[SCM] Samba Shared Repository - branch v4-8-stable updated
Karolin Seeger
kseeger at samba.org
Thu Dec 13 09:52:35 UTC 2018
The branch, v4-8-stable has been updated
via 91c4bf85967 VERSION: Disable GIT_SNAPSHOT for the 4.8.8 release.
via 1ce5bb68c78 WHATSNEW: Add release notes for Samba 4.8.8.
via 064f8f2d8cd winbindd: Route predefined domains through the BUILTIN domain child
via bd464e2892c winbindd: fix predefined domains routing in find_lookup_domain_from_sid()
via 1dd91d1463b winbindd: add some braces
via 887cc66ff8f libcli/security: add dom_sid_lookup_is_predefined_domain()
via d85ce20d988 selftest: test wbinfo -n and --gid-info with "NT Authority"
via c81921da2e5 CVE-2018-14629 dns: fix CNAME loop prevention using counter regression
via 9d58994621f CVE-2018-14629: Tests to expose regression from dns cname loop fix
via 6d9c94e82c0 CVE-2018-16853: fix crash in expired passowrd case
via c4c0a23a34c CVE-2018-16853: Do not segfault if client is not set
via e57433c46ba CVE-2018-16853: Add a test to verify s4u2self doesn't crash
via fb634be8327 CVE-2018-16853: The ticket in check_policy_as can actually be a TGS
via 1c4004425d0 CVE-2018-16853: Fix kinit test on system lacking ldbsearch
via c33afb1e2c9 libcli/smb: don't overwrite status code
via 50c2d78c270 s4:torture/smb2/session: test smbXcli_session_set_disconnect_expired() works
via 903c3a0fb67 vfs_zfsacl: return synthesized ACL when ZFS return ENOTSUP
via 5c1d414053d s3:smbd: make psbuf arg to make_default_acl_posix() const
via 03f60c3ab36 VERSION: Bump version up to 4.8.8.
via db08ec4c941 Merge tag 'samba-4.8.7' into v4-8-test
via 58c53ddef51 s3:smb2_sesssetup: check session_info security level before it gets talloc_move'd
via 3d9debd0f7e s4:torture/smb2/session: session reauth response must be signed
via 9694933cc39 s4:torture/smb2/session: add force_signing to test_session_expire1i
via b79e847e351 s4:torture/smb2/session: require a signed session setup reauth response
via 288a79d997b s4:torture/smb2/session: invalidate credential cache
via 7a5077d7e9a libcli/smb: use require_signed_response in smb2cli_conn_dispatch_incoming()
via 4ba496bf3c1 libcli/smb: defer singing check a little bit
via 2b73c8a0df4 libcli/smb: maintain require_signed_response in smbXcli_req_state
via 33dc0907353 libcli/smb: add smb2cli_session_require_signed_response()
via c25a69a0861 s3:selftest: also run smb2.session torture testsuite against ad_member
via eb8a35e7f84 s3:selftest: split "raw.session" and "smb2.session"
via aa3a07a01f9 torture: Fix the 32-bit build
via 42c3b3325a3 vfs_fruit: validation of writes on AFP_AfpInfo stream
via b6987c345de vfs_fruit: move a comment to the right place
via 8f251ab43ff s4:torture/vfs/fruit: torture writing AFP_AfpInfo stream
via e3e037c6f13 lib:util: Fix DEBUGCLASS pointer initializiation
via 09298298200 selftest: Run smb2.delete-on-close-perms also with "delete readonly = yes"
via ab041bf5346 selftest: Add share to test "delete readonly" option
via d60ad0171a0 smbd: Fix DELETE_ON_CLOSE behaviour on files with READ_ONLY attribute
via e674f23a106 smbtorture: Add test for DELETE_ON_CLOSE on files with READ_ONLY attribute
via b51ef80a7aa torture: Fix the clang build
via 0eebb6e0a47 vfs_fruit: let fruit_open_meta() with O_CREAT return a fake-fd
via cbbd530968b vfs_fruit: don't check for delete-on-close on the FinderInfo stream
via 80c95670e21 vfs_fruit: let fruit_pwrite_meta_stream also ftruncate empty FinderInfo
via 248b5fc305b vfs_fruit: pass stream size to delete_invalid_meta_stream()
via 1078e220e5a vfs_fruit: let fruit handle all aio on the FinderInfo metadata stream
via 8c8d2d028db vfs_fruit: do ino calculation
via a9b6f3a03da vfs_fruit: prepare fruit_pread_meta() for reading on fake-fd
via 257281c7c7f vfs_fruit: prepare fruit_pwrite_meta() for on-demand opening and writing
via a3cc00f7187 vfs_fruit: prepare struct fio for fake-fd and on-demand opening
via bc6d5c9fa75 vfs_fruit: add fio->created
via 82783db2b10 vfs_fruit: remove resource fork special casing
via 02987f70469 vfs_fruit: add some debugging of dev/ino
via 6501f483946 s4:torture/vfs/fruit: add test "empty_stream"
via 76fb134af85 s4:torture/vfs/fruit: add check_stream_list_handle()
via e38c76eed41 s4:torture/util: add torture_smb2_open()
via 28072273496 vfs_fruit: filter empty streams
via b0657faba45 vfs_fruit: use check on global_fruit_config.nego_aapl for macOS specific behaviour
via fd53ad87f87 s4:torture/vfs/fruit: enable AAPL extensions in a bunch of tests
via aa7de9869be vfs_fruit: don't unlink 0-byte size truncated streams
via 0893dd1a772 s4:torture/vfs/fruit: write some data to a just created teststream
via 0cad5ea4e91 s4:torture/vfs/fruit: expand test "setinfo eof stream"
via 347c78f9017 vfs_fruit: update handling of read-only creation of resource fork
via 46c5c8ab379 s4:torture/vfs/fruit: update test "creating rsrc with read-only access" for newer macOS versions
via a14fe5b863b s4:torture/vfs/fruit: expand existing vfs_test "null afpinfo"
via b58b0002802 s4:torture/vfs/fruit: expand existing test "setinfo delete-on-close AFP_AfpInfo" a little bit
via 758ab1e30d4 s4:torture/vfs/fruit: update test "read open rsrc after rename" to work with macOS
via dcd54e8c95e s4:torture/vfs/fruit: ensure a directory handle is closed in all code paths
via f2c7d60a64a s4:torture/vfs/fruit: update test "stream names" to work with macOS
via 2fcc620a774 s4:torture/vfs/fruit: update test "SMB2/CREATE context AAPL" to work against macOS
via 8651d0e97b4 s4:torture/vfs/fruit: set share_access to NTCREATEX_SHARE_ACCESS_MASK in check_stream_list
via caa5f0b81cf s4:torture/vfs/fruit: fix a few error checks in "delete AFP_AfpInfo by writing all 0"
via 00953bbf868 s4:torture/vfs/fruit: skip a few tests when running against a macOS SMB server
via a7b85d5db1e vfs_streams_xattr: fix open implementation
via 5a01f6c7462 s4/test: fix AAPL size check
via 45d55dc25b1 ctdb-recovery: Ban a node that causes recovery failure
via ce25e573534 s3:smbd: remove now unused check if fsp is NULL
via d365e6d9bb4 s3:smbd: fix SMB2 aio cancelling
via 86a115caacd s4:torture/smb2/read: add test for cancelling SMB aio
via 27fb50fd22d vfs_delay_inject: implement pread_send and pwrite_send
via 8ae8c567001 s4:libcli/smb2: reapply request endtime
via d79d7192bf2 libcli: fill endtime if smbXcli_req_create() timeout is non-zero
via 23c1e018fc2 libcli: add smbXcli_req_endtime
via 994c6c6f4fe dsdb: Add comments explaining the limitations of our current backlink behaviour
via 98db8eb90c2 s4:samldb: internally use extended dns while changing the primaryGroupID field
via 47745ae5628 s4:repl_meta_data: add support for DSDB_CONTROL_DBCHECK_FIX_LINK_DN_SID
via 141285407df s4:repl_meta_data: pass down struct replmd_replicated_request to replmd_modify_la_replace()
via b23722a7f60 s4:repl_meta_data: pass down struct replmd_replicated_request to replmd_modify_la_delete()
via 07a48914d2a s4:repl_meta_data: add missing
to a DEBUG message in replmd_modify_la_add()
via 45641745dd5 s4:repl_meta_data: pass down struct replmd_replicated_request to replmd_modify_la_add()
via f7ec40472d6 s4:repl_meta_data: pass down struct replmd_replicated_request to replmd_modify_handle_linked_attribs()
via 5d562c1a0f6 blackbox/dbcheck-links: Test broken links with missing <SID=...> on linked attributes
via b90f5a98cd4 dbchecker: Fix missing <SID=...> on linked attributes
via dffea1b1c32 dbchecker: improve verbose output of do_modify()
via 997a3b23b96 s4:dsdb: add DSDB_CONTROL_DBCHECK_FIX_LINK_DN_SID oid
via f3aed1e7f19 testprogs/blackbox: add samba4.blackbox.test_primary_group test
via 933d5f375d8 s4:dsdb: fix comment on DSDB_CONTROL_DBCHECK_FIX_LINK_DN_NAME
via e02b0bcb8c8 schema_samba4.ldif: add allocation of DSDB_CONTROL_DBCHECK_FIX_LINK_DN_NAME
via 4154d31eeb4 dbchecker: Fixing up incorrect DNs wasn't working
via d8c9c93c90b dbcheck: Use symbolic control name for DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS
via 3587cca9487 vfs_fruit: optionally delete AppleDouble files without Resourcefork data
via 5eb26a5e7c9 vfs_fruit: add option "delete_empty_adfiles"
via 24fd9ddc360 vfs_fruit: detect empty resource forks in ad_convert()
via 1a378c12384 vfs_fruit: add option "wipe_intentionally_left_blank_rfork"
via 01a76b2b145 s4:torture: add test for AppleDouble ResourceFork conversion
via 0f5b9f5a6db s3:selftest: list vfs testssuites one per line
via d7b77c85821 docs:vfs_fruit: add "delete_empty_adfiles" option
via 2a94015b5ca docs:vfs_fruit: add "wipe_intentionally_left_blank_rfork" option
via bfa9fd31621 vfs_fruit: remove check for number of xattrs from ad_convert_xattr
via ec065a8ac2e ctdb-event: Check the return status of sock_daemon_set_startup_fd
via 7ead723db07 ctdb-common: Set close-on-exec for startup fd
via 1e07fa98de6 ctdb-daemon: Exit if eventd goes away
via 995a75e4b65 ctdb-daemon: Return early when refusing to run an event script
via 59901b7b51c winbindd_cache: Fix timeout calculation for sid<->name cache
via 066d0ee3c9a vfs_fruit: move check in ad_convert() to ad_convert_*() subfunctions
via a3ab52d3f48 vfs_fruit: make call to ad_convert_truncate() optional
via 024d123a483 vfs_fruit: add out arg "converted_xattr" to ad_convert_xattr
via 85519ed9818 vfs_fruit: add check for OS X filler in FinderInfo conversion
via 0d1f964b60f vfs_fruit: call ad_convert_move_reso() from ad_convert_xattr()
via a1c29dbf87f vfs_fruit: let the ad_convert_*() subfunction update the on-disk AppleDoube header as needed
via 523b8a915a0 vfs_fruit: let the ad_convert_*() subfunctions mmap as needed
via 8f13ba1e747 vfs_fruit: fix error returns in ad_convert_xattr()
via 2560248f093 vfs_fruit: use ADEDOFF_RFORK_DOT_UND offset macro in ad_convert_move_reso()
via 57962d58b8a vfs_fruit: split out moving of the resource fork
via 1a67acfe25d vfs_fruit: use ADEDOFF_RFORK_DOT_UND offset macro in ad_convert_truncate()
via 5c79f7c1cea vfs_fruit: split out truncating from ad_convert()
via 9f913fdad8c vfs_fruit: move FinderInfo lenght check to ad_convert()
via e5a897e7964 vfs_fruit: move FinderInfo conversion to helper function and call it from ad_convert()
via cff660fd79f vfs_fruit: move storing of modified struct adouble to ad_convert()
via 3179bb0a6a9 vfs_fruit: remove unneeded fd argument from ad_convert()
via 145050697a7 vfs_fruit: do direct return from error checks in ad_convert()
via be2fa7aaa2b vfs_fruit: move setting ADEID_FINDERI length to ad_convert_xattr()
via 27d84625129 vfs_fruit: store filler bytes from AppleDouble file header in struct adouble
via a9f341eb836 vfs_fruit: fix two comments
via 9c3b9e520fd s4:torture: FinderInfo conversion test with AppleDouble without xattr data
via fd017065e01 smb2_server: set req->do_encryption = true earlier
via 5a77625fb86 s4:torture: split smb2.session.expire{1,2} to run with signing and encryptpion
via 2d79c2ee2bc ctdb-tests: Drop code for RECEIVE_RECORDS control
via b8040119285 ctdb-protocol: Drop marshalling code for RECEIVE_RECORDS control
via 3c32e6b9b9c ctdb-protocol: Mark RECEIVE_RECORDS control obsolete
via d357ce19cba ctdb-daemon: Drop implementation of RECEIVE_RECORDS control
via 604c7b87e05 ctdb-vacuum: Remove unnecessary check for zero records in delete list
via 00a263982cd ctdb-vacuum: Fix the incorrect counting of remote errors
via d08665ffa86 ctdb-vacuum: Simplify the deletion of vacuumed records
via 7b5233003d0 ctdb-tests: Add recovery record resurrection test for volatile databases
via 4b7d81955ac ctdb-daemon: Invalidate records if a node becomes INACTIVE
via ffc84e1c9a0 ctdb-daemon: Don't pull any records if records are invalidated
via a363e0ce25b ctdb-daemon: Add invalid_records flag to ctdb_db_context
via ed962c85b19 s3: smbd: Prevent valgrind errors in smbtorture3 POSIX test.
via 8d0fbe3ebb1 examples: Fix the smb2mount build
via 79e60e59eaf s3:smbget: Use cmdline_messaging_context
via 4d9a78ca3db s3:smbcontrol: Use cmdline_messaging_context
via 6a0ae3b5f95 s3:dbwrap_tool: Use cmdline_messaging_context
via eea0c0d2821 s3:eventlogadm: Use cmdline_messaging_context
via c392f642ba6 s3: ntlm_auth: Use cmdline_messaging_context
via 7a7b33a3f76 s3:sharesec: Use cmdline_messaging_context
via 5b8f2706118 s3:testparm: Use cmdline_messaging_context
via 1c4522db8fc s3:pdbedit: Use cmdline_messaging_context
via 18cd5c525ed s3:messaging: remove unused messaging_init_client()
via bf4cd2a74c7 s3:net: Use cmdline_messaging_context
via 12afd47edcf rpcclient: Use cmdline_messaging_context
via 37d29db0bdb s3:smbstatus: Use cmdline_messaging_context
via 4a89ab6ca40 s3:smbpasswd: Use cmdline_messaging_context
via a1ba2536423 test:doc: Skip 'clustering=yes'
via a12dd7322ad s3:popt_common: use cmdline_messaging_context() in popt_common_credentials_callback()
via 265bfe242b6 selftest: pass configfile to pdbedit
via d8a68702a75 s3:loadparm: reinit_globals in lp_load_with_registry_shares()
via 4aace819496 s3:lib: Introduce cmdline context wrapper
via 050208f3b6b s3:lib: Move popt_common_credentials to separate file
via 3c708d9e356 s3/lib:popt_common: Move setup_logging to common callback
via a81799cf627 s3:lib/server_contexts: make server_event_ctx and server_msg_ctx static
via a6f15a0dd69 VERSION: Bump version up to 4.8.6...
from cd870beb978 VERSION: Disable GIT_SNAPSHOT for the 4.8.7 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 105 +-
ctdb/common/sock_daemon.c | 8 +-
ctdb/common/sock_daemon.h | 3 +-
ctdb/include/ctdb_private.h | 3 +-
ctdb/protocol/protocol.h | 2 +-
ctdb/protocol/protocol_api.h | 6 -
ctdb/protocol/protocol_client.c | 29 -
ctdb/protocol/protocol_control.c | 26 -
ctdb/server/ctdb_control.c | 2 +-
ctdb/server/ctdb_eventd.c | 6 +-
ctdb/server/ctdb_freeze.c | 24 +-
ctdb/server/ctdb_recover.c | 211 +--
ctdb/server/ctdb_recovery_helper.c | 46 +-
ctdb/server/ctdb_vacuum.c | 280 +---
ctdb/server/eventscript.c | 10 +-
ctdb/tests/simple/69_recovery_resurrect_deleted.sh | 84 +
ctdb/tests/src/protocol_common_ctdb.c | 20 -
docs-xml/manpages/vfs_fruit.8.xml | 25 +
examples/fuse/smb2mount.c | 2 +-
examples/fuse/wscript_build | 2 +-
lib/util/debug.c | 4 +-
libcli/security/dom_sid.h | 1 +
libcli/security/util_sid.c | 33 +
libcli/smb/smbXcli_base.c | 71 +-
libcli/smb/smbXcli_base.h | 3 +
nsswitch/tests/test_wbinfo.sh | 18 +
python/samba/dbchecker.py | 66 +-
python/samba/tests/dns.py | 100 ++
python/samba/tests/docs.py | 3 +-
selftest/knownfail.d/dns | 14 +-
selftest/knownfail.d/samba3.vfs.fruit | 1 +
selftest/target/Samba3.pm | 28 +
source3/client/client.c | 2 +-
source3/include/messages.h | 3 -
source3/include/popt_common.h | 10 -
.../background.h => include/popt_common_cmdline.h} | 46 +-
source3/lib/cmdline_contexts.c | 70 +
.../unix_match.h => source3/lib/cmdline_contexts.h | 12 +-
source3/lib/messages.c | 9 -
source3/lib/popt_common.c | 216 +--
source3/lib/popt_common_cmdline.c | 249 +++
source3/lib/server_contexts.c | 4 +-
source3/modules/vfs_delay_inject.c | 262 +++
source3/modules/vfs_fruit.c | 1152 +++++++++-----
source3/modules/vfs_streams_xattr.c | 64 +-
source3/modules/vfs_zfsacl.c | 36 +-
source3/param/loadparm.c | 2 +-
source3/rpcclient/cmd_spoolss.c | 2 +-
source3/rpcclient/rpcclient.c | 30 +-
source3/rpcclient/wscript_build | 2 +-
source3/selftest/tests.py | 26 +-
source3/smbd/aio.c | 28 +-
source3/smbd/close.c | 4 +
source3/smbd/open.c | 30 +-
source3/smbd/posix_acls.c | 8 +-
source3/smbd/proto.h | 2 +-
source3/smbd/smb2_server.c | 15 +-
source3/smbd/smb2_sesssetup.c | 8 +-
source3/utils/dbwrap_tool.c | 3 +
source3/utils/eventlogadm.c | 4 +
source3/utils/net.c | 27 +-
source3/utils/ntlm_auth.c | 3 +
source3/utils/pdbedit.c | 3 +
source3/utils/regedit.c | 2 +-
source3/utils/sharesec.c | 2 +
source3/utils/smbcacls.c | 2 +-
source3/utils/smbcontrol.c | 19 +-
source3/utils/smbcquotas.c | 2 +-
source3/utils/smbget.c | 5 +-
source3/utils/smbpasswd.c | 17 +-
source3/utils/smbtree.c | 2 +-
source3/utils/status.c | 17 +-
source3/utils/testparm.c | 3 +
source3/utils/wscript_build | 36 +-
source3/winbindd/winbindd_cache.c | 4 +-
source3/winbindd/winbindd_util.c | 37 +-
source3/wscript_build | 15 +-
source4/dns_server/dns_query.c | 29 +-
source4/dsdb/pydsdb.c | 3 +
source4/dsdb/samdb/ldb_modules/extended_dn_store.c | 7 +
source4/dsdb/samdb/ldb_modules/linked_attributes.c | 18 +-
source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 333 +++-
source4/dsdb/samdb/ldb_modules/samldb.c | 41 +-
source4/dsdb/samdb/samdb.h | 6 +
source4/kdc/mit-kdb/kdb_samba_policies.c | 24 +-
source4/kdc/mit_samba.c | 7 +-
source4/libcli/smb2/transport.c | 17 +
...ected-after-dbcheck-oneway-link-corruption.ldif | 19 +
...eck-link-output-missing-link-sid-corruption.txt | 8 +
...-dbcheck-link-output-oneway-link-corruption.txt | 5 +
source4/selftest/tests.py | 3 +
source4/setup/schema_samba4.ldif | 2 +
source4/torture/smb2/delete-on-close.c | 119 ++
source4/torture/smb2/read.c | 116 ++
source4/torture/smb2/session.c | 189 ++-
source4/torture/smb2/smb2.c | 1 +
source4/torture/smb2/util.c | 30 +
source4/torture/vfs/fruit.c | 1676 +++++++++++++++++++-
source4/torture/vfs/vfs.c | 1 +
testprogs/blackbox/dbcheck-links.sh | 175 ++
testprogs/blackbox/test_kinit_mit.sh | 20 +-
testprogs/blackbox/test_pdbtest.sh | 8 +-
testprogs/blackbox/test_primary_group.sh | 90 ++
104 files changed, 5066 insertions(+), 1614 deletions(-)
create mode 100755 ctdb/tests/simple/69_recovery_resurrect_deleted.sh
copy source3/{lib/background.h => include/popt_common_cmdline.h} (50%)
create mode 100644 source3/lib/cmdline_contexts.c
copy lib/util/unix_match.h => source3/lib/cmdline_contexts.h (72%)
create mode 100644 source3/lib/popt_common_cmdline.c
create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/expected-after-dbcheck-oneway-link-corruption.ldif
create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/expected-dbcheck-link-output-missing-link-sid-corruption.txt
create mode 100644 source4/selftest/provisions/release-4-5-0-pre1/expected-dbcheck-link-output-oneway-link-corruption.txt
create mode 100755 testprogs/blackbox/test_primary_group.sh
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index feb5a4be51c..c5594450fa9 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=8
-SAMBA_VERSION_RELEASE=7
+SAMBA_VERSION_RELEASE=8
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 9f604b0d457..d48d1897469 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,104 @@
+ =============================
+ Release Notes for Samba 4.8.8
+ December 13, 2018
+ =============================
+
+
+This is the latest stable release of the Samba 4.8 release series.
+
+Major bug fixes include:
+------------------------
+
+ o dns: Fix CNAME loop prevention using counter regression (bug #13600).
+
+
+Changes since 4.8.7:
+--------------------
+
+o Jeremy Allison <jra at samba.org>
+ * BUG 13633: s3: smbd: Prevent valgrind errors in smbtorture3 POSIX test.
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 13418: dsdb: Add comments explaining the limitations of our current
+ backlink behaviour.
+ * BUG 13495: dbcheck: Use symbolic control name for
+ DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS.
+
+o Tim Beale <timbeale at catalyst.net.nz>
+ * BUG 13495: dbchecker: Fixing up incorrect DNs wasn't working.
+
+o Ralph Boehme <slow at samba.org>
+ * BUG 9175: libcli/smb: Don't overwrite status code.
+ * BUG 12164: 'wbinfo --group-info' 'NT AUTHORITY\System' does not work.
+ * BUG 13175: Fix accessing ZFS snapshot directories over SMB.
+ * BUG 13642: vfs_fruit should be able to cleanup AppleDouble files.
+ * BUG 13465: testparm crashes with PANIC: Messaging not initialized on
+ SLES 12 SP3.
+ * BUG 13646: File saving issues with vfs_fruit on samba >= 4.8.5.
+ * BUG 13649: Enabling vfs_fruit looses FinderInfo.
+ * BUG 13661: Session setup reauth fails to sign response.
+ * BUG 13667: Cancelling of SMB2 aio reads and writes returns wrong error
+ NT_STATUS_INTERNAL_ERROR.
+ * BUG 13677: Fix copy with vfs_fruit if AFP_AfpInfo stream file
+ size > 60bytes.
+
+o Isaac Boukris <iboukris at gmail.com>
+ * BUG 13571: CVE-2018-16853: Fix S4U2Self crash with MIT KDC build.
+
+o Amitay Isaacs <amitay at gmail.com>
+ * BUG 13641: Fix CTDB recovery record resurrection from inactive nodes and
+ simplify vacuuming.
+ * BUG 13659: Fix bugs in CTDB event handling.
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 13465: examples: Fix the smb2mount build.
+ * BUG 13662: winbindd_cache: Fix timeout calculation for sid<->name cache.
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 13418: Extended DN SID component missing for member after switching
+ group membership.
+ * BUG 13600: CVE-2018-14629 dns: Fix CNAME loop prevention using counter
+ regression.
+ * BUG 13624: STATUS_SESSION_EXPIRED error is returned unencrypted, if the
+ request was encrypted.
+
+o Christof Schmitt <cs at samba.org>
+ * BUG 13465: testparm crashes with PANIC: Messaging not initialized on
+ SLES 12 SP3.
+ * BUG 13673: smbd: Fix DELETE_ON_CLOSE behaviour on files with READ_ONLY
+ attribute.
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 13571: CVE-2018-16853: Fix S4U2Self crash with MIT KDC build.
+ * BUG 13679: Fix a segfault in pyglue.
+
+o Martin Schwenke <martin at meltin.net>
+ * BUG 13670: ctdb-recovery: Ban a node that causes recovery failure.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
=============================
Release Notes for Samba 4.8.7
November 27, 2018
@@ -94,8 +195,8 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
=============================
Release Notes for Samba 4.8.6
diff --git a/ctdb/common/sock_daemon.c b/ctdb/common/sock_daemon.c
index 03d3ac1f1ec..86cc2f2e502 100644
--- a/ctdb/common/sock_daemon.c
+++ b/ctdb/common/sock_daemon.c
@@ -517,9 +517,15 @@ int sock_daemon_add_unix(struct sock_daemon_context *sockd,
return 0;
}
-void sock_daemon_set_startup_fd(struct sock_daemon_context *sockd, int fd)
+bool sock_daemon_set_startup_fd(struct sock_daemon_context *sockd, int fd)
{
+ if (! set_close_on_exec(fd)) {
+ D_ERR("Failed to set close-on-exec on startup fd\n");
+ return false;
+ }
+
sockd->startup_fd = fd;
+ return true;
}
/*
diff --git a/ctdb/common/sock_daemon.h b/ctdb/common/sock_daemon.h
index a28f8c6f39c..fb0c6865328 100644
--- a/ctdb/common/sock_daemon.h
+++ b/ctdb/common/sock_daemon.h
@@ -214,8 +214,9 @@ int sock_daemon_add_unix(struct sock_daemon_context *sockd,
*
* @param[in] sockd Socket daemon context
* @param[in] fd File descriptor
+ * @return true on success, false on error
*/
-void sock_daemon_set_startup_fd(struct sock_daemon_context *sockd, int fd);
+bool sock_daemon_set_startup_fd(struct sock_daemon_context *sockd, int fd);
/**
* @brief Async computation start to run a socket daemon
diff --git a/ctdb/include/ctdb_private.h b/ctdb/include/ctdb_private.h
index 25d00476be2..62d3e3ab7d5 100644
--- a/ctdb/include/ctdb_private.h
+++ b/ctdb/include/ctdb_private.h
@@ -387,6 +387,7 @@ struct ctdb_db_context {
uint32_t freeze_transaction_id;
uint32_t generation;
+ bool invalid_records;
bool push_started;
void *push_state;
@@ -822,8 +823,6 @@ int32_t ctdb_control_start_recovery(struct ctdb_context *ctdb,
int32_t ctdb_control_try_delete_records(struct ctdb_context *ctdb,
TDB_DATA indata, TDB_DATA *outdata);
-int32_t ctdb_control_receive_records(struct ctdb_context *ctdb,
- TDB_DATA indata, TDB_DATA *outdata);
int32_t ctdb_control_get_capabilities(struct ctdb_context *ctdb,
TDB_DATA *outdata);
diff --git a/ctdb/protocol/protocol.h b/ctdb/protocol/protocol.h
index 7189fab43f0..75951822b3e 100644
--- a/ctdb/protocol/protocol.h
+++ b/ctdb/protocol/protocol.h
@@ -355,7 +355,7 @@ enum ctdb_controls {CTDB_CONTROL_PROCESS_EXISTS = 0,
CTDB_CONTROL_SET_DB_STICKY = 133,
CTDB_CONTROL_RELOAD_PUBLIC_IPS = 134,
CTDB_CONTROL_TRAVERSE_ALL_EXT = 135,
- CTDB_CONTROL_RECEIVE_RECORDS = 136,
+ CTDB_CONTROL_RECEIVE_RECORDS = 136, /* obsolete */
CTDB_CONTROL_IPREALLOCATED = 137,
CTDB_CONTROL_GET_RUNSTATE = 138,
CTDB_CONTROL_DB_DETACH = 139,
diff --git a/ctdb/protocol/protocol_api.h b/ctdb/protocol/protocol_api.h
index 8b40d1d8c0e..04a229c3ab4 100644
--- a/ctdb/protocol/protocol_api.h
+++ b/ctdb/protocol/protocol_api.h
@@ -530,12 +530,6 @@ int ctdb_reply_control_set_db_sticky(struct ctdb_reply_control *reply);
void ctdb_req_control_reload_public_ips(struct ctdb_req_control *request);
int ctdb_reply_control_reload_public_ips(struct ctdb_reply_control *reply);
-void ctdb_req_control_receive_records(struct ctdb_req_control *request,
- struct ctdb_rec_buffer *recbuf);
-int ctdb_reply_control_receive_records(struct ctdb_reply_control *reply,
- TALLOC_CTX *mem_ctx,
- struct ctdb_rec_buffer **recbuf);
-
void ctdb_req_control_ipreallocated(struct ctdb_req_control *request);
int ctdb_reply_control_ipreallocated(struct ctdb_reply_control *reply);
diff --git a/ctdb/protocol/protocol_client.c b/ctdb/protocol/protocol_client.c
index a18af08e21a..9aa32a9bba7 100644
--- a/ctdb/protocol/protocol_client.c
+++ b/ctdb/protocol/protocol_client.c
@@ -1948,35 +1948,6 @@ int ctdb_reply_control_reload_public_ips(struct ctdb_reply_control *reply)
/* CTDB_CONTROL_TRAVERSE_ALL_EXT */
-/* CTDB_CONTROL_RECEIVE_RECORDS */
-
-void ctdb_req_control_receive_records(struct ctdb_req_control *request,
- struct ctdb_rec_buffer *recbuf)
-{
- request->opcode = CTDB_CONTROL_RECEIVE_RECORDS;
- request->pad = 0;
- request->srvid = 0;
- request->client_id = 0;
- request->flags = 0;
-
- request->rdata.opcode = CTDB_CONTROL_RECEIVE_RECORDS;
- request->rdata.data.recbuf = recbuf;
-}
-
-int ctdb_reply_control_receive_records(struct ctdb_reply_control *reply,
- TALLOC_CTX *mem_ctx,
- struct ctdb_rec_buffer **recbuf)
-{
- if (reply->rdata.opcode != CTDB_CONTROL_RECEIVE_RECORDS) {
- return EPROTO;
- }
-
- if (reply->status == 0) {
- *recbuf = talloc_steal(mem_ctx, reply->rdata.data.recbuf);
- }
- return reply->status;
-}
-
/* CTDB_CONTROL_IPREALLOCATED */
void ctdb_req_control_ipreallocated(struct ctdb_req_control *request)
diff --git a/ctdb/protocol/protocol_control.c b/ctdb/protocol/protocol_control.c
index 12a78e1792d..0b88b5c8b5a 100644
--- a/ctdb/protocol/protocol_control.c
+++ b/ctdb/protocol/protocol_control.c
@@ -360,10 +360,6 @@ static size_t ctdb_req_control_data_len(struct ctdb_req_control_data *cd)
len = ctdb_traverse_all_ext_len(cd->data.traverse_all_ext);
break;
- case CTDB_CONTROL_RECEIVE_RECORDS:
- len = ctdb_rec_buffer_len(cd->data.recbuf);
- break;
-
case CTDB_CONTROL_IPREALLOCATED:
break;
@@ -660,10 +656,6 @@ static void ctdb_req_control_data_push(struct ctdb_req_control_data *cd,
&np);
break;
- case CTDB_CONTROL_RECEIVE_RECORDS:
- ctdb_rec_buffer_push(cd->data.recbuf, buf, &np);
- break;
-
case CTDB_CONTROL_DB_DETACH:
ctdb_uint32_push(&cd->data.db_id, buf, &np);
break;
@@ -988,11 +980,6 @@ static int ctdb_req_control_data_pull(uint8_t *buf, size_t buflen,
&np);
break;
- case CTDB_CONTROL_RECEIVE_RECORDS:
- ret = ctdb_rec_buffer_pull(buf, buflen, mem_ctx,
- &cd->data.recbuf, &np);
- break;
-
case CTDB_CONTROL_DB_DETACH:
ret = ctdb_uint32_pull(buf, buflen, &cd->data.db_id, &np);
break;
@@ -1368,10 +1355,6 @@ static size_t ctdb_reply_control_data_len(struct ctdb_reply_control_data *cd)
case CTDB_CONTROL_TRAVERSE_ALL_EXT:
break;
- case CTDB_CONTROL_RECEIVE_RECORDS:
- len = ctdb_rec_buffer_len(cd->data.recbuf);
- break;
-
case CTDB_CONTROL_IPREALLOCATED:
break;
@@ -1562,10 +1545,6 @@ static void ctdb_reply_control_data_push(struct ctdb_reply_control_data *cd,
ctdb_db_statistics_push(cd->data.dbstats, buf, &np);
break;
- case CTDB_CONTROL_RECEIVE_RECORDS:
- ctdb_rec_buffer_push(cd->data.recbuf, buf, &np);
- break;
-
case CTDB_CONTROL_GET_RUNSTATE:
ctdb_uint32_push(&cd->data.runstate, buf, &np);
break;
@@ -1753,11 +1732,6 @@ static int ctdb_reply_control_data_pull(uint8_t *buf, size_t buflen,
&cd->data.dbstats, &np);
break;
- case CTDB_CONTROL_RECEIVE_RECORDS:
- ret = ctdb_rec_buffer_pull(buf, buflen, mem_ctx,
- &cd->data.recbuf, &np);
- break;
-
case CTDB_CONTROL_GET_RUNSTATE:
ret = ctdb_uint32_pull(buf, buflen, &cd->data.runstate, &np);
break;
diff --git a/ctdb/server/ctdb_control.c b/ctdb/server/ctdb_control.c
index 848010e2310..c260b924529 100644
--- a/ctdb/server/ctdb_control.c
+++ b/ctdb/server/ctdb_control.c
@@ -650,7 +650,7 @@ static int32_t ctdb_control_dispatch(struct ctdb_context *ctdb,
return ctdb_control_reload_public_ips(ctdb, c, async_reply);
case CTDB_CONTROL_RECEIVE_RECORDS:
- return ctdb_control_receive_records(ctdb, indata, outdata);
+ return control_not_implemented("RECEIVE_RECORDS", NULL);
case CTDB_CONTROL_DB_DETACH:
return ctdb_control_db_detach(ctdb, indata, client_id);
diff --git a/ctdb/server/ctdb_eventd.c b/ctdb/server/ctdb_eventd.c
index f79ee9990d1..3876acd4a76 100644
--- a/ctdb/server/ctdb_eventd.c
+++ b/ctdb/server/ctdb_eventd.c
@@ -990,6 +990,7 @@ int main(int argc, const char **argv)
struct sock_socket_funcs socket_funcs;
struct stat statbuf;
int opt, ret;
+ bool ok;
/* Set default options */
options.pid = -1;
@@ -1073,7 +1074,10 @@ int main(int argc, const char **argv)
}
if (options.startup_fd != -1) {
- sock_daemon_set_startup_fd(sockd, options.startup_fd);
+ ok = sock_daemon_set_startup_fd(sockd, options.startup_fd);
+ if (!ok) {
+ goto fail;
+ }
}
ret = sock_daemon_run(ev, sockd,
diff --git a/ctdb/server/ctdb_freeze.c b/ctdb/server/ctdb_freeze.c
index c41fc7d53ee..10841efa1b9 100644
--- a/ctdb/server/ctdb_freeze.c
+++ b/ctdb/server/ctdb_freeze.c
@@ -140,6 +140,9 @@ static int ctdb_db_freeze_handle_destructor(struct ctdb_db_freeze_handle *h)
ctdb_db->freeze_mode = CTDB_FREEZE_NONE;
ctdb_db->freeze_handle = NULL;
+ /* Clear invalid records flag */
+ ctdb_db->invalid_records = false;
+
talloc_free(h->lreq);
return 0;
}
@@ -393,6 +396,19 @@ static int db_freeze_waiter_destructor(struct ctdb_db_freeze_waiter *w)
return 0;
}
+/**
+ * Invalidate the records in the database.
+ * This only applies to volatile databases.
+ */
+static int db_invalidate(struct ctdb_db_context *ctdb_db, void *private_data)
+{
+ if (ctdb_db_volatile(ctdb_db)) {
+ ctdb_db->invalid_records = true;
+ }
+
+ return 0;
+}
+
/**
* Count the number of databases
*/
@@ -436,13 +452,17 @@ static int db_freeze(struct ctdb_db_context *ctdb_db, void *private_data)
}
/*
- start the freeze process for a certain priority
+ start the freeze process for all databases
+ This is only called from ctdb_control_freeze(), which is called
+ only on node becoming INACTIVE. So mark the records invalid.
*/
static void ctdb_start_freeze(struct ctdb_context *ctdb)
{
struct ctdb_freeze_handle *h;
int ret;
+ ctdb_db_iterator(ctdb, db_invalidate, NULL);
+
if (ctdb->freeze_mode == CTDB_FREEZE_FROZEN) {
int count = 0;
@@ -534,6 +554,8 @@ static int ctdb_freeze_waiter_destructor(struct ctdb_freeze_waiter *w)
/*
freeze all the databases
+ This control is only used when freezing database on node becoming INACTIVE.
+ So mark the records invalid in ctdb_start_freeze().
*/
int32_t ctdb_control_freeze(struct ctdb_context *ctdb,
struct ctdb_req_control_old *c, bool *async_reply)
diff --git a/ctdb/server/ctdb_recover.c b/ctdb/server/ctdb_recover.c
index f4cd5f64eee..22b6ec535be 100644
--- a/ctdb/server/ctdb_recover.c
+++ b/ctdb/server/ctdb_recover.c
@@ -279,6 +279,11 @@ int32_t ctdb_control_pull_db(struct ctdb_context *ctdb, TDB_DATA indata, TDB_DAT
ctdb_db->db_name, ctdb_db->unhealthy_reason));
}
+ /* If the records are invalid, we are done */
+ if (ctdb_db->invalid_records) {
+ goto done;
+ }
+
if (ctdb_lockdb_mark(ctdb_db) != 0) {
DEBUG(DEBUG_ERR,(__location__ " Failed to get lock on entire db - failing\n"));
return -1;
@@ -293,6 +298,7 @@ int32_t ctdb_control_pull_db(struct ctdb_context *ctdb, TDB_DATA indata, TDB_DAT
ctdb_lockdb_unmark(ctdb_db);
+done:
outdata->dptr = (uint8_t *)params.pulldata;
outdata->dsize = params.len;
@@ -388,6 +394,11 @@ int32_t ctdb_control_db_pull(struct ctdb_context *ctdb,
state.srvid = pulldb_ext->srvid;
state.num_records = 0;
+ /* If the records are invalid, we are done */
+ if (ctdb_db->invalid_records) {
+ goto done;
+ }
+
if (ctdb_lockdb_mark(ctdb_db) != 0) {
DEBUG(DEBUG_ERR,
(__location__ " Failed to get lock on entire db - failing\n"));
@@ -422,6 +433,7 @@ int32_t ctdb_control_db_pull(struct ctdb_context *ctdb,
ctdb_lockdb_unmark(ctdb_db);
+done:
outdata->dptr = talloc_size(outdata, sizeof(uint32_t));
if (outdata->dptr == NULL) {
DEBUG(DEBUG_ERR, (__location__ " Memory allocation error\n"));
@@ -1318,205 +1330,6 @@ int32_t ctdb_control_try_delete_records(struct ctdb_context *ctdb, TDB_DATA inda
return 0;
}
-/**
- * Store a record as part of the vacuum process:
- * This is called from the RECEIVE_RECORD control which
- * the lmaster uses to send the current empty copy
- * to all nodes for storing, before it lets the other
- * nodes delete the records in the second phase with
- * the TRY_DELETE_RECORDS control.
- *
- * Only store if we are not lmaster or dmaster, and our
- * rsn is <= the provided rsn. Use non-blocking locks.
- *
- * return 0 if the record was successfully stored.
- * return !0 if the record still exists in the tdb after returning.
- */
-static int store_tdb_record(struct ctdb_context *ctdb,
- struct ctdb_db_context *ctdb_db,
- struct ctdb_rec_data_old *rec)
-{
- TDB_DATA key, data, data2;
- struct ctdb_ltdb_header *hdr, *hdr2;
- int ret;
--
Samba Shared Repository
More information about the samba-cvs
mailing list