew Bartlett
(cherry picked from commit 145194071b10c4c1857f28fe79c57fd63ffab889)
---
Summary of changes:
docs-xml/wscript_build | 1 +
python/samba/gp/util/logging.py | 5 +++--
2 files changed, 4 insertions(+), 2 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/wscript_build b/docs-xml/wscript_build
index 95ed08ed1d8..434afacaf1e 100644
--- a/docs-xml/wscript_build
+++ b/docs-xml/wscript_build
@@ -54,6 +54,7 @@ manpages='''
manpages/wbinfo.1
manpages/winbindd.8
manpages/samba-log-parser.1
+ manpages/wspsearch.1
'''
pam_winbind_manpages = '''
diff --git a/python/samba/gp/util/logging.py b/python/samba/gp/util/logging.py
index 9e70891b62c..da085d8d7e6 100644
--- a/python/samba/gp/util/logging.py
+++ b/python/samba/gp/util/logging.py
@@ -23,9 +23,10 @@ import gettext
import random
import sys
-logger = logging.getLogger()
+logger = logging.getLogger("gp")
+
+
def logger_init(name, log_level):
-logger = logging.getLogger(name)
logger.addHandler(logging.StreamHandler(sys.stdout))
logger.setLevel(logging.CRITICAL)
if log_level == 1:
--
Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated
via 7908c00dec2 VERSION: Bump version up to Samba 4.20.0rc2...
via d05af785057 VERSION: Disable GIT_SNAPSHOT for the Samba 4.20.0rc1
release.
via 8e31cb2007a WHATSNEW: Up to Samba 4.20.0rc1.
via ec91204387b ldb: release 2.9.0 for use in Samba 4.20.x
via 0ba05d5bbb1 tevent: release 0.16.1
via 5032ab712c6 tdb: release 1.4.10
via f28966c1638 talloc: release 2.4.2
from 1f823424418 python:gp: Improve working of log messages to avoid
confusion
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test
- Log -
commit 7908c00dec284265531496040dddb265acb6ee5a
Author: Jule Anger
Date: Mon Jan 29 17:31:31 2024 +0100
VERSION: Bump version up to Samba 4.20.0rc2...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger
---
Summary of changes:
VERSION | 4 ++--
WHATSNEW.txt | 2 +-
lib/ldb/wscript | 2 +-
lib/talloc/ABI/{pytalloc-util-2.3.0.sigs => pytalloc-util-2.4.2.sigs} | 0
lib/talloc/ABI/{talloc-2.3.5.sigs => talloc-2.4.2.sigs} | 0
lib/talloc/wscript| 2 +-
lib/tdb/ABI/{tdb-1.3.17.sigs => tdb-1.4.10.sigs} | 0
lib/tdb/wscript | 2 +-
lib/tevent/ABI/{tevent-0.15.0.sigs => tevent-0.16.1.sigs} | 0
lib/tevent/wscript| 2 +-
10 files changed, 7 insertions(+), 7 deletions(-)
copy lib/talloc/ABI/{pytalloc-util-2.3.0.sigs => pytalloc-util-2.4.2.sigs}
(100%)
copy lib/talloc/ABI/{talloc-2.3.5.sigs => talloc-2.4.2.sigs} (100%)
copy lib/tdb/ABI/{tdb-1.3.17.sigs => tdb-1.4.10.sigs} (100%)
copy lib/tevent/ABI/{tevent-0.15.0.sigs => tevent-0.16.1.sigs} (100%)
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index bde2e90dffc..c90ef06f13e 100644
--- a/VERSION
+++ b/VERSION
@@ -79,7 +79,7 @@ SAMBA_VERSION_BETA_RELEASE=
# e.g. SAMBA_VERSION_PRE_RELEASE=1 #
# -> "2.2.9pre1" #
-SAMBA_VERSION_PRE_RELEASE=1
+SAMBA_VERSION_PRE_RELEASE=
# For 'rc' releases the version will be#
@@ -89,7 +89,7 @@ SAMBA_VERSION_PRE_RELEASE=1
# e.g. SAMBA_VERSION_RC_RELEASE=1 #
# -> "3.0.0rc1" #
-SAMBA_VERSION_RC_RELEASE=
+SAMBA_VERSION_RC_RELEASE=2
# To mark SVN snapshots this should be set to 'yes'#
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index e2bd54a1d01..8158a80288c 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,7 +1,7 @@
Release Announcements
=
-This is the first pre release of Samba 4.20. This is *not*
+This is the first release candidate of Samba 4.20. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
diff --git a/lib/ldb/wscript b/lib/ldb/wscript
index bb49e95382c..c249a826071 100644
--- a/lib/ldb/wscript
+++ b/lib/ldb/wscript
@@ -1,7 +1,7 @@
#!/usr/bin/env python
APPNAME = 'ldb'
-# For Samba 4.20.x
+# For Samba 4.20.x !
VERSION = '2.9.0'
import sys, os
diff --git a/lib/talloc/ABI/pytalloc-util-2.3.0.sigs
b/lib/talloc/ABI/pytalloc-util-2.4.2.sigs
similarity index 100%
copy from lib/talloc/ABI/pytalloc-util-2.3.0.sigs
copy to lib/talloc/ABI/pytalloc-util-2.4.2.sigs
diff --git a/lib/talloc/ABI/talloc-2.3.5.sigs b/lib/talloc/ABI/talloc-2.4.2.sigs
similarity index 100%
copy from lib/talloc/ABI/talloc-2.3.5.sigs
copy to lib/talloc/ABI/talloc-2.4.2.sigs
diff --git a/lib/talloc/wscript b/lib/talloc/wscript
index 075f1ec4417..8b5e02d36c5 100644
--- a/lib/talloc/wscript
+++ b/lib/talloc/wscript
@@ -1,7 +1,7 @@
#!/usr/bin/env python
APPNAME = 'talloc'
-VERSION = '2.4.1'
+VERSION = '2.4.2'
import os
import sys
diff --git a/lib/tdb/ABI/tdb-1.3.17.sigs b/lib/tdb/ABI/tdb-1.4.10.sigs
similarity index 100%
copy from lib/tdb/ABI/tdb-1.3.17.sigs
copy to lib/tdb/ABI/tdb-1.4.10.sigs
diff --git a/lib/tdb/wscript b/lib/tdb/wscript
index 5e6a928d5bc..2c587fbee44 100644
--- a/lib/tdb/wscript
+++ b/lib/tdb/wscript
@@ -1,7 +1,7 @@
#!/usr/bin/env python
APPNAME = 'tdb'
-VERSION = '1.4.9'
+VERSION = '1.4.10'
import sys, os
diff --git a/lib/tevent/ABI/tevent-0.15.0.sigs
b/lib/tevent/ABI/tevent-0.16.1.sigs
similarity index 100%
copy from
