[SCM] Samba Shared Repository - branch v4-13-test updated
Karolin Seeger
kseeger at samba.org
Tue Sep 15 13:29:08 UTC 2020
The branch, v4-13-test has been updated
via 45d4e546067 VERSION: Bump version up to 4.13.0rc5...
via f5fd34cced9 VERSION: Disable GIT_SNAPSHOT for the 4.13.0rc5 release.
via a0074cacc4a WHATSNEW: Add release notes for Samba 4.13.0rc5.
via 47e446f3f7c waf: Only use gnutls_aead_cipher_encryptv2() for GnuTLS > 3.6.14
via 8bd284a5b36 s3:smbd: Fix %U substitutions if it contains a domain name
via 90835ba1c35 s3:tests: Add test for 'valid users = DOMAIN\%U'
via 7a9537a3ad8 Revert "Add vfs_ring."
via d61eb49180f Revert "vfs_ring: Adapt to 4.13 VFS"
from b3845522bec WHATSNEW: Announce the end of Python 2.6/2.7 support to build Samba
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-13-test
- Log -----------------------------------------------------------------
commit 45d4e54606743ad076987a33d28f6d4b9a59d9ba
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue Sep 15 12:23:47 2020 +0200
VERSION: Bump version up to 4.13.0rc5...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
commit f5fd34cced9ebe4f90a0b5baef229d616270b9db
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue Sep 15 12:21:10 2020 +0200
VERSION: Disable GIT_SNAPSHOT for the 4.13.0rc5 release.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
commit a0074cacc4aba7976490d82cad298fdbee1d0f25
Author: Karolin Seeger <kseeger at samba.org>
Date: Tue Sep 15 12:20:26 2020 +0200
WHATSNEW: Add release notes for Samba 4.13.0rc5.
Signed-off-by: Karolin Seeger <kseeger at samba.org>
commit 47e446f3f7ccdd65f60dbbab72a1e3b81f650959
Author: Andreas Schneider <asn at samba.org>
Date: Thu Sep 10 11:34:50 2020 +0200
waf: Only use gnutls_aead_cipher_encryptv2() for GnuTLS > 3.6.14
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14399
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 94808cc50e4350a8c3bc250a886e8d4e7802dd12)
commit 8bd284a5b36d118a26c0c17be40a03703db517d2
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 17 14:12:48 2020 +0200
s3:smbd: Fix %U substitutions if it contains a domain name
'valid users = DOMAIN\%U' worked with Samba 3.6 and broke in a newer
version.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14467
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 5de7c91e6d4e98f438157a7675c8582cabdd828d)
commit 90835ba1c35ade078dc494034daeb3bf6ea02f7c
Author: Andreas Schneider <asn at samba.org>
Date: Mon Aug 17 13:39:58 2020 +0200
s3:tests: Add test for 'valid users = DOMAIN\%U'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14467
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 53b6dd951249052772e1ffcf651b7efd0963b931)
commit 7a9537a3ad8d876b6fa999823336476905dfb7a8
Author: Karolin Seeger <kseeger at samba.org>
Date: Mon Sep 14 11:47:47 2020 +0200
Revert "Add vfs_ring."
This reverts commit b29103ef46a9f80a0184d4d999f22512b7fdcd89.
commit d61eb49180f628305359f605a3c841359f9b096d
Author: Karolin Seeger <kseeger at samba.org>
Date: Mon Sep 14 11:47:44 2020 +0200
Revert "vfs_ring: Adapt to 4.13 VFS"
This reverts commit 191c2cd7b93524fc1ee119c0f995171fb38dc210.
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 16 +++-
selftest/target/Samba3.pm | 4 +
source3/modules/vfs_ring.c | 115 -----------------------------
source3/modules/wscript_build | 8 --
source3/script/tests/test_substitutions.sh | 5 ++
source3/smbd/share_access.c | 18 ++++-
source3/wscript | 1 -
wscript_configure_system_gnutls | 5 +-
9 files changed, 46 insertions(+), 128 deletions(-)
delete mode 100644 source3/modules/vfs_ring.c
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 98143de8e35..b31f4b5a6c7 100644
--- a/VERSION
+++ b/VERSION
@@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE=
# e.g. SAMBA_VERSION_RC_RELEASE=1 #
# -> "3.0.0rc1" #
########################################################
-SAMBA_VERSION_RC_RELEASE=5
+SAMBA_VERSION_RC_RELEASE=6
########################################################
# To mark SVN snapshots this should be set to 'yes' #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index cf70c1df1c0..467d4c0dfc5 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,7 +1,7 @@
Release Announcements
=====================
-This is the fourth release condidate of Samba 4.13. This is *not*
+This is the fifth release condidate of Samba 4.13. This is *not*
intended for production environments and is designed for testing
purposes only. Please report any defects via the Samba bug reporting
system at https://bugzilla.samba.org/.
@@ -93,6 +93,20 @@ smb.conf changes
client use spnego Deprecated yes
+CHANGES SINCE 4.13.0rc4
+=======================
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 14399: waf: Only use gnutls_aead_cipher_encryptv2() for GnuTLS >
+ 3.6.14.
+ * BUG 14467: s3:smbd: Fix %U substitutions if it contains a domain name.
+ * BUG 14479: The created krb5.conf for 'net ads join' doesn't have a domain
+ entry.
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 14482: Fix build problem if libbsd-dev is not installed.
+
+
CHANGES SINCE 4.13.0rc3
=======================
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 6c31694a748..0a8cefa811d 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -714,6 +714,10 @@ sub provision_ad_member
path = $share_dir/D_%D/u_%u/g_%g
writeable = yes
+[sub_valid_users]
+ path = $share_dir
+ valid users = ADDOMAIN/%U
+
";
my $ret = $self->provision(
diff --git a/source3/modules/vfs_ring.c b/source3/modules/vfs_ring.c
deleted file mode 100644
index eedcb25c3d8..00000000000
--- a/source3/modules/vfs_ring.c
+++ /dev/null
@@ -1,115 +0,0 @@
-/*
- * VFS module implementing get_real_filename for Scality SOFS
- *
- * Copyright (C) 2016, Jean-Marc Saffroy <jm at scality.com>
- *
- * This program is free software; you can redistribute it and/or modify
- * it under the terms of the GNU General Public License as published by
- * the Free Software Foundation; either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU General Public License for more details.
- *
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, see <http://www.gnu.org/licenses/>.
- */
-
-#include "includes.h"
-#include "smbd/smbd.h"
-
-#define DBG 10
-
-#define GRFN_PREFIX "scal.grfn."
-#define GRFN_PREFIX_LEN (sizeof(GRFN_PREFIX)-1)
-
-static int vfs_ring_get_real_filename(struct vfs_handle_struct *handle,
- const struct smb_filename *dirpath,
- const char *name,
- TALLOC_CTX *mem_ctx,
- char **found_name)
-{
- const char *path = dirpath->base_name;
- bool mangled;
- char attr_name [NAME_MAX+1];
- char attr_value[NAME_MAX+1];
- int rc;
- const struct smb_filename *smb_fname = NULL;
-
- if (!strcmp(path, ""))
- path = ".";
-
- smb_fname = synthetic_smb_fname(talloc_tos(),
- path,
- NULL,
- NULL,
- dirpath->twrp,
- 0);
- if (smb_fname == NULL) {
- errno = ENOMEM;
- return -1;
- }
-
- DEBUG(DBG, ("vfs_ring_get_real_filename: under \"%s\" lookup \"%s\"\n",
- path, name));
-
- mangled = mangle_is_mangled(name, handle->conn->params);
- if (mangled) {
- return SMB_VFS_NEXT_GET_REAL_FILENAME(
- handle, dirpath, name, mem_ctx, found_name);
- }
-
- if (strlen(name) > NAME_MAX - GRFN_PREFIX_LEN) {
- errno = ENAMETOOLONG;
- return -1;
- }
-
- strncpy(attr_name, GRFN_PREFIX, sizeof(attr_name));
- strncpy(attr_name + GRFN_PREFIX_LEN, name,
- sizeof(attr_name) - GRFN_PREFIX_LEN);
-
- rc = SMB_VFS_NEXT_GETXATTR(handle, smb_fname, attr_name,
- attr_value, sizeof(attr_value));
- if (rc < 0) {
- DEBUG(DBG, ("vfs_ring_get_real_filename: getxattr(\"%s\",\"%s\") -> %s\n",
- path, name, strerror(errno)));
- if (errno == EOPNOTSUPP)
- return SMB_VFS_NEXT_GET_REAL_FILENAME(
- handle, dirpath, name, mem_ctx, found_name);
- if (errno == ENOATTR)
- errno = ENOENT;
- return -1;
- }
-
- attr_value[rc] = 0;
- *found_name = talloc_strdup(mem_ctx, attr_value);
- if (*found_name == NULL) {
- errno = ENOMEM;
- return -1;
- }
-
- DEBUG(DBG, ("vfs_ring_get_real_filename: under \"%s\" found \"%s\" as \"%s\"\n",
- path, name, *found_name));
-
- return 0;
-}
-
-static struct vfs_fn_pointers vfs_ring_fns = {
- .get_real_filename_fn = vfs_ring_get_real_filename,
-};
-
-NTSTATUS vfs_ring_init(TALLOC_CTX *);
-NTSTATUS vfs_ring_init(TALLOC_CTX *ctx)
-{
- NTSTATUS ret;
-
- ret = smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "ring",
- &vfs_ring_fns);
- if (!NT_STATUS_IS_OK(ret)) {
- return ret;
- }
-
- return ret;
-}
diff --git a/source3/modules/wscript_build b/source3/modules/wscript_build
index 9ae787aa6f4..09528f38070 100644
--- a/source3/modules/wscript_build
+++ b/source3/modules/wscript_build
@@ -598,14 +598,6 @@ bld.SAMBA3_MODULE('vfs_vxfs',
internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_vxfs'),
enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_vxfs'))
-bld.SAMBA3_MODULE('vfs_ring',
- subsystem='vfs',
- source='vfs_ring.c',
- deps='talloc',
- init_function='',
- internal_module=bld.SAMBA3_IS_STATIC_MODULE('vfs_ring'),
- enabled=bld.SAMBA3_IS_ENABLED_MODULE('vfs_ring'))
-
bld.SAMBA3_MODULE('vfs_offline',
subsystem='vfs',
source='vfs_offline.c',
diff --git a/source3/script/tests/test_substitutions.sh b/source3/script/tests/test_substitutions.sh
index 1a46f11c85d..c813a8f9def 100755
--- a/source3/script/tests/test_substitutions.sh
+++ b/source3/script/tests/test_substitutions.sh
@@ -34,4 +34,9 @@ SMB_UNC="//$SERVER/sub_dug2"
test_smbclient "Test login to share with substitution (Dug)" \
"ls" "$SMB_UNC" "-U$USERNAME%$PASSWORD" || failed=$(expr $failed + 1)
+SMB_UNC="//$SERVER/sub_valid_users"
+
+test_smbclient "Test login to share with substitution for valid users" \
+ "ls" "$SMB_UNC" "-U$USERNAME%$PASSWORD" || failed=$(expr $failed + 1)
+
exit $failed
diff --git a/source3/smbd/share_access.c b/source3/smbd/share_access.c
index 0b8f6e48e34..57754a0f766 100644
--- a/source3/smbd/share_access.c
+++ b/source3/smbd/share_access.c
@@ -79,7 +79,23 @@ static bool token_contains_name(TALLOC_CTX *mem_ctx,
enum lsa_SidType type;
if (username != NULL) {
- name = talloc_sub_basic(mem_ctx, username, domain, name);
+ size_t domain_len = strlen(domain);
+
+ /* Check if username starts with domain name */
+ if (domain_len > 0) {
+ const char *sep = lp_winbind_separator();
+ int cmp = strncasecmp_m(username, domain, domain_len);
+ if (cmp == 0 && sep[0] == username[domain_len]) {
+ /* Move after the winbind separator */
+ domain_len += 1;
+ } else {
+ domain_len = 0;
+ }
+ }
+ name = talloc_sub_basic(mem_ctx,
+ username + domain_len,
+ domain,
+ name);
}
if (sharename != NULL) {
name = talloc_string_sub(mem_ctx, name, "%S", sharename);
diff --git a/source3/wscript b/source3/wscript
index 3f490bae336..335cfd797f1 100644
--- a/source3/wscript
+++ b/source3/wscript
@@ -1941,7 +1941,6 @@ main() {
vfs_media_harmony vfs_unityed_media vfs_fruit vfs_shell_snap
vfs_commit vfs_worm vfs_crossrename vfs_linux_xfs_sgid
vfs_time_audit vfs_offline vfs_virusfilter vfs_widelinks
- vfs_ring
'''))
if host_os.rfind('linux') > -1:
default_shared_modules.extend(['vfs_snapper'])
diff --git a/wscript_configure_system_gnutls b/wscript_configure_system_gnutls
index 9eabd0da75c..2ec217fb9dc 100644
--- a/wscript_configure_system_gnutls
+++ b/wscript_configure_system_gnutls
@@ -29,7 +29,10 @@ conf.CHECK_FUNCS_IN('gnutls_set_default_priority_append', 'gnutls')
# in 3.6.11, see:
#
# https://gitlab.com/gnutls/gnutls/-/merge_requests/1085
-if (parse_version('3.6.10') != parse_version(gnutls_version)):
+#
+# 3.6.10 - 3.6.14 have a severe memory leak with AES-CCM
+# https://gitlab.com/gnutls/gnutls/-/merge_requests/1278
+if (parse_version(gnutls_version) > parse_version('3.6.14')):
conf.CHECK_FUNCS_IN('gnutls_aead_cipher_encryptv2', 'gnutls')
# Check if we have support for crypto policies
--
Samba Shared Repository
More information about the samba-cvs
mailing list