The branch, v4-22-stable has been updated
via 7e96f4ecf32 VERSION: Disable GIT_SNAPSHOT for the 4.22.6 release.
via 854d763bbe0 WHATSNEW: Add release notes for Samba 4.22.6.
via a5d457827fa smbd: only increment lease epoch if a lease was granted
via 966700ae2be smbtorture: add test "smb2.lease.lease-epoch"
via c819724d5df mdssvc: call mangle_reset_cache()
via 6a306f8d3bf mdssvc: implement elasticsearch:default_fields
via daf79bd15b3 mdssvc: fix filtering by share path prefix
via e48cbfa16ed mdssvc: fix running test command manually
via 544e46f1d79 vfs_fruit: ignore Set-ACL requests with zero ACEs
via ad1a318929e smbd: hang directory pattern matching case sensitivity
on the pathname
via 7973c12234a smbd: hang posix brl per-handle check on the pathname
via 353b950083a vfs_fruit: add option "fruit:posix_opens = yes|no"
(default: yes)
via 4cb3c9692c5 smbtorture: add test vfs.fruit.case_insensitive_find
via 0d7fb9f3e5b smbtorture: add test vfs.fruit.readonly-exclusive-lock
via 01deeae7a11 smbd: don't use sticky write times on POSIX handles
via bafb6107ef2 smbtorture: fix locking offset in
test_fruit_locking_conflict()
via 6014ff20ce9 VERSION: Bump version up to Samba 4.22.6...
via 463d7a0e3f6 Merge tag 'samba-4.22.5' into v4-22-test
via ad38c984950 ctdb-common: Only respect CTDB_SOCKET in CTDB_TEST_MODE
via e4445e74b0b ctdb-common: Factor out checking of CTDB_TEST_MODE
via 6bdd14199d0 ctdb-pmda: Do not directly support CTDB_SOCKET
environment variable
via 5c357796ab4 vfs_ceph_new: Use integer value instead of boolean
via 23d2e88c641 vfs_ceph_new: dont use ceph_ll_nonblocking_readv_writev
for fsync_send
via 6ee4a2bfcbd s3:net: Pass down the server from cmdline to
sync_pw2keytabs()
via 0034b13f23a tests: Add test for 'net ads join' to a preferred DC
via b26cc594a1e selftest: Add the short name for localvampiredc to
hosts file
via 69fddebd507 s3:net: fix "net ads group"
via 91031b72149 smbd: return correct reparse tag DFS when listing
directories
via 4f959e0dc36 CI: add Python test
samba.tests.dcerpc.dfs.DfsTests.test_dfs_reparse_tag
via cced6a07d87 python/tests: also populate self.server in calls
LibsmbTests setup()
via 51fa56ad96c pylibsmb: add SMB2_FIND_ID_BOTH_DIRECTORY_INFO
via 0ec18e6bc39 vfs_xattr_tdb: fix dangling symlink detection
via 15ab604ef1c s3/rpc_server/dfs: fix creating a DFS link
via 31b82351af1 VERSION: Bump version up to Samba 4.22.5...
from 9f4a4c030de VERSION: Disable GIT_SNAPSHOT for the 4.22.5 release.
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-22-stable
- Log -----------------------------------------------------------------
-----------------------------------------------------------------------
Summary of changes:
VERSION | 4 +-
WHATSNEW.txt | 66 +++++++-
ctdb/common/path.c | 35 ++--
ctdb/server/ctdbd.c | 7 +
ctdb/tests/README | 10 +-
ctdb/utils/pmda/pmda_ctdb.c | 13 +-
docs-xml/manpages/vfs_fruit.8.xml | 33 ++++
.../smbdotconf/misc/elasticsearchdefaultfields.xml | 19 +++
python/samba/tests/blackbox/mdsearch.py | 18 ++-
python/samba/tests/dcerpc/dfs.py | 48 ++++++
python/samba/tests/dcerpc/mdssvc.py | 54 ++++++-
python/samba/tests/libsmb.py | 1 +
selftest/target/Samba.pm | 1 +
selftest/target/Samba3.pm | 1 +
selftest/target/Samba4.pm | 2 +-
source3/include/secrets.h | 25 +--
source3/include/vfs.h | 18 +++
source3/libads/ads_proto.h | 2 +-
source3/libads/kerberos_keytab.c | 24 ++-
source3/libads/trusts_util.c | 15 +-
source3/libads/util.c | 10 +-
source3/libnet/libnet_join.c | 2 +-
source3/libsmb/pylibsmb.c | 1 +
source3/modules/vfs_ceph_new.c | 12 +-
source3/modules/vfs_fruit.c | 49 +++++-
source3/modules/vfs_xattr_tdb.c | 13 +-
source3/passdb/machine_account_secrets.c | 10 +-
source3/rpc_server/dfs/srv_dfs_nt.c | 4 +-
source3/rpc_server/mdssvc/es_parser.y | 8 +-
source3/rpc_server/mdssvc/es_parser_test.c | 3 -
source3/rpc_server/mdssvc/mdssvc_es.c | 58 ++++---
source3/rpc_server/mdssvc/mdssvc_es.h | 1 +
source3/rpc_server/mdssvc/test_mdsparser_es.c | 115 ++++++-------
source3/rpc_server/rpcd_mdssvc.c | 3 +
source3/smbd/dir.c | 4 +-
source3/smbd/dosmode.c | 4 +
source3/smbd/open.c | 5 +-
source3/smbd/smb2_lock.c | 16 +-
source3/utils/net.c | 10 +-
source3/utils/net_ads.c | 4 +-
source4/selftest/tests.py | 2 +
source4/torture/smb2/lease.c | 99 ++++++++++++
source4/torture/vfs/fruit.c | 179 ++++++++++++++++++++-
.../blackbox/test_net_ads_join_to_preferred_dc.sh | 61 +++++++
44 files changed, 892 insertions(+), 177 deletions(-)
create mode 100644 docs-xml/smbdotconf/misc/elasticsearchdefaultfields.xml
create mode 100644 python/samba/tests/dcerpc/dfs.py
create mode 100755 testprogs/blackbox/test_net_ads_join_to_preferred_dc.sh
Changeset truncated at 500 lines:
diff --git a/VERSION b/VERSION
index fa88af3802f..f122fe937f1 100644
--- a/VERSION
+++ b/VERSION
@@ -27,7 +27,7 @@ SAMBA_COPYRIGHT_STRING="Copyright Andrew Tridgell and the
Samba Team 1992-2025"
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=22
-SAMBA_VERSION_RELEASE=5
+SAMBA_VERSION_RELEASE=6
########################################################
# If a official release has a serious bug #
@@ -101,7 +101,7 @@ SAMBA_VERSION_RC_RELEASE=
# e.g. SAMBA_VERSION_IS_SVN_SNAPSHOT=yes #
# -> "3.0.0-SVN-build-199" #
########################################################
-SAMBA_VERSION_IS_GIT_SNAPSHOT=no
+SAMBA_VERSION_IS_GIT_SNAPSHOT=no
########################################################
# This is for specifying a release nickname #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 54235056f10..bf5f8b02c29 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,66 @@
+ ==============================
+ Release Notes for Samba 4.22.6
+ October 16, 2025
+ ==============================
+
+
+This is the latest stable release of the Samba 4.22 release series.
+
+
+Changes since 4.22.5
+--------------------
+
+o Ralph Boehme <[email protected]>
+ * BUG 15843: macOS Finder client DFS broken on 4.22.0.
+ * BUG 15926: Samba 4.22 breaks Time Machine
+ * BUG 15927: Spotlight search restriction for shares incomplete and default
+ search searches in too many attributes
+ * BUG 15931: rpcd_mdssvc may crash because name mangling is not initialized
+ * BUG 15933: Only increment lease epoch if a lease was granted
+
+o Pavel Filipenský <[email protected]>
+ * BUG 15905: samba-4.21 fails to join AD when multiple DCs are returned
+
+o MikeLiu <[email protected]>
+ * BUG 15900: 'net ads group' failed to list domain groups.
+
+o Anoop C S <[email protected]>
+ * BUG 15919: vfs_ceph_new should not use ceph_ll_nonblocking_readv_writev
for
+ fsync_send.
+
+o Shachar Sharon <[email protected]>
+ * BUG 15919: vfs_ceph_new should not use ceph_ll_nonblocking_readv_writev
for
+ fsync_send.
+
+o Andreas Schneider <[email protected]>
+ * BUG 15905: samba-4.21 fails to join AD when multiple DCs are returned
+
+o Martin Schwenke <[email protected]>
+ * BUG 15921: CTDB_SOCKET can be used even when CTDB_TEST_MODE is not set.
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
==============================
Release Notes for Samba 4.22.5
October 15, 2025
@@ -44,8 +107,7 @@ database (https://bugzilla.samba.org/).
======================================================================
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
==============================
Release Notes for Samba 4.22.4
August 21, 2025
diff --git a/ctdb/common/path.c b/ctdb/common/path.c
index ea3b08f4b2e..0d935429460 100644
--- a/ctdb/common/path.c
+++ b/ctdb/common/path.c
@@ -45,16 +45,30 @@ struct {
.vardir = CTDB_VARDIR,
};
-static void path_set_basedir(void)
+static void path_set_test_mode(void)
{
- const char *t;
-
+ const char *t = NULL;
+
+ /*
+ * Do not use CTDB_TEST_MODE outside a test environment to
+ * attempt to (for example) improve installation flexibility.
+ * This is unsupported, may cause unwanted security issues and
+ * may break in future releases.
+ */
t = getenv("CTDB_TEST_MODE");
if (t == NULL) {
- goto done;
+ return;
}
ctdb_paths.test_mode = true;
+}
+
+static void path_set_basedir(void)
+{
+ path_set_test_mode();
+ if (!ctdb_paths.test_mode) {
+ goto done;
+ }
ctdb_paths.basedir = getenv("CTDB_BASE");
if (ctdb_paths.basedir == NULL) {
@@ -188,11 +202,14 @@ char *path_config(TALLOC_CTX *mem_ctx)
char *path_socket(TALLOC_CTX *mem_ctx, const char *daemon)
{
- if (strcmp(daemon, "ctdbd") == 0) {
- const char *t = getenv("CTDB_SOCKET");
-
- if (t != NULL) {
- return talloc_strdup(mem_ctx, t);
+ path_set_test_mode();
+ if (ctdb_paths.test_mode) {
+ if (strcmp(daemon, "ctdbd") == 0) {
+ const char *t = getenv("CTDB_SOCKET");
+
+ if (t != NULL) {
+ return talloc_strdup(mem_ctx, t);
+ }
}
}
diff --git a/ctdb/server/ctdbd.c b/ctdb/server/ctdbd.c
index 0c55ef50b0e..d4cfe341275 100644
--- a/ctdb/server/ctdbd.c
+++ b/ctdb/server/ctdbd.c
@@ -241,6 +241,13 @@ int main(int argc, const char *argv[])
* Logging setup/options
*/
+
+ /*
+ * Do not use CTDB_TEST_MODE outside a test environment to
+ * attempt to (for example) improve installation flexibility.
+ * This is unsupported, may cause unwanted security issues and
+ * may break in future releases.
+ */
test_mode = getenv("CTDB_TEST_MODE");
/* Log to stderr (ignoring configuration) when running as interactive */
diff --git a/ctdb/tests/README b/ctdb/tests/README
index 80f3311b684..8a243c21703 100644
--- a/ctdb/tests/README
+++ b/ctdb/tests/README
@@ -98,7 +98,7 @@ Test and debugging variable options
PID file relative to CTDB_BASE.
When testing with multiple local daemons on a single
- machine this does 3 extra things:
+ machine this does some extra things:
* Disables checks related to public IP addresses
@@ -107,6 +107,14 @@ Test and debugging variable options
* Disables real-time scheduling
+ * Allows the CTDB_SOCKET environment variable to be used to
+ specify ctdbd's Unix domain socket location.
+
+ Do not use this variable outside a test environment to
+ attempt to (for example) improve installation flexibility.
+ This is unsupported, may cause unwanted security issues and
+ may break in future releases.
+
CTDB_DEBUG_HUNG_SCRIPT_LOGFILE=FILENAME
FILENAME specifies where log messages should go when
debugging hung eventscripts. This is a testing option. See
diff --git a/ctdb/utils/pmda/pmda_ctdb.c b/ctdb/utils/pmda/pmda_ctdb.c
index 7ac8a3b38d1..9df7f780652 100644
--- a/ctdb/utils/pmda/pmda_ctdb.c
+++ b/ctdb/utils/pmda/pmda_ctdb.c
@@ -28,6 +28,8 @@
#include "lib/util/time.h"
#include "lib/util/blocking.h"
+#include "common/path.h"
+
#include "client/client.h"
#include "client/client_sync.h"
@@ -49,9 +51,7 @@
* CTDB PMDA
*
* This PMDA connects to the locally running ctdbd daemon and pulls
- * statistics for export via PCP. The ctdbd Unix domain socket path can be
- * specified with the CTDB_SOCKET environment variable, otherwise the default
- * path is used.
+ * statistics for export via PCP.
*/
/*
@@ -191,7 +191,7 @@ pmda_ctdb_disconnected(void *args)
static int
pmda_ctdb_daemon_connect(void)
{
- const char *socket_name;
+ char *socket_name = NULL;
int ret;
ev = tevent_context_init(NULL);
@@ -200,9 +200,9 @@ pmda_ctdb_daemon_connect(void)
return -1;
}
- socket_name = getenv("CTDB_SOCKET");
+ socket_name = path_socket(ev, "ctdbd");
if (socket_name == NULL) {
- socket_name = CTDB_SOCKET;
+ goto err_ev;
}
ret = ctdb_client_init(ev, ev, socket_name, &client);
@@ -215,6 +215,7 @@ pmda_ctdb_daemon_connect(void)
ctdb_client_set_disconnect_callback(client, pmda_ctdb_disconnected,
NULL);
+ talloc_free(socket_name);
return 0;
err_ev:
diff --git a/docs-xml/manpages/vfs_fruit.8.xml
b/docs-xml/manpages/vfs_fruit.8.xml
index 9e27030b660..13748c110fb 100644
--- a/docs-xml/manpages/vfs_fruit.8.xml
+++ b/docs-xml/manpages/vfs_fruit.8.xml
@@ -426,6 +426,39 @@
</listitem>
</varlistentry>
+ <varlistentry>
+ <term>fruit:posix_opens = yes | no</term>
+ <listitem>
+
+ <para>When <parameter>fruit:posix_opens</parameter> is set to
+ <parameter>yes</parameter>, vfs_fruit will internally translate
+ all filesystem semantics to use POSIX behaviour instead of Windows
+ behaviour. As Macs are closer to POSIX than Windows with regard
+ to filesystem semantics, this improves access semantics for
+ a lot of corner cases.</para>
+ <para>The default is <emphasis>yes</emphasis>.</para>
+
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term>fruit:ignore_zero_aces = yes | no</term>
+ <listitem>
+
+ <para>When <parameter>fruit:ignore_zero_aces</parameter> is
+ enabled, attempts to modify filesystem permissions fail if the ACL
+ sent over the wire contains no ACEs. This is completely valid
+ client behaviour, but it means subsequently no further access is
+ possible to the file, unless permissions get fixed by an
+ administrator.</para>
+ <para>This problematic behaviour has been reported for latest
+ macOS versions and this new option allows to work around
+ it.</para>
+ <para>The default is <emphasis>yes</emphasis>.</para>
+
+ </listitem>
+ </varlistentry>
+
</variablelist>
</refsect1>
diff --git a/docs-xml/smbdotconf/misc/elasticsearchdefaultfields.xml
b/docs-xml/smbdotconf/misc/elasticsearchdefaultfields.xml
new file mode 100644
index 00000000000..9230e9280b7
--- /dev/null
+++ b/docs-xml/smbdotconf/misc/elasticsearchdefaultfields.xml
@@ -0,0 +1,19 @@
+<samba:parameter name="elasticsearch:default_fields"
+ context="G"
+ type="string"
+ xmlns:samba="http://www.samba.org/samba/DTD/samba-doc";>
+ <description>
+ <para>
+ Default attributes in Elasticsearch to query when receiving a Spotlight
+ query that searches in the special attribute "*". This is the default
used
+ by macOS clients when searching from the Finder.
+ </para>
+ <para>
+ This option expects a list of Elasticsearch attributes separated by
+ comma where each attributes must be enclosed in double quotes.
+ </para>
+ </description>
+
+ <value type="default">"file.filename", "content"</value>
+ <value type="example">"foo", "bar"</value>
+</samba:parameter>
diff --git a/python/samba/tests/blackbox/mdsearch.py
b/python/samba/tests/blackbox/mdsearch.py
index 8d67090e182..a2e6eb09029 100644
--- a/python/samba/tests/blackbox/mdsearch.py
+++ b/python/samba/tests/blackbox/mdsearch.py
@@ -102,8 +102,22 @@ class MdfindBlackboxTests(BlackboxTestCase):
json_in = r'''{
"from": 0, "size": 50, "_source": ["path.real"],
"query": {
- "query_string": {
- "query": "(samba*) AND path.real.fulltext:\"%BASEPATH%\""
+ "bool": {
+ "filter": [
+ {
+ "prefix": {
+ "path.real": "%BASEPATH%/"
+ }
+ }
+ ],
+ "must": [
+ {
+ "query_string": {
+ "query": "samba*",
+ "fields": ["file.filename", "content"]
+ }
+ }
+ ]
}
}
}'''
diff --git a/python/samba/tests/dcerpc/dfs.py b/python/samba/tests/dcerpc/dfs.py
new file mode 100644
index 00000000000..0fcce324e55
--- /dev/null
+++ b/python/samba/tests/dcerpc/dfs.py
@@ -0,0 +1,48 @@
+#
+# Unix SMB/CIFS implementation.
+# Copyright Ralph Boehme <[email protected]> 2025
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+#
+
+"""Tests for samba.dcerpc.dfs"""
+
+import os
+import logging
+import samba
+from samba.dcerpc import dfs
+from samba.tests import RpcInterfaceTestCase
+from samba.logger import get_samba_logger
+from samba.credentials import Credentials
+from samba.samba3 import libsmb_samba_internal as libsmb
+import samba.tests.libsmb
+from samba.samba3 import param as s3param
+
+logger = get_samba_logger(name=__name__)
+
+class DfsTests(samba.tests.libsmb.LibsmbTests):
+ def setUp(self):
+ super().setUp()
+ self.dfs = dfs.netdfs('ncacn_np:%s[/pipe/netdfs]' % self.server,
self.lp, self.creds)
+ self.c = libsmb.Conn(self.server_ip, "msdfs-share", self.lp,
self.creds)
+
+ def tearDown(self):
+ super().tearDown()
+
+ def test_dfs_reparse_tag(self):
+ self.dfs.Add('\\\\%s\\msdfs-share\\dfslink' % self.server,
self.server, 'tmp', 'comment', 0)
+ l = self.c.list('', info_level=libsmb.SMB2_FIND_ID_BOTH_DIRECTORY_INFO)
+ files = {i['name']: i for i in l}
+ self.assertEqual(files['dfslink']['reparse_tag'],
libsmb.IO_REPARSE_TAG_DFS)
+ self.dfs.Remove('\\\\%s\\msdfs-share\\dfslink' % self.server,
self.server, 'tmp')
diff --git a/python/samba/tests/dcerpc/mdssvc.py
b/python/samba/tests/dcerpc/mdssvc.py
index cd256548b91..40005ff1824 100644
--- a/python/samba/tests/dcerpc/mdssvc.py
+++ b/python/samba/tests/dcerpc/mdssvc.py
@@ -133,8 +133,22 @@ class MdssvcTests(RpcInterfaceTestCase):
exp_json_query = r'''{
"from": 0, "size": 50, "_source": ["path.real"],
"query": {
- "query_string": {
- "query": "(samba*) AND path.real.fulltext:\"%BASEPATH%\""
+ "bool": {
+ "filter": [
+ {
+ "prefix": {
+ "path.real": "%BASEPATH%/"
+ }
+ }
+ ],
+ "must": [
+ {
+ "query_string": {
+ "query": "samba*",
+ "fields": ["file.filename", "content"]
+ }
+ }
+ ]
}
}
}'''
@@ -165,8 +179,22 @@ class MdssvcTests(RpcInterfaceTestCase):
exp_json_query = r'''{
"from": 0, "size": 50, "_source": ["path.real"],
"query": {
- "query_string": {
- "query": "(file.filename:x\\+x OR file.filename:x\\*x OR
file.filename:x=x OR file.filename:x'x OR file.filename:x\\?x OR
file.filename:x\\ x OR file.filename:x\\(x OR file.filename:x\\\"x OR
file.filename:x\\\\x) AND path.real.fulltext:\"%BASEPATH%\""
+ "bool": {
+ "filter": [
+ {
+ "prefix": {
+ "path.real": "%BASEPATH%/"
+ }
+ }
+ ],
+ "must": [
+ {
+ "query_string": {
+ "query": "file.filename:x\\+x OR file.filename:x\\*x OR
file.filename:x=x OR file.filename:x'x OR file.filename:x\\?x OR
file.filename:x\\ x OR file.filename:x\\(x OR file.filename:x\\\"x OR
file.filename:x\\\\x",
+ "fields": ["file.filename", "content"]
+ }
+ }
+ ]
}
}
}'''
@@ -207,8 +235,22 @@ class MdssvcTests(RpcInterfaceTestCase):
exp_json_query = r'''{
"from": 0, "size": 50, "_source": ["path.real"],
"query": {
- "query_string": {
- "query": "(*samba*) AND path.real.fulltext:\"%BASEPATH%\""
+ "bool": {
+ "filter": [
+ {
+ "prefix": {
+ "path.real": "%BASEPATH%/"
+ }
+ }
+ ],
+ "must": [
+ {
+ "query_string": {
+ "query": "*samba*",
+ "fields": ["file.filename", "content"]
+ }
+ }
+ ]
}
}
}'''
diff --git a/python/samba/tests/libsmb.py b/python/samba/tests/libsmb.py
index 3ac1b68a59b..e3683901df2 100644
--- a/python/samba/tests/libsmb.py
+++ b/python/samba/tests/libsmb.py
@@ -43,6 +43,7 @@ class LibsmbTests(samba.tests.TestCase):
server_conf_dir = os.path.dirname(server_conf)
self.global_inject = os.path.join(server_conf_dir,
"global_inject.conf")
--
Samba Shared Repository
