[SCM] Samba Shared Repository - branch v4-4-stable updated
Karolin Seeger
kseeger at samba.org
Fri Sep 23 06:29:37 UTC 2016
The branch, v4-4-stable has been updated
via 99ced63 Revert "script/release.sh: use 8 byte gpg key ids"
via b93b6dd VERSION: Disable git snapshots for the 4.4.6 release.
via 54690a1 WHATSNEW: Add release notes for Samba 4.4.6.
via 4f8a057 ctdb-recovery-helper: Add missing initialisation of ban_credits
via b1264c2 lib: poll_funcs : poll_funcs_context_slot_find can select the wrong slot to replace.
via c748a17 lib/poll_funcs: free contexts in poll_funcs_state_destructor()
via b064dfd vfs_acl_xattr|tdb: enforced settings when ignore system acls=yes
via 7f3a857 docs: document vfs_acl_xattr|tdb enforced settings
via 4b34770 vfs_acl_common: use DBG_LEVEL and remove function prefixes in DEBUG statements
via ac1d93e s4/torture: tests for vfs_acl_xattr default ACL styles
via 41fb2ca vfs_acl_common: Windows style default ACL
via b94eefa vfs_acl_xattr|tdb: add option to control default ACL style
via 5bc32fe vfs_acl_common: check for ignore_system_acls before fetching filesystem ACL
via a0fd7a5 vfs_acl_common: move stat stuff to a helper function
via 1fd98a8 vfs_acl_tdb|xattr: use a config handle
via 8084382 vfs_acl_common: move the ACL blob validation to a helper function
via 7a80d45 vfs_acl_common: simplify ACL logic, cleanup and talloc hierarchy
via c1de539 vfs_acl_common: remove redundant NULL assignment
via d72dcd2 vfs_acl_common: rename pdesc_next to psd_fs
via 31fc554 vfs_acl_common: rename psd to psd_blob in get_nt_acl_internal()
via 06e9649 Revert "vfs_acl_xattr: objects without NT ACL xattr"
via 180a034 vfs_shadow_copy: handle non-existant files and wildcards
via cbdb72f selftest: test listing directories inside snapshots
via 962ab3d selftest: check file readability in shadow_copy2 test
via 73cb902 selftest: add content to files created during shadow_copy2 test
via 0cf3141 ctdb-ipalloc: Fix cumulative takeover timeout
via f557d0c ctdb-ipalloc: Use a cumulative timeout for takeover run stages
via aa45e1a smbd: Reset O_NONBLOCK on open files
via 1324acb ctdb-recovery: Terminate if recovery fails without any banning credits
via e4e5018 ctdb-protocol: Fix marshalling for GET_DB_SEQNUM control request
via 80e17c7 s3/smbd: in call_trans2qfilepathinfo call lstat when dealing with posix pathnames
via 44107d9 ctdb-packaging: Fix systemd network dependency
via 87a42e6 ctdb-daemon: Don't steal control structure before synchronous reply
via f91cc13 ctdb-daemon: Handle failure immediately, do housekeeping later
via ed7a8f4 ctdb-daemon: Schedule running of callback if there are no event scripts
via 438a79e s3-util: Fix asking for username and password in smbget.
via 88c1b5c ctdb-daemon: When releasing an IP, update PNN in callback
via d17bc0c ctdb-daemon: Rename takeover_callback_state -> release_ip_callback_state
via 80fce45 ctdb-daemon: Use release_ip_post() when releasing all IP addresses
via f981ea8 ctdb-daemon: Factor out new function release_ip_post()
via 471eeec ctdb-daemon: Do not copy address for RELEASE_IP message
via c215783 ctdb-daemon: Do not update the VNN state on RELEASE_IP failure
via 6d24dd8 ctdb-daemon: Try to release IP address even if interface is unknown
via 5bbb0c6 ctdb-takeover: Inform clients when dropping all IP addresses
via 11055aa ctdb-takeover: Do not kill smbd processes on releasing IP
via e0deedd idmap: centrally check that unix IDs returned by the idmap backends are in range
via 9a320f6 idmap: don't generally forbid id==0 from idmap_unix_id_is_in_range()
via c6ac876 smbd: allow reading files based on FILE_EXECUTE access right
via 59eb36d smbd: look only at handle readability for COPYCHUNK dest
via fda7740 s4-smbtorture: pin copychunk exec right behavior
via 5ba3f0c seltest: allow opening files with arbitrary rights in smb2.ioctl tests
via 577b459 seltest: implicit FILE_READ_DATA non-reporting
via 5580e5f s4-selftest: add test for read access check
via f2f8df9 s4-selftest: add functions which create with desired access
via c0154e8 s4-smbtorture: use standard macros in smb2.read test
via c3169bc selftest: add tests for dfree with inherit owner enabled
via 3d0a4f3 selftest: add definition of smbcacls to selftesthelpers.py
via adb3987 selftest: refactor test_dfree_quota.sh - add share parameter
via 475131c smbd: use owner uid for free disk calculation if owner is inherited
via f776b51 smbd: get a valid file stat to disk_quotas
via 1a07eec quotas: small cleanup
via a8accc7 s3: oplock: Fix race condition when closing an oplocked file.
via fc5f102 smbd: oplock: Factor out internals of remove_oplock() into new remove_oplock_under_lock().
via 13c24a8 smbd: oplock: Fixup debug messages inside remove_oplock().
via 52efd0c gensec/spnego: work around missing server mechListMIC in SMB servers
via 7aaf3f58 dbcheck: Abandon dbcheck if we get an error during a transaction
via 3f19982 dsdb: Allow missing a mandatory attribute from a dbcheck fix
via 28d8230 script/release.sh: use 8 byte gpg key ids
via 1305ba6 libgpo: Correctly use the 'server' parameter after parsing it out of the GPO path.
via fcb7910 s3: libsmb: Protect cli_connect_nb_send() from being passed a NULL hostname and dest_ss.
via 39b4580 ldb-samba: Add "secret" as a value to hide in LDIF files
via 3d11e5f samba-tool/ldapcmp: ignore differences of whenChanged
via fd6d190 script/autobuild.py: include the branch name in the output
via 4245237 autobuild: fix typo in autobuild success subject line
via ec5f390 autobuild: Return the last 50 log lines
via 8620c56 dbwrap_ctdb: treat empty records in ltdb as non-existing
via 8f6b83d s4/torture: add a test for ctdb-tombstrone-record deadlock
via a21dbf7 smbd: ignore ctdb tombstone records in fetch_share_mode_unlocked_parser()
via 793a6da ctdb-daemon: Fix CID 1125627 Resource leak (RESOURCE_LEAK)
via 0bb88b7 ctdb-common: Fix CID 1125585 Dereference after null check (FORWARD_NULL)
via 3a182d1 ctdb-common: Fix CID 1125583 Dereference after null check (FORWARD_NULL)
via d6bbbb7 ctdb-common: Fix CID 1125581 Dereference after null check (FORWARD_NULL)
via 1a9e8e0 ctdb-daemon: Fix CID 1363067 Resource leak (RESOURCE_LEAK)
via 1a1dbce ctdb-daemon: Fix CID 1363233 Resource leak (RESOURCE_LEAK)
via 6b22bee ctdb-utils: Fix CID 1297451 Explicit null dereferenced (FORWARD_NULL)
via 0c0231d ctdb-common: Consistently use strlcpy() on interface names
via 5fb821d ctdb-common: Fix CID 1125553 Buffer not null terminated (BUFFER_SIZE_WARNING)
via b9a3011 ctdb-daemon: Fix CID 1364527/8/9: Null pointer dereferences (NULL_RETURNS)
via f557672 ctdb-packaging: Move ctdb tests to libexec directory
via ef3697f ctdb-waf: Move ctdb tests to libexec directory
via ec4a00b man: Wrong option for parameter ldap ssl in smb.conf man page
via 49d09f6 async_req: make async_connect_send() "reentrant"
via d6639d7 vfs_acl_xattr: objects without NT ACL xattr
via 10e1023 s3/smbd: move make_default_filesystem_acl() to vfs_acl_common.c
via 5bf53f0 s3-rpc_server/mdssd: use smbd_reinit_after_fork()
via 234dec5 smbd/notifyd: use smbd_reinit_after_fork()
via 7f7e9d7 smbd/cleanupd: use smbd_reinit_after_fork()
via 965e6ed selftest: test idmap backend id allocation for unknown SIDS
via 036a6bd selftest: make autorid the default idmap backend in admember_rfc2307
via d5af3f3 winbindd: in wb_lookupsids return domain name if we have it
via 01632a8 winbindd/idmap_rfc2307: fix a crash
via 5437525 s3:mdssvc: older glib2 versions require g_type_init()
via 34f5dc7 s3: smbd: Fix delete operations enumerating streams inside a file. This must always be done as a Windows operation.
via 250a064 s3: smbd: Change lp_set_posix_pathnames() to take a newval parameter and return the old one.
via 2a71f2e python/remove_dc: handle dnsNode objects without dnsRecord attribute
via bba6aa0 s4: ldb: Ignore case of "range" in sscanf as we've already checked for its presence.
via ea0770f third_party/zlib/zlib.h: use HAVE___ATTRIBUTE__ instead of __GNUC__
via ceb8542 s4/lib/wmi_wrap: use HAVE___ATTRIBUTE__ instead of __GNUC__
via 3d62a68 mdssvc/sparql_parser.c: use HAVE___ATTRIBUTE__ instead of __GNUC__
via 8c47303 s3/modules/getdate: use HAVE___ATTRIBUTE__ instead of __GNUC__
via fc4863a tevent.h: use HAVE___ATTRIBUTE__ instead of __GNUC__
via e8e6d4b libreplace: use HAVE___ATTRIBUTE__ instead of __GNUC__
via 7ae1446 util/attr.h: use HAVE___ATTRIBUTE__, not __GNUC__ comparisons
via 385c341 configure: set HAVE___ATTRIBUTE__ for heimdal
via f8cfb88 param: Correct the defaults for "dcerpc endpoint services"
via 7243019 build: Always build eventlog6. This is not a duplicate of eventlog
via 8cfac46 libads: ensure the right ccache is used during spnego bind
via 98634bf libads: ensure the right ccache is used during gssapi bind
via b5aa461 auth: fix a memory leak in gssapi_get_session_key()
via ebc1e9a s3-libads: fix a memory leak in ads_sasl_spnego_bind()
via e93603f VERSION: Bump version up to 4.4.6...
via bc776bc Merge tag 'samba-4.4.5' into v4-4-test
via a2353be s3-winbind: Fix memory leak with each cached credential login
via 8bac275 libutil: Support systemd 230
via 833bbdd s4/torture: add a test for dosmode and hidden files
via efd6eaf s3/smbd: only use stored dos attributes for open_match_attributes() check
via 7448b50 s3/smbd: make get_ea_dos_attribute() public
via c8d3d3c s3/smbd: move check for "hide files" to dos_mode_from_name()
via 3296ee7 s3/smbd: call dos_mode_from_name after get_ea_dos_attribute()
via 60587e8 s3/smbd: add helper func dos_mode_from_name()
via 9e4b9e5 dcerpc.idl: remove unused DCERPC_NCACN_PAYLOAD_MAX_SIZE
via 1a0775e s4:rpc_server: use a variable for the max total reassembled request payload
via 81d7c85 s4:librpc/rpc: allow a total reassembled response payload of 240 MBytes
via 2e69fda dcerpc.idl: add DCERPC_NCACN_{REQUEST,RESPONSE}_DEFAULT_MAX_SIZE
via ffd4a79 python/tests: add auth_pad test for the dcerpc raw_protocol test
via c63f1d1 s4:rpc_server: generate the correct error when we got an invalid auth_pad_length on BIND,ALTER,AUTH3
via cdc5165 librpc/rpc: ignore invalid auth_pad_length values in BIND, ALTER and AUTH3 pdus
via c7fd95c librpc/rpc: let dcerpc_pull_auth_trailer() check that auth_pad_length fits within the whole pdu.
via 23273a6 librpc/rpc: let dcerpc_pull_auth_trailer() only accept auth_length!=NULL or auth_data_only=true
via c382397 s4:librpc/rpc: don't ask for auth_length if we ask for auth data only
via 793b222 s4:rpc_server: parse auth data only for BIND,ALTER_REQ,AUTH3
via 84f54ce build: Build less of Samba when building --without-ntvfs-fileserver
via bf9367e s3: libsmb: Correctly trim a trailing \ character in cli_smb2_create_fnum_send() when passing a pathname to SMB2 create.
via ac41e16 selftest: Add a DNS test matching Windows
via 6ec1a8a s4: dns: Correctly check for talloc failure.
via 6aeed14 selftest: add test for DNS updates with TKEY/TSIG
via 3f7f433 s4/dns_server: enable sending of TSIG error records
via ea2d415 s4/dns_server: prepare sending correct error responses for dns_verify_tsig() errors
via 1c8d127 s4/dns_server: don't compute TSIG MAC in TSIG error records
via 721a858 s4/dns_server: error codes for failing MAC verification in TSIG requests
via f116a7b s4/dns_server: ensure we store the key name in error code paths
via 0822257 s4/dns_server: not finding the key here is a fatal error
via 001d7dd s4/dns_server: split out function that does the MAC computation
via c56d05c s4/dns_server: include request MAC in TSIG response MAC calculation
via d2ab8d3 librpc/dns: remove original_id from dns_fake_tsig_rec
via 33a6532 librpc/dns: don't compress strings in TKEY and TSIG responses
via d4cf68c librpc/ndr: add flag LIBNDR_FLAG_NO_COMPRESSION
via ddcf7b7 libnet: ignore realm setting for domain security joins to AD domains if 'winbind rpc only = true'
via fdb3f7f s3-libnet: Print error string even on successfuly completion of libnetjoin.
via cee44fd s4: torture: Added raw readX test to ensure 'reserved' fields are zero.
via e23b5f8 s3: smbd: In reply_read_and_X() SMB1 server is overwriting part of the 'reserved' zero fields with reply data length.
via 9b3295c s3: smbd: Use common function setup_readX_header() in aio read code.
via b3add95 s3: smbd: Make setup_readX_header() externally accessible
via 40f4125 s3: smbd: Remove unused 'req' argument from setup_readX_header()
via 2b63c23 libnet_join: use sitename if it was set by pre-join detection
via 53ac611 s3: krb5: keytab - The done label can be jumped to with context == NULL.
via 83fa480 lib: Fix uninitialized read in msghdr_copy
via 8acad0e ctdb-recoverd: Avoid duplicate recoverd event in parallel recovery
via fb89732 lib: replace: snprintf - Fix length calculation for hex/octal 64-bit values.
via 4f28e53 ctdb-packaging: Remove tevent-unix-util public library
via f41a550 lib/util: Avoid splitting tevent-unix-util as public library
via 53e55bc ctdb-recovery-helper: Add banning to parallel recovery
via 05a41ad ctdb-recoverd: Add message handler to assigning banning credits
via 24ed0a4 ctdb-protocol: Add srvid for assigning banning credits
via 8d67216 ctdb-daemon: Reset push_started flag once DB_PUSH_CONFIRM is done
via 4b268d0 ctdb-recovery: Update timeout and number of retries during recovery
via 9449b7e ctdb-recovery-helper: Introduce new #define variable
via 10b5961 ctdb-recovery-helper: Improve log message
via 9e7d0c9 ctdb-tests: Add a test for recovery of large databases
via 4b4b870 ctdb-recovery-helper: Introduce push database abstraction
via 406da1e ctdb-recovery-helper: Introduce pull database abstraction
via 5fbc339 ctdb-protocol: Add new capability
via d00deab ctdb-protocol: Add srvid for messages during recovery
via 314a5d5 ctdb-recovery-helper: Write recovery records to a recovery file
via 77257d9 ctdb-recovery-helper: Re-factor function to retain records from recdb
via 7785a9f ctdb-protocol: Add file IO functions for ctdb_rec_buffer
via e1fe4d2 ctdb-recovery-helper: Create accessors for recdb structure fields
via 2543f15 ctdb-recovery-helper: Rename pnn to dmaster in recdb_records()
via e455727 ctdb-recovery-helper: Pass capabilities to database recovery functions
via 715714d ctdb-recovery-helper: Factor out generic recv function
via e8c9c8f ctdb-client: Add client API functions for new controls
via 6c497e4 ctdb-daemon: Implement new controls DB_PULL and DB_PUSH_START/DB_PUSH_CONFIRM
via 24c8068 ctdb-protocol: Add new controls DB_PULL and DB_PUSH_START/DB_PUSH_CONFIRM
via d0c4375 ctdb-protocol: Add new data type ctdb_pulldb_ext for new control
via ea98f51 ctdb-tunables: Add new tunable RecBufferSizeLimit
via c35deed ctdb-client: Add client API for sending message to multiple nodes
via 677fc74 ctdb-recovery-helper: Get tunables first, so control timeout can be set
via 15fc4e8 ctdb-doc: Add documentation for missing tunables
via 83b92a8 ctdb-doc: Update tunables documentation
via 070c51f ctdb-doc: Sort the tunable variables in alphabetical order
via 4c77c02 ctdb-client: Add async version of set/remove message handler functions
via 9ca8891 ctdb-recovery: Add a log message when marshalling recovery database fails
via a33a783 ctdb-recovery: Create recovery databases in state dir
via 049bb18 ctdb-recoverd: Freeze databases whenever the node is INACTIVE
via e9ea633 VERSION: Bump version up to 4.4.5...
from fb3e629 VERSION: Disable git snapshots for the 4.4.5 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-4-stable
- Log -----------------------------------------------------------------
commit 99ced630b38aa6009630b06c4fa45d4f094239d2
Author: Karolin Seeger <kseeger at samba.org>
Date: Thu Sep 22 08:47:21 2016 +0200
Revert "script/release.sh: use 8 byte gpg key ids"
This reverts commit 28d82306b720487ab93474171d91d318afff7b78.
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 151 ++-
auth/gensec/spnego.c | 69 +-
auth/kerberos/gssapi_pac.c | 7 +-
buildtools/wafsamba/wscript | 16 +
ctdb/client/client.h | 43 +
ctdb/client/client_control_sync.c | 86 ++
ctdb/client/client_message.c | 311 +++++
ctdb/common/rb_tree.c | 6 +-
ctdb/common/system_linux.c | 8 +-
ctdb/config/ctdb.service | 2 +-
ctdb/doc/ctdb-tunables.7.xml | 685 +++++-----
ctdb/include/ctdb_private.h | 11 +
ctdb/packaging/RPM/ctdb.spec.in | 7 +-
ctdb/protocol/protocol.h | 24 +-
ctdb/protocol/protocol_api.h | 18 +
ctdb/protocol/protocol_client.c | 70 +
ctdb/protocol/protocol_control.c | 82 +-
ctdb/protocol/protocol_message.c | 12 +
ctdb/protocol/protocol_private.h | 5 +
ctdb/protocol/protocol_types.c | 90 ++
ctdb/server/ctdb_control.c | 12 +
ctdb/server/ctdb_daemon.c | 8 +
ctdb/server/ctdb_logging.c | 9 +-
ctdb/server/ctdb_recover.c | 343 +++++
ctdb/server/ctdb_recoverd.c | 63 +-
ctdb/server/ctdb_recovery_helper.c | 1376 ++++++++++++++++----
ctdb/server/ctdb_takeover.c | 199 +--
ctdb/server/ctdb_tunables.c | 3 +-
ctdb/server/ctdbd.c | 4 +
ctdb/server/eventscript.c | 87 +-
ctdb/tests/simple/78_ctdb_large_db_recovery.sh | 107 ++
ctdb/tests/src/protocol_client_test.c | 48 +
ctdb/tests/src/protocol_types_test.c | 67 +
ctdb/utils/ping_pong/ping_pong.c | 4 +-
ctdb/wscript | 24 +-
docs-xml/manpages/vfs_acl_tdb.8.xml | 49 +
docs-xml/manpages/vfs_acl_xattr.8.xml | 49 +
docs-xml/smbdotconf/ldap/ldapssl.xml | 4 +-
.../smbdotconf/protocol/dcerpcendpointservers.xml | 2 +-
lib/async_req/async_sock.c | 16 +-
lib/ldb-samba/ldif_handlers.c | 2 +-
lib/param/loadparm.c | 2 +-
lib/replace/replace.h | 4 +-
lib/replace/snprintf.c | 6 +-
lib/tevent/tevent.h | 2 +-
lib/util/attr.h | 16 +-
lib/util/debug.c | 6 +-
lib/util/wscript_build | 23 +-
libgpo/gpo_fetch.c | 2 +-
librpc/idl/dns.idl | 7 +-
librpc/idl/idl_types.h | 1 +
librpc/ndr/libndr.h | 3 +
librpc/ndr/ndr_dns.c | 63 +-
librpc/rpc/dcerpc_util.c | 61 +
nsswitch/tests/test_idmap_nss.sh | 41 +
python/samba/dbchecker.py | 7 +
python/samba/netcmd/ldapcmp.py | 2 +-
python/samba/remove_dc.py | 11 +-
python/samba/tests/dcerpc/raw_protocol.py | 548 ++++++++
python/samba/tests/dns_tkey.py | 563 ++++++++
script/autobuild.py | 29 +-
selftest/knownfail | 4 +
selftest/selftesthelpers.py | 1 +
selftest/target/Samba3.pm | 40 +-
source3/include/proto.h | 2 +-
source3/include/smb_macros.h | 8 +
source3/lib/dbwrap/dbwrap_ctdb.c | 27 +-
source3/lib/msghdr.c | 9 +-
source3/lib/poll_funcs/poll_funcs_tevent.c | 17 +-
source3/libads/kerberos_keytab.c | 18 +-
source3/libads/sasl.c | 57 +-
source3/libnet/libnet_join.c | 18 +-
source3/libsmb/cli_smb2_fnum.c | 12 +
source3/libsmb/cliconnect.c | 6 +-
source3/locking/share_mode_lock.c | 6 +
source3/modules/getdate.c | 2 +-
source3/modules/getdate.y | 2 +-
source3/modules/vfs_acl_common.c | 775 +++++++----
source3/modules/vfs_acl_tdb.c | 28 +
source3/modules/vfs_acl_xattr.c | 28 +
source3/modules/vfs_ceph.c | 5 +-
source3/modules/vfs_default.c | 5 +-
source3/modules/vfs_shadow_copy2.c | 31 +-
source3/param/loadparm.c | 11 +-
source3/rpc_server/mdssd.c | 2 +-
source3/rpc_server/mdssvc/mdssvc.c | 5 +-
source3/rpc_server/mdssvc/sparql_parser.c | 4 +-
source3/script/tests/test_dfree_quota.sh | 84 +-
source3/script/tests/test_shadow_copy.sh | 96 +-
source3/selftest/tests.py | 12 +-
source3/smbd/aio.c | 9 +-
source3/smbd/close.c | 20 +-
source3/smbd/dfree.c | 16 +-
source3/smbd/dosmode.c | 64 +-
source3/smbd/open.c | 43 +-
source3/smbd/oplock.c | 54 +-
source3/smbd/pipes.c | 1 -
source3/smbd/posix_acls.c | 110 --
source3/smbd/proto.h | 25 +-
source3/smbd/quotas.c | 55 +-
source3/smbd/reply.c | 23 +-
source3/smbd/server.c | 4 +-
source3/smbd/smb2_glue.c | 16 +
source3/smbd/smb2_ioctl_network_fs.c | 4 +-
source3/smbd/trans2.c | 21 +-
source3/smbd/vfs.c | 4 +-
source3/utils/net_ads.c | 5 +
source3/utils/net_rpc.c | 10 +
source3/utils/smbget.c | 26 +-
source3/winbindd/idmap_rfc2307.c | 4 +-
source3/winbindd/idmap_util.c | 5 -
source3/winbindd/wb_lookupsids.c | 30 +-
source3/winbindd/winbindd_cache.c | 8 +-
source3/winbindd/winbindd_dual_srv.c | 4 +
source4/dns_server/dns_crypto.c | 150 ++-
source4/dns_server/dns_server.c | 19 +-
source4/dsdb/samdb/ldb_modules/objectclass_attrs.c | 9 +-
source4/dsdb/samdb/ldb_modules/ranged_results.c | 8 +-
source4/lib/wmi/wmi_wrap.c | 8 +-
source4/librpc/rpc/dcerpc.c | 8 +-
source4/ntvfs/posix/posix_eadb.c | 81 +-
source4/ntvfs/posix/wscript_build | 61 +-
source4/ntvfs/wscript_build | 120 +-
source4/rpc_server/common/server_info.c | 1 -
source4/rpc_server/dcerpc_server.c | 13 +-
source4/rpc_server/dcesrv_auth.c | 27 +-
source4/rpc_server/wkssvc/dcesrv_wkssvc.c | 1 -
source4/rpc_server/wscript_build | 15 +-
source4/selftest/tests.py | 7 +-
source4/smb_server/service_smb.c | 4 +-
source4/smb_server/wscript_build | 2 +-
source4/smbd/server.c | 4 -
source4/torture/raw/read.c | 44 +
source4/torture/smb2/dosmode.c | 183 +++
source4/torture/smb2/getinfo.c | 45 +
source4/torture/smb2/ioctl.c | 116 +-
source4/torture/smb2/lock.c | 64 +
source4/torture/smb2/read.c | 96 +-
source4/torture/smb2/smb2.c | 1 +
source4/torture/smb2/util.c | 63 +-
source4/torture/smb2/wscript_build | 2 +-
source4/torture/vfs/acl_xattr.c | 314 +++++
source4/torture/vfs/vfs.c | 1 +
source4/torture/wscript_build | 2 +-
testprogs/blackbox/dbcheck-oldrelease.sh | 10 +
third_party/zlib/zlib.h | 2 +-
147 files changed, 7268 insertions(+), 1667 deletions(-)
create mode 100755 ctdb/tests/simple/78_ctdb_large_db_recovery.sh
create mode 100755 nsswitch/tests/test_idmap_nss.sh
create mode 100644 python/samba/tests/dns_tkey.py
create mode 100644 source4/torture/smb2/dosmode.c
create mode 100644 source4/torture/vfs/acl_xattr.c
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index bc1234c..c75e0f9 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=4
-SAMBA_VERSION_RELEASE=5
+SAMBA_VERSION_RELEASE=6
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 0e2de46..7970201 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,151 @@
=============================
+ Release Notes for Samba 4.4.6
+ September 22, 2016
+ =============================
+
+
+This is the latest stable release of Samba 4.4.
+
+
+Changes since 4.4.5:
+--------------------
+
+o Michael Adam <obnox at samba.org>
+ * BUG 11977: libnet: Ignore realm setting for domain security joins to AD
+ domains if 'winbind rpc only = true'.
+ * BUG 12155: idmap: Centrally check that unix IDs returned by the idmap
+ backends are in range.
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 11838: s4: ldb: Ignore case of "range" in sscanf as we've already
+ checked for its presence.
+ * BUG 11845: Incorrect bytecount in ReadAndX smb1 response.
+ * BUG 11955: lib: Fix uninitialized read in msghdr_copy.
+ * BUG 11959: s3: krb5: keytab - The done label can be jumped to with context
+ == NULL.
+ * BUG 11986: s3: libsmb: Correctly trim a trailing \\ character in
+ cli_smb2_create_fnum_send() when passing a pathname to SMB2 create.
+ * BUG 12021: Fix smbd crash (Signal 4) on File Delete.
+ * BUG 12135: libgpo: Correctly use the 'server' parameter after parsing it
+ out of the GPO path.
+ * BUG 12139: s3: oplock: Fix race condition when closing an oplocked file.
+ * BUG 12272: Fix messaging subsystem crash.
+
+o Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
+ * BUG 11750: gcc6 fails to build internal heimdal.
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 11991: build: Build less of Samba when building
+ '--without-ntvfs-fileserver'.
+ * BUG 12026: build: Always build eventlog6. This is not a duplicate of
+ eventlog.
+ * BUG 12154: ldb-samba: Add "secret" as a value to hide in LDIF files.
+ * BUG 12178: dbcheck: Abandon dbcheck if we get an error during a
+ transaction.
+
+o Ralph Boehme <slow at samba.org>
+ * BUG 10008: dbwrap_ctdb: Treat empty records in ltdb as non-existing.
+ * BUG 11520: Fix DNS secure updates.
+ * BUG 11961: idmap_autorid allocates ids for unknown SIDs from other
+ backends.
+ * BUG 11992: s3/smbd: Only use stored dos attributes for
+ open_match_attributes() check.
+ * BUG 12005: smbd: Ignore ctdb tombstone records in
+ fetch_share_mode_unlocked_parser().
+ * BUG 12016: cleanupd terminates main smbd on exit.
+ * BUG 12028: vfs_acl_xattr: Objects without NT ACL xattr.
+ * BUG 12105: async_req: Make async_connect_send() "reentrant".
+ * BUG 12177: vfs_acl_common: Fix unexpected synthesized default ACL from
+ vfs_acl_xattr.
+ * BUG 12181: vfs_acl_xattr|tdb: Enforced settings when
+ "ignore system acls = yes".
+
+o Alexander Bokovoy <ab at samba.org>
+ * BUG 11975: libnet_join: use sitename if it was set by pre-join detection.
+
+o Günther Deschner <gd at samba.org>
+ * BUG 11977: s3-libnet: Print error string even on successful completion of
+ libnetjoin.
+
+o Amitay Isaacs <amitay at gmail.com>
+ * BUG 11940: CTDB fails to recover large database.
+ * BUG 11941: CTDB does not ban misbehaving nodes during recovery.
+ * BUG 11946: Samba and CTDB packages both have tevent-unix-util dependency.
+ * BUG 11956: ctdb-recoverd: Avoid duplicate recoverd event in parallel
+ recovery.
+ * BUG 12158: CTDB release IP fixes.
+ * BUG 12259: ctdb-protocol: Fix marshalling for GET_DB_SEQNUM control
+ request.
+ * BUG 12271: CTDB recovery does not terminate if no node is banned due to
+ failure.
+ * BUG 12275: ctdb-recovery-helper: Add missing initialisation of ban_credits.
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 12268: smbd: Reset O_NONBLOCK on open files.
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 11948: dcerpc.idl: Remove unused DCERPC_NCACN_PAYLOAD_MAX_SIZE.
+ * BUG 11982: Invalid auth_pad_length is not ignored for BIND_* and ALTER_*
+ pdus.
+ * BUG 11994: gensec/spnego: Work around missing server mechListMIC in SMB
+ servers.
+ * BUG 12007: libads: Ensure the right ccache is used during spnego bind.
+ * BUG 12018: python/remove_dc: Handle dnsNode objects without dnsRecord
+ attribute.
+ * BUG 12129: samba-tool/ldapcmp: Ignore differences of whenChanged.
+
+o Marc Muehlfeld <mmuehlfeld at samba.org>
+ * BUG 12023: man: Wrong option for parameter ldap ssl in smb.conf man page.
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 11936: libutil: Support systemd 230.
+ * BUG 11999: s3-winbind: Fix memory leak with each cached credential login.
+ * BUG 12104: ctdb-waf: Move ctdb tests to libexec directory.
+ * BUG 12175: s3-util: Fix asking for username and password in smbget.
+
+o Martin Schwenke <martin at meltin.net>
+ * BUG 12104: ctdb-packaging: Move ctdb tests to libexec directory.
+ * BUG 12110: ctdb-daemon: Fix several Coverity IDs.
+ * BUG 12158: CTDB release IP fixes.
+ * BUG 12161: Fix CTDB cumulative takeover timeout.
+ * BUG 12180: Fix CTDB crashes running eventscripts.
+
+o Uri Simchoni <uri at samba.org>
+ * BUG 12006: auth: Fix a memory leak in gssapi_get_session_key().
+ * BUG 12145: smbd: If inherit owner is enabled, the free disk on a folder
+ should take the owner's quota into account.
+ * BUG 12149: smbd: Allow reading files based on FILE_EXECUTE access right.
+ * BUG 12172: Fix access of snapshot folders via SMB1.
+
+o Lorinczy Zsigmond <lzsiga at freemail.c3.hu>
+ * BUG 11947: lib: replace: snprintf: Fix length calculation for hex/octal
+ 64-bit values.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+ =============================
Release Notes for Samba 4.4.5
July 7, 2016
=============================
@@ -68,8 +215,8 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
=============================
Release Notes for Samba 4.4.4
diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c
index 3962d72..9e5e758 100644
--- a/auth/gensec/spnego.c
+++ b/auth/gensec/spnego.c
@@ -54,9 +54,11 @@ struct spnego_state {
DATA_BLOB mech_types;
size_t num_targs;
+ bool downgraded;
bool mic_requested;
bool needs_mic_sign;
bool needs_mic_check;
+ bool may_skip_mic_check;
bool done_mic_check;
bool simulate_w2k;
@@ -433,6 +435,7 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct gensec_security *gensec_
* Indicate the downgrade and request a
* mic.
*/
+ spnego_state->downgraded = true;
spnego_state->mic_requested = true;
break;
}
@@ -1077,7 +1080,7 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
DEBUG(3,("GENSEC SPNEGO: client preferred mech (%s) not accepted, server wants: %s\n",
gensec_get_name_by_oid(gensec_security, spnego_state->neg_oid),
gensec_get_name_by_oid(gensec_security, spnego.negTokenTarg.supportedMech)));
-
+ spnego_state->downgraded = true;
spnego_state->no_response_expected = false;
talloc_free(spnego_state->sub_sec_security);
nt_status = gensec_subcontext_start(spnego_state,
@@ -1134,6 +1137,23 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
return NT_STATUS_INVALID_PARAMETER;
}
+ if (spnego.negTokenTarg.mechListMIC.length == 0
+ && spnego_state->may_skip_mic_check) {
+ /*
+ * In this case we don't require
+ * a mechListMIC from the server.
+ *
+ * This works around bugs in the Azure
+ * and Apple spnego implementations.
+ *
+ * See
+ * https://bugzilla.samba.org/show_bug.cgi?id=11994
+ */
+ spnego_state->needs_mic_check = false;
+ nt_status = NT_STATUS_OK;
+ goto client_response;
+ }
+
nt_status = gensec_check_packet(spnego_state->sub_sec_security,
spnego_state->mech_types.data,
spnego_state->mech_types.length,
@@ -1189,9 +1209,56 @@ static NTSTATUS gensec_spnego_update(struct gensec_security *gensec_security, TA
*/
new_spnego = false;
}
+
break;
case SPNEGO_ACCEPT_INCOMPLETE:
+ if (spnego.negTokenTarg.mechListMIC.length > 0) {
+ new_spnego = true;
+ break;
+ }
+
+ if (spnego_state->downgraded) {
+ /*
+ * A downgrade should be protected if
+ * supported
+ */
+ break;
+ }
+
+ /*
+ * The caller may just asked for
+ * GENSEC_FEATURE_SESSION_KEY, this
+ * is only reflected in the want_features.
+ *
+ * As it will imply
+ * gensec_have_features(GENSEC_FEATURE_SIGN)
+ * to return true.
+ */
+ if (gensec_security->want_features & GENSEC_FEATURE_SIGN) {
+ break;
+ }
+ if (gensec_security->want_features & GENSEC_FEATURE_SEAL) {
+ break;
+ }
+ /*
+ * Here we're sure our preferred mech was
+ * selected by the server and our caller doesn't
+ * need GENSEC_FEATURE_SIGN nor
+ * GENSEC_FEATURE_SEAL support.
+ *
+ * In this case we don't require
+ * a mechListMIC from the server.
+ *
+ * This works around bugs in the Azure
+ * and Apple spnego implementations.
+ *
+ * See
+ * https://bugzilla.samba.org/show_bug.cgi?id=11994
+ */
+ spnego_state->may_skip_mic_check = true;
+ break;
+
case SPNEGO_REQUEST_MIC:
if (spnego.negTokenTarg.mechListMIC.length > 0) {
new_spnego = true;
diff --git a/auth/kerberos/gssapi_pac.c b/auth/kerberos/gssapi_pac.c
index 685d0ec..74c199a 100644
--- a/auth/kerberos/gssapi_pac.c
+++ b/auth/kerberos/gssapi_pac.c
@@ -246,6 +246,7 @@ NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx,
int diflen, i;
const uint8_t *p;
+ *keytype = 0;
if (set->count < 2) {
#ifdef HAVE_GSSKRB5_GET_SUBKEY
@@ -256,10 +257,6 @@ NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx,
if (gss_maj == 0) {
*keytype = KRB5_KEY_TYPE(subkey);
krb5_free_keyblock(NULL /* should be krb5_context */, subkey);
- } else
-#else
- {
- *keytype = 0;
}
#endif
gss_maj = gss_release_buffer_set(&gss_min, &set);
@@ -270,7 +267,6 @@ NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx,
gse_sesskeytype_oid.elements,
gse_sesskeytype_oid.length) != 0) {
/* Perhaps a non-krb5 session key */
- *keytype = 0;
gss_maj = gss_release_buffer_set(&gss_min, &set);
return NT_STATUS_OK;
}
@@ -280,7 +276,6 @@ NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx,
gss_maj = gss_release_buffer_set(&gss_min, &set);
return NT_STATUS_INVALID_PARAMETER;
}
- *keytype = 0;
for (i = 0; i < diflen; i++) {
*keytype = (*keytype << 7) | (p[i] & 0x7f);
if (i + 1 != diflen && (p[i] & 0x80) == 0) {
diff --git a/buildtools/wafsamba/wscript b/buildtools/wafsamba/wscript
index 586cc4b..8802e5a 100755
--- a/buildtools/wafsamba/wscript
+++ b/buildtools/wafsamba/wscript
@@ -402,6 +402,22 @@ def configure(conf):
addmain=False,
msg='Checking for library destructor support')
+ conf.CHECK_CODE('''
+ void test_attribute(void) __attribute__ (());
+
+ void test_attribute(void)
+ {
+ return;
+ }
+
+ int main(void) {
+ return 0;
+ }
+ ''',
+ 'HAVE___ATTRIBUTE__',
+ addmain=False,
+ msg='Checking for __attribute__')
+
if sys.platform.startswith('aix'):
conf.DEFINE('_ALL_SOURCE', 1, add_to_cflags=True)
# Might not be needed if ALL_SOURCE is defined
diff --git a/ctdb/client/client.h b/ctdb/client/client.h
index bce0c6b..eebb7a6 100644
--- a/ctdb/client/client.h
+++ b/ctdb/client/client.h
@@ -72,10 +72,38 @@ struct tevent_req *ctdb_client_message_send(TALLOC_CTX *mem_ctx,
bool ctdb_client_message_recv(struct tevent_req *req, int *perr);
+struct tevent_req *ctdb_client_message_multi_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct ctdb_client_context *client,
+ uint32_t *pnn_list, int count,
+ struct ctdb_req_message *message);
+
+bool ctdb_client_message_multi_recv(struct tevent_req *req, int *perr,
+ TALLOC_CTX *mem_ctx, int **perr_list);
+
int ctdb_client_message(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
struct ctdb_client_context *client,
uint32_t destnode, struct ctdb_req_message *message);
+struct tevent_req *ctdb_client_set_message_handler_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct ctdb_client_context *client,
+ uint64_t srvid,
+ srvid_handler_fn handler,
+ void *private_data);
+bool ctdb_client_set_message_handler_recv(struct tevent_req *req, int *perr);
+
+struct tevent_req *ctdb_client_remove_message_handler_send(
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct ctdb_client_context *client,
+ uint64_t srvid,
+ void *private_data);
+bool ctdb_client_remove_message_handler_recv(struct tevent_req *req,
+ int *perr);
+
int ctdb_client_set_message_handler(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct ctdb_client_context *client,
@@ -709,6 +737,21 @@ int ctdb_ctrl_db_transaction_cancel(TALLOC_CTX *mem_ctx,
int destnode, struct timeval timeout,
uint32_t db_id);
+int ctdb_ctrl_db_pull(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+ struct ctdb_client_context *client,
+ int destnode, struct timeval timeout,
+ struct ctdb_pulldb_ext *pulldb, uint32_t *num_records);
+
+int ctdb_ctrl_db_push_start(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+ struct ctdb_client_context *client,
+ int destnode, struct timeval timeout,
+ struct ctdb_pulldb_ext *pulldb);
+
+int ctdb_ctrl_db_push_confirm(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+ struct ctdb_client_context *client,
+ int destnode, struct timeval timeout,
+ uint32_t db_id, uint32_t *num_records);
+
/* from client/client_db.c */
struct tevent_req *ctdb_attach_send(TALLOC_CTX *mem_ctx,
diff --git a/ctdb/client/client_control_sync.c b/ctdb/client/client_control_sync.c
index de52b47..753007e 100644
--- a/ctdb/client/client_control_sync.c
+++ b/ctdb/client/client_control_sync.c
@@ -3117,3 +3117,89 @@ int ctdb_ctrl_db_transaction_cancel(TALLOC_CTX *mem_ctx,
return 0;
}
+
+int ctdb_ctrl_db_pull(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+ struct ctdb_client_context *client,
+ int destnode, struct timeval timeout,
+ struct ctdb_pulldb_ext *pulldb, uint32_t *num_records)
+{
+ struct ctdb_req_control request;
+ struct ctdb_reply_control *reply;
+ int ret;
+
+ ctdb_req_control_db_pull(&request, pulldb);
+ ret = ctdb_client_control(mem_ctx, ev, client, destnode, timeout,
+ &request, &reply);
+ if (ret != 0) {
+ DEBUG(DEBUG_ERR,
+ ("Control DB_PULL failed to node %u, ret=%d\n",
+ destnode, ret));
+ return ret;
+ }
+
+ ret = ctdb_reply_control_db_pull(reply, num_records);
+ if (ret != 0) {
+ DEBUG(DEBUG_ERR, ("Control DB_PULL failed, ret=%d\n", ret));
+ return ret;
+ }
+
+ return 0;
+}
+
+int ctdb_ctrl_db_push_start(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+ struct ctdb_client_context *client,
+ int destnode, struct timeval timeout,
+ struct ctdb_pulldb_ext *pulldb)
+{
+ struct ctdb_req_control request;
+ struct ctdb_reply_control *reply;
+ int ret;
+
+ ctdb_req_control_db_push_start(&request, pulldb);
+ ret = ctdb_client_control(mem_ctx, ev, client, destnode, timeout,
+ &request, &reply);
+ if (ret != 0) {
+ DEBUG(DEBUG_ERR,
+ ("Control DB_PUSH failed to node %u, ret=%d\n",
+ destnode, ret));
+ return ret;
+ }
+
+ ret = ctdb_reply_control_db_push_start(reply);
+ if (ret != 0) {
+ DEBUG(DEBUG_ERR,
+ ("Control DB_PUSH failed, ret=%d\n", ret));
+ return ret;
+ }
+
+ return 0;
+}
+
+int ctdb_ctrl_db_push_confirm(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+ struct ctdb_client_context *client,
+ int destnode, struct timeval timeout,
+ uint32_t db_id, uint32_t *num_records)
+{
+ struct ctdb_req_control request;
+ struct ctdb_reply_control *reply;
+ int ret;
+
--
Samba Shared Repository
More information about the samba-cvs
mailing list