[SCM] Samba Shared Repository - branch v4-6-test updated
Karolin Seeger
kseeger at samba.org
Tue Feb 28 19:47:02 UTC 2017
The branch, v4-6-test has been updated
via 351ff91 WHATSNEW: Add release notes for Samba 4.6.0rc4.
via 8d0e014 ctdb-build: Fix RPM build
via be23d38 ctdb-build: Add WAFLOCK magic to manpages target
via e10c2a4 dbchecker: Stop ignoring linked cases where both objects are alive
via 9a40cea tests/dbcheck: Add a test for two live objects, with a dangling forward link
via ea70487 tests/dbcheck: Add a test for two live objects, with a dangling backlink
via e598a66 pidl:Python: use of pytalloc_GenericObject_reference*() for pyrpc_{ex,im}port_union() wrapping
via b93c412 pidl:Python: replace pytalloc_CObject_FromTallocPtr() with pytalloc_GenericObject_reference_ex()
via 1f144b9 pidl:Python: make sure print HASH references for STRUCT types
via 10aebdc py_net: make use of pytalloc_GenericObject_steal()
via 9fd7e54 talloc: version 2.1.9
via 3655e7c pytalloc: add pytalloc_GenericObject_{steal,reference}[_ex]()
via b359915 talloc: fix TALLOC_VERSION_* mismatch detection
via d5f579e talloc/wscript: avoid passing pointless enabled=True to SAMBA_PYTHON()
via d96ce9c lib: talloc: Make it clear that talloc_get_size(NULL) returns 0.
via ac59b3a s3:idmap_ad: make use of pdb_get_trust_credentials() to get the machine account creds
via 3569a97 s3:winbindd: allow a fallback to NTLMSSP for LDAP connections
via 94c58e6 s3:libads: add more debugging to ads_sasl_spnego_bind()
via e90dead s3:winbindd: rely on the kerberos_state from pdb_get_trust_credentials()
via b7e0a56 s3:winbindd: add more debugging to cm_prepare_connection()
via 7a96e98 s3:passdb: use cli_credentials_set_kerberos_state() for trusts in pdb_get_trust_credentials()
via 5779c43 s3:winbindd: fix the valid usage anonymous smb authentication
via 9e4be46 auth/credentials: try to use kerberos with the machine account unless we're in an AD domain
via e084c42 s3:winbindd: try a NETLOGON connection with noauth over NCACN_NP against trusted domains.
via 45abd7b Revert "s3-winbind: Fix schannel connections against trusted domain DCs"
via 1e6322c s3:winbindd: make sure cm_prepare_connection() only returns OK with a valid tree connect
from 39582f3 vfs_streams_xattr: use fsp, not base_fsp
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-6-test
- Log -----------------------------------------------------------------
commit 351ff91639e703b8c3cbe7dea17912c2156ee789
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue Feb 28 11:50:52 2017 +0100
WHATSNEW: Add release notes for Samba 4.6.0rc4.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
Autobuild-User(v4-6-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-6-test): Tue Feb 28 20:46:25 CET 2017 on sn-devel-144
commit 8d0e014855a9e32dce1f950c20771007faa8ebd8
Author: Martin Schwenke <martin at meltin.net>
Date: Sat Feb 25 13:04:45 2017 +1100
ctdb-build: Fix RPM build
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12595
It doesn't look like recursion works for appending scripting commands.
Unroll the recursion instead.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Mon Feb 27 03:09:27 CET 2017 on sn-devel-144
(cherry picked from commit 7dbc5bbd60b1c0f32366ad5373ed13aee17f7050)
commit be23d3814344242d18a8f8be80392c50c422f4f7
Author: Martin Schwenke <martin at meltin.net>
Date: Sat Feb 25 05:51:00 2017 +1100
ctdb-build: Add WAFLOCK magic to manpages target
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12595
Without this a top-level "make dist" fails to build the CTDB manpages.
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit e458bdd7d26bc9cd9749398130ae23227894773f)
commit e10c2a4a7737ee8f4a2c1e18f73b2fbd235c324b
Author: Garming Sam <garming at catalyst.net.nz>
Date: Wed Feb 22 15:42:46 2017 +1300
dbchecker: Stop ignoring linked cases where both objects are alive
Previously, this did nothing and the code was both untested and unused.
Removes the knownfail entry for dbcheck.
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12600
(cherry picked from commit 0a7c6b56563faeafd61a620cb330349671bc9f3b)
commit 9a40ceadde0fc36b7720351d688f259f2aab17a6
Author: Garming Sam <garming at catalyst.net.nz>
Date: Wed Feb 22 17:43:21 2017 +1300
tests/dbcheck: Add a test for two live objects, with a dangling forward link
Handling backlinks appears to be rather non-deterministic, so the
forward link hangs off of the RODC replication group (which has no other
valid forward links). In other situations, it either won't delete the
memberOf, or the expected output order will vary.
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12600
(cherry picked from commit 6f2deb01fa1c6e81f101df49990dadcbc9c31226)
commit ea7048755649a5b2ffb97c2055f3454a75118630
Author: Garming Sam <garming at catalyst.net.nz>
Date: Wed Feb 22 15:43:34 2017 +1300
tests/dbcheck: Add a test for two live objects, with a dangling backlink
Adds dbcheck 4.5.0pre1 to the knownfail, to be removed later.
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12600
(cherry picked from commit 86f10eaecd4ed9fd9db83d711cbf1f823528d6e5)
commit e598a664c2d4769023cbdd5e10c3823c2b9a53a8
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Feb 20 18:02:09 2017 +0100
pidl:Python: use of pytalloc_GenericObject_reference*() for pyrpc_{ex,im}port_union() wrapping
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12601
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Sat Feb 25 06:33:33 CET 2017 on sn-devel-144
(cherry picked from commit 2170f556299c6ab4ce33f22169ca26ecad3440e3)
commit b93c412b780f0ed9f7490f43a926a64f0e1286b1
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Feb 22 09:07:54 2017 +0100
pidl:Python: replace pytalloc_CObject_FromTallocPtr() with pytalloc_GenericObject_reference_ex()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12601
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 1ee0c0f8280393c708f23361ebcba0776e8b4d33)
commit 1f144b98e1dd87ec4cb9be6a5575a023d3eddd26
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Feb 22 10:08:46 2017 +0100
pidl:Python: make sure print HASH references for STRUCT types
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12601
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit d62eb3cc9f97b203d21ec6e75c48c739a43bc163)
commit 10aebdca8e58ec2cf600a9172c837d79fa9b39bb
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Feb 22 10:14:10 2017 +0100
py_net: make use of pytalloc_GenericObject_steal()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12601
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 8b2b721208dd0b05595d50851f0e13486e0b915f)
commit 9fd7e549b83ebfc985d57565f0a04bbabfe40218
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Feb 22 08:00:10 2017 +0100
talloc: version 2.1.9
* fix some coverity defects
* fix TALLOC_VERSION_MINOR and talloc_version_minor()
* add new tests
* add pytalloc_get_type()
* add pytalloc_GenericObject_{steal,reference}[_ex]()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 1b702dc1b1041e1755e9efed5ab319a1ef355ca1)
commit 3655e7c05926d388a8ce31a89bbd6b672c7afc88
Author: Stefan Metzmacher <metze at samba.org>
Date: Mon Feb 20 17:33:42 2017 +0100
pytalloc: add pytalloc_GenericObject_{steal,reference}[_ex]()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit cc4c931843aa4b2b60ef08dad5865b91d6261956)
commit b35991587df0da31642a03fbf5b5dcf35a00ec99
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Feb 14 12:33:32 2017 +0100
talloc: fix TALLOC_VERSION_* mismatch detection
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Feb 22 00:14:34 CET 2017 on sn-devel-144
(cherry picked from commit 16ea6e1308a7d94a501d002ed53529f6d754e940)
commit d5f579ee75797762f3fb9e1088432890b4e7f366
Author: Stefan Metzmacher <metze at samba.org>
Date: Sun Jan 29 15:52:30 2017 +0100
talloc/wscript: avoid passing pointless enabled=True to SAMBA_PYTHON()
This is the default and should not be passed explicitly.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Feb 1 18:16:58 CET 2017 on sn-devel-144
(cherry picked from commit 3fe1f06278ce90d8c6a882c6703f583923615117)
commit d96ce9cfca3587d3cca3e54fb1832ba5f15574f7
Author: Jeremy Allison <jra at samba.org>
Date: Wed Jan 11 11:48:25 2017 -0800
lib: talloc: Make it clear that talloc_get_size(NULL) returns 0.
This *isn't* a behavior change, as the previous code could potentially
return the size of null_context, which (currently) is defined as
a named talloc region of ZERO size, but this makes it very clear
what the ABI behavior should be.
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Jan 12 19:23:25 CET 2017 on sn-devel-144
(cherry picked from commit d35ff9e9bdae79e5f5b2c9b5bf8cfe05199da804)
commit ac59b3ad5f2ae946efc18c5655eeaab92636f908
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Feb 22 21:29:50 2017 +0100
s3:idmap_ad: make use of pdb_get_trust_credentials() to get the machine account creds
This is mostly a cosmetic change currently.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Feb 24 22:34:48 CET 2017 on sn-devel-144
(cherry picked from commit 3d7fed0f2883d529bb635fc6df86f39d5a434d25)
commit 3569a97861b7dcc7aa61a3a45994e3acb1d537f1
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Feb 22 21:18:32 2017 +0100
s3:winbindd: allow a fallback to NTLMSSP for LDAP connections
This matches the behaviour of pdb_get_trust_credentials() for
our machine account and allows us to fallback to NTLMSSP
when contacting trusted domains.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 4e9a0894cd977585ccc94e7c1811de1b0293382d)
commit 94c58e6296da394bd4406a4649980587b1576ac5
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Feb 23 11:54:21 2017 +0100
s3:libads: add more debugging to ads_sasl_spnego_bind()
Any fallbacks to other authentication methods should be logged.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit ea0bc12ba52166032d5112ee22ab53d831c13e86)
commit e90deadfa9b625522ba4336b03bba22245df16ac
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Feb 22 20:07:25 2017 +0100
s3:winbindd: rely on the kerberos_state from pdb_get_trust_credentials()
The implementation of pdb_get_trust_credentials() should have all
the details to set the kerberos_state to a useful value.
This should enable the fallback to NTLMSSP again, when using our
machine account against trusted domains.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 51caeb7c538b7546e5feccf27a735bb803c78a0b)
commit b7e0a56a243ff1c9c99c968b1c8b12a15228ba00
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Feb 23 11:54:21 2017 +0100
s3:winbindd: add more debugging to cm_prepare_connection()
Any fallbacks to other authentication methods should be logged.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit ba9d139ec3d71af184a24daf24356304c2e49144)
commit 7a96e98301a8954531a89de39df5054d0b23491d
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Feb 22 20:07:25 2017 +0100
s3:passdb: use cli_credentials_set_kerberos_state() for trusts in pdb_get_trust_credentials()
Trust accounts can only use kerberos when contacting other AD domains,
using NTLMSSP will fail.
At the same time it doesn't make sense to try kerberos for NT4 domains,
still NTLMSSP will fail, but the callers has to deal with that
case and just fallback to an anonymous SMB connection.
In all cases we should be able to use NETLOGON SCHANNEL
over any anonymous smb or tcp transport.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12598
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit d961ae9d14b46708d2693ca91ace04f9f1a53ca2)
commit 5779c43ec026a08b0a5f3f2473fa6e845a21eac8
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Feb 22 19:18:04 2017 +0100
s3:winbindd: fix the valid usage anonymous smb authentication
If we are in a situation where we don't have credentials to contact the
remote domain or against an NT4 with the following settings:
workgroup = NT4DOM
security = domain
require strong key = no
client use spnego = no
client ipc signing = auto
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12587
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit c97a29bdfdc0020ec0113073580da56f2d35edc1)
commit 9e4be46e273399c846a3ef39c114b436051a5861
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Feb 24 16:02:50 2017 +0100
auth/credentials: try to use kerberos with the machine account unless we're in an AD domain
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12587
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit b845f16d3ca02dd27cc40bbf722426d6f81bb4b7)
commit e084c4236ed015c92e6fad965bb2ebc4b24d2dbd
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Feb 24 10:37:32 2017 +0000
s3:winbindd: try a NETLOGON connection with noauth over NCACN_NP against trusted domains.
We're using only NCACN_NP here as we rely on the smb signing restrictions
of cm_prepare_connection().
This should fix SMB authentication with a user of a domain
behind a transitive trust.
With this change winbindd is able to call
dcerpc_netr_DsrEnumerateDomainTrusts against the
dc of a trusted domain again. This only works
for two-way trusts.
The main problem is the usage of is_trusted_domain()
which doesn't know about the domain, if winbindd can't
enumerate the domains in the other forest.
is_trusted_domain() is used in make_user_info_map(),
which is called in auth3_check_password() before
auth_check_ntlm_password().
That means we're mapping the user of such a domain
to our own local sam, before calling our auth modules.
A much better fix, which removes the usage of is_trusted_domain()
in planed for master, but this should do the job for current releases.
We should avoid talking to DCs of other domains and always
go via our primary domain. As we should code with one-way trusts
also, we need to avoid relying on a complete list of
domains in future.
For now "wbinfo -m" lists domains behind a two-way transitive
trust again, but that is likely to change in future again!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11830
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit fffefe72fcc62d9688b45f53a5327667dc0b2fe6)
commit 45abd7bacd62363af2c37c3f95fac3a5e79456ef
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Feb 24 13:19:59 2017 +0100
Revert "s3-winbind: Fix schannel connections against trusted domain DCs"
This reverts commit d2379caa77fe02264323d69fee1bcad33f1bfeee.
This change doesn't solve the real problem, it just
causes useless network traffic and the following error:
rpccli_setup_netlogon_creds failed for W2012R2-L6, unable to setup NETLOGON
credentials: NT_STATUS_NO_TRUST_SAM_ACCOUNT
While the old logic caused NT_STATUS_CANT_ACCESS_DOMAIN_INFO (without
network traffic) instead of the NT_STATUS_NO_TRUST_SAM_ACCOUNT.
A better fix will follow.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11830
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
(cherry picked from commit 0bf1a7492bee2f7678cb37ef9515b8aefd26233b)
commit 1e6322ca4f5ce4afa0142044ef862f57a5f9cdea
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jan 31 15:19:00 2017 +0100
s3:winbindd: make sure cm_prepare_connection() only returns OK with a valid tree connect
If cm_get_ipc_credentials() returned anonymous creds and signing is required
we were returning the result of cm_get_ipc_credentials() instead of
the original error.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12588
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit cebcc2adc7e568d492466bb69f21ba2a9630a0d2)
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 56 +++++++++-
auth/credentials/credentials_secrets.c | 17 +++-
ctdb/Makefile | 3 +-
ctdb/wscript | 3 +-
...oc-util-2.1.7.sigs => pytalloc-util-2.1.9.sigs} | 3 +
...til-2.1.7.sigs => pytalloc-util.py3-2.1.9.sigs} | 4 +-
.../ABI/{talloc-2.1.4.sigs => talloc-2.1.9.sigs} | 0
lib/talloc/pytalloc.c | 13 +++
lib/talloc/pytalloc.h | 28 ++++-
lib/talloc/pytalloc_guide.txt | 73 +++++++++++--
lib/talloc/pytalloc_util.c | 95 ++++++++++++++++-
lib/talloc/talloc.c | 14 +--
lib/talloc/talloc.h | 2 +-
lib/talloc/wscript | 8 +-
pidl/lib/Parse/Pidl/Samba4/Python.pm | 113 +++++----------------
python/samba/dbchecker.py | 23 +++--
source3/libads/sasl.c | 26 ++++-
source3/passdb/passdb.c | 17 ++++
source3/winbindd/idmap_ad.c | 36 +++----
source3/winbindd/winbindd_ads.c | 2 +
source3/winbindd/winbindd_cm.c | 94 +++++++++--------
source4/libnet/py_net.c | 5 +-
source4/librpc/rpc/pyrpc_util.c | 44 +-------
.../add-dangling-backlink-user.ldif | 3 +
.../release-4-5-0-pre1/add-dangling-backlink.ldif | 4 +
.../add-dangling-forwardlink-user.ldif | 3 +
.../add-initially-normal-link.ldif | 4 +
.../release-4-5-0-pre1/delete-only-backlink.ldif | 4 +
.../expected-dbcheck-link-output.txt | 10 +-
testprogs/blackbox/dbcheck-links.sh | 37 +++++++
30 files changed, 504 insertions(+), 240 deletions(-)
copy lib/talloc/ABI/{pytalloc-util-2.1.7.sigs => pytalloc-util-2.1.9.sigs} (77%)
copy lib/talloc/ABI/{pytalloc-util-2.1.7.sigs => pytalloc-util.py3-2.1.9.sigs} (75%)
copy lib/talloc/ABI/{talloc-2.1.4.sigs => talloc-2.1.9.sigs} (100%)
create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/add-dangling-backlink-user.ldif
create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/add-dangling-backlink.ldif
create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/add-dangling-forwardlink-user.ldif
create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/add-initially-normal-link.ldif
create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/delete-only-backlink.ldif
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 8b2f665..a2f647a 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,7 +1,7 @@
Release Announcements
=====================
-This is the third release candidate of Samba 4.6. This is *not*
+This is the fourth release candidate of Samba 4.6. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
@@ -117,7 +117,7 @@ As part of this change, the NETLOGON service will now run on a distinct
TCP port, rather than being shared with all other RPC services (LSA,
SAMR, DRSUAPI etc).
-new options for controlling TCP ports used for RPC services
+New options for controlling TCP ports used for RPC services
-----------------------------------------------------------
The new 'rpc server port' option controls the default port used for
@@ -268,6 +268,7 @@ files and directories in a directory tree.
-?, --help Show this help message
--usage Display brief usage message
+
smb.conf changes
================
@@ -286,6 +287,57 @@ KNOWN ISSUES
https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.6#Release_blocking_bugs
+CHANGES SINCE 4.6.0rc3
+======================
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 12545: s3: rpc_server/mdssvc: Add attribute "kMDItemContentType".
+ * BUG 12572: s3: smbd: Don't loop infinitely on bad-symlink resolution.
+
+o Ralph Boehme <slow at samba.org>
+ * BUG 12490: vfs_fruit: Correct Netatalk metadata xattr on FreeBSD.
+ * BUG 12536: s3/smbd: Check for invalid access_mask
+ smbd_calculate_access_mask().
+ * BUG 12591: vfs_streams_xattr: use fsp, not base_fsp.
+
+o Amitay Isaacs <amitay at gmail.com>
+ * BUG 12580: ctdb-common: Fix use-after-free error in comm_fd_handler().
+ * BUG 12595: build: Fix generation of CTDB manpages while creating tarball.
+
+o Bryan Mason <bmason at redhat.com>
+ * BUG 12575: Modify smbspool_krb5_wrapper to just fall through to smbspool if
+ AUTH_INFO_REQUIRED is not set or is not "negotiate".
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 11830: s3:winbindd: Try a NETLOGON connection with noauth over NCACN_NP
+ against trusted domains.
+ * BUG 12262: 'net ads testjoin' and smb access fails after winbindd changed the
+ trust password.
+ * BUG 12585: librpc/rpc: fix regression in
+ NT_STATUS_RPC_ENUM_VALUE_OUT_OF_RANGE error mapping.
+ * BUG 12586: netlogon_creds_cli_LogonSamLogon doesn't work without
+ netr_LogonSamLogonEx.
+ * BUG 12587: winbindd child segfaults on connect to an NT4 domain.
+ * BUG 12588: s3:winbindd: Make sure cm_prepare_connection() only returns OK
+ with a valid tree connect.
+ * BUG 12598: winbindd (as member) requires kerberos against trusted ad domain,
+ while it shouldn't.
+ * BUG 12601: Backport pytalloc_GenericObject_reference() related changes to
+ 4.6.
+
+o Garming Sam <garming at catalyst.net.nz>
+ * BUG 12600: dbchecker: Stop ignoring linked cases where both objects are
+ alive.
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 12571: s3-vfs: Only walk the directory once in open_and_sort_dir().
+
+o Martin Schwenke <martin at meltin.net>
+ * BUG 12589: CTDB statd-callout does not cause grace period when
+ CTDB_NFS_CALLOUT="".
+ * BUG 12595: ctdb-build: Fix RPM build.
+
+
CHANGES SINCE 4.6.0rc2
======================
diff --git a/auth/credentials/credentials_secrets.c b/auth/credentials/credentials_secrets.c
index d5a37cf..ed148fd 100644
--- a/auth/credentials/credentials_secrets.c
+++ b/auth/credentials/credentials_secrets.c
@@ -39,7 +39,7 @@
#include "dbwrap/dbwrap.h"
#include "dbwrap/dbwrap_open.h"
#include "lib/util/util_tdb.h"
-
+#include "libds/common/roles.h"
/**
* Fill in credentials for the machine trust account, from the secrets database.
@@ -276,6 +276,8 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account_db_ctx(struct cli_credenti
char *secrets_tdb_password = NULL;
char *secrets_tdb_old_password = NULL;
uint32_t secrets_tdb_secure_channel_type = SEC_CHAN_NULL;
+ int server_role = lpcfg_server_role(lp_ctx);
+ int security = lpcfg_security(lp_ctx);
char *keystr;
char *keystr_upper = NULL;
TALLOC_CTX *tmp_ctx = talloc_named(cred, 0, "cli_credentials_set_secrets from ldb");
@@ -354,13 +356,26 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account_db_ctx(struct cli_credenti
}
if (secrets_tdb_password_more_recent) {
+ enum credentials_use_kerberos use_kerberos = CRED_DONT_USE_KERBEROS;
char *machine_account = talloc_asprintf(tmp_ctx, "%s$", lpcfg_netbios_name(lp_ctx));
cli_credentials_set_password(cred, secrets_tdb_password, CRED_SPECIFIED);
cli_credentials_set_old_password(cred, secrets_tdb_old_password, CRED_SPECIFIED);
cli_credentials_set_domain(cred, domain, CRED_SPECIFIED);
if (strequal(domain, lpcfg_workgroup(lp_ctx))) {
cli_credentials_set_realm(cred, lpcfg_realm(lp_ctx), CRED_SPECIFIED);
+
+ switch (server_role) {
+ case ROLE_DOMAIN_MEMBER:
+ if (security != SEC_ADS) {
+ break;
+ }
+ /* fall through */
+ case ROLE_ACTIVE_DIRECTORY_DC:
+ use_kerberos = CRED_AUTO_USE_KERBEROS;
+ break;
+ }
}
+ cli_credentials_set_kerberos_state(cred, use_kerberos);
cli_credentials_set_username(cred, machine_account, CRED_SPECIFIED);
cli_credentials_set_password_last_changed_time(cred, secrets_tdb_lct);
cli_credentials_set_secure_channel_type(cred, secrets_tdb_secure_channel_type);
diff --git a/ctdb/Makefile b/ctdb/Makefile
index 23ee780..10ac9ab 100644
--- a/ctdb/Makefile
+++ b/ctdb/Makefile
@@ -28,7 +28,8 @@ show_version:
@WAFLOCK=.tmplock $(WAF) show_version
manpages:
- $(WAF) manpages
+ touch .tmplock
+ WAFLOCK=.tmplock $(WAF) manpages
dist:
touch .tmplock
diff --git a/ctdb/wscript b/ctdb/wscript
index d23358b..fe7d712 100644
--- a/ctdb/wscript
+++ b/ctdb/wscript
@@ -1025,7 +1025,8 @@ def rpmonly(ctx):
def rpm(ctx):
import Scripting
- Scripting.commands.append('dist')
+ Scripting.commands.append('manpages')
+ Scripting.commands.append('distonly')
Scripting.commands.append('rpmonly')
diff --git a/lib/talloc/ABI/pytalloc-util-2.1.7.sigs b/lib/talloc/ABI/pytalloc-util-2.1.9.sigs
similarity index 77%
copy from lib/talloc/ABI/pytalloc-util-2.1.7.sigs
copy to lib/talloc/ABI/pytalloc-util-2.1.9.sigs
index 666fec0..9d4d4d1 100644
--- a/lib/talloc/ABI/pytalloc-util-2.1.7.sigs
+++ b/lib/talloc/ABI/pytalloc-util-2.1.9.sigs
@@ -1,3 +1,4 @@
+_pytalloc_check_type: int (PyObject *, const char *)
_pytalloc_get_mem_ctx: TALLOC_CTX *(PyObject *)
_pytalloc_get_ptr: void *(PyObject *)
_pytalloc_get_type: void *(PyObject *, const char *)
@@ -6,6 +7,8 @@ pytalloc_BaseObject_check: int (PyObject *)
pytalloc_BaseObject_size: size_t (void)
pytalloc_CObject_FromTallocPtr: PyObject *(void *)
pytalloc_Check: int (PyObject *)
+pytalloc_GenericObject_reference_ex: PyObject *(TALLOC_CTX *, void *)
+pytalloc_GenericObject_steal_ex: PyObject *(TALLOC_CTX *, void *)
pytalloc_GetBaseObjectType: PyTypeObject *(void)
pytalloc_GetObjectType: PyTypeObject *(void)
pytalloc_reference_ex: PyObject *(PyTypeObject *, TALLOC_CTX *, void *)
diff --git a/lib/talloc/ABI/pytalloc-util-2.1.7.sigs b/lib/talloc/ABI/pytalloc-util.py3-2.1.9.sigs
similarity index 75%
copy from lib/talloc/ABI/pytalloc-util-2.1.7.sigs
copy to lib/talloc/ABI/pytalloc-util.py3-2.1.9.sigs
index 666fec0..62f066f 100644
--- a/lib/talloc/ABI/pytalloc-util-2.1.7.sigs
+++ b/lib/talloc/ABI/pytalloc-util.py3-2.1.9.sigs
@@ -1,11 +1,13 @@
+_pytalloc_check_type: int (PyObject *, const char *)
_pytalloc_get_mem_ctx: TALLOC_CTX *(PyObject *)
_pytalloc_get_ptr: void *(PyObject *)
_pytalloc_get_type: void *(PyObject *, const char *)
pytalloc_BaseObject_PyType_Ready: int (PyTypeObject *)
pytalloc_BaseObject_check: int (PyObject *)
pytalloc_BaseObject_size: size_t (void)
-pytalloc_CObject_FromTallocPtr: PyObject *(void *)
pytalloc_Check: int (PyObject *)
+pytalloc_GenericObject_reference_ex: PyObject *(TALLOC_CTX *, void *)
+pytalloc_GenericObject_steal_ex: PyObject *(TALLOC_CTX *, void *)
pytalloc_GetBaseObjectType: PyTypeObject *(void)
pytalloc_GetObjectType: PyTypeObject *(void)
pytalloc_reference_ex: PyObject *(PyTypeObject *, TALLOC_CTX *, void *)
diff --git a/lib/talloc/ABI/talloc-2.1.4.sigs b/lib/talloc/ABI/talloc-2.1.9.sigs
similarity index 100%
copy from lib/talloc/ABI/talloc-2.1.4.sigs
copy to lib/talloc/ABI/talloc-2.1.9.sigs
diff --git a/lib/talloc/pytalloc.c b/lib/talloc/pytalloc.c
index 2039528..3532fdf 100644
--- a/lib/talloc/pytalloc.c
+++ b/lib/talloc/pytalloc.c
@@ -238,6 +238,14 @@ static PyTypeObject TallocBaseObject_Type = {
#endif
};
+static PyTypeObject TallocGenericObject_Type = {
+ .tp_name = "talloc.GenericObject",
+ .tp_doc = "Python wrapper for a talloc-maintained object.",
+ .tp_flags = Py_TPFLAGS_DEFAULT | Py_TPFLAGS_BASETYPE,
+ .tp_base = &TallocBaseObject_Type,
+ .tp_basicsize = sizeof(pytalloc_BaseObject),
+};
+
#define MODULE_DOC PyDoc_STR("Python wrapping of talloc-maintained objects.")
#if PY_MAJOR_VERSION >= 3
@@ -261,6 +269,9 @@ static PyObject *module_init(void)
if (PyType_Ready(&TallocBaseObject_Type) < 0)
return NULL;
+ if (PyType_Ready(&TallocGenericObject_Type) < 0)
+ return NULL;
+
#if PY_MAJOR_VERSION >= 3
m = PyModule_Create(&moduledef);
#else
@@ -273,6 +284,8 @@ static PyObject *module_init(void)
PyModule_AddObject(m, "Object", (PyObject *)&TallocObject_Type);
Py_INCREF(&TallocBaseObject_Type);
PyModule_AddObject(m, "BaseObject", (PyObject *)&TallocBaseObject_Type);
+ Py_INCREF(&TallocGenericObject_Type);
+ PyModule_AddObject(m, "GenericObject", (PyObject *)&TallocGenericObject_Type);
return m;
}
diff --git a/lib/talloc/pytalloc.h b/lib/talloc/pytalloc.h
index 6a0ac18..11653bf 100644
--- a/lib/talloc/pytalloc.h
+++ b/lib/talloc/pytalloc.h
@@ -40,6 +40,10 @@ int pytalloc_Check(PyObject *);
int pytalloc_BaseObject_check(PyObject *);
+int _pytalloc_check_type(PyObject *py_obj, const char *type_name);
+#define pytalloc_check_type(py_obj, type) \
+ _pytalloc_check_type((PyObject *)(py_obj), #type)
+
/* Retrieve the pointer for a pytalloc_object. Like talloc_get_type()
* but for pytalloc_Objects. */
void *_pytalloc_get_type(PyObject *py_obj, const char *type_name);
@@ -58,8 +62,30 @@ PyObject *pytalloc_reference_ex(PyTypeObject *py_type, TALLOC_CTX *mem_ctx, void
#define pytalloc_new(type, typeobj) pytalloc_steal(typeobj, talloc_zero(NULL, type))
#if PY_MAJOR_VERSION < 3
-PyObject *pytalloc_CObject_FromTallocPtr(void *);
+/*
+ * Don't use this anymore! Use pytalloc_GenericObject_steal()
+ * or pytalloc_GenericObject_reference().
+ */
+#ifndef _DEPRECATED_
+#ifdef HAVE___ATTRIBUTE__
+#define _DEPRECATED_ __attribute__ ((deprecated))
+#else
+#define _DEPRECATED_
+#endif
#endif
+PyObject *pytalloc_CObject_FromTallocPtr(void *) _DEPRECATED_;
+#endif
+
+/*
+ * Wrap a generic talloc pointer into a talloc.GenericObject,
+ * this is a subclass of talloc.BaseObject.
+ */
+PyObject *pytalloc_GenericObject_steal_ex(TALLOC_CTX *mem_ctx, void *ptr);
+#define pytalloc_GenericObject_steal(talloc_ptr) \
+ pytalloc_GenericObject_steal_ex(talloc_ptr, talloc_ptr)
+PyObject *pytalloc_GenericObject_reference_ex(TALLOC_CTX *mem_ctx, void *ptr);
+#define pytalloc_GenericObject_reference(talloc_ptr) \
+ pytalloc_GenericObject_reference_ex(talloc_ptr, talloc_ptr)
size_t pytalloc_BaseObject_size(void);
diff --git a/lib/talloc/pytalloc_guide.txt b/lib/talloc/pytalloc_guide.txt
index 962d449..bd2b68c 100644
--- a/lib/talloc/pytalloc_guide.txt
+++ b/lib/talloc/pytalloc_guide.txt
@@ -92,6 +92,15 @@ Check whether a specific object is a talloc BaseObject. Returns non-zero if it i
a pytalloc_BaseObject and zero otherwise.
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+int pytalloc_check_type(PyObject *py_obj, type)
+
+Check if the object based on `pytalloc_*Object` py_obj. type should be a
+C type, similar to a type passed to `talloc_get_type`.
+This can be used as a check before using pytalloc_get_type()
+or an alternative codepath. Returns non-zero if it is
+an object of the expected type and zero otherwise.
+
+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
type *pytalloc_get_type(PyObject *py_obj, type)
Retrieve the pointer from a `pytalloc_Object` py_obj. type should be a
@@ -113,7 +122,9 @@ Retrieve the talloc context associated with a pytalloc_Object or pytalloc_BaseOb
PyObject *pytalloc_steal_ex(PyTypeObject *py_type, TALLOC_CTX *mem_ctx, void *ptr)
Create a new Python wrapping object for a talloc pointer and context, with
-py_type as associated Python sub type object.
+py_type as associated Python sub type object. This typically used
+when `mem_ctx` and `ptr` differ, e.g. a pointer to an array element.
+`pytalloc_get_ptr()` can be used to get the pointer out of the object again.
This will *not* increment the reference counter for the talloc context,
so the caller should make sure such an increment has happened. When the Python
@@ -123,7 +134,9 @@ object goes away, it will unreference the talloc context.
PyObject *pytalloc_steal(PyTypeObject *py_type, void *ptr)
Create a new Python wrapping object for a talloc pointer and context, with
-py_type as associated Python sub type object.
+py_type as associated Python sub type object. The pointer will also be used
+as the talloc context. `pytalloc_get_type()` can be used to get
+the pointer out of the object again.
This will *not* increment the reference counter for the talloc context,
so the caller should make sure such an increment has happened. When the Python
@@ -133,7 +146,9 @@ object goes away, it will unreference the talloc context.
PyObject *pytalloc_reference_ex(PyTypeObject *py_type, TALLOC_CTX *mem_ctx, void *ptr)
Create a new Python wrapping object for a talloc pointer and context, with
-py_type as associated Python sub type object.
+py_type as associated Python sub type object. This typically used
+when `mem_ctx` and `ptr` differ, e.g. a pointer to an array element.
+`pytalloc_get_ptr()` can be used to get the pointer out of the object again.
This will increment the reference counter for the talloc context.
@@ -142,7 +157,8 @@ PyObject *pytalloc_reference(PyTypeObject *py_type, void *talloc_ptr)
Create a new Python wrapping object for a talloc pointer, with
py_type as associated Python sub type object. The pointer will also be used
-as the talloc context.
+as the talloc context. `pytalloc_get_type()` can be used to get
+the pointer out of the object again.
This will increment the reference counter for the talloc context.
@@ -153,14 +169,59 @@ Create a new, empty pytalloc_Object with the specified Python type object. type
should be a C type, similar to talloc_new().
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
-PyObject *pytalloc_CObject_FromTallocPtr(void *);
+PyObject *pytalloc_GenericObject_steal_ex(void *ptr)
+
+Create a new Python wrapping object for a generic talloc pointer,
+as sub type of `pytalloc_BaseObject`. This typically used
+when `mem_ctx` and `ptr` differ, e.g. a pointer to an array element.
+`pytalloc_get_ptr()` can be used to get the pointer out of the object again.
+
+This will *not* increment the reference counter for the talloc context,
+so the caller should make sure such an increment has happened. When the Python
+object goes away, it will unreference the talloc context.
+
+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+PyObject *pytalloc_GenericObject_steal(void *ptr)
+
+Create a new Python wrapping object for a generic talloc pointer,
+as sub type of `pytalloc_BaseObject`. The pointer will also be used
+as the talloc context. `pytalloc_get_type()` can be used to get
+the pointer out of the object again.
+
+This will *not* increment the reference counter for the talloc context,
+so the caller should make sure such an increment has happened. When the Python
+object goes away, it will unreference the talloc context.
+
+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+PyObject *pytalloc_GenericObject_reference_ex(void *ptr)
+
+Create a new Python wrapping object for a generic talloc pointer,
+as sub type of `pytalloc_BaseObject`. This typically used
+when `mem_ctx` and `ptr` differ, e.g. a pointer to an array element.
+`pytalloc_get_ptr()` can be used to get the pointer out of the object again.
+
+This will increment the reference counter for the talloc context.
+
+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+PyObject *pytalloc_GenericObject_reference(void *ptr)
+
+Create a new Python wrapping object for a generic talloc pointer,
+as sub type of `pytalloc_BaseObject`. The pointer will also be used
+as the talloc context. `pytalloc_get_type()` can be used to get
+the pointer out of the object again.
+
+This will increment the reference counter for the talloc context.
+
+=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
+DEPRECATED! PyObject *pytalloc_CObject_FromTallocPtr(void *);
Create a new pytalloc_Object for an abitrary talloc-maintained C pointer. This will
use a generic VoidPtr Python type, which just provides an opaque object in
Python. The caller is responsible for incrementing the talloc reference count before calling
this function - it will dereference the talloc pointer when it is garbage collected.
-This function is only available on Python 2.
+This function is deprecated and only available on Python 2.
+Use pytalloc_GenericObject_{reference,steal}[_ex]() instead.
Debug function for talloc in Python
-----------------------------------
diff --git a/lib/talloc/pytalloc_util.c b/lib/talloc/pytalloc_util.c
index cb71dc9..923fe5d 100644
--- a/lib/talloc/pytalloc_util.c
+++ b/lib/talloc/pytalloc_util.c
@@ -64,6 +64,26 @@ _PUBLIC_ PyTypeObject *pytalloc_GetBaseObjectType(void)
return type;
}
+static PyTypeObject *pytalloc_GetGenericObjectType(void)
+{
+ static PyTypeObject *type = NULL;
+ PyObject *mod;
+
+ if (type != NULL) {
+ return type;
+ }
+
+ mod = PyImport_ImportModule("talloc");
+ if (mod == NULL) {
+ return NULL;
+ }
+
+ type = (PyTypeObject *)PyObject_GetAttrString(mod, "GenericObject");
+ Py_DECREF(mod);
+
+ return type;
+}
+
/**
* Import an existing talloc pointer into a Python object.
*/
@@ -204,6 +224,26 @@ _PUBLIC_ PyObject *pytalloc_CObject_FromTallocPtr(void *ptr)
#endif
+/*
+ * Wrap a generic talloc pointer into a talloc.GenericObject,
+ * this is a subclass of talloc.BaseObject.
+ */
+_PUBLIC_ PyObject *pytalloc_GenericObject_steal_ex(TALLOC_CTX *mem_ctx, void *ptr)
+{
+ PyTypeObject *tp = pytalloc_GetGenericObjectType();
+ return pytalloc_steal_ex(tp, mem_ctx, ptr);
+}
+
+/*
+ * Wrap a generic talloc pointer into a talloc.GenericObject,
+ * this is a subclass of talloc.BaseObject.
+ */
+_PUBLIC_ PyObject *pytalloc_GenericObject_reference_ex(TALLOC_CTX *mem_ctx, void *ptr)
+{
+ PyTypeObject *tp = pytalloc_GetGenericObjectType();
+ return pytalloc_reference_ex(tp, mem_ctx, ptr);
+}
+
_PUBLIC_ int pytalloc_Check(PyObject *obj)
{
PyTypeObject *tp = pytalloc_GetObjectType();
@@ -223,21 +263,66 @@ _PUBLIC_ size_t pytalloc_BaseObject_size(void)
return sizeof(pytalloc_BaseObject);
}
-_PUBLIC_ void *_pytalloc_get_type(PyObject *py_obj, const char *type_name)
+static void *_pytalloc_get_checked_type(PyObject *py_obj, const char *type_name,
+ bool check_only, const char *function)
{
- void *ptr = _pytalloc_get_ptr(py_obj);
+ TALLOC_CTX *mem_ctx;
+ void *ptr = NULL;
void *type_obj = talloc_check_name(ptr, type_name);
+ mem_ctx = _pytalloc_get_mem_ctx(py_obj);
+ ptr = _pytalloc_get_ptr(py_obj);
+
+ if (mem_ctx != ptr) {
+ if (check_only) {
+ return NULL;
+ }
--
Samba Shared Repository
More information about the samba-cvs
mailing list