From vlendec at samba.org Thu Aug 1 16:56:01 2024
From: vlendec at samba.org (Volker Lendecke)
Date: Thu, 01 Aug 2024 16:56:01 +0000
Subject: [SCM] Samba Shared Repository - branch master updated
Message-ID:
The branch, master has been updated
via 48963251fb0 s4:torture: Fix memory leak
via a1055956979 s4:torture: Remove trailing spaces from smbtorture.c
from 10e9b858a3f docs: Document parametric form of hide and veto files
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 48963251fb04cce4d081408857c0c3a0f6861f4c
Author: Andreas Schneider
Date: Thu Aug 1 09:32:49 2024 +0200
s4:torture: Fix memory leak
Direct leak of 102 byte(s) in 1 object(s) allocated from:
#0 0x7f35322fc7d7 in malloc ../../../../libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7f3531e43bc2 in __talloc_with_prefix ../../lib/talloc/talloc.c:783
#2 0x7f3531e45034 in __talloc ../../lib/talloc/talloc.c:825
#3 0x7f3531e45034 in __talloc_strlendup ../../lib/talloc/talloc.c:2454
#4 0x7f3531e45034 in talloc_strdup ../../lib/talloc/talloc.c:2470
#5 0x7f352f90264b in smbcli_parse_unc ../../source4/libcli/cliconnect.c:269
#6 0x55fbf83aa207 in torture_parse_target ../../source4/torture/smbtorture.c:192
#7 0x55fbf83ae031 in main ../../source4/torture/smbtorture.c:744
#8 0x7f352ca2a1ef in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
Signed-off-by: Andreas Schneider
Reviewed-by: Volker Lendecke
Autobuild-User(master): Volker Lendecke
Autobuild-Date(master): Thu Aug 1 16:55:43 UTC 2024 on atb-devel-224
commit a1055956979ac5f2101efa9c50c923ef1f270cef
Author: Andreas Schneider
Date: Thu Aug 1 10:22:38 2024 +0200
s4:torture: Remove trailing spaces from smbtorture.c
Signed-off-by: Andreas Schneider
Reviewed-by: Volker Lendecke
-----------------------------------------------------------------------
Summary of changes:
source4/torture/smbtorture.c | 25 ++++++++++++++-----------
1 file changed, 14 insertions(+), 11 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source4/torture/smbtorture.c b/source4/torture/smbtorture.c
index ad1280be7d8..7c5a6f78dbb 100644
--- a/source4/torture/smbtorture.c
+++ b/source4/torture/smbtorture.c
@@ -1,19 +1,19 @@
-/*
+/*
Unix SMB/CIFS implementation.
SMB torture tester
Copyright (C) Andrew Tridgell 1997-2003
Copyright (C) Jelmer Vernooij 2006-2008
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see .
*/
@@ -73,7 +73,7 @@ static void print_test_list(const struct torture_suite *suite, const char *prefi
}
static bool run_matching(struct torture_context *torture,
- const char *prefix,
+ const char *prefix,
const char *expr,
const char **restricted,
struct torture_suite *suite,
@@ -189,7 +189,7 @@ bool torture_parse_target(TALLOC_CTX *ctx,
NTSTATUS status;
/* see if its a RPC transport specifier */
- if (!smbcli_parse_unc(target, NULL, &host, &share)) {
+ if (!smbcli_parse_unc(target, ctx, &host, &share)) {
const char *h;
status = dcerpc_parse_binding(ctx, target, &binding_struct);
@@ -211,6 +211,9 @@ bool torture_parse_target(TALLOC_CTX *ctx,
lpcfg_set_cmdline(lp_ctx, "torture:host", host);
lpcfg_set_cmdline(lp_ctx, "torture:share", share);
lpcfg_set_cmdline(lp_ctx, "torture:binding", host);
+
+ TALLOC_FREE(host);
+ TALLOC_FREE(share);
}
return true;
@@ -450,7 +453,7 @@ int main(int argc, const char *argv[])
"run async tests", NULL},
{"num-async", 0, POPT_ARG_INT, &torture_numasync, 0,
"number of simultaneous async requests", NULL},
- {"maximum-runtime", 0, POPT_ARG_INT, &max_runtime, 0,
+ {"maximum-runtime", 0, POPT_ARG_INT, &max_runtime, 0,
"set maximum time for smbtorture to live", "seconds"},
{"extra-user", 0, POPT_ARG_STRING, NULL, OPT_EXTRA_USER,
"extra user credentials", NULL},
@@ -628,16 +631,16 @@ int main(int argc, const char *argv[])
if (extra_module != NULL) {
init_module_fn fn = load_module(poptGetOptArg(pc), false, NULL);
- if (fn == NULL)
+ if (fn == NULL)
d_printf("Unable to load module from %s\n", poptGetOptArg(pc));
else {
status = fn(mem_ctx);
if (NT_STATUS_IS_ERR(status)) {
- d_printf("Error initializing module %s: %s\n",
+ d_printf("Error initializing module %s: %s\n",
poptGetOptArg(pc), nt_errstr(status));
}
}
- } else {
+ } else {
torture_init(mem_ctx);
}
@@ -673,7 +676,7 @@ int main(int argc, const char *argv[])
if (torture_seed == 0) {
torture_seed = time(NULL);
- }
+ }
printf("Using seed %d\n", torture_seed);
srandom(torture_seed);
--
Samba Shared Repository
From metze at samba.org Fri Aug 2 11:53:45 2024
From: metze at samba.org (Stefan Metzmacher)
Date: Fri, 02 Aug 2024 11:53:45 +0000
Subject: [SCM] Samba Shared Repository - branch v4-20-test updated
Message-ID:
The branch, v4-20-test has been updated
via f81fdcb2dfe VERSION: Bump version up to Samba 4.20.4...
via 803665cb481 VERSION: Disable GIT_SNAPSHOT for the 4.20.3 release.
via a13bed3b9ef WHATSNEW: Add release notes for Samba 4.20.3.
from f8e50d04e9f libcli:security: allow spaces after BAD:
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test
- Log -----------------------------------------------------------------
commit f81fdcb2dfe15519851e046d59dc6c2d66415148
Author: Stefan Metzmacher
Date: Fri Aug 2 13:50:36 2024 +0200
VERSION: Bump version up to Samba 4.20.4...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Stefan Metzmacher
commit 803665cb481c6a897e9bdaecaccfc7a353b3683a
Author: Stefan Metzmacher
Date: Fri Aug 2 13:49:07 2024 +0200
VERSION: Disable GIT_SNAPSHOT for the 4.20.3 release.
Signed-off-by: Stefan Metzmacher
commit a13bed3b9ef7586d5fb679ab93a2bce742a580ed
Author: Stefan Metzmacher
Date: Fri Aug 2 13:43:39 2024 +0200
WHATSNEW: Add release notes for Samba 4.20.3.
Signed-off-by: Stefan Metzmacher
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 107 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++--
2 files changed, 106 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 4cb90cc5643..28e5aa22c01 100644
--- a/VERSION
+++ b/VERSION
@@ -27,7 +27,7 @@ SAMBA_COPYRIGHT_STRING="Copyright Andrew Tridgell and the Samba Team 1992-2024"
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=20
-SAMBA_VERSION_RELEASE=3
+SAMBA_VERSION_RELEASE=4
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index fb964d7a6f4..93dd250d052 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,106 @@
+ ==============================
+ Release Notes for Samba 4.20.3
+ August 02, 2024
+ ==============================
+
+
+This is the latest stable release of the Samba 4.20 release series.
+
+LDAP TLS/SASL channel binding support
+-------------------------------------
+
+The ldap server supports SASL binds with
+kerberos or NTLMSSP over TLS connections
+now (either ldaps or starttls).
+
+Setups where 'ldap server require strong auth = allow_sasl_over_tls'
+was required before, can now most likely move to the
+default of 'ldap server require strong auth = yes'.
+
+If SASL binds without correct tls channel bindings are required
+'ldap server require strong auth = allow_sasl_without_tls_channel_bindings'
+should be used now, as 'allow_sasl_over_tls' will generate a
+warning in every start of 'samba', as well as '[samba-tool ]testparm'.
+
+This is similar to LdapEnforceChannelBinding under
+HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
+on Windows.
+
+All client tools using ldaps also include the correct
+channel bindings now.
+
+smb.conf changes
+================
+
+ Parameter Name Description Default
+ -------------- ----------- -------
+ ldap server require strong auth new values
+
+Changes since 4.20.2
+--------------------
+
+o Andreas Schneider
+ * BUG 15683: Running samba-bgqd a a standalone systemd service does not work.
+
+o Andrew Bartlett
+ * BUG 15655: When claims enabled with heimdal kerberos, unable to log on to a
+ Windows computer when user account need to change their own password.
+
+o Douglas Bagnall
+ * BUG 15671: Invalid client warning about command line passwords.
+ * BUG 15672: Version string is truncated in manpages.
+ * BUG 15673: --version-* options are still not ergonomic, and they reject
+ tilde characters.
+ * BUG 15674: cmdline_burn does not always burn secrets.
+ * BUG 15685: Samba does not parse SDDL found in defaultSecurityDescriptor in
+ AD_DS_Classes_Windows_Server_v1903.ldf.
+
+o Jo Sutton
+ * BUG 15655: When claims enabled with heimdal kerberos, unable to log on to a
+ Windows computer when user account need to change their own password.
+
+o Pavel Filipensk?
+ * BUG 15660: The images don\'t build after the git security release and
+ CentOS 8 Stream is EOL.
+
+o Ralph Boehme
+ * BUG 15676: Fix clock skew error message and memory cache clock skew
+ recovery.
+
+o Stefan Metzmacher
+ * BUG 15603: Heimdal ignores _gsskrb5_decapsulate errors in
+ init_sec_context/repl_mutual.
+ * BUG 15621: s4:ldap_server: does not support tls channel bindings
+ for sasl binds.
+
+o Xavi Hernandez
+ * BUG 15678: CTDB socket output queues may suffer unbounded delays under some
+ special conditions.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
==============================
Release Notes for Samba 4.20.2
June 19, 2024
@@ -79,8 +182,7 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
==============================
Release Notes for Samba 4.20.1
May 08, 2024
@@ -404,6 +506,7 @@ smb.conf changes
Parameter Name Description Default
-------------- ----------- -------
+ ldap server require strong auth new values (4.20.3)
acl claims evaluation new AD DC only
smb3 unix extensions Per share -
smb3 share cap:ASYMMETRIC new no
--
Samba Shared Repository
From metze at samba.org Fri Aug 2 12:02:50 2024
From: metze at samba.org (Stefan Metzmacher)
Date: Fri, 02 Aug 2024 12:02:50 +0000
Subject: [SCM] Samba Shared Repository - annotated tag samba-4.20.3 created
Message-ID:
The annotated tag, samba-4.20.3 has been created
at 235085c00d0f9aecc602974e9bec6d6ac46b03d6 (tag)
tagging 803665cb481c6a897e9bdaecaccfc7a353b3683a (commit)
replaces samba-4.20.2
tagged by Stefan Metzmacher
on Fri Aug 2 14:01:59 2024 +0200
- Log -----------------------------------------------------------------
samba: tag release samba-4.20.3
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmasyrcACgkQqplEL7aA
tiDSnxAArU3wJX+0KymejzTnZS9IULSQ9Oq38u0duzyXTQn8imL5bmpvVSk+0jO4
53Qqrufcirv1uc0w9po4yoqddA7WmcDxzYU2wfbTdW3vsIuTlMm6hg/cuOL8coIi
m6791xNybvq5xPX5JLzu9hLiCmBpdg7oNvznoziCmgyfCGJmrzOGq/H/fl9ub6o4
jyDzEPA/d79NoxzACIqLCsBfiitjf0cqin5kpfT6DcGSZ0cvvITN+j/kfStkM9P+
J83KlBOKuHhsjZG5GJQPXFlL3V3rgoqMvB48qSsWtPBBC2a7NDdTuVS7MR2JdlIA
SU/YXYi9vRL354vdN22Lj7X+1OaiMb9GSmuUwuRaGKjeUfMchLCWSLcRJp/EZ1z8
1VA23bWNdCQCLxa8/TLnuqkXtz/Sx/0O+p752HyYEt567bfk8jXEOQy/NSGbgGbC
lRbu0A7PwIg9H+42ap8hjn+UegtHTpdV6QF7EcT4Z8ZjaM00NidR7AKElqOVYl4D
LfNvv9WY4jxR6PaNgFlkR2vwCp1gWHnm5Z/QmRe4xShKSK/Udw3k8v5yZg88zaAS
Mnt06I7PHZcnP6HEGanbecbWQ3Da4qkuBZjPQElkr1W78Mj1O3riE0G+ZUANEaz2
Gk9CkfXdVhSqnZTdJX1Q1KBrVjzo7CGHVn11eNtYo9HRUnYQdCk=
=zBkL
-----END PGP SIGNATURE-----
Andreas Schneider (2):
gitlab-ci: Also add the git directory for pipeline in the main mirror
s3:printing: Allow to run samba-bgqd as a standalone systemd service
Andrew Bartlett (2):
dsdb: Reduce minimum maxPwdAge from 1 day to nil
python/tests/krb5: Prepare for PKINIT tests with UF_SMARTCARD_REQUIRED
Douglas Bagnall (19):
buildtools: sanitise strange characters in vendor strings
build: --vendor-suffix instead of --vendor-patch-revision --vendor-name
selftest: move some more expected failures to expectedfail.d
docs-xml:manpages: allow for longer version strings
cmdline:burn: '-U' does not imply secrets without '%'
selftest: run the cmdline tests that we already have
cmdline:tests: extend cmdline_burn tests
cmdline:burn: do not retain false memories
cmdline:burn: handle arguments separated from their --options
cmdline:burn: always return true if burnt
cmdline:burn: localise some variables
cmdline:burn: do not burn options starting --user-*, --password-*
cmdline: test_cmdline tests more burning
cmdline:burn: use allowlist to ensure more passwords burn
cmdline:burn: explicitly burn --username
cmdline:burn: add a note about short option combinations
cmdline: samba-tool test for bad option warning
cmdline:burn: list commands to always burn; warn on unknown
libcli:security: allow spaces after BAD:
Jo Sutton (4):
tests/krb5: Fix PK-INIT test framework to allow expired password keys
tests/krb5: Allow creation of disabled accounts for testing
tests/krb5: Add tests for errors produced when logging in with unusable accounts
third_party/heimdal: Import lorikeet-heimdal-202406240121 (commit 4315286377278234be2f3b6d52225a17b6116d54)
Jule Anger (1):
VERSION: Bump version up to Samba 4.20.3...
Pavel Filipensk? (1):
.gitlab-ci-main.yml: Add safe.directory '*'
Ralph Boehme (1):
third_party/heimdal: Import lorikeet-heimdal-202407041740 (commit 42ba2a6e5dd1bc14a8b5ada8c9b8ace85956f6a0)
Stefan Metzmacher (29):
s4:libcli/ldap: ldap4_new_connection() requires a valid lp_ctx
ldb_ildap: require ldb_get_opaque(ldb, "loadparm") to be valid
s4:libcli/ldap: fix no memory error code in ldap_bind_sasl()
s4:libcli/ldap: force GSS-SPNEGO in ldap_bind_sasl()
s4:lib/tls: remove tstream_tls_push_trigger_write step
s3:lib/tls: we need to call tstream_tls_retry_handshake/disconnect() until all buffers are flushed
s4:lib/tls: assert that event contexts are not mixed
s4:lib/tls: split out tstream_tls_prepare_gnutls()
s4:lib/tls: we no longer need ifdef GNUTLS_NO_TICKETS
s4:lib/tls: include a TLS server name indication in the client handshake
s4:lib/tls: split out tstream_tls_verify_peer() helper
s4:lib/tls: add tstream_tls_params_client_lpcfg()
s3:rpc_server/mdssvc: make use of tstream_tls_params_client_lpcfg()
s4:librpc/rpc: make use of tstream_tls_params_client_lpcfg()
s4:libcli/ldap: make use of tstream_tls_params_client_lpcfg()
lib/crypto: add legacy_gnutls_server_end_point_cb() if needed
s4:lib/tls: add tstream_tls_channel_bindings()
third_party/heimdal: import lorikeet-heimdal-202404171655 (commit 28a56d818074e049f0361ef74d7017f2a9391847)
wscript_configure_embedded_heimdal: define HAVE_CLIENT_GSS_C_CHANNEL_BOUND_FLAG
auth/gensec: add gensec_set_channel_bindings() function
auth/ntlmssp: implement channel binding support
s4:gensec_gssapi: implement channel binding support
s3:crypto/gse: implement channel binding support
s4:ldap_server: add support for tls channel bindings
s4:libcli/ldap: add tls channel binding support for ldap_bind_sasl()
selftest: split out selftest/expectedfail.d/samba4.ldb.simple.ldap-tls
s4:selftest: also test samba4.ldb.simple.ldap*SASL-BIND with ldap_testing:{channel_bound,tls_channel_bindings,forced_channel_binding}
WHATSNEW: Add release notes for Samba 4.20.3.
VERSION: Disable GIT_SNAPSHOT for the 4.20.3 release.
Xavi Hernandez (1):
Fix starvation of pending writes in CTDB queues
-----------------------------------------------------------------------
--
Samba Shared Repository
From metze at samba.org Fri Aug 2 12:06:49 2024
From: metze at samba.org (Stefan Metzmacher)
Date: Fri, 02 Aug 2024 12:06:49 +0000
Subject: [SCM] Samba Website Repository - branch master updated
Message-ID:
The branch, master has been updated
via 8b61355 NEWS[4.20.3]: Samba 4.20.3 Available for Download
from a13124c NEWS[4.21.0rc1]: Samba 4.21.0rc1 Available for Download
https://git.samba.org/?p=samba-web.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 8b6135578a6975f6677e16313d0d1202e23ed874
Author: Stefan Metzmacher
Date: Fri Aug 2 14:02:26 2024 +0200
NEWS[4.20.3]: Samba 4.20.3 Available for Download
Signed-off-by: Stefan Metzmacher
-----------------------------------------------------------------------
Summary of changes:
history/samba-4.20.3.html | 102 +++++++++++++++++++++++
posted_news/20240802-120549.4.20.3.body.html | 13 +++
posted_news/20240802-120549.4.20.3.headline.html | 3 +
3 files changed, 118 insertions(+)
create mode 100644 history/samba-4.20.3.html
create mode 100644 posted_news/20240802-120549.4.20.3.body.html
create mode 100644 posted_news/20240802-120549.4.20.3.headline.html
Changeset truncated at 500 lines:
diff --git a/history/samba-4.20.3.html b/history/samba-4.20.3.html
new file mode 100644
index 0000000..b697293
--- /dev/null
+++ b/history/samba-4.20.3.html
@@ -0,0 +1,102 @@
+
+
+
+Samba 4.20.3 - Release Notes
+
+
+Samba 4.20.3 Available for Download
+
+Samba 4.20.3 (gzipped)
+Signature
+
+
+Patch (gzipped) against Samba 4.20.2
+Signature
+
+
+
+ ==============================
+ Release Notes for Samba 4.20.3
+ August 02, 2024
+ ==============================
+
+
+This is the latest stable release of the Samba 4.20 release series.
+
+LDAP TLS/SASL channel binding support
+-------------------------------------
+
+The ldap server supports SASL binds with
+kerberos or NTLMSSP over TLS connections
+now (either ldaps or starttls).
+
+Setups where 'ldap server require strong auth = allow_sasl_over_tls'
+was required before, can now most likely move to the
+default of 'ldap server require strong auth = yes'.
+
+If SASL binds without correct tls channel bindings are required
+'ldap server require strong auth = allow_sasl_without_tls_channel_bindings'
+should be used now, as 'allow_sasl_over_tls' will generate a
+warning in every start of 'samba', as well as '[samba-tool ]testparm'.
+
+This is similar to LdapEnforceChannelBinding under
+HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
+on Windows.
+
+All client tools using ldaps also include the correct
+channel bindings now.
+
+smb.conf changes
+================
+
+ Parameter Name Description Default
+ -------------- ----------- -------
+ ldap server require strong auth new values
+
+Changes since 4.20.2
+--------------------
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 15683: Running samba-bgqd a a standalone systemd service does not work.
+
+o Andrew Bartlett <abartlet at samba.org>
+ * BUG 15655: When claims enabled with heimdal kerberos, unable to log on to a
+ Windows computer when user account need to change their own password.
+
+o Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
+ * BUG 15671: Invalid client warning about command line passwords.
+ * BUG 15672: Version string is truncated in manpages.
+ * BUG 15673: --version-* options are still not ergonomic, and they reject
+ tilde characters.
+ * BUG 15674: cmdline_burn does not always burn secrets.
+ * BUG 15685: Samba does not parse SDDL found in defaultSecurityDescriptor in
+ AD_DS_Classes_Windows_Server_v1903.ldf.
+
+o Jo Sutton <josutton at catalyst.net.nz>
+ * BUG 15655: When claims enabled with heimdal kerberos, unable to log on to a
+ Windows computer when user account need to change their own password.
+
+o Pavel Filipensk?? <pfilipensky at samba.org>
+ * BUG 15660: The images don\'t build after the git security release and
+ CentOS 8 Stream is EOL.
+
+o Ralph Boehme <slow at samba.org>
+ * BUG 15676: Fix clock skew error message and memory cache clock skew
+ recovery.
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 15603: Heimdal ignores _gsskrb5_decapsulate errors in
+ init_sec_context/repl_mutual.
+ * BUG 15621: s4:ldap_server: does not support tls channel bindings
+ for sasl binds.
+
+o Xavi Hernandez <xhernandez at redhat.com>
+ * BUG 15678: CTDB socket output queues may suffer unbounded delays under some
+ special conditions.
+
+
+
+
+
+
diff --git a/posted_news/20240802-120549.4.20.3.body.html b/posted_news/20240802-120549.4.20.3.body.html
new file mode 100644
index 0000000..fcb5286
--- /dev/null
+++ b/posted_news/20240802-120549.4.20.3.body.html
@@ -0,0 +1,13 @@
+
+
+Samba 4.20.3 Available for Download
+
+This is the latest stable release of the Samba 4.20 release series.
+
+
+The uncompressed tarball has been signed using GnuPG (ID AA99442FB680B620).
+The source code can be downloaded now.
+A patch against Samba 4.20.2 is also available.
+See the release notes for more info.
+
+
diff --git a/posted_news/20240802-120549.4.20.3.headline.html b/posted_news/20240802-120549.4.20.3.headline.html
new file mode 100644
index 0000000..3c83f41
--- /dev/null
+++ b/posted_news/20240802-120549.4.20.3.headline.html
@@ -0,0 +1,3 @@
+
+ 02 August 2024 Samba 4.20.3 Available for Download
+
--
Samba Website Repository
From metze at samba.org Fri Aug 2 12:14:01 2024
From: metze at samba.org (Stefan Metzmacher)
Date: Fri, 02 Aug 2024 12:14:01 +0000
Subject: [SCM] Samba Shared Repository - branch v4-20-stable updated
Message-ID:
The branch, v4-20-stable has been updated
via 803665cb481 VERSION: Disable GIT_SNAPSHOT for the 4.20.3 release.
via a13bed3b9ef WHATSNEW: Add release notes for Samba 4.20.3.
via f8e50d04e9f libcli:security: allow spaces after BAD:
via 4cf9af9186d s3:printing: Allow to run samba-bgqd as a standalone systemd service
via d6f010090ce cmdline:burn: list commands to always burn; warn on unknown
via 93d345467e7 cmdline: samba-tool test for bad option warning
via 957654ebe9d cmdline:burn: add a note about short option combinations
via 8560c854d4c cmdline:burn: explicitly burn --username
via 481eb6ab31e cmdline:burn: use allowlist to ensure more passwords burn
via 6bcdbdab57c cmdline: test_cmdline tests more burning
via 0d89d09674a cmdline:burn: do not burn options starting --user-*, --password-*
via 66da23459f5 cmdline:burn: localise some variables
via 1315b61e1fb cmdline:burn: always return true if burnt
via 916d5bde84a cmdline:burn: handle arguments separated from their --options
via 25329b38634 cmdline:burn: do not retain false memories
via f900e532c3d cmdline:tests: extend cmdline_burn tests
via 9cbb5bdd333 selftest: run the cmdline tests that we already have
via 5d99875ba0f cmdline:burn: '-U' does not imply secrets without '%'
via 73207ff834f docs-xml:manpages: allow for longer version strings
via f5920ceea32 .gitlab-ci-main.yml: Add safe.directory '*'
via 6b0b6d06410 gitlab-ci: Also add the git directory for pipeline in the main mirror
via f4604a86fe1 third_party/heimdal: Import lorikeet-heimdal-202407041740 (commit 42ba2a6e5dd1bc14a8b5ada8c9b8ace85956f6a0)
via 16b430e7401 s4:selftest: also test samba4.ldb.simple.ldap*SASL-BIND with ldap_testing:{channel_bound,tls_channel_bindings,forced_channel_binding}
via ac22551de3e selftest: split out selftest/expectedfail.d/samba4.ldb.simple.ldap-tls
via 7c6c742106b s4:libcli/ldap: add tls channel binding support for ldap_bind_sasl()
via 7f2e3839f25 s4:ldap_server: add support for tls channel bindings
via 64d4c1cdcc3 s3:crypto/gse: implement channel binding support
via 7b62c5f7d24 s4:gensec_gssapi: implement channel binding support
via 1219bf38301 auth/ntlmssp: implement channel binding support
via c41feb6c2a4 auth/gensec: add gensec_set_channel_bindings() function
via 2668243de22 wscript_configure_embedded_heimdal: define HAVE_CLIENT_GSS_C_CHANNEL_BOUND_FLAG
via c86e8742373 third_party/heimdal: import lorikeet-heimdal-202404171655 (commit 28a56d818074e049f0361ef74d7017f2a9391847)
via 20d5335dc1f s4:lib/tls: add tstream_tls_channel_bindings()
via 6fec41bdb31 lib/crypto: add legacy_gnutls_server_end_point_cb() if needed
via b2f44b81751 s4:libcli/ldap: make use of tstream_tls_params_client_lpcfg()
via 254fa5041d6 s4:librpc/rpc: make use of tstream_tls_params_client_lpcfg()
via 7a6ce2be813 s3:rpc_server/mdssvc: make use of tstream_tls_params_client_lpcfg()
via 8989c3cd8ba s4:lib/tls: add tstream_tls_params_client_lpcfg()
via f1ca22f5577 s4:lib/tls: split out tstream_tls_verify_peer() helper
via 1f0e6a44747 s4:lib/tls: include a TLS server name indication in the client handshake
via a55356b7cde s4:lib/tls: we no longer need ifdef GNUTLS_NO_TICKETS
via 0c8fd43cc83 s4:lib/tls: split out tstream_tls_prepare_gnutls()
via 3e90d30bab9 s4:lib/tls: assert that event contexts are not mixed
via c117f54ceed s3:lib/tls: we need to call tstream_tls_retry_handshake/disconnect() until all buffers are flushed
via 52adc59a926 s4:lib/tls: remove tstream_tls_push_trigger_write step
via 461f14259e2 s4:libcli/ldap: force GSS-SPNEGO in ldap_bind_sasl()
via 39ffaf056b2 s4:libcli/ldap: fix no memory error code in ldap_bind_sasl()
via 5545d934ec0 ldb_ildap: require ldb_get_opaque(ldb, "loadparm") to be valid
via 07e707c4de4 s4:libcli/ldap: ldap4_new_connection() requires a valid lp_ctx
via 52fc65513f4 selftest: move some more expected failures to expectedfail.d
via 63b47dc0edc Fix starvation of pending writes in CTDB queues
via 95058b97865 build: --vendor-suffix instead of --vendor-patch-revision --vendor-name
via 5531ef4d2b0 buildtools: sanitise strange characters in vendor strings
via bff728a842f third_party/heimdal: Import lorikeet-heimdal-202406240121 (commit 4315286377278234be2f3b6d52225a17b6116d54)
via 41c8a42c8ae tests/krb5: Add tests for errors produced when logging in with unusable accounts
via d4c1e215a9b tests/krb5: Allow creation of disabled accounts for testing
via 50a417a2240 python/tests/krb5: Prepare for PKINIT tests with UF_SMARTCARD_REQUIRED
via c1433f821f7 tests/krb5: Fix PK-INIT test framework to allow expired password keys
via 4e57b8a5fe6 dsdb: Reduce minimum maxPwdAge from 1 day to nil
via eeae9fe4b01 VERSION: Bump version up to Samba 4.20.3...
from 569d541c9bb VERSION: Disable GIT_SNAPSHOT for the 4.20.2 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
.gitlab-ci-main.yml | 3 +-
VERSION | 2 +-
WHATSNEW.txt | 107 +++-
auth/gensec/gensec.c | 63 +++
auth/gensec/gensec.h | 8 +
auth/gensec/gensec_internal.h | 18 +
auth/gensec/gensec_start.c | 1 +
auth/ntlmssp/ntlmssp_client.c | 13 +-
auth/ntlmssp/ntlmssp_private.h | 2 +
auth/ntlmssp/ntlmssp_server.c | 47 ++
auth/ntlmssp/ntlmssp_util.c | 98 ++++
buildtools/wafsamba/samba_abi.py | 6 +-
ctdb/common/ctdb_io.c | 17 +-
.../ldap/ldapserverrequirestrongauth.xml | 38 +-
docs-xml/xslt/man.xsl | 3 +
lib/cmdline/cmdline.c | 217 +++++++-
lib/cmdline/tests/test_cmdline.c | 54 +-
lib/crypto/gnutls_helpers.h | 6 +
lib/crypto/gnutls_server_end_point_cb.c | 130 +++++
lib/crypto/wscript | 6 +-
lib/ldb-samba/ldb_ildap.c | 9 +-
lib/param/loadparm.h | 1 +
lib/param/param_table.c | 2 +
libcli/security/sddl.c | 5 +
python/samba/netcmd/testparm.py | 10 +
python/samba/tests/krb5/kdc_base_test.py | 24 +-
python/samba/tests/krb5/lockout_tests.py | 210 ++++++-
python/samba/tests/krb5/pkinit_tests.py | 15 +-
python/samba/tests/krb5/raw_testcase.py | 18 +-
python/samba/tests/krb5/rfc4120_constants.py | 1 +
python/samba/tests/samba_tool/help.py | 9 +
python/samba/tests/sddl.py | 10 +-
script/autobuild.py | 4 +-
selftest/expectedfail.d/ldap-tlsverifypeer | 10 +
selftest/expectedfail.d/samba4.ldb.simple.ldap-tls | 21 +
selftest/expectedfail_heimdal | 12 +
selftest/knownfail | 16 -
selftest/knownfail_mit_kdc | 5 +
selftest/target/Samba4.pm | 2 +-
selftest/tests.py | 2 +
selftest/wscript | 4 +
source3/librpc/crypto/gse.c | 95 +++-
source3/printing/samba-bgqd.c | 8 +-
source3/rpc_server/mdssvc/mdssvc_es.c | 25 +-
source3/utils/testparm.c | 12 +
source4/auth/gensec/gensec_gssapi.c | 77 ++-
source4/auth/gensec/gensec_gssapi.h | 1 +
source4/dsdb/samdb/ldb_modules/operational.c | 4 +-
source4/ldap_server/ldap_bind.c | 62 ++-
source4/ldap_server/ldap_server.c | 11 +
source4/lib/tls/tls.h | 7 +
source4/lib/tls/tls_tstream.c | 611 ++++++++++++---------
source4/lib/tls/wscript_build | 1 +
source4/libcli/ldap/ldap_bind.c | 111 ++--
source4/libcli/ldap/ldap_client.c | 20 +-
source4/librpc/rpc/dcerpc_roh.c | 20 +-
source4/selftest/tests.py | 31 +-
third_party/heimdal/kdc/fast.c | 13 +-
third_party/heimdal/lib/gssapi/krb5/8003.c | 5 +
.../heimdal/lib/gssapi/krb5/init_sec_context.c | 10 +
third_party/heimdal/lib/gssapi/test_context.c | 4 +
third_party/heimdal/lib/krb5/build_auth.c | 100 +++-
third_party/heimdal/lib/krb5/fast.c | 12 +-
third_party/heimdal/lib/krb5/mcache.c | 2 +-
third_party/heimdal/lib/krb5/mk_req_ext.c | 1 +
third_party/heimdal/tests/gss/check-context.in | 35 ++
wscript | 12 +-
wscript_configure_embedded_heimdal | 7 +
wscript_configure_system_gnutls | 5 +
69 files changed, 2059 insertions(+), 472 deletions(-)
create mode 100644 lib/crypto/gnutls_server_end_point_cb.c
create mode 100644 selftest/expectedfail.d/ldap-tlsverifypeer
create mode 100644 selftest/expectedfail.d/samba4.ldb.simple.ldap-tls
create mode 100644 selftest/expectedfail_heimdal
Changeset truncated at 500 lines:
diff --git a/.gitlab-ci-main.yml b/.gitlab-ci-main.yml
index face2103327..08865ca2c42 100644
--- a/.gitlab-ci-main.yml
+++ b/.gitlab-ci-main.yml
@@ -146,8 +146,7 @@ include:
- ccache -z -M 500M
- ccache -s
# We are already running .gitlab-ci directives from this repo, remove additional checks that break our CI
- - git config --global --add safe.directory `pwd`
- - git config --global --add safe.directory /builds/samba-team/devel/samba/.git
+ - git config --global --add safe.directory '*'
after_script:
- mount
- df -h
diff --git a/VERSION b/VERSION
index 200f6ccac3e..b0f4f114077 100644
--- a/VERSION
+++ b/VERSION
@@ -27,7 +27,7 @@ SAMBA_COPYRIGHT_STRING="Copyright Andrew Tridgell and the Samba Team 1992-2024"
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=20
-SAMBA_VERSION_RELEASE=2
+SAMBA_VERSION_RELEASE=3
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index fb964d7a6f4..93dd250d052 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,106 @@
+ ==============================
+ Release Notes for Samba 4.20.3
+ August 02, 2024
+ ==============================
+
+
+This is the latest stable release of the Samba 4.20 release series.
+
+LDAP TLS/SASL channel binding support
+-------------------------------------
+
+The ldap server supports SASL binds with
+kerberos or NTLMSSP over TLS connections
+now (either ldaps or starttls).
+
+Setups where 'ldap server require strong auth = allow_sasl_over_tls'
+was required before, can now most likely move to the
+default of 'ldap server require strong auth = yes'.
+
+If SASL binds without correct tls channel bindings are required
+'ldap server require strong auth = allow_sasl_without_tls_channel_bindings'
+should be used now, as 'allow_sasl_over_tls' will generate a
+warning in every start of 'samba', as well as '[samba-tool ]testparm'.
+
+This is similar to LdapEnforceChannelBinding under
+HKLM\SYSTEM\CurrentControlSet\Services\NTDS\Parameters
+on Windows.
+
+All client tools using ldaps also include the correct
+channel bindings now.
+
+smb.conf changes
+================
+
+ Parameter Name Description Default
+ -------------- ----------- -------
+ ldap server require strong auth new values
+
+Changes since 4.20.2
+--------------------
+
+o Andreas Schneider
+ * BUG 15683: Running samba-bgqd a a standalone systemd service does not work.
+
+o Andrew Bartlett
+ * BUG 15655: When claims enabled with heimdal kerberos, unable to log on to a
+ Windows computer when user account need to change their own password.
+
+o Douglas Bagnall
+ * BUG 15671: Invalid client warning about command line passwords.
+ * BUG 15672: Version string is truncated in manpages.
+ * BUG 15673: --version-* options are still not ergonomic, and they reject
+ tilde characters.
+ * BUG 15674: cmdline_burn does not always burn secrets.
+ * BUG 15685: Samba does not parse SDDL found in defaultSecurityDescriptor in
+ AD_DS_Classes_Windows_Server_v1903.ldf.
+
+o Jo Sutton
+ * BUG 15655: When claims enabled with heimdal kerberos, unable to log on to a
+ Windows computer when user account need to change their own password.
+
+o Pavel Filipensk?
+ * BUG 15660: The images don\'t build after the git security release and
+ CentOS 8 Stream is EOL.
+
+o Ralph Boehme
+ * BUG 15676: Fix clock skew error message and memory cache clock skew
+ recovery.
+
+o Stefan Metzmacher
+ * BUG 15603: Heimdal ignores _gsskrb5_decapsulate errors in
+ init_sec_context/repl_mutual.
+ * BUG 15621: s4:ldap_server: does not support tls channel bindings
+ for sasl binds.
+
+o Xavi Hernandez
+ * BUG 15678: CTDB socket output queues may suffer unbounded delays under some
+ special conditions.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
==============================
Release Notes for Samba 4.20.2
June 19, 2024
@@ -79,8 +182,7 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
==============================
Release Notes for Samba 4.20.1
May 08, 2024
@@ -404,6 +506,7 @@ smb.conf changes
Parameter Name Description Default
-------------- ----------- -------
+ ldap server require strong auth new values (4.20.3)
acl claims evaluation new AD DC only
smb3 unix extensions Per share -
smb3 share cap:ASYMMETRIC new no
diff --git a/auth/gensec/gensec.c b/auth/gensec/gensec.c
index 26b5865bff5..8785e69be63 100644
--- a/auth/gensec/gensec.c
+++ b/auth/gensec/gensec.c
@@ -854,3 +854,66 @@ _PUBLIC_ const char *gensec_get_target_principal(struct gensec_security *gensec_
return NULL;
}
+
+static int gensec_channel_bindings_destructor(struct gensec_channel_bindings *cb)
+{
+ data_blob_clear_free(&cb->initiator_address);
+ data_blob_clear_free(&cb->acceptor_address);
+ data_blob_clear_free(&cb->application_data);
+ *cb = (struct gensec_channel_bindings) { .initiator_addrtype = 0, };
+ return 0;
+}
+
+_PUBLIC_ NTSTATUS gensec_set_channel_bindings(struct gensec_security *gensec_security,
+ uint32_t initiator_addrtype,
+ const DATA_BLOB *initiator_address,
+ uint32_t acceptor_addrtype,
+ const DATA_BLOB *acceptor_address,
+ const DATA_BLOB *application_data)
+{
+ struct gensec_channel_bindings *cb = NULL;
+
+ if (gensec_security->subcontext) {
+ return NT_STATUS_INTERNAL_ERROR;
+ }
+
+ if (gensec_security->channel_bindings != NULL) {
+ return NT_STATUS_ALREADY_REGISTERED;
+ }
+
+ cb = talloc_zero(gensec_security, struct gensec_channel_bindings);
+ if (cb == NULL) {
+ return NT_STATUS_NO_MEMORY;
+ }
+ talloc_set_destructor(cb, gensec_channel_bindings_destructor);
+
+ cb->initiator_addrtype = initiator_addrtype;
+ if (initiator_address != NULL) {
+ cb->initiator_address = data_blob_dup_talloc(cb,
+ *initiator_address);
+ if (cb->initiator_address.length != initiator_address->length) {
+ TALLOC_FREE(cb);
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+ cb->acceptor_addrtype = acceptor_addrtype;
+ if (acceptor_address != NULL) {
+ cb->acceptor_address = data_blob_dup_talloc(cb,
+ *acceptor_address);
+ if (cb->acceptor_address.length != acceptor_address->length) {
+ TALLOC_FREE(cb);
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+ if (application_data != NULL) {
+ cb->application_data = data_blob_dup_talloc(cb,
+ *application_data);
+ if (cb->application_data.length != application_data->length) {
+ TALLOC_FREE(cb);
+ return NT_STATUS_NO_MEMORY;
+ }
+ }
+
+ gensec_security->channel_bindings = cb;
+ return NT_STATUS_OK;
+}
diff --git a/auth/gensec/gensec.h b/auth/gensec/gensec.h
index 29d5e92c130..25242384f55 100644
--- a/auth/gensec/gensec.h
+++ b/auth/gensec/gensec.h
@@ -70,6 +70,7 @@ struct gensec_target {
#define GENSEC_FEATURE_NO_AUTHZ_LOG 0x00000800
#define GENSEC_FEATURE_SMB_TRANSPORT 0x00001000
#define GENSEC_FEATURE_LDAPS_TRANSPORT 0x00002000
+#define GENSEC_FEATURE_CB_OPTIONAL 0x00004000
#define GENSEC_EXPIRE_TIME_INFINITY (NTTIME)0x8000000000000000LL
@@ -313,6 +314,13 @@ bool gensec_setting_bool(struct gensec_settings *settings, const char *mechanism
NTSTATUS gensec_set_target_principal(struct gensec_security *gensec_security, const char *principal);
const char *gensec_get_target_principal(struct gensec_security *gensec_security);
+NTSTATUS gensec_set_channel_bindings(struct gensec_security *gensec_security,
+ uint32_t initiator_addrtype,
+ const DATA_BLOB *initiator_address,
+ uint32_t acceptor_addrtype,
+ const DATA_BLOB *acceptor_address,
+ const DATA_BLOB *application_data);
+
NTSTATUS gensec_generate_session_info_pac(TALLOC_CTX *mem_ctx,
struct gensec_security *gensec_security,
struct smb_krb5_context *smb_krb5_context,
diff --git a/auth/gensec/gensec_internal.h b/auth/gensec/gensec_internal.h
index 8efb1bdff0f..4d8eca99881 100644
--- a/auth/gensec/gensec_internal.h
+++ b/auth/gensec/gensec_internal.h
@@ -95,6 +95,23 @@ struct gensec_security_ops_wrapper {
const char *oid;
};
+/*
+ * typedef struct gss_channel_bindings_struct {
+ * OM_uint32 initiator_addrtype;
+ * gss_buffer_desc initiator_address;
+ * OM_uint32 acceptor_addrtype;
+ * gss_buffer_desc acceptor_address;
+ * gss_buffer_desc application_data;
+ * } *gss_channel_bindings_t;
+ */
+struct gensec_channel_bindings {
+ uint32_t initiator_addrtype;
+ DATA_BLOB initiator_address;
+ uint32_t acceptor_addrtype;
+ DATA_BLOB acceptor_address;
+ DATA_BLOB application_data;
+};
+
struct gensec_security {
const struct gensec_security_ops *ops;
void *private_data;
@@ -106,6 +123,7 @@ struct gensec_security {
uint32_t max_update_size;
uint8_t dcerpc_auth_level;
struct tsocket_address *local_addr, *remote_addr;
+ struct gensec_channel_bindings *channel_bindings;
struct gensec_settings *settings;
/* When we are a server, this may be filled in to provide an
diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c
index bcf98bd5968..4405aca278d 100644
--- a/auth/gensec/gensec_start.c
+++ b/auth/gensec/gensec_start.c
@@ -732,6 +732,7 @@ _PUBLIC_ NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx,
(*gensec_security)->auth_context = talloc_reference(*gensec_security, parent->auth_context);
(*gensec_security)->settings = talloc_reference(*gensec_security, parent->settings);
(*gensec_security)->auth_context = talloc_reference(*gensec_security, parent->auth_context);
+ (*gensec_security)->channel_bindings = talloc_reference(*gensec_security, parent->channel_bindings);
talloc_set_destructor((*gensec_security), gensec_security_destructor);
return NT_STATUS_OK;
diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c
index 337aeed9229..d8dc1d2940b 100644
--- a/auth/ntlmssp/ntlmssp_client.c
+++ b/auth/ntlmssp/ntlmssp_client.c
@@ -599,6 +599,8 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
SingleHost->Value.AvSingleHost.remaining = data_blob_null;
}
+ if (!(gensec_security->want_features & GENSEC_FEATURE_CB_OPTIONAL)
+ || gensec_security->channel_bindings != NULL)
{
struct AV_PAIR *ChannelBindings = NULL;
@@ -607,13 +609,12 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
count++;
*eol = *ChannelBindings;
- /*
- * gensec doesn't support channel bindings yet,
- * but we want to match Windows on the wire
- */
ChannelBindings->AvId = MsvChannelBindings;
- memset(ChannelBindings->Value.ChannelBindings, 0,
- sizeof(ChannelBindings->Value.ChannelBindings));
+ nt_status = ntlmssp_hash_channel_bindings(gensec_security,
+ ChannelBindings->Value.ChannelBindings);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return nt_status;
+ }
}
service = gensec_get_target_service(gensec_security);
diff --git a/auth/ntlmssp/ntlmssp_private.h b/auth/ntlmssp/ntlmssp_private.h
index 4d84e3347b6..7b939b80ae2 100644
--- a/auth/ntlmssp/ntlmssp_private.h
+++ b/auth/ntlmssp/ntlmssp_private.h
@@ -56,6 +56,8 @@ void debug_ntlmssp_flags(uint32_t neg_flags);
NTSTATUS ntlmssp_handle_neg_flags(struct ntlmssp_state *ntlmssp_state,
uint32_t neg_flags, const char *name);
const DATA_BLOB ntlmssp_version_blob(void);
+NTSTATUS ntlmssp_hash_channel_bindings(struct gensec_security *gensec_security,
+ uint8_t cb_hash[16]);
/* The following definitions come from auth/ntlmssp_server.c */
diff --git a/auth/ntlmssp/ntlmssp_server.c b/auth/ntlmssp/ntlmssp_server.c
index 64b96283eb2..1e49379a8ed 100644
--- a/auth/ntlmssp/ntlmssp_server.c
+++ b/auth/ntlmssp/ntlmssp_server.c
@@ -386,6 +386,9 @@ static NTSTATUS ntlmssp_server_preauth(struct gensec_security *gensec_security,
DATA_BLOB version_blob = data_blob_null;
const unsigned int mic_len = NTLMSSP_MIC_SIZE;
DATA_BLOB mic_blob = data_blob_null;
+ const uint8_t zero_channel_bindings[16] = { 0, };
+ const uint8_t *client_channel_bindings = zero_channel_bindings;
+ uint8_t server_channel_bindings[16] = { 0, };
const char *parse_string;
bool ok;
struct timeval endtime;
@@ -523,6 +526,7 @@ static NTSTATUS ntlmssp_server_preauth(struct gensec_security *gensec_security,
uint32_t i = 0;
uint32_t count = 0;
const struct AV_PAIR *flags = NULL;
+ const struct AV_PAIR *cb = NULL;
const struct AV_PAIR *eol = NULL;
uint32_t av_flags = 0;
@@ -598,6 +602,12 @@ static NTSTATUS ntlmssp_server_preauth(struct gensec_security *gensec_security,
ntlmssp_state->new_spnego = true;
}
+ cb = ndr_ntlmssp_find_av(&v2_resp.Challenge.AvPairs,
+ MsvChannelBindings);
+ if (cb != NULL) {
+ client_channel_bindings = cb->Value.ChannelBindings;
+ }
+
count = ntlmssp_state->server.av_pair_list.count;
if (v2_resp.Challenge.AvPairs.count < count) {
return NT_STATUS_INVALID_PARAMETER;
@@ -700,6 +710,43 @@ static NTSTATUS ntlmssp_server_preauth(struct gensec_security *gensec_security,
}
}
+ if (gensec_security->channel_bindings != NULL) {
+ nt_status = ntlmssp_hash_channel_bindings(gensec_security,
+ server_channel_bindings);
+ if (!NT_STATUS_IS_OK(nt_status)) {
+ return nt_status;
+ }
+
+ ok = mem_equal_const_time(client_channel_bindings,
+ server_channel_bindings,
+ 16);
+ if (!ok && gensec_security->want_features & GENSEC_FEATURE_CB_OPTIONAL) {
+ /*
+ * Unlike kerberos, explicit 16 zeros in
+ * MsvChannelBindings are not enough to
+ * pass the optional check.
+ *
+ * So we only let it through without explicit
+ * MsvChannelBindings.
+ */
+ ok = (client_channel_bindings == zero_channel_bindings);
+ }
+ if (!ok) {
+ DBG_WARNING("Invalid channel bindings for "
+ "user=[%s] domain=[%s] workstation=[%s]\n",
+ ntlmssp_state->user,
+ ntlmssp_state->domain,
+ ntlmssp_state->client.netbios_name);
+ dump_data(DBGLVL_WARNING,
+ client_channel_bindings,
+ 16);
+ dump_data(DBGLVL_WARNING,
+ server_channel_bindings,
+ 16);
+ return NT_STATUS_BAD_BINDINGS;
+ }
+ }
+
nttime_to_timeval(&endtime, ntlmssp_state->server.challenge_endtime);
expired = timeval_expired(&endtime);
if (expired) {
diff --git a/auth/ntlmssp/ntlmssp_util.c b/auth/ntlmssp/ntlmssp_util.c
index 6f3b474fd71..b8dc84e1652 100644
--- a/auth/ntlmssp/ntlmssp_util.c
+++ b/auth/ntlmssp/ntlmssp_util.c
@@ -22,9 +22,15 @@
*/
#include "includes.h"
+#include "auth/gensec/gensec.h"
+#include "auth/gensec/gensec_internal.h"
#include "../auth/ntlmssp/ntlmssp.h"
#include "../auth/ntlmssp/ntlmssp_private.h"
+#include "lib/crypto/gnutls_helpers.h"
+#include
+#include
+
#undef DBGC_CLASS
#define DBGC_CLASS DBGC_AUTH
@@ -218,3 +224,95 @@ const DATA_BLOB ntlmssp_version_blob(void)
return data_blob_const(version_buffer, ARRAY_SIZE(version_buffer));
}
+
+NTSTATUS ntlmssp_hash_channel_bindings(struct gensec_security *gensec_security,
+ uint8_t cb_hash[16])
+{
+ const struct gensec_channel_bindings *cb =
+ gensec_security->channel_bindings;
+ gnutls_hash_hd_t hash_hnd = NULL;
+ uint8_t uint32buf[4];
+ int rc;
+
+ if (cb == NULL) {
+ memset(cb_hash, 0, 16);
+ return NT_STATUS_OK;
+ }
+
+ GNUTLS_FIPS140_SET_LAX_MODE();
+ rc = gnutls_hash_init(&hash_hnd, GNUTLS_DIG_MD5);
+ if (rc < 0) {
+ GNUTLS_FIPS140_SET_STRICT_MODE();
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
+ }
+
+ SIVAL(uint32buf, 0, cb->initiator_addrtype);
+ rc = gnutls_hash(hash_hnd, uint32buf, sizeof(uint32buf));
+ if (rc < 0) {
+ gnutls_hash_deinit(hash_hnd, NULL);
+ GNUTLS_FIPS140_SET_STRICT_MODE();
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
+ }
+ SIVAL(uint32buf, 0, cb->initiator_address.length);
+ rc = gnutls_hash(hash_hnd, uint32buf, sizeof(uint32buf));
+ if (rc < 0) {
+ gnutls_hash_deinit(hash_hnd, NULL);
+ GNUTLS_FIPS140_SET_STRICT_MODE();
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
+ }
+ if (cb->initiator_address.length > 0) {
+ rc = gnutls_hash(hash_hnd,
+ cb->initiator_address.data,
+ cb->initiator_address.length);
+ if (rc < 0) {
+ gnutls_hash_deinit(hash_hnd, NULL);
+ GNUTLS_FIPS140_SET_STRICT_MODE();
+ return gnutls_error_to_ntstatus(rc, NT_STATUS_HMAC_NOT_SUPPORTED);
+ }
+ }
+ SIVAL(uint32buf, 0, cb->acceptor_addrtype);
+ rc = gnutls_hash(hash_hnd, uint32buf, sizeof(uint32buf));
+ if (rc < 0) {
+ gnutls_hash_deinit(hash_hnd, NULL);
+ GNUTLS_FIPS140_SET_STRICT_MODE();
--
Samba Shared Repository
From dbagnall at samba.org Sun Aug 4 01:36:02 2024
From: dbagnall at samba.org (Douglas Bagnall)
Date: Sun, 04 Aug 2024 01:36:02 +0000
Subject: [SCM] Samba Shared Repository - branch master updated
Message-ID:
The branch, master has been updated
via 5851ae55542 ldb: Fix ldb public library header files being unusable
via 20e841b7936 python:tests: Remove unused variable
via b6c25ed271b python:provision: Do not suppress errors produced setting up BIND database
via bf8a22b2e45 lib:cmdline: Load network interfaces in _samba_cmdline_load_config_s4()
via 58b4d988fac s3:libsmb: Return a more sensible error if no interfaces are available
via 786265ad7ff s3:libsmb: Fix invalid array dereference
via 1d945b0f230 python:tests: Account for new user ?joe?
via 18b078a8b96 dsdb periodic: Produce a debugging message if kccsrv_samba_kcc() fails
via c07c91733cf ldb-samba: Fix code spelling
via 62ecbc0afc4 buildtools: Fix code spelling
via f13df85b995 buildtools: Remove trailing whitespace
via 7b020492230 s4-kcc: Remove nonfunctional fallback code
via 9e7c37550a9 python:netcmd: Explicitly delete samdb variables
via 9542c419a07 tests/krb5: Remove unneeded machine account creation
via 7b184bb317c tests/krb5: Remove unneeded parameter ?samdb?
via 1616a640dd2 s4:dsdb: Fix code spelling
via 7485d4d5881 s4:dsdb: Remove trailing whitespace
via d603d8b3929 s3:libnet: Fix code spelling
via 3a06f34e68d python:tests: Fix code spelling
via f7d92814c43 python:tests: Fix code spelling
via 3588d6c33d4 libcli:auth: Fix code spelling
via df4d6c404cb lib:util: Fix code spelling
via 9130ca413af lib:cmdline: Fix code spelling
via 3249bce0fe8 buildtools: Use isinstance() to compare types
from 48963251fb0 s4:torture: Fix memory leak
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 5851ae555425ea2ba8e431162142ebae47be802e
Author: Jo Sutton
Date: Fri Aug 2 10:14:52 2024 +1200
ldb: Fix ldb public library header files being unusable
An accidental negation means that ldb_version.h is not installed when
ldb is built as a public library.
This is a regression introduced by commit
625fb48326ec62a33ce0abdbfb0f6f3d33d7cc64.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15690
Signed-off-by: Jo Sutton
Reviewed-by: Douglas Bagnall
Autobuild-User(master): Douglas Bagnall
Autobuild-Date(master): Sun Aug 4 01:35:55 UTC 2024 on atb-devel-224
commit 20e841b79362a9054027fe29426cb378b1c90be9
Author: Jo Sutton
Date: Thu Aug 1 15:51:03 2024 +1200
python:tests: Remove unused variable
assertMatch() returns None, which isn?t very useful.
Signed-off-by: Jo Sutton
Reviewed-by: Douglas Bagnall
commit b6c25ed271b354152709e0fe92969a3171f751ff
Author: Jo Sutton
Date: Thu Aug 1 15:47:13 2024 +1200
python:provision: Do not suppress errors produced setting up BIND database
Signed-off-by: Jo Sutton
Reviewed-by: Douglas Bagnall
commit bf8a22b2e459b990403e5593db404ed36deba78f
Author: Jo Sutton
Date: Tue Jul 30 16:55:17 2024 +1200
lib:cmdline: Load network interfaces in _samba_cmdline_load_config_s4()
This makes the samba.tests.domain_backup tests start working again when
they are run standalone. Without the load_interfaces() call,
smb_sysvol_conn() fails to make a connection to the sysvol share.
Signed-off-by: Jo Sutton
Reviewed-by: Douglas Bagnall
commit 58b4d988fac0bf3574cf9e71931d4a42c1857821
Author: Jo Sutton
Date: Tue Jul 30 15:46:14 2024 +1200
s3:libsmb: Return a more sensible error if no interfaces are available
Signed-off-by: Jo Sutton
Reviewed-by: Douglas Bagnall
commit 786265ad7ffd6d3b8438c18f62a2a027c50fde6d
Author: Jo Sutton
Date: Tue Jul 30 15:42:32 2024 +1200
s3:libsmb: Fix invalid array dereference
If ?num_addrs? is equal to zero, name_queries_send() will pass an
invalid address to name_query_send().
Signed-off-by: Jo Sutton
Reviewed-by: Douglas Bagnall
commit 1d945b0f230054eb1b94c39aa99acd7f25389f04
Author: Jo Sutton
Date: Tue Jul 30 14:49:11 2024 +1200
python:tests: Account for new user ?joe?
Signed-off-by: Jo Sutton
Reviewed-by: Douglas Bagnall
commit 18b078a8b96afc648c733d60f7b1e3f11ad885c3
Author: Jo Sutton
Date: Tue Jul 30 13:53:57 2024 +1200
dsdb periodic: Produce a debugging message if kccsrv_samba_kcc() fails
Signed-off-by: Jo Sutton
Reviewed-by: Douglas Bagnall
commit c07c91733cfc593cfe136ccd4b96dc8e51c9fe14
Author: Jo Sutton
Date: Tue Jul 30 11:10:03 2024 +1200
ldb-samba: Fix code spelling
Signed-off-by: Jo Sutton
Reviewed-by: Douglas Bagnall
commit 62ecbc0afc443cae7cfa63473c47eb075517f22d
Author: Jo Sutton
Date: Mon Jul 29 17:04:54 2024 +1200
buildtools: Fix code spelling
Signed-off-by: Jo Sutton
Reviewed-by: Douglas Bagnall
commit f13df85b9951cd9773b27301746e8eed16c316ee
Author: Jo Sutton
Date: Mon Jul 29 17:04:46 2024 +1200
buildtools: Remove trailing whitespace
Signed-off-by: Jo Sutton
Reviewed-by: Douglas Bagnall
commit 7b020492230107111731952f4f002a9279356f45
Author: Jo Sutton
Date: Mon Jul 29 14:45:49 2024 +1200
s4-kcc: Remove nonfunctional fallback code
The following line in the pre?2003 attributes fallback code:
attrs = post_2003_attrs;
presumably should have read
attrs = pre_2003_attrs;
As it is this fallback, added in commit
2fc233b78f35e4bc5062869d77985567d61d0f8a and subsequently modified in
commit 783ff68628fee6d5681b3a9abd80b74a78588926, does not do what it was
intended to do.
Besides, attempting a failed search again, just with different
attributes, will presumably not yield any more of a result.
Signed-off-by: Jo Sutton
Reviewed-by: Douglas Bagnall
commit 9e7c37550a904040c711c53b868ec60ad84ee6c6
Author: Jo Sutton
Date: Fri Jul 19 10:21:56 2024 +1200
python:netcmd: Explicitly delete samdb variables
This makes our intent clear, and avoids accidental attempts to use these
objects after they have been ?disconnect()?ed.
Signed-off-by: Jo Sutton
Reviewed-by: Douglas Bagnall
commit 9542c419a07ae03c8de6ae5ebf634f925e9f69ea
Author: Jo Sutton
Date: Thu Jul 18 13:53:09 2024 +1200
tests/krb5: Remove unneeded machine account creation
Signed-off-by: Jo Sutton
Reviewed-by: Douglas Bagnall
commit 7b184bb317c138e3355010d0ceaca5b4a25b5152
Author: Jo Sutton
Date: Thu Jul 18 13:51:52 2024 +1200
tests/krb5: Remove unneeded parameter ?samdb?
Signed-off-by: Jo Sutton
Reviewed-by: Douglas Bagnall
commit 1616a640dd2d25b11e1c5ad7d1bca765a2b65c05
Author: Jo Sutton
Date: Tue Jul 16 13:32:32 2024 +1200
s4:dsdb: Fix code spelling
Signed-off-by: Jo Sutton
Reviewed-by: Douglas Bagnall
commit 7485d4d588188c1167d10c05b637d969f8241864
Author: Jo Sutton
Date: Fri Aug 2 11:26:49 2024 +1200
s4:dsdb: Remove trailing whitespace
Signed-off-by: Jo Sutton
Reviewed-by: Douglas Bagnall
commit d603d8b3929411b9fab8dcb67fb28654d42fe306
Author: Jo Sutton
Date: Tue Jul 9 12:57:13 2024 +1200
s3:libnet: Fix code spelling
Signed-off-by: Jo Sutton
Reviewed-by: Douglas Bagnall
commit 3a06f34e68d7b6439d3e37ffb2860f45aa5ad24e
Author: Jo Sutton
Date: Thu Aug 1 15:50:44 2024 +1200
python:tests: Fix code spelling
Signed-off-by: Jo Sutton
Reviewed-by: Douglas Bagnall
commit f7d92814c4301d184eea9b716271a48a8e9940c6
Author: Jo Sutton
Date: Tue Jul 16 15:53:05 2024 +1200
python:tests: Fix code spelling
Signed-off-by: Jo Sutton
Reviewed-by: Douglas Bagnall
commit 3588d6c33d44c058fb1d8810cb5643f3fd5caa32
Author: Jo Sutton
Date: Tue Jul 16 13:32:05 2024 +1200
libcli:auth: Fix code spelling
Signed-off-by: Jo Sutton
Reviewed-by: Douglas Bagnall
commit df4d6c404cbe73212608d93d22f7c04dc1c6e9be
Author: Jo Sutton
Date: Tue Jul 9 12:52:03 2024 +1200
lib:util: Fix code spelling
Signed-off-by: Jo Sutton
Reviewed-by: Douglas Bagnall
commit 9130ca413af16ec01d9dd0d1f5a58f54915f8059
Author: Jo Sutton
Date: Wed Jul 17 11:28:02 2024 +1200
lib:cmdline: Fix code spelling
Signed-off-by: Jo Sutton
Reviewed-by: Douglas Bagnall
commit 3249bce0fe85938ec1980fb6b0f678aceb4d2f3e
Author: Jo Sutton
Date: Tue Jul 2 16:40:49 2024 +1200
buildtools: Use isinstance() to compare types
Signed-off-by: Jo Sutton
Reviewed-by: Douglas Bagnall
-----------------------------------------------------------------------
Summary of changes:
buildtools/wafsamba/samba_python.py | 4 +--
buildtools/wafsamba/samba_version.py | 2 +-
lib/cmdline/cmdline.c | 2 +-
lib/cmdline/cmdline_s4.c | 11 +++++++
lib/cmdline/wscript | 2 +-
lib/ldb-samba/ldb_matching_rules.c | 2 +-
lib/ldb/wscript | 2 +-
lib/util/debug.h | 2 +-
libcli/auth/smbencrypt.c | 2 +-
python/samba/netcmd/domain/backup.py | 4 +--
python/samba/provision/sambadns.py | 12 ++++----
python/samba/tests/domain_backup.py | 2 +-
python/samba/tests/dsdb.py | 2 +-
python/samba/tests/kcc/kcc_utils.py | 2 +-
.../krb5/ms_kile_client_principal_lookup_tests.py | 35 +++++++---------------
python/samba/tests/samba_tool/group.py | 2 +-
source3/libnet/libnet_dssync_keytab.c | 2 +-
source3/libsmb/namequery.c | 12 ++++++++
source4/dsdb/kcc/kcc_drs_replica_info.c | 14 ++-------
source4/dsdb/kcc/kcc_periodic.c | 28 +++++++++--------
source4/dsdb/repl/drepl_partitions.c | 22 +++++++-------
source4/dsdb/samdb/ldb_modules/repl_meta_data.c | 4 +--
22 files changed, 86 insertions(+), 84 deletions(-)
Changeset truncated at 500 lines:
diff --git a/buildtools/wafsamba/samba_python.py b/buildtools/wafsamba/samba_python.py
index 12a94c8079d..544261e79f0 100644
--- a/buildtools/wafsamba/samba_python.py
+++ b/buildtools/wafsamba/samba_python.py
@@ -114,7 +114,7 @@ def SAMBA_PYTHON(bld, name,
# including Python.h. If the macro is defined, length is a Py_ssize_t
# rather than an int.
- # Because if often included before includes.h/config.h
+ # Because is often included before includes.h/config.h
# This must be in the -D compiler options
cflags += ' -DPY_SSIZE_T_CLEAN=1'
@@ -153,5 +153,3 @@ def pyembed_libname(bld, name):
return name
Build.BuildContext.pyembed_libname = pyembed_libname
-
-
diff --git a/buildtools/wafsamba/samba_version.py b/buildtools/wafsamba/samba_version.py
index 1533e01198f..5b240e32085 100644
--- a/buildtools/wafsamba/samba_version.py
+++ b/buildtools/wafsamba/samba_version.py
@@ -202,7 +202,7 @@ also accepted as dictionary entries here
string_types = str
if isinstance(value, string_types):
string += "\"%s\"" % value
- elif type(value) is int:
+ elif isinstance(value, int):
string += "%d" % value
else:
raise Exception("Unknown type for %s: %r" % (name, value))
diff --git a/lib/cmdline/cmdline.c b/lib/cmdline/cmdline.c
index 8efefc67a64..a42707238f6 100644
--- a/lib/cmdline/cmdline.c
+++ b/lib/cmdline/cmdline.c
@@ -160,7 +160,7 @@ static bool strneq_cmdline_exact(const char *p, const char *option, size_t len)
* there, we return false.
*
* If the option is not in either list, we assume it might be secret and
- * redact the argument, but warn loadly about it. The hope is that developers
+ * redact the argument, but warn loudly about it. The hope is that developers
* will see what they're doing and add the option to the appropriate list.
*
* If true is returned, *ulen will be set to the apparent length of the
diff --git a/lib/cmdline/cmdline_s4.c b/lib/cmdline/cmdline_s4.c
index f8be4ed670c..d26e1de93c1 100644
--- a/lib/cmdline/cmdline_s4.c
+++ b/lib/cmdline/cmdline_s4.c
@@ -20,9 +20,11 @@
#include "lib/param/param.h"
#include "lib/util/debug.h"
#include "lib/util/fault.h"
+#include "lib/util/talloc_stack.h"
#include "auth/credentials/credentials.h"
#include "dynconfig/dynconfig.h"
#include "cmdline_private.h"
+#include "source3/lib/interface.h"
static bool _require_smbconf;
static enum samba_cmdline_config_type _config_type;
@@ -82,6 +84,15 @@ static bool _samba_cmdline_load_config_s4(void)
break;
}
+ {
+ /* load_interfaces() requires a talloc stackframe. */
+ TALLOC_CTX *frame = talloc_stackframe();
+
+ load_interfaces();
+
+ TALLOC_FREE(frame);
+ }
+
return true;
}
diff --git a/lib/cmdline/wscript b/lib/cmdline/wscript
index 01ead85e2c4..7ea6467b502 100644
--- a/lib/cmdline/wscript
+++ b/lib/cmdline/wscript
@@ -26,7 +26,7 @@ def build(bld):
bld.SAMBA_SUBSYSTEM('CMDLINE_S4',
source='cmdline_s4.c',
- deps='cmdline')
+ deps='cmdline samba3core')
bld.SAMBA_BINARY('test_cmdline',
source='tests/test_cmdline.c',
diff --git a/lib/ldb-samba/ldb_matching_rules.c b/lib/ldb-samba/ldb_matching_rules.c
index dd1f80628c9..9520c805558 100644
--- a/lib/ldb-samba/ldb_matching_rules.c
+++ b/lib/ldb-samba/ldb_matching_rules.c
@@ -351,7 +351,7 @@ static int ldb_comparator_trans(struct ldb_context *ldb,
* where the value is a number of hours since the start of 1601.
*
* This allows the caller to find records that should become a DNS
- * tomestone, despite that information being deep within an NDR packed
+ * tombstone, despite that information being deep within an NDR packed
* object
*/
static int dsdb_match_for_dns_to_tombstone_time(struct ldb_context *ldb,
diff --git a/lib/ldb/wscript b/lib/ldb/wscript
index 51a8cef7b1e..87aa3bb6d77 100644
--- a/lib/ldb/wscript
+++ b/lib/ldb/wscript
@@ -174,7 +174,7 @@ def build(bld):
dep_vars=['LDB_VERSION'],
target='include/ldb_version.h',
public_headers='include/ldb_version.h',
- public_headers_install=not bld.env.ldb_is_public_library)
+ public_headers_install=bld.env.ldb_is_public_library)
t.env.LDB_VERSION = LDB_VERSION
bld.SAMBA_MODULE('ldb_asq',
diff --git a/lib/util/debug.h b/lib/util/debug.h
index a4ad56048ff..f188105c9f4 100644
--- a/lib/util/debug.h
+++ b/lib/util/debug.h
@@ -142,7 +142,7 @@ bool dbgsetclass(int level, int cls);
*
* DEBUGADD(), DEBUGADDC()
* Same as DEBUG() and DEBUGC() except the text is appended to the previous
- * DEBUG(), DEBUGC(), DEBUGADD(), DEBUGADDC() with out another interviening
+ * DEBUG(), DEBUGC(), DEBUGADD(), DEBUGADDC() without another intervening
* header.
*
* Example: DEBUGADD( 2, ("Some text and a value %d.\n", value) );
diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
index bddc843f524..7818d2921f8 100644
--- a/libcli/auth/smbencrypt.c
+++ b/libcli/auth/smbencrypt.c
@@ -1106,7 +1106,7 @@ NTSTATUS encode_rc4_passwd_buffer(const char *passwd,
/*
* The packet format is the 516 byte RC4 encrypted
- * password followed by the 16 byte counfounder
+ * password followed by the 16 byte confounder
* The confounder is a salt to prevent pre-computed hash attacks on the
* database.
*/
diff --git a/python/samba/netcmd/domain/backup.py b/python/samba/netcmd/domain/backup.py
index b27105116dc..b1b57c04a7f 100644
--- a/python/samba/netcmd/domain/backup.py
+++ b/python/samba/netcmd/domain/backup.py
@@ -1182,7 +1182,7 @@ class cmd_domain_backup_offline(samba.netcmd.Command):
# not use this any more as the data has all been copied under
# the transaction
samdb.disconnect()
- samdb = None
+ del samdb
# Open the new backed up samdb, flag it as backed up, and write
# the next SID so the restore tool can add objects. We use
@@ -1200,7 +1200,7 @@ class cmd_domain_backup_offline(samba.netcmd.Command):
# Close the backed up samdb
samdb.disconnect()
- samdb = None
+ del samdb
# Now handle all the LDB and TDB files that are not linked to
# anything else. Use transactions for LDBs.
diff --git a/python/samba/provision/sambadns.py b/python/samba/provision/sambadns.py
index 01398bbc346..952e875c862 100644
--- a/python/samba/provision/sambadns.py
+++ b/python/samba/provision/sambadns.py
@@ -874,9 +874,9 @@ def create_samdb_copy(samdb, logger, paths, names, domainsid, domainguid):
setup_add_ldif(dom_ldb,
setup_path("provision_basedn_options.ldif"), None)
- except:
+ except Exception as err:
logger.error(
- "Failed to setup database for BIND, AD based DNS cannot be used")
+ f"Failed to setup database for BIND, AD based DNS cannot be used: {err}")
raise
# This line is critical to the security of the whole scheme.
@@ -914,9 +914,9 @@ def create_samdb_copy(samdb, logger, paths, names, domainsid, domainguid):
# lock file as well
os.link(os.path.join(private_dir, forestzone_file + "-lock"),
os.path.join(dns_dir, forestzone_file + "-lock"))
- except OSError:
+ except OSError as err:
logger.error(
- "Failed to setup database for BIND, AD based DNS cannot be used")
+ f"Failed to setup database for BIND, AD based DNS cannot be used: {err}")
raise
del partfile[domainzonedn]
if forestzone_file:
@@ -935,9 +935,9 @@ def create_samdb_copy(samdb, logger, paths, names, domainsid, domainguid):
else:
tdb_copy(os.path.join(private_dir, pfile),
os.path.join(dns_dir, pfile))
- except:
+ except Exception as err:
logger.error(
- "Failed to setup database for BIND, AD based DNS cannot be used")
+ f"Failed to setup database for BIND, AD based DNS cannot be used: {err}")
raise
# Give bind read/write permissions dns partitions
diff --git a/python/samba/tests/domain_backup.py b/python/samba/tests/domain_backup.py
index 7ec5d3afa52..af87a93f736 100644
--- a/python/samba/tests/domain_backup.py
+++ b/python/samba/tests/domain_backup.py
@@ -358,7 +358,7 @@ class DomainBackupBase(BlackboxTestCase):
"""Check the user secrets in the restored DB match what's expected"""
# check secrets for the built-in testenv users match what's expected
- test_users = ["alice", "bob", "jane"]
+ test_users = ["alice", "bob", "jane", "joe"]
for user in test_users:
self.assert_user_secrets(samdb, user, expect_secrets)
diff --git a/python/samba/tests/dsdb.py b/python/samba/tests/dsdb.py
index 4d5b620401d..3d5e7484629 100644
--- a/python/samba/tests/dsdb.py
+++ b/python/samba/tests/dsdb.py
@@ -946,7 +946,7 @@ class DsdbTests(TestCase):
self.samdb.modify(msg)
#
- # Finally ry the non-linked attribute 'assistant'
+ # Finally try the non-linked attribute 'assistant'
# but with non existing GUID, SID, DN
#
msg = ldb.Message()
diff --git a/python/samba/tests/kcc/kcc_utils.py b/python/samba/tests/kcc/kcc_utils.py
index c1af998f402..e6b11d614e0 100644
--- a/python/samba/tests/kcc/kcc_utils.py
+++ b/python/samba/tests/kcc/kcc_utils.py
@@ -338,7 +338,7 @@ class SiteCoverageTests(samba.tests.TestCase):
[site4, site5, site6, uncovered_dn1],
cost=50)
- # Join to Uncovered2 (no preferene on site links)
+ # Join to Uncovered2 (no preference on site links)
self._add_site_link(self.prefix + "link1B",
[site1, site2, site3, uncovered_dn2],
cost=50)
diff --git a/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py b/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
index 4feb3bb7611..23a3fce55ed 100755
--- a/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
+++ b/python/samba/tests/krb5/ms_kile_client_principal_lookup_tests.py
@@ -50,7 +50,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
self.do_asn1_print = global_asn1_print
self.do_hexdump = global_hexdump
- def check_pac(self, samdb, auth_data, uc, name, upn=None):
+ def check_pac(self, auth_data, uc, name, upn=None):
pac_data = self.get_pac_data(auth_data)
if upn is None:
@@ -134,7 +134,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
# Check the contents of the pac, and the ticket
ticket = rep['ticket']
enc_part = self.decode_service_ticket(mc, ticket)
- self.check_pac(samdb, enc_part['authorization-data'], uc, user_name)
+ self.check_pac(enc_part['authorization-data'], uc, user_name)
# check the crealm and cname
cname = enc_part['cname']
self.assertEqual(NT_PRINCIPAL, cname['name-type'])
@@ -192,7 +192,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
# Check the contents of the pac, and the ticket
ticket = rep['ticket']
enc_part = self.decode_service_ticket(mc, ticket)
- self.check_pac(samdb, enc_part['authorization-data'], mc, mach_name + '$')
+ self.check_pac(enc_part['authorization-data'], mc, mach_name + '$')
# check the crealm and cname
cname = enc_part['cname']
self.assertEqual(NT_PRINCIPAL, cname['name-type'])
@@ -256,7 +256,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
# Check the contents of the service ticket
ticket = rep['ticket']
enc_part = self.decode_service_ticket(mc, ticket)
- self.check_pac(samdb, enc_part['authorization-data'], uc, upn_name)
+ self.check_pac(enc_part['authorization-data'], uc, upn_name)
# check the crealm and cname
cname = enc_part['cname']
self.assertEqual(NT_PRINCIPAL, cname['name-type'])
@@ -387,8 +387,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
# Check the contents of the pac, and the ticket
ticket = rep['ticket']
enc_part = self.decode_service_ticket(mc, ticket)
- self.check_pac(samdb,
- enc_part['authorization-data'], uc, user_name)
+ self.check_pac(enc_part['authorization-data'], uc, user_name)
# check the crealm and cname
cname = enc_part['cname']
self.assertEqual(NT_PRINCIPAL, cname['name-type'])
@@ -403,7 +402,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
This test uses the altsecid, so the AS-REQ should fail.
"""
- # Create user and machine accounts for the test.
+ # Create a user account for the test.
#
samdb = self.get_samdb()
user_name = "mskileusr"
@@ -413,10 +412,6 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
alt_sec = "Kerberos:%s@%s" % (alt_name, realm)
self.add_attribute(samdb, dn, "altSecurityIdentities", alt_sec)
- mach_name = "mskilemac"
- (mc, _) = self.create_account(samdb, mach_name,
- account_type=self.AccountType.COMPUTER)
-
# Do the initial AS-REQ, should get a pre-authentication required
# response
etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5)
@@ -492,8 +487,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
# Check the contents of the pac, and the ticket
ticket = rep['ticket']
enc_part = self.decode_service_ticket(mc, ticket)
- self.check_pac(
- samdb, enc_part['authorization-data'], uc, upn, upn=upn)
+ self.check_pac(enc_part['authorization-data'], uc, upn, upn=upn)
# check the crealm and cname
cname = enc_part['cname']
crealm = enc_part['crealm']
@@ -557,8 +551,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
# Check the contents of the pac, and the ticket
ticket = rep['ticket']
enc_part = self.decode_service_ticket(mc, ticket)
- self.check_pac(
- samdb, enc_part['authorization-data'], uc, ename, upn=ename)
+ self.check_pac(enc_part['authorization-data'], uc, ename, upn=ename)
# check the crealm and cname
cname = enc_part['cname']
crealm = enc_part['crealm']
@@ -623,8 +616,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
# Check the contents of the pac, and the ticket
ticket = rep['ticket']
enc_part = self.decode_service_ticket(mc, ticket)
- self.check_pac(
- samdb, enc_part['authorization-data'], mc, ename, upn=uname)
+ self.check_pac(enc_part['authorization-data'], mc, ename, upn=uname)
# check the crealm and cname
cname = enc_part['cname']
crealm = enc_part['crealm']
@@ -759,8 +751,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
# Check the contents of the pac, and the ticket
ticket = rep['ticket']
enc_part = self.decode_service_ticket(mc, ticket)
- self.check_pac(
- samdb, enc_part['authorization-data'], uc, uname, upn=uname)
+ self.check_pac(enc_part['authorization-data'], uc, uname, upn=uname)
# check the crealm and cname
cname = enc_part['cname']
self.assertEqual(NT_ENTERPRISE_PRINCIPAL, cname['name-type'])
@@ -775,7 +766,7 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
This test uses the altsecid, so the AS-REQ should fail.
"""
- # Create user and machine accounts for the test.
+ # Create a user account for the test.
#
samdb = self.get_samdb()
user_name = "mskileusr"
@@ -786,10 +777,6 @@ class MS_Kile_Client_Principal_Lookup_Tests(KDCBaseTest):
self.add_attribute(samdb, dn, "altSecurityIdentities", alt_sec)
ename = alt_name + "@" + realm
- mach_name = "mskilemac"
- (mc, _) = self.create_account(samdb, mach_name,
- account_type=self.AccountType.COMPUTER)
-
# Do the initial AS-REQ, should get a pre-authentication required
# response
etype = (AES256_CTS_HMAC_SHA1_96, ARCFOUR_HMAC_MD5)
diff --git a/python/samba/tests/samba_tool/group.py b/python/samba/tests/samba_tool/group.py
index e7a660c75e1..e8c0960849f 100644
--- a/python/samba/tests/samba_tool/group.py
+++ b/python/samba/tests/samba_tool/group.py
@@ -332,7 +332,7 @@ class GroupCmdTestCase(SambaToolCmdTest):
for groupobj in grouplist:
name = str(groupobj.get("dn", idx=0))
- found = self.assertMatch(out, name, "group '%s' not found" % name)
+ self.assertMatch(out, name, "group '%s' not found" % name)
def test_move(self):
diff --git a/source3/libnet/libnet_dssync_keytab.c b/source3/libnet/libnet_dssync_keytab.c
index a4fc4e98b0c..0c437da2f43 100644
--- a/source3/libnet/libnet_dssync_keytab.c
+++ b/source3/libnet/libnet_dssync_keytab.c
@@ -248,7 +248,7 @@ static NTSTATUS store_or_fetch_attribute(TALLOC_CTX *mem_ctx,
struct libnet_keytab_entry *entry = NULL;
char *principal = NULL;
- D_DEBUG("looking for %s/%s@%s in keytayb...\n",
+ D_DEBUG("looking for %s/%s@%s in keytab...\n",
attr, object_dn, ctx->dns_domain_name);
principal = talloc_asprintf(mem_ctx,
diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c
index 9a47f034d38..b1500b85e0b 100644
--- a/source3/libsmb/namequery.c
+++ b/source3/libsmb/namequery.c
@@ -1701,6 +1701,10 @@ static struct tevent_req *name_queries_send(
struct tevent_req *req, *subreq;
struct name_queries_state *state;
+ if (num_addrs == 0) {
+ return NULL;
+ }
+
req = tevent_req_create(mem_ctx, &state,
struct name_queries_state);
if (req == NULL) {
@@ -1905,6 +1909,14 @@ struct tevent_req *name_resolve_bcast_send(TALLOC_CTX *mem_ctx,
"for name %s<0x%x>\n", name, name_type));
num_addrs = iface_count();
+ if (num_addrs == 0) {
+ DBG_INFO("name_resolve_bcast(%s#%02x): no interfaces are available\n",
+ name,
+ name_type);
+ tevent_req_nterror(req, NT_STATUS_INVALID_PARAMETER);
+ return tevent_req_post(req, ev);
+ }
+
bcast_addrs = talloc_array(state, struct sockaddr_storage, num_addrs);
if (tevent_req_nomem(bcast_addrs, req)) {
return tevent_req_post(req, ev);
diff --git a/source4/dsdb/kcc/kcc_drs_replica_info.c b/source4/dsdb/kcc/kcc_drs_replica_info.c
index 59759267e01..e52388e8557 100644
--- a/source4/dsdb/kcc/kcc_drs_replica_info.c
+++ b/source4/dsdb/kcc/kcc_drs_replica_info.c
@@ -386,9 +386,7 @@ struct ncList {
static WERROR get_master_ncs(TALLOC_CTX *mem_ctx, struct ldb_context *samdb,
const char *ntds_guid_str, struct ncList **master_nc_list)
{
- const char *post_2003_attrs[] = { "msDS-hasMasterNCs", "hasPartialReplicaNCs", NULL };
- const char *pre_2003_attrs[] = { "hasMasterNCs", "hasPartialReplicaNCs", NULL };
- const char **attrs = post_2003_attrs;
+ const char *attrs[] = { "msDS-hasMasterNCs", "hasPartialReplicaNCs", NULL };
struct ldb_result *res;
struct ncList *nc_list = NULL;
struct ncList *nc_list_elem;
@@ -398,15 +396,7 @@ static WERROR get_master_ncs(TALLOC_CTX *mem_ctx, struct ldb_context *samdb,
/* In W2003 and greater, msDS-hasMasterNCs attribute lists the writable NC replicas */
ret = ldb_search(samdb, mem_ctx, &res, ldb_get_config_basedn(samdb),
- LDB_SCOPE_DEFAULT, post_2003_attrs, "(objectguid=%s)", ntds_guid_str);
-
- if (ret != LDB_SUCCESS) {
- DEBUG(0,(__location__ ": Failed objectguid search - %s\n", ldb_errstring(samdb)));
-
- attrs = post_2003_attrs;
- ret = ldb_search(samdb, mem_ctx, &res, ldb_get_config_basedn(samdb),
- LDB_SCOPE_DEFAULT, pre_2003_attrs, "(objectguid=%s)", ntds_guid_str);
- }
+ LDB_SCOPE_DEFAULT, attrs, "(objectguid=%s)", ntds_guid_str);
if (ret != LDB_SUCCESS) {
DEBUG(0,(__location__ ": Failed objectguid search - %s\n", ldb_errstring(samdb)));
diff --git a/source4/dsdb/kcc/kcc_periodic.c b/source4/dsdb/kcc/kcc_periodic.c
index 7f0a5320a2a..df38f00e776 100644
--- a/source4/dsdb/kcc/kcc_periodic.c
+++ b/source4/dsdb/kcc/kcc_periodic.c
@@ -1,23 +1,23 @@
-/*
+/*
Unix SMB/CIFS Implementation.
KCC service periodic handling
-
+
Copyright (C) Andrew Tridgell 2009
based on repl service code
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see .
-
+
*/
#include "includes.h"
@@ -207,7 +207,7 @@ NTSTATUS kccsrv_add_repsFrom(struct kccsrv_service *s, TALLOC_CTX *mem_ctx,
werr = dsdb_loadreps(s->samdb, mem_ctx, p->dn, "repsFrom", &our_reps, &our_count);
if (!W_ERROR_IS_OK(werr)) {
- DEBUG(0,(__location__ ": Failed to load repsFrom from %s - %s\n",
--
Samba Shared Repository
From pfilipensky at samba.org Mon Aug 5 13:30:01 2024
From: pfilipensky at samba.org (Pavel Filipensky)
Date: Mon, 05 Aug 2024 13:30:01 +0000
Subject: [SCM] Samba Shared Repository - branch master updated
Message-ID:
The branch, master has been updated
via a5f47f6efe6 docs-xml: Delete descriptions for removed commands "net ads keytab add" and "net ads keytab add_update_ads"
via 374680010d4 docs-xml: Fix trailing whitespace in net.8.xml
via 6c627903ee4 docs:smbdotconf: Improve formatting of 'sync machine password to keytab'
from 5851ae55542 ldb: Fix ldb public library header files being unusable
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit a5f47f6efe67e02d7a12f30b4e6fb76bcd6aa71c
Author: Pavel Filipensk?
Date: Thu Aug 1 22:39:58 2024 +0200
docs-xml: Delete descriptions for removed commands "net ads keytab add" and "net ads keytab add_update_ads"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
Signed-off-by: Pavel Filipensk?
Reviewed-by: Reviewed-by: Martin Schwenke
Autobuild-User(master): Pavel Filipensky
Autobuild-Date(master): Mon Aug 5 13:29:25 UTC 2024 on atb-devel-224
commit 374680010d42d3bca52791159dba7b42eb8d0d6c
Author: Pavel Filipensk?
Date: Thu Aug 1 22:39:56 2024 +0200
docs-xml: Fix trailing whitespace in net.8.xml
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
Signed-off-by: Pavel Filipensk?
Reviewed-by: Reviewed-by: Martin Schwenke
commit 6c627903ee466cd1559d7f58821221c4dd668d1f
Author: Pavel Filipensk?
Date: Thu Aug 1 21:49:19 2024 +0200
docs:smbdotconf: Improve formatting of 'sync machine password to keytab'
Hint: review this commit with ignoring white space changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
Signed-off-by: Pavel Filipensk?
Reviewed-by: Reviewed-by: Martin Schwenke
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages/net.8.xml | 190 +++++++--------------
.../security/syncmachinepasswordtokeytab.xml | 77 +++++----
2 files changed, 102 insertions(+), 165 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml
index c284cc25b49..61a1e6362ce 100644
--- a/docs-xml/manpages/net.8.xml
+++ b/docs-xml/manpages/net.8.xml
@@ -80,12 +80,12 @@
This tool is part of the samba
7 suite.
- The Samba net utility is meant to work just like the net utility
- available for windows and DOS. The first argument should be used
- to specify the protocol to use when executing a certain command.
- ADS is used for ActiveDirectory, RAP is using for old (Win9x/NT3)
- clients and RPC can be used for NT4 and Windows 2000. If this
- argument is omitted, net will try to determine it automatically.
+ The Samba net utility is meant to work just like the net utility
+ available for windows and DOS. The first argument should be used
+ to specify the protocol to use when executing a certain command.
+ ADS is used for ActiveDirectory, RAP is using for old (Win9x/NT3)
+ clients and RPC can be used for NT4 and Windows 2000. If this
+ argument is omitted, net will try to determine it automatically.
Not all commands are available on all protocols.
@@ -98,7 +98,7 @@
-w|--target-workgroup target-workgroup
- Sets target workgroup or domain. You have to specify
+ Sets target workgroup or domain. You have to specify
either this option or the IP address or the name of a server.
@@ -115,7 +115,7 @@
-p|--port port
- Port on the target server to connect to (usually 139 or 445).
+ Port on the target server to connect to (usually 139 or 445).
Defaults to trying 445 first, then 139.
@@ -123,7 +123,7 @@
-S|--server server
- Name of target server. You should specify either
+ Name of target server. You should specify either
this option or a target workgroup or a target IP address.
@@ -524,7 +524,7 @@ YOU HAVE BEEN WARNED.
TIME
-Without any options, the NET TIME command
+Without any options, the NET TIME command
displays the time on the remote server. The remote server must be
specified with the -S option.
@@ -542,7 +542,7 @@ The remote server must be specified with the -S option.
TIME SET
-Tries to set the date and time of the local server to that on
+Tries to set the date and time of the local server to that on
the remote server using /bin/date.
The remote server must be specified with the -S option.
@@ -565,8 +565,8 @@ The remote server must be specified with the -S option.
[osName=string osVer=string] [options]
-Join a domain. If the account already exists on the server, and
-[TYPE] is MEMBER, the machine will attempt to join automatically.
+Join a domain. If the account already exists on the server, and
+[TYPE] is MEMBER, the machine will attempt to join automatically.
(Assuming that the machine has been created in server manager)
Otherwise, a password will be prompted for, and a new account may
be created.
@@ -590,7 +590,7 @@ format is host/netbiosname at REALM.
[OU] (ADS only) Precreate the computer account in a specific OU. The
OU string reads from top to bottom without RDNs, and is delimited by
a '/'. Please note that '\' is used for escape by both the shell
-and ldap, so it may need to be doubled or quadrupled to pass through,
+and ldap, so it may need to be doubled or quadrupled to pass through,
and it is not used as a delimiter.
@@ -607,8 +607,8 @@ must be specified for either to take effect.
[RPC] OLDJOIN [options]
-Join a domain. Use the OLDJOIN option to join the domain
-using the old style of domain joining - you need to create a trust
+Join a domain. Use the OLDJOIN option to join the domain
+using the old style of domain joining - you need to create a trust
account in server manager first.
@@ -692,8 +692,8 @@ account in server manager first.
[RAP|RPC] SHARE ADD name=serverpath [-C comment] [-M maxusers] [targets]
-Adds a share from a server (makes the export active). Maxusers
-specifies the number of users that can be connected to the
+Adds a share from a server (makes the export active). Maxusers
+specifies the number of users that can be connected to the
share simultaneously.
@@ -718,7 +718,7 @@ share simultaneously.
[RPC|RAP] FILE CLOSE fileid
-Close file with specified fileid on
+Close file with specified fileid on
remote server.
@@ -727,7 +727,7 @@ remote server.
[RPC|RAP] FILE INFO fileid
-Print information on specified fileid.
+Print information on specified fileid.
Currently listed are: file-id, username, locks, path, permissions.
@@ -739,7 +739,7 @@ Currently listed are: file-id, username, locks, path, permissions.
List files opened by specified user.
Please note that net rap file user does not work
-against Samba servers.
+against Samba servers.
@@ -752,7 +752,7 @@ against Samba servers.
RAP SESSION
-Without any other options, SESSION enumerates all active SMB/CIFS
+Without any other options, SESSION enumerates all active SMB/CIFS
sessions on the target server.
@@ -784,7 +784,7 @@ to local domain.
RAP DOMAIN
-Lists all domains and workgroups visible on the
+Lists all domains and workgroups visible on the
current network.
@@ -796,7 +796,7 @@ current network.
RAP PRINTQ INFO QUEUE_NAME
Lists the specified print queue and print jobs on the server.
-If the QUEUE_NAME is omitted, all
+If the QUEUE_NAME is omitted, all
queues are listed.
@@ -814,9 +814,9 @@ queues are listed.
RAP VALIDATE user [password]
-Validate whether the specified user can log in to the
-remote server. If the password is not specified on the commandline, it
-will be prompted.
+Validate whether the specified user can log in to the
+remote server. If the password is not specified on the commandline, it
+will be prompted.
¬.implemented;
@@ -852,7 +852,7 @@ will be prompted.
RAP ADMIN command
-Execute the specified command on
+Execute the specified command on
the remote server. Only works with OS/2 servers.
@@ -899,7 +899,7 @@ Change password of USER from OLDPASSLOOKUP HOST HOSTNAME [TYPE]
-Lookup the IP address of the given host with the specified type (netbios suffix).
+Lookup the IP address of the given host with the specified type (netbios suffix).
The type defaults to 0x20 (workstation).
@@ -965,7 +965,7 @@ or workgroup. Defaults to local domain.
CACHE
-Samba uses a general caching interface called 'gencache'. It
+Samba uses a general caching interface called 'gencache'. It
can be controlled using 'NET CACHE'.
All the timeout parameters support the suffixes:
@@ -1044,7 +1044,7 @@ omitted, the SID of the local server.
GETDOMAINSID
-Prints the local machine SID and the SID of the current
+Prints the local machine SID and the SID of the current
domain.
@@ -1158,15 +1158,15 @@ such as domain name, domain sid and number of users and groups.
RPC TRUSTDOM ADD DOMAIN
-Add a interdomain trust account for DOMAIN.
-This is in fact a Samba account named DOMAIN$
-with the account flag 'I' (interdomain trust account).
+Add a interdomain trust account for DOMAIN.
+This is in fact a Samba account named DOMAIN$
+with the account flag 'I' (interdomain trust account).
This is required for incoming trusts to work. It makes Samba be a
trusted domain of the foreign (trusting) domain.
Users of the Samba domain will be made available in the foreign domain.
-If the command is used against localhost it has the same effect as
+If the command is used against localhost it has the same effect as
smbpasswd -a -i DOMAIN. Please note that both commands
-expect a appropriate UNIX account.
+expect a appropriate UNIX account.
@@ -1174,9 +1174,9 @@ expect a appropriate UNIX account.
RPC TRUSTDOM DEL DOMAIN
-Remove interdomain trust account for
-DOMAIN. If it is used against localhost
-it has the same effect as smbpasswd -x DOMAIN$.
+Remove interdomain trust account for
+DOMAIN. If it is used against localhost
+it has the same effect as smbpasswd -x DOMAIN$.
@@ -1185,7 +1185,7 @@ it has the same effect as smbpasswd -x DOMAIN$.
RPC TRUSTDOM ESTABLISH DOMAIN
-Establish a trust relationship to a trusted domain.
+Establish a trust relationship to a trusted domain.
Interdomain account must already be created on the remote PDC.
This is required for outgoing trusts to work. It makes Samba be a
trusting domain of a foreign (trusted) domain.
@@ -1326,9 +1326,9 @@ net rpc trust delete \
RPC RIGHTS
-This subcommand is used to view and manage Samba's rights assignments (also
-referred to as privileges). There are three options currently available:
-list, grant, and
+This subcommand is used to view and manage Samba's rights assignments (also
+referred to as privileges). There are three options currently available:
+list, grant, and
revoke. More details on Samba's privilege model and its use
can be found in the Samba-HOWTO-Collection.
@@ -1367,14 +1367,14 @@ Force shutting down all applications.
-t timeout
-Timeout before system will be shut down. An interactive
+Timeout before system will be shut down. An interactive
user of the system can use this time to cancel the shutdown.
-C message
-Display the specified message on the screen to
+Display the specified message on the screen to
announce the shutdown.
@@ -1391,8 +1391,8 @@ to run this against the PDC, from a Samba machine joined as a BDC.
RPC VAMPIRE
-Export users, aliases and groups from remote server to
-local server. You need to run this against the PDC, from a Samba machine joined as a BDC.
+Export users, aliases and groups from remote server to
+local server. You need to run this against the PDC, from a Samba machine joined as a BDC.
This vampire command cannot be used against an Active Directory, only
against an NT4 Domain Controller.
@@ -1486,7 +1486,7 @@ against an NT4 Domain Controller.
ADS STATUS
Print out status of machine account of the local machine in ADS.
-Prints out quite some debug info. Aimed at developers, regular
+Prints out quite some debug info. Aimed at developers, regular
users should use NET ADS TESTJOIN.
@@ -1498,7 +1498,7 @@ users should use NET ADS TESTJOIN.
ADS PRINTER INFO [PRINTER] [SERVER]
-Lookup info for PRINTER on SERVER. The printer name defaults to "*", the
+Lookup info for PRINTER on SERVER. The printer name defaults to "*", the
server name defaults to the local host.
@@ -1522,8 +1522,8 @@ server name defaults to the local host.
ADS SEARCH EXPRESSION ATTRIBUTES...
-Perform a raw LDAP search on a ADS server and dump the results. The
-expression is a standard LDAP search expression, and the
+Perform a raw LDAP search on a ADS server and dump the results. The
+expression is a standard LDAP search expression, and the
attributes are a list of LDAP fields to show in the results.
Example: net ads search '(objectCategory=group)' sAMAccountName
@@ -1535,9 +1535,9 @@ attributes are a list of LDAP fields to show in the results.
ADS DN DN (attributes)
-Perform a raw LDAP search on a ADS server and dump the results. The
-DN standard LDAP DN, and the attributes are a list of LDAP fields
-to show in the result.
+Perform a raw LDAP search on a ADS server and dump the results. The
+DN standard LDAP DN, and the attributes are a list of LDAP fields
+to show in the result.
Example: net ads dn 'CN=administrator,CN=Users,DC=my,DC=domain' SAMAccountName
@@ -1557,76 +1557,6 @@ are made to the computer AD account.
-
-ADS KEYTAB ADD (principal | machine | serviceclass | windows SPN
-
-
-Adds a new keytab entry, the entry can be either;
-
- kerberos principal
-
- A kerberos principal (identified by the presence of '@') is just
- added to the keytab file.
-
-
- machinename
-
- A machinename (identified by the trailing '$') is used to create a
- a kerberos principal 'machinename at realm' which is added to the
- keytab file.
-
-
- serviceclass
-
- A serviceclass (such as 'cifs', 'html' etc.) is used to create a pair
- of kerberos principals 'serviceclass/fully_qualified_dns_name at realm' &
- 'serviceclass/netbios_name at realm' which are added to the keytab file.
-
-
- Windows SPN
-
- A Windows SPN is of the format 'serviceclass/host:port', it is used to
- create a kerberos principal 'serviceclass/host at realm' which will
- be written to the keytab file.
-
-
-
-
-
-Unlike old versions no computer AD objects are modified by this command. To
-preserve the behaviour of older clients 'net ads keytab ad_update_ads' is
-available.
-
-
-
-
-ADS KEYTAB ADD_UPDATE_ADS (principal | machine | serviceclass | windows SPN
-
-
-Adds a new keytab entry (see section for net ads keytab add). In addition to
-adding entries to the keytab file corresponding Windows SPNs are created
-from the entry passed to this command. These SPN(s) added to the AD computer
-account object associated with the client machine running this command for
-the following entry types;
-
- serviceclass
-
- A serviceclass (such as 'cifs', 'html' etc.) is used to create a
- pair of Windows SPN(s) 'param/full_qualified_dns' &
- 'param/netbios_name' which are added to the AD computer account object
- for this client.
-
-
- Windows SPN
-
- A Windows SPN is of the format 'serviceclass/host:port', it is
- added as passed to the AD computer account object for this client.
-
-
-
-
-
-
ADS setspn SETSPN LIST [machine]
@@ -2281,7 +2211,7 @@ share (no creation of new files or directories or writing to files).
-The default if no "acl" is given is "Everyone:R", which means any
+The default if no "acl" is given is "Everyone:R", which means any
authenticated user has read-only access.
@@ -3675,20 +3605,20 @@ net witness force-response Force an AsyncNotify response based on json input (
VERSION
- This man page is complete for version 3 of the Samba
+ This man page is complete for version 3 of the Samba
suite.
AUTHOR
-
- The original Samba software and related utilities
+
+ The original Samba software and related utilities
were created by Andrew Tridgell. Samba is now developed
- by the Samba Team as an Open Source project similar
+ by the Samba Team as an Open Source project similar
to the way the Linux kernel is developed.
The net manpage was written by Jelmer Vernooij.
-
+
diff --git a/docs-xml/smbdotconf/security/syncmachinepasswordtokeytab.xml b/docs-xml/smbdotconf/security/syncmachinepasswordtokeytab.xml
index 48d89213acf..b749ecb5c66 100644
--- a/docs-xml/smbdotconf/security/syncmachinepasswordtokeytab.xml
+++ b/docs-xml/smbdotconf/security/syncmachinepasswordtokeytab.xml
@@ -3,8 +3,9 @@
type="cmdlist"
xmlns:samba="http://www.samba.org/samba/DTD/samba-doc">
- This option allows you to describe what keytabs and how should be
- updated when machine account is changed via one of these commands
+
+This option allows you to describe what keytabs and how should be updated when
+machine account is changed via one of these commands
wbinfo --change-secret
@@ -13,57 +14,63 @@ net rpc changetrustpw
net ads changetrustpw
- or by winbindd doing regular updates (see )
-
+or by winbindd doing regular updates (see )
-The option takes a list of keytab strings. Each string has this form:
-
+
+The option takes a list of keytab strings. Each string has this form:
- absolute_path_to_keytab:spn_spec[:sync_etypes][:sync_kvno][:netbios_aliases][:additional_dns_hostnames][:machine_password]
+absolute_path_to_keytab:spn_spec[:sync_etypes][:sync_kvno][:netbios_aliases][:additional_dns_hostnames][:machine_password]
- where spn_spec can have exactly one of these three forms:
+where spn_spec can have exactly one of these four forms:
- account_name
- sync_spns
- spn_prefixes=value1[,value2[...]]
- spns=value1[,value2[...]]
+account_name
+sync_spns
+spn_prefixes=value1[,value2[...]]
+spns=value1[,value2[...]]
-
- No other combinations are allowed.
-
--
Samba Shared Repository
From anoopcs at samba.org Mon Aug 5 16:07:02 2024
From: anoopcs at samba.org (Anoop C S)
Date: Mon, 05 Aug 2024 16:07:02 +0000
Subject: [SCM] Samba Shared Repository - branch master updated
Message-ID:
The branch, master has been updated
via de2f76fa47e vfs_ceph_new: Unconditionally use ceph_select_filesystem
via d8c84a2993b docs-xml/manpages: add entry for vfs_ceph_new
from a5f47f6efe6 docs-xml: Delete descriptions for removed commands "net ads keytab add" and "net ads keytab add_update_ads"
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit de2f76fa47e6e672ce353ea9d3dc4019965c6491
Author: Anoop C S
Date: Fri Aug 2 11:10:28 2024 +0530
vfs_ceph_new: Unconditionally use ceph_select_filesystem
Currently we don't have an explicit check for the presence of
ceph_select_filesystem() libcephfs API as it is always found to
be present with the minimum ceph version that is supported with
Samba right now. Therefore under this assumption directly call
ceph_select_filesystem() without any #ifdefs. Please note that
this change is already part of vfs_ceph via ef0068cd.
ref: https://gitlab.com/samba-team/samba/-/merge_requests/3715
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Anoop C S
Reviewed-by: Guenther Deschner
Autobuild-User(master): Anoop C S
Autobuild-Date(master): Mon Aug 5 16:06:47 UTC 2024 on atb-devel-224
commit d8c84a2993b84ebb69011c33c1b5d44801c15363
Author: Shachar Sharon
Date: Tue Feb 20 19:37:45 2024 +0200
docs-xml/manpages: add entry for vfs_ceph_new
Create man entry for the newly added vfs_ceph_new module: almost
identical to existing vfs_ceph, except to the configuration entry:
[sharename]
vfs objects = ceph_new
...
Adds a bit of info for the motivation behind this new module.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon
Reviewed-by: Guenther Deschner
Reviewed-by: Anoop C S
-----------------------------------------------------------------------
Summary of changes:
.../{vfs_ceph.8.xml => vfs_ceph_new.8.xml} | 48 +++++++++++++---------
docs-xml/wscript_build | 1 +
source3/modules/vfs_ceph_new.c | 19 +--------
3 files changed, 31 insertions(+), 37 deletions(-)
copy docs-xml/manpages/{vfs_ceph.8.xml => vfs_ceph_new.8.xml} (71%)
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages/vfs_ceph.8.xml b/docs-xml/manpages/vfs_ceph_new.8.xml
similarity index 71%
copy from docs-xml/manpages/vfs_ceph.8.xml
copy to docs-xml/manpages/vfs_ceph_new.8.xml
index 47b5523b9a1..7a65b965ce0 100644
--- a/docs-xml/manpages/vfs_ceph.8.xml
+++ b/docs-xml/manpages/vfs_ceph_new.8.xml
@@ -1,9 +1,9 @@
-
+
- vfs_ceph
+ vfs_ceph_new
8
Samba
System Administration tools
@@ -12,15 +12,15 @@
- vfs_ceph
+ vfs_ceph_new
- Utilize features provided by CephFS
+ Utilize features provided by libcephfs low-level APIs
- vfs objects = ceph
+ vfs objects = ceph_new
@@ -32,7 +32,7 @@
8 suite.
- The vfs_ceph VFS module exposes
+ The vfs_ceph_new VFS module exposes
CephFS specific features for use by Samba.
@@ -51,37 +51,47 @@
- vfs_ceph performs mapping between Windows and
- POSIX Access Control Lists (ACLs). To ensure correct processing
- and enforcement of POSIX ACLs, the following Ceph configuration
- parameters are automatically applied:
+ vfs_ceph_new performs mapping between Windows
+ and POSIX Access Control Lists (ACLs). To ensure correct
+ processing and enforcement of POSIX ACLs, the following Ceph
+ configuration parameters are automatically applied:
client acl type = posix_acl
fuse default permissions = false
+
+
+ NOTE:
+ This is a second implementation of a ceph module which uses libcephfs
+ low-level APIs (compared to the original
+ vfs_ceph
+ 8 module which uses path-based
+ APIs). Using the low-level API allows more optimized and fine-grained
+ access to the Ceph storage layer.
+
CONFIGURATION
- vfs_ceph requires that the underlying share
- path is a Ceph filesystem.
+ vfs_ceph_new requires that the underlying
+ share path is a Ceph filesystem.
- ceph
+ ceph_new
/non-mounted/cephfs/path
no
- Since vfs_ceph does not require a filesystem
- mount, the share path is treated differently:
- it is interpreted as an absolute path within the Ceph filesystem
- on the attached Ceph cluster.
+ Since vfs_ceph_new does not require a
+ filesystem mount, the share path is treated
+ differently: it is interpreted as an absolute path within the
+ Ceph filesystem on the attached Ceph cluster.
In a ctdb cluster environment where ctdb manages Samba,
CTDB_SAMBA_SKIP_SHARE_CHECK=yes must be
configured to disable local share path checks, otherwise ctdb
@@ -133,8 +143,8 @@
Allows one to explicitly select the CephFS file system
to use when the Ceph cluster supports more than one
- file system. Empty by default (use the default file system
- of the Ceph cluster).
+ file system. Empty by default (use the default file
+ system of the Ceph cluster).
Example: ceph:filesystem = myfs2
diff --git a/docs-xml/wscript_build b/docs-xml/wscript_build
index 434afacaf1e..967e18a6596 100644
--- a/docs-xml/wscript_build
+++ b/docs-xml/wscript_build
@@ -78,6 +78,7 @@ vfs_module_manpages = ['vfs_acl_tdb',
'vfs_cap',
'vfs_catia',
'vfs_ceph',
+ 'vfs_ceph_new',
'vfs_ceph_snapshots',
'vfs_commit',
'vfs_crossrename',
diff --git a/source3/modules/vfs_ceph_new.c b/source3/modules/vfs_ceph_new.c
index 3c82730f87c..99d4a1fe407 100644
--- a/source3/modules/vfs_ceph_new.c
+++ b/source3/modules/vfs_ceph_new.c
@@ -169,23 +169,6 @@ static char *cephmount_get_cookie(TALLOC_CTX * mem_ctx, const int snum)
fsname);
}
-static int cephmount_select_fs(struct ceph_mount_info *mnt, const char *fsname)
-{
- /*
- * ceph_select_filesystem was added in ceph 'nautilus' (v14).
- * Earlier versions of libcephfs will lack that API function.
- * At the time of this writing (Feb 2023) all versions of ceph
- * supported by ceph upstream have this function.
- */
-#if defined(HAVE_CEPH_SELECT_FILESYSTEM)
- DBG_DEBUG("[CEPH] calling: ceph_select_filesystem with %s\n", fsname);
- return ceph_select_filesystem(mnt, fsname);
-#else
- DBG_ERR("[CEPH] ceph_select_filesystem not available\n");
- return -ENOTSUP;
-#endif
-}
-
static struct ceph_mount_info *cephmount_mount_fs(const int snum)
{
int ret;
@@ -235,7 +218,7 @@ static struct ceph_mount_info *cephmount_mount_fs(const int snum)
* 'pacific'. Permit different shares to access different file systems.
*/
if (fsname != NULL) {
- ret = cephmount_select_fs(mnt, fsname);
+ ret = ceph_select_filesystem(mnt, fsname);
if (ret < 0) {
goto err_cm_release;
}
--
Samba Shared Repository
From dbagnall at samba.org Tue Aug 6 00:43:01 2024
From: dbagnall at samba.org (Douglas Bagnall)
Date: Tue, 06 Aug 2024 00:43:01 +0000
Subject: [SCM] Samba Shared Repository - branch master updated
Message-ID:
The branch, master has been updated
via 46215ab1b34 wafsamba: Fix ABI symbol name generation
from de2f76fa47e vfs_ceph_new: Unconditionally use ceph_select_filesystem
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 46215ab1b34aa79c4c831ea1c12f73eacf1e8a12
Author: Andreas Schneider
Date: Mon Aug 5 14:51:01 2024 +0200
wafsamba: Fix ABI symbol name generation
Commit 0bc5b6f29307ce758774c1b2f48ce62315fdc7f9 changed the script
for generating the ABI symbol version. It broke the ABI by changing all
dots to underscores.
This reverts the commit partially to preserve the dots in the version
part.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15673
Pair-Programmed-With: Stefan Metzmacher
Signed-off-by: Andreas Schneider
Signed-off-by: Stefan Metzmacher
Reviewed-by: Douglas Bagnall
Reviewed-by: G?nther Deschner
Autobuild-User(master): Douglas Bagnall
Autobuild-Date(master): Tue Aug 6 00:42:56 UTC 2024 on atb-devel-224
-----------------------------------------------------------------------
Summary of changes:
buildtools/wafsamba/samba_abi.py | 6 +++---
script/autobuild.py | 11 +++++++++++
2 files changed, 14 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/buildtools/wafsamba/samba_abi.py b/buildtools/wafsamba/samba_abi.py
index c82ba3424f9..e6deb839c0c 100644
--- a/buildtools/wafsamba/samba_abi.py
+++ b/buildtools/wafsamba/samba_abi.py
@@ -286,7 +286,7 @@ def abi_build_vscript(task):
f.close()
def VSCRIPT_MAP_PRIVATE(bld, libname, orig_vscript, version, private_vscript):
- version = re.sub(r'\W', '_', version).upper()
+ version = re.sub(r'[^.\w]', '_', version).upper()
t = bld.SAMBA_GENERATOR(private_vscript,
rule=abi_build_vscript,
source=orig_vscript,
@@ -314,8 +314,8 @@ def ABI_VSCRIPT(bld, libname, abi_directory, version, vscript, abi_match=None, p
libname = os.path.basename(libname)
version = os.path.basename(version)
- libname = re.sub(r'\W', '_', libname).upper()
- version = re.sub(r'\W', '_', version).upper()
+ libname = re.sub(r'[^.\w]', '_', libname).upper()
+ version = re.sub(r'[^.\w]', '_', version).upper()
t = bld.SAMBA_GENERATOR(vscript,
rule=abi_build_vscript,
diff --git a/script/autobuild.py b/script/autobuild.py
index a62ac8c162f..6a9864f6f89 100755
--- a/script/autobuild.py
+++ b/script/autobuild.py
@@ -138,6 +138,13 @@ def check_symbols(sofile, expected_symbols=""):
return "objdump --dynamic-syms " + sofile + " | " + \
"awk \'$0 !~ /" + expected_symbols + "/ {if ($2 == \"g\" && $3 ~ /D(F|O)/ && $4 ~ /(.bss|.text)/ && $7 !~ /(__gcov_|mangle_path)/) exit 1}\'"
+def check_versioned_symbol(sofile, symvol, version):
+ return "objdump --dynamic-syms " + sofile + " | " + \
+ "awk \'$7 == \"" + symvol + "\" { " + \
+ "if ($2 == \"g\" && $3 ~ /D(F|O)/ && $4 ~ /(.bss|.text)/ && " + \
+ "$6 == \"" + version + "\") print $0 }\'" + \
+ "| wc -l | grep -q \'^1$\'"
+
if args:
# If we are only running specific test,
# do not sleep randomly to wait for it to start
@@ -903,12 +910,16 @@ tasks = {
check_symbols("./bin/plugins/libnss_wins.so.2", "_nss_wins_")),
("nondevel-no-public-libwbclient",
check_symbols("./bin/shared/libwbclient.so.0", "wbc")),
+ ("nondevel-libwbclient-wbcCtxPingDc2 at WBCLIENT_0.12",
+ check_versioned_symbol("./bin/shared/libwbclient.so.0", "wbcCtxPingDc2", "WBCLIENT_0.12")),
("nondevel-no-public-pam_winbind",
check_symbols("./bin/plugins/pam_winbind.so", "pam_sm_")),
("nondevel-no-public-winbind_krb5_locator",
check_symbols("./bin/plugins/winbind_krb5_locator.so", "service_locator")),
("nondevel-no-public-async_dns_krb5_locator",
check_symbols("./bin/plugins/async_dns_krb5_locator.so", "service_locator")),
+ ("nondevel-libndr-krb5pac-ndr_pull_PAC_DATA at NDR_KRB5PAC_0.0.1",
+ check_versioned_symbol("./bin/shared/libndr-krb5pac.so.0", "ndr_pull_PAC_DATA", "NDR_KRB5PAC_0.0.1")),
("nondevel-install", "make -j install"),
("nondevel-dist", "make dist"),
--
Samba Shared Repository
From martins at samba.org Tue Aug 6 01:51:01 2024
From: martins at samba.org (Martin Schwenke)
Date: Tue, 06 Aug 2024 01:51:01 +0000
Subject: [SCM] Samba Shared Repository - branch master updated
Message-ID:
The branch, master has been updated
via a743a24d758 ctdb-doc: document nodes list configuration parameter
via 6817eff833b ctdb-tests: add a nodestatus test that uses the nodes list command
via 6d29c7f8194 ctdb-tests: add reloadnodes unit tests that use the nodes list command
via 8a5b743c436 ctdb-tests: add USENODESCOMMAND directive to fake ctdb
via cdb5646b885 ctdb-tests: add unit test coverage for listnodes with command
via cfc09171355 ctdb-tools: update cli tool to optionally load nodes from command
via ac926a506d5 ctdb-conf: add boolean arg for verbosity when loading config
via a0e8304ccf2 ctdb-server: rename ctdb_load_nodes_file to ctdb_load_nodes
via 7e7cb918066 ctdb-server: rename nodes_file field to nodes_source
via dc65e7082d6 ctdb-server: use the new "nodes list" configuration option
via 315890e845b ctdb-conf: add "nodes list" configuration option
via bab51705280 ctdb-conf: add ctdb_read_nodes_cmd function
from 46215ab1b34 wafsamba: Fix ABI symbol name generation
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit a743a24d7588af15375f7d4cafc401523c5c0a32
Author: John Mulligan
Date: Fri Aug 2 13:58:59 2024 -0400
ctdb-doc: document nodes list configuration parameter
Add the initial documentation of the node list configuration parameter.
Signed-off-by: John Mulligan
Reviewed-by: Martin Schwenke
Autobuild-User(master): Martin Schwenke
Autobuild-Date(master): Tue Aug 6 01:50:12 UTC 2024 on atb-devel-224
commit 6817eff833b96d6a63a1468c73c81439fdb3368e
Author: John Mulligan
Date: Wed Jul 31 18:30:24 2024 -0400
ctdb-tests: add a nodestatus test that uses the nodes list command
Signed-off-by: John Mulligan
Reviewed-by: Martin Schwenke
commit 6d29c7f81941a20432f759592e4fae4334a65eff
Author: John Mulligan
Date: Wed Jul 31 16:30:13 2024 -0400
ctdb-tests: add reloadnodes unit tests that use the nodes list command
Signed-off-by: John Mulligan
Reviewed-by: Martin Schwenke
commit 8a5b743c436216f05926fabfec4a23be7f782b94
Author: John Mulligan
Date: Wed Jul 31 16:29:44 2024 -0400
ctdb-tests: add USENODESCOMMAND directive to fake ctdb
Add a single line USENODESCOMMAND directive to the fake ctdb in order to
enable use of a nodes script instead of a nodes file. For simplicity
the fake ctdb always uses `nodes.sh` in the CTDB_BASE.
Signed-off-by: John Mulligan
Reviewed-by: Martin Schwenke
commit cdb5646b88589407720fef0ff7306fc6993018a3
Author: John Mulligan
Date: Wed Jul 31 15:36:26 2024 -0400
ctdb-tests: add unit test coverage for listnodes with command
Signed-off-by: John Mulligan
Reviewed-by: Martin Schwenke
commit cfc0917135545d309825f18dcc04e1b172183b36
Author: John Mulligan
Date: Fri Jun 7 11:12:17 2024 -0400
ctdb-tools: update cli tool to optionally load nodes from command
Similar to the recent changes to the ctdb server code, add the ability
to load the nodes from a subprocess stdout.
Signed-off-by: John Mulligan
Reviewed-by: Martin Schwenke
commit ac926a506d5d3d0cfb8caeb135fe496b284ef5f6
Author: John Mulligan
Date: Thu Aug 1 14:25:38 2024 -0400
ctdb-conf: add boolean arg for verbosity when loading config
In a future commit we will add support for loading the config file from
the `ctdb` command line tool. Prior to this change the config file load
func always called D_NOTICE that causes the command to emit new text and
thus break all the tests that rely on the specific test output (not to
mention something users could notice). This change plumbs a new
`verbose` argument into some of the config file loading functions.
Generally, all existing functions will have verbose set to true to match
the existing behavior. Future callers of this function can set it to
false in order to avoid emitting the extra text.
Signed-off-by: John Mulligan
Reviewed-by: Martin Schwenke
commit a0e8304ccf2ef446dc92f701687438449c5a91d9
Author: John Mulligan
Date: Thu Jun 6 13:53:43 2024 -0400
ctdb-server: rename ctdb_load_nodes_file to ctdb_load_nodes
Rename ctdb_load_nodes_file to ctdb_load_nodes as it can now load nodes
from more than a regular file.
Signed-off-by: John Mulligan
Reviewed-by: Martin Schwenke
commit 7e7cb9180665eda8af2a485637cb1ef9be38f3dd
Author: John Mulligan
Date: Thu Jun 6 13:50:02 2024 -0400
ctdb-server: rename nodes_file field to nodes_source
Rename the `struct ctdb_context` field nodes_file to nodes_source to
better match that the field may indicate something other than a true
file.
Signed-off-by: John Mulligan
Reviewed-by: Martin Schwenke
commit dc65e7082d6027822f66ea067ae62b124bf0834a
Author: John Mulligan
Date: Thu Jun 6 10:00:10 2024 -0400
ctdb-server: use the new "nodes list" configuration option
Use the new "nodes list" configuration option. Executing the given path
if the path is prefixed by a `!`. The use case is to decouple the nodes
file from the shared storage, especially in the case where the shared
storage is provided by a vfs module.
For an example, imagine a script that runs `curl` on a URL for a
highly-available web server where the URL provides the content
of the nodes file.
Signed-off-by: John Mulligan
Reviewed-by: Martin Schwenke
commit 315890e845bcf4c0d404622ec813ef4eb265ba56
Author: John Mulligan
Date: Thu Jun 6 10:00:09 2024 -0400
ctdb-conf: add "nodes list" configuration option
Add a "nodes list" configuration option to the [cluster] section of the
ctdb server config. This option will be used similarly to the `cluster
lock` parameter works. When unset it defaults to the same value as
before (/etc/ctdb/nodes). If given a path that is not prefixed by `!` it
instead loads the nodes file from the given path If given a path
prefixed by `!` then it executes the path as a command and reads the
standard output as if it were the content of the nodes file.
Signed-off-by: John Mulligan
Reviewed-by: Martin Schwenke
commit bab51705280a4b8ce0869d455d5345ed36981e11
Author: John Mulligan
Date: Thu Jun 6 10:00:10 2024 -0400
ctdb-conf: add ctdb_read_nodes_cmd function
Add ctdb_read_nodes_cmd a function that works similarly to
ctdb_read_nodes_file but reads the nodes list from the stdout of a
subprocess instead of a file in the file system.
Signed-off-by: John Mulligan
Reviewed-by: Martin Schwenke
-----------------------------------------------------------------------
Summary of changes:
ctdb/conf/cluster_conf.c | 21 ++++++
ctdb/conf/cluster_conf.h | 17 +++++
ctdb/conf/conf.c | 7 +-
ctdb/conf/conf.h | 3 +-
ctdb/conf/conf_tool.c | 6 +-
ctdb/conf/ctdb_config.c | 9 ++-
ctdb/conf/ctdb_config.h | 4 +-
ctdb/conf/node.c | 77 ++++++++++++++++++----
ctdb/doc/ctdb.7.xml | 4 +-
ctdb/doc/ctdb.conf.5.xml | 40 +++++++++++
ctdb/event/event_config.c | 2 +-
ctdb/include/ctdb_private.h | 4 +-
ctdb/server/ctdb_daemon.c | 2 +-
ctdb/server/ctdb_recover.c | 2 +-
ctdb/server/ctdb_recoverd.c | 4 +-
ctdb/server/ctdb_server.c | 10 +--
ctdb/server/ctdbd.c | 9 +--
ctdb/tests/UNIT/cunit/config_test_001.sh | 1 +
ctdb/tests/UNIT/tool/ctdb.listnodes.001.sh | 2 +-
ctdb/tests/UNIT/tool/ctdb.listnodes.003.sh | 28 ++++++++
ctdb/tests/UNIT/tool/ctdb.listnodes.004.sh | 29 ++++++++
ctdb/tests/UNIT/tool/ctdb.listnodes.005.sh | 21 ++++++
ctdb/tests/UNIT/tool/ctdb.listnodes.006.sh | 32 +++++++++
ctdb/tests/UNIT/tool/ctdb.listnodes.007.sh | 32 +++++++++
ctdb/tests/UNIT/tool/ctdb.listnodes.008.sh | 18 +++++
...db.nodestatus.001.sh => ctdb.nodestatus.008.sh} | 12 +++-
ctdb/tests/UNIT/tool/ctdb.reloadnodes.041.sh | 34 ++++++++++
ctdb/tests/UNIT/tool/ctdb.reloadnodes.042.sh | 34 ++++++++++
ctdb/tests/src/conf_test.c | 6 +-
ctdb/tests/src/fake_ctdbd.c | 17 ++++-
ctdb/tools/ctdb.c | 35 +++++-----
ctdb/wscript | 1 +
32 files changed, 462 insertions(+), 61 deletions(-)
create mode 100755 ctdb/tests/UNIT/tool/ctdb.listnodes.003.sh
create mode 100755 ctdb/tests/UNIT/tool/ctdb.listnodes.004.sh
create mode 100755 ctdb/tests/UNIT/tool/ctdb.listnodes.005.sh
create mode 100755 ctdb/tests/UNIT/tool/ctdb.listnodes.006.sh
create mode 100755 ctdb/tests/UNIT/tool/ctdb.listnodes.007.sh
create mode 100755 ctdb/tests/UNIT/tool/ctdb.listnodes.008.sh
copy ctdb/tests/UNIT/tool/{ctdb.nodestatus.001.sh => ctdb.nodestatus.008.sh} (72%)
create mode 100755 ctdb/tests/UNIT/tool/ctdb.reloadnodes.041.sh
create mode 100755 ctdb/tests/UNIT/tool/ctdb.reloadnodes.042.sh
Changeset truncated at 500 lines:
diff --git a/ctdb/conf/cluster_conf.c b/ctdb/conf/cluster_conf.c
index b49a2440026..fd1c9230906 100644
--- a/ctdb/conf/cluster_conf.c
+++ b/ctdb/conf/cluster_conf.c
@@ -22,6 +22,8 @@
#include "lib/util/debug.h"
+#include "common/path.h"
+
#include "conf/conf.h"
#include "conf/cluster_conf.h"
@@ -169,6 +171,11 @@ void cluster_conf_init(struct conf_context *conf)
CLUSTER_CONF_RECOVERY_LOCK,
NULL,
validate_recovery_lock);
+ conf_define_string(conf,
+ CLUSTER_CONF_SECTION,
+ CLUSTER_CONF_NODES_LIST,
+ NULL,
+ check_static_string_change);
conf_define_integer(conf,
CLUSTER_CONF_SECTION,
CLUSTER_CONF_LEADER_TIMEOUT,
@@ -180,3 +187,17 @@ void cluster_conf_init(struct conf_context *conf)
true,
NULL);
}
+
+char *cluster_conf_nodes_list(TALLOC_CTX *mem_ctx, struct conf_context *conf)
+{
+ const char *out = NULL;
+ int ret = conf_get_string(conf,
+ CLUSTER_CONF_SECTION,
+ CLUSTER_CONF_NODES_LIST,
+ &out,
+ NULL);
+ if (ret == 0 && out != NULL) {
+ return talloc_strdup(mem_ctx, out);
+ }
+ return path_etcdir_append(mem_ctx, "nodes");
+}
diff --git a/ctdb/conf/cluster_conf.h b/ctdb/conf/cluster_conf.h
index 9775b6fc080..584732b39ff 100644
--- a/ctdb/conf/cluster_conf.h
+++ b/ctdb/conf/cluster_conf.h
@@ -20,6 +20,8 @@
#ifndef __CTDB_CLUSTER_CONF_H__
#define __CTDB_CLUSTER_CONF_H__
+#include
+
#include "conf/conf.h"
#define CLUSTER_CONF_SECTION "cluster"
@@ -28,9 +30,24 @@
#define CLUSTER_CONF_NODE_ADDRESS "node address"
#define CLUSTER_CONF_CLUSTER_LOCK "cluster lock"
#define CLUSTER_CONF_RECOVERY_LOCK "recovery lock"
+#define CLUSTER_CONF_NODES_LIST "nodes list"
#define CLUSTER_CONF_LEADER_TIMEOUT "leader timeout"
#define CLUSTER_CONF_LEADER_CAPABILITY "leader capability"
void cluster_conf_init(struct conf_context *conf);
+/**
+ * @brief Return the value of the nodes list configuration parameter.
+ *
+ * This function is used to fetch the value set in the ctdb.conf (or equivalent)
+ * for 'nodes list' a value that is then used to fetch the actual nodes list
+ * of private node addresses. If a value is not present in the configuration
+ * file a backwards compatible default value will be returned.
+ *
+ * @param[in] mem_ctx TALLOC memory context
+ * @param[in] conf A configuration context
+ * @return string or NULL on memory allocation error
+ */
+char *cluster_conf_nodes_list(TALLOC_CTX *mem_ctx, struct conf_context *conf);
+
#endif /* __CTDB_CLUSTER_CONF_H__ */
diff --git a/ctdb/conf/conf.c b/ctdb/conf/conf.c
index 67046c715e2..2eb619765ad 100644
--- a/ctdb/conf/conf.c
+++ b/ctdb/conf/conf.c
@@ -1176,7 +1176,8 @@ done:
int conf_load(struct conf_context *conf,
const char *filename,
- bool ignore_unknown)
+ bool ignore_unknown,
+ bool verbose)
{
conf->filename = talloc_strdup(conf, filename);
if (conf->filename == NULL) {
@@ -1185,7 +1186,9 @@ int conf_load(struct conf_context *conf,
conf->ignore_unknown = ignore_unknown;
- D_NOTICE("Reading config file %s\n", filename);
+ if (verbose) {
+ D_NOTICE("Reading config file %s\n", filename);
+ }
return conf_load_internal(conf);
}
diff --git a/ctdb/conf/conf.h b/ctdb/conf/conf.h
index 4dbf9c33723..29f36bd55e8 100644
--- a/ctdb/conf/conf.h
+++ b/ctdb/conf/conf.h
@@ -306,7 +306,8 @@ void conf_set_defaults(struct conf_context *conf);
*/
int conf_load(struct conf_context *conf,
const char *filename,
- bool ignore_unknown);
+ bool ignore_unknown,
+ bool verbose);
/**
* @brief Reload the values for configuration options
diff --git a/ctdb/conf/conf_tool.c b/ctdb/conf/conf_tool.c
index 28f6c1090d0..be4f06f57f6 100644
--- a/ctdb/conf/conf_tool.c
+++ b/ctdb/conf/conf_tool.c
@@ -57,7 +57,7 @@ static int conf_tool_dump(TALLOC_CTX *mem_ctx,
return EINVAL;
}
- ret = conf_load(ctx->conf, ctx->conf_file, true);
+ ret = conf_load(ctx->conf, ctx->conf_file, true, true);
if (ret != 0 && ret != ENOENT) {
D_ERR("Failed to load config file %s\n", ctx->conf_file);
return ret;
@@ -97,7 +97,7 @@ static int conf_tool_get(TALLOC_CTX *mem_ctx,
return ENOENT;
}
- ret = conf_load(ctx->conf, ctx->conf_file, true);
+ ret = conf_load(ctx->conf, ctx->conf_file, true, true);
if (ret != 0 && ret != ENOENT) {
D_ERR("Failed to load config file %s\n", ctx->conf_file);
return ret;
@@ -169,7 +169,7 @@ static int conf_tool_validate(TALLOC_CTX *mem_ctx,
return EINVAL;
}
- ret = conf_load(ctx->conf, ctx->conf_file, false);
+ ret = conf_load(ctx->conf, ctx->conf_file, false, true);
if (ret != 0) {
D_ERR("Failed to load config file %s\n", ctx->conf_file);
return ret;
diff --git a/ctdb/conf/ctdb_config.c b/ctdb/conf/ctdb_config.c
index e3e8cce8d6b..f75bf374a80 100644
--- a/ctdb/conf/ctdb_config.c
+++ b/ctdb/conf/ctdb_config.c
@@ -57,6 +57,10 @@ static void setup_config_pointers(struct conf_context *conf)
CLUSTER_CONF_SECTION,
CLUSTER_CONF_RECOVERY_LOCK,
&ctdb_config.recovery_lock);
+ conf_assign_string_pointer(conf,
+ CLUSTER_CONF_SECTION,
+ CLUSTER_CONF_NODES_LIST,
+ &ctdb_config.nodes_list);
conf_assign_integer_pointer(conf,
CLUSTER_CONF_SECTION,
CLUSTER_CONF_LEADER_TIMEOUT,
@@ -134,7 +138,8 @@ static void setup_config_pointers(struct conf_context *conf)
}
int ctdb_config_load(TALLOC_CTX *mem_ctx,
- struct conf_context **result)
+ struct conf_context **result,
+ bool verbose)
{
struct conf_context *conf = NULL;
int ret = 0;
@@ -165,7 +170,7 @@ int ctdb_config_load(TALLOC_CTX *mem_ctx,
ret = ENOMEM;
goto fail;
}
- ret = conf_load(conf, conf_file, true);
+ ret = conf_load(conf, conf_file, true, verbose);
/* Configuration file does not need to exist */
if (ret != 0 && ret != ENOENT) {
D_ERR("Failed to load configuration file %s\n", conf_file);
diff --git a/ctdb/conf/ctdb_config.h b/ctdb/conf/ctdb_config.h
index 7b588c3cd59..575e3045fa4 100644
--- a/ctdb/conf/ctdb_config.h
+++ b/ctdb/conf/ctdb_config.h
@@ -28,6 +28,7 @@ struct ctdb_config {
const char *node_address;
const char *cluster_lock;
const char *recovery_lock;
+ const char *nodes_list;
int leader_timeout;
bool leader_capability;
@@ -54,6 +55,7 @@ struct ctdb_config {
extern struct ctdb_config ctdb_config;
-int ctdb_config_load(TALLOC_CTX *mem_ctx, struct conf_context **conf);
+int ctdb_config_load(TALLOC_CTX *mem_ctx, struct conf_context **conf,
+ bool verbose);
#endif /* __CTDB_CONFIG_H__ */
diff --git a/ctdb/conf/node.c b/ctdb/conf/node.c
index 082b68b0d71..a242c52dfd6 100644
--- a/ctdb/conf/node.c
+++ b/ctdb/conf/node.c
@@ -29,6 +29,7 @@
#include
#include "lib/util/util_file.h"
+#include "lib/util/util_strlist.h"
#include "protocol/protocol.h"
#include "protocol/protocol_util.h"
@@ -95,12 +96,10 @@ static bool node_map_add(struct ctdb_node_map *nodemap,
return true;
}
-/* Read a nodes file into a node map */
-static struct ctdb_node_map *ctdb_read_nodes_file(TALLOC_CTX *mem_ctx,
- const char *nlist)
+static struct ctdb_node_map *ctdb_parse_nodes_lines(TALLOC_CTX *mem_ctx,
+ char **lines,
+ int nlines)
{
- char **lines = NULL;
- int nlines;
int i;
struct ctdb_node_map *nodemap = NULL;
@@ -109,11 +108,6 @@ static struct ctdb_node_map *ctdb_read_nodes_file(TALLOC_CTX *mem_ctx,
return NULL;
}
- lines = file_lines_load(nlist, &nlines, 0, mem_ctx);
- if (lines == NULL) {
- return NULL;
- }
-
while (nlines > 0 && strcmp(lines[nlines-1], "") == 0) {
nlines--;
}
@@ -158,12 +152,67 @@ static struct ctdb_node_map *ctdb_read_nodes_file(TALLOC_CTX *mem_ctx,
node = line;
}
if (!node_map_add(nodemap, node, flags)) {
- talloc_free(lines);
TALLOC_FREE(nodemap);
return NULL;
}
}
+ return nodemap;
+}
+
+/* Convert a string containing a command line to an array of strings. Does not
+ * handle shell style quoting! A space will always create a new argument.
+ */
+static char **command_str_to_args(TALLOC_CTX *mem_ctx,
+ const char *argstring)
+{
+ return str_list_make(mem_ctx, argstring, " \t");
+}
+
+/* Read a nodes file into a node map */
+static struct ctdb_node_map *ctdb_read_nodes_file(TALLOC_CTX *mem_ctx,
+ const char *nlist)
+{
+ char **lines = NULL;
+ int nlines;
+ struct ctdb_node_map *nodemap = NULL;
+
+ lines = file_lines_load(nlist, &nlines, 0, mem_ctx);
+ if (lines == NULL) {
+ return NULL;
+ }
+
+ nodemap = ctdb_parse_nodes_lines(mem_ctx, lines, nlines);
+ talloc_free(lines);
+ return nodemap;
+}
+
+/* Read a nodes file from an external process into a node map */
+static struct ctdb_node_map *ctdb_read_nodes_cmd(TALLOC_CTX *mem_ctx,
+ const char *nodes_cmd)
+{
+ char **lines = NULL;
+ int nlines;
+ char *p;
+ size_t size;
+ struct ctdb_node_map *nodemap = NULL;
+ char **argl = command_str_to_args(mem_ctx, nodes_cmd);
+
+ if (argl == NULL) {
+ return NULL;
+ }
+ p = file_ploadv(argl, &size);
+ if (!p) {
+ return NULL;
+ }
+
+ lines = file_lines_parse(p, size, &nlines, mem_ctx);
+ talloc_free(p);
+ if (lines == NULL) {
+ return NULL;
+ }
+
+ nodemap = ctdb_parse_nodes_lines(mem_ctx, lines, nlines);
talloc_free(lines);
return nodemap;
}
@@ -186,7 +235,11 @@ struct ctdb_node_map *ctdb_read_nodes(TALLOC_CTX *mem_ctx,
{
struct ctdb_node_map* nodemap = NULL;
- nodemap = ctdb_read_nodes_file(mem_ctx, location);
+ if (location != NULL && location[0] == '!') {
+ nodemap = ctdb_read_nodes_cmd(mem_ctx, &location[1]);
+ } else {
+ nodemap = ctdb_read_nodes_file(mem_ctx, location);
+ }
return nodemap;
}
diff --git a/ctdb/doc/ctdb.7.xml b/ctdb/doc/ctdb.7.xml
index 0f3fbc6bf6a..be2dd5e5b65 100644
--- a/ctdb/doc/ctdb.7.xml
+++ b/ctdb/doc/ctdb.7.xml
@@ -233,8 +233,8 @@
Some users like to put this configuration file in their
- cluster filesystem. A symbolic link should be used in this
- case.
+ cluster filesystem. A symbolic link or the
+ nodes list parameter can be used.
diff --git a/ctdb/doc/ctdb.conf.5.xml b/ctdb/doc/ctdb.conf.5.xml
index b9bf3a6d08b..615a61e5bfe 100644
--- a/ctdb/doc/ctdb.conf.5.xml
+++ b/ctdb/doc/ctdb.conf.5.xml
@@ -255,6 +255,46 @@
+
+ nodes list = SOURCE
+
+
+ SOURCE specifies the location containing the list of the private
+ addresses of nodes in the cluster.
+
+
+ Typically, SOURCE will be a path to a file that contains the list of
+ private addresses for the cluster.
+ For details about the content of the file please see the
+ PRIVATE ADDRESSES section in
+ ctdb
+ 7.
+
+
+ As an alternative to using a file one can use an arbitrary command
+ to provide the contents of the nodes list. If an exclamation point ('!')
+ is the first character of the SOURCE value, the remainder of the value
+ will be executed when the private addresses are to be read.
+ For example, a value of !/usr/local/bin/mynodes cluster1
+ would run the given command with the specified arguments. The output
+ generated by the command (on standard out) must be the same as what is
+ supported by a SOURCE file.
+ The command name must be a full path to an executable. Arguments are
+ supported, but shell-style quoting is not, and space characters will
+ always produce a new argument for the command.
+ It is important to note that running this command blocks until
+ the command has completed. The run time of this command will depend
+ on how it is implemented and environmental factors. Be aware that if
+ the command runs for a non-trivial amount of time it can introduce
+ undesirable stalls into ctdbd.
+
+
+ Default:
+ /usr/local/etc/ctdb/nodes
+
+
+
+
transport = tcp|ib
diff --git a/ctdb/event/event_config.c b/ctdb/event/event_config.c
index 8617ebaad30..616b5284d52 100644
--- a/ctdb/event/event_config.c
+++ b/ctdb/event/event_config.c
@@ -85,7 +85,7 @@ int event_config_init(TALLOC_CTX *mem_ctx, struct event_config **result)
return EINVAL;
}
- ret = conf_load(config->conf, config->config_file, true);
+ ret = conf_load(config->conf, config->config_file, true, true);
if (ret != 0 && ret != ENOENT) {
talloc_free(config);
return ret;
diff --git a/ctdb/include/ctdb_private.h b/ctdb/include/ctdb_private.h
index cee95792ead..88f775ce126 100644
--- a/ctdb/include/ctdb_private.h
+++ b/ctdb/include/ctdb_private.h
@@ -328,7 +328,7 @@ struct ctdb_context {
struct ctdb_reloadips_handle *reload_ips;
- const char *nodes_file;
+ const char *nodes_source;
const char *public_addresses_file;
struct trbt_tree *child_processes;
@@ -840,7 +840,7 @@ struct ctdb_node *ctdb_ip_to_node(struct ctdb_context *ctdb,
uint32_t ctdb_ip_to_pnn(struct ctdb_context *ctdb,
const ctdb_sock_addr *nodeip);
-void ctdb_load_nodes_file(struct ctdb_context *ctdb);
+void ctdb_load_nodes(struct ctdb_context *ctdb);
int ctdb_set_address(struct ctdb_context *ctdb, const char *address);
diff --git a/ctdb/server/ctdb_daemon.c b/ctdb/server/ctdb_daemon.c
index 97dfc80ffd1..287a76c77c3 100644
--- a/ctdb/server/ctdb_daemon.c
+++ b/ctdb/server/ctdb_daemon.c
@@ -2193,7 +2193,7 @@ int ctdb_control_getnodesfile(struct ctdb_context *ctdb,
CHECK_CONTROL_DATA_SIZE(0);
- node_map = ctdb_read_nodes(ctdb, ctdb->nodes_file);
+ node_map = ctdb_read_nodes(ctdb, ctdb->nodes_source);
if (node_map == NULL) {
D_ERR("Failed to read nodes file\n");
return -1;
diff --git a/ctdb/server/ctdb_recover.c b/ctdb/server/ctdb_recover.c
index 7b30d119a3a..5a40618487e 100644
--- a/ctdb/server/ctdb_recover.c
+++ b/ctdb/server/ctdb_recover.c
@@ -158,7 +158,7 @@ ctdb_control_reload_nodes_file(struct ctdb_context *ctdb, uint32_t opcode)
ctdb->num_nodes = 0;
/* load the new nodes file */
- ctdb_load_nodes_file(ctdb);
+ ctdb_load_nodes(ctdb);
for (i=0; inum_nodes; i++) {
/* keep any identical pre-existing nodes and connections */
diff --git a/ctdb/server/ctdb_recoverd.c b/ctdb/server/ctdb_recoverd.c
index 3f71c07d05d..09d5df3e9cb 100644
--- a/ctdb/server/ctdb_recoverd.c
+++ b/ctdb/server/ctdb_recoverd.c
@@ -1624,7 +1624,7 @@ static void reload_nodes_handler(uint64_t srvid, TDB_DATA data,
DEBUG(DEBUG_ERR, (__location__ " Reload nodes file from recovery daemon\n"));
- ctdb_load_nodes_file(rec->ctdb);
+ ctdb_load_nodes(rec->ctdb);
}
@@ -2677,7 +2677,7 @@ static void main_loop(struct ctdb_context *ctdb, struct ctdb_recoverd *rec,
if (ctdb->num_nodes != nodemap->num) {
DEBUG(DEBUG_ERR, (__location__ " ctdb->num_nodes (%d) != nodemap->num (%d) reloading nodes file\n", ctdb->num_nodes, nodemap->num));
- ctdb_load_nodes_file(ctdb);
+ ctdb_load_nodes(ctdb);
return;
}
diff --git a/ctdb/server/ctdb_server.c b/ctdb/server/ctdb_server.c
index b7a33af7ecf..0e12e8e834d 100644
--- a/ctdb/server/ctdb_server.c
+++ b/ctdb/server/ctdb_server.c
@@ -121,13 +121,13 @@ static int convert_node_map_to_list(struct ctdb_context *ctdb,
return 0;
}
-/* Load the nodes list from a file */
-void ctdb_load_nodes_file(struct ctdb_context *ctdb)
+/* Load the nodes list from a file or sub-processes' stdout */
+void ctdb_load_nodes(struct ctdb_context *ctdb)
{
struct ctdb_node_map *node_map;
int ret;
- node_map = ctdb_read_nodes(ctdb, ctdb->nodes_file);
+ node_map = ctdb_read_nodes(ctdb, ctdb->nodes_source);
if (node_map == NULL) {
goto fail;
}
@@ -143,8 +143,8 @@ void ctdb_load_nodes_file(struct ctdb_context *ctdb)
return;
--
Samba Shared Repository
From metze at samba.org Tue Aug 6 09:22:01 2024
From: metze at samba.org (Stefan Metzmacher)
Date: Tue, 06 Aug 2024 09:22:01 +0000
Subject: [SCM] Samba Shared Repository - branch v4-20-test updated
Message-ID:
The branch, v4-20-test has been updated
via 32545902ed6 VERSION: Bump version up to Samba 4.20.5...
via 8209a1035d3 VERSION: Disable GIT_SNAPSHOT for the 4.20.4 release.
via 9cb2fe46db9 WHATSNEW: Add release notes for Samba 4.20.4.
via 181b79a9ff6 wafsamba: Fix ABI symbol name generation
from f81fdcb2dfe VERSION: Bump version up to Samba 4.20.4...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test
- Log -----------------------------------------------------------------
commit 32545902ed654431dc8cba8bd16412df716b7981
Author: Stefan Metzmacher
Date: Tue Aug 6 09:55:23 2024 +0200
VERSION: Bump version up to Samba 4.20.5...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Stefan Metzmacher
Autobuild-User(v4-20-test): Stefan Metzmacher
Autobuild-Date(v4-20-test): Tue Aug 6 09:21:35 UTC 2024 on atb-devel-224
commit 8209a1035d362673a87bccc9264efce05402a2f2
Author: Stefan Metzmacher
Date: Tue Aug 6 09:54:43 2024 +0200
VERSION: Disable GIT_SNAPSHOT for the 4.20.4 release.
Signed-off-by: Stefan Metzmacher
commit 9cb2fe46db952dd02b94479eca94f8de7bcdd912
Author: Stefan Metzmacher
Date: Tue Aug 6 09:52:47 2024 +0200
WHATSNEW: Add release notes for Samba 4.20.4.
Signed-off-by: Stefan Metzmacher
commit 181b79a9ff6f0971992f15b988d84b6caa8aa045
Author: Andreas Schneider
Date: Mon Aug 5 14:51:01 2024 +0200
wafsamba: Fix ABI symbol name generation
Commit 0bc5b6f29307ce758774c1b2f48ce62315fdc7f9 changed the script
for generating the ABI symbol version. It broke the ABI by changing all
dots to underscores.
This reverts the commit partially to preserve the dots in the version
part.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15673
Pair-Programmed-With: Stefan Metzmacher
Signed-off-by: Andreas Schneider
Signed-off-by: Stefan Metzmacher
Reviewed-by: Douglas Bagnall
Reviewed-by: G?nther Deschner
Autobuild-User(master): Douglas Bagnall
Autobuild-Date(master): Tue Aug 6 00:42:56 UTC 2024 on atb-devel-224
(cherry picked from commit 46215ab1b34aa79c4c831ea1c12f73eacf1e8a12)
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 53 ++++++++++++++++++++++++++++++++++++++--
buildtools/wafsamba/samba_abi.py | 6 ++---
script/autobuild.py | 11 +++++++++
4 files changed, 66 insertions(+), 6 deletions(-)
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index 28e5aa22c01..e59d3c26f8a 100644
--- a/VERSION
+++ b/VERSION
@@ -27,7 +27,7 @@ SAMBA_COPYRIGHT_STRING="Copyright Andrew Tridgell and the Samba Team 1992-2024"
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=20
-SAMBA_VERSION_RELEASE=4
+SAMBA_VERSION_RELEASE=5
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 93dd250d052..4434acda2fb 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,53 @@
+ ==============================
+ Release Notes for Samba 4.20.4
+ August 06, 2024
+ ==============================
+
+
+This is the latest stable release of the Samba 4.20 release series.
+
+Changes since 4.20.3
+--------------------
+
+This only fixes a regression in library version strings in Samba
+4.20.3, see: https://bugzilla.samba.org/show_bug.cgi?id=15673
+
+If you compiled Samba from the sources and don't have other
+applications relying on Samba's public libraries, there's
+no reason to upgrade from 4.20.3 to 4.20.4.
+
+o Andreas Schneider
+ * BUG 15673: --version-* options are still not ergonomic, and they reject
+ tilde characters.
+
+o Stefan Metzmacher
+ * BUG 15673: --version-* options are still not ergonomic, and they reject
+ tilde characters.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
==============================
Release Notes for Samba 4.20.3
August 02, 2024
@@ -99,8 +149,7 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
==============================
Release Notes for Samba 4.20.2
June 19, 2024
diff --git a/buildtools/wafsamba/samba_abi.py b/buildtools/wafsamba/samba_abi.py
index c82ba3424f9..e6deb839c0c 100644
--- a/buildtools/wafsamba/samba_abi.py
+++ b/buildtools/wafsamba/samba_abi.py
@@ -286,7 +286,7 @@ def abi_build_vscript(task):
f.close()
def VSCRIPT_MAP_PRIVATE(bld, libname, orig_vscript, version, private_vscript):
- version = re.sub(r'\W', '_', version).upper()
+ version = re.sub(r'[^.\w]', '_', version).upper()
t = bld.SAMBA_GENERATOR(private_vscript,
rule=abi_build_vscript,
source=orig_vscript,
@@ -314,8 +314,8 @@ def ABI_VSCRIPT(bld, libname, abi_directory, version, vscript, abi_match=None, p
libname = os.path.basename(libname)
version = os.path.basename(version)
- libname = re.sub(r'\W', '_', libname).upper()
- version = re.sub(r'\W', '_', version).upper()
+ libname = re.sub(r'[^.\w]', '_', libname).upper()
+ version = re.sub(r'[^.\w]', '_', version).upper()
t = bld.SAMBA_GENERATOR(vscript,
rule=abi_build_vscript,
diff --git a/script/autobuild.py b/script/autobuild.py
index 0388342bc23..b3bd1914072 100755
--- a/script/autobuild.py
+++ b/script/autobuild.py
@@ -138,6 +138,13 @@ def check_symbols(sofile, expected_symbols=""):
return "objdump --dynamic-syms " + sofile + " | " + \
"awk \'$0 !~ /" + expected_symbols + "/ {if ($2 == \"g\" && $3 ~ /D(F|O)/ && $4 ~ /(.bss|.text)/ && $7 !~ /(__gcov_|mangle_path)/) exit 1}\'"
+def check_versioned_symbol(sofile, symvol, version):
+ return "objdump --dynamic-syms " + sofile + " | " + \
+ "awk \'$7 == \"" + symvol + "\" { " + \
+ "if ($2 == \"g\" && $3 ~ /D(F|O)/ && $4 ~ /(.bss|.text)/ && " + \
+ "$6 == \"" + version + "\") print $0 }\'" + \
+ "| wc -l | grep -q \'^1$\'"
+
if args:
# If we are only running specific test,
# do not sleep randomly to wait for it to start
@@ -910,12 +917,16 @@ tasks = {
check_symbols("./bin/plugins/libnss_wins.so.2", "_nss_wins_")),
("nondevel-no-public-libwbclient",
check_symbols("./bin/shared/libwbclient.so.0", "wbc")),
+ ("nondevel-libwbclient-wbcCtxPingDc2 at WBCLIENT_0.12",
+ check_versioned_symbol("./bin/shared/libwbclient.so.0", "wbcCtxPingDc2", "WBCLIENT_0.12")),
("nondevel-no-public-pam_winbind",
check_symbols("./bin/plugins/pam_winbind.so", "pam_sm_")),
("nondevel-no-public-winbind_krb5_locator",
check_symbols("./bin/plugins/winbind_krb5_locator.so", "service_locator")),
("nondevel-no-public-async_dns_krb5_locator",
check_symbols("./bin/plugins/async_dns_krb5_locator.so", "service_locator")),
+ ("nondevel-libndr-krb5pac-ndr_pull_PAC_DATA at NDR_KRB5PAC_0.0.1",
+ check_versioned_symbol("./bin/shared/libndr-krb5pac.so.0", "ndr_pull_PAC_DATA", "NDR_KRB5PAC_0.0.1")),
("nondevel-install", "make -j install"),
("nondevel-dist", "make dist"),
--
Samba Shared Repository
From metze at samba.org Tue Aug 6 10:38:11 2024
From: metze at samba.org (Stefan Metzmacher)
Date: Tue, 06 Aug 2024 10:38:11 +0000
Subject: [SCM] Samba Shared Repository - annotated tag samba-4.20.4 created
Message-ID:
The annotated tag, samba-4.20.4 has been created
at 65bf8bc9970518a7144ff3f003c10ef4389a026e (tag)
tagging 8209a1035d362673a87bccc9264efce05402a2f2 (commit)
replaces samba-4.20.3
tagged by Stefan Metzmacher
on Tue Aug 6 12:37:25 2024 +0200
- Log -----------------------------------------------------------------
samba: tag release samba-4.20.4
-----BEGIN PGP SIGNATURE-----
iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmax/OUACgkQqplEL7aA
tiCuuw/9EHieO75zc6pCjf6mgFktlht8uWHXDCI6qPnXAofHKF+fAwgRgICwjiJM
5k0tY7T2MBWeCFTexggx2yPg+USsUhk3Mx5Gyi+e/lTH5AtD3ybCWFE1JkdxPy3n
PwgPd+NSdf9L3GuZsNE6fArsfY13Tv7sRuH8QuphE4DoAsLwbdFpyDsuQBmC17mG
AfLhUxfdFaqwPqYj+PQfhETPY3yfZ3PitBusdcEVXQ4iCe0TGZoRkkb8rWOT0rDb
KFoSBnsGpWr96mTGYmMa1WUSWDIUBa1AMaLjmcqq0SvRmq15M6eVrWtq69Ny2LSc
K/EJASzNFiZWSfbQx9sGiY90m/sL2ePTOj40CeL4jCiKQpaOyS+wp1pXzA83jUa0
v17J8UOwOXSmebAVMxT8V7se2Ay5DdqJK3CT8CA3FTvT8vsoC2X4dvzwlXc03rmx
Y9duBewihuVjHibpq7/Nn/7Og5WWs0AvKq5wo+CYUgybZAd234ySJqtC9ceGistQ
PwZ68Oz4MrjubkOTqCqhfINrYP1hmJ6sghf6ISNNiuhLMfX9yQnxg82k2H98Qq7w
ZYSDjnYbnO+Dksxk/+o9zFXGs5QwRbTkamVYNVvu3Lm1klOl2zZvBT9gqdabMCjJ
DnD0AQVuuHf5srJAh+I/30rjd9o7RA73DHRvyY1PSm52bqKwJqM=
=13Y5
-----END PGP SIGNATURE-----
Andreas Schneider (1):
wafsamba: Fix ABI symbol name generation
Stefan Metzmacher (3):
VERSION: Bump version up to Samba 4.20.4...
WHATSNEW: Add release notes for Samba 4.20.4.
VERSION: Disable GIT_SNAPSHOT for the 4.20.4 release.
-----------------------------------------------------------------------
--
Samba Shared Repository
From metze at samba.org Tue Aug 6 10:39:35 2024
From: metze at samba.org (Stefan Metzmacher)
Date: Tue, 06 Aug 2024 10:39:35 +0000
Subject: [SCM] Samba Website Repository - branch master updated
Message-ID:
The branch, master has been updated
via fda5cff NEWS[4.20.4]: Samba 4.20.4 Available for Download
from 8b61355 NEWS[4.20.3]: Samba 4.20.3 Available for Download
https://git.samba.org/?p=samba-web.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit fda5cffad2caf6b45b8148c765e9d4089f8f87dd
Author: Stefan Metzmacher
Date: Tue Aug 6 12:37:52 2024 +0200
NEWS[4.20.4]: Samba 4.20.4 Available for Download
Signed-off-by: Stefan Metzmacher
-----------------------------------------------------------------------
Summary of changes:
history/samba-4.20.4.html | 49 ++++++++++++++++++++++++
posted_news/20240806-103915.4.20.4.body.html | 13 +++++++
posted_news/20240806-103915.4.20.4.headline.html | 3 ++
3 files changed, 65 insertions(+)
create mode 100644 history/samba-4.20.4.html
create mode 100644 posted_news/20240806-103915.4.20.4.body.html
create mode 100644 posted_news/20240806-103915.4.20.4.headline.html
Changeset truncated at 500 lines:
diff --git a/history/samba-4.20.4.html b/history/samba-4.20.4.html
new file mode 100644
index 0000000..d0138f4
--- /dev/null
+++ b/history/samba-4.20.4.html
@@ -0,0 +1,49 @@
+
+
+
+Samba 4.20.4 - Release Notes
+
+
+Samba 4.20.4 Available for Download
+
+Samba 4.20.4 (gzipped)
+Signature
+
+
+Patch (gzipped) against Samba 4.20.3
+Signature
+
+
+
+ ==============================
+ Release Notes for Samba 4.20.4
+ August 06, 2024
+ ==============================
+
+
+This is the latest stable release of the Samba 4.20 release series.
+
+Changes since 4.20.3
+--------------------
+
+This only fixes a regression in library version strings in Samba
+4.20.3, see: https://bugzilla.samba.org/show_bug.cgi?id=15673
+
+If you compiled Samba from the sources and don't have other
+applications relying on Samba's public libraries, there's
+no reason to upgrade from 4.20.3 to 4.20.4.
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 15673: --version-* options are still not ergonomic, and they reject
+ tilde characters.
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 15673: --version-* options are still not ergonomic, and they reject
+ tilde characters.
+
+
+
+
+
+
diff --git a/posted_news/20240806-103915.4.20.4.body.html b/posted_news/20240806-103915.4.20.4.body.html
new file mode 100644
index 0000000..a0eec26
--- /dev/null
+++ b/posted_news/20240806-103915.4.20.4.body.html
@@ -0,0 +1,13 @@
+
+
+Samba 4.20.4 Available for Download
+
+This is the latest stable release of the Samba 4.20 release series.
+
+
+The uncompressed tarball has been signed using GnuPG (ID AA99442FB680B620).
+The source code can be downloaded now.
+A patch against Samba 4.20.3 is also available.
+See the release notes for more info.
+
+
diff --git a/posted_news/20240806-103915.4.20.4.headline.html b/posted_news/20240806-103915.4.20.4.headline.html
new file mode 100644
index 0000000..f933cc9
--- /dev/null
+++ b/posted_news/20240806-103915.4.20.4.headline.html
@@ -0,0 +1,3 @@
+
+ 06 August 2024 Samba 4.20.4 Available for Download
+
--
Samba Website Repository
From metze at samba.org Tue Aug 6 10:41:46 2024
From: metze at samba.org (Stefan Metzmacher)
Date: Tue, 06 Aug 2024 10:41:46 +0000
Subject: [SCM] Samba Shared Repository - branch v4-20-stable updated
Message-ID:
The branch, v4-20-stable has been updated
via 8209a1035d3 VERSION: Disable GIT_SNAPSHOT for the 4.20.4 release.
via 9cb2fe46db9 WHATSNEW: Add release notes for Samba 4.20.4.
via 181b79a9ff6 wafsamba: Fix ABI symbol name generation
via f81fdcb2dfe VERSION: Bump version up to Samba 4.20.4...
from 803665cb481 VERSION: Disable GIT_SNAPSHOT for the 4.20.3 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 53 ++++++++++++++++++++++++++++++++++++++--
buildtools/wafsamba/samba_abi.py | 6 ++---
script/autobuild.py | 11 +++++++++
4 files changed, 66 insertions(+), 6 deletions(-)
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index b0f4f114077..e9b34002c1f 100644
--- a/VERSION
+++ b/VERSION
@@ -27,7 +27,7 @@ SAMBA_COPYRIGHT_STRING="Copyright Andrew Tridgell and the Samba Team 1992-2024"
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=20
-SAMBA_VERSION_RELEASE=3
+SAMBA_VERSION_RELEASE=4
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 93dd250d052..4434acda2fb 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,53 @@
+ ==============================
+ Release Notes for Samba 4.20.4
+ August 06, 2024
+ ==============================
+
+
+This is the latest stable release of the Samba 4.20 release series.
+
+Changes since 4.20.3
+--------------------
+
+This only fixes a regression in library version strings in Samba
+4.20.3, see: https://bugzilla.samba.org/show_bug.cgi?id=15673
+
+If you compiled Samba from the sources and don't have other
+applications relying on Samba's public libraries, there's
+no reason to upgrade from 4.20.3 to 4.20.4.
+
+o Andreas Schneider
+ * BUG 15673: --version-* options are still not ergonomic, and they reject
+ tilde characters.
+
+o Stefan Metzmacher
+ * BUG 15673: --version-* options are still not ergonomic, and they reject
+ tilde characters.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
==============================
Release Notes for Samba 4.20.3
August 02, 2024
@@ -99,8 +149,7 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
==============================
Release Notes for Samba 4.20.2
June 19, 2024
diff --git a/buildtools/wafsamba/samba_abi.py b/buildtools/wafsamba/samba_abi.py
index c82ba3424f9..e6deb839c0c 100644
--- a/buildtools/wafsamba/samba_abi.py
+++ b/buildtools/wafsamba/samba_abi.py
@@ -286,7 +286,7 @@ def abi_build_vscript(task):
f.close()
def VSCRIPT_MAP_PRIVATE(bld, libname, orig_vscript, version, private_vscript):
- version = re.sub(r'\W', '_', version).upper()
+ version = re.sub(r'[^.\w]', '_', version).upper()
t = bld.SAMBA_GENERATOR(private_vscript,
rule=abi_build_vscript,
source=orig_vscript,
@@ -314,8 +314,8 @@ def ABI_VSCRIPT(bld, libname, abi_directory, version, vscript, abi_match=None, p
libname = os.path.basename(libname)
version = os.path.basename(version)
- libname = re.sub(r'\W', '_', libname).upper()
- version = re.sub(r'\W', '_', version).upper()
+ libname = re.sub(r'[^.\w]', '_', libname).upper()
+ version = re.sub(r'[^.\w]', '_', version).upper()
t = bld.SAMBA_GENERATOR(vscript,
rule=abi_build_vscript,
diff --git a/script/autobuild.py b/script/autobuild.py
index 0388342bc23..b3bd1914072 100755
--- a/script/autobuild.py
+++ b/script/autobuild.py
@@ -138,6 +138,13 @@ def check_symbols(sofile, expected_symbols=""):
return "objdump --dynamic-syms " + sofile + " | " + \
"awk \'$0 !~ /" + expected_symbols + "/ {if ($2 == \"g\" && $3 ~ /D(F|O)/ && $4 ~ /(.bss|.text)/ && $7 !~ /(__gcov_|mangle_path)/) exit 1}\'"
+def check_versioned_symbol(sofile, symvol, version):
+ return "objdump --dynamic-syms " + sofile + " | " + \
+ "awk \'$7 == \"" + symvol + "\" { " + \
+ "if ($2 == \"g\" && $3 ~ /D(F|O)/ && $4 ~ /(.bss|.text)/ && " + \
+ "$6 == \"" + version + "\") print $0 }\'" + \
+ "| wc -l | grep -q \'^1$\'"
+
if args:
# If we are only running specific test,
# do not sleep randomly to wait for it to start
@@ -910,12 +917,16 @@ tasks = {
check_symbols("./bin/plugins/libnss_wins.so.2", "_nss_wins_")),
("nondevel-no-public-libwbclient",
check_symbols("./bin/shared/libwbclient.so.0", "wbc")),
+ ("nondevel-libwbclient-wbcCtxPingDc2 at WBCLIENT_0.12",
+ check_versioned_symbol("./bin/shared/libwbclient.so.0", "wbcCtxPingDc2", "WBCLIENT_0.12")),
("nondevel-no-public-pam_winbind",
check_symbols("./bin/plugins/pam_winbind.so", "pam_sm_")),
("nondevel-no-public-winbind_krb5_locator",
check_symbols("./bin/plugins/winbind_krb5_locator.so", "service_locator")),
("nondevel-no-public-async_dns_krb5_locator",
check_symbols("./bin/plugins/async_dns_krb5_locator.so", "service_locator")),
+ ("nondevel-libndr-krb5pac-ndr_pull_PAC_DATA at NDR_KRB5PAC_0.0.1",
+ check_versioned_symbol("./bin/shared/libndr-krb5pac.so.0", "ndr_pull_PAC_DATA", "NDR_KRB5PAC_0.0.1")),
("nondevel-install", "make -j install"),
("nondevel-dist", "make dist"),
--
Samba Shared Repository
From metze at samba.org Tue Aug 6 11:44:02 2024
From: metze at samba.org (Stefan Metzmacher)
Date: Tue, 06 Aug 2024 11:44:02 +0000
Subject: [SCM] Samba Shared Repository - branch v4-19-test updated
Message-ID:
The branch, v4-19-test has been updated
via ab535a64d26 wafsamba: Fix ABI symbol name generation
from 4419ccc5778 libcli:security: allow spaces after BAD:
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-19-test
- Log -----------------------------------------------------------------
commit ab535a64d26f17dac1befb8b6470c901003f5186
Author: Andreas Schneider
Date: Mon Aug 5 14:51:01 2024 +0200
wafsamba: Fix ABI symbol name generation
Commit 0bc5b6f29307ce758774c1b2f48ce62315fdc7f9 changed the script
for generating the ABI symbol version. It broke the ABI by changing all
dots to underscores.
This reverts the commit partially to preserve the dots in the version
part.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15673
Pair-Programmed-With: Stefan Metzmacher
Signed-off-by: Andreas Schneider
Signed-off-by: Stefan Metzmacher
Reviewed-by: Douglas Bagnall
Reviewed-by: G?nther Deschner
Autobuild-User(master): Douglas Bagnall
Autobuild-Date(master): Tue Aug 6 00:42:56 UTC 2024 on atb-devel-224
(cherry picked from commit 46215ab1b34aa79c4c831ea1c12f73eacf1e8a12)
Autobuild-User(v4-19-test): Stefan Metzmacher
Autobuild-Date(v4-19-test): Tue Aug 6 11:44:00 UTC 2024 on atb-devel-224
-----------------------------------------------------------------------
Summary of changes:
buildtools/wafsamba/samba_abi.py | 6 +++---
script/autobuild.py | 11 +++++++++++
2 files changed, 14 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/buildtools/wafsamba/samba_abi.py b/buildtools/wafsamba/samba_abi.py
index 22c25b8da35..155559973a0 100644
--- a/buildtools/wafsamba/samba_abi.py
+++ b/buildtools/wafsamba/samba_abi.py
@@ -286,7 +286,7 @@ def abi_build_vscript(task):
f.close()
def VSCRIPT_MAP_PRIVATE(bld, libname, orig_vscript, version, private_vscript):
- version = re.sub(r'\W', '_', version).upper()
+ version = re.sub(r'[^.\w]', '_', version).upper()
t = bld.SAMBA_GENERATOR(private_vscript,
rule=abi_build_vscript,
source=orig_vscript,
@@ -314,8 +314,8 @@ def ABI_VSCRIPT(bld, libname, abi_directory, version, vscript, abi_match=None, p
libname = os.path.basename(libname)
version = os.path.basename(version)
- libname = re.sub(r'\W', '_', libname).upper()
- version = re.sub(r'\W', '_', version).upper()
+ libname = re.sub(r'[^.\w]', '_', libname).upper()
+ version = re.sub(r'[^.\w]', '_', version).upper()
t = bld.SAMBA_GENERATOR(vscript,
rule=abi_build_vscript,
diff --git a/script/autobuild.py b/script/autobuild.py
index 2408bb38db6..2aeb5a6f83c 100755
--- a/script/autobuild.py
+++ b/script/autobuild.py
@@ -138,6 +138,13 @@ def check_symbols(sofile, expected_symbols=""):
return "objdump --dynamic-syms " + sofile + " | " + \
"awk \'$0 !~ /" + expected_symbols + "/ {if ($2 == \"g\" && $3 ~ /D(F|O)/ && $4 ~ /(.bss|.text)/ && $7 !~ /(__gcov_|mangle_path)/) exit 1}\'"
+def check_versioned_symbol(sofile, symvol, version):
+ return "objdump --dynamic-syms " + sofile + " | " + \
+ "awk \'$7 == \"" + symvol + "\" { " + \
+ "if ($2 == \"g\" && $3 ~ /D(F|O)/ && $4 ~ /(.bss|.text)/ && " + \
+ "$6 == \"" + version + "\") print $0 }\'" + \
+ "| wc -l | grep -q \'^1$\'"
+
if args:
# If we are only running specific test,
# do not sleep randomly to wait for it to start
@@ -906,12 +913,16 @@ tasks = {
check_symbols("./bin/plugins/libnss_wins.so.2", "_nss_wins_")),
("nondevel-no-public-libwbclient",
check_symbols("./bin/shared/libwbclient.so.0", "wbc")),
+ ("nondevel-libwbclient-wbcCtxPingDc2 at WBCLIENT_0.12",
+ check_versioned_symbol("./bin/shared/libwbclient.so.0", "wbcCtxPingDc2", "WBCLIENT_0.12")),
("nondevel-no-public-pam_winbind",
check_symbols("./bin/plugins/pam_winbind.so", "pam_sm_")),
("nondevel-no-public-winbind_krb5_locator",
check_symbols("./bin/plugins/winbind_krb5_locator.so", "service_locator")),
("nondevel-no-public-async_dns_krb5_locator",
check_symbols("./bin/plugins/async_dns_krb5_locator.so", "service_locator")),
+ ("nondevel-libndr-krb5pac-ndr_pull_PAC_DATA at NDR_KRB5PAC_0.0.1",
+ check_versioned_symbol("./bin/shared/libndr-krb5pac.so.0", "ndr_pull_PAC_DATA", "NDR_KRB5PAC_0.0.1")),
("nondevel-install", "make -j install"),
("nondevel-dist", "make dist"),
--
Samba Shared Repository
From metze at samba.org Tue Aug 6 12:50:01 2024
From: metze at samba.org (Stefan Metzmacher)
Date: Tue, 06 Aug 2024 12:50:01 +0000
Subject: [SCM] Samba Shared Repository - branch v4-21-test updated
Message-ID:
The branch, v4-21-test has been updated
via 725907587b8 WHATSNEW: update the "Automatic keytab update after machine password change" section
via 6f9a9394cfd docs-xml: Delete descriptions for removed commands "net ads keytab add" and "net ads keytab add_update_ads"
via ba6c2f68ec2 docs-xml: Fix trailing whitespace in net.8.xml
via ff9d9677bba docs:smbdotconf: Improve formatting of 'sync machine password to keytab'
via de85c86c486 ldb: Fix ldb public library header files being unusable
via 6d69562e27c wafsamba: Fix ABI symbol name generation
from 5ba371e09ab WHATSNEW: update the Per-user and group "veto files" and "hide files" section
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-21-test
- Log -----------------------------------------------------------------
commit 725907587b8b419f773fea965ec899eee71b3bb9
Author: Pavel Filipensk?
Date: Tue Aug 6 08:42:34 2024 +0200
WHATSNEW: update the "Automatic keytab update after machine password change" section
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
Signed-off-by: Pavel Filipensk?
Autobuild-User(v4-21-test): Stefan Metzmacher
Autobuild-Date(v4-21-test): Tue Aug 6 12:49:02 UTC 2024 on atb-devel-224
commit 6f9a9394cfd16ee4ef80fa083105d2edc46bfd5d
Author: Pavel Filipensk?
Date: Thu Aug 1 22:39:58 2024 +0200
docs-xml: Delete descriptions for removed commands "net ads keytab add" and "net ads keytab add_update_ads"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
Signed-off-by: Pavel Filipensk?
Reviewed-by: Reviewed-by: Martin Schwenke
Autobuild-User(master): Pavel Filipensky
Autobuild-Date(master): Mon Aug 5 13:29:25 UTC 2024 on atb-devel-224
(cherry picked from commit a5f47f6efe67e02d7a12f30b4e6fb76bcd6aa71c)
commit ba6c2f68ec2e027a00af9c4226ef7518dff581b1
Author: Pavel Filipensk?
Date: Thu Aug 1 22:39:56 2024 +0200
docs-xml: Fix trailing whitespace in net.8.xml
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
Signed-off-by: Pavel Filipensk?
Reviewed-by: Reviewed-by: Martin Schwenke
(cherry picked from commit 374680010d42d3bca52791159dba7b42eb8d0d6c)
commit ff9d9677bba1a95922c8183ba403402c238067ed
Author: Pavel Filipensk?
Date: Thu Aug 1 21:49:19 2024 +0200
docs:smbdotconf: Improve formatting of 'sync machine password to keytab'
Hint: review this commit with ignoring white space changes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
Signed-off-by: Pavel Filipensk?
Reviewed-by: Reviewed-by: Martin Schwenke
(cherry picked from commit 6c627903ee466cd1559d7f58821221c4dd668d1f)
commit de85c86c48608a36211115106de424660973b2e7
Author: Jo Sutton
Date: Fri Aug 2 10:14:52 2024 +1200
ldb: Fix ldb public library header files being unusable
An accidental negation means that ldb_version.h is not installed when
ldb is built as a public library.
This is a regression introduced by commit
625fb48326ec62a33ce0abdbfb0f6f3d33d7cc64.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15690
Signed-off-by: Jo Sutton
Reviewed-by: Douglas Bagnall
Autobuild-User(master): Douglas Bagnall
Autobuild-Date(master): Sun Aug 4 01:35:55 UTC 2024 on atb-devel-224
(cherry picked from commit 5851ae555425ea2ba8e431162142ebae47be802e)
commit 6d69562e27c41ae24650304eb7b668f28e49d68d
Author: Andreas Schneider
Date: Mon Aug 5 14:51:01 2024 +0200
wafsamba: Fix ABI symbol name generation
Commit 0bc5b6f29307ce758774c1b2f48ce62315fdc7f9 changed the script
for generating the ABI symbol version. It broke the ABI by changing all
dots to underscores.
This reverts the commit partially to preserve the dots in the version
part.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15673
Pair-Programmed-With: Stefan Metzmacher
Signed-off-by: Andreas Schneider
Signed-off-by: Stefan Metzmacher
Reviewed-by: Douglas Bagnall
Reviewed-by: G?nther Deschner
Autobuild-User(master): Douglas Bagnall
Autobuild-Date(master): Tue Aug 6 00:42:56 UTC 2024 on atb-devel-224
(cherry picked from commit 46215ab1b34aa79c4c831ea1c12f73eacf1e8a12)
-----------------------------------------------------------------------
Summary of changes:
WHATSNEW.txt | 44 ++++-
buildtools/wafsamba/samba_abi.py | 6 +-
docs-xml/manpages/net.8.xml | 190 +++++++--------------
.../security/syncmachinepasswordtokeytab.xml | 77 +++++----
lib/ldb/wscript | 2 +-
script/autobuild.py | 11 ++
6 files changed, 159 insertions(+), 171 deletions(-)
Changeset truncated at 500 lines:
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index bf2dbb94b3a..9d5c0bac515 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -193,9 +193,49 @@ updates or manually (e.g. net ads changetrustpw), now winbind will also support
update of keytab entries in case you use newly added option
'sync machine password to keytab'.
The new parameter allows you to describe what keytabs and how should be updated.
+From smb.conf(5) manpage - each keytab can have exactly one of these four forms:
+
+ account_name
+ sync_spns
+ spn_prefixes=value1[,value2[...]]
+ spns=value1[,value2[...]]
+
+The functionaity provided by the removed commands "net ads keytab
+add/delete/add_update_ads" can be achieved via the 'sync machine password to
+keytab' as in these examples:
+
+"net ads keytab add wurst/brot at REALM"
+
+- this command is not adding to AD, so the best fit can be specifier
+ "spns"
+- add to smb.conf:
+ sync machine password to keytab = /path/to/keytab1:spns=wurst/brot at REALM:machine_password
+- run:
+ "net ads keytab create"
+
+"net ads keytab delete wurst/brot at REALM"
+
+- remove the principal (or the whole keytab line if there was just one)
+- run:
+ "net ads keytab create"
+
+"net ads keytab add_update_ads wurst/brot at REALM"
+
+- this command was adding the principal to AD, so for this case use a keytab
+ with specifier sync_spns
+- add to smb.conf:
+ sync machine password to keytab = /path/to/keytab2:sync_spns:machine_password
+- run:
+ "net ads setspn add wurst/brot at REALM" # this adds the principal to AD
+ "net ads keytab create" # this sync it from AD to local keytab
+
+
A new parameter 'sync machine password script' allows to specify external script
-that will be triggered after the automatic keytab update. For detailed
-information check the smb.conf manpage.
+that will be triggered after the automatic keytab update. Example of such script
+that can be used in a cluster environment with ctdb is
+source3/script/updatekeytab.sh
+
+For detailed information check the smb.conf(5) manpage.
REMOVED FEATURES
================
diff --git a/buildtools/wafsamba/samba_abi.py b/buildtools/wafsamba/samba_abi.py
index c82ba3424f9..e6deb839c0c 100644
--- a/buildtools/wafsamba/samba_abi.py
+++ b/buildtools/wafsamba/samba_abi.py
@@ -286,7 +286,7 @@ def abi_build_vscript(task):
f.close()
def VSCRIPT_MAP_PRIVATE(bld, libname, orig_vscript, version, private_vscript):
- version = re.sub(r'\W', '_', version).upper()
+ version = re.sub(r'[^.\w]', '_', version).upper()
t = bld.SAMBA_GENERATOR(private_vscript,
rule=abi_build_vscript,
source=orig_vscript,
@@ -314,8 +314,8 @@ def ABI_VSCRIPT(bld, libname, abi_directory, version, vscript, abi_match=None, p
libname = os.path.basename(libname)
version = os.path.basename(version)
- libname = re.sub(r'\W', '_', libname).upper()
- version = re.sub(r'\W', '_', version).upper()
+ libname = re.sub(r'[^.\w]', '_', libname).upper()
+ version = re.sub(r'[^.\w]', '_', version).upper()
t = bld.SAMBA_GENERATOR(vscript,
rule=abi_build_vscript,
diff --git a/docs-xml/manpages/net.8.xml b/docs-xml/manpages/net.8.xml
index c284cc25b49..61a1e6362ce 100644
--- a/docs-xml/manpages/net.8.xml
+++ b/docs-xml/manpages/net.8.xml
@@ -80,12 +80,12 @@
This tool is part of the samba
7 suite.
- The Samba net utility is meant to work just like the net utility
- available for windows and DOS. The first argument should be used
- to specify the protocol to use when executing a certain command.
- ADS is used for ActiveDirectory, RAP is using for old (Win9x/NT3)
- clients and RPC can be used for NT4 and Windows 2000. If this
- argument is omitted, net will try to determine it automatically.
+ The Samba net utility is meant to work just like the net utility
+ available for windows and DOS. The first argument should be used
+ to specify the protocol to use when executing a certain command.
+ ADS is used for ActiveDirectory, RAP is using for old (Win9x/NT3)
+ clients and RPC can be used for NT4 and Windows 2000. If this
+ argument is omitted, net will try to determine it automatically.
Not all commands are available on all protocols.
@@ -98,7 +98,7 @@
-w|--target-workgroup target-workgroup
- Sets target workgroup or domain. You have to specify
+ Sets target workgroup or domain. You have to specify
either this option or the IP address or the name of a server.
@@ -115,7 +115,7 @@
-p|--port port
- Port on the target server to connect to (usually 139 or 445).
+ Port on the target server to connect to (usually 139 or 445).
Defaults to trying 445 first, then 139.
@@ -123,7 +123,7 @@
-S|--server server
- Name of target server. You should specify either
+ Name of target server. You should specify either
this option or a target workgroup or a target IP address.
@@ -524,7 +524,7 @@ YOU HAVE BEEN WARNED.
TIME
-Without any options, the NET TIME command
+Without any options, the NET TIME command
displays the time on the remote server. The remote server must be
specified with the -S option.
@@ -542,7 +542,7 @@ The remote server must be specified with the -S option.
TIME SET
-Tries to set the date and time of the local server to that on
+Tries to set the date and time of the local server to that on
the remote server using /bin/date.
The remote server must be specified with the -S option.
@@ -565,8 +565,8 @@ The remote server must be specified with the -S option.
[osName=string osVer=string] [options]
-Join a domain. If the account already exists on the server, and
-[TYPE] is MEMBER, the machine will attempt to join automatically.
+Join a domain. If the account already exists on the server, and
+[TYPE] is MEMBER, the machine will attempt to join automatically.
(Assuming that the machine has been created in server manager)
Otherwise, a password will be prompted for, and a new account may
be created.
@@ -590,7 +590,7 @@ format is host/netbiosname at REALM.
[OU] (ADS only) Precreate the computer account in a specific OU. The
OU string reads from top to bottom without RDNs, and is delimited by
a '/'. Please note that '\' is used for escape by both the shell
-and ldap, so it may need to be doubled or quadrupled to pass through,
+and ldap, so it may need to be doubled or quadrupled to pass through,
and it is not used as a delimiter.
@@ -607,8 +607,8 @@ must be specified for either to take effect.
[RPC] OLDJOIN [options]
-Join a domain. Use the OLDJOIN option to join the domain
-using the old style of domain joining - you need to create a trust
+Join a domain. Use the OLDJOIN option to join the domain
+using the old style of domain joining - you need to create a trust
account in server manager first.
@@ -692,8 +692,8 @@ account in server manager first.
[RAP|RPC] SHARE ADD name=serverpath [-C comment] [-M maxusers] [targets]
-Adds a share from a server (makes the export active). Maxusers
-specifies the number of users that can be connected to the
+Adds a share from a server (makes the export active). Maxusers
+specifies the number of users that can be connected to the
share simultaneously.
@@ -718,7 +718,7 @@ share simultaneously.
[RPC|RAP] FILE CLOSE fileid
-Close file with specified fileid on
+Close file with specified fileid on
remote server.
@@ -727,7 +727,7 @@ remote server.
[RPC|RAP] FILE INFO fileid
-Print information on specified fileid.
+Print information on specified fileid.
Currently listed are: file-id, username, locks, path, permissions.
@@ -739,7 +739,7 @@ Currently listed are: file-id, username, locks, path, permissions.
List files opened by specified user.
Please note that net rap file user does not work
-against Samba servers.
+against Samba servers.
@@ -752,7 +752,7 @@ against Samba servers.
RAP SESSION
-Without any other options, SESSION enumerates all active SMB/CIFS
+Without any other options, SESSION enumerates all active SMB/CIFS
sessions on the target server.
@@ -784,7 +784,7 @@ to local domain.
RAP DOMAIN
-Lists all domains and workgroups visible on the
+Lists all domains and workgroups visible on the
current network.
@@ -796,7 +796,7 @@ current network.
RAP PRINTQ INFO QUEUE_NAME
Lists the specified print queue and print jobs on the server.
-If the QUEUE_NAME is omitted, all
+If the QUEUE_NAME is omitted, all
queues are listed.
@@ -814,9 +814,9 @@ queues are listed.
RAP VALIDATE user [password]
-Validate whether the specified user can log in to the
-remote server. If the password is not specified on the commandline, it
-will be prompted.
+Validate whether the specified user can log in to the
+remote server. If the password is not specified on the commandline, it
+will be prompted.
¬.implemented;
@@ -852,7 +852,7 @@ will be prompted.
RAP ADMIN command
-Execute the specified command on
+Execute the specified command on
the remote server. Only works with OS/2 servers.
@@ -899,7 +899,7 @@ Change password of USER from OLDPASSLOOKUP HOST HOSTNAME [TYPE]
-Lookup the IP address of the given host with the specified type (netbios suffix).
+Lookup the IP address of the given host with the specified type (netbios suffix).
The type defaults to 0x20 (workstation).
@@ -965,7 +965,7 @@ or workgroup. Defaults to local domain.
CACHE
-Samba uses a general caching interface called 'gencache'. It
+Samba uses a general caching interface called 'gencache'. It
can be controlled using 'NET CACHE'.
All the timeout parameters support the suffixes:
@@ -1044,7 +1044,7 @@ omitted, the SID of the local server.
GETDOMAINSID
-Prints the local machine SID and the SID of the current
+Prints the local machine SID and the SID of the current
domain.
@@ -1158,15 +1158,15 @@ such as domain name, domain sid and number of users and groups.
RPC TRUSTDOM ADD DOMAIN
-Add a interdomain trust account for DOMAIN.
-This is in fact a Samba account named DOMAIN$
-with the account flag 'I' (interdomain trust account).
+Add a interdomain trust account for DOMAIN.
+This is in fact a Samba account named DOMAIN$
+with the account flag 'I' (interdomain trust account).
This is required for incoming trusts to work. It makes Samba be a
trusted domain of the foreign (trusting) domain.
Users of the Samba domain will be made available in the foreign domain.
-If the command is used against localhost it has the same effect as
+If the command is used against localhost it has the same effect as
smbpasswd -a -i DOMAIN. Please note that both commands
-expect a appropriate UNIX account.
+expect a appropriate UNIX account.
@@ -1174,9 +1174,9 @@ expect a appropriate UNIX account.
RPC TRUSTDOM DEL DOMAIN
-Remove interdomain trust account for
-DOMAIN. If it is used against localhost
-it has the same effect as smbpasswd -x DOMAIN$.
+Remove interdomain trust account for
+DOMAIN. If it is used against localhost
+it has the same effect as smbpasswd -x DOMAIN$.
@@ -1185,7 +1185,7 @@ it has the same effect as smbpasswd -x DOMAIN$.
RPC TRUSTDOM ESTABLISH DOMAIN
-Establish a trust relationship to a trusted domain.
+Establish a trust relationship to a trusted domain.
Interdomain account must already be created on the remote PDC.
This is required for outgoing trusts to work. It makes Samba be a
trusting domain of a foreign (trusted) domain.
@@ -1326,9 +1326,9 @@ net rpc trust delete \
RPC RIGHTS
-This subcommand is used to view and manage Samba's rights assignments (also
-referred to as privileges). There are three options currently available:
-list, grant, and
+This subcommand is used to view and manage Samba's rights assignments (also
+referred to as privileges). There are three options currently available:
+list, grant, and
revoke. More details on Samba's privilege model and its use
can be found in the Samba-HOWTO-Collection.
@@ -1367,14 +1367,14 @@ Force shutting down all applications.
-t timeout
-Timeout before system will be shut down. An interactive
+Timeout before system will be shut down. An interactive
user of the system can use this time to cancel the shutdown.
-C message
-Display the specified message on the screen to
+Display the specified message on the screen to
announce the shutdown.
@@ -1391,8 +1391,8 @@ to run this against the PDC, from a Samba machine joined as a BDC.
RPC VAMPIRE
-Export users, aliases and groups from remote server to
-local server. You need to run this against the PDC, from a Samba machine joined as a BDC.
+Export users, aliases and groups from remote server to
+local server. You need to run this against the PDC, from a Samba machine joined as a BDC.
This vampire command cannot be used against an Active Directory, only
against an NT4 Domain Controller.
@@ -1486,7 +1486,7 @@ against an NT4 Domain Controller.
ADS STATUS
Print out status of machine account of the local machine in ADS.
-Prints out quite some debug info. Aimed at developers, regular
+Prints out quite some debug info. Aimed at developers, regular
users should use NET ADS TESTJOIN.
@@ -1498,7 +1498,7 @@ users should use NET ADS TESTJOIN.
ADS PRINTER INFO [PRINTER] [SERVER]
-Lookup info for PRINTER on SERVER. The printer name defaults to "*", the
+Lookup info for PRINTER on SERVER. The printer name defaults to "*", the
server name defaults to the local host.
@@ -1522,8 +1522,8 @@ server name defaults to the local host.
ADS SEARCH EXPRESSION ATTRIBUTES...
-Perform a raw LDAP search on a ADS server and dump the results. The
-expression is a standard LDAP search expression, and the
+Perform a raw LDAP search on a ADS server and dump the results. The
+expression is a standard LDAP search expression, and the
attributes are a list of LDAP fields to show in the results.
Example: net ads search '(objectCategory=group)' sAMAccountName
@@ -1535,9 +1535,9 @@ attributes are a list of LDAP fields to show in the results.
ADS DN DN (attributes)
-Perform a raw LDAP search on a ADS server and dump the results. The
-DN standard LDAP DN, and the attributes are a list of LDAP fields
-to show in the result.
+Perform a raw LDAP search on a ADS server and dump the results. The
+DN standard LDAP DN, and the attributes are a list of LDAP fields
+to show in the result.
Example: net ads dn 'CN=administrator,CN=Users,DC=my,DC=domain' SAMAccountName
@@ -1557,76 +1557,6 @@ are made to the computer AD account.
-
-ADS KEYTAB ADD (principal | machine | serviceclass | windows SPN
-
-
-Adds a new keytab entry, the entry can be either;
-
- kerberos principal
-
- A kerberos principal (identified by the presence of '@') is just
- added to the keytab file.
-
-
- machinename
-
- A machinename (identified by the trailing '$') is used to create a
- a kerberos principal 'machinename at realm' which is added to the
- keytab file.
-
-
- serviceclass
-
- A serviceclass (such as 'cifs', 'html' etc.) is used to create a pair
- of kerberos principals 'serviceclass/fully_qualified_dns_name at realm' &
- 'serviceclass/netbios_name at realm' which are added to the keytab file.
-
-
- Windows SPN
-
- A Windows SPN is of the format 'serviceclass/host:port', it is used to
- create a kerberos principal 'serviceclass/host at realm' which will
- be written to the keytab file.
-
-
-
-
-
-Unlike old versions no computer AD objects are modified by this command. To
-preserve the behaviour of older clients 'net ads keytab ad_update_ads' is
-available.
-
-
-
-
-ADS KEYTAB ADD_UPDATE_ADS (principal | machine | serviceclass | windows SPN
-
-
-Adds a new keytab entry (see section for net ads keytab add). In addition to
-adding entries to the keytab file corresponding Windows SPNs are created
-from the entry passed to this command. These SPN(s) added to the AD computer
-account object associated with the client machine running this command for
-the following entry types;
-
- serviceclass
-
- A serviceclass (such as 'cifs', 'html' etc.) is used to create a
- pair of Windows SPN(s) 'param/full_qualified_dns' &
- 'param/netbios_name' which are added to the AD computer account object
- for this client.
-
-
- Windows SPN
-
- A Windows SPN is of the format 'serviceclass/host:port', it is
- added as passed to the AD computer account object for this client.
-
-
-
-
-
-
ADS setspn SETSPN LIST [machine]
@@ -2281,7 +2211,7 @@ share (no creation of new files or directories or writing to files).
--
Samba Shared Repository
From metze at samba.org Tue Aug 6 16:17:01 2024
From: metze at samba.org (Stefan Metzmacher)
Date: Tue, 06 Aug 2024 16:17:01 +0000
Subject: [SCM] Samba Shared Repository - branch master updated
Message-ID:
The branch, master has been updated
via 6b10cfbaf2c tdb: version 1.4.12
via bcd49e30007 autobuild: Add ABI checks for libtalloc, libtevent and libtdb
from a743a24d758 ctdb-doc: document nodes list configuration parameter
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 6b10cfbaf2c522cceb48c610c18656d2d69cf60b
Author: Stefan Metzmacher
Date: Tue Aug 6 15:11:36 2024 +0200
tdb: version 1.4.12
* Regression fix for ABI problem
TDB_1_4_11 vs. TDB_1.4.11
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15673
Signed-off-by: Stefan Metzmacher
Autobuild-User(master): Stefan Metzmacher
Autobuild-Date(master): Tue Aug 6 16:16:27 UTC 2024 on atb-devel-224
commit bcd49e3000736eb3c642280ac2e1f3d56a31b6bb
Author: Andreas Schneider
Date: Tue Aug 6 14:43:29 2024 +0200
autobuild: Add ABI checks for libtalloc, libtevent and libtdb
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15673
Signed-off-by: Andreas Schneider
-----------------------------------------------------------------------
Summary of changes:
lib/tdb/ABI/{tdb-1.3.17.sigs => tdb-1.4.12.sigs} | 0
lib/tdb/wscript | 2 +-
script/autobuild.py | 42 ++++++++++++++++++++++++
3 files changed, 43 insertions(+), 1 deletion(-)
copy lib/tdb/ABI/{tdb-1.3.17.sigs => tdb-1.4.12.sigs} (100%)
Changeset truncated at 500 lines:
diff --git a/lib/tdb/ABI/tdb-1.3.17.sigs b/lib/tdb/ABI/tdb-1.4.12.sigs
similarity index 100%
copy from lib/tdb/ABI/tdb-1.3.17.sigs
copy to lib/tdb/ABI/tdb-1.4.12.sigs
diff --git a/lib/tdb/wscript b/lib/tdb/wscript
index 234a66f6878..812e5987daf 100644
--- a/lib/tdb/wscript
+++ b/lib/tdb/wscript
@@ -1,7 +1,7 @@
#!/usr/bin/env python
APPNAME = 'tdb'
-VERSION = '1.4.11'
+VERSION = '1.4.12'
import sys, os
diff --git a/script/autobuild.py b/script/autobuild.py
index 6a9864f6f89..e610f0e8821 100755
--- a/script/autobuild.py
+++ b/script/autobuild.py
@@ -884,14 +884,56 @@ tasks = {
("talloc-configure", "cd lib/talloc && " + samba_libs_configure_libs),
("talloc-make", "cd lib/talloc && make"),
("talloc-install", "cd lib/talloc && make install"),
+ ("talloc-abi-check1",
+ check_versioned_symbol(
+ "./lib/talloc/bin/shared/libtalloc.so.2",
+ "talloc_named",
+ "TALLOC_2.0.2"
+ )
+ ),
+ ("talloc-abi-check2",
+ check_versioned_symbol(
+ "./lib/talloc/bin/shared/libtalloc.so.2",
+ "talloc_asprintf_addbuf",
+ "TALLOC_2.3.5"
+ )
+ ),
("tdb-configure", "cd lib/tdb && " + samba_libs_configure_libs),
("tdb-make", "cd lib/tdb && make"),
("tdb-install", "cd lib/tdb && make install"),
+ ("tdb-abi-check1",
+ check_versioned_symbol(
+ "./lib/tdb/bin/shared/libtdb.so.1",
+ "tdb_errorstr",
+ "TDB_1.2.1"
+ )
+ ),
+ ("tdb-abi-check2",
+ check_versioned_symbol(
+ "./lib/tdb/bin/shared/libtdb.so.1",
+ "tdb_traverse_chain",
+ "TDB_1.3.17"
+ )
+ ),
("tevent-configure", "cd lib/tevent && " + samba_libs_configure_libs),
("tevent-make", "cd lib/tevent && make"),
("tevent-install", "cd lib/tevent && make install"),
+ ("tevent-abi-check1",
+ check_versioned_symbol(
+ "./lib/tevent/bin/shared/libtevent.so.0",
+ "_tevent_loop_once",
+ "TEVENT_0.9.9"
+ )
+ ),
+ ("tevent-abi-check2",
+ check_versioned_symbol(
+ "./lib/tevent/bin/shared/libtevent.so.0",
+ "__tevent_req_create",
+ "TEVENT_0.15.0"
+ )
+ ),
("nondevel-configure", samba_libs_envvars + " ./configure --private-libraries='!ldb' --vendor-suffix=TEST-STRING~5.1.2 ${PREFIX}"),
("nondevel-make", "make -j"),
--
Samba Shared Repository
From jra at samba.org Tue Aug 6 17:38:01 2024
From: jra at samba.org (Jeremy Allison)
Date: Tue, 06 Aug 2024 17:38:01 +0000
Subject: [SCM] Samba Shared Repository - branch master updated
Message-ID:
The branch, master has been updated
via 2686a189c6c smbd: Assert we have an fsp in smbd_do_setfilepathinfo
via 7e82052ce7a smbd: filename_convert_dirfsp always gives an fsp
via 0e8a0f3bd4b smbd: Simplify check_user_ok()
via 95c031b6606 smbd: Make parent_override_delete a bit more readable
via 83537703bab smbd: Remove some dead code
via fe7b78adb3d smbd: Fix some DBGs
via 51262e47af0 smbd: Modernize a DEBUG
via cfa24f05639 smbd: Fix a comment and an error message
via cb67a701131 smbd: Save a few lines with a "goto done;"
via ec736543237 lib: Fix a typo
via d8271bd9375 vfs: Fix a DBG message
via 7fe93402f3e smbclient: Modernize a d_printf
via 3719c5c4391 lib: Fix whitespace
via 6a0fc464df8 tsocket: Use iov_buflen
via af442249a0a tsocket: Use iov_buflen
via 33d517fe135 smbd: Modernize DEBUGs
via 230d8efe72c libsmb: Remove cli_posix_chmod
via 14d6e7d4121 torture3: Use cli_chmod instead of cli_posix_chmod
via a3fcb5f7404 smbclient: Use cli_chmod instead of cli_posix_chmod
via 70da8f7d626 libsmb: Add cli_fchmod for smb311 posix extensions
via 773c4641cea libsmb: Add cli_chmod
via ac92f2d34ac libsmb: Add cli_fchmod
via 3720198d221 libsmb: Add cli_smb2_fnum_is_posix
via cd0352a9ca2 libsmb: Slightly restructure map_smb2_handle_to_fnum
via 51ce5ce7094 smbd: protect check_smb2_posix_chmod_ace against invalid trustees
from 6b10cfbaf2c tdb: version 1.4.12
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 2686a189c6cfbbcd93b60ba565967ef08647100d
Author: Volker Lendecke
Date: Mon Jul 22 11:59:40 2024 +0200
smbd: Assert we have an fsp in smbd_do_setfilepathinfo
With this in the future we can avoid some special cases in our callees
Signed-off-by: Volker Lendecke
Reviewed-by: Jeremy Allison
Autobuild-User(master): Jeremy Allison
Autobuild-Date(master): Tue Aug 6 17:37:39 UTC 2024 on atb-devel-224
commit 7e82052ce7a75a2a4839a0b26670d2ef08af0a82
Author: Volker Lendecke
Date: Mon Jul 22 10:42:11 2024 +0200
smbd: filename_convert_dirfsp always gives an fsp
We're in setpathinfo, so if there's without an fsp it's
OBJECT_NAME_NOT_FOUND, the last component is missing.
Signed-off-by: Volker Lendecke
Reviewed-by: Jeremy Allison
commit 0e8a0f3bd4b0e1f4bebb70317ff60ce7339a520d
Author: Volker Lendecke
Date: Mon Jul 29 04:24:30 2024 -0700
smbd: Simplify check_user_ok()
Don't walk the cache at all if we get UID_FIELD_INVALID
Signed-off-by: Volker Lendecke
Reviewed-by: Jeremy Allison
commit 95c031b660676f693739ed9e1f49754da0691ff0
Author: Volker Lendecke
Date: Mon Jul 22 20:56:25 2024 +0200
smbd: Make parent_override_delete a bit more readable
Signed-off-by: Volker Lendecke
Reviewed-by: Jeremy Allison
commit 83537703bab9b28f2cff4f497fa1bafa12c83a24
Author: Volker Lendecke
Date: Wed Jul 24 09:58:47 2024 +0200
smbd: Remove some dead code
We have returned from this function if fsp==NULL above
Signed-off-by: Volker Lendecke
Reviewed-by: Jeremy Allison
commit fe7b78adb3da6d18e5fc252487c0a3817fb106dd
Author: Volker Lendecke
Date: Wed Jul 24 10:00:22 2024 +0200
smbd: Fix some DBGs
DBG_DEBUG already has the function name prefix
Signed-off-by: Volker Lendecke
Reviewed-by: Jeremy Allison
commit 51262e47af037efb2b9195437bb48f59cd6901d6
Author: Volker Lendecke
Date: Wed Jul 24 10:00:44 2024 +0200
smbd: Modernize a DEBUG
Signed-off-by: Volker Lendecke
Reviewed-by: Jeremy Allison
commit cfa24f05639d2c65c8b7e045cbdeaabcbcf16861
Author: Volker Lendecke
Date: Mon Jul 22 19:53:40 2024 +0200
smbd: Fix a comment and an error message
Tested manually, but OBJECT_NAME_NOT_FOUND makes much more sense given
the new semantics of filename_convert_dirfsp.
Signed-off-by: Volker Lendecke
Reviewed-by: Jeremy Allison
commit cb67a701131d0e024cf54c7d6bf982a8ebd856d5
Author: Volker Lendecke
Date: Mon Jul 22 10:41:47 2024 +0200
smbd: Save a few lines with a "goto done;"
Signed-off-by: Volker Lendecke
Reviewed-by: Jeremy Allison
commit ec7365432374f4e8a9be12ba78ab0cd0ac64234f
Author: Volker Lendecke
Date: Mon Jul 29 03:39:32 2024 -0700
lib: Fix a typo
Signed-off-by: Volker Lendecke
Reviewed-by: Jeremy Allison
commit d8271bd937583b17bf183988949f4df04ad7bde4
Author: Volker Lendecke
Date: Mon Jul 29 03:39:32 2024 -0700
vfs: Fix a DBG message
Signed-off-by: Volker Lendecke
Reviewed-by: Jeremy Allison
commit 7fe93402f3e06c35d427842fea1fedaef8f7a4c0
Author: Volker Lendecke
Date: Sun Jul 21 12:38:25 2024 +0200
smbclient: Modernize a d_printf
Signed-off-by: Volker Lendecke
Reviewed-by: Jeremy Allison
commit 3719c5c439101dbf0b1adfdd09f2618056df6fe1
Author: Volker Lendecke
Date: Wed Jul 17 10:23:26 2024 +0200
lib: Fix whitespace
Signed-off-by: Volker Lendecke
Reviewed-by: Jeremy Allison
commit 6a0fc464df8d34a32289a5fcde9db2596bce6e5e
Author: Volker Lendecke
Date: Fri Jul 12 17:58:58 2024 +0200
tsocket: Use iov_buflen
Signed-off-by: Volker Lendecke
Reviewed-by: Jeremy Allison
commit af442249a0a11f3e6c159ae97d95d38384284a59
Author: Volker Lendecke
Date: Fri Jul 12 17:52:32 2024 +0200
tsocket: Use iov_buflen
Signed-off-by: Volker Lendecke
Reviewed-by: Jeremy Allison
commit 33d517fe1353c3f8371b92ca8006df35c397184a
Author: Volker Lendecke
Date: Sun Jul 7 20:09:46 2024 +0200
smbd: Modernize DEBUGs
Signed-off-by: Volker Lendecke
Reviewed-by: Jeremy Allison
commit 230d8efe72cf18a7609641c247cbc246f2b9066b
Author: Volker Lendecke
Date: Fri Aug 2 23:09:07 2024 +0200
libsmb: Remove cli_posix_chmod
Signed-off-by: Volker Lendecke
Reviewed-by: Jeremy Allison
commit 14d6e7d412109f37b0c9c005149c6b21a303d4f7
Author: Volker Lendecke
Date: Fri Aug 2 23:06:17 2024 +0200
torture3: Use cli_chmod instead of cli_posix_chmod
Show that it works the same even for dangling posix symlinks
Signed-off-by: Volker Lendecke
Reviewed-by: Jeremy Allison
commit a3fcb5f740479cdc9edd55a532fed376fda8fd41
Author: Volker Lendecke
Date: Fri Aug 2 13:06:58 2024 +0200
smbclient: Use cli_chmod instead of cli_posix_chmod
Skip the smb1-only SERVER_HAS_UNIX_CIFS(), chmod now also does SMB2
Signed-off-by: Volker Lendecke
Reviewed-by: Jeremy Allison
commit 70da8f7d62682feb8073e1ac9b0ce3f16ae89245
Author: Volker Lendecke
Date: Fri Aug 2 12:53:05 2024 +0200
libsmb: Add cli_fchmod for smb311 posix extensions
Signed-off-by: Volker Lendecke
Reviewed-by: Jeremy Allison
commit 773c4641cea7df37b5fa3d3fb7fce479c527f82e
Author: Volker Lendecke
Date: Fri Jul 26 17:27:30 2024 +0200
libsmb: Add cli_chmod
Go via create/fchmod/close. Only fchmod has to be smb2-specific this way.
Signed-off-by: Volker Lendecke
Reviewed-by: Jeremy Allison
commit ac92f2d34aca01fe1d496eed79a22ad6b3730c81
Author: Volker Lendecke
Date: Sat Jul 27 15:43:55 2024 +0200
libsmb: Add cli_fchmod
Do a posix-level fchmod on a fnum. This will be used for smb2 soon as
well which does not have setpathinfo.
Signed-off-by: Volker Lendecke
Reviewed-by: Jeremy Allison
commit 3720198d221fcb5ecc5997009bbb031932cbe622
Author: Volker Lendecke
Date: Fri Aug 2 11:18:40 2024 +0200
libsmb: Add cli_smb2_fnum_is_posix
Will be used in smb311 unix chmod soon: We should only do the special
setsd on real posix handles. Otherwise we would probably destroy a
valid acl.
Signed-off-by: Volker Lendecke
Reviewed-by: Jeremy Allison
commit cd0352a9ca2988d7a4525fbcd21fd730e1f37ed7
Author: Volker Lendecke
Date: Fri Aug 2 11:04:31 2024 +0200
libsmb: Slightly restructure map_smb2_handle_to_fnum
Pass the persistent/volatile handle as uint64's. Why? I found the
talloc_memdup() slightly misleading, and smbXcli handles those 2 id's
separately. map_smb2_handle_to_fnum() is the function to create the
smb2_hnd.
Signed-off-by: Volker Lendecke
Reviewed-by: Jeremy Allison
commit 51ce5ce7094d4e2190a9eb45a2cfea2e0cffa3c2
Author: Volker Lendecke
Date: Fri Aug 2 13:06:28 2024 +0200
smbd: protect check_smb2_posix_chmod_ace against invalid trustees
Found because I got this wrong in new code coming soon
Signed-off-by: Volker Lendecke
Reviewed-by: Jeremy Allison
-----------------------------------------------------------------------
Summary of changes:
lib/tsocket/tsocket.c | 34 ++----
lib/util/util_net.h | 8 +-
libcli/smb/tstream_smbXcli_np.c | 11 +-
source3/client/client.c | 11 +-
source3/lib/util_namearray.c | 2 +-
source3/libsmb/cli_smb2_fnum.c | 57 ++++++---
source3/libsmb/cli_smb2_fnum.h | 2 +
source3/libsmb/clifile.c | 248 +++++++++++++++++++++++++++++++++-------
source3/libsmb/proto.h | 21 ++--
source3/modules/vfs_fruit.c | 2 +-
source3/smbd/open.c | 12 +-
source3/smbd/smb1_reply.c | 7 +-
source3/smbd/smb1_trans2.c | 41 +++----
source3/smbd/smb2_nttrans.c | 4 +
source3/smbd/smb2_trans2.c | 20 ++--
source3/smbd/uid.c | 32 +++---
source3/torture/test_posix.c | 24 ++--
source3/torture/torture.c | 7 +-
18 files changed, 363 insertions(+), 180 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/tsocket/tsocket.c b/lib/tsocket/tsocket.c
index 674858de0a5..b589959f771 100644
--- a/lib/tsocket/tsocket.c
+++ b/lib/tsocket/tsocket.c
@@ -25,6 +25,7 @@
#include "system/filesys.h"
#include "tsocket.h"
#include "tsocket_internal.h"
+#include "lib/util/iov_buf.h"
int tsocket_simple_int_recv(struct tevent_req *req, int *perrno)
{
@@ -524,8 +525,7 @@ struct tevent_req *tstream_readv_send(TALLOC_CTX *mem_ctx,
struct tevent_req *req;
struct tstream_readv_state *state;
struct tevent_req *subreq;
- int to_read = 0;
- size_t i;
+ ssize_t to_read;
req = tevent_req_create(mem_ctx, &state,
struct tstream_readv_state);
@@ -545,16 +545,11 @@ struct tevent_req *tstream_readv_send(TALLOC_CTX *mem_ctx,
}
#endif
- for (i=0; i < count; i++) {
- int tmp = to_read;
- tmp += vector[i].iov_len;
+ to_read = iov_buflen(vector, count);
- if (tmp < to_read) {
- tevent_req_error(req, EMSGSIZE);
- goto post;
- }
-
- to_read = tmp;
+ if (to_read < 0) {
+ tevent_req_error(req, EMSGSIZE);
+ goto post;
}
if (to_read == 0) {
@@ -646,8 +641,7 @@ struct tevent_req *tstream_writev_send(TALLOC_CTX *mem_ctx,
struct tevent_req *req;
struct tstream_writev_state *state;
struct tevent_req *subreq;
- int to_write = 0;
- size_t i;
+ ssize_t to_write;
req = tevent_req_create(mem_ctx, &state,
struct tstream_writev_state);
@@ -667,16 +661,10 @@ struct tevent_req *tstream_writev_send(TALLOC_CTX *mem_ctx,
}
#endif
- for (i=0; i < count; i++) {
- int tmp = to_write;
- tmp += vector[i].iov_len;
-
- if (tmp < to_write) {
- tevent_req_error(req, EMSGSIZE);
- goto post;
- }
-
- to_write = tmp;
+ to_write = iov_buflen(vector, count);
+ if (to_write < 0) {
+ tevent_req_error(req, EMSGSIZE);
+ goto post;
}
if (to_write == 0) {
diff --git a/lib/util/util_net.h b/lib/util/util_net.h
index 1aed45a432c..30399d81105 100644
--- a/lib/util/util_net.h
+++ b/lib/util/util_net.h
@@ -1,19 +1,19 @@
-/*
+/*
Unix SMB/CIFS implementation.
Utility functions for Samba
Copyright (C) Andrew Tridgell 1992-1999
Copyright (C) Jelmer Vernooij 2005
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see .
*/
diff --git a/libcli/smb/tstream_smbXcli_np.c b/libcli/smb/tstream_smbXcli_np.c
index 02483004080..ad92ba43b27 100644
--- a/libcli/smb/tstream_smbXcli_np.c
+++ b/libcli/smb/tstream_smbXcli_np.c
@@ -26,6 +26,7 @@
#include "smbXcli_base.h"
#include "tstream_smbXcli_np.h"
#include "libcli/security/security.h"
+#include "lib/util/iov_buf.h"
static const struct tstream_context_ops tstream_smbXcli_np_ops;
@@ -537,11 +538,13 @@ static void tstream_smbXcli_np_writev_write_next(struct tevent_req *req)
tstream_context_data(state->stream,
struct tstream_smbXcli_np);
struct tevent_req *subreq;
- size_t i;
- size_t left = 0;
+ ssize_t left;
- for (i=0; i < state->count; i++) {
- left += state->vector[i].iov_len;
+ left = iov_buflen(state->vector, state->count);
+
+ if (left < 0) {
+ tevent_req_error(req, EMSGSIZE);
+ return;
}
if (left == 0) {
diff --git a/source3/client/client.c b/source3/client/client.c
index 2052eb5ed4c..08cf63018f3 100644
--- a/source3/client/client.c
+++ b/source3/client/client.c
@@ -3182,7 +3182,9 @@ static int cmd_posix(void)
return 1;
}
- d_printf("Server supports CIFS extensions %u.%u\n", (unsigned int)major, (unsigned int)minor);
+ d_printf("Server supports CIFS extensions %" PRIu16 ".%" PRIu16 "\n",
+ major,
+ minor);
caps = talloc_strdup(ctx, "");
if (caplow & CIFS_UNIX_FCNTL_LOCKS_CAP) {
@@ -3674,18 +3676,13 @@ static int cmd_chmod(void)
return 1;
}
- if (!SERVER_HAS_UNIX_CIFS(targetcli)) {
- d_printf("Server doesn't support UNIX CIFS calls.\n");
- return 1;
- }
-
if (CLI_DIRSEP_CHAR != '/') {
d_printf("Command \"posix\" must be issued before "
"the \"chmod\" command can be used.\n");
return 1;
}
- status = cli_posix_chmod(targetcli, targetname, mode);
+ status = cli_chmod(targetcli, targetname, mode);
if (!NT_STATUS_IS_OK(status)) {
d_printf("%s chmod file %s 0%o\n",
nt_errstr(status), src, (unsigned int)mode);
diff --git a/source3/lib/util_namearray.c b/source3/lib/util_namearray.c
index 1c5b4ac6a0e..8d05beb7d31 100644
--- a/source3/lib/util_namearray.c
+++ b/source3/lib/util_namearray.c
@@ -192,7 +192,7 @@ static size_t namearray_len(const struct name_compare_entry *array)
/*******************************************************************
Strip a '/' separated list into an array of
- name_compare_enties structures suitable for
+ name_compare_entry structures suitable for
passing to is_in_path(). We do this for
speed so we can pre-parse all the names in the list
and don't do it for each call to is_in_path().
diff --git a/source3/libsmb/cli_smb2_fnum.c b/source3/libsmb/cli_smb2_fnum.c
index 7f44435963f..34d65019d80 100644
--- a/source3/libsmb/cli_smb2_fnum.c
+++ b/source3/libsmb/cli_smb2_fnum.c
@@ -49,6 +49,7 @@
struct smb2_hnd {
uint64_t fid_persistent;
uint64_t fid_volatile;
+ bool posix; /* Opened with posix context */
};
/*
@@ -56,23 +57,29 @@ struct smb2_hnd {
*/
/***************************************************************
- Allocate a new fnum between 1 and 0xFFFE from an smb2_hnd.
+ Allocate a new fnum between 1 and 0xFFFE from an smb2 file id.
Ensures handle is owned by cli struct.
***************************************************************/
static NTSTATUS map_smb2_handle_to_fnum(struct cli_state *cli,
- const struct smb2_hnd *ph, /* In */
- uint16_t *pfnum) /* Out */
+ uint64_t fid_persistent,
+ uint64_t fid_volatile,
+ bool posix,
+ uint16_t *pfnum)
{
int ret;
struct idr_context *idp = cli->smb2.open_handles;
- struct smb2_hnd *owned_h = talloc_memdup(cli,
- ph,
- sizeof(struct smb2_hnd));
+ struct smb2_hnd *owned_h = NULL;
+ owned_h = talloc(cli, struct smb2_hnd);
if (owned_h == NULL) {
return NT_STATUS_NO_MEMORY;
}
+ *owned_h = (struct smb2_hnd){
+ .fid_persistent = fid_persistent,
+ .fid_volatile = fid_volatile,
+ .posix = posix,
+ };
if (idp == NULL) {
/* Lazy init */
@@ -342,22 +349,30 @@ static void cli_smb2_create_fnum_done(struct tevent_req *subreq)
subreq, struct tevent_req);
struct cli_smb2_create_fnum_state *state = tevent_req_data(
req, struct cli_smb2_create_fnum_state);
- struct smb2_hnd h;
+ uint64_t fid_persistent, fid_volatile;
+ struct smb2_create_blob *posix = NULL;
NTSTATUS status;
- status = smb2cli_create_recv(
- subreq,
- &h.fid_persistent,
- &h.fid_volatile, &state->cr,
- state,
- &state->out_cblobs,
- &state->symlink);
+ status = smb2cli_create_recv(subreq,
+ &fid_persistent,
+ &fid_volatile,
+ &state->cr,
+ state,
+ &state->out_cblobs,
+ &state->symlink);
TALLOC_FREE(subreq);
if (tevent_req_nterror(req, status)) {
return;
}
- status = map_smb2_handle_to_fnum(state->cli, &h, &state->fnum);
+ posix = smb2_create_blob_find(&state->in_cblobs,
+ SMB2_CREATE_TAG_POSIX);
+
+ status = map_smb2_handle_to_fnum(state->cli,
+ fid_persistent,
+ fid_volatile,
+ (posix != NULL),
+ &state->fnum);
if (tevent_req_nterror(req, status)) {
return;
}
@@ -408,6 +423,18 @@ NTSTATUS cli_smb2_create_fnum_recv(
return NT_STATUS_OK;
}
+bool cli_smb2_fnum_is_posix(struct cli_state *cli, uint16_t fnum)
+{
+ struct smb2_hnd *ph = NULL;
+ NTSTATUS status;
+
+ status = map_fnum_to_smb2_handle(cli, fnum, &ph);
+ if (!NT_STATUS_IS_OK(status)) {
+ return false;
+ }
+ return ph->posix;
+}
+
NTSTATUS cli_smb2_create_fnum(
struct cli_state *cli,
const char *fname,
diff --git a/source3/libsmb/cli_smb2_fnum.h b/source3/libsmb/cli_smb2_fnum.h
index abac569385d..2b19e6ebb4e 100644
--- a/source3/libsmb/cli_smb2_fnum.h
+++ b/source3/libsmb/cli_smb2_fnum.h
@@ -67,6 +67,8 @@ NTSTATUS cli_smb2_create_fnum(
TALLOC_CTX *mem_ctx,
struct smb2_create_blobs *out_cblobs);
+bool cli_smb2_fnum_is_posix(struct cli_state *cli, uint16_t fnum);
+
struct tevent_req *cli_smb2_close_fnum_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct cli_state *cli,
diff --git a/source3/libsmb/clifile.c b/source3/libsmb/clifile.c
index 7732cb91279..57eb75eb228 100644
--- a/source3/libsmb/clifile.c
+++ b/source3/libsmb/clifile.c
@@ -989,62 +989,233 @@ static NTSTATUS cli_posix_chown_chmod_internal_recv(struct tevent_req *req)
return tevent_req_simple_recv_ntstatus(req);
}
-/****************************************************************************
- chmod a file (UNIX extensions).
-****************************************************************************/
-
-struct cli_posix_chmod_state {
- uint8_t dummy;
+struct cli_fchmod_state {
+ uint8_t data[100]; /* smb1 posix extensions */
};
-static void cli_posix_chmod_done(struct tevent_req *subreq);
+static void cli_fchmod_done1(struct tevent_req *subreq);
+static void cli_fchmod_done2(struct tevent_req *subreq);
-struct tevent_req *cli_posix_chmod_send(TALLOC_CTX *mem_ctx,
- struct tevent_context *ev,
- struct cli_state *cli,
- const char *fname,
- mode_t mode)
+struct tevent_req *cli_fchmod_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ uint16_t fnum,
+ mode_t mode)
{
struct tevent_req *req = NULL, *subreq = NULL;
- struct cli_posix_chmod_state *state = NULL;
+ struct cli_fchmod_state *state = NULL;
+ const enum protocol_types proto = smbXcli_conn_protocol(cli->conn);
- req = tevent_req_create(mem_ctx, &state, struct cli_posix_chmod_state);
+ req = tevent_req_create(mem_ctx, &state, struct cli_fchmod_state);
if (req == NULL) {
return NULL;
}
- subreq = cli_posix_chown_chmod_internal_send(
- state,
- ev,
- cli,
- fname,
- unix_perms_to_wire(mode),
- SMB_UID_NO_CHANGE,
- SMB_GID_NO_CHANGE);
+ if ((proto < PROTOCOL_SMB2_02) && SERVER_HAS_UNIX_CIFS(cli)) {
+ memset(state->data,
+ 0xff,
+ 40); /* Set all sizes/times to no change. */
+ PUSH_LE_U32(state->data, 40, SMB_UID_NO_CHANGE);
+ PUSH_LE_U32(state->data, 48, SMB_GID_NO_CHANGE);
+ PUSH_LE_U32(state->data, 84, mode);
+
+ subreq = cli_setfileinfo_send(state,
+ ev,
+ cli,
+ fnum,
+ SMB_SET_FILE_UNIX_BASIC,
+ state->data,
+ sizeof(state->data));
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_fchmod_done1, req);
+ return req;
+ }
+
+ if ((proto >= PROTOCOL_SMB3_11) && cli_smb2_fnum_is_posix(cli, fnum)) {
+ struct security_ace ace = {
+ .type = SEC_ACE_TYPE_ACCESS_ALLOWED,
+ .trustee = global_sid_Unix_NFS_Mode,
+ };
+ struct security_acl acl = {
+ .revision = SECURITY_ACL_REVISION_NT4,
+ .num_aces = 1,
+ .aces = &ace,
+ };
+ struct security_descriptor *sd = NULL;
+
+ sid_append_rid(&ace.trustee, mode);
+
+ sd = make_sec_desc(state,
+ SECURITY_DESCRIPTOR_REVISION_1,
+ SEC_DESC_SELF_RELATIVE |
+ SEC_DESC_DACL_PRESENT,
+ NULL,
+ NULL,
+ NULL,
+ &acl,
+ NULL);
+ if (tevent_req_nomem(sd, req)) {
+ return tevent_req_post(req, ev);
+ }
+
+ subreq = cli_set_security_descriptor_send(
+ state, ev, cli, fnum, SECINFO_DACL, sd);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, cli_fchmod_done2, req);
+ return req;
+ }
+
+ tevent_req_nterror(req, NT_STATUS_INVALID_LEVEL);
+ return tevent_req_post(req, ev);
+}
+
+static void cli_fchmod_done1(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_setfileinfo_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+static void cli_fchmod_done2(struct tevent_req *subreq)
+{
+ NTSTATUS status = cli_set_security_descriptor_recv(subreq);
+ tevent_req_simple_finish_ntstatus(subreq, status);
+}
+
+NTSTATUS cli_fchmod_recv(struct tevent_req *req)
+{
+ return tevent_req_simple_recv_ntstatus(req);
+}
+
+struct cli_chmod_state {
+ struct tevent_context *ev;
+ struct cli_state *cli;
+ mode_t mode;
+
+ uint16_t fnum;
+
+ NTSTATUS fchmod_status;
+
+ uint8_t data[100]; /* smb1 posix extensions */
+};
+
+static void cli_chmod_opened(struct tevent_req *subreq);
+static void cli_chmod_done(struct tevent_req *subreq);
+static void cli_chmod_closed(struct tevent_req *subreq);
+
+struct tevent_req *cli_chmod_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct cli_state *cli,
+ const char *fname,
+ mode_t mode)
+{
+ struct tevent_req *req = NULL, *subreq = NULL;
+ struct cli_chmod_state *state = NULL;
+
+ req = tevent_req_create(mem_ctx, &state, struct cli_chmod_state);
+ if (req == NULL) {
+ return NULL;
+ }
+ state->ev = ev;
+ state->cli = cli;
+ state->mode = mode;
+
+ subreq = cli_ntcreate_send(
+ state, /* mem_ctx */
+ ev, /* ev */
+ cli, /* cli */
+ fname, /* fname */
+ 0, /* create_flags */
+ SEC_STD_WRITE_DAC, /* desired_access */
+ 0, /* file_attributes */
+ FILE_SHARE_READ | FILE_SHARE_WRITE, /* share_access */
+ FILE_OPEN, /* create_disposition */
+ 0x0, /* create_options */
+ SMB2_IMPERSONATION_IMPERSONATION, /* impersonation_level */
+ 0x0); /* SecurityFlags */
if (tevent_req_nomem(subreq, req)) {
return tevent_req_post(req, ev);
}
- tevent_req_set_callback(subreq, cli_posix_chmod_done, req);
+ tevent_req_set_callback(subreq, cli_chmod_opened, req);
return req;
}
-static void cli_posix_chmod_done(struct tevent_req *subreq)
+static void cli_chmod_opened(struct tevent_req *subreq)
{
- NTSTATUS status = cli_posix_chown_chmod_internal_recv(subreq);
- tevent_req_simple_finish_ntstatus(subreq, status);
+ struct tevent_req *req = tevent_req_callback_data(subreq,
+ struct tevent_req);
+ struct cli_chmod_state *state = tevent_req_data(
+ req, struct cli_chmod_state);
+ NTSTATUS status;
+
+ status = cli_ntcreate_recv(subreq, &state->fnum, NULL);
+ TALLOC_FREE(subreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
--
Samba Shared Repository
From metze at samba.org Tue Aug 6 21:50:30 2024
From: metze at samba.org (Stefan Metzmacher)
Date: Tue, 06 Aug 2024 21:50:30 +0000
Subject: [SCM] Samba Shared Repository - annotated tag tdb-1.4.12 created
Message-ID:
The annotated tag, tdb-1.4.12 has been created
at 5f1ae2e399753c5a575450bd2fd7885befeeadd8 (tag)
tagging 6b10cfbaf2c522cceb48c610c18656d2d69cf60b (commit)
replaces samba-4.21.0rc1
tagged by Stefan Metzmacher
on Tue Aug 6 23:50:21 2024 +0200
- Log -----------------------------------------------------------------
tdb: tag release tdb-1.4.12
-----BEGIN PGP SIGNATURE-----
iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAmaymp0ACgkQR5ORYRMI
QCV1LwgAhx1Mi2+H399fNYPN4ipPZfibO8sGdx5e/8CalntqZmTqw2sViXEWDMxC
kzKZIDvZk8SGi1MCK2fjgIIFAT2fsBx4obO69/PeFqT7dPZMqru+xkCrOHFsHeZd
dR38wDZi6fJdbyxv1dOCkee3FG/Dnupw9UAzuuIvhv2fSxZM/Z6CMBgjpThPfzp5
4uOt3HwesN/vTQwMT3ur/pzJrKWfVhCp0fW3Y2FVe+SmBFUDqXQo5cMgUVVDBh3k
ukMhnarwmd/8Ip6qG1a/udg+4vpe051HHXDcnmfUMR36VotyOWK/3ofahftm50ZF
SbKucpy3UYNSiTIJVlM42hWotjjfKA==
=1gif
-----END PGP SIGNATURE-----
Andreas Schneider (4):
s4:torture: Remove trailing spaces from smbtorture.c
s4:torture: Fix memory leak
wafsamba: Fix ABI symbol name generation
autobuild: Add ABI checks for libtalloc, libtevent and libtdb
Anoop C S (1):
vfs_ceph_new: Unconditionally use ceph_select_filesystem
Jo Sutton (24):
buildtools: Use isinstance() to compare types
lib:cmdline: Fix code spelling
lib:util: Fix code spelling
libcli:auth: Fix code spelling
python:tests: Fix code spelling
python:tests: Fix code spelling
s3:libnet: Fix code spelling
s4:dsdb: Remove trailing whitespace
s4:dsdb: Fix code spelling
tests/krb5: Remove unneeded parameter ?samdb?
tests/krb5: Remove unneeded machine account creation
python:netcmd: Explicitly delete samdb variables
s4-kcc: Remove nonfunctional fallback code
buildtools: Remove trailing whitespace
buildtools: Fix code spelling
ldb-samba: Fix code spelling
dsdb periodic: Produce a debugging message if kccsrv_samba_kcc() fails
python:tests: Account for new user ?joe?
s3:libsmb: Fix invalid array dereference
s3:libsmb: Return a more sensible error if no interfaces are available
lib:cmdline: Load network interfaces in _samba_cmdline_load_config_s4()
python:provision: Do not suppress errors produced setting up BIND database
python:tests: Remove unused variable
ldb: Fix ldb public library header files being unusable
John Mulligan (12):
ctdb-conf: add ctdb_read_nodes_cmd function
ctdb-conf: add "nodes list" configuration option
ctdb-server: use the new "nodes list" configuration option
ctdb-server: rename nodes_file field to nodes_source
ctdb-server: rename ctdb_load_nodes_file to ctdb_load_nodes
ctdb-conf: add boolean arg for verbosity when loading config
ctdb-tools: update cli tool to optionally load nodes from command
ctdb-tests: add unit test coverage for listnodes with command
ctdb-tests: add USENODESCOMMAND directive to fake ctdb
ctdb-tests: add reloadnodes unit tests that use the nodes list command
ctdb-tests: add a nodestatus test that uses the nodes list command
ctdb-doc: document nodes list configuration parameter
Jule Anger (3):
VERSION: Bump version up to 4.22.0pre1...
WHATSNEW: Start release notes for Samba 4.22.0pre1.
ldb: change the version to 2.11.0 for Samba 4.22
Pavel Filipensk? (3):
docs:smbdotconf: Improve formatting of 'sync machine password to keytab'
docs-xml: Fix trailing whitespace in net.8.xml
docs-xml: Delete descriptions for removed commands "net ads keytab add" and "net ads keytab add_update_ads"
Shachar Sharon (29):
vfs_ceph_new: next iteration of samba-to-cephfs bridge
vfs_ceph_new: use low-level APIs for disk_free
vfs_ceph_new: use low-level APIs for stat
vfs_ceph_new: use low-level APIs for lstat
vfs_ceph_new: use low-level APIs for statfs
vfs_ceph_new: use low-level APIs for lchown
vfs_ceph_new: ref cephmount_cached entry in handle->data
vfs_ceph_new: use low-level APIs for open/close
vfs_ceph_new: use low-level APIs for fstat
vfs_ceph_new: use low-level APIs for fstatat
vfs_ceph_new: use low-level APIs for fdopendir
vfs_ceph_new: use low-level APIs for mkdirat
vfs_ceph_new: use low-level APIs for readdir ops
vfs_ceph_new: proper error handling to readdir
vfs_ceph_new: use low-level APIs for fchown/fchmod
vfs_ceph_new: use low-level APIs for fntimes
vfs_ceph_new: use low-level APIs for unlinkat
vfs_ceph_new: use low-level APIs for symlink/readlink
vfs_ceph_new: use low-level APIs for read/write
vfs_ceph_new: use low-level APIs for lseek
vfs_ceph_new: use low-level APIs for fsync
vfs_ceph_new: use low-level APIs for ftruncate/fallocate
vfs_ceph_new: use low-level APIs for linkat
vfs_ceph_new: use low-level APIs for renameat
vfs_ceph_new: use low-level APIs for mknodat
vfs_ceph_new: use low-level APIs for xattr ops
vfs_ceph_new: debug-log upon libcephfs low-level calls
vfs_ceph_new: common prefix to debug-log messages
docs-xml/manpages: add entry for vfs_ceph_new
Stefan Metzmacher (2):
s4:torture/smb2: add 'smb2.bench.session-setup'
tdb: version 1.4.12
Volker Lendecke (8):
loadparm: Factor out lp_wi_scan_parametrics
loadparm: Add lp_wi_scan_share_parametrics
lib: Factor out append_namearray from set_namearray
smbd: Respect per-user hide and veto files with parametric options
tests: Test parametric per-user syntax for hide/veto files
lib: Remove per-user support from append_to_namearray
lib: Remove "token" parameter from set_namearray
docs: Document parametric form of hide and veto files
-----------------------------------------------------------------------
--
Samba Shared Repository
From vlendec at samba.org Wed Aug 7 07:39:02 2024
From: vlendec at samba.org (Volker Lendecke)
Date: Wed, 07 Aug 2024 07:39:02 +0000
Subject: [SCM] Samba Shared Repository - branch master updated
Message-ID:
The branch, master has been updated
via c0d0767a3ab script/autobuild.py: do some basic testing using --without-winbind
via 5b31b723c06 s3:lib: add winbind_lookup_name_ex() fallback for --without-winbind
from 2686a189c6c smbd: Assert we have an fsp in smbd_do_setfilepathinfo
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit c0d0767a3ab2c0cd5c4f2fa5cd77f3b678794d63
Author: Stefan Metzmacher
Date: Tue Aug 6 17:45:37 2024 +0200
script/autobuild.py: do some basic testing using --without-winbind
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15687
Signed-off-by: Stefan Metzmacher
Reviewed-by: Volker Lendecke
Autobuild-User(master): Volker Lendecke
Autobuild-Date(master): Wed Aug 7 07:38:35 UTC 2024 on atb-devel-224
commit 5b31b723c06a0b41f9d47e47ce79818e07d3b831
Author: Stefan Metzmacher
Date: Tue Aug 6 17:20:38 2024 +0200
s3:lib: add winbind_lookup_name_ex() fallback for --without-winbind
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15687
Signed-off-by: Stefan Metzmacher
Reviewed-by: Volker Lendecke
-----------------------------------------------------------------------
Summary of changes:
script/autobuild.py | 9 +++++++++
source3/lib/winbind_util.c | 11 +++++++++++
2 files changed, 20 insertions(+)
Changeset truncated at 500 lines:
diff --git a/script/autobuild.py b/script/autobuild.py
index e610f0e8821..d059caec471 100755
--- a/script/autobuild.py
+++ b/script/autobuild.py
@@ -1082,6 +1082,15 @@ tasks = {
("nonshared-lcov", LCOV_CMD),
("nonshared-check-clean-tree", CLEAN_SOURCE_TREE_CMD),
("nonshared-clean", "make clean"),
+
+ # retry without winbindd
+ ("nonwinbind-distclean", "make distclean"),
+ ("nonwinbind-configure", "./configure.developer " + samba_configure_params + " --bundled-libraries=ALL --with-static-modules=ALL --without-winbind"),
+ ("nonwinbind-make", "make -j"),
+ ("nonwinbind-test", make_test(TESTS="samba3.smb2.*.simpleserver")),
+ ("nonwinbind-lcov", LCOV_CMD),
+ ("nonwinbind-check-clean-tree", CLEAN_SOURCE_TREE_CMD),
+ ("nonwinbind-clean", "make clean"),
],
},
diff --git a/source3/lib/winbind_util.c b/source3/lib/winbind_util.c
index 0852c3d0281..ece0cbf2114 100644
--- a/source3/lib/winbind_util.c
+++ b/source3/lib/winbind_util.c
@@ -363,6 +363,17 @@ bool winbind_lookup_name(const char *dom_name, const char *name, struct dom_sid
return false;
}
+_PRIVATE_
+NTSTATUS winbind_lookup_name_ex(const char *dom_name,
+ const char *name,
+ struct dom_sid *sid,
+ enum lsa_SidType *name_type)
+{
+ *name_type = SID_NAME_UNKNOWN;
+ ZERO_STRUCTP(sid);
+ return NT_STATUS_OK;
+}
+
/* Call winbindd to convert sid to name */
bool winbind_lookup_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
--
Samba Shared Repository
From metze at samba.org Wed Aug 7 11:16:01 2024
From: metze at samba.org (Stefan Metzmacher)
Date: Wed, 07 Aug 2024 11:16:01 +0000
Subject: [SCM] Samba Shared Repository - branch v4-21-test updated
Message-ID:
The branch, v4-21-test has been updated
via b375043d62c script/autobuild.py: do some basic testing using --without-winbind
via ba14164f729 s3:lib: add winbind_lookup_name_ex() fallback for --without-winbind
via 0ca6cd90b66 tdb: version 1.4.12
via 0cf9c6efd7e autobuild: Add ABI checks for libtalloc, libtevent and libtdb
from 725907587b8 WHATSNEW: update the "Automatic keytab update after machine password change" section
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-21-test
- Log -----------------------------------------------------------------
commit b375043d62cef4ade95a4c9d259a776772aa32f2
Author: Stefan Metzmacher
Date: Tue Aug 6 17:45:37 2024 +0200
script/autobuild.py: do some basic testing using --without-winbind
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15687
Signed-off-by: Stefan Metzmacher
Reviewed-by: Volker Lendecke
Autobuild-User(master): Volker Lendecke
Autobuild-Date(master): Wed Aug 7 07:38:35 UTC 2024 on atb-devel-224
(cherry picked from commit c0d0767a3ab2c0cd5c4f2fa5cd77f3b678794d63)
Autobuild-User(v4-21-test): Stefan Metzmacher
Autobuild-Date(v4-21-test): Wed Aug 7 11:15:19 UTC 2024 on atb-devel-224
commit ba14164f7293145c061381b4b1caba53475be88e
Author: Stefan Metzmacher
Date: Tue Aug 6 17:20:38 2024 +0200
s3:lib: add winbind_lookup_name_ex() fallback for --without-winbind
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15687
Signed-off-by: Stefan Metzmacher
Reviewed-by: Volker Lendecke
(cherry picked from commit 5b31b723c06a0b41f9d47e47ce79818e07d3b831)
commit 0ca6cd90b661ee8002dd55f408b525003ac415a1
Author: Stefan Metzmacher
Date: Tue Aug 6 15:11:36 2024 +0200
tdb: version 1.4.12
* Regression fix for ABI problem
TDB_1_4_11 vs. TDB_1.4.11
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15673
Signed-off-by: Stefan Metzmacher
Autobuild-User(master): Stefan Metzmacher
Autobuild-Date(master): Tue Aug 6 16:16:27 UTC 2024 on atb-devel-224
(cherry picked from commit 6b10cfbaf2c522cceb48c610c18656d2d69cf60b)
commit 0cf9c6efd7eac8fa026bac7d79b4f4f3ef01450c
Author: Andreas Schneider
Date: Tue Aug 6 14:43:29 2024 +0200
autobuild: Add ABI checks for libtalloc, libtevent and libtdb
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15673
Signed-off-by: Andreas Schneider
(cherry picked from commit bcd49e3000736eb3c642280ac2e1f3d56a31b6bb)
-----------------------------------------------------------------------
Summary of changes:
lib/tdb/ABI/{tdb-1.3.17.sigs => tdb-1.4.12.sigs} | 0
lib/tdb/wscript | 2 +-
script/autobuild.py | 51 ++++++++++++++++++++++++
source3/lib/winbind_util.c | 11 +++++
4 files changed, 63 insertions(+), 1 deletion(-)
copy lib/tdb/ABI/{tdb-1.3.17.sigs => tdb-1.4.12.sigs} (100%)
Changeset truncated at 500 lines:
diff --git a/lib/tdb/ABI/tdb-1.3.17.sigs b/lib/tdb/ABI/tdb-1.4.12.sigs
similarity index 100%
copy from lib/tdb/ABI/tdb-1.3.17.sigs
copy to lib/tdb/ABI/tdb-1.4.12.sigs
diff --git a/lib/tdb/wscript b/lib/tdb/wscript
index 234a66f6878..812e5987daf 100644
--- a/lib/tdb/wscript
+++ b/lib/tdb/wscript
@@ -1,7 +1,7 @@
#!/usr/bin/env python
APPNAME = 'tdb'
-VERSION = '1.4.11'
+VERSION = '1.4.12'
import sys, os
diff --git a/script/autobuild.py b/script/autobuild.py
index 6a9864f6f89..d059caec471 100755
--- a/script/autobuild.py
+++ b/script/autobuild.py
@@ -884,14 +884,56 @@ tasks = {
("talloc-configure", "cd lib/talloc && " + samba_libs_configure_libs),
("talloc-make", "cd lib/talloc && make"),
("talloc-install", "cd lib/talloc && make install"),
+ ("talloc-abi-check1",
+ check_versioned_symbol(
+ "./lib/talloc/bin/shared/libtalloc.so.2",
+ "talloc_named",
+ "TALLOC_2.0.2"
+ )
+ ),
+ ("talloc-abi-check2",
+ check_versioned_symbol(
+ "./lib/talloc/bin/shared/libtalloc.so.2",
+ "talloc_asprintf_addbuf",
+ "TALLOC_2.3.5"
+ )
+ ),
("tdb-configure", "cd lib/tdb && " + samba_libs_configure_libs),
("tdb-make", "cd lib/tdb && make"),
("tdb-install", "cd lib/tdb && make install"),
+ ("tdb-abi-check1",
+ check_versioned_symbol(
+ "./lib/tdb/bin/shared/libtdb.so.1",
+ "tdb_errorstr",
+ "TDB_1.2.1"
+ )
+ ),
+ ("tdb-abi-check2",
+ check_versioned_symbol(
+ "./lib/tdb/bin/shared/libtdb.so.1",
+ "tdb_traverse_chain",
+ "TDB_1.3.17"
+ )
+ ),
("tevent-configure", "cd lib/tevent && " + samba_libs_configure_libs),
("tevent-make", "cd lib/tevent && make"),
("tevent-install", "cd lib/tevent && make install"),
+ ("tevent-abi-check1",
+ check_versioned_symbol(
+ "./lib/tevent/bin/shared/libtevent.so.0",
+ "_tevent_loop_once",
+ "TEVENT_0.9.9"
+ )
+ ),
+ ("tevent-abi-check2",
+ check_versioned_symbol(
+ "./lib/tevent/bin/shared/libtevent.so.0",
+ "__tevent_req_create",
+ "TEVENT_0.15.0"
+ )
+ ),
("nondevel-configure", samba_libs_envvars + " ./configure --private-libraries='!ldb' --vendor-suffix=TEST-STRING~5.1.2 ${PREFIX}"),
("nondevel-make", "make -j"),
@@ -1040,6 +1082,15 @@ tasks = {
("nonshared-lcov", LCOV_CMD),
("nonshared-check-clean-tree", CLEAN_SOURCE_TREE_CMD),
("nonshared-clean", "make clean"),
+
+ # retry without winbindd
+ ("nonwinbind-distclean", "make distclean"),
+ ("nonwinbind-configure", "./configure.developer " + samba_configure_params + " --bundled-libraries=ALL --with-static-modules=ALL --without-winbind"),
+ ("nonwinbind-make", "make -j"),
+ ("nonwinbind-test", make_test(TESTS="samba3.smb2.*.simpleserver")),
+ ("nonwinbind-lcov", LCOV_CMD),
+ ("nonwinbind-check-clean-tree", CLEAN_SOURCE_TREE_CMD),
+ ("nonwinbind-clean", "make clean"),
],
},
diff --git a/source3/lib/winbind_util.c b/source3/lib/winbind_util.c
index 0852c3d0281..ece0cbf2114 100644
--- a/source3/lib/winbind_util.c
+++ b/source3/lib/winbind_util.c
@@ -363,6 +363,17 @@ bool winbind_lookup_name(const char *dom_name, const char *name, struct dom_sid
return false;
}
+_PRIVATE_
+NTSTATUS winbind_lookup_name_ex(const char *dom_name,
+ const char *name,
+ struct dom_sid *sid,
+ enum lsa_SidType *name_type)
+{
+ *name_type = SID_NAME_UNKNOWN;
+ ZERO_STRUCTP(sid);
+ return NT_STATUS_OK;
+}
+
/* Call winbindd to convert sid to name */
bool winbind_lookup_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid,
--
Samba Shared Repository
From gd at samba.org Wed Aug 7 14:21:01 2024
From: gd at samba.org (=?UTF-8?Q?G=C3=BCnther_Deschner?=)
Date: Wed, 07 Aug 2024 14:21:01 +0000
Subject: [SCM] Samba Shared Repository - branch master updated
Message-ID:
The branch, master has been updated
via aa043a5808b vfs_ceph_new: handle errno properly for 'readdir'
via a7f4e2bd47c vfs_ceph{_new}: do not set errno upon successful call to libcephfs
from c0d0767a3ab script/autobuild.py: do some basic testing using --without-winbind
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit aa043a5808b73fc272de585c1446372fa3f21d08
Author: Shachar Sharon
Date: Tue Jul 30 17:36:09 2024 +0300
vfs_ceph_new: handle errno properly for 'readdir'
Take special care for readdir errno setting: in case of error, update
errno by libcephfs (and protect from possible over-write by debug
logging); in the case of successful result or end-of-stream restore
errno to its previous value before calling the readdir_fn VFS hook.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon
Reviewed-by: Guenther Deschner
Reviewed-by: Anoop C S
Autobuild-User(master): G?nther Deschner
Autobuild-Date(master): Wed Aug 7 14:20:02 UTC 2024 on atb-devel-224
commit a7f4e2bd47c7f4728f3ac8d90af693156a69c557
Author: Shachar Sharon
Date: Tue Jul 30 09:55:44 2024 +0300
vfs_ceph{_new}: do not set errno upon successful call to libcephfs
There is code in Samba that expects errno from a previous system call
to be preserved through a subsequent system call. Thus, avoid setting
"errno = 0" in status_code() and lstatus_code() upon successful return
from libcephfs API call.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon
Reviewed-by: Guenther Deschner
Reviewed-by: Anoop C S
-----------------------------------------------------------------------
Summary of changes:
source3/modules/vfs_ceph.c | 2 --
source3/modules/vfs_ceph_new.c | 15 +++++++--------
2 files changed, 7 insertions(+), 10 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/modules/vfs_ceph.c b/source3/modules/vfs_ceph.c
index 1dd136e569b..fd450af16c2 100644
--- a/source3/modules/vfs_ceph.c
+++ b/source3/modules/vfs_ceph.c
@@ -66,7 +66,6 @@ static inline int status_code(int ret)
errno = -ret;
return -1;
}
- errno = 0;
return ret;
}
@@ -76,7 +75,6 @@ static inline ssize_t lstatus_code(intmax_t ret)
errno = -((int)ret);
return -1;
}
- errno = 0;
return (ssize_t)ret;
}
diff --git a/source3/modules/vfs_ceph_new.c b/source3/modules/vfs_ceph_new.c
index 99d4a1fe407..cf7e6b121db 100644
--- a/source3/modules/vfs_ceph_new.c
+++ b/source3/modules/vfs_ceph_new.c
@@ -66,7 +66,6 @@ static int status_code(int ret)
errno = -ret;
return -1;
}
- errno = 0;
return ret;
}
@@ -76,7 +75,6 @@ static ssize_t lstatus_code(intmax_t ret)
errno = -((int)ret);
return -1;
}
- errno = 0;
return (ssize_t)ret;
}
@@ -1484,19 +1482,20 @@ static struct dirent *vfs_ceph_readdir(struct vfs_handle_struct *handle,
{
const struct vfs_ceph_fh *dircfh = (const struct vfs_ceph_fh *)dirp;
struct dirent *result = NULL;
- int errval = 0;
+ int saved_errno = errno;
DBG_DEBUG("[CEPH] readdir(%p, %p)\n", handle, dirp);
+
errno = 0;
result = vfs_ceph_ll_readdir(handle, dircfh);
- errval = errno;
- if ((result == NULL) && (errval != 0)) {
- DBG_DEBUG("[CEPH] readdir(...) = %d\n", errval);
+ if ((result == NULL) && (errno != 0)) {
+ saved_errno = errno;
+ DBG_DEBUG("[CEPH] readdir(...) = %d\n", errno);
} else {
DBG_DEBUG("[CEPH] readdir(...) = %p\n", result);
}
- /* re-assign errno to avoid possible over-write by DBG_DEBUG */
- errno = errval;
+
+ errno = saved_errno;
return result;
}
--
Samba Shared Repository
From gd at samba.org Thu Aug 8 13:55:01 2024
From: gd at samba.org (=?UTF-8?Q?G=C3=BCnther_Deschner?=)
Date: Thu, 08 Aug 2024 13:55:01 +0000
Subject: [SCM] Samba Shared Repository - branch master updated
Message-ID:
The branch, master has been updated
via 68f0835c8e1 docs-xml/manpages: 'ceph_new' prefix for config-param of vfs_ceph_new
via aca4cf8327d vfs_ceph_new: use 'ceph_new' for config-param prefix
from aa043a5808b vfs_ceph_new: handle errno properly for 'readdir'
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 68f0835c8e1c5029cd831c267b75c02185b206c7
Author: Shachar Sharon
Date: Mon Aug 5 19:12:29 2024 +0300
docs-xml/manpages: 'ceph_new' prefix for config-param of vfs_ceph_new
With 'ceph_new' prefix used by vfs_ceph_new for config parameters,
update the relevant man-page accordingly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon
Reviewed-by: Anoop C S
Reviewed-by: Guenther Deschner
Autobuild-User(master): G?nther Deschner
Autobuild-Date(master): Thu Aug 8 13:54:34 UTC 2024 on atb-devel-224
commit aca4cf8327dcaef782dedd98a63a020469c45cdb
Author: Shachar Sharon
Date: Mon Aug 5 16:21:10 2024 +0300
vfs_ceph_new: use 'ceph_new' for config-param prefix
Use explicit 'ceph_new' prefix to each of the ceph specific config
parameters to avoid confusion with legacy 'vfs_ceph' module. Hence,
users will have in their smb.conf a format similar to:
...
[smbshare]
vfs objects = ceph_new
ceph_new: config_file = /etc/ceph/ceph.conf
ceph_new: user_id = user1
ceph_new: filesystem = fs1
...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Shachar Sharon
Reviewed-by: Anoop C S
Reviewed-by: Guenther Deschner
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages/vfs_ceph_new.8.xml | 12 ++++++------
source3/modules/vfs_ceph_new.c | 13 +++++++------
2 files changed, 13 insertions(+), 12 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages/vfs_ceph_new.8.xml b/docs-xml/manpages/vfs_ceph_new.8.xml
index 7a65b965ce0..b0640a591a5 100644
--- a/docs-xml/manpages/vfs_ceph_new.8.xml
+++ b/docs-xml/manpages/vfs_ceph_new.8.xml
@@ -111,20 +111,20 @@
- ceph:config_file = path
+ ceph_new:config_file = path
Allows one to define a ceph configfile to use. Empty by default.
- Example: ceph:config_file =
+ Example: ceph_new:config_file =
/etc/ceph/ceph.conf
- ceph:user_id = name
+ ceph_new:user_id = name
Allows one to explicitly set the client ID used for the
@@ -132,13 +132,13 @@
client default).
- Example: ceph:user_id = samba
+ Example: ceph_new:user_id = samba
- ceph:filesystem = fs_name
+ ceph_new:filesystem = fs_name
Allows one to explicitly select the CephFS file system
@@ -147,7 +147,7 @@
system of the Ceph cluster).
- Example: ceph:filesystem = myfs2
+ Example: ceph_new:filesystem = myfs2
diff --git a/source3/modules/vfs_ceph_new.c b/source3/modules/vfs_ceph_new.c
index cf7e6b121db..25e78444fb5 100644
--- a/source3/modules/vfs_ceph_new.c
+++ b/source3/modules/vfs_ceph_new.c
@@ -159,10 +159,11 @@ static int cephmount_cache_remove(struct cephmount_cached *entry)
static char *cephmount_get_cookie(TALLOC_CTX * mem_ctx, const int snum)
{
const char *conf_file =
- lp_parm_const_string(snum, "ceph", "config_file", ".");
- const char *user_id = lp_parm_const_string(snum, "ceph", "user_id", "");
+ lp_parm_const_string(snum, "ceph_new", "config_file", ".");
+ const char *user_id =
+ lp_parm_const_string(snum, "ceph_new", "user_id", "");
const char *fsname =
- lp_parm_const_string(snum, "ceph", "filesystem", "");
+ lp_parm_const_string(snum, "ceph_new", "filesystem", "");
return talloc_asprintf(mem_ctx, "(%s/%s/%s)", conf_file, user_id,
fsname);
}
@@ -174,11 +175,11 @@ static struct ceph_mount_info *cephmount_mount_fs(const int snum)
struct ceph_mount_info *mnt = NULL;
/* if config_file and/or user_id are NULL, ceph will use defaults */
const char *conf_file =
- lp_parm_const_string(snum, "ceph", "config_file", NULL);
+ lp_parm_const_string(snum, "ceph_new", "config_file", NULL);
const char *user_id =
- lp_parm_const_string(snum, "ceph", "user_id", NULL);
+ lp_parm_const_string(snum, "ceph_new", "user_id", NULL);
const char *fsname =
- lp_parm_const_string(snum, "ceph", "filesystem", NULL);
+ lp_parm_const_string(snum, "ceph_new", "filesystem", NULL);
DBG_DEBUG("[CEPH] calling: ceph_create\n");
ret = ceph_create(&mnt, user_id);
--
Samba Shared Repository
From metze at samba.org Tue Aug 13 15:28:01 2024
From: metze at samba.org (Stefan Metzmacher)
Date: Tue, 13 Aug 2024 15:28:01 +0000
Subject: [SCM] Samba Shared Repository - branch master updated
Message-ID:
The branch, master has been updated
via 9e4074d4268 docs:smbdotconf: Update 'kerberos method' with 'sync machine password to keytab'
via 2dd81ec2bea docs:smbdotconf: Improve documentation for 'sync machine password to keytab'
via ca7acec952b docs:smbdotconf: Improve documentation for 'sync machine password script'
via 9f0183a9f55 s3:script: Install winbind_ctdb_updatekeytab.sh
via adcad1b537c s3:script: Rename updatekeytab.sh ==> winbind_ctdb_updatekeytab.sh
via cb774a74c4e docs: Add examples to net.8 that use 'sync machine password to keytab'
via 51784e80f2b Revert "docs-xml: Delete descriptions for removed commands "net ads keytab add" and "net ads keytab add_update_ads""
from 68f0835c8e1 docs-xml/manpages: 'ceph_new' prefix for config-param of vfs_ceph_new
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 9e4074d4268e34cf93f79cd1108e7dc661ad3845
Author: Pavel Filipensk?
Date: Mon Aug 12 11:49:14 2024 +0200
docs:smbdotconf: Update 'kerberos method' with 'sync machine password to keytab'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
Pair-Programmed-With: Stefan Metzmacher
Signed-off-by: Pavel Filipensk?
Signed-off-by: Stefan Metzmacher
Autobuild-User(master): Stefan Metzmacher
Autobuild-Date(master): Tue Aug 13 15:27:26 UTC 2024 on atb-devel-224
commit 2dd81ec2bea46ad6caa6e40194eae4340f4acc7d
Author: Pavel Filipensk?
Date: Mon Aug 12 11:49:14 2024 +0200
docs:smbdotconf: Improve documentation for 'sync machine password to keytab'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
Signed-off-by: Pavel Filipensk?
Reviewed-by: Stefan Metzmacher
commit ca7acec952b0e6154927b28b1afa3e9318f22035
Author: Pavel Filipensk?
Date: Mon Aug 12 11:49:14 2024 +0200
docs:smbdotconf: Improve documentation for 'sync machine password script'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
Pair-Programmed-With: Stefan Metzmacher
Signed-off-by: Pavel Filipensk?
Signed-off-by: Stefan Metzmacher
commit 9f0183a9f55e52b09c6ae9f6c8badad6ba85bb64
Author: Pavel Filipensk?
Date: Mon Aug 12 10:44:19 2024 +0200
s3:script: Install winbind_ctdb_updatekeytab.sh
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
Signed-off-by: Pavel Filipensk?
Reviewed-by: Stefan Metzmacher
commit adcad1b537ce2e2e213b72131517233a8d2d91fd
Author: Pavel Filipensk?
Date: Mon Aug 12 11:49:35 2024 +0200
s3:script: Rename updatekeytab.sh ==> winbind_ctdb_updatekeytab.sh
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
Signed-off-by: Pavel Filipensk?
Reviewed-by: Stefan Metzmacher
commit cb774a74c4e1cc03ad0267cc68b93c06738e2ce6
Author: Pavel Filipensk?
Date: Tue Aug 6 23:31:21 2024 +0200
docs: Add examples to net.8 that use 'sync machine password to keytab'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689
Pair-Programmed-With: Stefan Metzmacher
Signed-off-by: Pavel Filipensk?
Signed-off-by: Stefan Metzmacher