[SCM] Samba Shared Repository - branch v4-19-stable updated
Jule Anger
janger at samba.org
Mon Apr 8 07:33:54 UTC 2024
The branch, v4-19-stable has been updated
via b400092dd0a VERSION: Disable GIT_SNAPSHOT for the 4.19.6 release.
via 8333c396015 WHATSNEW: Add release notes for Samba 4.19.6.
via 0ac741b5705 s3/smbd: If we fail to close file_handle ensure we should reset the fd
via 3634df5d59e smbd: simplify handling of failing fstat() after unlinking file
via a58338ec926 libgpo: Do not segfault if we don't have a valid security descriptor
via 51a3797f57e libgpo: Fix trailing spaces in pygpo.c
via 8ea3973ad40 python:gp: Implement client site lookup in site_dn_for_machine()
via 111e85a589c librpc:idl: Make netlogon_samlogon_response public
via eebe6d8c890 ctdb-protocol: Add missing push support for new controls
via 19e7ea8ffa8 VERSION: Bump version up to Samba 4.19.6...
from 7bef2f7f1c8 VERSION: Disable GIT_SNAPSHOT for the 4.19.5 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-19-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 59 ++++++++++++++++++++++++++++--
ctdb/protocol/protocol_control.c | 8 +++++
ctdb/tests/src/protocol_common_ctdb.c | 33 +++++++++++++++++
ctdb/tests/src/protocol_ctdb_test.c | 2 +-
libgpo/pygpo.c | 7 +++-
librpc/idl/nbt.idl | 2 +-
librpc/ndr/ndr_nbt.c | 2 +-
librpc/ndr/ndr_nbt.h | 2 +-
python/samba/gp/gpclass.py | 68 +++++++++++++++++++++++------------
source3/smbd/close.c | 1 +
source3/smbd/open.c | 27 +++++---------
12 files changed, 163 insertions(+), 50 deletions(-)
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 9151d8de1ce..066af506941 100644
--- a/VERSION
+++ b/VERSION
@@ -27,7 +27,7 @@ SAMBA_COPYRIGHT_STRING="Copyright Andrew Tridgell and the Samba Team 1992-2023"
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=19
-SAMBA_VERSION_RELEASE=5
+SAMBA_VERSION_RELEASE=6
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 79abe2da103..be2edfb6ac4 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,59 @@
+ ==============================
+ Release Notes for Samba 4.19.6
+ April 08, 2024
+ ==============================
+
+
+This is the latest stable release of the Samba 4.19 release series.
+
+
+Changes since 4.19.5
+--------------------
+
+o Ralph Boehme <slow at samba.org>
+ * BUG 15527: fd_handle_destructor() panics within an smbd_smb2_close() if
+ vfs_stat_fsp() fails in fd_close().
+
+o Guenther Deschner <gd at samba.org>
+ * BUG 15588: samba-gpupdate: Correctly implement site support.
+
+o Noel Power <noel.power at suse.com>
+ * BUG 15527: fd_handle_destructor() panics within an smbd_smb2_close() if
+ vfs_stat_fsp() fails in fd_close().
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 15588: samba-gpupdate: Correctly implement site support.
+ * BUG 15599: libgpo: Segfault in python bindings.
+
+o Martin Schwenke <mschwenke at ddn.com>
+ * BUG 15580: Packet marshalling push support missing for
+ CTDB_CONTROL_TCP_CLIENT_DISCONNECTED and
+ CTDB_CONTROL_TCP_CLIENT_PASSED.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
==============================
Release Notes for Samba 4.19.5
February 19, 2024
@@ -59,8 +115,7 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
==============================
Release Notes for Samba 4.19.4
January 08, 2024
diff --git a/ctdb/protocol/protocol_control.c b/ctdb/protocol/protocol_control.c
index 83ed6cb4ee1..e4491159937 100644
--- a/ctdb/protocol/protocol_control.c
+++ b/ctdb/protocol/protocol_control.c
@@ -693,6 +693,14 @@ static void ctdb_req_control_data_push(struct ctdb_req_control_data *cd,
case CTDB_CONTROL_ECHO_DATA:
ctdb_echo_data_push(cd->data.echo_data, buf, &np);
break;
+
+ case CTDB_CONTROL_TCP_CLIENT_DISCONNECTED:
+ ctdb_connection_push(cd->data.conn, buf, &np);
+ break;
+
+ case CTDB_CONTROL_TCP_CLIENT_PASSED:
+ ctdb_connection_push(cd->data.conn, buf, &np);
+ break;
}
*npush = np;
diff --git a/ctdb/tests/src/protocol_common_ctdb.c b/ctdb/tests/src/protocol_common_ctdb.c
index 384076824a4..8a8e114f67a 100644
--- a/ctdb/tests/src/protocol_common_ctdb.c
+++ b/ctdb/tests/src/protocol_common_ctdb.c
@@ -593,6 +593,19 @@ void fill_ctdb_req_control_data(TALLOC_CTX *mem_ctx,
case CTDB_CONTROL_ENABLE_NODE:
break;
+
+ case CTDB_CONTROL_TCP_CLIENT_DISCONNECTED:
+ cd->data.conn = talloc(mem_ctx, struct ctdb_connection);
+ assert(cd->data.conn != NULL);
+ fill_ctdb_connection(mem_ctx, cd->data.conn);
+ break;
+
+ case CTDB_CONTROL_TCP_CLIENT_PASSED:
+ cd->data.conn = talloc(mem_ctx, struct ctdb_connection);
+ assert(cd->data.conn != NULL);
+ fill_ctdb_connection(mem_ctx, cd->data.conn);
+ break;
+
}
}
@@ -982,6 +995,14 @@ void verify_ctdb_req_control_data(struct ctdb_req_control_data *cd,
case CTDB_CONTROL_ENABLE_NODE:
break;
+
+ case CTDB_CONTROL_TCP_CLIENT_DISCONNECTED:
+ verify_ctdb_connection(cd->data.conn, cd2->data.conn);
+ break;
+
+ case CTDB_CONTROL_TCP_CLIENT_PASSED:
+ verify_ctdb_connection(cd->data.conn, cd2->data.conn);
+ break;
}
}
@@ -1378,6 +1399,12 @@ void fill_ctdb_reply_control_data(TALLOC_CTX *mem_ctx,
case CTDB_CONTROL_ENABLE_NODE:
break;
+
+ case CTDB_CONTROL_TCP_CLIENT_DISCONNECTED:
+ break;
+
+ case CTDB_CONTROL_TCP_CLIENT_PASSED:
+ break;
}
}
@@ -1715,6 +1742,12 @@ void verify_ctdb_reply_control_data(struct ctdb_reply_control_data *cd,
case CTDB_CONTROL_ENABLE_NODE:
break;
+
+ case CTDB_CONTROL_TCP_CLIENT_DISCONNECTED:
+ break;
+
+ case CTDB_CONTROL_TCP_CLIENT_PASSED:
+ break;
}
}
diff --git a/ctdb/tests/src/protocol_ctdb_test.c b/ctdb/tests/src/protocol_ctdb_test.c
index f6fb5134a00..840d465ae30 100644
--- a/ctdb/tests/src/protocol_ctdb_test.c
+++ b/ctdb/tests/src/protocol_ctdb_test.c
@@ -277,7 +277,7 @@ PROTOCOL_CTDB4_TEST(struct ctdb_req_dmaster, ctdb_req_dmaster,
PROTOCOL_CTDB4_TEST(struct ctdb_reply_dmaster, ctdb_reply_dmaster,
CTDB_REPLY_DMASTER);
-#define NUM_CONTROLS 159
+#define NUM_CONTROLS 161
PROTOCOL_CTDB2_TEST(struct ctdb_req_control_data, ctdb_req_control_data);
PROTOCOL_CTDB2_TEST(struct ctdb_reply_control_data, ctdb_reply_control_data);
diff --git a/libgpo/pygpo.c b/libgpo/pygpo.c
index adbd5b4688d..0f7116313f2 100644
--- a/libgpo/pygpo.c
+++ b/libgpo/pygpo.c
@@ -116,6 +116,11 @@ static PyObject *GPO_marshall_get_sec_desc_buf(PyObject *self, PyObject *args,
uint8_t *data = NULL;
size_t len = 0;
+ if (gpo_ptr->security_descriptor == NULL) {
+ PyErr_SetString(PyExc_RuntimeError, "Uninitialized");
+ return NULL;
+ }
+
status = marshall_sec_desc(gpo_ptr, gpo_ptr->security_descriptor,
&data, &len);
if (!NT_STATUS_IS_OK(status)) {
@@ -371,7 +376,7 @@ static int py_ads_init(ADS *self, PyObject *args, PyObject *kwds)
workgroup,
ldap_server,
ADS_SASL_PLAIN);
-
+
return 0;
}
diff --git a/librpc/idl/nbt.idl b/librpc/idl/nbt.idl
index 11814e7970e..46be2eae7e2 100644
--- a/librpc/idl/nbt.idl
+++ b/librpc/idl/nbt.idl
@@ -490,7 +490,7 @@ interface nbt
[case(NETLOGON_NT_VERSION_5EX)] NETLOGON_SAM_LOGON_RESPONSE_EX nt5_ex;
} netlogon_samlogon_response_union;
- typedef [nopush,nopull] struct {
+ typedef [nopush,nopull,noprint,public] struct {
uint32 ntver;
[switch_is(ntver)] netlogon_samlogon_response_union data;
} netlogon_samlogon_response;
diff --git a/librpc/ndr/ndr_nbt.c b/librpc/ndr/ndr_nbt.c
index 8ed9f0a5f05..96956fdb005 100644
--- a/librpc/ndr/ndr_nbt.c
+++ b/librpc/ndr/ndr_nbt.c
@@ -392,7 +392,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netlogon_samlogon_response(struct ndr_pull *
return NDR_ERR_SUCCESS;
}
-_PUBLIC_ void ndr_print_netlogon_samlogon_response(struct ndr_print *ndr, const char *name, struct netlogon_samlogon_response *r)
+_PUBLIC_ void ndr_print_netlogon_samlogon_response(struct ndr_print *ndr, const char *name, const struct netlogon_samlogon_response *r)
{
ndr_print_struct(ndr, name, "netlogon_samlogon_response");
if (r == NULL) { ndr_print_null(ndr); return; }
diff --git a/librpc/ndr/ndr_nbt.h b/librpc/ndr/ndr_nbt.h
index 7c06301d02b..9297876b2b3 100644
--- a/librpc/ndr/ndr_nbt.h
+++ b/librpc/ndr/ndr_nbt.h
@@ -37,6 +37,6 @@ enum ndr_err_code ndr_pull_NETLOGON_SAM_LOGON_RESPONSE_EX_with_flags(struct ndr_
uint32_t nt_version_flags);
enum ndr_err_code ndr_push_netlogon_samlogon_response(struct ndr_push *ndr, int ndr_flags, const struct netlogon_samlogon_response *r);
enum ndr_err_code ndr_pull_netlogon_samlogon_response(struct ndr_pull *ndr, int ndr_flags, struct netlogon_samlogon_response *r);
-void ndr_print_netlogon_samlogon_response(struct ndr_print *ndr, const char *name, struct netlogon_samlogon_response *r);
+void ndr_print_netlogon_samlogon_response(struct ndr_print *ndr, const char *name, const struct netlogon_samlogon_response *r);
#endif /* _LIBRPC_NDR_NDR_NBT_H */
diff --git a/python/samba/gp/gpclass.py b/python/samba/gp/gpclass.py
index babd8f90748..d9dcbeb3cfe 100644
--- a/python/samba/gp/gpclass.py
+++ b/python/samba/gp/gpclass.py
@@ -51,7 +51,7 @@ from samba.dsdb import UF_WORKSTATION_TRUST_ACCOUNT, UF_SERVER_TRUST_ACCOUNT, GP
from samba.auth import AUTH_SESSION_INFO_DEFAULT_GROUPS, AUTH_SESSION_INFO_AUTHENTICATED, AUTH_SESSION_INFO_SIMPLE_PRIVILEGES
from samba.dcerpc import security
import samba.security
-from samba.dcerpc import netlogon
+from samba.dcerpc import nbt
try:
@@ -582,12 +582,6 @@ def get_dc_hostname(creds, lp):
nbt.NBT_SERVER_DS))
return cldap_ret.pdc_dns_name
-def get_dc_netbios_hostname(creds, lp):
- net = Net(creds=creds, lp=lp)
- cldap_ret = net.finddc(domain=lp.get('realm'), flags=(nbt.NBT_SERVER_LDAP |
- nbt.NBT_SERVER_DS))
- return cldap_ret.pdc_name
-
''' Fetch a list of GUIDs for applicable GPOs '''
@@ -756,24 +750,52 @@ def merge_nt_token(token_1, token_2):
token_1.privilege_mask |= token_2.privilege_mask
return token_1
+
def site_dn_for_machine(samdb, dc_hostname, lp, creds, hostname):
# [MS-GPOL] 3.2.5.1.4 Site Search
- config_context = samdb.get_config_basedn()
- try:
- c = netlogon.netlogon("ncacn_np:%s[seal]" % dc_hostname, lp, creds)
- site_name = c.netr_DsRGetSiteName(hostname)
- return 'CN={},CN=Sites,{}'.format(site_name, config_context)
- except WERRORError:
- # Fallback to the old method found in ads_site_dn_for_machine
- nb_hostname = get_dc_netbios_hostname(creds, lp)
- res = samdb.search(config_context, ldb.SCOPE_SUBTREE,
- "(cn=%s)" % nb_hostname, ['dn'])
- if res.count != 1:
- raise ldb.LdbError(ldb.ERR_NO_SUCH_OBJECT,
- 'site_dn_for_machine: no result')
- dn = res.msgs[0]['dn']
- site_dn = dn.parent().parent()
- return site_dn
+
+ # The netr_DsRGetSiteName() needs to run over local rpc, however we do not
+ # have the call implemented in our rpc_server.
+ # What netr_DsRGetSiteName() actually does is an ldap query to get
+ # the sitename, we can do the same.
+
+ # NtVer=(NETLOGON_NT_VERSION_IP|NETLOGON_NT_VERSION_WITH_CLOSEST_SITE|
+ # NETLOGON_NT_VERSION_5EX) [0x20000014]
+ expr = "(&(DnsDomain=%s.)(User=%s)(NtVer=\\14\\00\\00\\20))" % (
+ samdb.domain_dns_name(),
+ hostname)
+ res = samdb.search(
+ base='',
+ scope=ldb.SCOPE_BASE,
+ expression=expr,
+ attrs=["Netlogon"])
+ if res.count != 1:
+ raise RuntimeError('site_dn_for_machine: No result')
+
+ samlogon_response = ndr_unpack(nbt.netlogon_samlogon_response,
+ bytes(res.msgs[0]['Netlogon'][0]))
+ if samlogon_response.ntver not in [nbt.NETLOGON_NT_VERSION_5EX,
+ (nbt.NETLOGON_NT_VERSION_1
+ | nbt.NETLOGON_NT_VERSION_5EX)]:
+ raise RuntimeError('site_dn_for_machine: Invalid NtVer in '
+ + 'netlogon_samlogon_response')
+
+ # We want NETLOGON_NT_VERSION_5EX out of the union!
+ samlogon_response.ntver = nbt.NETLOGON_NT_VERSION_5EX
+ samlogon_response_ex = samlogon_response.data
+
+ client_site = "Default-First-Site-Name"
+ if (samlogon_response_ex.client_site
+ and len(samlogon_response_ex.client_site) > 1):
+ client_site = samlogon_response_ex.client_site
+
+ site_dn = samdb.get_config_basedn()
+ site_dn.add_child("CN=Sites")
+ site_dn.add_child("CN=%s" % (client_site))
+
+ return site_dn
+
+
def get_gpo_list(dc_hostname, creds, lp, username):
'''Get the full list of GROUP_POLICY_OBJECTs for a given username.
diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index af5e78daa10..e16cb2d3485 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -603,6 +603,7 @@ static NTSTATUS close_remove_share_mode(files_struct *fsp,
*/
fsp->fsp_flags.delete_on_close = false;
+ fsp->fsp_flags.fstat_before_close = false;
lck_state.reset_delete_on_close = true;
done:
diff --git a/source3/smbd/open.c b/source3/smbd/open.c
index c3b27928510..36c890dc9d5 100644
--- a/source3/smbd/open.c
+++ b/source3/smbd/open.c
@@ -942,7 +942,7 @@ NTSTATUS fd_openat(const struct files_struct *dirfsp,
NTSTATUS fd_close(files_struct *fsp)
{
- NTSTATUS status;
+ NTSTATUS stat_status = NT_STATUS_OK;
int ret;
if (fsp == fsp->conn->cwd_fsp) {
@@ -950,23 +950,12 @@ NTSTATUS fd_close(files_struct *fsp)
}
if (fsp->fsp_flags.fstat_before_close) {
- status = vfs_stat_fsp(fsp);
- if (!NT_STATUS_IS_OK(status)) {
- /*
- * If this is a stream and delete-on-close was set, the
- * backing object (an xattr from streams_xattr) might
- * already be deleted so fstat() fails with
- * NT_STATUS_NOT_FOUND. So if fsp refers to a stream we
- * ignore the error and only bail for normal files where
- * an fstat() should still work. NB. We cannot use
- * fsp_is_alternate_stream(fsp) for this as the base_fsp
- * has already been closed at this point and so the value
- * fsp_is_alternate_stream() checks for is already NULL.
- */
- if (fsp->fsp_name->stream_name == NULL) {
- return status;
- }
- }
+ /*
+ * capture status, if failure
+ * continue close processing
+ * and return status
+ */
+ stat_status = vfs_stat_fsp(fsp);
}
if (fsp->dptr) {
@@ -988,7 +977,7 @@ NTSTATUS fd_close(files_struct *fsp)
if (ret == -1) {
return map_nt_error_from_unix(errno);
}
- return NT_STATUS_OK;
+ return stat_status;
}
/****************************************************************************
--
Samba Shared Repository
More information about the samba-cvs
mailing list