[SCM] Samba Shared Repository - branch v4-22-stable updated
Jule Anger
janger at samba.org
Thu Apr 17 17:14:49 UTC 2025
The branch, v4-22-stable has been updated
via 86e867d7008 VERSION: Disable GIT_SNAPSHOT for the 4.22.1 release.
via d2037adfbb1 WHATSNEW: Add release notes for Samba 4.22.1.
via 40c8ba32d87 libcli/smb: make smb2_lease_{pull,push} endian safe
via 93e74025c88 libcli/smb: convert smb2_lease_push() to PUSH_LE_U*
via f9a02bb284a libcli/smb: make the last 2 reserved bytes explicit in smb2_lease_push()
via db2eac3b62d libcli/smb: convert smb2_lease_pull() to PULL_LE_U*
via 417feb2851a s3:smbd: work around broken "vfs mkdir use tmp name" on FAT
via dadfa06573f vfs: Fix "wide links = yes"
via 21f1d226e94 python:gp_cert_auto_enrol: fix GUID stringification
via f8cbabc5985 samba-tool gpo: better entities check copes with new lines
via 16defe08386 samba-tool gpo backup fix --generalize
via a07c0f65566 pytest: samba-tool gpo: fix has_difference(sortlines=True)
via 7f76df8a6f0 python:netcmd:gpo: fix crash when updating an MOTD GPO
via f252b2b42d8 pytest: check we can set GPO more than once
via 185e134c913 s3:rpc_server/srvsvc: use brl_get_locks_readonly() instead of brl_get_locks()
via 980723a1190 smbd: use share_mode_do_locked_brl() in vfs_default_durable_reconnect()
via dd4037fcb1a smbd: use share_mode_do_locked_brl() in vfs_default_durable_disconnect()
via 0c132a30915 smbd: use share_mode_do_locked_brl() in strict_lock_check_default()
via da75aa8271b smbd: check can_lock in strict_lock_check_default()
via 0bfec37cda9 s3/locking: prepare brl_locktest() for upgradable read-only locks
via bcf620a59e1 smbd: call locking_close_file() while still holding a glock on the locking.tdb record
via a36c666ff11 s3/brlock: remove brl_get_locks_for_locking()
via b03081e1ab3 smbd: use share_mode_do_locked_brl()
via 2b99bfb0840 s3/locking: add brl_set_modified()
via 5170196a6d8 s3/brlock: don't increment current_lock_count if do_lock_fn() failed
via 889ba4db740 s3/brlock: add share_mode_do_locked_brl()
via da0318317e6 s3/brlock: add brl_req_set()
via e85d369bf6b s3/brlock: split out brl_get_locks_readonly_parse()
via 134f84d3676 smbtorture: add test "open-brlock-deadlock"
via ae0a023845d dbwrap: check for option "tdb_hash_size:DBNAME.tdb" in db_open()
via d731cc875f2 vfs: Fix Bug 15791, vfs_acl_tdb unlinkat()
via 34a2e467259 vfs: Fix a lock order violation in unlinkat_acl_tdb()
via a2f2a714848 smbd: fix handling of directory leases and oplock levels
via 400ac7b108d smbtorture: add test smb2.dirlease.oplocks
via 2871634a9f3 vfs_ceph_new: Add path based fallback for SMB_VFS_FNTIMES
via d6232bbda2f vfs_ceph_new: Add path based fallback for SMB_VFS_FCHMOD
via 112099fb110 vfs_ceph_new: Add path based fallback for SMB_VFS_FCHOWN
via b38c179898e s3/lib: fix matching interfaces with multiple assigned IPs
via 09f3bbd4175 vfs_ceph_new: detect case sensitivity in CephFS
via bf440caab97 vfs_ceph_new: Do not resolve by inode number
via d26177dcaeb vfs_ceph_new: Handle absolute path in vfs_ceph_ll_walk
via 8b38092890d vfs_ceph_new: Remove unused code in cephmount_mount_fs()
via 4e9eb916024 vfs_ceph_new: Remove redundant re-intialization to NULL
via 6ca80fb612b vfs_ceph_new: use libcephfs nonblocking API for async-io ops
via f8f85cf8533 s3:utils: Remove call of ads_startup() from net_ads_keytab_create()
via 83c60df6e8d s3:libads: Make sure that REALM is always added to keytab principals
via 3849e7abe6d lib:krb5_wrap: Add smb_krb5_parse_name_flags()
via 0e864939620 VERSION: Bump version up to Samba 4.22.1...
from 7b3228b88ee VERSION: Disable GIT_SNAPSHOT for the 4.22.0 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-22-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 2 +-
WHATSNEW.txt | 78 +++
lib/krb5_wrap/krb5_samba.c | 39 +-
lib/krb5_wrap/krb5_samba.h | 5 +
libcli/smb/smb2_lease.c | 29 +-
python/samba/gp/gp_cert_auto_enroll_ext.py | 13 +-
python/samba/netcmd/gpo.py | 20 +-
python/samba/tests/gpo.py | 6 +-
python/samba/tests/samba_tool/gpo.py | 60 +-
source3/lib/dbwrap/dbwrap_open.c | 5 +
source3/lib/interface.c | 5 +-
source3/libads/kerberos_keytab.c | 19 +-
source3/locking/brlock.c | 213 ++++---
source3/locking/locking.c | 165 +++---
source3/locking/proto.h | 35 +-
source3/modules/vfs_acl_tdb.c | 51 +-
source3/modules/vfs_ceph_new.c | 853 +++++++++++++++++++++--------
source3/modules/vfs_fruit.c | 91 ++-
source3/modules/vfs_widelinks.c | 10 +-
source3/rpc_server/srvsvc/srv_srvsvc_nt.c | 12 +-
source3/smbd/blocking.c | 202 +++----
source3/smbd/close.c | 26 +-
source3/smbd/durable.c | 550 ++++++++++---------
source3/smbd/open.c | 14 +
source3/smbd/proto.h | 19 +-
source3/smbd/smb2_lock.c | 77 ++-
source3/smbd/smb2_reply.c | 53 +-
source3/utils/net_ads.c | 11 -
source3/wscript | 4 +
source4/torture/smb2/lease.c | 58 ++
source4/torture/smb2/lock.c | 283 ++++++++++
31 files changed, 2098 insertions(+), 910 deletions(-)
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index cf70dc38672..6af89d009a7 100644
--- a/VERSION
+++ b/VERSION
@@ -27,7 +27,7 @@ SAMBA_COPYRIGHT_STRING="Copyright Andrew Tridgell and the Samba Team 1992-2025"
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=22
-SAMBA_VERSION_RELEASE=0
+SAMBA_VERSION_RELEASE=1
########################################################
# If a official release has a serious bug #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 90f5334d2a7..ef1a223266a 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,81 @@
+ ==============================
+ Release Notes for Samba 4.22.1
+ April 17, 2025
+ ==============================
+
+
+This is the latest stable release of the Samba 4.22 release series.
+
+
+Changes since 4.22.0
+--------------------
+
+o Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
+ * BUG 15774: Running "gpo manage motd set" twice fails with backtrace.
+ * BUG 15829: samba-tool gpo backup creates entity backups it can't read.
+ * BUG 15839: gp_cert_auto_enroll_ext.py has problem unpacking GUIDs with
+ prepended 0's.
+
+o Ralph Boehme <slow at samba.org>
+ * BUG 15767: Deadlock between two smbd processes.
+ * BUG 15823: Subnet based interfaces definition not listening on all covered
+ IP addresses.
+ * BUG 15836: PANIC: assert failed at source3/smbd/smb2_oplock.c(156):
+ sconn->oplocks.exclusive_open>=0.
+
+o Pavel Filipenský <pfilipensky at samba.org>
+ * BUG 15727: net ad join fails with "Failed to join domain: failed to create
+ kerberos keytab".
+
+o Andreas Hasenack <andreas.hasenack at canonical.com>
+ * BUG 15774: Running "gpo manage motd set" twice fails with backtrace.
+
+o Xavi Hernandez <xhernandez at redhat.com>
+ * BUG 15822: Enable support for cephfs case insensitive behavior.
+
+o Volker Lendecke <vl at samba.org>
+ * BUG 15791: Remove of file or directory not possible with vfs_acl_tdb.
+ * BUG 15841: Wide link issue in samba 4.22.
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 15767: Deadlock between two smbd processes.
+ * BUG 15845: NT_STATUS_INVALID_PARAMETER: Can't create folders on share of an
+ exfat file system.
+ * BUG 15849: Lease code is not endian-safe.
+
+o Anoop C S <anoopcs at samba.org>
+ * BUG 15818: vfs_ceph_new module does not work with other modules for
+ snapshot management.
+ * BUG 15834: vfs_ceph_new: Add path based fallback for SMB_VFS_FCHOWN,
+ SMB_VFS_FCHMOD and SMB_VFS_FNTIMES.
+
+o Shachar Sharon <ssharon at redhat.com>
+ * BUG 15810: Add async io API from libcephfs to ceph_new VFS module.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
==============================
Release Notes for Samba 4.22.0
March 06, 2025
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 451616c79e5..0a4a7ea986f 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -836,6 +836,29 @@ krb5_error_code smb_krb5_get_allowed_etypes(krb5_context context,
krb5_error_code smb_krb5_parse_name(krb5_context context,
const char *name,
krb5_principal *principal)
+{
+ return smb_krb5_parse_name_flags(context, name, 0, principal);
+}
+
+/**
+ * @brief Convert a string principal name to a Kerberos principal.
+ *
+ * @param[in] context The library context
+ *
+ * @param[in] name The principal as a unix charset string.
+ *
+ * @param[in] flags Flags for krb5_parse_name_flags()
+ *
+ * @param[out] principal The newly allocated principal.
+ *
+ * Use krb5_free_principal() to free a principal when it is no longer needed.
+ *
+ * @return 0 on success, a Kerberos error code otherwise.
+ */
+krb5_error_code smb_krb5_parse_name_flags(krb5_context context,
+ const char *name,
+ int flags,
+ krb5_principal *principal)
{
krb5_error_code ret;
char *utf8_name;
@@ -843,17 +866,19 @@ krb5_error_code smb_krb5_parse_name(krb5_context context,
TALLOC_CTX *frame = talloc_stackframe();
if (!push_utf8_talloc(frame, &utf8_name, name, &converted_size)) {
- talloc_free(frame);
+ TALLOC_FREE(frame);
return ENOMEM;
}
+ TALLOC_FREE(frame);
- ret = krb5_parse_name(context, utf8_name, principal);
- if (ret == KRB5_PARSE_MALFORMED) {
- ret = krb5_parse_name_flags(context, utf8_name,
- KRB5_PRINCIPAL_PARSE_ENTERPRISE,
- principal);
+ ret = krb5_parse_name_flags(context, utf8_name, flags, principal);
+ if (ret != KRB5_PARSE_MALFORMED) {
+ return ret;
}
- TALLOC_FREE(frame);
+
+ flags |= KRB5_PRINCIPAL_PARSE_ENTERPRISE;
+ ret = krb5_parse_name_flags(context, utf8_name, flags, principal);
+
return ret;
}
diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h
index 173307f7c88..a562359e121 100644
--- a/lib/krb5_wrap/krb5_samba.h
+++ b/lib/krb5_wrap/krb5_samba.h
@@ -186,6 +186,11 @@ krb5_error_code smb_krb5_parse_name(krb5_context context,
const char *name, /* in unix charset */
krb5_principal *principal);
+krb5_error_code smb_krb5_parse_name_flags(krb5_context context,
+ const char *name, /* unix charset */
+ int flags,
+ krb5_principal *principal);
+
krb5_error_code smb_krb5_unparse_name(TALLOC_CTX *mem_ctx,
krb5_context context,
krb5_const_principal principal,
diff --git a/libcli/smb/smb2_lease.c b/libcli/smb/smb2_lease.c
index d28477b1911..0fc15e51227 100644
--- a/libcli/smb/smb2_lease.c
+++ b/libcli/smb/smb2_lease.c
@@ -44,21 +44,23 @@ ssize_t smb2_lease_pull(const uint8_t *buf, size_t len,
return -1;
}
- memcpy(&lease->lease_key, buf, 16);
- lease->lease_state = IVAL(buf, 16);
+ lease->lease_key.data[0] = PULL_LE_U64(buf, 0);
+ lease->lease_key.data[1] = PULL_LE_U64(buf, 8);
+ lease->lease_state = PULL_LE_U32(buf, 16);
lease->lease_version = version;
switch (version) {
case 1:
break;
case 2:
- lease->lease_flags = IVAL(buf, 20);
+ lease->lease_flags = PULL_LE_U32(buf, 20);
+ lease->lease_duration = PULL_LE_U64(buf, 24);
lease->lease_flags &= SMB2_LEASE_FLAG_PARENT_LEASE_KEY_SET;
if (lease->lease_flags & SMB2_LEASE_FLAG_PARENT_LEASE_KEY_SET) {
- memcpy(&lease->parent_lease_key, buf+32, 16);
+ lease->parent_lease_key.data[0] = PULL_LE_U64(buf, 32);
+ lease->parent_lease_key.data[1] = PULL_LE_U64(buf, 40);
}
- lease->lease_duration = BVAL(buf, 24);
- lease->lease_epoch = SVAL(buf, 48);
+ lease->lease_epoch = PULL_LE_U16(buf, 48);
break;
}
@@ -80,14 +82,17 @@ bool smb2_lease_push(const struct smb2_lease *lease, uint8_t *buf, size_t len)
return false;
}
- memcpy(&buf[0], &lease->lease_key, 16);
- SIVAL(buf, 16, lease->lease_state);
- SIVAL(buf, 20, lease->lease_flags);
- SBVAL(buf, 24, lease->lease_duration);
+ PUSH_LE_U64(buf, 0, lease->lease_key.data[0]);
+ PUSH_LE_U64(buf, 8, lease->lease_key.data[1]);
+ PUSH_LE_U32(buf, 16, lease->lease_state);
+ PUSH_LE_U32(buf, 20, lease->lease_flags);
+ PUSH_LE_U64(buf, 24, lease->lease_duration);
if (version == 2) {
- memcpy(&buf[32], &lease->parent_lease_key, 16);
- SIVAL(buf, 48, lease->lease_epoch);
+ PUSH_LE_U64(buf, 32, lease->parent_lease_key.data[0]);
+ PUSH_LE_U64(buf, 40, lease->parent_lease_key.data[1]);
+ PUSH_LE_U16(buf, 48, lease->lease_epoch);
+ PUSH_LE_U16(buf, 50, 0); /* reserved */
}
return true;
diff --git a/python/samba/gp/gp_cert_auto_enroll_ext.py b/python/samba/gp/gp_cert_auto_enroll_ext.py
index 9b743cb7f9b..877659b043e 100644
--- a/python/samba/gp/gp_cert_auto_enroll_ext.py
+++ b/python/samba/gp/gp_cert_auto_enroll_ext.py
@@ -19,6 +19,9 @@ import operator
import requests
from samba.gp.gpclass import gp_pol_ext, gp_applier, GPOSTATE
from samba import Ldb
+from samba.dcerpc import misc
+from samba.ndr import ndr_unpack
+
from ldb import SCOPE_SUBTREE, SCOPE_BASE
from samba.auth import system_session
from samba.gp.gpclass import get_dc_hostname
@@ -52,14 +55,6 @@ global_trust_dirs = ['/etc/pki/trust/anchors', # SUSE
'/etc/pki/ca-trust/source/anchors', # RHEL/Fedora
'/usr/local/share/ca-certificates'] # Debian/Ubuntu
-def octet_string_to_objectGUID(data):
- """Convert an octet string to an objectGUID."""
- return '%s-%s-%s-%s-%s' % ('%02x' % struct.unpack('<L', data[0:4])[0],
- '%02x' % struct.unpack('<H', data[4:6])[0],
- '%02x' % struct.unpack('<H', data[6:8])[0],
- '%02x' % struct.unpack('>H', data[8:10])[0],
- '%02x%02x' % struct.unpack('>HL', data[10:]))
-
def group_and_sort_end_point_information(end_point_information):
"""Group and Sort End Point Information.
@@ -480,7 +475,7 @@ class gp_cert_auto_enroll_ext(gp_pol_ext, gp_applier):
# instance. If the values do not match, continue with the next
# group.
objectGUID = '{%s}' % \
- octet_string_to_objectGUID(res2[0]['objectGUID'][0]).upper()
+ str(ndr_unpack(misc.GUID, res2[0]['objectGUID'][0])).upper()
if objectGUID != e['PolicyID']:
continue
diff --git a/python/samba/netcmd/gpo.py b/python/samba/netcmd/gpo.py
index 96fce917f0f..b5d18b59e2f 100644
--- a/python/samba/netcmd/gpo.py
+++ b/python/samba/netcmd/gpo.py
@@ -1322,9 +1322,11 @@ class cmd_backup(GPOCommand):
self.outf.write('\nAttempting to generalize XML entities:\n')
entities = cmd_backup.generalize_xml_entities(self.outf, gpodir,
gpodir)
- import operator
- ents = "".join('<!ENTITY {} "{}\n">'.format(ent[1].strip('&;'), ent[0]) \
- for ent in sorted(entities.items(), key=operator.itemgetter(1)))
+
+ ent_list = [(v, k) for k, v in entities.items()]
+ ent_list.sort()
+ ents = "".join(f'<!ENTITY {ent.strip("&;")} "{val}">\n'
+ for ent, val in ent_list)
if ent_file:
with open(ent_file, 'w') as f:
@@ -1651,8 +1653,8 @@ class cmd_restore(cmd_create):
entities_content = entities_file.read()
# Do a basic regex test of the entities file format
- if re.match(r'(\s*<!ENTITY\s*[a-zA-Z0-9_]+\s*.*?>)+\s*\Z',
- entities_content, flags=re.MULTILINE) is None:
+ if re.match(r'(\s*<!ENTITY\s+[a-zA-Z0-9_]+\s+.*?>)+\s*\Z',
+ entities_content, flags=re.MULTILINE|re.DOTALL) is None:
raise CommandError("Entities file does not appear to "
"conform to format\n"
'e.g. <!ENTITY entity "value">')
@@ -3808,7 +3810,9 @@ samba-tool gpo manage motd set {31B2F340-016D-11D2-945F-00C04FB984F9} "Message f
return
try:
- xml_data = ET.fromstring(conn.loadfile(vgp_xml))
+ xml_data = ET.ElementTree(ET.fromstring(conn.loadfile(vgp_xml)))
+ policysetting = xml_data.getroot().find('policysetting')
+ data = policysetting.find('data')
except NTSTATUSError as e:
if e.args[0] in [NT_STATUS_OBJECT_NAME_INVALID,
NT_STATUS_OBJECT_NAME_NOT_FOUND,
@@ -3834,7 +3838,9 @@ samba-tool gpo manage motd set {31B2F340-016D-11D2-945F-00C04FB984F9} "Message f
else:
raise
- text = ET.SubElement(data, 'text')
+ text = data.find('text')
+ if text is None:
+ text = ET.SubElement(data, 'text')
text.text = value
out = BytesIO()
diff --git a/python/samba/tests/gpo.py b/python/samba/tests/gpo.py
index 9177eef5afa..2e4696cd926 100644
--- a/python/samba/tests/gpo.py
+++ b/python/samba/tests/gpo.py
@@ -53,7 +53,9 @@ from samba.gp.gp_centrify_crontab_ext import gp_centrify_crontab_ext, \
from samba.gp.gp_drive_maps_ext import gp_drive_maps_user_ext
from samba.common import get_bytes
from samba.dcerpc import preg
-from samba.ndr import ndr_pack
+from samba.ndr import ndr_pack, ndr_unpack
+from samba.dcerpc import misc
+
import codecs
from shutil import copyfile
import xml.etree.ElementTree as etree
@@ -7654,7 +7656,7 @@ class GPOTests(tests.TestCase):
_ldb.SCOPE_BASE, '(objectClass=*)', ['objectGUID'])
self.assertTrue(len(res2) == 1, 'objectGUID not found')
objectGUID = b'{%s}' % \
- cae.octet_string_to_objectGUID(res2[0]['objectGUID'][0]).upper().encode()
+ str(ndr_unpack(misc.GUID, res2[0]['objectGUID'][0])).upper().encode()
parser = GPPolParser()
parser.load_xml(etree.fromstring(advanced_enroll_reg_pol.strip() %
(objectGUID, objectGUID, objectGUID, objectGUID)))
diff --git a/python/samba/tests/samba_tool/gpo.py b/python/samba/tests/samba_tool/gpo.py
index 851c70efecf..6df9c9fb5b6 100644
--- a/python/samba/tests/samba_tool/gpo.py
+++ b/python/samba/tests/samba_tool/gpo.py
@@ -141,21 +141,27 @@ source_path = os.path.abspath(os.path.join(os.path.dirname(__file__), "../../../
provision_path = os.path.join(source_path, "source4/selftest/provisions/")
def has_difference(path1, path2, binary=True, xml=True, sortlines=False):
- """Use this function to determine if the GPO backup differs from another.
+ """Use this function to determine if the GPO backup differs from
+ another. It can compare pairs of files or pairs of directories.
xml=True checks whether any xml files are equal
binary=True checks whether any .SAMBABACKUP files are equal
+ sortlines=True ignore order of lines in comparison of single
+ files.
+
+ returns None if there is no difference between the paths,
+ otherwise *something*.
"""
if os.path.isfile(path1):
+ with open(path1) as f1, open(path2) as f2:
+ lines1 = f1.readlines()
+ lines2 = f2.readlines()
+
if sortlines:
- file1 = open(path1).readlines()
- file1.sort()
- file2 = open(path1).readlines()
- file2.sort()
- if file1 != file2:
- return path1
-
- elif open(path1).read() != open(path2).read():
+ lines1.sort()
+ lines2.sort()
+
+ if lines1 != lines2:
return path1
return None
@@ -1572,6 +1578,42 @@ class GpoCmdTestCase(SambaToolCmdTest):
os.environ["PASSWORD"]))
self.assertNotIn(text, out, 'The test entry was still found!')
+ def test_vgp_motd_set_thrice(self):
+ url = f'ldap://{os.environ["SERVER"]}'
+ creds = f'-U{os.environ["USERNAME"]}%{os.environ["PASSWORD"]}'
+ old_version = gpt_ini_version(self.gpo_guid)
+
+ for i in range(1, 4):
+ msg = f"message {i}\n"
+ result, out, err = self.runcmd("gpo", "manage", "motd", "set",
+ "-H", url,
+ creds,
+ self.gpo_guid,
+ msg.format(i))
+
+ self.assertCmdSuccess(result, out, err, f'MOTD set {i} failed')
+ self.assertEqual(err, "", f"not expecting errors (round {i})")
+ new_version = gpt_ini_version(self.gpo_guid)
+ self.assertGreater(new_version, old_version,
+ f'GPT.INI was not updated in round {i}')
+ old_version = new_version
+
+ result, out, err = self.runcmd("gpo", "manage", "motd", "list",
+ "-H", url,
+ creds,
+ self.gpo_guid)
+
+ self.assertCmdSuccess(result, out, err, f'MOTD list {i} failed')
+ self.assertIn(msg, out)
+
+ # unset, by setting with no value
+ result, out, err = self.runcmd("gpo", "manage", "motd", "set",
+ "-H", url,
+ creds,
+ self.gpo_guid)
+ self.assertCmdSuccess(result, out, err, f'MOTD set {i} failed')
+ self.assertEqual(err, "", f"not expecting errors (round {i})")
+
def test_vgp_motd(self):
lp = LoadParm()
lp.load(os.environ['SERVERCONFFILE'])
diff --git a/source3/lib/dbwrap/dbwrap_open.c b/source3/lib/dbwrap/dbwrap_open.c
index 52c8a94aeff..91556f22819 100644
--- a/source3/lib/dbwrap/dbwrap_open.c
+++ b/source3/lib/dbwrap/dbwrap_open.c
@@ -80,6 +80,11 @@ struct db_context *db_open(TALLOC_CTX *mem_ctx,
base = name;
}
+ hash_size = lp_parm_int(GLOBAL_SECTION_SNUM,
+ "tdb_hash_size",
+ base,
+ hash_size);
+
if (tdb_flags & TDB_CLEAR_IF_FIRST) {
bool try_readonly = false;
diff --git a/source3/lib/interface.c b/source3/lib/interface.c
index 032362b4da3..5f351999e41 100644
--- a/source3/lib/interface.c
+++ b/source3/lib/interface.c
@@ -624,9 +624,12 @@ static void interpret_interface(char *token)
}
add_interface(&probed_ifaces[i]);
probed_ifaces[i].netmask = saved_mask;
- return;
+ added = true;
}
}
+ if (added) {
+ return;
+ }
DEBUG(2,("interpret_interface: Can't determine ip for "
"broadcast address %s\n",
token));
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index 5913db299ad..49a892e5a55 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -364,12 +364,29 @@ static krb5_error_code pw2kt_process_add_info(struct pw2kt_keytab_state *state2,
krb5_principal princ = NULL;
krb5_principal *a = NULL;
size_t len;
+ const char *realm = NULL;
- ret = smb_krb5_parse_name(state2->context, princs, &princ);
+ ret = smb_krb5_parse_name_flags(state2->context,
+ princs,
+ KRB5_PRINCIPAL_PARSE_NO_DEF_REALM,
+ &princ);
if (ret != 0) {
DBG_ERR("Failed to parse principal: %s\n", princs);
return ret;
}
+ /* Add realm part if missing (e.g. SPNs synced from DC) */
+ realm = smb_krb5_principal_get_realm(state2, state2->context, princ);
+ if (realm == NULL || *realm == 0) {
+ ret = smb_krb5_principal_set_realm(state2->context,
+ princ,
+ lp_realm());
+ if (ret != 0) {
+ DBG_ERR("Failed to add realm to principal: %s\n",
+ princs);
+ return ret;
+ }
+ }
+
len = talloc_array_length(state2->princ_array);
a = talloc_realloc(state2,
--
Samba Shared Repository
More information about the samba-cvs
mailing list