[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via f8e50d04e9f libcli:security: allow spaces after BAD: from 4cf9af9186d s3:printing: Allow to run samba-bgqd as a standalone systemd service https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit f8e50d04e9f86c856122168bda507db6efd20896 Author: Douglas Bagnall Date: Wed Jul 24 17:24:59 2024 +1200 libcli:security: allow spaces after BAD: In AD_DS_Classes_Windows_Server_v1903.ldf from https://www.microsoft.com/en-us/download/details.aspx?id=23782, we see defaultSecurityDescriptor: O:BAG:BAD: (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU) BUG: https://bugzilla.samba.org/show_bug.cgi?id=15685 Signed-off-by: Douglas Bagnall Reviewed-by: Jo Sutton Autobuild-User(master): Douglas Bagnall Autobuild-Date(master): Thu Jul 25 06:27:27 UTC 2024 on atb-devel-224 (cherry picked from commit 8903876f65d5721d30186875d391889d1ddcd52c) Autobuild-User(v4-20-test): Jule Anger Autobuild-Date(v4-20-test): Mon Jul 29 13:29:27 UTC 2024 on atb-devel-224 --- Summary of changes: libcli/security/sddl.c | 5 + python/samba/tests/sddl.py | 10 +- 2 files changed, 10 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/security/sddl.c b/libcli/security/sddl.c index d1f77075238..c0fddb72e5f 100644 --- a/libcli/security/sddl.c +++ b/libcli/security/sddl.c @@ -814,6 +814,11 @@ static struct security_acl *sddl_decode_acl(struct security_descriptor *sd, return acl; } + /* Windows AD allows spaces here */ + while (*sddl == ' ') { + sddl++; + } + /* work out the ACL flags */ if (!sddl_map_flags(acl_flags, sddl, flags, , true)) { *msg = talloc_strdup(sd, "bad ACL flags"); diff --git a/python/samba/tests/sddl.py b/python/samba/tests/sddl.py index b594021013a..6d4448233e3 100644 --- a/python/samba/tests/sddl.py +++ b/python/samba/tests/sddl.py @@ -670,6 +670,11 @@ class SddlNonCanonical(SddlDecodeEncodeBase): ("O:LAG:BAD:(A;;CCDCLCSWRPWPDTLOCR;;;WD)"))), ("D:(A;;FAGX;;;SY)", "D:(A;;0x201f01ff;;;SY)"), +# whitespace before ACL string flags is ignored. +("D: (A;;GA;;;LG)", "D:(A;;GA;;;LG)"), +("D: AI(A;;GA;;;LG)", "D:AI(A;;GA;;;LG)"), +("D: P(A;;GA;;;LG)", "D:P(A;;GA;;;LG)"), +("D: S:","D:S:"), ] @@ -818,17 +823,12 @@ class SddlWindowsIsLessFussy(SddlDecodeEncodeBase): strings = [ # whitespace is ignored, repaired on return ("D:(A;;GA;;; LG)", "D:(A;;GA;;;LG)"), -("D: (A;;GA;;;LG)", "D:(A;;GA;;;LG)"), -# whitespace before ACL string flags is ignored. -("D: AI(A;;GA;;;LG)", "D:AI(A;;GA;;;LG)"), # wrong case on type is ignored, fixed ("D:(a;;GA;;;LG)", "D:(A;;GA;;;LG)"), ("D:(A;;GA;;;lg)", "D:(A;;GA;;;LG)"), ("D:(A;;ga;;;LG)", "D:(A;;GA;;;LG)"), -("D: S:","D:S:"), # whitespace around ACL flags -("D: P(A;;GA;;;LG)", "D:P(A;;GA;;;LG)"), ("D:P (A;;GA;;;LG)", "D:P(A;;GA;;;LG)"), # whitespace between ACES -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-19-test updated
The branch, v4-19-test has been updated via 4419ccc5778 libcli:security: allow spaces after BAD: from 2b35eab717b cmdline:burn: list commands to always burn; warn on unknown https://git.samba.org/?p=samba.git;a=shortlog;h=v4-19-test - Log - commit 4419ccc5778634d07338ae8733206b095234e453 Author: Douglas Bagnall Date: Wed Jul 24 17:24:59 2024 +1200 libcli:security: allow spaces after BAD: In AD_DS_Classes_Windows_Server_v1903.ldf from https://www.microsoft.com/en-us/download/details.aspx?id=23782, we see defaultSecurityDescriptor: O:BAG:BAD: (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU) BUG: https://bugzilla.samba.org/show_bug.cgi?id=15685 Signed-off-by: Douglas Bagnall Reviewed-by: Jo Sutton Autobuild-User(master): Douglas Bagnall Autobuild-Date(master): Thu Jul 25 06:27:27 UTC 2024 on atb-devel-224 (cherry picked from commit 8903876f65d5721d30186875d391889d1ddcd52c) Autobuild-User(v4-19-test): Jule Anger Autobuild-Date(v4-19-test): Mon Jul 29 13:17:42 UTC 2024 on atb-devel-224 --- Summary of changes: libcli/security/sddl.c | 5 + python/samba/tests/sddl.py | 10 +- 2 files changed, 10 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/security/sddl.c b/libcli/security/sddl.c index e14b2748384..899db18d651 100644 --- a/libcli/security/sddl.c +++ b/libcli/security/sddl.c @@ -560,6 +560,11 @@ static struct security_acl *sddl_decode_acl(struct security_descriptor *sd, return acl; } + /* Windows AD allows spaces here */ + while (*sddl == ' ') { + sddl++; + } + /* work out the ACL flags */ if (!sddl_map_flags(acl_flags, sddl, flags, , true)) { talloc_free(acl); diff --git a/python/samba/tests/sddl.py b/python/samba/tests/sddl.py index ac719eb3212..4aa9a04ec87 100644 --- a/python/samba/tests/sddl.py +++ b/python/samba/tests/sddl.py @@ -623,6 +623,11 @@ class SddlNonCanonical(SddlDecodeEncodeBase): ("O:LAG:BAD:(A;;CCDCLCSWRPWPDTLOCR;;;WD)"))), ("D:(A;;FAGX;;;SY)", "D:(A;;0x201f01ff;;;SY)"), +# whitespace before ACL string flags is ignored. +("D: (A;;GA;;;LG)", "D:(A;;GA;;;LG)"), +("D: AI(A;;GA;;;LG)", "D:AI(A;;GA;;;LG)"), +("D: P(A;;GA;;;LG)", "D:P(A;;GA;;;LG)"), +("D: S:","D:S:"), ] @@ -761,17 +766,12 @@ class SddlWindowsIsLessFussy(SddlDecodeEncodeBase): strings = [ # whitespace is ignored, repaired on return ("D:(A;;GA;;; LG)", "D:(A;;GA;;;LG)"), -("D: (A;;GA;;;LG)", "D:(A;;GA;;;LG)"), -# whitespace before ACL string flags is ignored. -("D: AI(A;;GA;;;LG)", "D:AI(A;;GA;;;LG)"), # wrong case on type is ignored, fixed ("D:(a;;GA;;;LG)", "D:(A;;GA;;;LG)"), ("D:(A;;GA;;;lg)", "D:(A;;GA;;;LG)"), ("D:(A;;ga;;;LG)", "D:(A;;GA;;;LG)"), -("D: S:","D:S:"), # whitespace around ACL flags -("D: P(A;;GA;;;LG)", "D:P(A;;GA;;;LG)"), ("D:P (A;;GA;;;LG)", "D:P(A;;GA;;;LG)"), # whitespace between ACES -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-21-stable updated
The branch, v4-21-stable has been updated via 729078d20cf VERSION: Disable GIT_SNAPSHOT for the Samba 4.21.0rc1 release. via 33f3cd3f0bc WHATSNEW: Up to Samba 4.21.0rc1. via 93a6656c13f tdb: version 1.4.11 from e58e4a5aa99 ldb:kv_index: use subtransaction_cancel in transaction_cancel https://git.samba.org/?p=samba.git;a=shortlog;h=v4-21-stable - Log - --- Summary of changes: VERSION | 6 +++--- WHATSNEW.txt | 2 +- lib/tdb/ABI/{tdb-1.3.17.sigs => tdb-1.4.11.sigs} | 0 lib/tdb/wscript | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) copy lib/tdb/ABI/{tdb-1.3.17.sigs => tdb-1.4.11.sigs} (100%) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index eaa8dddbf66..57dceb79676 100644 --- a/VERSION +++ b/VERSION @@ -79,7 +79,7 @@ SAMBA_VERSION_BETA_RELEASE= # e.g. SAMBA_VERSION_PRE_RELEASE=1 # # -> "2.2.9pre1" # -SAMBA_VERSION_PRE_RELEASE=1 +SAMBA_VERSION_PRE_RELEASE= # For 'rc' releases the version will be# @@ -89,7 +89,7 @@ SAMBA_VERSION_PRE_RELEASE=1 # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE= +SAMBA_VERSION_RC_RELEASE=1 # To mark SVN snapshots this should be set to 'yes'# @@ -101,7 +101,7 @@ SAMBA_VERSION_RC_RELEASE= # e.g. SAMBA_VERSION_IS_SVN_SNAPSHOT=yes # # -> "3.0.0-SVN-build-199" # -SAMBA_VERSION_IS_GIT_SNAPSHOT=yes +SAMBA_VERSION_IS_GIT_SNAPSHOT=no # This is for specifying a release nickname# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 7e283f6031a..99f9f0aa7a6 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements = -This is the first pre release of Samba 4.21. This is *not* +This is the first release candidate of Samba 4.21. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. diff --git a/lib/tdb/ABI/tdb-1.3.17.sigs b/lib/tdb/ABI/tdb-1.4.11.sigs similarity index 100% copy from lib/tdb/ABI/tdb-1.3.17.sigs copy to lib/tdb/ABI/tdb-1.4.11.sigs diff --git a/lib/tdb/wscript b/lib/tdb/wscript index 04121498723..234a66f6878 100644 --- a/lib/tdb/wscript +++ b/lib/tdb/wscript @@ -1,7 +1,7 @@ #!/usr/bin/env python APPNAME = 'tdb' -VERSION = '1.4.10' +VERSION = '1.4.11' import sys, os -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via a13124c NEWS[4.21.0rc1]: Samba 4.21.0rc1 Available for Download from 4257c72 NEWS[4.20.2]: Samba 4.20.2 Available for Download https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit a13124ce2948836d6e4f5df75fa64f38f908541b Author: Jule Anger Date: Mon Jul 29 13:35:36 2024 +0200 NEWS[4.21.0rc1]: Samba 4.21.0rc1 Available for Download Signed-off-by: Jule Anger --- Summary of changes: posted_news/20240729-113649.4.21.0rc1.body.html | 12 posted_news/20240729-113649.4.21.0rc1.headline.html | 3 +++ 2 files changed, 15 insertions(+) create mode 100644 posted_news/20240729-113649.4.21.0rc1.body.html create mode 100644 posted_news/20240729-113649.4.21.0rc1.headline.html Changeset truncated at 500 lines: diff --git a/posted_news/20240729-113649.4.21.0rc1.body.html b/posted_news/20240729-113649.4.21.0rc1.body.html new file mode 100644 index 000..0e3f917 --- /dev/null +++ b/posted_news/20240729-113649.4.21.0rc1.body.html @@ -0,0 +1,12 @@ + +29 July 2024 +Samba 4.21.0rc1 Available for Download + +This is the first release candidate of the upcoming Samba 4.21 release series. + + +The uncompressed tarball has been signed using GnuPG (ID AA99442FB680B620). +The source code can be https://download.samba.org/pub/samba/rc/samba-4.21.0rc1.tar.gz;>downloaded now. +See https://download.samba.org/pub/samba/rc/samba-4.21.0rc1.WHATSNEW.txt;>the release notes for more info. + + diff --git a/posted_news/20240729-113649.4.21.0rc1.headline.html b/posted_news/20240729-113649.4.21.0rc1.headline.html new file mode 100644 index 000..bbfad41 --- /dev/null +++ b/posted_news/20240729-113649.4.21.0rc1.headline.html @@ -0,0 +1,3 @@ + + 29 July 2024 Samba 4.21.0rc1 Available for Download + -- Samba Website Repository
[SCM] Samba Shared Repository - annotated tag samba-4.21.0rc1 created
The annotated tag, samba-4.21.0rc1 has been created at ec2fdbbdb7ae01d1d09862eac969b9493317b716 (tag) tagging 729078d20cf0255ded75cc1a1b06398a5d56c3fc (commit) replaces tdb-1.4.11 tagged by Jule Anger on Mon Jul 29 13:35:18 2024 +0200 - Log - samba: tag release samba-4.21.0rc1 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmanfnYACgkQqplEL7aA tiDGeBAAs4Z0yABtcu3FQ6V5Rz/z6qmUFth3acmhDilG7p7jyR+cUbEUQKBMKq8X nhi2j6O7SqrUj838z8rLxjXCPn7fuG8CtpC/KEMejwiPZ9e1PKo4BeY9PnvJqutY H0E4yEISKu8VA5htnxgXRwup7YBn6XiH9xvrifi1iYBxBQQDX+q5LfbabcPh53NS 0mzIO+QfaT1RWMOWz+BoK3v+jbI1hCa3dTSmuzfu6g5eMbSetHre0DIauzpTFfFP p+oF6/dDT588cO/7FzuQ3cRNh/lyvVW6Ybuata3sk6blspfHK/PEWGR3+vk4fHxc eyb+cLrxQPH1dGMf36L9jGFerwykP9VIJw6E0xXxoV05qgwNUKDhGEVccxLHZKjZ g09/AYa3h/CWAZhLS2sPculp0kvKLkJTBjBFDw85HC2ml6XO0pz11d8qU+C4vTMD Jod5HUEMOOfjx/oOFe25YJ+QRmS9GeaS3Q5x32SWg8YwGrOenX9LghfKxinwtjW5 05Fga63FKE2Tn62aGJqkBWvbDBQJyXvZRutWHI/gEwzlXyFycEyuKEyHGv/ex4Kb UUYCmZHVRYVvvgoam1mRSlV2lDigKUNA5/hZosOyhjxxjV0Cy+ZtGG38pt4v1bJd wWRiYPOiTtnaMVyLX1nzAeTmFSKPqv9klPDwzg3bahh3x8sVvLc= =DJGV -END PGP SIGNATURE- Jule Anger (2): WHATSNEW: Up to Samba 4.21.0rc1. VERSION: Disable GIT_SNAPSHOT for the Samba 4.21.0rc1 release. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-21-test updated
The branch, v4-21-test has been updated via 729078d20cf VERSION: Disable GIT_SNAPSHOT for the Samba 4.21.0rc1 release. via 33f3cd3f0bc WHATSNEW: Up to Samba 4.21.0rc1. via 93a6656c13f tdb: version 1.4.11 from e58e4a5aa99 ldb:kv_index: use subtransaction_cancel in transaction_cancel https://git.samba.org/?p=samba.git;a=shortlog;h=v4-21-test - Log - --- Summary of changes: VERSION | 6 +++--- WHATSNEW.txt | 2 +- lib/tdb/ABI/{tdb-1.3.17.sigs => tdb-1.4.11.sigs} | 0 lib/tdb/wscript | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) copy lib/tdb/ABI/{tdb-1.3.17.sigs => tdb-1.4.11.sigs} (100%) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index eaa8dddbf66..57dceb79676 100644 --- a/VERSION +++ b/VERSION @@ -79,7 +79,7 @@ SAMBA_VERSION_BETA_RELEASE= # e.g. SAMBA_VERSION_PRE_RELEASE=1 # # -> "2.2.9pre1" # -SAMBA_VERSION_PRE_RELEASE=1 +SAMBA_VERSION_PRE_RELEASE= # For 'rc' releases the version will be# @@ -89,7 +89,7 @@ SAMBA_VERSION_PRE_RELEASE=1 # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE= +SAMBA_VERSION_RC_RELEASE=1 # To mark SVN snapshots this should be set to 'yes'# @@ -101,7 +101,7 @@ SAMBA_VERSION_RC_RELEASE= # e.g. SAMBA_VERSION_IS_SVN_SNAPSHOT=yes # # -> "3.0.0-SVN-build-199" # -SAMBA_VERSION_IS_GIT_SNAPSHOT=yes +SAMBA_VERSION_IS_GIT_SNAPSHOT=no # This is for specifying a release nickname# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 7e283f6031a..99f9f0aa7a6 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements = -This is the first pre release of Samba 4.21. This is *not* +This is the first release candidate of Samba 4.21. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. diff --git a/lib/tdb/ABI/tdb-1.3.17.sigs b/lib/tdb/ABI/tdb-1.4.11.sigs similarity index 100% copy from lib/tdb/ABI/tdb-1.3.17.sigs copy to lib/tdb/ABI/tdb-1.4.11.sigs diff --git a/lib/tdb/wscript b/lib/tdb/wscript index 04121498723..234a66f6878 100644 --- a/lib/tdb/wscript +++ b/lib/tdb/wscript @@ -1,7 +1,7 @@ #!/usr/bin/env python APPNAME = 'tdb' -VERSION = '1.4.10' +VERSION = '1.4.11' import sys, os -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag tdb-1.4.11 created
The annotated tag, tdb-1.4.11 has been created at 27acad2f3efe5b40ef546f58dead15de6fe54d07 (tag) tagging 93a6656c13facdb8565f90954428c4cf800bfc36 (commit) replaces samba-4.20.0rc1 tagged by Jule Anger on Mon Jul 29 13:30:01 2024 +0200 - Log - tdb: tag release tdb-1.4.11 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAmanfTkACgkQR5ORYRMI QCX/Nwf+NMtaC5JH345fphhijhy82+D5NDGdd0AbvIbIArr2pLALALmnPAZ/e3hD vDMV++RVQaZlqpXxrZhMWUZyWpJs5EIiiibs/xSfoyIavIQ/v2PwoE4nwPWSItc9 10LJvUJjtpawbEChSGkXUUp3KqfeQoh6WTC2m471nZtVzGxcXY9tFRvGGIYkInnJ 5Wy5jcaSN6XpxXIH7xj+rUD3m7q9IBPkPeAgt/ODLCasHVroG/OJvnxwtwtdhaOq gIbVHcZA91D1zXYeQpZdZVRxAf/LWEer5iimmqOv4YF57Xj9/q7qOGuaes3UCKeL HTyvM/lD3lBq86IpQvl9SnxDqiejCg== =5EbB -END PGP SIGNATURE- Alexander Bokovoy (1): Do not fail checksums for RFC8009 types Andreas Schneider (189): python:gp: Fix logging with gp librpc:idl: Make netlogon_samlogon_response public python:gp: Implement client site lookup in site_dn_for_machine() libgpo: Fix trailing spaces in pygpo.c libgpo: Do not segfault if we don't have a valid security descriptor packaging: Provide a systemd service file for samba-bgqd python:tests: Improve keytab comparison of dckeytab buildtools: Fix PYTHONPATH and print it python:samba: Rename trust_utils.py to lsa_utils.py python: Implement OpenPolicyFallback() python:tests: Rename createtrustrelax.py to lsa_utils.py python:tests: Clean lsa_utils.py code according to Python standards python: Set parameter types for CreateTrustedDomainRelax() python: Use secrets.token_bytes instead of random python: Add aead_aes_256_cbc_hmac_sha512() python: Implement CreateTrustedDomainFallback() python: Use OpenPolicyFallback() in trust.py librpc:rpc: Add dcerpc_lsa.h s4:torture: Use init_lsa_String() from init_lsa.h s3:rpc_client: Implement rpc_lsa_encrypt_trustdom_info() s4:torture: Use rpc_lsa_encrypt_trustdom_info() s4:torture: Use dcerpc_lsa_OpenPolicy3_r() s4:rpc_server: Fix trailing white spaces in dcesrv_lsa.c s4:rpc_server: Use talloc_zero in dcesrv_lsa_CreateTrustedDomain() s4:rpc_server: Implement dcesrv_lsa_CreateTrustedDomain_precheck() s4:rpc_server: Implement dcesrv_lsa_CreateTrustedDomain_common() s4:rpc_server: Use dcesrv_lsa_CreateTrustedDomain_common() for lsa_CreateTrustedDomainEx2 s4:rpc_server: Use dcesrv_lsa_CreateTrustedDomain_common() for lsa_CreateTrustedDomainEx s4:rpc_server: Use dcesrv_lsa_CreateTrustedDomain_common() in lsa_CreateTrustedDomain s4:rpc_server: Implement get_trustdom_auth_blob_aes() for LSA s4:rpc_server: Implement dcesrv_lsa_CreateTrustedDomainEx3() s4:rpc_server: Enable AES in dcesrv_lsa_OpenPolicy3() s4:torture: Add test for lsa_CreateTrustedDomainEx3 s3:rpc_client: Implement rpc_lsa_encrypt_trustdom_info_aes() s3:rpc_client: Implement createtrustdomex2 command s3:rpc_client: Implement createtrustdomex3 command s3:rpc_server: Log error in _lsa_CreateTrustedDomainEx2() s3:rpc_server: Implement and use lsa_CreateTrustedDomain_precheck() s3:rpc_server: Implement lsa_CreateTrustedDomain_common() s3:rpc_server: Implement _lsa_CreateTrustedDomainEx3() s3:auth: Remove trailing spaces s3:auth: Re-format auth3_generate_session_info_pac() s3:auth: Split auth3_generate_session_info_pac() into functions s3:auth: Add support standalone server with MIT Keberos 1.21 python: Fix NtVer check for site_dn_for_machine() s3:libsmb: Pass a memory context to cli_connect_nb_recv() s3:nmbd: Remove trailing spaces in nmbd_synclists.c s3:torture: Remove trailing spaces in torture.c s3:libsmb: Pass memory context to cli_connect_nb() s3:libsmb: Pass a memory context to cli_start_connection_recv() s3:libsmb: Pass a memory context to cli_start_connection() s3:libsmb: Pass memory context to cli_full_connection_creds_recv() s3:libsmb: Pass memory context to cli_full_connection_creds() s3:libnet: Fix memory leak in libnet_join_connect_dc_ipc() s3:libsmb: Make get_ipc_connect() static s3:libsmb: Pass a memory context to get_ipc_connect() lib:tdb: Remove trailing spaces from pytdb.c lib:tdb: Add missing overflow check for num_values in pytdb.c lib:ldb: Add missing overflow check in ldb_msg_normalize() lib:ldb: Use correct integer types for sizes s4:dsdb: Fix stack use after scope in gkdi_create_root_key() auth:creds: Add test for cli_credentials_get_principal_obtained() auth:creds: Add test for cli_credentials_get_password_obtained() auth:creds: Add test for cli_credentials_get_username_obtained() lib:krb5_wrap: Implement smb_gss_mech_import_cred() s3:gse: Use
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via dbc5b73d860 ldb: change the version to 2.11.0 for Samba 4.22 via 37290695ac2 WHATSNEW: Start release notes for Samba 4.22.0pre1. via 9bb02727ef4 VERSION: Bump version up to 4.22.0pre1... via 729078d20cf VERSION: Disable GIT_SNAPSHOT for the Samba 4.21.0rc1 release. via 33f3cd3f0bc WHATSNEW: Up to Samba 4.21.0rc1. via 93a6656c13f tdb: version 1.4.11 from e58e4a5aa99 ldb:kv_index: use subtransaction_cancel in transaction_cancel https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit dbc5b73d860ffdb5eb0e1ed4f7c2f7c934741852 Author: Jule Anger Date: Mon Jul 29 10:42:07 2024 +0200 ldb: change the version to 2.11.0 for Samba 4.22 Signed-off-by: Jule Anger Signed-off-by: Stefan Metzmacher Autobuild-User(master): Jule Anger Autobuild-Date(master): Mon Jul 29 10:06:23 UTC 2024 on atb-devel-224 commit 37290695ac2860d1049df25818686c1f3ef8f479 Author: Jule Anger Date: Mon Jul 29 10:54:41 2024 +0200 WHATSNEW: Start release notes for Samba 4.22.0pre1. Signed-off-by: Jule Anger Signed-off-by: Stefan Metzmacher commit 9bb02727ef4c77c215d0d492af011b605eba4dc4 Author: Jule Anger Date: Mon Jul 29 10:34:32 2024 +0200 VERSION: Bump version up to 4.22.0pre1... and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger Signed-off-by: Stefan Metzmacher commit 729078d20cf0255ded75cc1a1b06398a5d56c3fc Author: Jule Anger Date: Mon Jul 29 10:33:05 2024 +0200 VERSION: Disable GIT_SNAPSHOT for the Samba 4.21.0rc1 release. Signed-off-by: Jule Anger Signed-off-by: Stefan Metzmacher commit 33f3cd3f0bc292ee6091910471d46b2d118f80b3 Author: Jule Anger Date: Mon Jul 29 10:31:38 2024 +0200 WHATSNEW: Up to Samba 4.21.0rc1. Signed-off-by: Jule Anger Signed-off-by: Stefan Metzmacher commit 93a6656c13facdb8565f90954428c4cf800bfc36 Author: Jule Anger Date: Mon Jul 29 10:11:55 2024 +0200 tdb: version 1.4.11 * Add tdbdump -x option to output all data as hex values * Add missing overflow check for num_values in pytdb.c * Remove Py2 related tests * Update times in tdb_transaction_commit per fd, not per name * Fix compilation with TDB_TRACE=1 * Allow tracing of internal tdb Signed-off-by: Jule Anger Signed-off-by: Stefan Metzmacher --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 204 +-- lib/ldb/ABI/{ldb-2.10.0.sigs => ldb-2.11.0.sigs} | 0 lib/ldb/wscript | 4 +- lib/tdb/ABI/{tdb-1.3.17.sigs => tdb-1.4.11.sigs} | 0 lib/tdb/wscript | 2 +- 6 files changed, 7 insertions(+), 205 deletions(-) copy lib/ldb/ABI/{ldb-2.10.0.sigs => ldb-2.11.0.sigs} (100%) copy lib/tdb/ABI/{tdb-1.3.17.sigs => tdb-1.4.11.sigs} (100%) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index eaa8dddbf66..9067c9b0dd7 100644 --- a/VERSION +++ b/VERSION @@ -26,7 +26,7 @@ SAMBA_COPYRIGHT_STRING="Copyright Andrew Tridgell and the Samba Team 1992-2024" # -> "3.0.0" # SAMBA_VERSION_MAJOR=4 -SAMBA_VERSION_MINOR=21 +SAMBA_VERSION_MINOR=22 SAMBA_VERSION_RELEASE=0 diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 7e283f6031a..306cb28a19d 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,235 +1,37 @@ Release Announcements = -This is the first pre release of Samba 4.21. This is *not* +This is the first pre release of Samba 4.22. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. -Samba 4.21 will be the next version of the Samba suite. +Samba 4.22 will be the next version of the Samba suite. UPGRADING = -Hardening of "valid users", "invalid users", "read list" and "write list" -- - -In previous versions of Samba, if a user or group name in either of the -mentioned options could not be resolved to a valid SID, the user (or group) -would be skipped without any notification. This could result in unexpected and -insecure behaviour. Starting with this version of Samba, if any user or group -name in any of the options cannot be resolved due to a communication error with -a domain controller, Samba will log an error and the tree connect will fail. -Non exist
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via 4cf9af9186d s3:printing: Allow to run samba-bgqd as a standalone systemd service via d6f010090ce cmdline:burn: list commands to always burn; warn on unknown via 93d345467e7 cmdline: samba-tool test for bad option warning via 957654ebe9d cmdline:burn: add a note about short option combinations via 8560c854d4c cmdline:burn: explicitly burn --username via 481eb6ab31e cmdline:burn: use allowlist to ensure more passwords burn via 6bcdbdab57c cmdline: test_cmdline tests more burning via 0d89d09674a cmdline:burn: do not burn options starting --user-*, --password-* via 66da23459f5 cmdline:burn: localise some variables via 1315b61e1fb cmdline:burn: always return true if burnt via 916d5bde84a cmdline:burn: handle arguments separated from their --options via 25329b38634 cmdline:burn: do not retain false memories via f900e532c3d cmdline:tests: extend cmdline_burn tests via 9cbb5bdd333 selftest: run the cmdline tests that we already have via 5d99875ba0f cmdline:burn: '-U' does not imply secrets without '%' via 73207ff834f docs-xml:manpages: allow for longer version strings from f5920ceea32 .gitlab-ci-main.yml: Add safe.directory '*' https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit 4cf9af9186d7829f11bd07c7d6e526a51dcf0d61 Author: Andreas Schneider Date: Fri Jul 12 14:18:26 2024 +0200 s3:printing: Allow to run samba-bgqd as a standalone systemd service BUG: https://bugzilla.samba.org/show_bug.cgi?id=15683 Signed-off-by: Andreas Schneider Reviewed-by: Alexander Bokovoy (cherry picked from commit 0a532378322661b23b3393eb2ebde29402a16e62) Autobuild-User(v4-20-test): Jule Anger Autobuild-Date(v4-20-test): Tue Jul 23 08:56:24 UTC 2024 on atb-devel-224 commit d6f010090ce0abe4276a78f585208e9d02650568 Author: Douglas Bagnall Date: Fri Jul 5 14:31:58 2024 +1200 cmdline:burn: list commands to always burn; warn on unknown We burn arguments to all unknown options containing "pass" (e.g. "--passionate=false") in case they are a password option, but is bad in the case where the unknown option takes no argument but the next option *is* a password (like "--overpass --password2 barney". In that case "--password2" would be burnt and not "barney". The burning behaviour doesn't change with this commit, but users will now see an error message explaining that the option was unknown. This is not so much aimed at end users -- for who an invalid option will hopefully lead to --help like output -- but to developers who add a new "pass" option. This also slightly speeds up the processing of known password options, which is a little bit important because we are in a race to replace the command line in /proc before an attacker sees it. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674 Signed-off-by: Douglas Bagnall Reviewed-by: Jo Sutton Autobuild-User(master): Douglas Bagnall Autobuild-Date(master): Wed Jul 10 06:28:08 UTC 2024 on atb-devel-224 (cherry picked from commit 86843685419921e28c37f3c1b33011f14940e02f) commit 93d345467e7276b9a234aeaf71f496ef6fdd7d22 Author: Douglas Bagnall Date: Fri Jul 5 16:13:04 2024 +1200 cmdline: samba-tool test for bad option warning Signed-off-by: Douglas Bagnall Reviewed-by: Jo Sutton BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674 (cherry picked from commit d2b119e34b4e523a3bc6699e4d8a370bf8403d0b) commit 957654ebe9d2811d169f299bd60a646474dbd909 Author: Douglas Bagnall Date: Wed Jul 3 11:50:43 2024 +1200 cmdline:burn: add a note about short option combinations BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674 Signed-off-by: Douglas Bagnall Reviewed-by: Jo Sutton (cherry picked from commit 97be45f9ea3410392cd37eab5cfafd3ad00cfe57) commit 8560c854d4c0dc4c0a4fdc072a7e358162e7 Author: Douglas Bagnall Date: Wed Jul 3 11:23:36 2024 +1200 cmdline:burn: explicitly burn --username This is the long form of -U in samba-tool. Signed-off-by: Douglas Bagnall Reviewed-by: Jo Sutton BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674 (cherry picked from commit 63a83fb7bb312731047f361f89766e0be492f83e) commit 481eb6ab31edf537292d3867ee3263e54b1fca80 Author: Douglas Bagnall Date: Sat Jun 29 13:44:46 2024 +1200 cmdline:burn: use allowlist to ensure more passwords burn We treat any option containing 'pass' with suspicion, unless we know it is OK. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674 Signed-off-by: Douglas Bagnall
[SCM] Samba Shared Repository - branch v4-19-test updated
The branch, v4-19-test has been updated via 2b35eab717b cmdline:burn: list commands to always burn; warn on unknown via 0c6749b1268 cmdline: samba-tool test for bad option warning via e35d6aeb4eb cmdline:burn: add a note about short option combinations via bfdd8d17d00 cmdline:burn: explicitly burn --username via 0c7a0ff715d cmdline:burn: use allowlist to ensure more passwords burn via ae462aa71af cmdline: test_cmdline tests more burning via c01499cde1a cmdline:burn: do not burn options starting --user-*, --password-* via 83de4276f06 cmdline:burn: localise some variables via 0285ea8c1ea cmdline:burn: always return true if burnt via d87b5a9723f cmdline:burn: handle arguments separated from their --options via 22a6e45541c cmdline:burn: do not retain false memories via 245fe4d5018 cmdline:tests: extend cmdline_burn tests via 0b94b86f350 selftest: run the cmdline tests that we already have via efd989ac3e0 cmdline:burn: '-U' does not imply secrets without '%' via bd365f688db docs-xml:manpages: allow for longer version strings from 63c8ed2a386 .gitlab-ci-main.yml: Add safe.directory '*' https://git.samba.org/?p=samba.git;a=shortlog;h=v4-19-test - Log - commit 2b35eab717b9d9f99c0697ad71dd9057d749d91f Author: Douglas Bagnall Date: Fri Jul 5 14:31:58 2024 +1200 cmdline:burn: list commands to always burn; warn on unknown We burn arguments to all unknown options containing "pass" (e.g. "--passionate=false") in case they are a password option, but is bad in the case where the unknown option takes no argument but the next option *is* a password (like "--overpass --password2 barney". In that case "--password2" would be burnt and not "barney". The burning behaviour doesn't change with this commit, but users will now see an error message explaining that the option was unknown. This is not so much aimed at end users -- for who an invalid option will hopefully lead to --help like output -- but to developers who add a new "pass" option. This also slightly speeds up the processing of known password options, which is a little bit important because we are in a race to replace the command line in /proc before an attacker sees it. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674 Signed-off-by: Douglas Bagnall Reviewed-by: Jo Sutton Autobuild-User(master): Douglas Bagnall Autobuild-Date(master): Wed Jul 10 06:28:08 UTC 2024 on atb-devel-224 (cherry picked from commit 86843685419921e28c37f3c1b33011f14940e02f) Autobuild-User(v4-19-test): Jule Anger Autobuild-Date(v4-19-test): Tue Jul 23 08:43:59 UTC 2024 on atb-devel-224 commit 0c6749b12686d154a765055f08c6a66a971ced4e Author: Douglas Bagnall Date: Fri Jul 5 16:13:04 2024 +1200 cmdline: samba-tool test for bad option warning Signed-off-by: Douglas Bagnall Reviewed-by: Jo Sutton BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674 (cherry picked from commit d2b119e34b4e523a3bc6699e4d8a370bf8403d0b) commit e35d6aeb4eb2a926dea0cf3f7e210553469deeb3 Author: Douglas Bagnall Date: Wed Jul 3 11:50:43 2024 +1200 cmdline:burn: add a note about short option combinations BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674 Signed-off-by: Douglas Bagnall Reviewed-by: Jo Sutton (cherry picked from commit 97be45f9ea3410392cd37eab5cfafd3ad00cfe57) commit bfdd8d17d00d3bde92a118eb7e3d7a77e1e03989 Author: Douglas Bagnall Date: Wed Jul 3 11:23:36 2024 +1200 cmdline:burn: explicitly burn --username This is the long form of -U in samba-tool. Signed-off-by: Douglas Bagnall Reviewed-by: Jo Sutton BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674 (cherry picked from commit 63a83fb7bb312731047f361f89766e0be492f83e) commit 0c7a0ff715d105f9746e7e92e5f00cac41a8f23e Author: Douglas Bagnall Date: Sat Jun 29 13:44:46 2024 +1200 cmdline:burn: use allowlist to ensure more passwords burn We treat any option containing 'pass' with suspicion, unless we know it is OK. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674 Signed-off-by: Douglas Bagnall Reviewed-by: Jo Sutton (cherry picked from commit f1fbba6dc609590854c0d7c5e72b58fabc356695) commit ae462aa71afd5322e22c147a7d8a56a9ef48e286 Author: Douglas Bagnall Date: Sat Jun 29 13:43:03 2024 +1200 cmdline: test_cmdline tests more burning We have more secret arguments, like --client-password, --adminpass, so we are going to use an allowlist for options containing 'pass', but we don't want to burn the likes of --group=passionfruit. BUG: https://bugzilla.samba.org/show_bug.cgi?id
[SCM] Samba Shared Repository - branch v4-19-test updated
The branch, v4-19-test has been updated via 8d08c814134 third_party/heimdal: Import lorikeet-heimdal-202407041740 (commit 42ba2a6e5dd1bc14a8b5ada8c9b8ace85956f6a0) from fee232dd9cf third_party: Update socket_wrapper to version 1.4.3 https://git.samba.org/?p=samba.git;a=shortlog;h=v4-19-test - Log - commit 8d08c8141344afe91052a258c22fae1ec886d8db Author: Ralph Boehme Date: Thu Jul 4 18:00:52 2024 +0200 third_party/heimdal: Import lorikeet-heimdal-202407041740 (commit 42ba2a6e5dd1bc14a8b5ada8c9b8ace85956f6a0) Fix clock skew error message and memory cache clock skew recovery BUG: https://bugzilla.samba.org/show_bug.cgi?id=15676 Signed-off-by: Ralph Boehme Signed-off-by: Stefan Metzmacher Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Fri Jul 5 10:02:26 UTC 2024 on atb-devel-224 (cherry picked from commit e4d6a19e49260af22bffd2a417119489719ba364) Autobuild-User(v4-19-test): Jule Anger Autobuild-Date(v4-19-test): Wed Jul 10 13:29:02 UTC 2024 on atb-devel-224 --- Summary of changes: third_party/heimdal/lib/krb5/fast.c | 12 third_party/heimdal/lib/krb5/mcache.c | 2 +- 2 files changed, 9 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/third_party/heimdal/lib/krb5/fast.c b/third_party/heimdal/lib/krb5/fast.c index 90133a7abc0..4026ed62327 100644 --- a/third_party/heimdal/lib/krb5/fast.c +++ b/third_party/heimdal/lib/krb5/fast.c @@ -691,10 +691,14 @@ _krb5_fast_unwrap_error(krb5_context context, idx = 0; pa = krb5_find_padata(md->val, md->len, KRB5_PADATA_FX_FAST, ); if (pa == NULL) { - ret = KRB5_KDCREP_MODIFIED; - krb5_set_error_message(context, ret, - N_("FAST fast response is missing FX-FAST", "")); - goto out; + /* +* Typically _krb5_fast_wrap_req() has set KRB5_FAST_EXPECTED, which +* means check_fast() will complain and return KRB5KRB_AP_ERR_MODIFIED. +* +* But for TGS-REP init_tgs_req() clears KRB5_FAST_EXPECTED and we'll +* ignore a missing KRB5_PADATA_FX_FAST. +*/ + return check_fast(context, state); } ret = unwrap_fast_rep(context, state, pa, ); diff --git a/third_party/heimdal/lib/krb5/mcache.c b/third_party/heimdal/lib/krb5/mcache.c index fdd5674c3b8..e916bf4e6be 100644 --- a/third_party/heimdal/lib/krb5/mcache.c +++ b/third_party/heimdal/lib/krb5/mcache.c @@ -225,7 +225,7 @@ mcc_initialize(krb5_context context, */ mcc_destroy_internal(context, m); m->dead = 0; -m->kdc_offset = 0; +m->kdc_offset = context->kdc_sec_offset; m->mtime = time(NULL); ret = krb5_copy_principal (context, primary_principal, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via f4604a86fe1 third_party/heimdal: Import lorikeet-heimdal-202407041740 (commit 42ba2a6e5dd1bc14a8b5ada8c9b8ace85956f6a0) from 16b430e7401 s4:selftest: also test samba4.ldb.simple.ldap*SASL-BIND with ldap_testing:{channel_bound,tls_channel_bindings,forced_channel_binding} https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit f4604a86fe1251b86b6f08a7fb3843a65092724d Author: Ralph Boehme Date: Thu Jul 4 18:00:52 2024 +0200 third_party/heimdal: Import lorikeet-heimdal-202407041740 (commit 42ba2a6e5dd1bc14a8b5ada8c9b8ace85956f6a0) Fix clock skew error message and memory cache clock skew recovery BUG: https://bugzilla.samba.org/show_bug.cgi?id=15676 Signed-off-by: Ralph Boehme Signed-off-by: Stefan Metzmacher Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Fri Jul 5 10:02:26 UTC 2024 on atb-devel-224 (cherry picked from commit e4d6a19e49260af22bffd2a417119489719ba364) Autobuild-User(v4-20-test): Jule Anger Autobuild-Date(v4-20-test): Wed Jul 10 09:14:10 UTC 2024 on atb-devel-224 --- Summary of changes: third_party/heimdal/lib/krb5/fast.c | 12 third_party/heimdal/lib/krb5/mcache.c | 2 +- 2 files changed, 9 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/third_party/heimdal/lib/krb5/fast.c b/third_party/heimdal/lib/krb5/fast.c index 90133a7abc0..4026ed62327 100644 --- a/third_party/heimdal/lib/krb5/fast.c +++ b/third_party/heimdal/lib/krb5/fast.c @@ -691,10 +691,14 @@ _krb5_fast_unwrap_error(krb5_context context, idx = 0; pa = krb5_find_padata(md->val, md->len, KRB5_PADATA_FX_FAST, ); if (pa == NULL) { - ret = KRB5_KDCREP_MODIFIED; - krb5_set_error_message(context, ret, - N_("FAST fast response is missing FX-FAST", "")); - goto out; + /* +* Typically _krb5_fast_wrap_req() has set KRB5_FAST_EXPECTED, which +* means check_fast() will complain and return KRB5KRB_AP_ERR_MODIFIED. +* +* But for TGS-REP init_tgs_req() clears KRB5_FAST_EXPECTED and we'll +* ignore a missing KRB5_PADATA_FX_FAST. +*/ + return check_fast(context, state); } ret = unwrap_fast_rep(context, state, pa, ); diff --git a/third_party/heimdal/lib/krb5/mcache.c b/third_party/heimdal/lib/krb5/mcache.c index fdd5674c3b8..e916bf4e6be 100644 --- a/third_party/heimdal/lib/krb5/mcache.c +++ b/third_party/heimdal/lib/krb5/mcache.c @@ -225,7 +225,7 @@ mcc_initialize(krb5_context context, */ mcc_destroy_internal(context, m); m->dead = 0; -m->kdc_offset = 0; +m->kdc_offset = context->kdc_sec_offset; m->mtime = time(NULL); ret = krb5_copy_principal (context, primary_principal, -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via 16b430e7401 s4:selftest: also test samba4.ldb.simple.ldap*SASL-BIND with ldap_testing:{channel_bound,tls_channel_bindings,forced_channel_binding} via ac22551de3e selftest: split out selftest/expectedfail.d/samba4.ldb.simple.ldap-tls via 7c6c742106b s4:libcli/ldap: add tls channel binding support for ldap_bind_sasl() via 7f2e3839f25 s4:ldap_server: add support for tls channel bindings via 64d4c1cdcc3 s3:crypto/gse: implement channel binding support via 7b62c5f7d24 s4:gensec_gssapi: implement channel binding support via 1219bf38301 auth/ntlmssp: implement channel binding support via c41feb6c2a4 auth/gensec: add gensec_set_channel_bindings() function via 2668243de22 wscript_configure_embedded_heimdal: define HAVE_CLIENT_GSS_C_CHANNEL_BOUND_FLAG via c86e8742373 third_party/heimdal: import lorikeet-heimdal-202404171655 (commit 28a56d818074e049f0361ef74d7017f2a9391847) via 20d5335dc1f s4:lib/tls: add tstream_tls_channel_bindings() via 6fec41bdb31 lib/crypto: add legacy_gnutls_server_end_point_cb() if needed via b2f44b81751 s4:libcli/ldap: make use of tstream_tls_params_client_lpcfg() via 254fa5041d6 s4:librpc/rpc: make use of tstream_tls_params_client_lpcfg() via 7a6ce2be813 s3:rpc_server/mdssvc: make use of tstream_tls_params_client_lpcfg() via 8989c3cd8ba s4:lib/tls: add tstream_tls_params_client_lpcfg() via f1ca22f5577 s4:lib/tls: split out tstream_tls_verify_peer() helper via 1f0e6a44747 s4:lib/tls: include a TLS server name indication in the client handshake via a55356b7cde s4:lib/tls: we no longer need ifdef GNUTLS_NO_TICKETS via 0c8fd43cc83 s4:lib/tls: split out tstream_tls_prepare_gnutls() via 3e90d30bab9 s4:lib/tls: assert that event contexts are not mixed via c117f54ceed s3:lib/tls: we need to call tstream_tls_retry_handshake/disconnect() until all buffers are flushed via 52adc59a926 s4:lib/tls: remove tstream_tls_push_trigger_write step via 461f14259e2 s4:libcli/ldap: force GSS-SPNEGO in ldap_bind_sasl() via 39ffaf056b2 s4:libcli/ldap: fix no memory error code in ldap_bind_sasl() via 5545d934ec0 ldb_ildap: require ldb_get_opaque(ldb, "loadparm") to be valid via 07e707c4de4 s4:libcli/ldap: ldap4_new_connection() requires a valid lp_ctx via 52fc65513f4 selftest: move some more expected failures to expectedfail.d from 63b47dc0edc Fix starvation of pending writes in CTDB queues https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit 16b430e7401bb01cdaba7e39681d9d494228af03 Author: Stefan Metzmacher Date: Tue Feb 13 15:50:14 2024 +0100 s4:selftest: also test samba4.ldb.simple.ldap*SASL-BIND with ldap_testing:{channel_bound,tls_channel_bindings,forced_channel_binding} BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621 Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett (cherry picked from commit 065da873296c23ef3b9051fba39be097cfff60fa) Autobuild-User(v4-20-test): Jule Anger Autobuild-Date(v4-20-test): Tue Jul 9 10:53:40 UTC 2024 on atb-devel-224 commit ac22551de3ec0d604ab431f738630ff25aa9062d Author: Stefan Metzmacher Date: Tue Feb 13 15:50:14 2024 +0100 selftest: split out selftest/expectedfail.d/samba4.ldb.simple.ldap-tls BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621 Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett (cherry picked from commit 6794cc476249452c415881396bce4df663fc4fba) commit 7c6c742106b14ab564bb24038266f53be9db915c Author: Stefan Metzmacher Date: Thu Sep 28 17:11:03 2023 +0200 s4:libcli/ldap: add tls channel binding support for ldap_bind_sasl() We still allow 'ldap_testing:tls_channel_bindings = no' and 'ldap_testing:channel_bound = no' for testing the old behavior in order to have expected failures in our tests. And we have 'ldap_testing:forced_channel_binding = somestring' in order to force invalid bindings. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621 Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett (cherry picked from commit 7acb15a53c061344ffdbd58f9b2f01f8b0233f4e) commit 7f2e3839f257d6c87d0b8f5e66ecd1a950964913 Author: Stefan Metzmacher Date: Tue Jan 23 14:20:24 2024 +0100 s4:ldap_server: add support for tls channel bindings ldap server require strong auth = allow_sasl_over_tls is now an alias for 'allow_sasl_without_tls_channel_bindings' and should be avoided and changed to 'yes' or 'allow_sasl_without_tls_channel_bindings'. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621 Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via 63b47dc0edc Fix starvation of pending writes in CTDB queues via 95058b97865 build: --vendor-suffix instead of --vendor-patch-revision --vendor-name via 5531ef4d2b0 buildtools: sanitise strange characters in vendor strings from bff728a842f third_party/heimdal: Import lorikeet-heimdal-202406240121 (commit 4315286377278234be2f3b6d52225a17b6116d54) https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit 63b47dc0edcd0a1ffe53dd083249d3e9029f4e62 Author: Xavi Hernandez Date: Thu Jun 27 15:41:19 2024 +0200 Fix starvation of pending writes in CTDB queues CTDB uses a queue to receive requests and send answers. It works asynchronously using the tevent framework. However there was an issue that gave priority to the receiving side so, when a request was processed and the answer posted to the queue, if another incoming request arrived, it was served before sending the previous answer. This scenario could repeat for long periods of time if the frequency of incoming requests was high enough. Eventually, a small time gap between incoming request gave a chance to process the pending output queue, sending many answers in a burst. This patch makes sure that both queues (input and output) are processed if the event contains the appropriate flag. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15678 RN: Fix unnecessary delays in CTDB while processing requests under high load. Signed-off-by: Xavi Hernandez Reviewed-by: Volker Lendecke Reviewed-by: Martin Schwenke Autobuild-User(master): Volker Lendecke Autobuild-Date(master): Mon Jul 1 09:17:43 UTC 2024 on atb-devel-224 (cherry picked from commit 60550fbe184a5cefa55a8f0bab508f70def7a684) Autobuild-User(v4-20-test): Jule Anger Autobuild-Date(v4-20-test): Tue Jul 9 09:43:01 UTC 2024 on atb-devel-224 commit 95058b97865cf179467e6d85a2f92ad8c27c0513 Author: Douglas Bagnall Date: Fri Jun 21 10:40:59 2024 +1200 build: --vendor-suffix instead of --vendor-patch-revision --vendor-name In practice there isn't a use for two options, and neither quite matched what people thought they were doing. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15673 Signed-off-by: Douglas Bagnall Reviewed-by: Jo Sutton (cherry picked from commit 673c8e6ca5994973e4887641c3599707a66a608c) commit 5531ef4d2b0569ded5f9be4396c84acc5042ce55 Author: Douglas Bagnall Date: Fri Jun 21 10:38:40 2024 +1200 buildtools: sanitise strange characters in vendor strings There is no reason to think '-' and '+' are the only characters that might sneak into a vendor string; Debian habitually use '~'. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15673 Signed-off-by: Douglas Bagnall Reviewed-by: Jo Sutton (cherry picked from commit 0bc5b6f29307ce758774c1b2f48ce62315fdc7f9) --- Summary of changes: buildtools/wafsamba/samba_abi.py | 6 +++--- ctdb/common/ctdb_io.c| 17 +++-- script/autobuild.py | 4 ++-- wscript | 12 +--- 4 files changed, 17 insertions(+), 22 deletions(-) Changeset truncated at 500 lines: diff --git a/buildtools/wafsamba/samba_abi.py b/buildtools/wafsamba/samba_abi.py index 2d9505d255c..c82ba3424f9 100644 --- a/buildtools/wafsamba/samba_abi.py +++ b/buildtools/wafsamba/samba_abi.py @@ -286,7 +286,7 @@ def abi_build_vscript(task): f.close() def VSCRIPT_MAP_PRIVATE(bld, libname, orig_vscript, version, private_vscript): -version = version.replace("-", "_").replace("+","_").upper() +version = re.sub(r'\W', '_', version).upper() t = bld.SAMBA_GENERATOR(private_vscript, rule=abi_build_vscript, source=orig_vscript, @@ -314,8 +314,8 @@ def ABI_VSCRIPT(bld, libname, abi_directory, version, vscript, abi_match=None, p libname = os.path.basename(libname) version = os.path.basename(version) -libname = libname.replace("-", "_").replace("+","_").upper() -version = version.replace("-", "_").replace("+","_").upper() +libname = re.sub(r'\W', '_', libname).upper() +version = re.sub(r'\W', '_', version).upper() t = bld.SAMBA_GENERATOR(vscript, rule=abi_build_vscript, diff --git a/ctdb/common/ctdb_io.c b/ctdb/common/ctdb_io.c index bf8bc73b77d..9ac9b84a7fb 100644 --- a/ctdb/common/ctdb_io.c +++ b/ctdb/common/ctdb_io.c @@ -272,7 +272,7 @@ static void queue_dead(struct tevent_context *ev, struct tevent_immediate *im, /*
[SCM] Samba Shared Repository - branch v4-19-test updated
The branch, v4-19-test has been updated via 6107f663046 Fix starvation of pending writes in CTDB queues via a65eda03caa build: --vendor-suffix instead of --vendor-patch-revision --vendor-name via fe5f703e428 buildtools: sanitise strange characters in vendor strings from 2cf809bb1f3 third_party/heimdal: Import lorikeet-heimdal-202406240121 (commit 4315286377278234be2f3b6d52225a17b6116d54) https://git.samba.org/?p=samba.git;a=shortlog;h=v4-19-test - Log - commit 6107f663046a7a762d1c35beeaae0c1b46582f2e Author: Xavi Hernandez Date: Thu Jun 27 15:41:19 2024 +0200 Fix starvation of pending writes in CTDB queues CTDB uses a queue to receive requests and send answers. It works asynchronously using the tevent framework. However there was an issue that gave priority to the receiving side so, when a request was processed and the answer posted to the queue, if another incoming request arrived, it was served before sending the previous answer. This scenario could repeat for long periods of time if the frequency of incoming requests was high enough. Eventually, a small time gap between incoming request gave a chance to process the pending output queue, sending many answers in a burst. This patch makes sure that both queues (input and output) are processed if the event contains the appropriate flag. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15678 RN: Fix unnecessary delays in CTDB while processing requests under high load. Signed-off-by: Xavi Hernandez Reviewed-by: Volker Lendecke Reviewed-by: Martin Schwenke Autobuild-User(master): Volker Lendecke Autobuild-Date(master): Mon Jul 1 09:17:43 UTC 2024 on atb-devel-224 (cherry picked from commit 60550fbe184a5cefa55a8f0bab508f70def7a684) Autobuild-User(v4-19-test): Jule Anger Autobuild-Date(v4-19-test): Tue Jul 9 08:46:54 UTC 2024 on atb-devel-224 commit a65eda03caa4e22c4089f05f75d3208098dc Author: Douglas Bagnall Date: Fri Jun 21 10:40:59 2024 +1200 build: --vendor-suffix instead of --vendor-patch-revision --vendor-name In practice there isn't a use for two options, and neither quite matched what people thought they were doing. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15673 Signed-off-by: Douglas Bagnall Reviewed-by: Jo Sutton (cherry picked from commit 673c8e6ca5994973e4887641c3599707a66a608c) commit fe5f703e4280eea502a5dbb3ca854c345b499aa6 Author: Douglas Bagnall Date: Fri Jun 21 10:38:40 2024 +1200 buildtools: sanitise strange characters in vendor strings There is no reason to think '-' and '+' are the only characters that might sneak into a vendor string; Debian habitually use '~'. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15673 Signed-off-by: Douglas Bagnall Reviewed-by: Jo Sutton (cherry picked from commit 0bc5b6f29307ce758774c1b2f48ce62315fdc7f9) --- Summary of changes: buildtools/wafsamba/samba_abi.py | 6 +++--- ctdb/common/ctdb_io.c| 17 +++-- script/autobuild.py | 4 ++-- wscript | 12 +--- 4 files changed, 17 insertions(+), 22 deletions(-) Changeset truncated at 500 lines: diff --git a/buildtools/wafsamba/samba_abi.py b/buildtools/wafsamba/samba_abi.py index 682f4e897b5..22c25b8da35 100644 --- a/buildtools/wafsamba/samba_abi.py +++ b/buildtools/wafsamba/samba_abi.py @@ -286,7 +286,7 @@ def abi_build_vscript(task): f.close() def VSCRIPT_MAP_PRIVATE(bld, libname, orig_vscript, version, private_vscript): -version = version.replace("-", "_").replace("+","_").upper() +version = re.sub(r'\W', '_', version).upper() t = bld.SAMBA_GENERATOR(private_vscript, rule=abi_build_vscript, source=orig_vscript, @@ -314,8 +314,8 @@ def ABI_VSCRIPT(bld, libname, abi_directory, version, vscript, abi_match=None, p libname = os.path.basename(libname) version = os.path.basename(version) -libname = libname.replace("-", "_").replace("+","_").upper() -version = version.replace("-", "_").replace("+","_").upper() +libname = re.sub(r'\W', '_', libname).upper() +version = re.sub(r'\W', '_', version).upper() t = bld.SAMBA_GENERATOR(vscript, rule=abi_build_vscript, diff --git a/ctdb/common/ctdb_io.c b/ctdb/common/ctdb_io.c index bf8bc73b77d..9ac9b84a7fb 100644 --- a/ctdb/common/ctdb_io.c +++ b/ctdb/common/ctdb_io.c @@ -272,7 +272,7 @@ static void queue_dead(struct tevent_context *ev, struct tevent_immediate *im, /*
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via bff728a842f third_party/heimdal: Import lorikeet-heimdal-202406240121 (commit 4315286377278234be2f3b6d52225a17b6116d54) via 41c8a42c8ae tests/krb5: Add tests for errors produced when logging in with unusable accounts via d4c1e215a9b tests/krb5: Allow creation of disabled accounts for testing via 50a417a2240 python/tests/krb5: Prepare for PKINIT tests with UF_SMARTCARD_REQUIRED via c1433f821f7 tests/krb5: Fix PK-INIT test framework to allow expired password keys via 4e57b8a5fe6 dsdb: Reduce minimum maxPwdAge from 1 day to nil from eeae9fe4b01 VERSION: Bump version up to Samba 4.20.3... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit bff728a842fde296d70f5c993087b4e47794a98a Author: Jo Sutton Date: Wed Jun 12 14:42:38 2024 +1200 third_party/heimdal: Import lorikeet-heimdal-202406240121 (commit 4315286377278234be2f3b6d52225a17b6116d54) This lets us match the Windows FAST reply when the password is expired. Windows clients were upset by the NTSTATUS field in the edata, apparently interpreting it to mean “insufficient resource”. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655 Signed-off-by: Jo Sutton Reviewed-by: Douglas Bagnall (cherry picked from commit fe90576871b5d644b9e888fd7a0b0351feaba750) Autobuild-User(v4-20-test): Jule Anger Autobuild-Date(v4-20-test): Wed Jul 3 10:06:33 UTC 2024 on atb-devel-224 commit 41c8a42c8ae8b89354ddaa02ea3d0035445d6b44 Author: Jo Sutton Date: Thu Jun 27 12:29:52 2024 +1200 tests/krb5: Add tests for errors produced when logging in with unusable accounts Heimdal matches Windows in the no‐FAST case, but produces NTSTATUS codes when it shouldn’t in the FAST case. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655 Signed-off-by: Jo Sutton Reviewed-by: Douglas Bagnall (cherry picked from commit c5ee0b60b20011aeaa60c2f549c2a78269c97c8f) commit d4c1e215a9bd60c02f3450aa602725663d919d81 Author: Jo Sutton Date: Tue Jun 25 12:51:48 2024 +1200 tests/krb5: Allow creation of disabled accounts for testing BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655 Signed-off-by: Jo Sutton Reviewed-by: Douglas Bagnall (backported from commit 6dc6168719cf232ac2c1d747f10aad9b13300c02) [jsut...@samba.org Fixed conflicting import statements in python/samba/tests/krb5/kdc_base_test.py] commit 50a417a2240f99b155fed436df32bf242e579f73 Author: Andrew Bartlett Date: Tue Mar 19 14:37:24 2024 +1300 python/tests/krb5: Prepare for PKINIT tests with UF_SMARTCARD_REQUIRED Signed-off-by: Andrew Bartlett Reviewed-by: Jo Sutton (backported from commit b2fe1ea1c6aba116b31a1c803b4e0d36ac1a32ee) BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655 [jsut...@samba.org Fixed conflicting import statements in python/samba/tests/krb5/pkinit_tests.py] commit c1433f821f7c5f6ec3ce93c0c1d79c8a3f51fce1 Author: Jo Sutton Date: Fri Mar 22 12:58:19 2024 +1300 tests/krb5: Fix PK-INIT test framework to allow expired password keys Signed-off-by: Jo Sutton Reviewed-by: Andrew Bartlett (cherry picked from commit 7cc8f455191faacf32efc474c27e99d45ef2e024) BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655 commit 4e57b8a5fe68427b844d94f79ea071f333107f6b Author: Andrew Bartlett Date: Fri May 17 14:19:31 2024 +1200 dsdb: Reduce minimum maxPwdAge from 1 day to nil This allows us to have tests, which pass on Windows, that use a very short maxPwdAge. Signed-off-by: Andrew Bartlett Reviewed-by: Jo Sutton (cherry picked from commit 3669479f22f2109a64250ffabd1f6453882d29f1) BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655 --- Summary of changes: python/samba/tests/krb5/kdc_base_test.py | 24 ++- python/samba/tests/krb5/lockout_tests.py | 210 ++- python/samba/tests/krb5/pkinit_tests.py | 15 +- python/samba/tests/krb5/raw_testcase.py | 18 ++- python/samba/tests/krb5/rfc4120_constants.py | 1 + selftest/knownfail_mit_kdc | 5 + source4/dsdb/samdb/ldb_modules/operational.c | 4 +- third_party/heimdal/kdc/fast.c | 13 +- 8 files changed, 278 insertions(+), 12 deletions(-) Changeset truncated at 500 lines: diff --git a/python/samba/tests/krb5/kdc_base_test.py b/python/samba/tests/krb5/kdc_base_test.py index 373c73ecb9a..d983c631a46 100644 --- a/python/samba/tests/krb5/kdc_base_test.py +++ b/python/samba/tests/krb5/kdc_base_test.py @@ -74,6 +74,7 @@ from samba.dsdb import ( GTYPE_SECURITY_DOMAIN_LOCAL_GROUP, GTYPE_SECURITY_GLOBAL_GROUP, GTYPE_SECURITY_UNIVERSAL_GROUP
[SCM] Samba Shared Repository - branch v4-19-test updated
on:tests/dns_base: pass tkey_trans(expected_rcode) via a086e96f269 python:tests/dns_base: let tkey_trans() take tkey_req_in_answers via b1222378a29 python:tests/dns_base: let tkey_trans() and sign_packet() take algorithm_name as argument via fdac589752e python:tests/dns_tkey: make use of self.assert_echoed_dns_error() via 606b7034f5d python:tests/dns_base: add self.assert_echoed_dns_error() via 313ca15a845 python:tests/dns_base: let dns_transaction_tcp() handle short receives via 1800543b0ad python:tests/dns_base: use ndr_deepcopy() and ndr_pack() in verify_packet() via 1c807412b88 python:tests/dns_base: generate a real signature in bad_sign_packet() from fecc211af0e BUG 15569 ldb: add missing ABI/pyldb-util-2.8.1.sigs https://git.samba.org/?p=samba.git;a=shortlog;h=v4-19-test - Log - commit 2cf809bb1f3a6311d8f5e3ba745091e36ca9a943 Author: Jo Sutton Date: Wed Jun 12 14:42:38 2024 +1200 third_party/heimdal: Import lorikeet-heimdal-202406240121 (commit 4315286377278234be2f3b6d52225a17b6116d54) This lets us match the Windows FAST reply when the password is expired. Windows clients were upset by the NTSTATUS field in the edata, apparently interpreting it to mean “insufficient resource”. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655 Signed-off-by: Jo Sutton Reviewed-by: Douglas Bagnall (backported from commit fe90576871b5d644b9e888fd7a0b0351feaba750) [jsut...@samba.org Fixed conflicts in knownfails and third_party/heimdal/kdc/fast.c] Autobuild-User(v4-19-test): Jule Anger Autobuild-Date(v4-19-test): Wed Jul 3 09:56:13 UTC 2024 on atb-devel-224 commit 86034d86d98489bdde6777e1632b9deeddd3e414 Author: Jo Sutton Date: Thu Jun 27 12:29:52 2024 +1200 tests/krb5: Add tests for errors produced when logging in with unusable accounts Heimdal matches Windows in the no‐FAST case, but produces NTSTATUS codes when it shouldn’t in the FAST case. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655 Signed-off-by: Jo Sutton Reviewed-by: Douglas Bagnall (backported from commit c5ee0b60b20011aeaa60c2f549c2a78269c97c8f) [jsut...@samba.org Fixed conflicts in selftest/knownfail_heimdal_kdc] commit 7cc2b7b0288684f0d5444293ecc2562cc94c407f Author: Jo Sutton Date: Tue Jun 25 12:51:48 2024 +1200 tests/krb5: Allow creation of disabled accounts for testing BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655 Signed-off-by: Jo Sutton Reviewed-by: Douglas Bagnall (backported from commit 6dc6168719cf232ac2c1d747f10aad9b13300c02) [jsut...@samba.org Fixed conflicting import statements in python/samba/tests/krb5/kdc_base_test.py] [jsut...@samba.org Fixed conflicting import statements in python/samba/tests/krb5/kdc_base_test.py] commit 2102b619cf68ddcd3d9b3c4e4d6a3381966d4894 Author: Andrew Bartlett Date: Tue Mar 19 14:37:24 2024 +1300 python/tests/krb5: Prepare for PKINIT tests with UF_SMARTCARD_REQUIRED Signed-off-by: Andrew Bartlett Reviewed-by: Jo Sutton (backported from commit b2fe1ea1c6aba116b31a1c803b4e0d36ac1a32ee) BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655 [jsut...@samba.org Fixed conflicting import statements in python/samba/tests/krb5/pkinit_tests.py] [jsut...@samba.org Fixed conflicting import statements in python/samba/tests/krb5/kdc_base_test.py] commit 9c64cd3f2e02f88ebd16c6785e0d1fa34926aebb Author: Jo Sutton Date: Fri Mar 22 12:58:19 2024 +1300 tests/krb5: Fix PK-INIT test framework to allow expired password keys Signed-off-by: Jo Sutton Reviewed-by: Andrew Bartlett (cherry picked from commit 7cc8f455191faacf32efc474c27e99d45ef2e024) BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655 commit e65a4281c139b7d07560aad8963653b1eb6c70ea Author: Andrew Bartlett Date: Fri May 17 14:19:31 2024 +1200 dsdb: Reduce minimum maxPwdAge from 1 day to nil This allows us to have tests, which pass on Windows, that use a very short maxPwdAge. Signed-off-by: Andrew Bartlett Reviewed-by: Jo Sutton (cherry picked from commit 3669479f22f2109a64250ffabd1f6453882d29f1) BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655 commit a35edbb5302fd83ec24eb731d3078e7a3d064ce8 Author: Joseph Sutton Date: Mon Oct 30 14:05:17 2023 +1300 tests/krb5: Use __slots__ to indicate which attributes are used by classes These should help to catch mistaken attempts to set invalid attributes. Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett (cherry picked from commit 2b69e1e7c316e634090aad1d97ecadf8cdf529f3) BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655 commit fc8beb134d247667d9c94900fed3761cd08b796d Author: Joseph Sut
[SCM] Samba Shared Repository - branch v4-20-stable updated
The branch, v4-20-stable has been updated via 569d541c9bb VERSION: Disable GIT_SNAPSHOT for the 4.20.2 release. via 55cd97dfef1 WHATSNEW: Add release notes for Samba 4.20.2. via 3dd39600da3 BUG 15569 ldb: Release LDB 2.9.1 via fc318c63e55 auth/credentials: don't ignore "client use kerberos" and --use-kerberos for machine accounts via 212b014679f auth/credentials: add tests for cli_credentials_get_kerberos_state[_obtained]() via 46ebf66fe96 auth/credentials: add cli_credentials_get_kerberos_state_obtained() helper via cccd9c95c8b testprogs/blackbox: add test_ldap_token.sh to test "client use kerberos" and --use-kerberos via 694605f52a4 testprogs/blackbox: let test_trust_token.sh check for S-1-18-1 with kerberos via 7d69ec93e31 vfs_recycle: remember resolved config->repository in vfs_recycle_connect() via f464a85c129 Revert "TMP-REPRODUCE: vfs_recycle: demonstrate memory corruption in recycle_unlink_internal()" via 64d7108cddb vfs_recycle: fix memory hierarchy via 4bb5f8a92aa vfs_recycle: use the correct return in SMB_VFS_HANDLE_GET_DATA() via a5d5d83c492 vfs_recycle: use a talloc_stackframe() in recycle_unlink_internal() via 69b9c140527 vfs_recycle: directly allocate smb_fname_final->base_name via db098ff1aad vfs_recycle: don't unlink on allocation failure via cf22968a8a1 TMP-REPRODUCE: vfs_recycle: demonstrate memory corruption in recycle_unlink_internal() via 7d277c424fc test_recycle.sh: make sure we don't see panics on the log files via b3ce5a86489 vfs_default: also call vfs_offload_token_ctx_init in vfswrap_offload_write_send via d7e0b5933fa s4:torture/smb2: add smb2.ioctl.copy_chunk_bug15644 via 5b90acbef15 s3/smbd: fix nested chdir into msdfs links on (widelinks = yes) share via 4b4b0152fd7 selftest: Add a python blackbox test for some misc (widelink) DFS tests via dceb2e56b63 script/autobuild.py: Add test for --vendor-name and --vendor-patch-revision via 5d593a735d3 build: Add --vendor-name --vendor-patch-revision options to ./configure via f46faceae1f ctdb/docs: Include ceph rados namespace support in man page via 9110627bc24 ctdb/ceph: Add optional namespace support for mutex helper via df54d3fdda9 s4:dns_server: no-op dns updates with ACCESS_DENIED should be ignored via 89817ed2165 s4:dns_server: correctly sign dns update responses with gss-tsig like Windows via fdd61d60caa s4:dns_server: dns_verify_tsig should return REFUSED on error via f663b386156 s4:dns_server: also search DNS_QTYPE_TKEY in the answers section if it's the last section via 3b36f447040 s4:dns_server: use tkey->algorithm if available in dns_sign_tsig() via 299818567ea s4:dns_server: use the client provided algorithm for the fake TSIG structure via 7ddd758da50 s4:dns_server: only allow gss-tsig and gss.microsoft.com for TSIG via 6e395cabf38 s4:dns_server: only allow gss-tsig and gss.microsoft.com for TKEY via ed8ef00c297 s4:dns_server: failed dns updates should result in REFUSED for ACCESS_DENIED via a7f3293ddf7 python:tests/dns_tkey: add test_update_tsig_record_access_denied() via 9137bb66ab4 s4:selftest/tests: pass USERNAME_UNPRIV=$DOMAIN_USER to samba.tests.dns_tkey via 5a98bc50263 python:tests/dns_base: add get_unpriv_creds() helper via ff0afdd1b05 python:tests/dns_tkey: let test_update_tsig_windows() actually pass against windows 2022 via bda80382eb5 python:tests/dns_base: let verify_packet() work against Windows via fdfd4e8adce python:tests/dns_tkey: test bad and changing tsig algorithms via 7dabac46b5a python:tests/dns_tkey: add gss.microsoft.com tsig updates via 6438249cf1e python:tests/dns_tkey: let us have test_update_gss_tsig_tkey_req_{additional,answers}() via 501a25a1f07 python:tests/dns_tkey: test TKEY with gss-tsig, gss.microsoft.com and invalid algorithms via c7a936ecd27 python:tests/dns_base: maintain a dict with tkey related state via da7c313740d python:tests/dns_base: let dns_transaction_udp() take allow_{remaining,truncated}=True via 85784854629 python:tests/dns_base: pass tkey_trans(expected_rcode) via e58fe908371 python:tests/dns_base: let tkey_trans() take tkey_req_in_answers via 12d4e452410 python:tests/dns_base: let tkey_trans() and sign_packet() take algorithm_name as argument via 9cfc2e24331 python:tests/dns_tkey: make use of self.assert_echoed_dns_error() via f7f0518b46a python:tests/dns_base: add self.assert_echoed_dns_error() via c00749edb35 python:tests/dns_base: let dns_transaction_tcp() handle short receives via 3bd80a2545a python:tests/dns_base: use ndr_deepcopy() and ndr_pack() in verify_packet() via 19fc5bb6b9d python:tests/dns_base:
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 4257c72 NEWS[4.20.2]: Samba 4.20.2 Available for Download from 19e1100 NEWS[4.19.7]: Samba 4.19.7 Available for Download https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 4257c7205fcf9e2af4eb3ef6b84326bd2de2759c Author: Jule Anger Date: Wed Jun 19 16:32:01 2024 +0200 NEWS[4.20.2]: Samba 4.20.2 Available for Download Signed-off-by: Jule Anger --- Summary of changes: history/header_history.html | 1 + history/samba-4.20.2.html| 82 posted_news/20240619-143251.4.20.2.body.html | 13 posted_news/20240619-143251.4.20.2.headline.html | 3 + 4 files changed, 99 insertions(+) create mode 100644 history/samba-4.20.2.html create mode 100644 posted_news/20240619-143251.4.20.2.body.html create mode 100644 posted_news/20240619-143251.4.20.2.headline.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index 7ddf607..3e20311 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -9,6 +9,7 @@ Release Notes + samba-4.20.2 samba-4.20.1 samba-4.20.0 samba-4.19.7. diff --git a/history/samba-4.20.2.html b/history/samba-4.20.2.html new file mode 100644 index 000..17d71e7 --- /dev/null +++ b/history/samba-4.20.2.html @@ -0,0 +1,82 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.20.2 - Release Notes + + +Samba 4.20.2 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.20.2.tar.gz;>Samba 4.20.2 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.20.2.tar.asc;>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.20.1-4.20.2.diffs.gz;>Patch (gzipped) against Samba 4.20.1 +https://download.samba.org/pub/samba/patches/samba-4.20.1-4.20.2.diffs.asc;>Signature + + + + == + Release Notes for Samba 4.20.2 + June 19, 2024 + == + + +This is the latest stable release of the Samba 4.20 release series. + + +Changes since 4.20.1 + + +o Jeremy Allison j...@samba.org + * BUG 15662: vfs_widelinks with DFS shares breaks case insensitivity. + +o Douglas Bagnall douglas.bagn...@catalyst.net.nz + * BUG 13213: Samba build is not reproducible. + * BUG 15569: ldb qsort might r/w out of bounds with an intransitive compare + function. + * BUG 15625: Many qsort() comparison functions are non-transitive, which can + lead to out-of-bounds access in some circumstances. + +o Andrew Bartlett abart...@samba.org + * BUG 15638: Need to change gitlab-ci.yml tags in all branches to avoid CI + bill. + * BUG 15654: We have added new options --vendor-name and --vendor-patch- + revision arguments to ./configure to allow distributions and packagers to + put their name in the Samba version string so that when debugging Samba the + source of the binary is obvious. + +o Gnther Deschner g...@samba.org + * BUG 15665: CTDB RADOS mutex helper misses namespace support. + +o Stefan Metzmacher me...@samba.org + * BUG 13019: Dynamic DNS updates with the internal DNS are not working. + * BUG 14981: netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with + SysvolReady=0. + * BUG 15412: Anonymous smb3 signing/encryption should be allowed (similar to + Windows Server 2022). + * BUG 15573: Panic in dreplsrv_op_pull_source_apply_changes_trigger. + * BUG 15620: s4:nbt_server: does not provide unexpected handling, so winbindd + cant use nmb requests instead cldap. + * BUG 15642: winbindd, net ads join and other things dont work on an ipv6 + only host. + * BUG 15659: Segmentation fault when deleting files in vfs_recycle. + * BUG 15664: Panic in vfs_offload_token_db_fetch_fsp(). + * BUG 15666: client use kerberos and --use-kerberos is ignored for the + machine account. + +o Noel Power noel.po...@suse.com + * BUG 15435: Regression DFS not working with widelinks = true. + +o Andreas Schneider a...@samba.org + * BUG 15633: samba-gpupdate - Invalid NtVer in netlogon_samlogon_response. + * BUG 15653: idmap_ad creates an incorrect local krb5.conf in case of trusted + domain lookups. + * BUG 15660: The images dont build after the git security release and CentOS + 8 Stream is EOL. + + + + + + diff --git a/posted_news/20240619-143251.4.20.2.body.html b/posted_news/20240619-143251.4.20.2.body.html new file mode 100644 index 000..361910e --- /dev/null +++ b/po
[SCM] Samba Shared Repository - annotated tag samba-4.20.2 created
The annotated tag, samba-4.20.2 has been created at 014c6d8292108ac7b3ac76d80ac9bc9fd75e9229 (tag) tagging 569d541c9bb5110d113da3ccdeaeb98ca16eec5c (commit) replaces ldb-2.9.1 tagged by Jule Anger on Wed Jun 19 16:31:39 2024 +0200 - Log - samba: tag release samba-4.20.2 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmZy68sACgkQqplEL7aA tiCOOA//fduBYEvDyRu7A8XBZ+lClFKVa3dGIG+YbDUkHIGx1z2c8SDg4EbsGIuK /9nIic1sd5GSx5fLImuaQshYOOdObhWwG1XBPciU3lXVr60+tuB1wlddQhCh67Lh eG10csBT10N5sc/uy6yOqYK059ZZAnHPH8VimtNJpJzThAuVUtXl+DpbgqF7pr5P tUZl83/hkBjq44boysoIC8lVZ66QPD/iNnqnzgxMk+d+uENp8dCF9Oi+uK1D2d9R BBMvpQtfZmo+HntiW/5EUg6hSFizdU05t9uVaHpfMVGN3MZ6ASGCx+grYxeW5wkL NOXUaA31F9j10GWEDKsdyw2BrOo62eYZHcQK9JV02qVp9PKXSw9nefy8/TjzrsPL cmQCwkL6p8b2s7rWJllq5mUrfXDeT5lWZZd5Neur+Avz9zhe3liAIBzWNaX8XMKx 0ghv02egwcyxNcZrYSpCXFp6iFvlsPWK/0b10+cnkixcaKT/WZ28v7fpwZ8QmbsI EgOa4epRTCeHVoxzFXkrtuXbINsz/SYYFFjVRLhItuxHDtdZll49ACDPFnAX3dn/ yTPELo5XNXf3VuNXAqZoKwJQQAwOUQkH7ECR/n5TV0bbDezsafb91gp4pckV662R N9lIkmhaicVspLRiyCbXM3RJ8G5RKy2BoDG5ILHEZm2UchygJbQ= =aE4l -END PGP SIGNATURE- Jule Anger (2): WHATSNEW: Add release notes for Samba 4.20.2. VERSION: Disable GIT_SNAPSHOT for the 4.20.2 release. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via eeae9fe4b01 VERSION: Bump version up to Samba 4.20.3... via 569d541c9bb VERSION: Disable GIT_SNAPSHOT for the 4.20.2 release. via 55cd97dfef1 WHATSNEW: Add release notes for Samba 4.20.2. via 3dd39600da3 BUG 15569 ldb: Release LDB 2.9.1 from fc318c63e55 auth/credentials: don't ignore "client use kerberos" and --use-kerberos for machine accounts https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit eeae9fe4b013c86f15bb59f4c21bcb03403b75fb Author: Jule Anger Date: Wed Jun 19 16:13:52 2024 +0200 VERSION: Bump version up to Samba 4.20.3... and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger commit 569d541c9bb5110d113da3ccdeaeb98ca16eec5c Author: Jule Anger Date: Wed Jun 19 16:13:12 2024 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.20.2 release. Signed-off-by: Jule Anger commit 55cd97dfef1d3caddb2815f12eae9f33c0c6d10d Author: Jule Anger Date: Wed Jun 19 16:11:53 2024 +0200 WHATSNEW: Add release notes for Samba 4.20.2. Signed-off-by: Jule Anger commit 3dd39600da3c0bedeae9f033c1333eb6b0f4ff33 Author: Jule Anger Date: Wed Jun 19 16:07:51 2024 +0200 BUG 15569 ldb: Release LDB 2.9.1 * BUG 15569: Many qsort() comparison functions are non-transitive, which can lead to out-of-bounds access in some circumstances. Signed-off-by: Jule Anger --- Summary of changes: VERSION| 2 +- WHATSNEW.txt | 86 +- lib/ldb/ABI/{ldb-2.8.0.sigs => ldb-2.9.1.sigs} | 0 ...pyldb-util-2.1.0.sigs => pyldb-util-2.9.1.sigs} | 0 lib/ldb/wscript| 2 +- 5 files changed, 86 insertions(+), 4 deletions(-) copy lib/ldb/ABI/{ldb-2.8.0.sigs => ldb-2.9.1.sigs} (100%) copy lib/ldb/ABI/{pyldb-util-2.1.0.sigs => pyldb-util-2.9.1.sigs} (100%) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index e279f2933b8..4cb90cc5643 100644 --- a/VERSION +++ b/VERSION @@ -27,7 +27,7 @@ SAMBA_COPYRIGHT_STRING="Copyright Andrew Tridgell and the Samba Team 1992-2024" SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=20 -SAMBA_VERSION_RELEASE=2 +SAMBA_VERSION_RELEASE=3 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 8249e9326f9..fb964d7a6f4 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,86 @@ + == + Release Notes for Samba 4.20.2 + June 19, 2024 + == + + +This is the latest stable release of the Samba 4.20 release series. + + +Changes since 4.20.1 + + +o Jeremy Allison + * BUG 15662: vfs_widelinks with DFS shares breaks case insensitivity. + +o Douglas Bagnall + * BUG 13213: Samba build is not reproducible. + * BUG 15569: ldb qsort might r/w out of bounds with an intransitive compare + function. + * BUG 15625: Many qsort() comparison functions are non-transitive, which can + lead to out-of-bounds access in some circumstances. + +o Andrew Bartlett + * BUG 15638: Need to change gitlab-ci.yml tags in all branches to avoid CI + bill. + * BUG 15654: We have added new options --vendor-name and --vendor-patch- + revision arguments to ./configure to allow distributions and packagers to + put their name in the Samba version string so that when debugging Samba the + source of the binary is obvious. + +o Günther Deschner + * BUG 15665: CTDB RADOS mutex helper misses namespace support. + +o Stefan Metzmacher + * BUG 13019: Dynamic DNS updates with the internal DNS are not working. + * BUG 14981: netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with + SysvolReady=0. + * BUG 15412: Anonymous smb3 signing/encryption should be allowed (similar to + Windows Server 2022). + * BUG 15573: Panic in dreplsrv_op_pull_source_apply_changes_trigger. + * BUG 15620: s4:nbt_server: does not provide unexpected handling, so winbindd + can't use nmb requests instead cldap. + * BUG 15642: winbindd, net ads join and other things don't work on an ipv6 + only host. + * BUG 15659: Segmentation fault when deleting files in vfs_recycle. + * BUG 15664: Panic in vfs_offload_token_db_fetch_fsp(). + * BUG 15666: "client use kerberos" and --use-kerberos is ignored for the + machine account. + +o Noel Power + * BUG 15435: Regression DFS not working with widelinks = true. + +o Andreas Schneider + * BUG 15633: samba-gpupdate - Invalid NtVer in n
[SCM] Samba Shared Repository - annotated tag ldb-2.9.1 created
The annotated tag, ldb-2.9.1 has been created at 2e3dd126db9e838111631315974785e95d88ceb5 (tag) tagging 3dd39600da3c0bedeae9f033c1333eb6b0f4ff33 (commit) replaces samba-4.20.1 tagged by Jule Anger on Wed Jun 19 16:27:02 2024 +0200 - Log - ldb: tag release ldb-2.9.1 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAmZy6rYACgkQR5ORYRMI QCVCHAgAgyck8/vg928tsREA62mDVyuyJDUPVooaDJ7vEMRyG44czXbNA4QnAGsh NMfmKbJWc2TfGpMbj60mgFWVFHHb7/KF+kAdrMAU6uKNjSlGzPAq3TFDpgPMDxW0 lm4rfm75SlDBh4hEOwYE5gnh+5mlHcf5Vmgl6CoOjePg70qgFevLEi6rWV85ZDuE 33PSidVprZ17m4faP4eqs0j5aHhEA/COo6vP9MeumgjwElWuvuvsVadxeEdi1jeR hyGrbLTclWQtjaY/NqZAN3qcj8ECxW2GMRWHYeb35Hsv0wW6bAv24PmDAAK7dB2w 5nGW2HMvmik2/7xIoEHW0oZQIX4oUg== =1NWc -END PGP SIGNATURE- Andreas Schneider (10): python: Fix NtVer check for site_dn_for_machine() s3:libads: Allow get_kdc_ip_string() to lookup the KDCs IP s3:libads: Do not fail if we don't get an IP passed down s3:winbind: Fix idmap_ad creating an invalid local krb5.conf bootstrap: Fix runner tags bootstrap: Set git safe.directory bootstrap: Fix building CentOS 8 Stream container images gitlab-ci: Set git safe.directory for devel repo third_party: Update uid_wrapper to version 1.3.1 third_party: Update socket_wrapper to version 1.4.3 Andrew Bartlett (3): .gitlab-ci: Remove tags no longer provided by gitlab.com build: Add --vendor-name --vendor-patch-revision options to ./configure script/autobuild.py: Add test for --vendor-name and --vendor-patch-revision Douglas Bagnall (69): pidl:Typelist: resolveType(): don't mistake a reference for a name buildtools:pidl: avoid hash randomisation in pidl examples:winexe: reproducible builds with zero timestamp examples:winexe: embed Samba version as exe timestamp ldb: avoid out of bounds read and write in ldb_qsort() lib/fuzzing/decode_ndr_X_crash: guess the pipe from filename util:tsort.h: add a macro for safely comparing numbers ldb: add NUMERIC_CMP macro to ldb.h ldb:ldb_dn: use safe NUMERIC_CMP in ldb_dn_compare_base() ldb:ldb_dn: use safe NUMERIC_CMP in ldb_dn_compare() s4:ntvfs: use NUMERIC_CMP in stream_name_cmp s4:dsdb:mod:operational: use NUMERIC_CMP in pso_compare s4: use numeric_cmp in dns_common_sort_zones() util:binsearch: user NUMERIC_CMP() torture:charset: use < and > assertions for strcasecmp_m torture:charset: use < and > assertions for strncasecmp_m torture:charset: test more of strcasecmp_m util:charset:util_str: use NUMERIC_CMP in strcasecmp_m_handle util:test: test_ms_fn_match_protocol_no_wildcard: allow -1 util:charset:codepoints: condepoint_cmpi uses NUMERIC_CMP() util:charset:codepoints: codepoint_cmpi warning about non-transitivity s3:libsmb:namequery: note intransitivity in addr_compare() s3:libsmb:namequery: use NUMERIC_CMP in addr_compare lib/torture: add assert_int_{less,greater} macros util: charset:util_str: use NUMERIC_CMP in strncasecmp_m_handle ldb:attrib_handlers: ldb_comparison_Boolean uses NUMERIC_CMP() ldb:attrib_handlers: ldb_comparison_binary uses NUMERIC_CMP() util:datablob: avoid non-transitive comparison in data_blob_cmp() ldb: avoid non-transitive comparison in ldb_val_cmp() ldb: reduce non-transitive comparisons in ldb_msg_element_compare() libcli/security: use NUMERIC_CMP in dom_sid_compare() libcli/security: use NUMERIC_CMP in dom_sid_compare_auth() s3:lib:util_tdb: use NUMERIC_CMP() in tdb_data_cmp() s4:rpc_server: compare_SamEntry() uses NUMERIC_CMP() s4:dns_server: use NUMERIC_CMP in rec_cmp() s4:wins: use NUMERIC_CMP in winsdb_addr_sort_list() s4:wins: winsdb_addr_sort_list() uses NUMERIC_CMP() s4:wins: use NUMERIC_CMP in nbtd_wins_randomize1Clist_sort() s3:util:net_registry: registry_value_cmp() uses NUMERIC_CMP() s3:smbcacls: use NUMERIC_CMP in ace_compare s3:util:sharesec ace_compare() uses NUMERIC_CMP() s3:libsmb_xattr: ace_compare() uses NUMERIC_CMP() ldb:mod:sort: rearrange NULL checks ldb:sort: check that elements have values ldb:sort: generalise both-NULL check to equality check ldb:dn: make ldb_dn_compare() self-consistent s3:brlock: use NUMERIC_CMP in #ifdef-zeroed lock_compare s3:mod:posixacl_xattr: use NUMERIC_CMP in posixacl_xattr_entry_compare s3:mod:vfs_vxfs: use NUMERIC_CMP in vxfs_ace_cmp dsdb:schema: use NUMERIC_CMP in place of uint32_cmp s3:rpc:wkssvc_nt: dom_user_cmp uses NUMERIC_CMP gensec: sort_gensec uses NUMERIC_CMP lib/socket: rearrange iface_comp() to use NUMERIC_CMP s3:libsmb:nmblib: use NUMERIC_CMP in status_compare s4:rpcsrv:dnsserver: make dns_name_compar
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via fc318c63e55 auth/credentials: don't ignore "client use kerberos" and --use-kerberos for machine accounts via 212b014679f auth/credentials: add tests for cli_credentials_get_kerberos_state[_obtained]() via 46ebf66fe96 auth/credentials: add cli_credentials_get_kerberos_state_obtained() helper via cccd9c95c8b testprogs/blackbox: add test_ldap_token.sh to test "client use kerberos" and --use-kerberos via 694605f52a4 testprogs/blackbox: let test_trust_token.sh check for S-1-18-1 with kerberos via 7d69ec93e31 vfs_recycle: remember resolved config->repository in vfs_recycle_connect() via f464a85c129 Revert "TMP-REPRODUCE: vfs_recycle: demonstrate memory corruption in recycle_unlink_internal()" via 64d7108cddb vfs_recycle: fix memory hierarchy via 4bb5f8a92aa vfs_recycle: use the correct return in SMB_VFS_HANDLE_GET_DATA() via a5d5d83c492 vfs_recycle: use a talloc_stackframe() in recycle_unlink_internal() via 69b9c140527 vfs_recycle: directly allocate smb_fname_final->base_name via db098ff1aad vfs_recycle: don't unlink on allocation failure via cf22968a8a1 TMP-REPRODUCE: vfs_recycle: demonstrate memory corruption in recycle_unlink_internal() via 7d277c424fc test_recycle.sh: make sure we don't see panics on the log files via b3ce5a86489 vfs_default: also call vfs_offload_token_ctx_init in vfswrap_offload_write_send via d7e0b5933fa s4:torture/smb2: add smb2.ioctl.copy_chunk_bug15644 from 5b90acbef15 s3/smbd: fix nested chdir into msdfs links on (widelinks = yes) share https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit fc318c63e5556e940ee846e63ebbc1ca5a39c945 Author: Stefan Metzmacher Date: Tue Jun 18 20:28:25 2024 +0200 auth/credentials: don't ignore "client use kerberos" and --use-kerberos for machine accounts We only turn desired into off in the NT4 domain member case. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15666 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Wed Jun 19 10:17:28 UTC 2024 on atb-devel-224 (cherry picked from commit 5b40cdf6e8885c9db6c5ffa972112f3516e4130a) Autobuild-User(v4-20-test): Jule Anger Autobuild-Date(v4-20-test): Wed Jun 19 14:07:17 UTC 2024 on atb-devel-224 commit 212b014679f17808c20015ee6852ffbd5f4b847f Author: Stefan Metzmacher Date: Tue Jun 18 19:02:05 2024 +0200 auth/credentials: add tests for cli_credentials_get_kerberos_state[_obtained]() BUG: https://bugzilla.samba.org/show_bug.cgi?id=15666 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider (cherry picked from commit eeb60574b6bf1a5209b85a8af843b93300550ba7) commit 46ebf66fe965ba361325877364b65c69b781484a Author: Stefan Metzmacher Date: Tue Jun 18 18:53:48 2024 +0200 auth/credentials: add cli_credentials_get_kerberos_state_obtained() helper BUG: https://bugzilla.samba.org/show_bug.cgi?id=15666 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider (cherry picked from commit c715ac5e496ddde119212d3b880ff0e68c2da67b) commit cccd9c95c8bbbde16f3251081ea2c3a1fc3b2ac3 Author: Stefan Metzmacher Date: Tue Jun 18 19:34:30 2024 +0200 testprogs/blackbox: add test_ldap_token.sh to test "client use kerberos" and --use-kerberos This shows that they are ignored for machine accounts as domain member. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15666 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider (cherry picked from commit db2c576f329675e8d66e19c336fe04ccba918b4a) commit 694605f52a45ae31e2607895fff2ae60f9f64595 Author: Stefan Metzmacher Date: Tue Jun 18 19:11:09 2024 +0200 testprogs/blackbox: let test_trust_token.sh check for S-1-18-1 with kerberos BUG: https://bugzilla.samba.org/show_bug.cgi?id=15666 Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider (cherry picked from commit cda8beea45303a77080c64bb2391d22c59672deb) commit 7d69ec93e3178105ee02aae24d056d65d2d70358 Author: Stefan Metzmacher Date: Fri Jun 14 10:07:02 2024 +0200 vfs_recycle: remember resolved config->repository in vfs_recycle_connect() This should not change during the lifetime of the tcon. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15659 Signed-off-by: Stefan Metzmacher Reviewed-by: Martin Schwenke Reviewed-by: Noel Power Reviewed-by: Volker Lendecke (cherry picked from commit 53b72ea4d25d4aa6cf8de1c7555456d4cc03b809) commit f464a85c12968c0791714af68c7d3a044e81adc6 Author: Stefan Metzmacher Date:
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via 5b90acbef15 s3/smbd: fix nested chdir into msdfs links on (widelinks = yes) share via 4b4b0152fd7 selftest: Add a python blackbox test for some misc (widelink) DFS tests via dceb2e56b63 script/autobuild.py: Add test for --vendor-name and --vendor-patch-revision via 5d593a735d3 build: Add --vendor-name --vendor-patch-revision options to ./configure via f46faceae1f ctdb/docs: Include ceph rados namespace support in man page via 9110627bc24 ctdb/ceph: Add optional namespace support for mutex helper via df54d3fdda9 s4:dns_server: no-op dns updates with ACCESS_DENIED should be ignored via 89817ed2165 s4:dns_server: correctly sign dns update responses with gss-tsig like Windows via fdd61d60caa s4:dns_server: dns_verify_tsig should return REFUSED on error via f663b386156 s4:dns_server: also search DNS_QTYPE_TKEY in the answers section if it's the last section via 3b36f447040 s4:dns_server: use tkey->algorithm if available in dns_sign_tsig() via 299818567ea s4:dns_server: use the client provided algorithm for the fake TSIG structure via 7ddd758da50 s4:dns_server: only allow gss-tsig and gss.microsoft.com for TSIG via 6e395cabf38 s4:dns_server: only allow gss-tsig and gss.microsoft.com for TKEY via ed8ef00c297 s4:dns_server: failed dns updates should result in REFUSED for ACCESS_DENIED via a7f3293ddf7 python:tests/dns_tkey: add test_update_tsig_record_access_denied() via 9137bb66ab4 s4:selftest/tests: pass USERNAME_UNPRIV=$DOMAIN_USER to samba.tests.dns_tkey via 5a98bc50263 python:tests/dns_base: add get_unpriv_creds() helper via ff0afdd1b05 python:tests/dns_tkey: let test_update_tsig_windows() actually pass against windows 2022 via bda80382eb5 python:tests/dns_base: let verify_packet() work against Windows via fdfd4e8adce python:tests/dns_tkey: test bad and changing tsig algorithms via 7dabac46b5a python:tests/dns_tkey: add gss.microsoft.com tsig updates via 6438249cf1e python:tests/dns_tkey: let us have test_update_gss_tsig_tkey_req_{additional,answers}() via 501a25a1f07 python:tests/dns_tkey: test TKEY with gss-tsig, gss.microsoft.com and invalid algorithms via c7a936ecd27 python:tests/dns_base: maintain a dict with tkey related state via da7c313740d python:tests/dns_base: let dns_transaction_udp() take allow_{remaining,truncated}=True via 85784854629 python:tests/dns_base: pass tkey_trans(expected_rcode) via e58fe908371 python:tests/dns_base: let tkey_trans() take tkey_req_in_answers via 12d4e452410 python:tests/dns_base: let tkey_trans() and sign_packet() take algorithm_name as argument via 9cfc2e24331 python:tests/dns_tkey: make use of self.assert_echoed_dns_error() via f7f0518b46a python:tests/dns_base: add self.assert_echoed_dns_error() via c00749edb35 python:tests/dns_base: let dns_transaction_tcp() handle short receives via 3bd80a2545a python:tests/dns_base: use ndr_deepcopy() and ndr_pack() in verify_packet() via 19fc5bb6b9d python:tests/dns_base: generate a real signature in bad_sign_packet() from 8b8fef4c9c8 third_party: Update socket_wrapper to version 1.4.3 https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit 5b90acbef156174ea65014a298f926218a760c4e Author: Noel Power Date: Fri Jun 7 19:35:47 2024 +0100 s3/smbd: fix nested chdir into msdfs links on (widelinks = yes) share This patch also removes known fail for existing test BUG: https://bugzilla.samba.org/show_bug.cgi?id=15435 Signed-off-by: Noel Power Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Tue Jun 11 19:31:40 UTC 2024 on atb-devel-224 (cherry picked from commit 788ef8f07c75d5e6eca5b8f18d93d96f31574267) [noel.po...@suse.com backported to Samba 4.20 minor change to use 4.20 create_open_symlink_err fn instead of read_symlink_reparse] Autobuild-User(v4-20-test): Jule Anger Autobuild-Date(v4-20-test): Tue Jun 18 08:33:30 UTC 2024 on atb-devel-224 commit 4b4b0152fd7cce2923ffcfe04eb07de4cc8721d7 Author: Noel Power Date: Tue Jun 11 11:19:50 2024 +0100 selftest: Add a python blackbox test for some misc (widelink) DFS tests On master attempting to chdir into a nested dfs link e.g. cd dfslink (works) cd dfslink/another_dfslink (fails) [1] Add a test for this scenario (nested chdir) [2] Add test for enumerating a dfs link in root of dfs share [3] Add a test to check case insensitive chdir into dfs link on widelink enabled share Add knownfails for tests 1 and 3 Signed-off-by: Noel Power Reviewed-by: Jer
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via e57e35908d5 s3: vfs_widelinks: Allow case insensitivity to work on DFS widelinks shares. via f681ee3bac0 s3/torture: Add test for widelink case insensitivity on a MSDFS share. from 50d4451bd4b s3:smbcacls: fix ace_compare https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit e57e35908d53124d44d4c275a9f6b248516204ae Author: Jeremy Allison Date: Mon Jun 10 17:25:32 2024 -0700 s3: vfs_widelinks: Allow case insensitivity to work on DFS widelinks shares. Remove knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15662 Signed-off-by: Jeremy Allison Reviewed-by: Noel Power Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Tue Jun 11 17:00:38 UTC 2024 on atb-devel-224 (cherry picked from commit e535bcc698bd5eb31f5c5e0c144692988a044e79) Autobuild-User(v4-20-test): Jule Anger Autobuild-Date(v4-20-test): Wed Jun 12 10:22:36 UTC 2024 on atb-devel-224 commit f681ee3bac0ebe86ea1e810aca13e0b5738c58e0 Author: Jeremy Allison Date: Mon Jun 10 15:14:19 2024 -0700 s3/torture: Add test for widelink case insensitivity on a MSDFS share. Add knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15662 Signed-off-by: Jeremy Allison Reviewed-by: Noel Power (cherry picked from commit e37e4f474935819c75c078e52715cf3212f77359) --- Summary of changes: source3/modules/vfs_widelinks.c | 13 - source3/script/tests/test_widelink_dfs_ci.sh | 72 source3/selftest/tests.py| 11 + 3 files changed, 94 insertions(+), 2 deletions(-) create mode 100755 source3/script/tests/test_widelink_dfs_ci.sh Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_widelinks.c b/source3/modules/vfs_widelinks.c index c5b5084e108..4339f6de9e0 100644 --- a/source3/modules/vfs_widelinks.c +++ b/source3/modules/vfs_widelinks.c @@ -383,8 +383,17 @@ static int widelinks_openat(vfs_handle_struct *handle, } lstat_ret = SMB_VFS_NEXT_LSTAT(handle, full_fname); - if (lstat_ret != -1 && - VALID_STAT(full_fname->st) && + if (lstat_ret == -1) { + /* +* Path doesn't exist. We must +* return errno from LSTAT. +*/ + int saved_errno = errno; + TALLOC_FREE(full_fname); + errno = saved_errno; + return -1; + } + if (VALID_STAT(full_fname->st) && S_ISLNK(full_fname->st.st_ex_mode)) { fsp->fsp_name->st = full_fname->st; } diff --git a/source3/script/tests/test_widelink_dfs_ci.sh b/source3/script/tests/test_widelink_dfs_ci.sh new file mode 100755 index 000..6ae5cf5bd7f --- /dev/null +++ b/source3/script/tests/test_widelink_dfs_ci.sh @@ -0,0 +1,72 @@ +#!/bin/sh + +# regression test for dfs access with wide links enabled on dfs share +# Ensure we still maintain case insensitivity. + +if [ $# -lt 7 ]; then + cat < +EOF + exit 1 +fi + +SERVER="$1" +SERVER_IP="$2" +SHARE="$3" +USERNAME="$4" +PASSWORD="$5" +PREFIX="$6" +SMBCLIENT="$7" +shift 7 +ADDARGS="$@" + +incdir=$(dirname "$0")"/../../../testprogs/blackbox" +. "$incdir/subunit.sh" +. "$incdir/common_test_fns.inc" + +failed=0 + +# Do not let deprecated option warnings muck this up +SAMBA_DEPRECATED_SUPPRESS=1 +export SAMBA_DEPRECATED_SUPPRESS + +# Test chdir'ing into a lowercase directory with upper case. +test_ci() +{ +tmpfile="$PREFIX/smbclient_ci_commands" + +cat >"$tmpfile" <
[SCM] Samba Shared Repository - branch v4-19-stable updated
The branch, v4-19-stable has been updated via bce5c475d12 VERSION: Disable GIT_SNAPSHOT for the 4.19.7 release. via e71f7441c9e WHATSNEW: Add release notes for Samba 4.19.7. via 6ca4df63741 BUG 15569 ldb: Release LDB 2.8.1 via d4f9272b7e9 s3:smbcacls: fix ace_compare via 123f458dda6 ldb:attrib_handlers: reduce non-transitive behaviour in ldb_comparison_fold via 0382d17 ldb:attrib_handlers: use NUMERIC_CMP in ldb_comparison_fold via ae8eb3d2b09 s4:dsdb:mod: repl_md: message sort uses NUMERIC_CMP() via 2a53574e07e s4:dsdb:mod: repl_md: make message_sort transitive via 92daa0a7801 ldb: avoid NULL deref in ldb_db_compare via ca905ccbf1e ldb:attrib_handlers: make ldb_comparison_Boolean more consistent via 50bfb065e01 ldb-samba:ldif_handlers: dn_link_comparison: sort invalid DNs via 5c5c652db7c ldb-samba:ldif_handlers: dn_link_comparison leaks less via 96f3db39522 ldb-samba:ldif_handlers: dn_link_comparison correctly sorts deleted objects via 2b3416384ae ldb-samba:ldif_handlers: dn_link_comparison semi-sorts invalid DNs via fae4e0b16aa ldb-samba:ldif_handlers: dn_link_comparison semi-sorts deleted objects via 108f687cf22 ldb-samba: ldif-handlers: make ldif_comparison_objectSid() accurate via 5bf176b5692 s4:rpcsrv:samr: improve a comment in compare_msgRid via 24d362e62d4 s4:rpcsrv:dnsserver: make dns_name_compare transitive with NULLs via 9314eaaba91 s3:libsmb:nmblib: use NUMERIC_CMP in status_compare via f0f9598d5d1 lib/socket: rearrange iface_comp() to use NUMERIC_CMP via c1819217c0a gensec: sort_gensec uses NUMERIC_CMP via 4066451f6e8 s3:rpc:wkssvc_nt: dom_user_cmp uses NUMERIC_CMP via 16288b40eb9 dsdb:schema: use NUMERIC_CMP in place of uint32_cmp via 069e651d4b8 s3:mod:vfs_vxfs: use NUMERIC_CMP in vxfs_ace_cmp via f58d857d722 s3:mod:posixacl_xattr: use NUMERIC_CMP in posixacl_xattr_entry_compare via 13645e1131b s3:brlock: use NUMERIC_CMP in #ifdef-zeroed lock_compare via aa255148bbb ldb:dn: make ldb_dn_compare() self-consistent via 867dce05d21 ldb:sort: generalise both-NULL check to equality check via 87a6fe0058a ldb:sort: check that elements have values via 71d2c9093cf ldb:mod:sort: rearrange NULL checks via d4477eab44a s3:libsmb_xattr: ace_compare() uses NUMERIC_CMP() via 075aae1d1a0 s3:util:sharesec ace_compare() uses NUMERIC_CMP() via 32f4e0c7f5a s3:smbcacls: use NUMERIC_CMP in ace_compare via 26e08f8fc7d s3:util:net_registry: registry_value_cmp() uses NUMERIC_CMP() via 30f0a2fb131 s4:wins: use NUMERIC_CMP in nbtd_wins_randomize1Clist_sort() via 91dd5024010 s4:wins: winsdb_addr_sort_list() uses NUMERIC_CMP() via 0f8e25b897f s4:wins: use NUMERIC_CMP in winsdb_addr_sort_list() via f14a1370f48 s4:dns_server: use NUMERIC_CMP in rec_cmp() via 622bf82fb32 s4:rpc_server: compare_SamEntry() uses NUMERIC_CMP() via 6b07ce82a58 s3:lib:util_tdb: use NUMERIC_CMP() in tdb_data_cmp() via b7f581fb61f libcli/security: use NUMERIC_CMP in dom_sid_compare_auth() via 60c318fc66b libcli/security: use NUMERIC_CMP in dom_sid_compare() via 23d792875f9 ldb: reduce non-transitive comparisons in ldb_msg_element_compare() via b2dbe57c977 ldb: avoid non-transitive comparison in ldb_val_cmp() via fe804401b9b util:datablob: avoid non-transitive comparison in data_blob_cmp() via ad50158af05 ldb:attrib_handlers: ldb_comparison_binary uses NUMERIC_CMP() via 9de4a5d3bbc ldb:attrib_handlers: ldb_comparison_Boolean uses NUMERIC_CMP() via c85cb252af0 util: charset:util_str: use NUMERIC_CMP in strncasecmp_m_handle via 5847e53de2f lib/torture: add assert_int_{less,greater} macros via 12c6c305fb1 s3:libsmb:namequery: use NUMERIC_CMP in addr_compare via 74befdb1387 s3:libsmb:namequery: note intransitivity in addr_compare() via 2557ab23014 util:charset:codepoints: codepoint_cmpi warning about non-transitivity via 120479e4e02 util:charset:codepoints: condepoint_cmpi uses NUMERIC_CMP() via 388b11b6dc1 util:test: test_ms_fn_match_protocol_no_wildcard: allow -1 via 59f6652aeee util:charset:util_str: use NUMERIC_CMP in strcasecmp_m_handle via 3f8063530d2 torture:charset: test more of strcasecmp_m via 6b08f2ed860 torture:charset: use < and > assertions for strncasecmp_m via 5082378df18 torture:charset: use < and > assertions for strcasecmp_m via 1a45f172070 util:binsearch: user NUMERIC_CMP() via ea27699bcd2 s4: use numeric_cmp in dns_common_sort_zones() via 792f8d40e1c s4:dsdb:mod:operational: use NUMERIC_CMP in pso_compare via 25e97cd7dba s4:ntvfs: use NUMERIC_CMP in stream_name_cmp via 6c9119371cd ldb:ldb_dn: use safe
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 19e1100 NEWS[4.19.7]: Samba 4.19.7 Available for Download from 2ec8209 NEWS[4.20.1]: Samba 4.20.1 Available for Download https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 19e11008fca41dd540944dbf54f4cb1b36065cbc Author: Jule Anger Date: Mon Jun 10 17:29:25 2024 +0200 NEWS[4.19.7]: Samba 4.19.7 Available for Download Signed-off-by: Jule Anger --- Summary of changes: history/header_history.html | 1 + history/samba-4.19.7.html| 62 posted_news/20240610-153018.4.19.7.body.html | 13 + posted_news/20240610-153018.4.19.7.headline.html | 3 ++ 4 files changed, 79 insertions(+) create mode 100644 history/samba-4.19.7.html create mode 100644 posted_news/20240610-153018.4.19.7.body.html create mode 100644 posted_news/20240610-153018.4.19.7.headline.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index 984ad78..7ddf607 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -11,6 +11,7 @@ samba-4.20.1 samba-4.20.0 + samba-4.19.7. samba-4.19.6. samba-4.19.5. samba-4.19.4. diff --git a/history/samba-4.19.7.html b/history/samba-4.19.7.html new file mode 100644 index 000..d7d013c --- /dev/null +++ b/history/samba-4.19.7.html @@ -0,0 +1,62 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.19.7 - Release Notes + + +Samba 4.19.7 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.19.7.tar.gz;>Samba 4.19.7 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.19.7.tar.asc;>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.19.6-4.19.7.diffs.gz;>Patch (gzipped) against Samba 4.19.6 +https://download.samba.org/pub/samba/patches/samba-4.19.6-4.19.7.diffs.asc;>Signature + + + + == + Release Notes for Samba 4.19.7 + June 10, 2024 + == + + +This is the latest stable release of the Samba 4.19 release series. + + +Changes since 4.19.6 + + +o Douglas Bagnall douglas.bagn...@catalyst.net.nz + * BUG 15569: ldb qsort might r/w out of bounds with an intransitive compare + function (ldb 2.8.1 is already released). + * BUG 15625: Many qsort() comparison functions are non-transitive, which can + lead to out-of-bounds access in some circumstances (ldb 2.8.1 is already + released). + +o Andrew Bartlett abart...@samba.org + * BUG 15638: Need to change gitlab-ci.yml tags in all branches to avoid CI + bill. + +o Stefan Metzmacher me...@samba.org + * BUG 14981: netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with + SysvolReady=0. + * BUG 15412: Anonymous smb3 signing/encryption should be allowed (similar to + Windows Server 2022). + * BUG 15573: Panic in dreplsrv_op_pull_source_apply_changes_trigger. + * BUG 15642: winbindd, net ads join and other things dont work on an ipv6 + only host. + +o Anna Popova popova.anna...@gmail.com + * BUG 15636: Smbcacls incorrectly propagates inheritance with Inherit-Only + flag. + +o Noel Power noel.po...@suse.com + * BUG 15611: http library doesnt support chunked transfer encoding. + + + + + + diff --git a/posted_news/20240610-153018.4.19.7.body.html b/posted_news/20240610-153018.4.19.7.body.html new file mode 100644 index 000..8b91043 --- /dev/null +++ b/posted_news/20240610-153018.4.19.7.body.html @@ -0,0 +1,13 @@ + +10 June 2024 +Samba 4.19.7 Available for Download + +This is the latest stable release of the Samba 4.19 release series. + + +The uncompressed tarball has been signed using GnuPG (ID AA99442FB680B620). +The source code can be https://download.samba.org/pub/samba/stable/samba-4.19.7.tar.gz;>downloaded now. +A https://download.samba.org/pub/samba/patches/samba-4.19.6-4.19.7.diffs.gz;>patch against Samba 4.19.6 is also available. +See https://www.samba.org/samba/history/samba-4.19.7.html;>the release notes for more info. + + diff --git a/posted_news/20240610-153018.4.19.7.headline.html b/posted_news/20240610-153018.4.19.7.headline.html new file mode 100644 index 000..e1b9b9e --- /dev/null +++ b/posted_news/20240610-153018.4.19.7.headline.html @@ -0,0 +1,3 @@ + + 10 June 2024 Samba 4.19.7 Available for Download + -- Samba Website Repository
[SCM] Samba Shared Repository - annotated tag samba-4.19.7 created
The annotated tag, samba-4.19.7 has been created at 92be2654d0c65af6c71d2da5b32c443812092b0d (tag) tagging bce5c475d12fb75619bc85d176bfd40420b4fce8 (commit) replaces ldb-2.8.1 tagged by Jule Anger on Mon Jun 10 17:29:04 2024 +0200 - Log - samba: tag release samba-4.19.7 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmZnG8EACgkQqplEL7aA tiAAVBAAlTEpL4A0BBsRJr9zVBHyT038hOpVXY3no5tbUZIj4Wwm0jixjg3MzI5O hrKxAVXrn/FuRKmCLorewRHP9O9/GQWeSEwsMe/X5A4VA+q1ip91eiEaqYIJ3wxK DZGq9ODRqR0dpvEhnWmKPu1eRtBwPh61ZA/5lX9VQG0PLKdGuVb18nyw9d0kphyI fsmCqFafKM05BezoIMxcwStUbwGj4Qy1cXlKOHcL6QmieDR8hUeIDatr9K99JjXS IAD8yOjqd718Kwn5SJsej1wIWEEVB1bBEgev43tkd5jp32soJ98ki18shd4jHgtS /BhDKQaitvHqpfFO7j2UZHBadgasJxvSHyTZLatG90y1zN4JMmho4KXKbZ7vHnVy QHYZyXaCoZ2ue+lathz2QHwoZXG7ASJP0fbA/zXHe1xmcDqpc8kZ9MZIugBLrhuF BSED4+8CMX3aOM8vkVJMOmP+OmQznGTFBj+sGB+UdQ4KMdeSYWY62bYa3gARZ+Fm 9yrSkMnxFDCyNEtgFIRXskLVebLcdwlPNcdmj0BT1BX8aKcFkbcjSqlq89L4191u lmObq4XB3EBzo5v4gyreyjjQz21eti+pa300XppaSjo3SPJ0xGViprXuw+CQpGrE jSitgiUoP7ns56XXOj+quQbG6KV650ND2N3V79AjGaoj41lP8QU= =xh3A -END PGP SIGNATURE- Jule Anger (2): WHATSNEW: Add release notes for Samba 4.19.7. VERSION: Disable GIT_SNAPSHOT for the 4.19.7 release. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-19-test updated
The branch, v4-19-test has been updated via 6875787d129 VERSION: Bump version up to Samba 4.19.8... via bce5c475d12 VERSION: Disable GIT_SNAPSHOT for the 4.19.7 release. via e71f7441c9e WHATSNEW: Add release notes for Samba 4.19.7. via 6ca4df63741 BUG 15569 ldb: Release LDB 2.8.1 from d4f9272b7e9 s3:smbcacls: fix ace_compare https://git.samba.org/?p=samba.git;a=shortlog;h=v4-19-test - Log - commit 6875787d1294fc2cb0f6f0dce58b209c659ae871 Author: Jule Anger Date: Mon Jun 10 17:26:01 2024 +0200 VERSION: Bump version up to Samba 4.19.8... and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger commit bce5c475d12fb75619bc85d176bfd40420b4fce8 Author: Jule Anger Date: Mon Jun 10 17:25:44 2024 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.19.7 release. Signed-off-by: Jule Anger commit e71f7441c9e2cf2ff895e1106506dec4632508b0 Author: Jule Anger Date: Mon Jun 10 17:25:02 2024 +0200 WHATSNEW: Add release notes for Samba 4.19.7. Signed-off-by: Jule Anger commit 6ca4df6374136d1d205de689618dc8fce5177d14 Author: Jule Anger Date: Mon Jun 10 16:56:59 2024 +0200 BUG 15569 ldb: Release LDB 2.8.1 * BUG 15569: Many qsort() comparison functions are non-transitive, which can lead to out-of-bounds access in some circumstances. Signed-off-by: Jule Anger --- Summary of changes: VERSION| 2 +- WHATSNEW.txt | 66 +- lib/ldb/ABI/{ldb-2.8.0.sigs => ldb-2.8.1.sigs} | 0 lib/ldb/wscript| 2 +- 4 files changed, 66 insertions(+), 4 deletions(-) copy lib/ldb/ABI/{ldb-2.8.0.sigs => ldb-2.8.1.sigs} (100%) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 939e114840c..e0f2394cfa6 100644 --- a/VERSION +++ b/VERSION @@ -27,7 +27,7 @@ SAMBA_COPYRIGHT_STRING="Copyright Andrew Tridgell and the Samba Team 1992-2023" SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=19 -SAMBA_VERSION_RELEASE=7 +SAMBA_VERSION_RELEASE=8 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index be2edfb6ac4..fa27ad5083b 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,66 @@ + == + Release Notes for Samba 4.19.7 + June 10, 2024 + == + + +This is the latest stable release of the Samba 4.19 release series. + + +Changes since 4.19.6 + + +o Douglas Bagnall + * BUG 15569: ldb qsort might r/w out of bounds with an intransitive compare + function (ldb 2.8.1 is already released). + * BUG 15625: Many qsort() comparison functions are non-transitive, which can + lead to out-of-bounds access in some circumstances (ldb 2.8.1 is already + released). + +o Andrew Bartlett + * BUG 15638: Need to change gitlab-ci.yml tags in all branches to avoid CI + bill. + +o Stefan Metzmacher + * BUG 14981: netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with + SysvolReady=0. + * BUG 15412: Anonymous smb3 signing/encryption should be allowed (similar to + Windows Server 2022). + * BUG 15573: Panic in dreplsrv_op_pull_source_apply_changes_trigger. + * BUG 15642: winbindd, net ads join and other things don't work on an ipv6 + only host. + +o Anna Popova + * BUG 15636: Smbcacls incorrectly propagates inheritance with Inherit-Only + flag. + +o Noel Power + * BUG 15611: http library doesn't support 'chunked transfer encoding'. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical:matrix.org matrix room, or +#samba-technical IRC channel on irc.libera.chat. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + == Release Notes for Samba 4.19.6 April 08,
[SCM] Samba Shared Repository - annotated tag ldb-2.8.1 created
The annotated tag, ldb-2.8.1 has been created at 994b7debdcd5fdb4d9617f84c6fa4456cfdcf51c (tag) tagging 6ca4df6374136d1d205de689618dc8fce5177d14 (commit) replaces samba-4.19.6 tagged by Jule Anger on Mon Jun 10 17:20:50 2024 +0200 - Log - ldb: tag release ldb-2.8.1 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAmZnGdIACgkQR5ORYRMI QCVIMQf/axqBK6HeRTyfvdLQg2vCehM7P+tNypDWB5QHr+kQrIgyGUCsdQ8rS27A RexD5/HLT2VIvoP1ftE1y5jOvQR4tjV0S8fZki8bpYxgOUBqdBwtaM2MPPau3WVv Lrw8uKBbt5Le/d3p/ORqyai+ZgGLq94Zg4knKE+wsZ2hipdGviiz9QPrrADhJLac DZQhU5S+24asjZZLOKzitnPKVTGMPJsBF5BwifuX1rO7yOY3RYABXLJ/um6cesaZ pFsFtZPr/Ksxc8934dJWcMM3sK2Te4NFjUbAIGmzqDaX3bR7SofO59xEB+3M7NSJ MClJlSGFd05hozCdZRUSjuf6pwHUeA== =fiNG -END PGP SIGNATURE- Andrew Bartlett (1): .gitlab-ci: Remove tags no longer provided by gitlab.com Anna Popova (1): s3:utils: Fix Inherit-Only flag being automatically propagated to children Douglas Bagnall (65): ldb: avoid out of bounds read and write in ldb_qsort() lib/fuzzing/decode_ndr_X_crash: guess the pipe from filename util:tsort.h: add a macro for safely comparing numbers ldb: add NUMERIC_CMP macro to ldb.h ldb:ldb_dn: use safe NUMERIC_CMP in ldb_dn_compare_base() ldb:ldb_dn: use safe NUMERIC_CMP in ldb_dn_compare() s4:ntvfs: use NUMERIC_CMP in stream_name_cmp s4:dsdb:mod:operational: use NUMERIC_CMP in pso_compare s4: use numeric_cmp in dns_common_sort_zones() util:binsearch: user NUMERIC_CMP() torture:charset: use < and > assertions for strcasecmp_m torture:charset: use < and > assertions for strncasecmp_m torture:charset: test more of strcasecmp_m util:charset:util_str: use NUMERIC_CMP in strcasecmp_m_handle util:test: test_ms_fn_match_protocol_no_wildcard: allow -1 util:charset:codepoints: condepoint_cmpi uses NUMERIC_CMP() util:charset:codepoints: codepoint_cmpi warning about non-transitivity s3:libsmb:namequery: note intransitivity in addr_compare() s3:libsmb:namequery: use NUMERIC_CMP in addr_compare lib/torture: add assert_int_{less,greater} macros util: charset:util_str: use NUMERIC_CMP in strncasecmp_m_handle ldb:attrib_handlers: ldb_comparison_Boolean uses NUMERIC_CMP() ldb:attrib_handlers: ldb_comparison_binary uses NUMERIC_CMP() util:datablob: avoid non-transitive comparison in data_blob_cmp() ldb: avoid non-transitive comparison in ldb_val_cmp() ldb: reduce non-transitive comparisons in ldb_msg_element_compare() libcli/security: use NUMERIC_CMP in dom_sid_compare() libcli/security: use NUMERIC_CMP in dom_sid_compare_auth() s3:lib:util_tdb: use NUMERIC_CMP() in tdb_data_cmp() s4:rpc_server: compare_SamEntry() uses NUMERIC_CMP() s4:dns_server: use NUMERIC_CMP in rec_cmp() s4:wins: use NUMERIC_CMP in winsdb_addr_sort_list() s4:wins: winsdb_addr_sort_list() uses NUMERIC_CMP() s4:wins: use NUMERIC_CMP in nbtd_wins_randomize1Clist_sort() s3:util:net_registry: registry_value_cmp() uses NUMERIC_CMP() s3:smbcacls: use NUMERIC_CMP in ace_compare s3:util:sharesec ace_compare() uses NUMERIC_CMP() s3:libsmb_xattr: ace_compare() uses NUMERIC_CMP() ldb:mod:sort: rearrange NULL checks ldb:sort: check that elements have values ldb:sort: generalise both-NULL check to equality check ldb:dn: make ldb_dn_compare() self-consistent s3:brlock: use NUMERIC_CMP in #ifdef-zeroed lock_compare s3:mod:posixacl_xattr: use NUMERIC_CMP in posixacl_xattr_entry_compare s3:mod:vfs_vxfs: use NUMERIC_CMP in vxfs_ace_cmp dsdb:schema: use NUMERIC_CMP in place of uint32_cmp s3:rpc:wkssvc_nt: dom_user_cmp uses NUMERIC_CMP gensec: sort_gensec uses NUMERIC_CMP lib/socket: rearrange iface_comp() to use NUMERIC_CMP s3:libsmb:nmblib: use NUMERIC_CMP in status_compare s4:rpcsrv:dnsserver: make dns_name_compare transitive with NULLs s4:rpcsrv:samr: improve a comment in compare_msgRid ldb-samba: ldif-handlers: make ldif_comparison_objectSid() accurate ldb-samba:ldif_handlers: dn_link_comparison semi-sorts deleted objects ldb-samba:ldif_handlers: dn_link_comparison semi-sorts invalid DNs ldb-samba:ldif_handlers: dn_link_comparison correctly sorts deleted objects ldb-samba:ldif_handlers: dn_link_comparison leaks less ldb-samba:ldif_handlers: dn_link_comparison: sort invalid DNs ldb:attrib_handlers: make ldb_comparison_Boolean more consistent ldb: avoid NULL deref in ldb_db_compare s4:dsdb:mod: repl_md: make message_sort transitive s4:dsdb:mod: repl_md: message sort uses NUMERIC_CMP() ldb:attrib_handlers: use NUMERIC_CMP in ldb_comparison_fold ldb:attrib_handlers: reduce non-transitive behaviour in ldb_comparison_f
[SCM] Samba Shared Repository - branch v4-20-test updated
tsort.h: add a macro for safely comparing numbers via 3a840553cfb lib/fuzzing/decode_ndr_X_crash: guess the pipe from filename via c206d3d20c8 ldb: avoid out of bounds read and write in ldb_qsort() via e2191933876 examples:winexe: embed Samba version as exe timestamp via b1173444ff8 examples:winexe: reproducible builds with zero timestamp via e7c132a4a2c buildtools:pidl: avoid hash randomisation in pidl via eb480df1baf pidl:Typelist: resolveType(): don't mistake a reference for a name from 65e781a30b2 s3:winbind: Fix idmap_ad creating an invalid local krb5.conf https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit 50d4451bd4bf98dc8c0c2ee6a9d9ffeb78788d0c Author: Douglas Bagnall Date: Tue May 21 20:20:36 2024 +1200 s3:smbcacls: fix ace_compare We got this wrong in commit 31101a9fa1503be9d8137e42466f57d85136a156. In fact, we should probably not reorder the inherited ACLs, but that is for another patch series. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625 Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett (cherry picked from commit 5abeb724d74af2b861f2ee6bc27762bb5bf07bca) Autobuild-User(v4-20-test): Jule Anger Autobuild-Date(v4-20-test): Mon Jun 10 14:43:44 UTC 2024 on atb-devel-224 commit e21251926bada4af23c5df0dab9e94e9cd30f0b8 Author: Douglas Bagnall Date: Fri Apr 26 15:58:44 2024 +1200 ldb:attrib_handlers: reduce non-transitive behaviour in ldb_comparison_fold If two strings are invalid UTF-8, the string is first compared with memcmp(), which compares as unsigned char. If the strings are of different lengths and one is a substring of the other, the memcmp() returns 0 and a second comparison is made which assumes the next character in the shorter string is '\0' -- but this comparison was done using SIGNED chars (on most systems). That leads to non-transitive comparisons. Consider the strings {"a\xff", "a", "ab\xff"} under that system. "a\xff" < "a", because (char)0xff == -1. "ab\xff" > "a", because 'b' == 98. "ab\xff" < "a\xff", because memcmp("ab\xff", "a\xff", 2) avoiding the signed char tiebreaker. (Before c49c48afe09a1a78989628bbffd49dd3efc154dd, the final character might br arbitrarily cast into another character -- in latin-1, for example, the 0xff here would have been seen as 'ÿ', which would be uppercased to 'Ÿ', which is U+0178, which would be truncated to '\x78', a positive char. On the other hand e.g. 0xfe, 'þ', would have mapped to 0xde, 'Þ', remaining negative). BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625 Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett (cherry picked from commit e2051eebd492a419f840280336eb242d0b4a26ac) commit 3f9d9f83448c71cf5453dd63434efc98a36d4cfa Author: Douglas Bagnall Date: Thu Apr 11 13:21:25 2024 +1200 ldb:attrib_handlers: use NUMERIC_CMP in ldb_comparison_fold BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625 Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett (cherry picked from commit f81b7c7eb206a447d799a25cc2da26304dc7567a) commit d12f3cced612ccdb1a387544d989de25118d7e4c Author: Douglas Bagnall Date: Fri Apr 12 20:28:04 2024 +1200 s4:dsdb:mod: repl_md: message sort uses NUMERIC_CMP() No change at all in the result, just saving lines and branches. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625 Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett (cherry picked from commit 827b0c39ed0497407bfcfc5683735a165b1b0f0a) commit 7ae866c6ffab54001d9d52b29edaac91d79e5f26 Author: Douglas Bagnall Date: Fri Apr 12 18:11:47 2024 +1200 s4:dsdb:mod: repl_md: make message_sort transitive Before we had (with a TODO of regret): if (!a1 || !a2) { return strcasecmp(e1->name, e2->name); } so, given {name:"A", id 2}, {name:"B", NO id}, {name:"C", id 1}, A < B by name B < C by name A > C by id Now the sort order is always A > C > B. This sort could have caused mysterious crashes in repl_meta_data if the schema is out of sync. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625 Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett (cherry picked from commit 5335f122fb551231a02a58f88f6a0aa23b5e02cb) commit 21a01b3bad469daf28ce389b1555154eef9c664d Author: Douglas Bagnall Date: Fri Apr 26 15:24:47 2024 +1200 ld
[SCM] Samba Shared Repository - branch v4-19-test updated
tsort.h: add a macro for safely comparing numbers via 22d8332e1b9 lib/fuzzing/decode_ndr_X_crash: guess the pipe from filename via 241ebc607b2 ldb: avoid out of bounds read and write in ldb_qsort() from fab04efa325 s3:libads: avoid changing ADS->server.workgroup https://git.samba.org/?p=samba.git;a=shortlog;h=v4-19-test - Log - commit d4f9272b7e9ebf51c82f22b9c877cf37ed66218a Author: Douglas Bagnall Date: Tue May 21 20:20:36 2024 +1200 s3:smbcacls: fix ace_compare We got this wrong in commit 31101a9fa1503be9d8137e42466f57d85136a156. In fact, we should probably not reorder the inherited ACLs, but that is for another patch series. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625 Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett (cherry picked from commit 5abeb724d74af2b861f2ee6bc27762bb5bf07bca) Autobuild-User(v4-19-test): Jule Anger Autobuild-Date(v4-19-test): Mon Jun 10 14:40:17 UTC 2024 on atb-devel-224 commit 123f458dda64c2bec7d8ce272e87a93ec6890f41 Author: Douglas Bagnall Date: Fri Apr 26 15:58:44 2024 +1200 ldb:attrib_handlers: reduce non-transitive behaviour in ldb_comparison_fold If two strings are invalid UTF-8, the string is first compared with memcmp(), which compares as unsigned char. If the strings are of different lengths and one is a substring of the other, the memcmp() returns 0 and a second comparison is made which assumes the next character in the shorter string is '\0' -- but this comparison was done using SIGNED chars (on most systems). That leads to non-transitive comparisons. Consider the strings {"a\xff", "a", "ab\xff"} under that system. "a\xff" < "a", because (char)0xff == -1. "ab\xff" > "a", because 'b' == 98. "ab\xff" < "a\xff", because memcmp("ab\xff", "a\xff", 2) avoiding the signed char tiebreaker. (Before c49c48afe09a1a78989628bbffd49dd3efc154dd, the final character might br arbitrarily cast into another character -- in latin-1, for example, the 0xff here would have been seen as 'ÿ', which would be uppercased to 'Ÿ', which is U+0178, which would be truncated to '\x78', a positive char. On the other hand e.g. 0xfe, 'þ', would have mapped to 0xde, 'Þ', remaining negative). BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625 Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett (cherry picked from commit e2051eebd492a419f840280336eb242d0b4a26ac) commit 0382d17c868f467814d2856858d5066f0ec9 Author: Douglas Bagnall Date: Thu Apr 11 13:21:25 2024 +1200 ldb:attrib_handlers: use NUMERIC_CMP in ldb_comparison_fold BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625 Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett (cherry picked from commit f81b7c7eb206a447d799a25cc2da26304dc7567a) commit ae8eb3d2b0908524f8f8284d5095274db243d778 Author: Douglas Bagnall Date: Fri Apr 12 20:28:04 2024 +1200 s4:dsdb:mod: repl_md: message sort uses NUMERIC_CMP() No change at all in the result, just saving lines and branches. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625 Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett (cherry picked from commit 827b0c39ed0497407bfcfc5683735a165b1b0f0a) commit 2a53574e07e2265e7b60dab3130b8e73d914777d Author: Douglas Bagnall Date: Fri Apr 12 18:11:47 2024 +1200 s4:dsdb:mod: repl_md: make message_sort transitive Before we had (with a TODO of regret): if (!a1 || !a2) { return strcasecmp(e1->name, e2->name); } so, given {name:"A", id 2}, {name:"B", NO id}, {name:"C", id 1}, A < B by name B < C by name A > C by id Now the sort order is always A > C > B. This sort could have caused mysterious crashes in repl_meta_data if the schema is out of sync. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625 Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett (cherry picked from commit 5335f122fb551231a02a58f88f6a0aa23b5e02cb) commit 92daa0a7801f70515e429520ba894423e6a35535 Author: Douglas Bagnall Date: Fri Apr 26 15:24:47 2024 +1200 ldb: avoid NULL deref in ldb_db_compare This also sorts NULLs after invalid DNs, which matches the comment above. CID 1596622. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625 Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett (cherry picked from commit af7654331fb6a2d9cc41cf5bdffa
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via 65e781a30b2 s3:winbind: Fix idmap_ad creating an invalid local krb5.conf via fb4c338f030 s3:libads: Do not fail if we don't get an IP passed down via 069729202c3 s3:libads: Allow get_kdc_ip_string() to lookup the KDCs IP via 1917b7f052d python: Fix NtVer check for site_dn_for_machine() from 9d80c928b01 s4:nbt_server: simulate nmbd and provide unexpected handling https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit 65e781a30b247ab1056405322a8c9cbfb4bae03a Author: Andreas Schneider Date: Tue May 28 13:54:24 2024 +0200 s3:winbind: Fix idmap_ad creating an invalid local krb5.conf In case of a trusted domain, we are providing the realm of the primary trust but specify the KDC IP of the trusted domain. This leads to Kerberos ticket requests to the trusted domain KDC which doesn't know about the machine account. However we need a ticket from our primary trust KDC. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15653 Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett (backported from commit 8989aa47b7493e6b7978c2efc4a40c781e9a2aee) Autobuild-User(v4-20-test): Jule Anger Autobuild-Date(v4-20-test): Wed Jun 5 15:01:54 UTC 2024 on atb-devel-224 commit fb4c338f03034ef47231e1fb7ec1056ac5d3aa4f Author: Andreas Schneider Date: Tue May 28 13:53:51 2024 +0200 s3:libads: Do not fail if we don't get an IP passed down The IP should be optional and we should look it up if not provided. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15653 Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett (cherry picked from commit 9dcc52d2a57314ec9ddaae82b3c49da051d1f1d2) commit 069729202c3b287642e36c777e2b0863f593bca4 Author: Andreas Schneider Date: Tue May 28 13:51:53 2024 +0200 s3:libads: Allow get_kdc_ip_string() to lookup the KDCs IP Remove the requirement to provide an IP address. We should look up the IP of the KDC and use it for the specified realm/workgroup. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15653 Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett (cherry picked from commit 28aa0b815baf4668e3df01d52597c40fd430e2fb) commit 1917b7f052dc7cb69f544e1f1ef94b48dd4212fb Author: Andreas Schneider Date: Mon Apr 15 07:32:02 2024 +0200 python: Fix NtVer check for site_dn_for_machine() BUG: https://bugzilla.samba.org/show_bug.cgi?id=15633 Signed-off-by: Andreas Schneider Reviewed-by: David Mulder (cherry picked from commit 7a5e7b821259890dd2978e6f113f4a3dad110ea4) --- Summary of changes: python/samba/gp/gpclass.py | 4 +--- source3/libads/kerberos.c | 32 source3/winbindd/idmap_ad.c | 11 +-- 3 files changed, 26 insertions(+), 21 deletions(-) Changeset truncated at 500 lines: diff --git a/python/samba/gp/gpclass.py b/python/samba/gp/gpclass.py index 08be472e707..d86aacec138 100644 --- a/python/samba/gp/gpclass.py +++ b/python/samba/gp/gpclass.py @@ -805,9 +805,7 @@ def site_dn_for_machine(samdb, dc_hostname, lp, creds, hostname): samlogon_response = ndr_unpack(nbt.netlogon_samlogon_response, bytes(res.msgs[0]['Netlogon'][0])) -if samlogon_response.ntver not in [nbt.NETLOGON_NT_VERSION_5EX, - (nbt.NETLOGON_NT_VERSION_1 -| nbt.NETLOGON_NT_VERSION_5EX)]: +if not (samlogon_response.ntver & nbt.NETLOGON_NT_VERSION_5EX): raise RuntimeError('site_dn_for_machine: Invalid NtVer in ' + 'netlogon_samlogon_response') diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c index f76c5665205..6c6d23c29da 100644 --- a/source3/libads/kerberos.c +++ b/source3/libads/kerberos.c @@ -437,23 +437,23 @@ static char *get_kdc_ip_string(char *mem_ctx, char *kdc_str = NULL; char *canon_sockaddr = NULL; - SMB_ASSERT(pss != NULL); - - canon_sockaddr = print_canonical_sockaddr_with_port(frame, pss); - if (canon_sockaddr == NULL) { - goto out; - } + if (pss != NULL) { + canon_sockaddr = print_canonical_sockaddr_with_port(frame, pss); + if (canon_sockaddr == NULL) { + goto out; + } - kdc_str = talloc_asprintf(frame, - "\t\tkdc = %s\n", - canon_sockaddr); - if (kdc_str == NULL) { - goto out; - } + kdc_str = talloc_asprintf(frame, + &
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 2ec8209 NEWS[4.20.1]: Samba 4.20.1 Available for Download from 4728e21 NEWS[4.19.6]: Samba 4.19.6 Available for Download https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 2ec82090dff0576c8d451b444d01b9e8d2d44abf Author: Jule Anger Date: Wed May 8 10:05:24 2024 +0200 NEWS[4.20.1]: Samba 4.20.1 Available for Download Signed-off-by: Jule Anger --- Summary of changes: history/header_history.html | 1 + history/samba-4.20.1.html| 54 posted_news/20240508-080633.4.20.1.body.html | 13 ++ posted_news/20240508-080633.4.20.1.headline.html | 3 ++ 4 files changed, 71 insertions(+) create mode 100644 history/samba-4.20.1.html create mode 100644 posted_news/20240508-080633.4.20.1.body.html create mode 100644 posted_news/20240508-080633.4.20.1.headline.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index 8f60ff2..984ad78 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -9,6 +9,7 @@ Release Notes + samba-4.20.1 samba-4.20.0 samba-4.19.6. samba-4.19.5. diff --git a/history/samba-4.20.1.html b/history/samba-4.20.1.html new file mode 100644 index 000..1206074 --- /dev/null +++ b/history/samba-4.20.1.html @@ -0,0 +1,54 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.20.1 - Release Notes + + +Samba 4.20.1 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.20.1.tar.gz;>Samba 4.20.1 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.20.1.tar.asc;>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.20.0-4.20.1.diffs.gz;>Patch (gzipped) against Samba 4.20.0 +https://download.samba.org/pub/samba/patches/samba-4.20.0-4.20.1.diffs.asc;>Signature + + + + == + Release Notes for Samba 4.20.1 +May 08, 2024 + == + + +This is the latest stable release of the Samba 4.20 release series. + + +Changes since 4.20.0 + + +o Douglas Bagnall douglas.bagn...@catalyst.net.nz + * BUG 15630: dns update debug message is too noisy. + +o Alexander Bokovoy a...@samba.org + * BUG 15635: Do not fail PAC validation for RFC8009 checksums types. + +o Pavel Filipenský pfilipen...@samba.org + * BUG 15605: Improve performance of lookup_groupmem() in idmap_ad. + +o Anna Popova popova.anna...@gmail.com + * BUG 15636: Smbcacls incorrectly propagates inheritance with Inherit-Only + flag. + +o Noel Power noel.po...@suse.com + * BUG 15611: http library doesnt support chunked transfer encoding. + +o Andreas Schneider a...@samba.org + * BUG 15600: Provide a systemd service file for the background queue daemon. + + + + + + diff --git a/posted_news/20240508-080633.4.20.1.body.html b/posted_news/20240508-080633.4.20.1.body.html new file mode 100644 index 000..0aef412 --- /dev/null +++ b/posted_news/20240508-080633.4.20.1.body.html @@ -0,0 +1,13 @@ + +08 May 2024 +Samba 4.20.1 Available for Download + +This is the first stable release of the Samba 4.20 release series. + + +The uncompressed tarball has been signed using GnuPG (ID AA99442FB680B620). +The source code can be https://download.samba.org/pub/samba/stable/samba-4.20.1.tar.gz;>downloaded now. +A https://download.samba.org/pub/samba/patches/samba-4.20.0-4.20.1.diffs.gz;>patch against Samba 4.20.0 is also available. +See https://www.samba.org/samba/history/samba-4.20.1.html;>the release notes for more info. + + diff --git a/posted_news/20240508-080633.4.20.1.headline.html b/posted_news/20240508-080633.4.20.1.headline.html new file mode 100644 index 000..143404a --- /dev/null +++ b/posted_news/20240508-080633.4.20.1.headline.html @@ -0,0 +1,3 @@ + + 08 May 2024 Samba 4.20.1 Available for Download + -- Samba Website Repository
[SCM] Samba Shared Repository - branch v4-20-stable updated
The branch, v4-20-stable has been updated via 0ba948cba0b VERSION: Disable GIT_SNAPSHOT for the 4.20.1 release. via d01b50ec4f3 WHATSNEW: Add release notes for Samba 4.20.1. via db658c40f5d s3:utils: Fix Inherit-Only flag being automatically propagated to children via d28a889aed2 python/samba/tests/blackbox: Add tests for Inherit-only flag propagation via 83da49f3489 tests: Add a test for "all_groups=no" to test_idmap_ad.sh via 84f82a09ffd selftest: Add "winbind expand groups = 1" to setup_ad_member_idmap_ad via 83701298384 s3:winbindd: Improve performance of lookup_groupmem() in idmap_ad via 8857cf29979 docs-xml: Add parameter all_groupmem to idmap_ad via 215bb9bd48e Do not fail checksums for RFC8009 types via db60a1947b8 s4:dns_server: less noisy, more informative debug messages via 9155d89a2ae packaging: Provide a systemd service file for samba-bgqd via 077f39baf7c libcli/http: Detect unsupported Transfer-encoding type via 2fb1bf0205f selftest: Add new test for testing non-chunk transfer encoding via 30bf3d1430f selftest: fix potential reference before assigned error via a70e3a36c82 libcli/http: Handle http chunked transfer encoding via 7e17e4809d5 tests: add test for chunked encoding with http cli library via 26206392153 libcli/http: Optimise reading for content-length via 71eac5a065f selftest: Add basic content-lenght http tests via 19250e13ab6 Add simple http_client for use in black box tests (in following commits) via eaefe50327d VERSION: Bump version up to Samba 4.20.1... from 8fdd82c8b9c VERSION: Disable GIT_SNAPSHOT for the 4.20.0 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-stable - Log - --- Summary of changes: VERSION| 2 +- WHATSNEW.txt | 55 +++ auth/kerberos/kerberos_pac.c | 47 ++- docs-xml/manpages/idmap_ad.8.xml | 10 + lib/krb5_wrap/krb5_samba.h | 28 ++ libcli/http/http.c | 309 +++- libcli/http/http_internal.h| 4 + nsswitch/tests/test_idmap_ad.sh| 22 ++ .../{samba.service.in => samba-bgqd.service.in}| 9 +- packaging/wscript_build| 3 +- python/samba/tests/blackbox/http_chunk.py | 129 +++ python/samba/tests/blackbox/http_content.py| 95 + .../blackbox/smbcacls_propagate_inhertance.py | 108 ++ selftest/target/Samba3.pm | 1 + selftest/tests.py | 2 + source3/utils/smbcacls.c | 4 + source3/winbindd/winbindd_ads.c| 11 +- source4/client/http_test.c | 401 + source4/dns_server/dnsserver_common.c | 9 +- source4/wscript_build | 5 + 20 files changed, 1200 insertions(+), 54 deletions(-) copy packaging/systemd/{samba.service.in => samba-bgqd.service.in} (50%) create mode 100644 python/samba/tests/blackbox/http_chunk.py create mode 100644 python/samba/tests/blackbox/http_content.py create mode 100644 source4/client/http_test.c Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 482360b7d68..cfa7539380b 100644 --- a/VERSION +++ b/VERSION @@ -27,7 +27,7 @@ SAMBA_COPYRIGHT_STRING="Copyright Andrew Tridgell and the Samba Team 1992-2024" SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=20 -SAMBA_VERSION_RELEASE=0 +SAMBA_VERSION_RELEASE=1 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 5c97836d36f..8249e9326f9 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,58 @@ + == + Release Notes for Samba 4.20.1 +May 08, 2024 + == + + +This is the latest stable release of the Samba 4.20 release series. + + +Changes since 4.20.0 + + +o Douglas Bagnall + * BUG 15630: dns update debug message is too noisy. + +o Alexander Bokovoy + * BUG 15635: Do not fail PAC validation for RFC8009 checksums types. + +o Pavel Filipenský + * BUG 15605: Improve performance of lookup_groupmem() in idmap_ad. + +o Anna Popova + * BUG 15636: Smbcacls incorrectly propagates inheritance with Inherit-Only + flag. + +o Noel Power + * BUG 15611: http library doesn't support 'chunked transfer encoding'. + +o Andreas Schneider
[SCM] Samba Shared Repository - annotated tag samba-4.20.1 created
The annotated tag, samba-4.20.1 has been created at dc3912d4f21e57549c2062e03c9bf94afb9d8307 (tag) tagging 0ba948cba0b8b0dd4fddbc94999a61b883a3326d (commit) replaces samba-4.20.0 tagged by Jule Anger on Wed May 8 10:05:04 2024 +0200 - Log - samba: tag release samba-4.20.1 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmY7MjAACgkQqplEL7aA tiDa3A//dCJ/HRwM2pK3vHtVoOVZ3FTDHRSDn+/ys4VDkby9nO78rosEmcUJhCfF jX41DgU+j6s/Y47cHAtp2uVQOTws/tY8FbMxj84XbeDlOOCXo8UPcpqhxUGP5piL LPXfENkirfAuS30G+B7tMqit+i/9fOTbKcjLfY1QPo06Cb8wle0twkVmOQzmm4rz Mh2VjIESvVeo8CVNHpS7DANtJfh27/V4gRvusnmyip6HYqRMuzzJoqOPaCYd1/fj /0E6iLFnfTfjEfqQcnLRJV5Z5UKuLgEowJ6PfUnsKIw28bFwKp5qh8Tn6n2z/sT8 kU8qO25ITAIItJy5tnrnIchvkBNxBt2MnO5OWIEbkWUhTIpcxrk69lxk0med+iDG AovAw2hFsBhdsdmcp888HnGr1j9XcfD/55JK+ETgS39Nwbow1InvsFdc51wgUAAf X39VkVLoL7W/WaFINRJS/PWkDYQ8esHXtqT7Zg/6+NNj4b2FKw6Z8yoj5r/Iwo44 TiqX+DUBWv70B0gXuRB65C++fiSJoPoCIOJR2HXV0OXFTL4Vyd0uwugiZznEd4AZ g9ESUmt4DUzsENXHJaL1WaXa2rI8UBy3VMK6VIyLGfmH3YlhJFuvFTj/DkZpQHm1 kxXX3iZZmwPlfq/qste2Ig9RWuQth3Nwoong/1frR2Gjk1FEKp4= =/YuZ -END PGP SIGNATURE- Alexander Bokovoy (1): Do not fail checksums for RFC8009 types Andreas Schneider (1): packaging: Provide a systemd service file for samba-bgqd Anna Popova (1): s3:utils: Fix Inherit-Only flag being automatically propagated to children Douglas Bagnall (1): s4:dns_server: less noisy, more informative debug messages Jule Anger (3): VERSION: Bump version up to Samba 4.20.1... WHATSNEW: Add release notes for Samba 4.20.1. VERSION: Disable GIT_SNAPSHOT for the 4.20.1 release. Noel Power (8): Add simple http_client for use in black box tests (in following commits) selftest: Add basic content-lenght http tests libcli/http: Optimise reading for content-length tests: add test for chunked encoding with http cli library libcli/http: Handle http chunked transfer encoding selftest: fix potential reference before assigned error selftest: Add new test for testing non-chunk transfer encoding libcli/http: Detect unsupported Transfer-encoding type Pavel Filipenský (4): docs-xml: Add parameter all_groupmem to idmap_ad s3:winbindd: Improve performance of lookup_groupmem() in idmap_ad selftest: Add "winbind expand groups = 1" to setup_ad_member_idmap_ad tests: Add a test for "all_groups=no" to test_idmap_ad.sh yuzu367 (1): python/samba/tests/blackbox: Add tests for Inherit-only flag propagation --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via 9b6bc91254c VERSION: Bump version up to Samba 4.20.2... via 0ba948cba0b VERSION: Disable GIT_SNAPSHOT for the 4.20.1 release. via d01b50ec4f3 WHATSNEW: Add release notes for Samba 4.20.1. from db658c40f5d s3:utils: Fix Inherit-Only flag being automatically propagated to children https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit 9b6bc91254c96a248047c01d68a074edea3f0e6a Author: Jule Anger Date: Wed May 8 10:00:33 2024 +0200 VERSION: Bump version up to Samba 4.20.2... and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger commit 0ba948cba0b8b0dd4fddbc94999a61b883a3326d Author: Jule Anger Date: Wed May 8 10:00:17 2024 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.20.1 release. Signed-off-by: Jule Anger commit d01b50ec4f3cc3c91677703677e3b45cd1d94758 Author: Jule Anger Date: Wed May 8 09:59:43 2024 +0200 WHATSNEW: Add release notes for Samba 4.20.1. Signed-off-by: Jule Anger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 55 +++ 2 files changed, 56 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 81c319ddc0c..e279f2933b8 100644 --- a/VERSION +++ b/VERSION @@ -27,7 +27,7 @@ SAMBA_COPYRIGHT_STRING="Copyright Andrew Tridgell and the Samba Team 1992-2024" SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=20 -SAMBA_VERSION_RELEASE=1 +SAMBA_VERSION_RELEASE=2 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 5c97836d36f..8249e9326f9 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,58 @@ + == + Release Notes for Samba 4.20.1 +May 08, 2024 + == + + +This is the latest stable release of the Samba 4.20 release series. + + +Changes since 4.20.0 + + +o Douglas Bagnall + * BUG 15630: dns update debug message is too noisy. + +o Alexander Bokovoy + * BUG 15635: Do not fail PAC validation for RFC8009 checksums types. + +o Pavel Filipenský + * BUG 15605: Improve performance of lookup_groupmem() in idmap_ad. + +o Anna Popova + * BUG 15636: Smbcacls incorrectly propagates inheritance with Inherit-Only + flag. + +o Noel Power + * BUG 15611: http library doesn't support 'chunked transfer encoding'. + +o Andreas Schneider + * BUG 15600: Provide a systemd service file for the background queue daemon. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical:matrix.org matrix room, or +#samba-technical IRC channel on irc.libera.chat. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + == Release Notes for Samba 4.20.0 March 27, 2024 -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-19-test updated
The branch, v4-19-test has been updated via b00c09bee3b s3:utils: Fix Inherit-Only flag being automatically propagated to children via e703c0c3914 python/samba/tests/blackbox: Add tests for Inherit-only flag propagation from 2930a1955bf libcli/http: Detect unsupported Transfer-encoding type https://git.samba.org/?p=samba.git;a=shortlog;h=v4-19-test - Log - commit b00c09bee3bc28e5637fd786122faeb6b200f2c5 Author: Anna Popova Date: Fri Apr 12 17:32:37 2024 +0300 s3:utils: Fix Inherit-Only flag being automatically propagated to children Inherit-only flag applies only to the container it was set to and it shouldn't be automatically propagated to children. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15636 Signed-off-by: Anna Popova Reviewed-by: Noel Power Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Mon Apr 29 10:56:48 UTC 2024 on atb-devel-224 (cherry picked from commit 80159018e411c643fbfe7ef82bd33e30b6147901) Autobuild-User(v4-19-test): Jule Anger Autobuild-Date(v4-19-test): Tue May 7 09:31:32 UTC 2024 on atb-devel-224 commit e703c0c3914d79f5ae4f42b3055e7a2005194927 Author: yuzu367 Date: Thu Apr 11 11:31:07 2024 +0300 python/samba/tests/blackbox: Add tests for Inherit-only flag propagation BUG: https://bugzilla.samba.org/show_bug.cgi?id=15636 Signed-off-by: Anna Popova Reviewed-by: Noel Power Reviewed-by: Ralph Boehme (cherry picked from commit eba2bfde347041a395f0fbd3c57235be63b1890d) --- Summary of changes: .../blackbox/smbcacls_propagate_inhertance.py | 108 + selftest/knownfail.d/smbcacls | 0 source3/utils/smbcacls.c | 4 + 3 files changed, 112 insertions(+) delete mode 100644 selftest/knownfail.d/smbcacls Changeset truncated at 500 lines: diff --git a/python/samba/tests/blackbox/smbcacls_propagate_inhertance.py b/python/samba/tests/blackbox/smbcacls_propagate_inhertance.py index cfe7e0b0b96..2c21c83ccd4 100644 --- a/python/samba/tests/blackbox/smbcacls_propagate_inhertance.py +++ b/python/samba/tests/blackbox/smbcacls_propagate_inhertance.py @@ -1288,3 +1288,111 @@ class InheritanceSmbCaclsTests(SmbCaclsBlockboxTestBase): except BlackboxProcessError as e: self.fail(str(e)) + +def test_simple_iocioi_add(self): +"""test smbcacls '--propagate-inheritance --add' which attempts to add the ACL +for the file and additionally use inheritance rules to propagate appropriate +changes to children + +This test adds an ACL with (IO)(CI)(OI)(READ) + +before: + ++-tar_test_dir/(OI)(CI)(I)(F) + +-oi_dir/(OI)(CI)(I)(F) + | +-file.1(I)(F) + | +-nested/ (OI)(CI)(I)(F) + | +-file.2 (I)(F) + | +-nested_again/ (OI)(CI)(I)(F) + | +-file.3 (I)(F) + +after/expected: + ++-tar_test_dir/(OI)(CI)(I)(F) + +-oi_dir/(OI)(CI)(I)(F), (IO)(CI)(OI)(READ) + | +-file.1(I)(F), (I)(READ) + | +-nested/ (OI)(CI)(I)(F), (I)(CI)(OI)(READ) + | +-file.2 (I)(F), (I)(READ) + | +-nested_again/ (OI)(CI)(I)(F), (I)(CI)(OI)(READ) + | +-file.3 (I)(F), (I)(READ)""" + +dir_add_acl_str = "ACL:%s:ALLOWED/OI|CI|IO/READ" % self.user +obj_inherited_ace_str = "ACL:%s:ALLOWED/I/READ" % self.user +dir_inherited_ace_str = "ACL:%s:ALLOWED/OI|CI|I/READ" % self.user + +try: + +self.smb_cacls(["--propagate-inheritance", "--add", +dir_add_acl_str, self.oi_dir]) + +# check top level container 'oi_dir' has IO|CI|OI/READ +dir_ace = self.ace_parse_str(dir_add_acl_str) +self.assertTrue(self.file_ace_check(self.oi_dir, dir_ace)) + +# file 'oi_dir/file-1' should have inherited I/READ +child_file_ace = self.ace_parse_str(obj_inherited_ace_str) +self.assertTrue(self.file_ace_check(self.f1, child_file_ace)) + +# nested dir 'oi_dir/nested/' should have I|CI|OI/READ +child_dir_ace = self.ace_parse_str(dir_inherited_ace_str) +self.assertTrue(self.file_ace_check(self.nested_dir, child_dir_ace)) + +# nested file 'oi_dir/nested/file-2' should have inherited I/READ +self.assertTrue(self.file_ace_check(self.f2, child_file_ace)) + +# nested_again dir 'oi_dir/nested/nested_again' should have I|CI|OI/READ +child_dir_ace = self.ace_parse_str(dir_inherited
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via db658c40f5d s3:utils: Fix Inherit-Only flag being automatically propagated to children via d28a889aed2 python/samba/tests/blackbox: Add tests for Inherit-only flag propagation from 83da49f3489 tests: Add a test for "all_groups=no" to test_idmap_ad.sh https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit db658c40f5d8aeef9dcc190753b7d14b1fa3f5fb Author: Anna Popova Date: Fri Apr 12 17:32:37 2024 +0300 s3:utils: Fix Inherit-Only flag being automatically propagated to children Inherit-only flag applies only to the container it was set to and it shouldn't be automatically propagated to children. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15636 Signed-off-by: Anna Popova Reviewed-by: Noel Power Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Mon Apr 29 10:56:48 UTC 2024 on atb-devel-224 (cherry picked from commit 80159018e411c643fbfe7ef82bd33e30b6147901) Autobuild-User(v4-20-test): Jule Anger Autobuild-Date(v4-20-test): Tue May 7 08:52:48 UTC 2024 on atb-devel-224 commit d28a889aed25ac98ba4ef34b26190224e5ebe907 Author: yuzu367 Date: Thu Apr 11 11:31:07 2024 +0300 python/samba/tests/blackbox: Add tests for Inherit-only flag propagation BUG: https://bugzilla.samba.org/show_bug.cgi?id=15636 Signed-off-by: Anna Popova Reviewed-by: Noel Power Reviewed-by: Ralph Boehme (cherry picked from commit eba2bfde347041a395f0fbd3c57235be63b1890d) --- Summary of changes: .../blackbox/smbcacls_propagate_inhertance.py | 108 + source3/utils/smbcacls.c | 4 + 2 files changed, 112 insertions(+) Changeset truncated at 500 lines: diff --git a/python/samba/tests/blackbox/smbcacls_propagate_inhertance.py b/python/samba/tests/blackbox/smbcacls_propagate_inhertance.py index cc13727b8fb..5b3a27111d5 100644 --- a/python/samba/tests/blackbox/smbcacls_propagate_inhertance.py +++ b/python/samba/tests/blackbox/smbcacls_propagate_inhertance.py @@ -1288,3 +1288,111 @@ class InheritanceSmbCaclsTests(SmbCaclsBlockboxTestBase): except BlackboxProcessError as e: self.fail(str(e)) + +def test_simple_iocioi_add(self): +"""test smbcacls '--propagate-inheritance --add' which attempts to add the ACL +for the file and additionally use inheritance rules to propagate appropriate +changes to children + +This test adds an ACL with (IO)(CI)(OI)(READ) + +before: + ++-tar_test_dir/(OI)(CI)(I)(F) + +-oi_dir/(OI)(CI)(I)(F) + | +-file.1(I)(F) + | +-nested/ (OI)(CI)(I)(F) + | +-file.2 (I)(F) + | +-nested_again/ (OI)(CI)(I)(F) + | +-file.3 (I)(F) + +after/expected: + ++-tar_test_dir/(OI)(CI)(I)(F) + +-oi_dir/(OI)(CI)(I)(F), (IO)(CI)(OI)(READ) + | +-file.1(I)(F), (I)(READ) + | +-nested/ (OI)(CI)(I)(F), (I)(CI)(OI)(READ) + | +-file.2 (I)(F), (I)(READ) + | +-nested_again/ (OI)(CI)(I)(F), (I)(CI)(OI)(READ) + | +-file.3 (I)(F), (I)(READ)""" + +dir_add_acl_str = "ACL:%s:ALLOWED/OI|CI|IO/READ" % self.user +obj_inherited_ace_str = "ACL:%s:ALLOWED/I/READ" % self.user +dir_inherited_ace_str = "ACL:%s:ALLOWED/OI|CI|I/READ" % self.user + +try: + +self.smb_cacls(["--propagate-inheritance", "--add", +dir_add_acl_str, self.oi_dir]) + +# check top level container 'oi_dir' has IO|CI|OI/READ +dir_ace = self.ace_parse_str(dir_add_acl_str) +self.assertTrue(self.file_ace_check(self.oi_dir, dir_ace)) + +# file 'oi_dir/file-1' should have inherited I/READ +child_file_ace = self.ace_parse_str(obj_inherited_ace_str) +self.assertTrue(self.file_ace_check(self.f1, child_file_ace)) + +# nested dir 'oi_dir/nested/' should have I|CI|OI/READ +child_dir_ace = self.ace_parse_str(dir_inherited_ace_str) +self.assertTrue(self.file_ace_check(self.nested_dir, child_dir_ace)) + +# nested file 'oi_dir/nested/file-2' should have inherited I/READ +self.assertTrue(self.file_ace_check(self.f2, child_file_ace)) + +# nested_again dir 'oi_dir/nested/nested_again' should have I|CI|OI/READ +child_dir_ace = self.ace_parse_str(dir_inherited_ace_str) +self.assertTrue(self.file_ace_check(self.nested_again_dir, child_di
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via 83da49f3489 tests: Add a test for "all_groups=no" to test_idmap_ad.sh via 84f82a09ffd selftest: Add "winbind expand groups = 1" to setup_ad_member_idmap_ad via 83701298384 s3:winbindd: Improve performance of lookup_groupmem() in idmap_ad via 8857cf29979 docs-xml: Add parameter all_groupmem to idmap_ad from 215bb9bd48e Do not fail checksums for RFC8009 types https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit 83da49f348921a21a22ff93ffecbd638ff004541 Author: Pavel Filipenský Date: Thu Mar 14 15:24:21 2024 +0100 tests: Add a test for "all_groups=no" to test_idmap_ad.sh BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605 Signed-off-by: Pavel Filipenský Reviewed-by: Andreas Schneider Autobuild-User(master): Pavel Filipensky Autobuild-Date(master): Tue Apr 2 13:25:39 UTC 2024 on atb-devel-224 (cherry picked from commit f8b72aa1f72881989990fabc9f4888968bb81967) Autobuild-User(v4-20-test): Jule Anger Autobuild-Date(v4-20-test): Wed Apr 17 14:38:42 UTC 2024 on atb-devel-224 commit 84f82a09ffd1336bf79cffbe4caa3045aedbd16e Author: Pavel Filipenský Date: Mon Mar 25 22:38:18 2024 +0100 selftest: Add "winbind expand groups = 1" to setup_ad_member_idmap_ad BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605 Signed-off-by: Pavel Filipenský Reviewed-by: Andreas Schneider (cherry picked from commit 2dab3a331b5511b4f2253f2b3b4513db7e52ea9a) commit 837012983840d10488404fac2ebad07dd75a6f1c Author: Pavel Filipenský Date: Tue Mar 12 13:20:24 2024 +0100 s3:winbindd: Improve performance of lookup_groupmem() in idmap_ad The LDAP query of lookup_groupmem() returns all group members from AD even those with missing uidNumber. Such group members are useless in UNIX environment for idmap_ad backend since there is no uid mapping. 'test_user' is member of group "Domanin Users" with 200K members, only 20K members have set uidNumber. Without this fix: $ time id test_user real1m5.946s user0m0.019s sys 0m0.012s With this fix: $ time id test_user real0m3.544s user0m0.004s sys 0m0.007s BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605 Signed-off-by: Pavel Filipenský Reviewed-by: Andreas Schneider (cherry picked from commit 5d475d26a3d545f04791a04e85a06b8b192e3fcf) commit 8857cf299792f50e5917319a38d450c068fa07f4 Author: Pavel Filipenský Date: Wed Mar 13 13:55:41 2024 +0100 docs-xml: Add parameter all_groupmem to idmap_ad BUG: https://bugzilla.samba.org/show_bug.cgi?id=15605 Signed-off-by: Pavel Filipenský Reviewed-by: Andreas Schneider (cherry picked from commit a485d9de2f2d6a9815dcac6addb988a8987e111c) --- Summary of changes: docs-xml/manpages/idmap_ad.8.xml | 10 ++ nsswitch/tests/test_idmap_ad.sh | 22 ++ selftest/target/Samba3.pm| 1 + source3/winbindd/winbindd_ads.c | 11 +++ 4 files changed, 40 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages/idmap_ad.8.xml b/docs-xml/manpages/idmap_ad.8.xml index 32df8d066c2..c7fcc65d763 100644 --- a/docs-xml/manpages/idmap_ad.8.xml +++ b/docs-xml/manpages/idmap_ad.8.xml @@ -105,6 +105,16 @@ + all_groupmem = yes/no + + If set to yes winbind will retrieve all + group members for getgrnam(3), getgrgid(3) and getgrent(3) calls, + including those with missing uidNumber. + + Default: no + + + deny ous This parameter is a list of OUs from which objects will not be mapped via the ad idmap diff --git a/nsswitch/tests/test_idmap_ad.sh b/nsswitch/tests/test_idmap_ad.sh index 7ae112ada71..1d4bd395ba9 100755 --- a/nsswitch/tests/test_idmap_ad.sh +++ b/nsswitch/tests/test_idmap_ad.sh @@ -94,6 +94,14 @@ gidNumber: 201 unixHomeDirectory: /home/forbidden loginShell: /bin/tcsh gecos: User in forbidden OU + +dn: CN=no_posix_id,CN=Users,$BASE_DN +changetype: add +objectClass: user +samaccountName: no_posix_id +unixHomeDirectory: /home/no_posix_id +loginShell: /bin/sh +gecos: User without uidNumber and gidNumber EOF # @@ -171,6 +179,17 @@ then failed=$(($failed + 1)) fi +# +# Test 6: Make sure that with the default "all_groups=no" +# the group "domain users" will not show user "no_posix_id" +# but will show "SAMBA2008R2/admi
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via 215bb9bd48e Do not fail checksums for RFC8009 types via db60a1947b8 s4:dns_server: less noisy, more informative debug messages via 9155d89a2ae packaging: Provide a systemd service file for samba-bgqd from 077f39baf7c libcli/http: Detect unsupported Transfer-encoding type https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit 215bb9bd48e9aae04ff39633f6dd9255a989bf98 Author: Alexander Bokovoy Date: Thu Jun 22 09:56:12 2023 +0300 Do not fail checksums for RFC8009 types While Active Directory does not support yet RFC 8009 encryption and checksum types, it is possible to verify these checksums when running with both MIT Kerberos and Heimdal Kerberos. This matters for FreeIPA domain controller which uses them by default. [2023/06/16 21:51:04.923873, 10, pid=51149, effective(0, 0), real(0, 0)] ../../lib/krb5_wrap/krb5_samba.c:1496(smb_krb5_kt_open_relative) smb_krb5_open_keytab: resolving: FILE:/etc/samba/samba.keytab [2023/06/16 21:51:04.924196, 2, pid=51149, effective(0, 0), real(0, 0), class=auth] ../../auth/kerberos/kerberos_pac.c:66(check_pac_checksum) check_pac_checksum: Checksum Type 20 is not supported [2023/06/16 21:51:04.924228, 5, pid=51149, effective(0, 0), real(0, 0), class=auth] ../../auth/kerberos/kerberos_pac.c:353(kerberos_decode_pac) PAC Decode: Failed to verify the service signature: Invalid argument BUG: https://bugzilla.samba.org/show_bug.cgi?id=15635 Signed-off-by: Alexander Bokovoy Reviewed-by: Andreas Schneider Reviewed-by: Andrew Bartlett (cherry picked from commit 8e931fce126e8c1128da893c806702731c08758a) Autobuild-User(v4-20-test): Jule Anger Autobuild-Date(v4-20-test): Tue Apr 16 12:24:55 UTC 2024 on atb-devel-224 commit db60a1947b88a8ddb289f63ac22a6d7b1500f0df Author: Douglas Bagnall Date: Thu Apr 11 11:52:14 2024 +1200 s4:dns_server: less noisy, more informative debug messages This shouldn't have been DBG_ERR, and it might as well say something about the tombstone. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15630 Signed-off-by: Douglas Bagnall Reviewed-by: Andreas Schneider Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Fri Apr 12 15:18:05 UTC 2024 on atb-devel-224 (cherry picked from commit dde973d170e479632d1a411279f4f0fad6608539) commit 9155d89a2ae04f45d809c46129687c6f5a510a0d Author: Andreas Schneider Date: Mon Mar 4 10:58:23 2024 +0100 packaging: Provide a systemd service file for samba-bgqd There might be scenarios where the background queue daemon should be running all the time instead of being started on demand. This makes especially sense for bigger printing servers with a lot of printers. It takes ~1 sec to get a printer from cups, so a print server with 100 printers needs 100 seconds to update the printer_list.tdb. The service will be killed because of idle in the meantime. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15600 Signed-off-by: Andreas Schneider Reviewed-by: Guenther Deschner (cherry picked from commit c97071726e163b40f0e391af70e81b3e6c1ab0eb) --- Summary of changes: auth/kerberos/kerberos_pac.c | 47 +- lib/krb5_wrap/krb5_samba.h | 28 + .../{samba.service.in => samba-bgqd.service.in}| 9 ++--- packaging/wscript_build| 3 +- source4/dns_server/dnsserver_common.c | 9 +++-- 5 files changed, 67 insertions(+), 29 deletions(-) copy packaging/systemd/{samba.service.in => samba-bgqd.service.in} (50%) Changeset truncated at 500 lines: diff --git a/auth/kerberos/kerberos_pac.c b/auth/kerberos/kerberos_pac.c index ae4557bbd6f..b6272ac15eb 100644 --- a/auth/kerberos/kerberos_pac.c +++ b/auth/kerberos/kerberos_pac.c @@ -33,6 +33,7 @@ #include "librpc/gen_ndr/auth.h" #include "auth/common_auth.h" #include "auth/kerberos/pac_utils.h" +#include "lib/krb5_wrap/krb5_samba.h" krb5_error_code check_pac_checksum(DATA_BLOB pac_data, struct PAC_SIGNATURE_DATA *sig, @@ -44,26 +45,34 @@ krb5_error_code check_pac_checksum(DATA_BLOB pac_data, krb5_keyusage usage = 0; krb5_boolean checksum_valid = false; krb5_data input; - - switch (sig->type) { - case CKSUMTYPE_HMAC_MD5: - /* ignores the key type */ - break; - case CKSUMTYPE_HMAC_SHA1_96_AES_256: - if (KRB5_KEY_TYPE(keyblock) != ENCTYPE_AES256_CTS_HMAC_SHA1_96) { - return EINVAL; -
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via 077f39baf7c libcli/http: Detect unsupported Transfer-encoding type via 2fb1bf0205f selftest: Add new test for testing non-chunk transfer encoding via 30bf3d1430f selftest: fix potential reference before assigned error via a70e3a36c82 libcli/http: Handle http chunked transfer encoding via 7e17e4809d5 tests: add test for chunked encoding with http cli library via 26206392153 libcli/http: Optimise reading for content-length via 71eac5a065f selftest: Add basic content-lenght http tests via 19250e13ab6 Add simple http_client for use in black box tests (in following commits) from eaefe50327d VERSION: Bump version up to Samba 4.20.1... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit 077f39baf7cc7f4e4ee8709d48b1cb23b8736c1c Author: Noel Power Date: Thu Mar 28 10:48:58 2024 + libcli/http: Detect unsupported Transfer-encoding type Also removes knownfail for test that now passes BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611 Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett (cherry picked from commit a18c53a9b98e2e8dea08cf0ef08efc59e58ec137) Autobuild-User(v4-20-test): Jule Anger Autobuild-Date(v4-20-test): Thu Apr 11 12:24:08 UTC 2024 on atb-devel-224 commit 2fb1bf0205f9b5f72d8e1f51e55cf86997639a46 Author: Noel Power Date: Thu Mar 28 09:16:33 2024 + selftest: Add new test for testing non-chunk transfer encoding And add a known fail because there is a bug :-( BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611 Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett (cherry picked from commit 93709d31590d4ca25fbac813b9e499755b81ddb5) commit 30bf3d1430f96a42c7b90ef215daa33b427da8b9 Author: Noel Power Date: Thu Mar 28 09:09:02 2024 + selftest: fix potential reference before assigned error This would only happen if the test failed (but the message would be incorrect as 'e' the exception to be stringified doesn't exist. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611 Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett (cherry picked from commit efdbf0511e0a89f865210170001fbebf17a45278) commit a70e3a36c8244a324f5e8fa7b138dae5684055e0 Author: Noel Power Date: Mon Mar 25 19:44:10 2024 + libcli/http: Handle http chunked transfer encoding Also removes the knownfail for the chunked transfer test Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611 (cherry picked from commit 03240c91fb6ffcf5afe47c14a1ba7a8bc12f2348) commit 7e17e4809d593e1ce2d51583a351b38300a20e2a Author: Noel Power Date: Thu Sep 23 12:18:22 2021 +0100 tests: add test for chunked encoding with http cli library Adds http test client to excercise the http client library and a blackbox test to run the client. This client is built only with selftest also adds a knownfail for the test Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611 (cherry picked from commit 30acd609f560352d3edb0c931b9a864110025b2c) commit 26206392153248fb2be1ec95a2e3ac14f9356125 Author: Noel Power Date: Fri Mar 22 08:55:49 2024 + libcli/http: Optimise reading for content-length Instead of reading byte-by-byte we know the content length we want to read so lets use it. Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611 (cherry picked from commit 5f03d84e3b52bf5a31a0f885cb83bdcb48ec96f7) commit 71eac5a065fac4023601b067b850d209a7dec149 Author: Noel Power Date: Mon Mar 25 16:25:55 2024 + selftest: Add basic content-lenght http tests very simple test of basic http request/response plus some checks to ensure http response doesn't exceed the response max length set by the client call. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611 Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett (cherry picked from commit 74cdebeae3d1bc35eea96b51b9491f6c52844b10) commit 19250e13ab6c654405baf7c7d9c18f514ceade0f Author: Noel Power Date: Mon Mar 25 19:21:54 2024 + Add simple http_client for use in black box tests (in following commits) BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611 Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett (cherry picked from commit cd6c075476c820b4fe8bdc10a24d8fc8ac74e9c9) --- Summary of changes: libcli/http/http.c | 309 +++-- libcli/http/http_internal.h | 4
[SCM] Samba Shared Repository - branch v4-19-test updated
The branch, v4-19-test has been updated via 2930a1955bf libcli/http: Detect unsupported Transfer-encoding type via 65bb329e166 selftest: Add new test for testing non-chunk transfer encoding via a269412c71e selftest: fix potential reference before assigned error via cbd4a6633c6 libcli/http: Handle http chunked transfer encoding via 57757be4dfd tests: add test for chunked encoding with http cli library via a05d96e4b96 libcli/http: Optimise reading for content-length via c27ad381b39 selftest: Add basic content-lenght http tests via 6636ec3bb2a Add simple http_client for use in black box tests (in following commits) from 4b7785226ad VERSION: Bump version up to Samba 4.19.7... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-19-test - Log - commit 2930a1955bfac736754783ef54a0c1083d8ea161 Author: Noel Power Date: Thu Mar 28 10:48:58 2024 + libcli/http: Detect unsupported Transfer-encoding type Also removes knownfail for test that now passes BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611 Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett (cherry picked from commit a18c53a9b98e2e8dea08cf0ef08efc59e58ec137) Autobuild-User(v4-19-test): Jule Anger Autobuild-Date(v4-19-test): Thu Apr 11 10:50:52 UTC 2024 on atb-devel-224 commit 65bb329e1668499e1d58b2fca69908990293dd16 Author: Noel Power Date: Thu Mar 28 09:16:33 2024 + selftest: Add new test for testing non-chunk transfer encoding And add a known fail because there is a bug :-( BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611 Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett (cherry picked from commit 93709d31590d4ca25fbac813b9e499755b81ddb5) commit a269412c71ee05019b3ab8a38bcea727963ae22b Author: Noel Power Date: Thu Mar 28 09:09:02 2024 + selftest: fix potential reference before assigned error This would only happen if the test failed (but the message would be incorrect as 'e' the exception to be stringified doesn't exist. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611 Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett (cherry picked from commit efdbf0511e0a89f865210170001fbebf17a45278) commit cbd4a6633c6e88bb2e5d6b5162016c7f9fb94332 Author: Noel Power Date: Mon Mar 25 19:44:10 2024 + libcli/http: Handle http chunked transfer encoding Also removes the knownfail for the chunked transfer test Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611 (cherry picked from commit 03240c91fb6ffcf5afe47c14a1ba7a8bc12f2348) commit 57757be4dfd50d640c20ef91f3e4f425f72067d4 Author: Noel Power Date: Thu Sep 23 12:18:22 2021 +0100 tests: add test for chunked encoding with http cli library Adds http test client to excercise the http client library and a blackbox test to run the client. This client is built only with selftest also adds a knownfail for the test Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611 (cherry picked from commit 30acd609f560352d3edb0c931b9a864110025b2c) commit a05d96e4b967e26c92b1f175a1e9d11b54b339c7 Author: Noel Power Date: Fri Mar 22 08:55:49 2024 + libcli/http: Optimise reading for content-length Instead of reading byte-by-byte we know the content length we want to read so lets use it. Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611 (cherry picked from commit 5f03d84e3b52bf5a31a0f885cb83bdcb48ec96f7) commit c27ad381b393a437fd241405f7156997d343650c Author: Noel Power Date: Mon Mar 25 16:25:55 2024 + selftest: Add basic content-lenght http tests very simple test of basic http request/response plus some checks to ensure http response doesn't exceed the response max length set by the client call. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611 Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett (cherry picked from commit 74cdebeae3d1bc35eea96b51b9491f6c52844b10) commit 6636ec3bb2aa6e7b2fb86787f814a934d545adfb Author: Noel Power Date: Mon Mar 25 19:21:54 2024 + Add simple http_client for use in black box tests (in following commits) BUG: https://bugzilla.samba.org/show_bug.cgi?id=15611 Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett (cherry picked from commit cd6c075476c820b4fe8bdc10a24d8fc8ac74e9c9) --- Summary of changes: libcli/http/http.c | 309 +++-- libcli/http/http_internal.h | 4
[SCM] Samba Shared Repository - branch v4-19-stable updated
The branch, v4-19-stable has been updated via b400092dd0a VERSION: Disable GIT_SNAPSHOT for the 4.19.6 release. via 8333c396015 WHATSNEW: Add release notes for Samba 4.19.6. via 0ac741b5705 s3/smbd: If we fail to close file_handle ensure we should reset the fd via 3634df5d59e smbd: simplify handling of failing fstat() after unlinking file via a58338ec926 libgpo: Do not segfault if we don't have a valid security descriptor via 51a3797f57e libgpo: Fix trailing spaces in pygpo.c via 8ea3973ad40 python:gp: Implement client site lookup in site_dn_for_machine() via 111e85a589c librpc:idl: Make netlogon_samlogon_response public via eebe6d8c890 ctdb-protocol: Add missing push support for new controls via 19e7ea8ffa8 VERSION: Bump version up to Samba 4.19.6... from 7bef2f7f1c8 VERSION: Disable GIT_SNAPSHOT for the 4.19.5 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-19-stable - Log - --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 59 -- ctdb/protocol/protocol_control.c | 8 + ctdb/tests/src/protocol_common_ctdb.c | 33 + ctdb/tests/src/protocol_ctdb_test.c | 2 +- libgpo/pygpo.c| 7 +++- librpc/idl/nbt.idl| 2 +- librpc/ndr/ndr_nbt.c | 2 +- librpc/ndr/ndr_nbt.h | 2 +- python/samba/gp/gpclass.py| 68 +++ source3/smbd/close.c | 1 + source3/smbd/open.c | 27 +- 12 files changed, 163 insertions(+), 50 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 9151d8de1ce..066af506941 100644 --- a/VERSION +++ b/VERSION @@ -27,7 +27,7 @@ SAMBA_COPYRIGHT_STRING="Copyright Andrew Tridgell and the Samba Team 1992-2023" SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=19 -SAMBA_VERSION_RELEASE=5 +SAMBA_VERSION_RELEASE=6 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 79abe2da103..be2edfb6ac4 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,59 @@ + == + Release Notes for Samba 4.19.6 + April 08, 2024 + == + + +This is the latest stable release of the Samba 4.19 release series. + + +Changes since 4.19.5 + + +o Ralph Boehme + * BUG 15527: fd_handle_destructor() panics within an smbd_smb2_close() if + vfs_stat_fsp() fails in fd_close(). + +o Guenther Deschner + * BUG 15588: samba-gpupdate: Correctly implement site support. + +o Noel Power + * BUG 15527: fd_handle_destructor() panics within an smbd_smb2_close() if + vfs_stat_fsp() fails in fd_close(). + +o Andreas Schneider + * BUG 15588: samba-gpupdate: Correctly implement site support. + * BUG 15599: libgpo: Segfault in python bindings. + +o Martin Schwenke + * BUG 15580: Packet marshalling push support missing for + CTDB_CONTROL_TCP_CLIENT_DISCONNECTED and + CTDB_CONTROL_TCP_CLIENT_PASSED. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical:matrix.org matrix room, or +#samba-technical IRC channel on irc.libera.chat. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + == Release Notes for Samba 4.19.5 February 19, 2024 @@ -59,8 +115,7 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- == Release Notes for Samba 4.19.4
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 4728e21 NEWS[4.19.6]: Samba 4.19.6 Available for Download from f8e7137 NEWS[4.20.0]: Samba 4.20.0 Available for Download https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 4728e210013ff2ce9b41a06dacb0e08c7dd08bd3 Author: Jule Anger Date: Mon Apr 8 09:31:53 2024 +0200 NEWS[4.19.6]: Samba 4.19.6 Available for Download Signed-off-by: Jule Anger --- Summary of changes: history/header_history.html | 1 + history/samba-4.19.6.html| 55 posted_news/20240408-073243.4.19.6.body.html | 13 ++ posted_news/20240408-073243.4.19.6.headline.html | 3 ++ 4 files changed, 72 insertions(+) create mode 100644 history/samba-4.19.6.html create mode 100644 posted_news/20240408-073243.4.19.6.body.html create mode 100644 posted_news/20240408-073243.4.19.6.headline.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index eb8f7b6..8f60ff2 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -10,6 +10,7 @@ samba-4.20.0 + samba-4.19.6. samba-4.19.5. samba-4.19.4. samba-4.19.3. diff --git a/history/samba-4.19.6.html b/history/samba-4.19.6.html new file mode 100644 index 000..af5d5eb --- /dev/null +++ b/history/samba-4.19.6.html @@ -0,0 +1,55 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.19.6 - Release Notes + + +Samba 4.19.6 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.19.6.tar.gz;>Samba 4.19.6 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.19.6.tar.asc;>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.19.5-4.19.6.diffs.gz;>Patch (gzipped) against Samba 4.19.5 +https://download.samba.org/pub/samba/patches/samba-4.19.5-4.19.6.diffs.asc;>Signature + + + + == + Release Notes for Samba 4.19.6 + April 08, 2024 + == + + +This is the latest stable release of the Samba 4.19 release series. + + +Changes since 4.19.5 + + +o Ralph Boehme s...@samba.org + * BUG 15527: fd_handle_destructor() panics within an smbd_smb2_close() if + vfs_stat_fsp() fails in fd_close(). + +o Guenther Deschner g...@samba.org + * BUG 15588: samba-gpupdate: Correctly implement site support. + +o Noel Power noel.po...@suse.com + * BUG 15527: fd_handle_destructor() panics within an smbd_smb2_close() if + vfs_stat_fsp() fails in fd_close(). + +o Andreas Schneider a...@samba.org + * BUG 15588: samba-gpupdate: Correctly implement site support. + * BUG 15599: libgpo: Segfault in python bindings. + +o Martin Schwenke mschwe...@ddn.com + * BUG 15580: Packet marshalling push support missing for + CTDB_CONTROL_TCP_CLIENT_DISCONNECTED and + CTDB_CONTROL_TCP_CLIENT_PASSED. + + + + + + diff --git a/posted_news/20240408-073243.4.19.6.body.html b/posted_news/20240408-073243.4.19.6.body.html new file mode 100644 index 000..ece27a0 --- /dev/null +++ b/posted_news/20240408-073243.4.19.6.body.html @@ -0,0 +1,13 @@ + +08 April 2024 +Samba 4.19.6 Available for Download + +This is the latest stable release of the Samba 4.19 release series. + + +The uncompressed tarball has been signed using GnuPG (ID AA99442FB680B620). +The source code can be https://download.samba.org/pub/samba/stable/samba-4.19.6.tar.gz;>downloaded now. +A https://download.samba.org/pub/samba/patches/samba-4.19.5-4.19.6.diffs.gz;>patch against Samba 4.19.5 is also available. +See https://www.samba.org/samba/history/samba-4.19.6.html;>the release notes for more info. + + diff --git a/posted_news/20240408-073243.4.19.6.headline.html b/posted_news/20240408-073243.4.19.6.headline.html new file mode 100644 index 000..dde472d --- /dev/null +++ b/posted_news/20240408-073243.4.19.6.headline.html @@ -0,0 +1,3 @@ + + 08 April 2024 Samba 4.19.6 Available for Download + -- Samba Website Repository
[SCM] Samba Shared Repository - annotated tag samba-4.19.6 created
The annotated tag, samba-4.19.6 has been created at 4826796513729aad06646b9ab838910737d52d09 (tag) tagging b400092dd0a5248544f6e05fc4f85bcc0efb6a3c (commit) replaces samba-4.19.5 tagged by Jule Anger on Mon Apr 8 09:30:50 2024 +0200 - Log - samba: tag release samba-4.19.6 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmYTnSoACgkQqplEL7aA tiAumg/9FioMDXlmSrJx2YOxD0FBQHERghr5REFLKiCK0g+b9Cq6tg9rZXC6YkWI Ihm8+0LsGiKq4ZAMauI4v1ud1gWgPwQfdQppTwI+4HFTCoK2b6hkJhKUtPs0JNt2 QdjU7TyXz3edzliYWuQrAu2MZRZX9IIb4K9WzTlf5rT+bfBwnTsvBAU+tpKqJTmj 1wdZ2q0jq4rNbOuR/t5NJZsMes2CIEyvHTBzVY1cf/VOosjsfhdUQkDtZWsr12W7 KoMb7ziLQimniLUSIMWMTVGd9mjBFD0xB9uC7/8HbuDiGMfQk2bDHULn6JSGc1g4 nMXDkzOJ1DIMlSpNvWzXLtA8961Dsaf++x66wR/1c3aJM+0m11sMt5ZA8Aff189L NMIIEahMp1BxAPFFj0CTNcTyXQArLQxnZP2VnpvbBBn3v8A+tIv+zvBe8T1jDfKz 0aSqNmHwbwoFpqH7siAEKS5DlFpsKAnLfpsVR7bOO4U+JOJJw+1Vvrk1aW77eSQL jCXpyD0AZcOhWuoSv7/q94tVzamrvi8Se+4+JEybeULwk/DPqMT6jcBamXNx1PyX OoF4Ic79QsM6A14skvfhLoSmYAS4iBkWjFEWobwb8SFHXZk61dMgSMkB+nF5nQA3 zQDSatoULkn3TWXKFYTN3BjYFfpv9DP54PWNhFzhprEddGMfuII= =KcC5 -END PGP SIGNATURE- Andreas Schneider (4): librpc:idl: Make netlogon_samlogon_response public python:gp: Implement client site lookup in site_dn_for_machine() libgpo: Fix trailing spaces in pygpo.c libgpo: Do not segfault if we don't have a valid security descriptor Jule Anger (3): VERSION: Bump version up to Samba 4.19.6... WHATSNEW: Add release notes for Samba 4.19.6. VERSION: Disable GIT_SNAPSHOT for the 4.19.6 release. Martin Schwenke (1): ctdb-protocol: Add missing push support for new controls Noel Power (1): s3/smbd: If we fail to close file_handle ensure we should reset the fd Ralph Boehme (1): smbd: simplify handling of failing fstat() after unlinking file --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-19-test updated
The branch, v4-19-test has been updated via 4b7785226ad VERSION: Bump version up to Samba 4.19.7... via b400092dd0a VERSION: Disable GIT_SNAPSHOT for the 4.19.6 release. via 8333c396015 WHATSNEW: Add release notes for Samba 4.19.6. from 0ac741b5705 s3/smbd: If we fail to close file_handle ensure we should reset the fd https://git.samba.org/?p=samba.git;a=shortlog;h=v4-19-test - Log - commit 4b7785226ad4ffe77f308188c4b1a229d9bba4a3 Author: Jule Anger Date: Mon Apr 8 09:25:07 2024 +0200 VERSION: Bump version up to Samba 4.19.7... and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger commit b400092dd0a5248544f6e05fc4f85bcc0efb6a3c Author: Jule Anger Date: Mon Apr 8 09:24:50 2024 +0200 VERSION: Disable GIT_SNAPSHOT for the 4.19.6 release. Signed-off-by: Jule Anger commit 8333c3960154fc582213b90dbf32b956cea08245 Author: Jule Anger Date: Mon Apr 8 09:20:40 2024 +0200 WHATSNEW: Add release notes for Samba 4.19.6. Signed-off-by: Jule Anger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 59 +-- 2 files changed, 58 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index aeede60164d..939e114840c 100644 --- a/VERSION +++ b/VERSION @@ -27,7 +27,7 @@ SAMBA_COPYRIGHT_STRING="Copyright Andrew Tridgell and the Samba Team 1992-2023" SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=19 -SAMBA_VERSION_RELEASE=6 +SAMBA_VERSION_RELEASE=7 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 79abe2da103..be2edfb6ac4 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,59 @@ + == + Release Notes for Samba 4.19.6 + April 08, 2024 + == + + +This is the latest stable release of the Samba 4.19 release series. + + +Changes since 4.19.5 + + +o Ralph Boehme + * BUG 15527: fd_handle_destructor() panics within an smbd_smb2_close() if + vfs_stat_fsp() fails in fd_close(). + +o Guenther Deschner + * BUG 15588: samba-gpupdate: Correctly implement site support. + +o Noel Power + * BUG 15527: fd_handle_destructor() panics within an smbd_smb2_close() if + vfs_stat_fsp() fails in fd_close(). + +o Andreas Schneider + * BUG 15588: samba-gpupdate: Correctly implement site support. + * BUG 15599: libgpo: Segfault in python bindings. + +o Martin Schwenke + * BUG 15580: Packet marshalling push support missing for + CTDB_CONTROL_TCP_CLIENT_DISCONNECTED and + CTDB_CONTROL_TCP_CLIENT_PASSED. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical:matrix.org matrix room, or +#samba-technical IRC channel on irc.libera.chat. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + == Release Notes for Samba 4.19.5 February 19, 2024 @@ -59,8 +115,7 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- == Release Notes for Samba 4.19.4 January 08, 2024 -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-20-stable updated
The branch, v4-20-stable has been updated via 8fdd82c8b9c VERSION: Disable GIT_SNAPSHOT for the 4.20.0 release. via 797464b7624 WHATSNEW: Add release notes for Samba 4.20.0. via 5cedf3b5eb0 Revert "token_util.c: prefer capabilities over become_root" via f7491b29941 Revert "dosmode.c: prefer use of capabilities at two places over become_root" via 6ca9461a1db Revert "nfs4_acls.c: prefer capabilities over become_root" via 52b1d9d7cb8 Revert "vfs_acl_common.c: prefer capabilities over become_root" via 6e0986b2c30 Revert "vfs_default.c: prefer capabilities over become_root" via f6d549de47c Revert "vfs_posix_eadb.c: prefer capabilities over become_root" via d0c295e5344 Revert "vfs_recycle.c: prefer capabilities over become_root" via 4f38859f5d8 Revert "open.c: prefer capabilities over become_root" via dc161626303 Revert "posix_acls.c: prefer capabilities over become_root" via bb68b730290 Revert "dosmode: prefer capabilities over become_root" via aee05f11670 s3/smbd: If we fail to close file_handle ensure we should reset the fd via 72f70868257 smbd: simplify handling of failing fstat() after unlinking file via 3be368ff2bc ndr: always attempt ACE coda pull if ACE type suggests a coda via 1273cb7e10b tests/krb5: Add tests for AllowedToAuthenticateTo with an AS-REQ via 28fc1850e5c libcli/security: check again for NULL values via ce78896e262 libcli/security: claims_conversions: check for NULL in claims array via 99b6feac932 WHATSNEW: announce Service Witness Protocol [MS-SWN] and related options via 69b69bb2085 libgpo: Do not segfault if we don't have a valid security descriptor via 72bd247c97d libgpo: Fix trailing spaces in pygpo.c via 4d1536f86b9 VERSION: Bump version up to Samba 4.20.0rc5... from 964c0e97e7a VERSION: Disable GIT_SNAPSHOT for the 4.20.0rc4 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-stable - Log - --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 112 +++- libcli/security/claims-conversions.c | 13 + libgpo/pygpo.c| 7 +- librpc/ndr/ndr_sec_helper.c | 5 +- python/samba/tests/krb5/authn_policy_tests.py | 372 ++ selftest/knownfail_mit_kdc| 8 + source3/auth/token_util.c | 4 +- source3/modules/nfs4_acls.c | 4 +- source3/modules/vfs_acl_common.c | 8 +- source3/modules/vfs_default.c | 4 +- source3/modules/vfs_posix_eadb.c | 4 +- source3/modules/vfs_recycle.c | 4 +- source3/smbd/close.c | 1 + source3/smbd/dosmode.c| 16 +- source3/smbd/open.c | 39 +-- source3/smbd/posix_acls.c | 40 +-- 17 files changed, 559 insertions(+), 84 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index fcee8581107..482360b7d68 100644 --- a/VERSION +++ b/VERSION @@ -89,7 +89,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=4 +SAMBA_VERSION_RC_RELEASE= # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index dd80f116a10..5c97836d36f 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,16 +1,11 @@ -Release Announcements -= + == + Release Notes for Samba 4.20.0 + March 27, 2024 + == -This is the fourth release candidate of Samba 4.20. This is *not* -intended for production environments and is designed for testing -purposes only. Please report any defects via the Samba bug reporting -system at https://bugzilla.samba.org/. -Samba 4.20 will be the next version of the Samba suite. - - -UPGRADING -= +This is the first stable release of the Samba 4.20 release series. +Please read the release notes carefully before upgrading. NEW FEATURES/CHANGES @@ -191,6 +186,68 @@ The Security Descriptor Definition Language has extensions for conditional ACEs and resource attribute ACEs; these are now supported by Samba. +Service Witness Protocol [MS-SWN] +- + +In a ctdb cluster it is now possible to provide +the SMB witness service that allows clients to +monitor their current
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via f8e7137 NEWS[4.20.0]: Samba 4.20.0 Available for Download from 1fac108 NEWS[4.18.11]: Samba 4.18.11 Available for Download https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit f8e71377ac590ab45b564672c6e0290a2b92b769 Author: Jule Anger Date: Wed Mar 27 18:10:23 2024 +0100 NEWS[4.20.0]: Samba 4.20.0 Available for Download Signed-off-by: Jule Anger --- Summary of changes: history/header_history.html | 1 + history/samba-4.20.0.html| 369 +++ posted_news/20240327-171133.4.20.0.body.html | 12 + posted_news/20240327-171133.4.20.0.headline.html | 3 + 4 files changed, 385 insertions(+) create mode 100644 history/samba-4.20.0.html create mode 100644 posted_news/20240327-171133.4.20.0.body.html create mode 100644 posted_news/20240327-171133.4.20.0.headline.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index d939308..eb8f7b6 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -9,6 +9,7 @@ Release Notes + samba-4.20.0 samba-4.19.5. samba-4.19.4. samba-4.19.3. diff --git a/history/samba-4.20.0.html b/history/samba-4.20.0.html new file mode 100644 index 000..375ab40 --- /dev/null +++ b/history/samba-4.20.0.html @@ -0,0 +1,369 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.20.0 - Release Notes + + +Samba 4.20.0 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.20.0.tar.gz;>Samba 4.20.0 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.20.0.tar.asc;>Signature + + + + == + Release Notes for Samba 4.20.0 + March 27, 2024 + == + + +This is the first stable release of the Samba 4.20 release series. +Please read the release notes carefully before upgrading. + + +NEW FEATURES/CHANGES + + +New Minimum MIT Krb5 version for Samba AD Domain Controller +--- + +Samba now requires MIT 1.21 when built against a system MIT Krb5 and +acting as an Active Directory DC. This addresses the issues that were +fixed in CVE-2022-37967 (KrbtgtFullPacSignature) and ensures that +Samba builds against the MIT version that allows us to avoid that +attack. + +Removed dependency on Perl JSON module +-- + +Distributions are advised that the Perl JSON package is no longer +required by Samba builds that use the imported Heimdal. The build +instead uses Perls JSON::PP built into recent perl5 versions. + +Current lists of packages required by Samba for major distributions +are found in the bootstrap/generated-dists/ directory of a Samba +source tree. While there will be some differences - due to features +chosen by packagers - comparing these lists with the build dependencies +in a package may locate other dependencies we no longer require. + +samba-tool user getpassword / syncpasswords ;rounds= change +--- + +The password access tool samba-tool user getpassword and the +password sync tool samba-tool user syncpasswords allow attributes to +be chosen for output, and accept parameters like +pwdLastSet;format=GeneralizedTime + +These attributes then appear, in the same format, as the attributes in +the LDIF output. This was not the case for the ;rounds= parameter of +virtualCryptSHA256 and virtualCryptSHA512, for example as +--attributes=virtualCryptSHA256;rounds=5 + +This release makes the behaviour consistent between these two +features. Installations using GPG-encrypted passwords (or plaintext +storage) and the rounds= option, will find the output has changed + +from: +virtualCryptSHA256: {CRYPT}$5$rounds=2561$hXem.M9onhM9Vuix$dFdSBwF + +to: +virtualCryptSHA256;rounds=2561: {CRYPT}$5$rounds=2561$hXem.M9onhM9Vuix$dFdSBwF + +Group Managed service account client-side features +-- + +samba-tool has been extended to provide client-side support for Group +Managed Service accounts. These accounts have passwords that change +automatically, giving the advantages of service isolation without risk +of poor, unchanging passwords. + +Where possible, Sambas existing samba-tool password handling +commands, which in the past have only operated against the local +sam.ldb have been extended to permit operation against a remote server +with authenticated
[SCM] Samba Shared Repository - annotated tag samba-4.20.0 created
The annotated tag, samba-4.20.0 has been created at 5e0b7110dac9b3e9d4c304c407095541e212315d (tag) tagging 8fdd82c8b9ccc39f0b5f5d6cc22fa69f67c913a4 (commit) replaces samba-4.20.0rc4 tagged by Jule Anger on Wed Mar 27 18:10:07 2024 +0100 - Log - samba: tag release samba-4.20.0 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmYEUu8ACgkQqplEL7aA tiCS5A//fPAtzxtvkVgdCWCDRtm2nhq8731RhHiQsYdFm4FRB21eRga7iPVLF5yp R1u6DsELyt1jYrH39bIwOqFOauOIP7bulB3jDBHdYFoBf1OtVnTLBlBmCdVLbgz3 4K2aAcO3aVDrUNzx32CRnPyIZeTzhW5DQAPp6E5/lVCWV4jxUFGOELWu5Okgdu19 SXQEZkjytqoIm/a5aqmjRo7xAmzEgaZCKSRXjFe+NW2C+f+ziLW/0Wft9CjFIS6h 4geFbMEZ8RXXvj3q49IbriE/ESL7nvy3WvjqUhBg5CkXjucjxZt235WnnbPRt+Yh Gz10Vdon2FEsfOB9/6SLq5v/32dovWbEzys9Afnio1vF1HVxB5ADVN7YIpARrmDJ KNr3O/kx5Akiyb+vkZ+TYMYIMOhH3ruUfM95iEQC1MxxkVmb1e7N5DPqqHaJdHj6 /N14j/IkQtz1OVnlDRSVCzPFWWpPrQC2COkpa2ClnSMF3OVptdRVdjH6qT9lT83A J+hxRCokXcdnRRh3axJUo5AKgOH6VtYu1aW0PvUcMSDP0YOhAixhkStyBMKeHugc tYeZdAtpaI/EudGjQhWwpr9bDRiIaU0qg0tLtW/no+Pc6l6WUl55a4aHNmjqPSUU dgDeiYpfEWfkNzrFBV55Uz5tk7Iy15HhusWnxDYiecAjFgAWzfk= =7xFi -END PGP SIGNATURE- Andreas Schneider (2): libgpo: Fix trailing spaces in pygpo.c libgpo: Do not segfault if we don't have a valid security descriptor Björn Jacke (10): Revert "dosmode: prefer capabilities over become_root" Revert "posix_acls.c: prefer capabilities over become_root" Revert "open.c: prefer capabilities over become_root" Revert "vfs_recycle.c: prefer capabilities over become_root" Revert "vfs_posix_eadb.c: prefer capabilities over become_root" Revert "vfs_default.c: prefer capabilities over become_root" Revert "vfs_acl_common.c: prefer capabilities over become_root" Revert "nfs4_acls.c: prefer capabilities over become_root" Revert "dosmode.c: prefer use of capabilities at two places over become_root" Revert "token_util.c: prefer capabilities over become_root" Douglas Bagnall (3): libcli/security: claims_conversions: check for NULL in claims array libcli/security: check again for NULL values ndr: always attempt ACE coda pull if ACE type suggests a coda Jo Sutton (1): tests/krb5: Add tests for AllowedToAuthenticateTo with an AS-REQ Jule Anger (3): VERSION: Bump version up to Samba 4.20.0rc5... WHATSNEW: Add release notes for Samba 4.20.0. VERSION: Disable GIT_SNAPSHOT for the 4.20.0 release. Noel Power (1): s3/smbd: If we fail to close file_handle ensure we should reset the fd Ralph Boehme (1): smbd: simplify handling of failing fstat() after unlinking file Stefan Metzmacher (1): WHATSNEW: announce Service Witness Protocol [MS-SWN] and related options --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via eaefe50327d VERSION: Bump version up to Samba 4.20.1... via 8fdd82c8b9c VERSION: Disable GIT_SNAPSHOT for the 4.20.0 release. via 797464b7624 WHATSNEW: Add release notes for Samba 4.20.0. from 5cedf3b5eb0 Revert "token_util.c: prefer capabilities over become_root" https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit eaefe50327d05834dd35fb49ad5c38eabf527f03 Author: Jule Anger Date: Wed Mar 27 17:13:13 2024 +0100 VERSION: Bump version up to Samba 4.20.1... and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger commit 8fdd82c8b9ccc39f0b5f5d6cc22fa69f67c913a4 Author: Jule Anger Date: Wed Mar 27 17:12:54 2024 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.20.0 release. Signed-off-by: Jule Anger commit 797464b762469d5261aaa920fe4b2738042f42f7 Author: Jule Anger Date: Wed Mar 27 17:10:58 2024 +0100 WHATSNEW: Add release notes for Samba 4.20.0. Signed-off-by: Jule Anger --- Summary of changes: VERSION | 4 ++-- WHATSNEW.txt | 44 +--- 2 files changed, 35 insertions(+), 13 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 35bf60077a8..81c319ddc0c 100644 --- a/VERSION +++ b/VERSION @@ -27,7 +27,7 @@ SAMBA_COPYRIGHT_STRING="Copyright Andrew Tridgell and the Samba Team 1992-2024" SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=20 -SAMBA_VERSION_RELEASE=0 +SAMBA_VERSION_RELEASE=1 # If a official release has a serious bug # @@ -89,7 +89,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=5 +SAMBA_VERSION_RC_RELEASE= # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 9385a05f99e..5c97836d36f 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,16 +1,11 @@ -Release Announcements -= + == + Release Notes for Samba 4.20.0 + March 27, 2024 + == -This is the fourth release candidate of Samba 4.20. This is *not* -intended for production environments and is designed for testing -purposes only. Please report any defects via the Samba bug reporting -system at https://bugzilla.samba.org/. -Samba 4.20 will be the next version of the Samba suite. - - -UPGRADING -= +This is the first stable release of the Samba 4.20 release series. +Please read the release notes carefully before upgrading. NEW FEATURES/CHANGES @@ -280,6 +275,33 @@ smb.conf changes smb3 share cap:SCALE OUTnew see 'man smb.conf' +Changes since 4.20.0rc4 +=== + +o Douglas Bagnall + * BUG 15606: Avoid null-dereference with bad claims. + * BUG 15613: ndr_pull_security_ace can leave resource attribute ACE coda + claim struct undefined. + +o Ralph Boehme + * BUG 15527: fd_handle_destructor() panics within an smbd_smb2_close() if + vfs_stat_fsp() fails in fd_close(). + +o Björn Jacke + * BUG 15583: set_nt_acl sometimes fails with NT_STATUS_INVALID_PARAMETER - + openat() EACCES. + +o Noel Power + * BUG 15527: fd_handle_destructor() panics within an smbd_smb2_close() if + vfs_stat_fsp() fails in fd_close(). + +o Andreas Schneider + * BUG 15599: libgpo: Segfault in python bindings. + +o Jo Sutton + * BUG 15607: Samba AD is missing some authentication policy tests. + + CHANGES SINCE 4.20.0rc3 === -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via 5cedf3b5eb0 Revert "token_util.c: prefer capabilities over become_root" via f7491b29941 Revert "dosmode.c: prefer use of capabilities at two places over become_root" via 6ca9461a1db Revert "nfs4_acls.c: prefer capabilities over become_root" via 52b1d9d7cb8 Revert "vfs_acl_common.c: prefer capabilities over become_root" via 6e0986b2c30 Revert "vfs_default.c: prefer capabilities over become_root" via f6d549de47c Revert "vfs_posix_eadb.c: prefer capabilities over become_root" via d0c295e5344 Revert "vfs_recycle.c: prefer capabilities over become_root" via 4f38859f5d8 Revert "open.c: prefer capabilities over become_root" via dc161626303 Revert "posix_acls.c: prefer capabilities over become_root" via bb68b730290 Revert "dosmode: prefer capabilities over become_root" from aee05f11670 s3/smbd: If we fail to close file_handle ensure we should reset the fd https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit 5cedf3b5eb02c3050cb2e82d4602d63c565d4a7f Author: Björn Jacke Date: Thu Jan 25 00:46:38 2024 +0100 Revert "token_util.c: prefer capabilities over become_root" This reverts commit 944cb51506a94084d7ab52ee044fe6f66e1aaeb9. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Mar 27 10:47:23 UTC 2024 on atb-devel-224 (cherry picked from commit 0dec2ef188a93504da873d927ca2b26f8c491fb8) Autobuild-User(v4-20-test): Jule Anger Autobuild-Date(v4-20-test): Wed Mar 27 16:51:00 UTC 2024 on atb-devel-224 commit f7491b2994157615032e80b5f10df5953ae0543a Author: Björn Jacke Date: Mon Mar 25 17:04:45 2024 +0100 Revert "dosmode.c: prefer use of capabilities at two places over become_root" This reverts commit c1e2fbb1b9a7551becf5caa0f08d434edf9ad862. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme (cherry picked from commit 32aa11e9b570ce1c0bec889b699bc4897c9d9843) commit 6ca9461a1dbee5762220f0ae9e0b67c846d4feae Author: Björn Jacke Date: Mon Mar 25 17:04:23 2024 +0100 Revert "nfs4_acls.c: prefer capabilities over become_root" This reverts commit 06e5c1e32ea7907523cc19f021225e7541e2075f. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme (cherry picked from commit 33e88911ee7a8974d52021632ca25c1ddfcb6f45) commit 52b1d9d7cb8d70fc1137c26c4a38c530116802c4 Author: Björn Jacke Date: Mon Mar 25 17:04:17 2024 +0100 Revert "vfs_acl_common.c: prefer capabilities over become_root" This reverts commit 12734848dc9901b932644139aaa7e3f78e55c8dc. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme (cherry picked from commit af7b930e2bfe2275cee14dc2154f2aea8875fa63) commit 6e0986b2c30e78e0c9ffec62fb0666cd85dad316 Author: Björn Jacke Date: Mon Mar 25 17:03:57 2024 +0100 Revert "vfs_default.c: prefer capabilities over become_root" This reverts commit 62464bd2db2a95b1253364f4493bbb6770b73193. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme (cherry picked from commit 52ad635b2705bcfc8166bd90b1ad35ebb9cbc986) commit f6d549de47c463905c5d95bc6556e2c7c4a25540 Author: Björn Jacke Date: Mon Mar 25 17:03:50 2024 +0100 Revert "vfs_posix_eadb.c: prefer capabilities over become_root" This reverts commit 92278418dc885ed411f545e73c800ce93f858090. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme (cherry picked from commit 10c7a3e47c62dcb1dfe7e384960d60cafcb9e44e) commit d0c295e5344d7858cf75e19184e3842de06f27ab Author: Björn Jacke Date: Mon Mar 25 17:03:44 2024 +0100 Revert "vfs_recycle.c: prefer capabilities over become_root" This reverts commit 4227b011f6ada97a4cd72a440ed887ffdb3f219e. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15583 Signed-off-by: Bjoern Jacke Reviewed-by: Ralph Boehme (cherry picked from commit 7f19afbd40d3ad3c8d186d0a2a64d07a2a8bd00a) commit 4f38859f5d861a5f77c223ad720416b719e8e2f8 Author: Björn Jacke Date: Mon Mar 25 17:03:35 2024 +0100 Revert "open.c: prefer capabilities over become_root" This reverts commit b250f25fe407f9a6269b804382de4854501f2d86. BUG: https://bugzi
[SCM] Samba Shared Repository - branch v4-19-test updated
The branch, v4-19-test has been updated via 0ac741b5705 s3/smbd: If we fail to close file_handle ensure we should reset the fd via 3634df5d59e smbd: simplify handling of failing fstat() after unlinking file from a58338ec926 libgpo: Do not segfault if we don't have a valid security descriptor https://git.samba.org/?p=samba.git;a=shortlog;h=v4-19-test - Log - commit 0ac741b5705b7e0801a7ec5355d0f9be21e024c6 Author: Noel Power Date: Tue Feb 20 09:26:29 2024 + s3/smbd: If we fail to close file_handle ensure we should reset the fd if fsp_flags.fstat_before_close == true then close_file_smb will call vfs_stat which can fail. If it does fail then the fd associated with the file handle will still be set (and we will hit an assert is the file handle destructor) when calling file_free. We need to set fd to -1 to avoid that. To achieve that we capture and return the vfs_stat_fsp failure status while still processing the rest of the fd_close logic. [2024/02/20 09:23:48.454671, 0, pid=9744] ../../source3/smbd/smb2_close.c:226(smbd_smb2_close) smbd_smb2_close: close_file[]: NT_STATUS_ACCESS_DENIED [2024/02/20 09:23:48.454757, 0, pid=9744] ../../source3/smbd/fd_handle.c:40(fd_handle_destructor) PANIC: assert failed at ../../source3/smbd/fd_handle.c(40): (fh->fd == -1) || (fh->fd == AT_FDCWD) [2024/02/20 09:23:48.454781, 0, pid=9744] ../../lib/util/fault.c:178(smb_panic_log) === [2024/02/20 09:23:48.454804, 0, pid=9744] ../../lib/util/fault.c:185(smb_panic_log) INTERNAL ERROR: assert failed: (fh->fd == -1) || (fh->fd == AT_FDCWD) in smbd (smbd[192.168.10) (client [192.168.100.15]) pid 9744 (4.21.0pre1-DEVELOPERBUILD) [2024/02/20 09:23:48.454844, 0, pid=9744] ../../lib/util/fault.c:190(smb_panic_log) If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting [2024/02/20 09:23:48.454869, 0, pid=9744] ../../lib/util/fault.c:191(smb_panic_log) BUG: https://bugzilla.samba.org/show_bug.cgi?id=15527 Signed-off-by: Noel Power Reviewed-by: Jeremy Allison Autobuild-User(master): Noel Power Autobuild-Date(master): Wed Mar 13 10:34:45 UTC 2024 on atb-devel-224 (cherry picked from commit 6ee3f809a54d7b833ff798e68a93ada00a215d4d) Autobuild-User(v4-19-test): Jule Anger Autobuild-Date(v4-19-test): Wed Mar 27 15:53:39 UTC 2024 on atb-devel-224 commit 3634df5d59e9f47345932a00098aead7efe55009 Author: Ralph Boehme Date: Mon Feb 5 15:03:48 2024 +0100 smbd: simplify handling of failing fstat() after unlinking file close_remove_share_mode() already called vfs_stat_fsp(), so we can skip the fstat() triggered in fd_close() by fsp->fsp_flags.fstat_before_close being true. This avoids getting an EACCESS error when doing an fstat() on the removed file which seems to happen with some FUSE filesystems. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15527 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit 6e6324cff29089a636823786183222a73fe7cb28) --- Summary of changes: source3/smbd/close.c | 1 + source3/smbd/open.c | 27 --- 2 files changed, 9 insertions(+), 19 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/close.c b/source3/smbd/close.c index af5e78daa10..e16cb2d3485 100644 --- a/source3/smbd/close.c +++ b/source3/smbd/close.c @@ -603,6 +603,7 @@ static NTSTATUS close_remove_share_mode(files_struct *fsp, */ fsp->fsp_flags.delete_on_close = false; + fsp->fsp_flags.fstat_before_close = false; lck_state.reset_delete_on_close = true; done: diff --git a/source3/smbd/open.c b/source3/smbd/open.c index c3b27928510..36c890dc9d5 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -942,7 +942,7 @@ NTSTATUS fd_openat(const struct files_struct *dirfsp, NTSTATUS fd_close(files_struct *fsp) { - NTSTATUS status; + NTSTATUS stat_status = NT_STATUS_OK; int ret; if (fsp == fsp->conn->cwd_fsp) { @@ -950,23 +950,12 @@ NTSTATUS fd_close(files_struct *fsp) } if (fsp->fsp_flags.fstat_before_close) { - status = vfs_stat_fsp(fsp); - if (!NT_STATUS_IS_OK(status)) { - /* -* If this is a stream and delete-on-close was set, the -* backing object (an xattr from streams_xattr) might -* already be deleted so fstat() fails with -
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via aee05f11670 s3/smbd: If we fail to close file_handle ensure we should reset the fd via 72f70868257 smbd: simplify handling of failing fstat() after unlinking file from 3be368ff2bc ndr: always attempt ACE coda pull if ACE type suggests a coda https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit aee05f11670df006e50c225bbd7bce597482e856 Author: Noel Power Date: Tue Feb 20 09:26:29 2024 + s3/smbd: If we fail to close file_handle ensure we should reset the fd if fsp_flags.fstat_before_close == true then close_file_smb will call vfs_stat which can fail. If it does fail then the fd associated with the file handle will still be set (and we will hit an assert is the file handle destructor) when calling file_free. We need to set fd to -1 to avoid that. To achieve that we capture and return the vfs_stat_fsp failure status while still processing the rest of the fd_close logic. [2024/02/20 09:23:48.454671, 0, pid=9744] ../../source3/smbd/smb2_close.c:226(smbd_smb2_close) smbd_smb2_close: close_file[]: NT_STATUS_ACCESS_DENIED [2024/02/20 09:23:48.454757, 0, pid=9744] ../../source3/smbd/fd_handle.c:40(fd_handle_destructor) PANIC: assert failed at ../../source3/smbd/fd_handle.c(40): (fh->fd == -1) || (fh->fd == AT_FDCWD) [2024/02/20 09:23:48.454781, 0, pid=9744] ../../lib/util/fault.c:178(smb_panic_log) === [2024/02/20 09:23:48.454804, 0, pid=9744] ../../lib/util/fault.c:185(smb_panic_log) INTERNAL ERROR: assert failed: (fh->fd == -1) || (fh->fd == AT_FDCWD) in smbd (smbd[192.168.10) (client [192.168.100.15]) pid 9744 (4.21.0pre1-DEVELOPERBUILD) [2024/02/20 09:23:48.454844, 0, pid=9744] ../../lib/util/fault.c:190(smb_panic_log) If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting [2024/02/20 09:23:48.454869, 0, pid=9744] ../../lib/util/fault.c:191(smb_panic_log) BUG: https://bugzilla.samba.org/show_bug.cgi?id=15527 Signed-off-by: Noel Power Reviewed-by: Jeremy Allison Autobuild-User(master): Noel Power Autobuild-Date(master): Wed Mar 13 10:34:45 UTC 2024 on atb-devel-224 (cherry picked from commit 6ee3f809a54d7b833ff798e68a93ada00a215d4d) Autobuild-User(v4-20-test): Jule Anger Autobuild-Date(v4-20-test): Wed Mar 27 15:41:37 UTC 2024 on atb-devel-224 commit 72f7086825778ac434afdcab7251fecb5751ea44 Author: Ralph Boehme Date: Mon Feb 5 15:03:48 2024 +0100 smbd: simplify handling of failing fstat() after unlinking file close_remove_share_mode() already called vfs_stat_fsp(), so we can skip the fstat() triggered in fd_close() by fsp->fsp_flags.fstat_before_close being true. This avoids getting an EACCESS error when doing an fstat() on the removed file which seems to happen with some FUSE filesystems. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15527 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit 6e6324cff29089a636823786183222a73fe7cb28) --- Summary of changes: source3/smbd/close.c | 1 + source3/smbd/open.c | 27 --- 2 files changed, 9 insertions(+), 19 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/smbd/close.c b/source3/smbd/close.c index 538435ca834..bbca474a28a 100644 --- a/source3/smbd/close.c +++ b/source3/smbd/close.c @@ -603,6 +603,7 @@ static NTSTATUS close_remove_share_mode(files_struct *fsp, */ fsp->fsp_flags.delete_on_close = false; + fsp->fsp_flags.fstat_before_close = false; lck_state.reset_delete_on_close = true; done: diff --git a/source3/smbd/open.c b/source3/smbd/open.c index 08656c42521..c9c64fc4b76 100644 --- a/source3/smbd/open.c +++ b/source3/smbd/open.c @@ -943,7 +943,7 @@ NTSTATUS fd_openat(const struct files_struct *dirfsp, NTSTATUS fd_close(files_struct *fsp) { - NTSTATUS status; + NTSTATUS stat_status = NT_STATUS_OK; int ret; if (fsp == fsp->conn->cwd_fsp) { @@ -951,23 +951,12 @@ NTSTATUS fd_close(files_struct *fsp) } if (fsp->fsp_flags.fstat_before_close) { - status = vfs_stat_fsp(fsp); - if (!NT_STATUS_IS_OK(status)) { - /* -* If this is a stream and delete-on-close was set, the -* backing object (an xattr from streams_xattr) might -* already be deleted so fstat() fails with -*
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via 3be368ff2bc ndr: always attempt ACE coda pull if ACE type suggests a coda from 1273cb7e10b tests/krb5: Add tests for AllowedToAuthenticateTo with an AS-REQ https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit 3be368ff2bc6d7818d41a36ae99a7c9b19ba77b8 Author: Douglas Bagnall Date: Sat Mar 23 08:27:41 2024 +1300 ndr: always attempt ACE coda pull if ACE type suggests a coda We were skipping the pull in cases where the coda size was calculated to be zero. This has the right result for empty conditional ACEs, but not for Resource Attribute ACEs where the CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 coda was not intialised. The situation is made a bit worse, because the function that calculates the coda size (ndr_subcontext_size_of_ace_coda()) can return zero in conditions that are not exactly errors, but in which the would-be calculated value makes so little sense that zero is thought to be a safer default. Credit to OSS-Fuzz. REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66577 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15613 Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Mon Mar 25 06:00:21 UTC 2024 on atb-devel-224 (cherry picked from commit 6fb98f70c6274e172787c8d5f73aa93920171e7c) Autobuild-User(v4-20-test): Jule Anger Autobuild-Date(v4-20-test): Tue Mar 26 11:17:58 UTC 2024 on atb-devel-224 --- Summary of changes: librpc/ndr/ndr_sec_helper.c | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/librpc/ndr/ndr_sec_helper.c b/librpc/ndr/ndr_sec_helper.c index f870a17aafc..1a156b01d40 100644 --- a/librpc/ndr/ndr_sec_helper.c +++ b/librpc/ndr/ndr_sec_helper.c @@ -104,7 +104,6 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_ace(struct ndr_pull *ndr, ndr_flags { NDR_PULL_CHECK_FLAGS(ndr, ndr_flags); if (ndr_flags & NDR_SCALARS) { - ssize_t sub_size; NDR_CHECK(ndr_pull_align(ndr, 5)); NDR_CHECK(ndr_pull_security_ace_type(ndr, NDR_SCALARS, >type)); NDR_CHECK(ndr_pull_security_ace_flags(ndr, NDR_SCALARS, >flags)); @@ -112,12 +111,12 @@ _PUBLIC_ enum ndr_err_code ndr_pull_security_ace(struct ndr_pull *ndr, ndr_flags NDR_CHECK(ndr_pull_uint32(ndr, NDR_SCALARS, >access_mask)); NDR_CHECK(ndr_maybe_pull_security_ace_object_ctr(ndr, NDR_SCALARS, r)); NDR_CHECK(ndr_pull_dom_sid(ndr, NDR_SCALARS, >trustee)); - sub_size = ndr_subcontext_size_of_ace_coda(r, r->size, ndr->flags); - if (!sec_ace_has_extra_blob(r->type) || sub_size == 0) { + if (!sec_ace_has_extra_blob(r->type)) { r->coda.ignored.data = NULL; r->coda.ignored.length = 0; } else { struct ndr_pull *_ndr_coda; + ssize_t sub_size = ndr_subcontext_size_of_ace_coda(r, r->size, ndr->flags); NDR_CHECK(ndr_pull_subcontext_start(ndr, &_ndr_coda, 0, sub_size)); NDR_CHECK(ndr_pull_set_switch_value(_ndr_coda, >coda, r->type)); NDR_CHECK(ndr_pull_security_ace_coda(_ndr_coda, NDR_SCALARS|NDR_BUFFERS, >coda)); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via 1273cb7e10b tests/krb5: Add tests for AllowedToAuthenticateTo with an AS-REQ from 28fc1850e5c libcli/security: check again for NULL values https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit 1273cb7e10b79d005be822b805fa1775421ebfc7 Author: Jo Sutton Date: Tue May 2 15:42:24 2023 +1200 tests/krb5: Add tests for AllowedToAuthenticateTo with an AS-REQ BUG: https://bugzilla.samba.org/show_bug.cgi?id=15607 Signed-off-by: Jo Sutton Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Thu Mar 21 04:19:18 UTC 2024 on atb-devel-224 (cherry picked from commit 4f0ed9b00389fa641a423b88ab5462b32dd7bbca) Autobuild-User(v4-20-test): Jule Anger Autobuild-Date(v4-20-test): Fri Mar 22 11:06:51 UTC 2024 on atb-devel-224 --- Summary of changes: python/samba/tests/krb5/authn_policy_tests.py | 372 ++ selftest/knownfail_mit_kdc| 8 + 2 files changed, 380 insertions(+) Changeset truncated at 500 lines: diff --git a/python/samba/tests/krb5/authn_policy_tests.py b/python/samba/tests/krb5/authn_policy_tests.py index 2f15f8b2417..43db839cee7 100755 --- a/python/samba/tests/krb5/authn_policy_tests.py +++ b/python/samba/tests/krb5/authn_policy_tests.py @@ -295,6 +295,115 @@ class AuthnPolicyBaseTests(AuthLogTestBase, KdcTgsBaseTests): opts=opts, use_cache=cached) +def _fast_as_req(self, + client_creds, + target_creds, + armor_tgt, + expected_error=0, + expect_status=None, + expected_status=None, + expected_groups=None, + expect_device_info=None, + expected_device_groups=None, + expect_device_claims=None, + expected_device_claims=None): +client_username = client_creds.get_username() +client_realm = client_creds.get_realm() +client_cname = self.PrincipalName_create(name_type=NT_PRINCIPAL, + names=[client_username]) + +target_name = target_creds.get_username() +target_sname = self.PrincipalName_create( +name_type=NT_PRINCIPAL, names=[target_name]) +target_realm = target_creds.get_realm() +target_decryption_key = self.TicketDecryptionKey_from_creds( +target_creds) +target_etypes = target_creds.tgs_supported_enctypes + +authenticator_subkey = self.RandomKey(kcrypto.Enctype.AES256) +armor_key = self.generate_armor_key(authenticator_subkey, +armor_tgt.session_key) + +preauth_key = self.PasswordKey_from_creds(client_creds, + kcrypto.Enctype.AES256) + +client_challenge_key = ( +self.generate_client_challenge_key(armor_key, preauth_key)) +fast_padata = [self.get_challenge_pa_data(client_challenge_key)] + +def _generate_fast_padata(kdc_exchange_dict, + _callback_dict, + req_body): +return list(fast_padata), req_body + +etypes = kcrypto.Enctype.AES256, kcrypto.Enctype.RC4 + +if expected_error: +check_error_fn = self.generic_check_kdc_error +check_rep_fn = None +else: +check_error_fn = None +check_rep_fn = self.generic_check_kdc_rep + +pac_options = '1' # claims support + +samdb = self.get_samdb() +domain_sid_str = samdb.get_domain_sid() + +if expected_groups is not None: +expected_groups = self.map_sids(expected_groups, None, domain_sid_str) + +if expected_device_groups is not None: +expected_device_groups = self.map_sids(expected_device_groups, None, domain_sid_str) + +kdc_exchange_dict = self.as_exchange_dict( +creds=client_creds, +expected_crealm=client_realm, +expected_cname=client_cname, +expected_srealm=target_realm, +expected_sname=target_sname, +expected_supported_etypes=target_etypes, +ticket_decryption_key=target_decryption_key, +generate_fast_fn=self.generate_simple_fast, +generate_fast_armor_fn=self.generate_ap_req, +generate_fast_padata_fn=_generate_fast_padata, +fast_armor_type=FX_FAST_ARMOR_AP_REQUEST, +check_error_fn=check_error_fn, +check_rep_fn=check_rep_fn, +check_kdc_private_fn
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via 28fc1850e5c libcli/security: check again for NULL values via ce78896e262 libcli/security: claims_conversions: check for NULL in claims array from 99b6feac932 WHATSNEW: announce Service Witness Protocol [MS-SWN] and related options https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit 28fc1850e5c0b02f2ca0e0a8516457d56dc17cbd Author: Douglas Bagnall Date: Sun Mar 17 23:08:23 2024 +1300 libcli/security: check again for NULL values BUG: https://bugzilla.samba.org/show_bug.cgi?id=156067 Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Mon Mar 18 02:51:08 UTC 2024 on atb-devel-224 (cherry picked from commit b815abe77991d7929717ea3ed4b9d7bef7179715) Autobuild-User(v4-20-test): Jule Anger Autobuild-Date(v4-20-test): Wed Mar 20 12:03:45 UTC 2024 on atb-devel-224 commit ce78896e262b3133141f53aa27158a6eee4d53ff Author: Douglas Bagnall Date: Sun Mar 17 23:07:17 2024 +1300 libcli/security: claims_conversions: check for NULL in claims array If by mistake we end up with a NULL in our array of claims pointers, it is better to return an error than crash. There can be NULLs in the array if a resource attribute ACE has a claim that uses 0 as a relative data pointer. Samba assumes this means a NULL pointer, rather than a zero offset. Credit to OSS-Fuzz. REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66777 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15606 Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett (cherry picked from commit 78f728063a1e510966a45f7f1d9515ea3bd16214) --- Summary of changes: libcli/security/claims-conversions.c | 13 + 1 file changed, 13 insertions(+) Changeset truncated at 500 lines: diff --git a/libcli/security/claims-conversions.c b/libcli/security/claims-conversions.c index bbba5973852..ccf1375fc8f 100644 --- a/libcli/security/claims-conversions.c +++ b/libcli/security/claims-conversions.c @@ -262,6 +262,9 @@ static bool claim_v1_offset_to_ace_token( uint8_t f = claim->flags & CLAIM_SECURITY_ATTRIBUTE_VALUE_CASE_SENSITIVE; result->flags = f | CONDITIONAL_ACE_FLAG_TOKEN_FROM_ATTR; + if (claim->values[offset].int_value == NULL) { + return false; + } switch (claim->value_type) { case CLAIM_SECURITY_ATTRIBUTE_TYPE_INT64: return claim_v1_int_to_ace_int(claim, offset, result); @@ -935,6 +938,16 @@ NTSTATUS claim_v1_check_and_sort(TALLOC_CTX *mem_ctx, .case_sensitive = case_sensitive }; + /* +* It could be that the values array contains a NULL pointer, in which +* case we don't need to worry about what type it is. +*/ + for (i = 0; i < claim->value_count; i++) { + if (claim->values[i].int_value == NULL) { + return NT_STATUS_INVALID_PARAMETER; + } + } + if (claim->value_type == CLAIM_SECURITY_ATTRIBUTE_TYPE_BOOLEAN) { NTSTATUS status = claim_v1_check_and_sort_boolean(mem_ctx, claim); if (NT_STATUS_IS_OK(status)) { -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-19-test updated
The branch, v4-19-test has been updated via a58338ec926 libgpo: Do not segfault if we don't have a valid security descriptor via 51a3797f57e libgpo: Fix trailing spaces in pygpo.c from 8ea3973ad40 python:gp: Implement client site lookup in site_dn_for_machine() https://git.samba.org/?p=samba.git;a=shortlog;h=v4-19-test - Log - commit a58338ec926d4979253b86fcc273be66e708adbd Author: Andreas Schneider Date: Tue Mar 5 13:17:19 2024 +0100 libgpo: Do not segfault if we don't have a valid security descriptor Program received signal SIGSEGV, Segmentation fault. ndr_push_security_descriptor (ndr=ndr@entry=0x55bf41b0, ndr_flags=ndr_flags@entry=768, r=r@entry=0x0) at librpc/gen_ndr/ndr_security.c:713 713 NDR_CHECK(ndr_push_security_descriptor_revision(ndr, NDR_SCALARS, r->revision)); Thread 1 (Thread 0x77ece740 (LWP 21460) "python3"): #0 ndr_push_security_descriptor (ndr=ndr@entry=0x55bf41b0, ndr_flags=ndr_flags@entry=768, r=r@entry=0x0) at librpc/gen_ndr/ndr_security.c:713 _flags_save_STRUCT = 0 _status = _status = _status = _status = _status = _status = _status = _status = _status = _status = _status = _status = _status = _status = _status = _status = _status = _status = _status = _status = __FUNCTION__ = "ndr_push_security_descriptor" #1 0x7617237f in ndr_push_struct_blob (blob=blob@entry=0x7fffdb20, mem_ctx=0x55aa3bd0, p=0x0, fn=0x76074ad0 , fn@entry=0x760706c8 ) at ../../librpc/ndr/ndr.c:1438 _status = ndr = 0x55bf41b0 #2 0x7607cccf in marshall_sec_desc (mem_ctx=, secdesc=, data=data@entry=0x7fffdb80, len=len@entry=0x7fffdb78) at ../../libcli/security/secdesc.c:241 blob = {data = 0x7fffdb40 "`\333\377\377\377\177", length = 140737352374299} ndr_err = __FUNCTION__ = "marshall_sec_desc" #3 0x729edd94 in GPO_marshall_get_sec_desc_buf (self=, args=, kwds=) at ../../libgpo/pygpo.c:119 gpo_ptr = status = data = 0x0 len = 0 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15599 Signed-off-by: Andreas Schneider Reviewed-by: David Mulder (cherry picked from commit b13d4359f2f16e391763d1dc6a5718def973fabb) Autobuild-User(v4-19-test): Jule Anger Autobuild-Date(v4-19-test): Fri Mar 15 11:20:39 UTC 2024 on atb-devel-224 commit 51a3797f57ea988677016395784bd8d117062b11 Author: Andreas Schneider Date: Mon Mar 4 16:42:38 2024 +0100 libgpo: Fix trailing spaces in pygpo.c Signed-off-by: Andreas Schneider Reviewed-by: David Mulder (cherry picked from commit 6fb86a0fa62d93c1c84c2000f01c381a9e8217e1) --- Summary of changes: libgpo/pygpo.c | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/libgpo/pygpo.c b/libgpo/pygpo.c index adbd5b4688d..0f7116313f2 100644 --- a/libgpo/pygpo.c +++ b/libgpo/pygpo.c @@ -116,6 +116,11 @@ static PyObject *GPO_marshall_get_sec_desc_buf(PyObject *self, PyObject *args, uint8_t *data = NULL; size_t len = 0; + if (gpo_ptr->security_descriptor == NULL) { + PyErr_SetString(PyExc_RuntimeError, "Uninitialized"); + return NULL; + } + status = marshall_sec_desc(gpo_ptr, gpo_ptr->security_descriptor, , ); if (!NT_STATUS_IS_OK(status)) { @@ -371,7 +376,7 @@ static int py_ads_init(ADS *self, PyObject *args, PyObject *kwds) workgroup, ldap_server, ADS_SASL_PLAIN); - + return 0; } -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via 69b69bb2085 libgpo: Do not segfault if we don't have a valid security descriptor via 72bd247c97d libgpo: Fix trailing spaces in pygpo.c from 4d1536f86b9 VERSION: Bump version up to Samba 4.20.0rc5... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit 69b69bb2085dfc842292db14eadbcba71b096d69 Author: Andreas Schneider Date: Tue Mar 5 13:17:19 2024 +0100 libgpo: Do not segfault if we don't have a valid security descriptor Program received signal SIGSEGV, Segmentation fault. ndr_push_security_descriptor (ndr=ndr@entry=0x55bf41b0, ndr_flags=ndr_flags@entry=768, r=r@entry=0x0) at librpc/gen_ndr/ndr_security.c:713 713 NDR_CHECK(ndr_push_security_descriptor_revision(ndr, NDR_SCALARS, r->revision)); Thread 1 (Thread 0x77ece740 (LWP 21460) "python3"): #0 ndr_push_security_descriptor (ndr=ndr@entry=0x55bf41b0, ndr_flags=ndr_flags@entry=768, r=r@entry=0x0) at librpc/gen_ndr/ndr_security.c:713 _flags_save_STRUCT = 0 _status = _status = _status = _status = _status = _status = _status = _status = _status = _status = _status = _status = _status = _status = _status = _status = _status = _status = _status = _status = __FUNCTION__ = "ndr_push_security_descriptor" #1 0x7617237f in ndr_push_struct_blob (blob=blob@entry=0x7fffdb20, mem_ctx=0x55aa3bd0, p=0x0, fn=0x76074ad0 , fn@entry=0x760706c8 ) at ../../librpc/ndr/ndr.c:1438 _status = ndr = 0x55bf41b0 #2 0x7607cccf in marshall_sec_desc (mem_ctx=, secdesc=, data=data@entry=0x7fffdb80, len=len@entry=0x7fffdb78) at ../../libcli/security/secdesc.c:241 blob = {data = 0x7fffdb40 "`\333\377\377\377\177", length = 140737352374299} ndr_err = __FUNCTION__ = "marshall_sec_desc" #3 0x729edd94 in GPO_marshall_get_sec_desc_buf (self=, args=, kwds=) at ../../libgpo/pygpo.c:119 gpo_ptr = status = data = 0x0 len = 0 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15599 Signed-off-by: Andreas Schneider Reviewed-by: David Mulder (cherry picked from commit b13d4359f2f16e391763d1dc6a5718def973fabb) Autobuild-User(v4-20-test): Jule Anger Autobuild-Date(v4-20-test): Fri Mar 15 10:29:54 UTC 2024 on atb-devel-224 commit 72bd247c97da62789ab72111df11466dfb2a79fa Author: Andreas Schneider Date: Mon Mar 4 16:42:38 2024 +0100 libgpo: Fix trailing spaces in pygpo.c Signed-off-by: Andreas Schneider Reviewed-by: David Mulder (cherry picked from commit 6fb86a0fa62d93c1c84c2000f01c381a9e8217e1) --- Summary of changes: libgpo/pygpo.c | 7 ++- 1 file changed, 6 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/libgpo/pygpo.c b/libgpo/pygpo.c index adbd5b4688d..0f7116313f2 100644 --- a/libgpo/pygpo.c +++ b/libgpo/pygpo.c @@ -116,6 +116,11 @@ static PyObject *GPO_marshall_get_sec_desc_buf(PyObject *self, PyObject *args, uint8_t *data = NULL; size_t len = 0; + if (gpo_ptr->security_descriptor == NULL) { + PyErr_SetString(PyExc_RuntimeError, "Uninitialized"); + return NULL; + } + status = marshall_sec_desc(gpo_ptr, gpo_ptr->security_descriptor, , ); if (!NT_STATUS_IS_OK(status)) { @@ -371,7 +376,7 @@ static int py_ads_init(ADS *self, PyObject *args, PyObject *kwds) workgroup, ldap_server, ADS_SASL_PLAIN); - + return 0; } -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 1fac108 NEWS[4.18.11]: Samba 4.18.11 Available for Download from 9506c5e NEWS[4.20.0rc4]: Samba 4.20.0rc4 Available for Download https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 1fac10875aca9bfca765f20dc163d134d035ef74 Author: Jule Anger Date: Wed Mar 13 16:52:01 2024 +0100 NEWS[4.18.11]: Samba 4.18.11 Available for Download Signed-off-by: Jule Anger --- Summary of changes: history/header_history.html | 1 + history/samba-4.18.11.html| 40 +++ posted_news/20240313-155512.4.18.11.body.html | 13 posted_news/20240313-155512.4.18.11.headline.html | 3 ++ 4 files changed, 57 insertions(+) create mode 100644 history/samba-4.18.11.html create mode 100644 posted_news/20240313-155512.4.18.11.body.html create mode 100644 posted_news/20240313-155512.4.18.11.headline.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index 17c67ec..d939308 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -15,6 +15,7 @@ samba-4.19.2 samba-4.19.1 samba-4.19.0 + samba-4.18.11 samba-4.18.10 samba-4.18.9 samba-4.18.8 diff --git a/history/samba-4.18.11.html b/history/samba-4.18.11.html new file mode 100644 index 000..f16699c --- /dev/null +++ b/history/samba-4.18.11.html @@ -0,0 +1,40 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.18.11 - Release Notes + + +Samba 4.18.11 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.18.11.tar.gz;>Samba 4.18.11 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.18.11.tar.asc;>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.18.10-4.18.11.diffs.gz;>Patch (gzipped) against Samba 4.18.10 +https://download.samba.org/pub/samba/patches/samba-4.18.10-4.18.11.diffs.asc;>Signature + + + + === + Release Notes for Samba 4.18.11 + March 13, 2024 + === + + +This is the latest stable release of the Samba 4.18 release series. + + +Changes since 4.18.10 +- + +o Martin Schwenke mschwe...@ddn.com + * BUG 15580: Packet marshalling push support missing for + CTDB_CONTROL_TCP_CLIENT_DISCONNECTED and + CTDB_CONTROL_TCP_CLIENT_PASSED + + + + + + diff --git a/posted_news/20240313-155512.4.18.11.body.html b/posted_news/20240313-155512.4.18.11.body.html new file mode 100644 index 000..965604b --- /dev/null +++ b/posted_news/20240313-155512.4.18.11.body.html @@ -0,0 +1,13 @@ + +13 March 2024 +Samba 4.18.11 Available for Download + +This is the latest stable release of the Samba 4.18 release series. + + +The uncompressed tarball has been signed using GnuPG (ID AA99442FB680B620). +The source code can be https://download.samba.org/pub/samba/stable/samba-4.18.11.tar.gz;>downloaded now. +A https://download.samba.org/pub/samba/patches/samba-4.18.10-4.18.11.diffs.gz;>patch against Samba 4.18.10 is also available. +See https://www.samba.org/samba/history/samba-4.18.11.html;>the release notes for more info. + + diff --git a/posted_news/20240313-155512.4.18.11.headline.html b/posted_news/20240313-155512.4.18.11.headline.html new file mode 100644 index 000..61c7b57 --- /dev/null +++ b/posted_news/20240313-155512.4.18.11.headline.html @@ -0,0 +1,3 @@ + + 13 March 2024 Samba 4.18.11 Available for Download + -- Samba Website Repository
[SCM] Samba Shared Repository - branch v4-18-stable updated
The branch, v4-18-stable has been updated via 4017976e8c0 VERSION: Disable GIT_SNAPSHOT for the 4.18.11 release. via 2edd0aac9f1 WHATSNEW: Add release notes for Samba 4.18.11. via 081a6d5fc1d ctdb-protocol: Add missing push support for new controls via 18305d8d86c VERSION: Bump version up to Samba 4.18.11... from 51a13a23371 VERSION: Disable GIT_SNAPSHOT for the 4.18.10 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-18-stable - Log - --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 44 +-- ctdb/protocol/protocol_control.c | 8 +++ ctdb/tests/src/protocol_common_ctdb.c | 33 ++ ctdb/tests/src/protocol_ctdb_test.c | 2 +- 5 files changed, 85 insertions(+), 4 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 5c79a0c8dde..a15ddc2bc94 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=18 -SAMBA_VERSION_RELEASE=10 +SAMBA_VERSION_RELEASE=11 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index be2f81f823b..1bcbbdedcfc 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,44 @@ + === + Release Notes for Samba 4.18.11 + March 13, 2024 + === + + +This is the latest stable release of the Samba 4.18 release series. + + +Changes since 4.18.10 +- + +o Martin Schwenke + * BUG 15580: Packet marshalling push support missing for + CTDB_CONTROL_TCP_CLIENT_DISCONNECTED and + CTDB_CONTROL_TCP_CLIENT_PASSED + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical:matrix.org matrix room, or +#samba-technical IRC channel on irc.libera.chat. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + === Release Notes for Samba 4.18.10 January 31, 2024 @@ -75,8 +116,7 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- == Release Notes for Samba 4.18.9 November 29, 2023 diff --git a/ctdb/protocol/protocol_control.c b/ctdb/protocol/protocol_control.c index 83ed6cb4ee1..e4491159937 100644 --- a/ctdb/protocol/protocol_control.c +++ b/ctdb/protocol/protocol_control.c @@ -693,6 +693,14 @@ static void ctdb_req_control_data_push(struct ctdb_req_control_data *cd, case CTDB_CONTROL_ECHO_DATA: ctdb_echo_data_push(cd->data.echo_data, buf, ); break; + + case CTDB_CONTROL_TCP_CLIENT_DISCONNECTED: + ctdb_connection_push(cd->data.conn, buf, ); + break; + + case CTDB_CONTROL_TCP_CLIENT_PASSED: + ctdb_connection_push(cd->data.conn, buf, ); + break; } *npush = np; diff --git a/ctdb/tests/src/protocol_common_ctdb.c b/ctdb/tests/src/protocol_common_ctdb.c index 384076824a4..8a8e114f67a 100644 --- a/ctdb/tests/src/protocol_common_ctdb.c +++ b/ctdb/tests/src/protocol_common_ctdb.c @@ -593,6 +593,19 @@ void fill_ctdb_req_control_data(TALLOC_CTX *mem_ctx, case CTDB_CONTROL_ENABLE_NODE: break; + + case CTDB_CONTROL_TCP_CLIENT_DISCONNECTED: + cd->data.conn = talloc(mem_ctx, struct ctdb_connection); + assert(cd->data.conn != NULL); + fill_ctdb_connection(mem_ctx, cd->data.conn); + break; + + case CTDB_CONTROL_TCP_CLIENT_PASSED: + cd->data.conn = talloc(mem_ctx, struct
[SCM] Samba Shared Repository - annotated tag samba-4.18.11 created
The annotated tag, samba-4.18.11 has been created at 181a7b50e0983c6bf3916ed5eec31ba25f2a4e51 (tag) tagging 4017976e8c0f5d1ae79ea01f1d4a46608ee0f61f (commit) replaces samba-4.18.10 tagged by Jule Anger on Wed Mar 13 16:50:56 2024 +0100 - Log - samba: tag release samba-4.18.11 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmXxy2AACgkQqplEL7aA tiBCIQ/9E8smpgoDagZ8Bhwn5T6NphHG6NhA3TSLYvFG/OAMlYzs5X8HYi/jTtHt DcuFM+dtarMBvvCmL95fXXwB5XJbH6IbCWoGiIppcW1TzLRZ4AfaPG/xuk7Et6RX O9HVY75GAMRm6rw0w5YLTKF7+osmemGH5/pKhaMkVRu0Q4xFLkWdw3DmWFxRiQq3 PrDjyTo7kLC12LxolC3PjN6yB0QG3tQ4C47uHAKZL+EQsS8AutBv+/e1B4Z7zeyG 8YgF0sFQiN2XJ1IxbBrDq73u9ylcm0OA/D6l3CyyY+wWo5Jq0KvjMhxU7SjjeR/6 +RuVgq0J7ib98N/FvvdKMluSu3lLAdfPUQE3UKnMnOIX1YNAfd2ipBVfJT/6E5Ks 6qgH27p+5gepSZ3ZjDiBq7Ftr1jJelt5LZ4cTkkJg0PA0mGEoIDvffQriFid1MZv 0pQl6FRHzAbkheU164B8vXnCuXD07wcn7WR+uDXrALRtNlLDN0Xwdsi8on/CD3Cc V2+E+G5WlUZrJcsilgaNGkHAG3Ge8wCuHQTQackK3FiCCQrO2jtrq01H3tvXJfSf nUyM8D1M0N4QHU0bG34/w5GUb4BgVD8pPPquhaL65nrA0HcqG6e4lHjYsCCajeIl X4yVv1TpMOGTnaj0/qZ5nnM9gwpDEGa+ZzpiOVIWx2EAJUt4Nyk= =2ojj -END PGP SIGNATURE- Jule Anger (3): VERSION: Bump version up to Samba 4.18.11... WHATSNEW: Add release notes for Samba 4.18.11. VERSION: Disable GIT_SNAPSHOT for the 4.18.11 release. Martin Schwenke (1): ctdb-protocol: Add missing push support for new controls --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-18-test updated
The branch, v4-18-test has been updated via 105e6d817dd VERSION: Bump version up to Samba 4.18.12... via 4017976e8c0 VERSION: Disable GIT_SNAPSHOT for the 4.18.11 release. via 2edd0aac9f1 WHATSNEW: Add release notes for Samba 4.18.11. from 081a6d5fc1d ctdb-protocol: Add missing push support for new controls https://git.samba.org/?p=samba.git;a=shortlog;h=v4-18-test - Log - commit 105e6d817ddd2654bf44db92027d20c7cb0e85eb Author: Jule Anger Date: Wed Mar 13 16:48:07 2024 +0100 VERSION: Bump version up to Samba 4.18.12... and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger commit 4017976e8c0f5d1ae79ea01f1d4a46608ee0f61f Author: Jule Anger Date: Wed Mar 13 16:47:33 2024 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.18.11 release. Signed-off-by: Jule Anger commit 2edd0aac9f115b21b7c58b254c7b814ee664380e Author: Jule Anger Date: Wed Mar 13 16:47:00 2024 +0100 WHATSNEW: Add release notes for Samba 4.18.11. Signed-off-by: Jule Anger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 44 ++-- 2 files changed, 43 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index a4cb410d3b8..25cf7311e9c 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=18 -SAMBA_VERSION_RELEASE=11 +SAMBA_VERSION_RELEASE=12 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index be2f81f823b..1bcbbdedcfc 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,44 @@ + === + Release Notes for Samba 4.18.11 + March 13, 2024 + === + + +This is the latest stable release of the Samba 4.18 release series. + + +Changes since 4.18.10 +- + +o Martin Schwenke + * BUG 15580: Packet marshalling push support missing for + CTDB_CONTROL_TCP_CLIENT_DISCONNECTED and + CTDB_CONTROL_TCP_CLIENT_PASSED + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical:matrix.org matrix room, or +#samba-technical IRC channel on irc.libera.chat. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + === Release Notes for Samba 4.18.10 January 31, 2024 @@ -75,8 +116,7 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- == Release Notes for Samba 4.18.9 November 29, 2023 -- Samba Shared Repository
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 0e40506d21b selftest: add tests for "samba-tool user list --locked-only" via 055b4cd50f8 samba-tool: add "samba-tool user list --locked-only" from b13d4359f2f libgpo: Do not segfault if we don't have a valid security descriptor https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 0e40506d21b43854bba95e267dead64c506d1ef5 Author: Jule Anger Date: Tue Mar 5 10:41:32 2024 +0100 selftest: add tests for "samba-tool user list --locked-only" Signed-off-by: Jule Anger Reviewed-by: Andrew Bartlett Autobuild-User(master): Jule Anger Autobuild-Date(master): Tue Mar 12 10:54:49 UTC 2024 on atb-devel-224 commit 055b4cd50f8aeaac7ce1f3efc5643063025b28a7 Author: Jule Anger Date: Fri Mar 1 11:16:26 2024 +0100 samba-tool: add "samba-tool user list --locked-only" Signed-off-by: Jule Anger Reviewed-by: Andrew Bartlett --- Summary of changes: docs-xml/manpages/samba-tool.8.xml| 6 ++ python/samba/netcmd/user/list.py | 13 - python/samba/tests/samba_tool/user.py | 25 + source4/dsdb/tests/python/password_lockout.py | 16 4 files changed, 59 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages/samba-tool.8.xml b/docs-xml/manpages/samba-tool.8.xml index 3471b0e1991..e6c0c08c240 100644 --- a/docs-xml/manpages/samba-tool.8.xml +++ b/docs-xml/manpages/samba-tool.8.xml @@ -2598,6 +2598,12 @@ Do not list disabled user accounts. + + --locked-only + + Only list locked user accounts. + + diff --git a/python/samba/netcmd/user/list.py b/python/samba/netcmd/user/list.py index 10605ca68f4..3d16f0ef9d7 100644 --- a/python/samba/netcmd/user/list.py +++ b/python/samba/netcmd/user/list.py @@ -42,6 +42,10 @@ class cmd_user_list(Command): default=False, action='store_true', help="Do not list disabled user accounts"), +Option("--locked-only", + help="Only list locked user accounts", + default=False, + action='store_true'), Option("-b", "--base-dn", help="Specify base DN to use", type=str), @@ -64,6 +68,7 @@ class cmd_user_list(Command): H=None, hide_expired=False, hide_disabled=False, +locked_only=False, base_dn=None, full_dn=False): lp = sambaopts.get_loadparm() @@ -87,10 +92,16 @@ class cmd_user_list(Command): filter_disabled = "(!(userAccountControl:%s:=%u))" % ( ldb.OID_COMPARATOR_AND, dsdb.UF_ACCOUNTDISABLE) -filter = "(&(objectClass=user)(userAccountControl:%s:=%u)%s%s)" % ( +filter_locked = "" +if locked_only is True: +# use lockoutTime=* to filter out accounts without a set lockoutTime +filter_locked = "(&(lockoutTime=*)(!(lockoutTime=0)))" + +filter = "(&(objectClass=user)(userAccountControl:%s:=%u)%s%s%s)" % ( ldb.OID_COMPARATOR_AND, dsdb.UF_NORMAL_ACCOUNT, filter_disabled, +filter_locked, filter_expires) res = samdb.search(search_dn, diff --git a/python/samba/tests/samba_tool/user.py b/python/samba/tests/samba_tool/user.py index ef74858eaec..290d5daebe1 100644 --- a/python/samba/tests/samba_tool/user.py +++ b/python/samba/tests/samba_tool/user.py @@ -437,6 +437,31 @@ class UserCmdTestCase(SambaToolCmdTest): self.assertMatch(out, name, "user '%s' not found" % name) +# Test: samba-tool user list --locked-only +# This test does not verify that the command lists the locked user, it just +# tests that it does not list unlocked users. The funcional test, which +# lists locked users, is located in the 'samba4.ldap.password_lockout' test +# in source8/dsdb/tests/python/password_lockout.py +def test_list_locked(self): +(result, out, err) = self.runsubcmd("user", "list", +"-H", "ldap://%s; % os.environ["DC_SERVER"], +"-U%s%%%s" % (os.environ["DC_USERNAME"], + os.environ["DC_PASSWORD"]), +"--locked-only") +self.assertCmdSuccess(resul
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 9506c5e NEWS[4.20.0rc4]: Samba 4.20.0rc4 Available for Download from 6c2a8b4 NEWS[4.20.0rc3]: Samba 4.20.0rc3 Available for Download https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 9506c5e352fdb3affbf0e0be21f6c918a70adf63 Author: Jule Anger Date: Mon Mar 11 16:01:11 2024 +0100 NEWS[4.20.0rc4]: Samba 4.20.0rc4 Available for Download Signed-off-by: Jule Anger --- Summary of changes: posted_news/20240311-150218.4.20.0rc4.body.html | 12 posted_news/20240311-150218.4.20.0rc4.headline.html | 3 +++ 2 files changed, 15 insertions(+) create mode 100644 posted_news/20240311-150218.4.20.0rc4.body.html create mode 100644 posted_news/20240311-150218.4.20.0rc4.headline.html Changeset truncated at 500 lines: diff --git a/posted_news/20240311-150218.4.20.0rc4.body.html b/posted_news/20240311-150218.4.20.0rc4.body.html new file mode 100644 index 000..9211dd5 --- /dev/null +++ b/posted_news/20240311-150218.4.20.0rc4.body.html @@ -0,0 +1,12 @@ + +11 March 2024 +Samba 4.20.0rc4 Available for Download + +This is the fourth release candidate of the upcoming Samba 4.20 release series. + + +The uncompressed tarball has been signed using GnuPG (ID AA99442FB680B620). +The source code can be https://download.samba.org/pub/samba/rc/samba-4.20.0rc4.tar.gz;>downloaded now. +See https://download.samba.org/pub/samba/rc/samba-4.20.0rc4.WHATSNEW.txt;>the release notes for more info. + + diff --git a/posted_news/20240311-150218.4.20.0rc4.headline.html b/posted_news/20240311-150218.4.20.0rc4.headline.html new file mode 100644 index 000..3bedcb5 --- /dev/null +++ b/posted_news/20240311-150218.4.20.0rc4.headline.html @@ -0,0 +1,3 @@ + + 11 March 2024 Samba 4.20.0rc4 Available for Download + -- Samba Website Repository
[SCM] Samba Shared Repository - branch v4-20-stable updated
The branch, v4-20-stable has been updated via 964c0e97e7a VERSION: Disable GIT_SNAPSHOT for the 4.20.0rc4 release. via f485def8104 WHATSNEW: Add release notes for Samba 4.20.0rc4. via 03b6dae6630 python:gp: Implement client site lookup in site_dn_for_machine() via e51e72dd14a librpc:idl: Make netlogon_samlogon_response public via a09d0ba6eb2 VERSION: Bump version up to Samba 4.20.0rc4... from 17bab5c0774 VERSION: Disable GIT_SNAPSHOT for the 4.20.0rc3 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-stable - Log - --- Summary of changes: VERSION| 2 +- WHATSNEW.txt | 9 +- librpc/idl/nbt.idl | 2 +- librpc/ndr/ndr_nbt.c | 2 +- librpc/ndr/ndr_nbt.h | 2 +- python/samba/gp/gpclass.py | 68 ++ 6 files changed, 57 insertions(+), 28 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index efcf3f379e6..fcee8581107 100644 --- a/VERSION +++ b/VERSION @@ -89,7 +89,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=3 +SAMBA_VERSION_RC_RELEASE=4 # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index f540dc555c0..dd80f116a10 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements = -This is the third release candidate of Samba 4.20. This is *not* +This is the fourth release candidate of Samba 4.20. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. @@ -214,6 +214,13 @@ smb.conf changes acl claims evaluation new AD DC only +CHANGES SINCE 4.20.0rc3 +=== + +o Andreas Schneider + * BUG 15588: samba-gpupdate: Correctly implement site support. + + CHANGES SINCE 4.20.0rc2 === diff --git a/librpc/idl/nbt.idl b/librpc/idl/nbt.idl index 11814e7970e..46be2eae7e2 100644 --- a/librpc/idl/nbt.idl +++ b/librpc/idl/nbt.idl @@ -490,7 +490,7 @@ interface nbt [case(NETLOGON_NT_VERSION_5EX)] NETLOGON_SAM_LOGON_RESPONSE_EX nt5_ex; } netlogon_samlogon_response_union; - typedef [nopush,nopull] struct { + typedef [nopush,nopull,noprint,public] struct { uint32 ntver; [switch_is(ntver)] netlogon_samlogon_response_union data; } netlogon_samlogon_response; diff --git a/librpc/ndr/ndr_nbt.c b/librpc/ndr/ndr_nbt.c index eb186810785..6f54198ffbc 100644 --- a/librpc/ndr/ndr_nbt.c +++ b/librpc/ndr/ndr_nbt.c @@ -392,7 +392,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netlogon_samlogon_response(struct ndr_pull * return NDR_ERR_SUCCESS; } -_PUBLIC_ void ndr_print_netlogon_samlogon_response(struct ndr_print *ndr, const char *name, struct netlogon_samlogon_response *r) +_PUBLIC_ void ndr_print_netlogon_samlogon_response(struct ndr_print *ndr, const char *name, const struct netlogon_samlogon_response *r) { ndr_print_struct(ndr, name, "netlogon_samlogon_response"); if (r == NULL) { ndr_print_null(ndr); return; } diff --git a/librpc/ndr/ndr_nbt.h b/librpc/ndr/ndr_nbt.h index c38422fff6b..00ee8a17364 100644 --- a/librpc/ndr/ndr_nbt.h +++ b/librpc/ndr/ndr_nbt.h @@ -37,6 +37,6 @@ enum ndr_err_code ndr_pull_NETLOGON_SAM_LOGON_RESPONSE_EX_with_flags(struct ndr_ uint32_t nt_version_flags); enum ndr_err_code ndr_push_netlogon_samlogon_response(struct ndr_push *ndr, ndr_flags_type ndr_flags, const struct netlogon_samlogon_response *r); enum ndr_err_code ndr_pull_netlogon_samlogon_response(struct ndr_pull *ndr, ndr_flags_type ndr_flags, struct netlogon_samlogon_response *r); -void ndr_print_netlogon_samlogon_response(struct ndr_print *ndr, const char *name, struct netlogon_samlogon_response *r); +void ndr_print_netlogon_samlogon_response(struct ndr_print *ndr, const char *name, const struct netlogon_samlogon_response *r); #endif /* _LIBRPC_NDR_NDR_NBT_H */ diff --git a/python/samba/gp/gpclass.py b/python/samba/gp/gpclass.py index 26c2386847e..08be472e707 100644 --- a/python/samba/gp/gpclass.py +++ b/python/samba/gp/gpclass.py @@ -49,7 +49,7 @@ from samba.dsdb import UF_WORKSTATION_TRUST_ACCOUNT, UF_SERVER_TRUST_ACCOUNT, GP from samba.auth import AUTH_SESSION_INFO_DEFAULT_GROUPS, AUTH_SESSION_INFO_AUTHENTICATED, AUTH_SESSION_INFO_SIMPLE_PRIVILEGES from samba.dcerpc import security import
[SCM] Samba Shared Repository - annotated tag samba-4.20.0rc4 created
The annotated tag, samba-4.20.0rc4 has been created at eb4171e9c4fbb452070e2d57086fbc7296431201 (tag) tagging 964c0e97e7aee4ae8a0b1d0d9a7825e91071e7d6 (commit) replaces samba-4.20.0rc3 tagged by Jule Anger on Mon Mar 11 16:00:43 2024 +0100 - Log - samba: tag release samba-4.20.0rc4 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmXvHJsACgkQqplEL7aA tiCYGxAAqosl+jgaCbvM0X1huTShHCc+owXU++1gpJAjZegYxdctNx9OEo83Bcgc nMjDsGnHBwA/8q6DM+Icmbx+Z5hyA/C7/QTCKgk0XEQO/pdP1fde/FPlqPpW5o14 KnqEbXIBfVHf6DvPr+3QWkWKo7cNwOiDXPuLnh3yBDXrwNcU+CY6ffSJof9k58dt dIfv462FZ8xJxo1cvjijdA13HqH00tNrnKmjhmEWGyXBEk8D/yOlUQ6aLYIw+NgN bS7aLuT2n9KH+qXPByQRnO798avdAx2epWlNQ+6kpkBo5CPxn6zsk7yXoRL1kpd3 m4+2s4dxUkwJAt8BA8dIYhr9zm3NbChGe62O1EtXKaUg7kLJ+d8z+e3o/M1ZMcMR B59UAaO6Runr9czLbzSO9Nri8ny00nwgPw1PvLyD13XYGuLa1ZH8Gz6+h74RoVJx c/Rtj0PSaqMvxQw+SFWSpOtV+2nocNVJ2uSHbCJ63KviqZdfMJrziVVdl6iEVNQg uN5q4/0+aKDbl3nd5E9KREdRI7+0vdvVSva4/2fdMaBhVdrNCzGETgeY+52kl7Wc 6ec7HpiG0cNvXESxuQ5eOGa90O0U84FhRKUpmO3mGuoMylbolm2CsGzKOpmAhDoG Xsni9xjYhR5n7YfbFR3dWzTAYyu4qz7RaHVZg2p3QxLwXSSuizY= =Yqha -END PGP SIGNATURE- Andreas Schneider (2): librpc:idl: Make netlogon_samlogon_response public python:gp: Implement client site lookup in site_dn_for_machine() Jule Anger (3): VERSION: Bump version up to Samba 4.20.0rc4... WHATSNEW: Add release notes for Samba 4.20.0rc4. VERSION: Disable GIT_SNAPSHOT for the 4.20.0rc4 release. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via 4d1536f86b9 VERSION: Bump version up to Samba 4.20.0rc5... via 964c0e97e7a VERSION: Disable GIT_SNAPSHOT for the 4.20.0rc4 release. via f485def8104 WHATSNEW: Add release notes for Samba 4.20.0rc4. from 03b6dae6630 python:gp: Implement client site lookup in site_dn_for_machine() https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit 4d1536f86b9281711ce458db28bf699120549607 Author: Jule Anger Date: Mon Mar 11 15:54:24 2024 +0100 VERSION: Bump version up to Samba 4.20.0rc5... and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger commit 964c0e97e7aee4ae8a0b1d0d9a7825e91071e7d6 Author: Jule Anger Date: Mon Mar 11 15:53:57 2024 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.20.0rc4 release. Signed-off-by: Jule Anger commit f485def81040ef8ed761d9a9687545e97a865a3a Author: Jule Anger Date: Mon Mar 11 15:53:16 2024 +0100 WHATSNEW: Add release notes for Samba 4.20.0rc4. Signed-off-by: Jule Anger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 9 - 2 files changed, 9 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index efb4d171a6f..35bf60077a8 100644 --- a/VERSION +++ b/VERSION @@ -89,7 +89,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=4 +SAMBA_VERSION_RC_RELEASE=5 # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index f540dc555c0..dd80f116a10 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements = -This is the third release candidate of Samba 4.20. This is *not* +This is the fourth release candidate of Samba 4.20. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. @@ -214,6 +214,13 @@ smb.conf changes acl claims evaluation new AD DC only +CHANGES SINCE 4.20.0rc3 +=== + +o Andreas Schneider + * BUG 15588: samba-gpupdate: Correctly implement site support. + + CHANGES SINCE 4.20.0rc2 === -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via 03b6dae6630 python:gp: Implement client site lookup in site_dn_for_machine() via e51e72dd14a librpc:idl: Make netlogon_samlogon_response public from a09d0ba6eb2 VERSION: Bump version up to Samba 4.20.0rc4... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit 03b6dae6630c6de85af1f20276df11e67d7601e2 Author: Andreas Schneider Date: Wed Feb 21 09:10:47 2024 +0100 python:gp: Implement client site lookup in site_dn_for_machine() This is [MS-GPOL] 3.2.5.1.4 Site Search. The netr_DsRGetSiteName() needs to run over local rpc, however we do not have the call implemented in our rpc_server. What netr_DsRGetSiteName() actually does is an ldap query to get the sitename, we can just do the same. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15588 Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett (cherry picked from commit e4c3c61302b12419f041867b58350f11dc800318) Autobuild-User(v4-20-test): Jule Anger Autobuild-Date(v4-20-test): Fri Mar 1 09:01:06 UTC 2024 on atb-devel-224 commit e51e72dd14afa3e299a54c430f4b4b1e2b17 Author: Andreas Schneider Date: Wed Feb 21 08:56:06 2024 +0100 librpc:idl: Make netlogon_samlogon_response public This is required that we can use it with ndrdump or in python to decode a NETLOGON_SAM_LOGON_RESPONSE_EX ldap response. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15588 Signed-off-by: Andreas Schneider Pair-Programmed-With: Guenther Deschner Reviewed-by: Andrew Bartlett (cherry picked from commit e758425869729a43136ae51e6baecb2061d1525b) --- Summary of changes: librpc/idl/nbt.idl | 2 +- librpc/ndr/ndr_nbt.c | 2 +- librpc/ndr/ndr_nbt.h | 2 +- python/samba/gp/gpclass.py | 68 ++ 4 files changed, 48 insertions(+), 26 deletions(-) Changeset truncated at 500 lines: diff --git a/librpc/idl/nbt.idl b/librpc/idl/nbt.idl index 11814e7970e..46be2eae7e2 100644 --- a/librpc/idl/nbt.idl +++ b/librpc/idl/nbt.idl @@ -490,7 +490,7 @@ interface nbt [case(NETLOGON_NT_VERSION_5EX)] NETLOGON_SAM_LOGON_RESPONSE_EX nt5_ex; } netlogon_samlogon_response_union; - typedef [nopush,nopull] struct { + typedef [nopush,nopull,noprint,public] struct { uint32 ntver; [switch_is(ntver)] netlogon_samlogon_response_union data; } netlogon_samlogon_response; diff --git a/librpc/ndr/ndr_nbt.c b/librpc/ndr/ndr_nbt.c index eb186810785..6f54198ffbc 100644 --- a/librpc/ndr/ndr_nbt.c +++ b/librpc/ndr/ndr_nbt.c @@ -392,7 +392,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netlogon_samlogon_response(struct ndr_pull * return NDR_ERR_SUCCESS; } -_PUBLIC_ void ndr_print_netlogon_samlogon_response(struct ndr_print *ndr, const char *name, struct netlogon_samlogon_response *r) +_PUBLIC_ void ndr_print_netlogon_samlogon_response(struct ndr_print *ndr, const char *name, const struct netlogon_samlogon_response *r) { ndr_print_struct(ndr, name, "netlogon_samlogon_response"); if (r == NULL) { ndr_print_null(ndr); return; } diff --git a/librpc/ndr/ndr_nbt.h b/librpc/ndr/ndr_nbt.h index c38422fff6b..00ee8a17364 100644 --- a/librpc/ndr/ndr_nbt.h +++ b/librpc/ndr/ndr_nbt.h @@ -37,6 +37,6 @@ enum ndr_err_code ndr_pull_NETLOGON_SAM_LOGON_RESPONSE_EX_with_flags(struct ndr_ uint32_t nt_version_flags); enum ndr_err_code ndr_push_netlogon_samlogon_response(struct ndr_push *ndr, ndr_flags_type ndr_flags, const struct netlogon_samlogon_response *r); enum ndr_err_code ndr_pull_netlogon_samlogon_response(struct ndr_pull *ndr, ndr_flags_type ndr_flags, struct netlogon_samlogon_response *r); -void ndr_print_netlogon_samlogon_response(struct ndr_print *ndr, const char *name, struct netlogon_samlogon_response *r); +void ndr_print_netlogon_samlogon_response(struct ndr_print *ndr, const char *name, const struct netlogon_samlogon_response *r); #endif /* _LIBRPC_NDR_NDR_NBT_H */ diff --git a/python/samba/gp/gpclass.py b/python/samba/gp/gpclass.py index 26c2386847e..08be472e707 100644 --- a/python/samba/gp/gpclass.py +++ b/python/samba/gp/gpclass.py @@ -49,7 +49,7 @@ from samba.dsdb import UF_WORKSTATION_TRUST_ACCOUNT, UF_SERVER_TRUST_ACCOUNT, GP from samba.auth import AUTH_SESSION_INFO_DEFAULT_GROUPS, AUTH_SESSION_INFO_AUTHENTICATED, AUTH_SESSION_INFO_SIMPLE_PRIVILEGES from samba.dcerpc import security import samba.security -from samba.dcerpc import netlogon +from samba.dcerpc import nbt from datetime import datetime @@ -611,12 +611,6 @@ def get_dc_hostname
[SCM] Samba Shared Repository - branch v4-19-test updated
The branch, v4-19-test has been updated via 8ea3973ad40 python:gp: Implement client site lookup in site_dn_for_machine() via 111e85a589c librpc:idl: Make netlogon_samlogon_response public from eebe6d8c890 ctdb-protocol: Add missing push support for new controls https://git.samba.org/?p=samba.git;a=shortlog;h=v4-19-test - Log - commit 8ea3973ad4025c460b5e0da8d67a3deec734e7c6 Author: Andreas Schneider Date: Wed Feb 21 09:10:47 2024 +0100 python:gp: Implement client site lookup in site_dn_for_machine() This is [MS-GPOL] 3.2.5.1.4 Site Search. The netr_DsRGetSiteName() needs to run over local rpc, however we do not have the call implemented in our rpc_server. What netr_DsRGetSiteName() actually does is an ldap query to get the sitename, we can just do the same. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15588 Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett (cherry picked from commit e4c3c61302b12419f041867b58350f11dc800318) Autobuild-User(v4-19-test): Jule Anger Autobuild-Date(v4-19-test): Fri Mar 1 08:52:55 UTC 2024 on atb-devel-224 commit 111e85a589cbe4ff5ce2f42e8ebfb3048d30374f Author: Andreas Schneider Date: Wed Feb 21 08:56:06 2024 +0100 librpc:idl: Make netlogon_samlogon_response public This is required that we can use it with ndrdump or in python to decode a NETLOGON_SAM_LOGON_RESPONSE_EX ldap response. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15588 Signed-off-by: Andreas Schneider Pair-Programmed-With: Guenther Deschner Reviewed-by: Andrew Bartlett (cherry picked from commit e758425869729a43136ae51e6baecb2061d1525b) --- Summary of changes: librpc/idl/nbt.idl | 2 +- librpc/ndr/ndr_nbt.c | 2 +- librpc/ndr/ndr_nbt.h | 2 +- python/samba/gp/gpclass.py | 68 ++ 4 files changed, 48 insertions(+), 26 deletions(-) Changeset truncated at 500 lines: diff --git a/librpc/idl/nbt.idl b/librpc/idl/nbt.idl index 11814e7970e..46be2eae7e2 100644 --- a/librpc/idl/nbt.idl +++ b/librpc/idl/nbt.idl @@ -490,7 +490,7 @@ interface nbt [case(NETLOGON_NT_VERSION_5EX)] NETLOGON_SAM_LOGON_RESPONSE_EX nt5_ex; } netlogon_samlogon_response_union; - typedef [nopush,nopull] struct { + typedef [nopush,nopull,noprint,public] struct { uint32 ntver; [switch_is(ntver)] netlogon_samlogon_response_union data; } netlogon_samlogon_response; diff --git a/librpc/ndr/ndr_nbt.c b/librpc/ndr/ndr_nbt.c index 8ed9f0a5f05..96956fdb005 100644 --- a/librpc/ndr/ndr_nbt.c +++ b/librpc/ndr/ndr_nbt.c @@ -392,7 +392,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netlogon_samlogon_response(struct ndr_pull * return NDR_ERR_SUCCESS; } -_PUBLIC_ void ndr_print_netlogon_samlogon_response(struct ndr_print *ndr, const char *name, struct netlogon_samlogon_response *r) +_PUBLIC_ void ndr_print_netlogon_samlogon_response(struct ndr_print *ndr, const char *name, const struct netlogon_samlogon_response *r) { ndr_print_struct(ndr, name, "netlogon_samlogon_response"); if (r == NULL) { ndr_print_null(ndr); return; } diff --git a/librpc/ndr/ndr_nbt.h b/librpc/ndr/ndr_nbt.h index 7c06301d02b..9297876b2b3 100644 --- a/librpc/ndr/ndr_nbt.h +++ b/librpc/ndr/ndr_nbt.h @@ -37,6 +37,6 @@ enum ndr_err_code ndr_pull_NETLOGON_SAM_LOGON_RESPONSE_EX_with_flags(struct ndr_ uint32_t nt_version_flags); enum ndr_err_code ndr_push_netlogon_samlogon_response(struct ndr_push *ndr, int ndr_flags, const struct netlogon_samlogon_response *r); enum ndr_err_code ndr_pull_netlogon_samlogon_response(struct ndr_pull *ndr, int ndr_flags, struct netlogon_samlogon_response *r); -void ndr_print_netlogon_samlogon_response(struct ndr_print *ndr, const char *name, struct netlogon_samlogon_response *r); +void ndr_print_netlogon_samlogon_response(struct ndr_print *ndr, const char *name, const struct netlogon_samlogon_response *r); #endif /* _LIBRPC_NDR_NDR_NBT_H */ diff --git a/python/samba/gp/gpclass.py b/python/samba/gp/gpclass.py index babd8f90748..d9dcbeb3cfe 100644 --- a/python/samba/gp/gpclass.py +++ b/python/samba/gp/gpclass.py @@ -51,7 +51,7 @@ from samba.dsdb import UF_WORKSTATION_TRUST_ACCOUNT, UF_SERVER_TRUST_ACCOUNT, GP from samba.auth import AUTH_SESSION_INFO_DEFAULT_GROUPS, AUTH_SESSION_INFO_AUTHENTICATED, AUTH_SESSION_INFO_SIMPLE_PRIVILEGES from samba.dcerpc import security import samba.security -from samba.dcerpc import netlogon +from samba.dcerpc import nbt try: @@ -582,12 +582,6 @@ def get_dc_hostname(creds, lp): nbt.NBT_SERVER_DS))
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 6c2a8b4 NEWS[4.20.0rc3]: Samba 4.20.0rc3 Available for Download from 11f39d0 NEWS[4.19.5]: Samba 4.19.5 Available for Download https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 6c2a8b43fc453a0c94b8410b6e8721dee1023dcf Author: Jule Anger Date: Mon Feb 26 12:45:05 2024 +0100 NEWS[4.20.0rc3]: Samba 4.20.0rc3 Available for Download Signed-off-by: Jule Anger --- Summary of changes: posted_news/20240226-114717.4.20.0rc3.body.html | 12 posted_news/20240226-114717.4.20.0rc3.headline.html | 3 +++ 2 files changed, 15 insertions(+) create mode 100644 posted_news/20240226-114717.4.20.0rc3.body.html create mode 100644 posted_news/20240226-114717.4.20.0rc3.headline.html Changeset truncated at 500 lines: diff --git a/posted_news/20240226-114717.4.20.0rc3.body.html b/posted_news/20240226-114717.4.20.0rc3.body.html new file mode 100644 index 000..fac8863 --- /dev/null +++ b/posted_news/20240226-114717.4.20.0rc3.body.html @@ -0,0 +1,12 @@ + +26 February 2024 +Samba 4.20.0rc3 Available for Download + +This is the third release candidate of the upcoming Samba 4.20 release series. + + +The uncompressed tarball has been signed using GnuPG (ID AA99442FB680B620). +The source code can be https://download.samba.org/pub/samba/rc/samba-4.20.0rc3.tar.gz;>downloaded now. +See https://download.samba.org/pub/samba/rc/samba-4.20.0rc3.WHATSNEW.txt;>the release notes for more info. + + diff --git a/posted_news/20240226-114717.4.20.0rc3.headline.html b/posted_news/20240226-114717.4.20.0rc3.headline.html new file mode 100644 index 000..5a2ee5c --- /dev/null +++ b/posted_news/20240226-114717.4.20.0rc3.headline.html @@ -0,0 +1,3 @@ + + 26 February 2024 Samba 4.20.0rc3 Available for Download + -- Samba Website Repository
[SCM] Samba Shared Repository - branch v4-20-stable updated
The branch, v4-20-stable has been updated via 17bab5c0774 VERSION: Disable GIT_SNAPSHOT for the 4.20.0rc3 release. via f3da62a2bba WHATSNEW: Add release notes for Samba 4.20.0rc3. via 253c5585c91 s3/rpc_client: Fix array offset check via 1ab3de6f46e s3/rpc_client: Ensure max possible row buffer size is not exceeded via 3e226dd1cd5 idl: Add constant for max rows buffer size via c1016224041 s3/rpc_client: cleanup unmarshalling of variant types from row columns via 77cbdf342ca s3/utils: use full 64 bit address for getrows (with 64bit offsets) via ec239d16a97 s3/rpc_client: Remove stray unnecessary comment via 3d47cae71d9 s3/rpc_client: change type of offset to uint64_t via 7107b233346 ctdb-protocol: Add missing push support for new controls via 22e56d9ea2d python: Remove ‘typing.Final’ via 9366f554862 python: do not make use of typing.Final for python 3.6 via 858090913e3 docs-xml: document "smb3 share cap:{CONTINUOUS AVAILABILITY,SCALE OUT,CLUSTER,ASYMMETRIC}" via d8e056d8b0d smb2_tcon: only announce SMB3 related share capabilities if SMB3 is used via 3a8a86adc66 smb2_tcon: only announce SMB2_SHARE_CAP_CLUSTER if rpcd_witness can run via 87e56ada0db docs-xml: add details for 'net witness' via c4e4d41f0ac s3:utils: fix help string for 'net witness force-response' via f9c0968743d ctdb/events: add 47.samba-dcerpcd.script via bc89a069b3c ctdb/events: use 'service "$CTDB_SERVICE_NMB" status' in 48.netbios.script via d998b68af68 VERSION: Bump version up to Samba 4.20.0rc3... from 0167b75a5b2 VERSION: Disable GIT_SNAPSHOT for the 4.20.0rc2 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-stable - Log - --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 23 +- ctdb/config/events/legacy/47.samba-dcerpcd.script | 66 +++ ctdb/config/events/legacy/48.netbios.script | 11 + ctdb/protocol/protocol_control.c | 8 + ctdb/tests/src/protocol_common_ctdb.c | 33 ++ ctdb/tests/src/protocol_ctdb_test.c | 2 +- docs-xml/manpages/net.8.xml | 567 ++ docs-xml/smbdotconf/protocol/smb3sharecaps.xml| 202 librpc/idl/wsp_data.idl | 5 + python/samba/gkdi.py | 16 +- python/samba/nt_time.py | 8 +- python/samba/tests/gkdi.py| 4 +- source3/rpc_client/wsp_cli.c | 127 +++-- source3/smbd/smb2_tcon.c | 20 +- source3/utils/net_witness.c | 2 +- source3/utils/wspsearch.c | 22 +- 17 files changed, 1059 insertions(+), 59 deletions(-) create mode 100755 ctdb/config/events/legacy/47.samba-dcerpcd.script create mode 100644 docs-xml/smbdotconf/protocol/smb3sharecaps.xml Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 12917e08428..efcf3f379e6 100644 --- a/VERSION +++ b/VERSION @@ -89,7 +89,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=2 +SAMBA_VERSION_RC_RELEASE=3 # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index de3b0f03d49..f540dc555c0 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements = -This is the second release candidate of Samba 4.20. This is *not* +This is the third release candidate of Samba 4.20. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. @@ -214,6 +214,27 @@ smb.conf changes acl claims evaluation new AD DC only +CHANGES SINCE 4.20.0rc2 +=== + +o Rob van der Linde + * BUG 15575: Remove unsupported "Final" keyword missing from Python 3.6. + +o Stefan Metzmacher + * BUG 15577: Additional witness backports for 4.20.0. + +o Noel Power + * BUG 15579: Error output with wspsearch. + +o Martin Schwenke + * BUG 15580: Packet marshalling push support missing for + CTDB_CONTROL_TCP_CLIENT_DISCONNECTED and + CTDB_CONTROL_TCP_CLIENT_PASSED. + +o Jo Sutton + * BUG 15575: Remove unsupported "Final" keyword missing from Python 3.6. + + CHANGES SINCE 4.20.0rc1 === diff --git
[SCM] Samba Shared Repository - annotated tag samba-4.20.0rc3 created
The annotated tag, samba-4.20.0rc3 has been created at b9aa026d652349997cb7eedb2aa34edf86ce3170 (tag) tagging 17bab5c077450626e90331d38e4b6b8586a1c80b (commit) replaces samba-4.20.0rc2 tagged by Jule Anger on Mon Feb 26 12:44:49 2024 +0100 - Log - samba: tag release samba-4.20.0rc3 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmXcebEACgkQqplEL7aA tiAxEA//fMA8BYN8paS1sG1eaT6JwPajvPfvBbnAUwJvV/A/vtFOV5CzSeugKuY1 a1FEC+4Bd22ClgJ/WB57Qs6nZQWIOx5G57uu1EjrwZDAeX2aN0rotBGSb0uJU/f7 RUoEzqQ8jWtBE/NhE3F1DHhEEV0p1PLk7EmCY0glQgCPIa4Qd21LG88Drrx/TrrC G8ZApFunYRgErvmXpiv1cJEYfr4HiBig2+s55rwrQZ+xJnPw3BQmuvrlE0KfWE1X aX8NGTYw86nyuGwRepDeFHSV8Lx/VhHBufWnvXqkBbI46OwpgV5bLf3xUu/LWdh2 TXcqul/X0IYck/kO9Zrw+Yn/3BOSmlo65fsIE68EOVqLH+xGBINEC67VWYy5+UaI FnLfVD4JBvJ31L1AoCAc6vmYe1jlQ3aQNnU5w8O7IiiTeGtFVkcJGZPs1zl5uRfl yCpuA3LE81P9A5wJXkZSlNF/0pghFap9kD4EpVSlXOheZ+eyhZ+P5ZXGTUIPe9e0 l9b8yTdA4kMkOdabu7Mds7X0rgB6zdExFImWzZ8SrxpxUBuk5cn/O32y/GFatS3t qjA/OnPxp7XsteK6PqxsvhNBjOObvRNB4Bvaa+fs9klAPiECTH4+XqYgy0AAq5dG i5RaU+0ng2wvuJ4cfQ7o8EKMzwa1B4sTm1QSow4DdvA8zWsMCjQ= =6xip -END PGP SIGNATURE- Jo Sutton (1): python: Remove ‘typing.Final’ Jule Anger (3): VERSION: Bump version up to Samba 4.20.0rc3... WHATSNEW: Add release notes for Samba 4.20.0rc3. VERSION: Disable GIT_SNAPSHOT for the 4.20.0rc3 release. Martin Schwenke (1): ctdb-protocol: Add missing push support for new controls Noel Power (7): s3/rpc_client: change type of offset to uint64_t s3/rpc_client: Remove stray unnecessary comment s3/utils: use full 64 bit address for getrows (with 64bit offsets) s3/rpc_client: cleanup unmarshalling of variant types from row columns idl: Add constant for max rows buffer size s3/rpc_client: Ensure max possible row buffer size is not exceeded s3/rpc_client: Fix array offset check Rob van der Linde (1): python: do not make use of typing.Final for python 3.6 Stefan Metzmacher (7): ctdb/events: use 'service "$CTDB_SERVICE_NMB" status' in 48.netbios.script ctdb/events: add 47.samba-dcerpcd.script s3:utils: fix help string for 'net witness force-response' docs-xml: add details for 'net witness' smb2_tcon: only announce SMB2_SHARE_CAP_CLUSTER if rpcd_witness can run smb2_tcon: only announce SMB3 related share capabilities if SMB3 is used docs-xml: document "smb3 share cap:{CONTINUOUS AVAILABILITY,SCALE OUT,CLUSTER,ASYMMETRIC}" --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via a09d0ba6eb2 VERSION: Bump version up to Samba 4.20.0rc4... via 17bab5c0774 VERSION: Disable GIT_SNAPSHOT for the 4.20.0rc3 release. via f3da62a2bba WHATSNEW: Add release notes for Samba 4.20.0rc3. from 253c5585c91 s3/rpc_client: Fix array offset check https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit a09d0ba6eb2a7303a9186af202bd52c16724a737 Author: Jule Anger Date: Mon Feb 26 12:36:59 2024 +0100 VERSION: Bump version up to Samba 4.20.0rc4... and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger commit 17bab5c077450626e90331d38e4b6b8586a1c80b Author: Jule Anger Date: Mon Feb 26 12:36:25 2024 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.20.0rc3 release. Signed-off-by: Jule Anger commit f3da62a2bba94b883c24384631077504f5089561 Author: Jule Anger Date: Mon Feb 26 12:35:56 2024 +0100 WHATSNEW: Add release notes for Samba 4.20.0rc3. Signed-off-by: Jule Anger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 23 ++- 2 files changed, 23 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 486a47b8f52..efb4d171a6f 100644 --- a/VERSION +++ b/VERSION @@ -89,7 +89,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=3 +SAMBA_VERSION_RC_RELEASE=4 # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index de3b0f03d49..f540dc555c0 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements = -This is the second release candidate of Samba 4.20. This is *not* +This is the third release candidate of Samba 4.20. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. @@ -214,6 +214,27 @@ smb.conf changes acl claims evaluation new AD DC only +CHANGES SINCE 4.20.0rc2 +=== + +o Rob van der Linde + * BUG 15575: Remove unsupported "Final" keyword missing from Python 3.6. + +o Stefan Metzmacher + * BUG 15577: Additional witness backports for 4.20.0. + +o Noel Power + * BUG 15579: Error output with wspsearch. + +o Martin Schwenke + * BUG 15580: Packet marshalling push support missing for + CTDB_CONTROL_TCP_CLIENT_DISCONNECTED and + CTDB_CONTROL_TCP_CLIENT_PASSED. + +o Jo Sutton + * BUG 15575: Remove unsupported "Final" keyword missing from Python 3.6. + + CHANGES SINCE 4.20.0rc1 === -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via 253c5585c91 s3/rpc_client: Fix array offset check via 1ab3de6f46e s3/rpc_client: Ensure max possible row buffer size is not exceeded via 3e226dd1cd5 idl: Add constant for max rows buffer size via c1016224041 s3/rpc_client: cleanup unmarshalling of variant types from row columns via 77cbdf342ca s3/utils: use full 64 bit address for getrows (with 64bit offsets) via ec239d16a97 s3/rpc_client: Remove stray unnecessary comment via 3d47cae71d9 s3/rpc_client: change type of offset to uint64_t from 7107b233346 ctdb-protocol: Add missing push support for new controls https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit 253c5585c91172ebe5cca9ca59ff30a82fbf3fd3 Author: Noel Power Date: Thu Feb 8 14:05:43 2024 + s3/rpc_client: Fix array offset check Previous to this commit we were modifying the offset before the array offset check. This was causing a spurious debug message indicating the offset was out of bounds. An second problem is that upon detecting the error we don't exit the loop. A third problem was that when reading the offset the check didn't cater for the size of the integer address about to be read. This commit moves the offset check to before the first read, additionally when an error is detected now we actually exit the loop and the offset have been corrected to include the size of the integer to be read BUG: https://bugzilla.samba.org/show_bug.cgi?id=15579 Signed-off-by: Noel Power Reviewed-by: Volker Lendecke Autobuild-User(master): Volker Lendecke Autobuild-Date(master): Sat Feb 17 17:58:43 UTC 2024 on atb-devel-224 (cherry picked from commit 885850b6aaabf089f422b1b015481a0ccff4f90e) Autobuild-User(v4-20-test): Jule Anger Autobuild-Date(v4-20-test): Mon Feb 26 10:37:37 UTC 2024 on atb-devel-224 commit 1ab3de6f46e61281348f9275e0ae490b53591845 Author: Noel Power Date: Wed Feb 14 11:19:39 2024 + s3/rpc_client: Ensure max possible row buffer size is not exceeded The max buf size of rows buffer should not exceed 0x4000. Ensuring this value is within limits means we can safely use uint32_t offsets. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15579 Signed-off-by: Noel Power Reviewed-by: Volker Lendecke (cherry picked from commit f487211706a74d516bf447ed393222b4c0dce7b0) commit 3e226dd1cd531dd070c866757e5f79492ce2b664 Author: Noel Power Date: Wed Feb 14 12:01:28 2024 + idl: Add constant for max rows buffer size BUG: https://bugzilla.samba.org/show_bug.cgi?id=15579 Signed-off-by: Noel Power Reviewed-by: Volker Lendecke (cherry picked from commit 01e901ef869a1a87fba0e67bce311dbeb199b717) commit c1016224041060419f26a88e457fa8ac71e5bc12 Author: Noel Power Date: Wed Jan 10 14:43:58 2024 + s3/rpc_client: cleanup unmarshalling of variant types from row columns Prior to this change fn 'extract_variant_addresses' actually returns offsets to the variant stored not the addresses, additionally the param in the signature of the method is named offset where the param in reality is a base address. This change makes fn 'extract_variant_addresses' actually return addresses instead of offsets and also changes the name of the incoming param. The resulting changes are propaged to callers which hopefully makes what the code is actually doing a little clearer Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett Autobuild-User(master): Noel Power Autobuild-Date(master): Tue Jan 30 17:22:37 UTC 2024 on atb-devel-224 (cherry picked from commit 9b2f2302ee4828ae54f5903a3bf649ffd255fb4a) commit 77cbdf342ca05a8f21c316e58395576e954d857b Author: Noel Power Date: Mon Jan 8 15:56:38 2024 + s3/utils: use full 64 bit address for getrows (with 64bit offsets) if 64bit offsets are used the hi 32-bits of address are stored in the ulreserved2 member of the message header field and the low 32-bits are stored in the ulclientbase member of the cpmgetrows message Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett (cherry picked from commit 6ecb614b8ec6953ba15e8061fce9b395615b035a) commit ec239d16a970daae26acadb0c4a732e349e3435d Author: Noel Power Date: Wed Jan 10 10:59:23 2024 + s3/rpc_client: Remove stray unnecessary comment Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett (cherry picked from commit efa60ff3105ac806d2a5d82dd0615ddb7578) commit 3d47cae71d953e05e793ca5dd392fa6e260e23e0 Author: Noel Power Date: Mon Jan 8 15:12:35 2024 + s3/rpc_client: change type of offset to uint64_t Offset can be a 32 or 64 bit address depending on the indexing
[SCM] Samba Shared Repository - branch v4-19-test updated
The branch, v4-19-test has been updated via eebe6d8c890 ctdb-protocol: Add missing push support for new controls from 19e7ea8ffa8 VERSION: Bump version up to Samba 4.19.6... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-19-test - Log - commit eebe6d8c890bb6a6cc35657e38ddde0319c1f4a6 Author: Martin Schwenke Date: Fri Feb 9 17:29:46 2024 +1100 ctdb-protocol: Add missing push support for new controls CTDB_CONTROL_TCP_CLIENT_DISCONNECTED and CTDB_CONTROL_TCP_CLIENT_PASSED were added in commits c6602b686b4e50d93272667ef86d3904181fb1ab and 037e8e449deb136ad5ed5e4de05439411b545b6d. They were missing test support for the packet push/pull. While adding the testing (for completeness, before adding another new control) I noticed that the push functionality was absent. This adds that, along with the test support. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15580 Signed-off-by: Martin Schwenke Reviewed-by: Volker Lendecke Autobuild-User(master): Volker Lendecke Autobuild-Date(master): Mon Feb 19 10:21:48 UTC 2024 on atb-devel-224 (cherry picked from commit dd9b11acbc4fbde1941719968aeb463b853b0ffb) Autobuild-User(v4-19-test): Jule Anger Autobuild-Date(v4-19-test): Mon Feb 26 09:59:42 UTC 2024 on atb-devel-224 --- Summary of changes: ctdb/protocol/protocol_control.c | 8 ctdb/tests/src/protocol_common_ctdb.c | 33 + ctdb/tests/src/protocol_ctdb_test.c | 2 +- 3 files changed, 42 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/ctdb/protocol/protocol_control.c b/ctdb/protocol/protocol_control.c index 83ed6cb4ee1..e4491159937 100644 --- a/ctdb/protocol/protocol_control.c +++ b/ctdb/protocol/protocol_control.c @@ -693,6 +693,14 @@ static void ctdb_req_control_data_push(struct ctdb_req_control_data *cd, case CTDB_CONTROL_ECHO_DATA: ctdb_echo_data_push(cd->data.echo_data, buf, ); break; + + case CTDB_CONTROL_TCP_CLIENT_DISCONNECTED: + ctdb_connection_push(cd->data.conn, buf, ); + break; + + case CTDB_CONTROL_TCP_CLIENT_PASSED: + ctdb_connection_push(cd->data.conn, buf, ); + break; } *npush = np; diff --git a/ctdb/tests/src/protocol_common_ctdb.c b/ctdb/tests/src/protocol_common_ctdb.c index 384076824a4..8a8e114f67a 100644 --- a/ctdb/tests/src/protocol_common_ctdb.c +++ b/ctdb/tests/src/protocol_common_ctdb.c @@ -593,6 +593,19 @@ void fill_ctdb_req_control_data(TALLOC_CTX *mem_ctx, case CTDB_CONTROL_ENABLE_NODE: break; + + case CTDB_CONTROL_TCP_CLIENT_DISCONNECTED: + cd->data.conn = talloc(mem_ctx, struct ctdb_connection); + assert(cd->data.conn != NULL); + fill_ctdb_connection(mem_ctx, cd->data.conn); + break; + + case CTDB_CONTROL_TCP_CLIENT_PASSED: + cd->data.conn = talloc(mem_ctx, struct ctdb_connection); + assert(cd->data.conn != NULL); + fill_ctdb_connection(mem_ctx, cd->data.conn); + break; + } } @@ -982,6 +995,14 @@ void verify_ctdb_req_control_data(struct ctdb_req_control_data *cd, case CTDB_CONTROL_ENABLE_NODE: break; + + case CTDB_CONTROL_TCP_CLIENT_DISCONNECTED: + verify_ctdb_connection(cd->data.conn, cd2->data.conn); + break; + + case CTDB_CONTROL_TCP_CLIENT_PASSED: + verify_ctdb_connection(cd->data.conn, cd2->data.conn); + break; } } @@ -1378,6 +1399,12 @@ void fill_ctdb_reply_control_data(TALLOC_CTX *mem_ctx, case CTDB_CONTROL_ENABLE_NODE: break; + + case CTDB_CONTROL_TCP_CLIENT_DISCONNECTED: + break; + + case CTDB_CONTROL_TCP_CLIENT_PASSED: + break; } } @@ -1715,6 +1742,12 @@ void verify_ctdb_reply_control_data(struct ctdb_reply_control_data *cd, case CTDB_CONTROL_ENABLE_NODE: break; + + case CTDB_CONTROL_TCP_CLIENT_DISCONNECTED: + break; + + case CTDB_CONTROL_TCP_CLIENT_PASSED: + break; } } diff --git a/ctdb/tests/src/protocol_ctdb_test.c b/ctdb/tests/src/protocol_ctdb_test.c index f6fb5134a00..840d465ae30 100644 --- a/ctdb/tests/src/protocol_ctdb_test.c +++ b/ctdb/tests/src/protocol_ctdb_test.c @@ -277,7 +277,7 @@ PROTOCOL_CTDB4_TEST(struct ctdb_req_dmaster, ctdb_req_dmaster, PROTOCOL_CTDB4_TEST(struct ctdb_reply_dmaster, ctdb_reply_dmaster, CTDB_REPLY_DMASTER); -#define NUM_CONTROLS 159 +#define NUM_CONTROLS 161 PROTOCOL_CTDB2_TEST(struct ctdb_
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via 7107b233346 ctdb-protocol: Add missing push support for new controls from 22e56d9ea2d python: Remove ‘typing.Final’ https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit 7107b233346f8540384a39b50c4f01ce3f5d2dc3 Author: Martin Schwenke Date: Fri Feb 9 17:29:46 2024 +1100 ctdb-protocol: Add missing push support for new controls CTDB_CONTROL_TCP_CLIENT_DISCONNECTED and CTDB_CONTROL_TCP_CLIENT_PASSED were added in commits c6602b686b4e50d93272667ef86d3904181fb1ab and 037e8e449deb136ad5ed5e4de05439411b545b6d. They were missing test support for the packet push/pull. While adding the testing (for completeness, before adding another new control) I noticed that the push functionality was absent. This adds that, along with the test support. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15580 Signed-off-by: Martin Schwenke Reviewed-by: Volker Lendecke Autobuild-User(master): Volker Lendecke Autobuild-Date(master): Mon Feb 19 10:21:48 UTC 2024 on atb-devel-224 (cherry picked from commit dd9b11acbc4fbde1941719968aeb463b853b0ffb) Autobuild-User(v4-20-test): Jule Anger Autobuild-Date(v4-20-test): Tue Feb 20 13:46:47 UTC 2024 on atb-devel-224 --- Summary of changes: ctdb/protocol/protocol_control.c | 8 ctdb/tests/src/protocol_common_ctdb.c | 33 + ctdb/tests/src/protocol_ctdb_test.c | 2 +- 3 files changed, 42 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/ctdb/protocol/protocol_control.c b/ctdb/protocol/protocol_control.c index 83ed6cb4ee1..e4491159937 100644 --- a/ctdb/protocol/protocol_control.c +++ b/ctdb/protocol/protocol_control.c @@ -693,6 +693,14 @@ static void ctdb_req_control_data_push(struct ctdb_req_control_data *cd, case CTDB_CONTROL_ECHO_DATA: ctdb_echo_data_push(cd->data.echo_data, buf, ); break; + + case CTDB_CONTROL_TCP_CLIENT_DISCONNECTED: + ctdb_connection_push(cd->data.conn, buf, ); + break; + + case CTDB_CONTROL_TCP_CLIENT_PASSED: + ctdb_connection_push(cd->data.conn, buf, ); + break; } *npush = np; diff --git a/ctdb/tests/src/protocol_common_ctdb.c b/ctdb/tests/src/protocol_common_ctdb.c index 384076824a4..8a8e114f67a 100644 --- a/ctdb/tests/src/protocol_common_ctdb.c +++ b/ctdb/tests/src/protocol_common_ctdb.c @@ -593,6 +593,19 @@ void fill_ctdb_req_control_data(TALLOC_CTX *mem_ctx, case CTDB_CONTROL_ENABLE_NODE: break; + + case CTDB_CONTROL_TCP_CLIENT_DISCONNECTED: + cd->data.conn = talloc(mem_ctx, struct ctdb_connection); + assert(cd->data.conn != NULL); + fill_ctdb_connection(mem_ctx, cd->data.conn); + break; + + case CTDB_CONTROL_TCP_CLIENT_PASSED: + cd->data.conn = talloc(mem_ctx, struct ctdb_connection); + assert(cd->data.conn != NULL); + fill_ctdb_connection(mem_ctx, cd->data.conn); + break; + } } @@ -982,6 +995,14 @@ void verify_ctdb_req_control_data(struct ctdb_req_control_data *cd, case CTDB_CONTROL_ENABLE_NODE: break; + + case CTDB_CONTROL_TCP_CLIENT_DISCONNECTED: + verify_ctdb_connection(cd->data.conn, cd2->data.conn); + break; + + case CTDB_CONTROL_TCP_CLIENT_PASSED: + verify_ctdb_connection(cd->data.conn, cd2->data.conn); + break; } } @@ -1378,6 +1399,12 @@ void fill_ctdb_reply_control_data(TALLOC_CTX *mem_ctx, case CTDB_CONTROL_ENABLE_NODE: break; + + case CTDB_CONTROL_TCP_CLIENT_DISCONNECTED: + break; + + case CTDB_CONTROL_TCP_CLIENT_PASSED: + break; } } @@ -1715,6 +1742,12 @@ void verify_ctdb_reply_control_data(struct ctdb_reply_control_data *cd, case CTDB_CONTROL_ENABLE_NODE: break; + + case CTDB_CONTROL_TCP_CLIENT_DISCONNECTED: + break; + + case CTDB_CONTROL_TCP_CLIENT_PASSED: + break; } } diff --git a/ctdb/tests/src/protocol_ctdb_test.c b/ctdb/tests/src/protocol_ctdb_test.c index f6fb5134a00..840d465ae30 100644 --- a/ctdb/tests/src/protocol_ctdb_test.c +++ b/ctdb/tests/src/protocol_ctdb_test.c @@ -277,7 +277,7 @@ PROTOCOL_CTDB4_TEST(struct ctdb_req_dmaster, ctdb_req_dmaster, PROTOCOL_CTDB4_TEST(struct ctdb_reply_dmaster, ctdb_reply_dmaster, CTDB_REPLY_DMASTER); -#define NUM_CONTROLS 159 +#define NUM_CONTROLS 161 PROTOCOL_CTDB2_TEST(struct ctdb_
[SCM] Samba Shared Repository - branch v4-18-test updated
The branch, v4-18-test has been updated via 081a6d5fc1d ctdb-protocol: Add missing push support for new controls from 18305d8d86c VERSION: Bump version up to Samba 4.18.11... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-18-test - Log - commit 081a6d5fc1df36a2d57dae6ecff8664396fac363 Author: Martin Schwenke Date: Fri Feb 9 17:29:46 2024 +1100 ctdb-protocol: Add missing push support for new controls CTDB_CONTROL_TCP_CLIENT_DISCONNECTED and CTDB_CONTROL_TCP_CLIENT_PASSED were added in commits c6602b686b4e50d93272667ef86d3904181fb1ab and 037e8e449deb136ad5ed5e4de05439411b545b6d. They were missing test support for the packet push/pull. While adding the testing (for completeness, before adding another new control) I noticed that the push functionality was absent. This adds that, along with the test support. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15580 Signed-off-by: Martin Schwenke Reviewed-by: Volker Lendecke Autobuild-User(master): Volker Lendecke Autobuild-Date(master): Mon Feb 19 10:21:48 UTC 2024 on atb-devel-224 (cherry picked from commit dd9b11acbc4fbde1941719968aeb463b853b0ffb) Autobuild-User(v4-18-test): Jule Anger Autobuild-Date(v4-18-test): Tue Feb 20 12:56:43 UTC 2024 on atb-devel-224 --- Summary of changes: ctdb/protocol/protocol_control.c | 8 ctdb/tests/src/protocol_common_ctdb.c | 33 + ctdb/tests/src/protocol_ctdb_test.c | 2 +- 3 files changed, 42 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/ctdb/protocol/protocol_control.c b/ctdb/protocol/protocol_control.c index 83ed6cb4ee1..e4491159937 100644 --- a/ctdb/protocol/protocol_control.c +++ b/ctdb/protocol/protocol_control.c @@ -693,6 +693,14 @@ static void ctdb_req_control_data_push(struct ctdb_req_control_data *cd, case CTDB_CONTROL_ECHO_DATA: ctdb_echo_data_push(cd->data.echo_data, buf, ); break; + + case CTDB_CONTROL_TCP_CLIENT_DISCONNECTED: + ctdb_connection_push(cd->data.conn, buf, ); + break; + + case CTDB_CONTROL_TCP_CLIENT_PASSED: + ctdb_connection_push(cd->data.conn, buf, ); + break; } *npush = np; diff --git a/ctdb/tests/src/protocol_common_ctdb.c b/ctdb/tests/src/protocol_common_ctdb.c index 384076824a4..8a8e114f67a 100644 --- a/ctdb/tests/src/protocol_common_ctdb.c +++ b/ctdb/tests/src/protocol_common_ctdb.c @@ -593,6 +593,19 @@ void fill_ctdb_req_control_data(TALLOC_CTX *mem_ctx, case CTDB_CONTROL_ENABLE_NODE: break; + + case CTDB_CONTROL_TCP_CLIENT_DISCONNECTED: + cd->data.conn = talloc(mem_ctx, struct ctdb_connection); + assert(cd->data.conn != NULL); + fill_ctdb_connection(mem_ctx, cd->data.conn); + break; + + case CTDB_CONTROL_TCP_CLIENT_PASSED: + cd->data.conn = talloc(mem_ctx, struct ctdb_connection); + assert(cd->data.conn != NULL); + fill_ctdb_connection(mem_ctx, cd->data.conn); + break; + } } @@ -982,6 +995,14 @@ void verify_ctdb_req_control_data(struct ctdb_req_control_data *cd, case CTDB_CONTROL_ENABLE_NODE: break; + + case CTDB_CONTROL_TCP_CLIENT_DISCONNECTED: + verify_ctdb_connection(cd->data.conn, cd2->data.conn); + break; + + case CTDB_CONTROL_TCP_CLIENT_PASSED: + verify_ctdb_connection(cd->data.conn, cd2->data.conn); + break; } } @@ -1378,6 +1399,12 @@ void fill_ctdb_reply_control_data(TALLOC_CTX *mem_ctx, case CTDB_CONTROL_ENABLE_NODE: break; + + case CTDB_CONTROL_TCP_CLIENT_DISCONNECTED: + break; + + case CTDB_CONTROL_TCP_CLIENT_PASSED: + break; } } @@ -1715,6 +1742,12 @@ void verify_ctdb_reply_control_data(struct ctdb_reply_control_data *cd, case CTDB_CONTROL_ENABLE_NODE: break; + + case CTDB_CONTROL_TCP_CLIENT_DISCONNECTED: + break; + + case CTDB_CONTROL_TCP_CLIENT_PASSED: + break; } } diff --git a/ctdb/tests/src/protocol_ctdb_test.c b/ctdb/tests/src/protocol_ctdb_test.c index f6fb5134a00..840d465ae30 100644 --- a/ctdb/tests/src/protocol_ctdb_test.c +++ b/ctdb/tests/src/protocol_ctdb_test.c @@ -277,7 +277,7 @@ PROTOCOL_CTDB4_TEST(struct ctdb_req_dmaster, ctdb_req_dmaster, PROTOCOL_CTDB4_TEST(struct ctdb_reply_dmaster, ctdb_reply_dmaster, CTDB_REPLY_DMASTER); -#define NUM_CONTROLS 159 +#define NUM_CONTROLS 161 PROTOCOL_CTDB2_TEST(struct ctdb_
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via 22e56d9ea2d python: Remove ‘typing.Final’ via 9366f554862 python: do not make use of typing.Final for python 3.6 via 858090913e3 docs-xml: document "smb3 share cap:{CONTINUOUS AVAILABILITY,SCALE OUT,CLUSTER,ASYMMETRIC}" via d8e056d8b0d smb2_tcon: only announce SMB3 related share capabilities if SMB3 is used via 3a8a86adc66 smb2_tcon: only announce SMB2_SHARE_CAP_CLUSTER if rpcd_witness can run via 87e56ada0db docs-xml: add details for 'net witness' via c4e4d41f0ac s3:utils: fix help string for 'net witness force-response' via f9c0968743d ctdb/events: add 47.samba-dcerpcd.script via bc89a069b3c ctdb/events: use 'service "$CTDB_SERVICE_NMB" status' in 48.netbios.script from d998b68af68 VERSION: Bump version up to Samba 4.20.0rc3... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit 22e56d9ea2d4a58c2abec86a278cfa2c896ba096 Author: Jo Sutton Date: Fri Feb 2 12:23:58 2024 +1300 python: Remove ‘typing.Final’ This is only present in Python 3.8 and above. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15575 Signed-off-by: Jo Sutton Reviewed-by: Andrew Bartlett (cherry picked from commit d6fe66ddeeb99c550fa9a0f1abb845e6daf71f8a) Autobuild-User(v4-20-test): Jule Anger Autobuild-Date(v4-20-test): Mon Feb 19 15:35:39 UTC 2024 on atb-devel-224 commit 9366f55486254e1641a3ddc73c69e8ace774f6dc Author: Rob van der Linde Date: Fri Feb 2 12:54:41 2024 +1300 python: do not make use of typing.Final for python 3.6 Python 3.6 does not have typing.Final yet BUG: https://bugzilla.samba.org/show_bug.cgi?id=15575 Signed-off-by: Rob van der Linde Reviewed-by: Douglas Bagnall Reviewed-by: Andrew Bartlett (cherry picked from commit ecc84aa448a962f1a224144bbb65f0cef36a4279) commit 858090913e389c1de8525cefe753642e724c2ac7 Author: Stefan Metzmacher Date: Thu Feb 8 15:43:39 2024 +0100 docs-xml: document "smb3 share cap:{CONTINUOUS AVAILABILITY,SCALE OUT,CLUSTER,ASYMMETRIC}" BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577 Signed-off-by: Stefan Metzmacher Reviewed-by: Guenther Deschner Autobuild-User(master): Günther Deschner Autobuild-Date(master): Tue Feb 13 21:06:24 UTC 2024 on atb-devel-224 (cherry picked from commit 7a674ee9ffeca047ceed7ac046db1b168d4025a6) commit d8e056d8b0d6dc5cbe465c1c55c83574d6296f5d Author: Stefan Metzmacher Date: Thu Feb 8 15:31:10 2024 +0100 smb2_tcon: only announce SMB3 related share capabilities if SMB3 is used BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577 Signed-off-by: Stefan Metzmacher Reviewed-by: Guenther Deschner (cherry picked from commit 32b84c5bce00c4f91191596dc00d9824e82e0f24) commit 3a8a86adc6674e78927271f9809a74733c7ffb07 Author: Stefan Metzmacher Date: Thu Feb 8 15:15:28 2024 +0100 smb2_tcon: only announce SMB2_SHARE_CAP_CLUSTER if rpcd_witness can run rpcd_witness needs ncacn_ip_tcp support and that's only available if samba-dcerpcd is not started on demand. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577 Signed-off-by: Stefan Metzmacher Reviewed-by: Guenther Deschner (cherry picked from commit d8bfd737032c6a8623512fcb2cd01850628a) commit 87e56ada0db353b06559cb8fdc6460a96a6ef204 Author: Stefan Metzmacher Date: Thu Feb 8 14:25:05 2024 +0100 docs-xml: add details for 'net witness' BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577 Signed-off-by: Stefan Metzmacher Reviewed-by: Guenther Deschner (cherry picked from commit 1d0938d6fe46c06432ae5fda9e7491b908a9ac56) commit c4e4d41f0ac0827587556ea17c1e54d7f760f1e3 Author: Stefan Metzmacher Date: Thu Feb 8 15:07:42 2024 +0100 s3:utils: fix help string for 'net witness force-response' BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577 Signed-off-by: Stefan Metzmacher Reviewed-by: Guenther Deschner (cherry picked from commit 7a23429ed6a04bb14509758492bfaee5db6dbd0d) commit f9c0968743dc526e8d26231a5e91a3419750540c Author: Stefan Metzmacher Date: Fri Feb 2 13:54:20 2024 +0100 ctdb/events: add 47.samba-dcerpcd.script If someone wants to enable the witness service samba-dcerpcd needs to be started as standalone service BUG: https://bugzilla.samba.org/show_bug.cgi?id=15577 Signed-off-by: Stefan Metzmacher Reviewed-by: Guenther Deschner (cherry picked from commit f1f68108cc303b92b8a88728d12c2b699fdfc731) commit bc89a069b3cda1970ef1e2da9d998f45cbc567b4 Author: Stefan Metzmacher Date: Fri Feb 2 13:54:20 2024 +0100 ctdb/events: use 'service "$CTDB_SERVICE_NMB" status' in 48.netbios.script
[SCM] Samba Shared Repository - branch v4-19-stable updated
The branch, v4-19-stable has been updated via 7bef2f7f1c8 VERSION: Disable GIT_SNAPSHOT for the 4.19.5 release. via 8ffa5ab1783 WHATSNEW: Add release notes for Samba 4.19.5. via 60514eb6836 python:gp: Fix logging with gp via d3061f5e940 gpo: Do not get templates list on first run via 90cf23e1cca gpo: Decode base64 root cert before importing via a50016bc7ae gpo: Test certificate policy without NDES via 41cd6b95d49 python: Fix invalid escape sequences via 84020efb1fe smbd: use dirfsp and atname in open_directory() via 4477e23de60 smbd: use safe_symlink_target_path() in symlink_target_below_conn() via cd4df6ae432 smbd: add a directory argument to safe_symlink_target_path() via 90ae1e8f625 smbd: pass symlink target path to safe_symlink_target_path() via 4c4f086dfdb CI: disable /proc/fds and RESOLVE_NO_SYMLINK in samba-no-opath-build runner via 1dff1340c12 vfs_default: allow disabling /proc/fds and RESOLVE_NO_SYMLINK at compile time via 445637d0f4c gp: Skip site GP list if no site is found via 283ff41ee92 s3:passdb: smbpasswd reset permissions only if not 0600 via 9c43625c47e system.c: fix fake directory create times via a86c1087681 time.c: fix ctime which was feeded with the mtime seconds via df025598884 python:gp: Print a nice message if cepces-submit can't be found via de32d94ca87 gp: Send list of keys instead of dict to remove via 93735e8a9b0 gp: Test disabled enrollment unapplies policy via 28b1fe5eac4 gp: Template changes should invalidate cache via dfbe7494683 gp: Test adding new cert templates enforces changes via 6dba94a3ab0 gp: Convert CA certificates to base64 via 9db01a2c729 gp: Test with binary content for certificate data via 0dd51b02e8f gp: Change root cert extension suffix via f9975df8414 gp: Support update-ca-trust helper via 9ab2eb21141 gp: Support more global trust directories via cfbaab5654c smbd: move access override for previous versions to the SMB layer via 0874d3ab3e1 smbd: check for previous versions in check_any_access_fsp() via f5eb449cac8 smbd: use check_any_access_fsp() for all access checks via 44396d7bade smbd: replace CHECK_WRITE() macro with calls to check_any_access_fsp() via bfa5f178099 smbd: set fsp->fsp_flags.can_write to false for access to previous-versions via 0352aae6ea1 smbd: return correct error when trying to create a hardlink to a VSS file via 8318428f3f8 smbd: fix check_any_access_fsp() for non-fsa fsps via 0f865a34f1a smbd: rename check_access_fsp() to check_any_access_fsp() via 9ee7991d97d smbd: set fsp_flags.is_fsa to true on printer file handles via b8383780249 smbd: return the correct error in can_rename() via a510fc46bcd smbtorture: expand smb2.twrp.write test via bb9aea6a7e6 s4/libcli/raw: implemement RAW_SFILEINFO_LINK_INFORMATION via b6c2c26e9ba selftest: remove error_inject from shadow_write share via b9f60718ccd VERSION: Bump version up to Samba 4.19.5... from 95474d8589e VERSION: Disable GIT_SNAPSHOT for the 4.19.4 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-19-stable - Log - --- Summary of changes: VERSION| 2 +- WHATSNEW.txt | 66 ++- lib/util/time.c| 2 +- python/samba/gp/gp_cert_auto_enroll_ext.py | 79 +--- python/samba/gp/gpclass.py | 30 +-- python/samba/gp/util/logging.py| 5 +- python/samba/graph.py | 2 +- python/samba/tests/bin/cepces-submit | 3 +- python/samba/tests/gpo.py | 300 + python/samba/tests/samba_tool/gpo.py | 2 +- script/autobuild.py| 2 +- selftest/skip.opath-required | 4 + selftest/target/Samba3.pm | 4 +- source3/include/proto.h| 6 + source3/include/smb_macros.h | 5 - source3/lib/system.c | 1 + source3/modules/offload_token.c| 7 +- source3/modules/vfs_acl_common.c | 7 +- source3/modules/vfs_default.c | 6 + source3/modules/vfs_nfs4acl_xattr.c| 7 +- source3/modules/vfs_shadow_copy2.c | 30 +-- source3/passdb/pdb_smbpasswd.c | 36 +++- source3/printing/printspoolss.c| 1 + source3/smbd/dir.c | 5 +- source3/smbd/dosmode.c | 20 +- source3/smbd/file_access.c | 10 +- source3/smbd/filename.c| 85
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 11f39d0 NEWS[4.19.5]: Samba 4.19.5 Available for Download from 8ba3015 NEWS[4.20.0rc2]: Samba 4.20.0rc2 Available for Download https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 11f39d0efaea8e757bc3cf7946a5f4615eb88cda Author: Jule Anger Date: Mon Feb 19 11:44:47 2024 +0100 NEWS[4.19.5]: Samba 4.19.5 Available for Download Signed-off-by: Jule Anger --- Summary of changes: history/header_history.html | 1 + history/samba-4.19.5.html| 62 posted_news/20240219-104608.4.19.5.body.html | 13 + posted_news/20240219-104608.4.19.5.headline.html | 3 ++ 4 files changed, 79 insertions(+) create mode 100644 history/samba-4.19.5.html create mode 100644 posted_news/20240219-104608.4.19.5.body.html create mode 100644 posted_news/20240219-104608.4.19.5.headline.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index dbbebcc..17c67ec 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -9,6 +9,7 @@ Release Notes + samba-4.19.5. samba-4.19.4. samba-4.19.3. samba-4.19.2 diff --git a/history/samba-4.19.5.html b/history/samba-4.19.5.html new file mode 100644 index 000..a459c5d --- /dev/null +++ b/history/samba-4.19.5.html @@ -0,0 +1,62 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> +http://www.w3.org/1999/xhtml;> + +Samba 4.19.5 - Release Notes + + +Samba 4.19.5 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.19.5.tar.gz;>Samba 4.19.5 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.19.5.tar.asc;>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.19.4-4.19.5.diffs.gz;>Patch (gzipped) against Samba 4.19.4 +https://download.samba.org/pub/samba/patches/samba-4.19.4-4.19.5.diffs.asc;>Signature + + + + == + Release Notes for Samba 4.19.5 + February 19, 2024 + == + + +This is the latest stable release of the Samba 4.19 release series. + + +Changes since 4.19.4 + + +o Ralph Boehme s...@samba.org + * BUG 13688: Windows 2016 fails to restore previous version of a file from a + shadow_copy2 snapshot. + * BUG 15549: Symlinks on AIX are broken in 4.19 (and a few version before + that). + +o Bjoern Jacke b...@sernet.de + * BUG 12421: Fake directory create times has no effect. + +o Bjrn Jacke bja...@samba.org + * BUG 15550: ctime mixed up with mtime by smbd. + +o David Mulder dmul...@samba.org + * BUG 15548: samba-gpupdate --rsop fails if machine is not in a site. + +o Gabriel Nagy gabriel.n...@canonical.com + * BUG 15557: gpupdate: The root cert import when NDES is not available is + broken. + +o Andreas Schneider a...@samba.org + * BUG 15552: samba-gpupdate should print a useful message if cepces-submit + cant be found. + * BUG 15558: samba-gpupdate logging doesnt work. + +o Jones Syue joness...@qnap.com + * BUG 1: smbpasswd reset permissions only if not 0600. + + + + + + diff --git a/posted_news/20240219-104608.4.19.5.body.html b/posted_news/20240219-104608.4.19.5.body.html new file mode 100644 index 000..0d1898c --- /dev/null +++ b/posted_news/20240219-104608.4.19.5.body.html @@ -0,0 +1,13 @@ + +19 February 2024 +Samba 4.19.5 Available for Download + +This is the latest stable release of the Samba 4.19 release series. + + +The uncompressed tarball has been signed using GnuPG (ID AA99442FB680B620). +The source code can be https://download.samba.org/pub/samba/stable/samba-4.19.5.tar.gz;>downloaded now. +A https://download.samba.org/pub/samba/patches/samba-4.19.4-4.19.5.diffs.gz;>patch against Samba 4.19.4 is also available. +See https://www.samba.org/samba/history/samba-4.19.5.html;>the release notes for more info. + + diff --git a/posted_news/20240219-104608.4.19.5.headline.html b/posted_news/20240219-104608.4.19.5.headline.html new file mode 100644 index 000..d7b301a --- /dev/null +++ b/posted_news/20240219-104608.4.19.5.headline.html @@ -0,0 +1,3 @@ + + 19 February 2024 Samba 4.19.5 Available for Download + -- Samba Website Repository
[SCM] Samba Shared Repository - annotated tag samba-4.19.5 created
The annotated tag, samba-4.19.5 has been created at 58f71019b28590364f9e44242d09e1d1b9b6ff09 (tag) tagging 7bef2f7f1c89bd635e318a2f860fdb7254ba1083 (commit) replaces samba-4.19.4 tagged by Jule Anger on Mon Feb 19 11:44:21 2024 +0100 - Log - samba: tag release samba-4.19.5 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmXTMQYACgkQqplEL7aA tiBL5hAAsWnqVvVUk1NkJyxnH89B78jHH/v3Yl0SiTWp1gauNMfZqZ94b62BiRD4 dQr06qsPQH10JDrjikgi2UYW3I8sY3pmRCV7a4WFhOSFRmCoZIFPoXeFO7dp+5rJ Etj3UMJesl0pVfuPiIvfc3d4uS/IqihQCyCb3tMXHmfpQVrG+WLvSDU3IGuYWQUR B0S+kqTc6vXcjgPMln7j2ih7vFVx+lG0aXoENxaOyQ2VoolsgLRqssxBBVOz4CEJ sxo4cWYgJP02YewiBrlFZQcPhb9yBPELA6WofsCoJkHpG64ZxVXAD0eRm1Aim72x +/4cOzWRn0CmRUUQakP2FWcz6nuyAGNgy/Ctc50A5vY6c02+ljo7OAtBx7NMHs0J NYArVJSG7yLYA5L2xRJndghhIInqsEcDhs7+YI4YNQvD/Y4ByJVtmotAMiMC+jIH p1BllGsJOLiTBruiDYr02+18ALZ8YBSql1dc+XMZ/te3mHWQvpcNr9JDI5nDwJSs /06AN9M6qYyX6U3FJLuMHCkISw+HDfnJFIQe0J9OcHKbXYq3eX9VSSVtSW7466Lw BOwcjNGx9d/B6ha8uFQzkknv0e4mOjAq+P8UdUASj8N3jfW7JI2UfFixOh1SeYHL n/y8W9XSwaXYoT+R1kY+MRCP7lB8k0ZXf4NHZKmf01s5nDVVS40= =XmpK -END PGP SIGNATURE- Andreas Schneider (2): python:gp: Print a nice message if cepces-submit can't be found python:gp: Fix logging with gp Bjoern Jacke (1): system.c: fix fake directory create times Björn Jacke (1): time.c: fix ctime which was feeded with the mtime seconds David Mulder (1): gp: Skip site GP list if no site is found Gabriel Nagy (12): gp: Support more global trust directories gp: Support update-ca-trust helper gp: Change root cert extension suffix gp: Test with binary content for certificate data gp: Convert CA certificates to base64 gp: Test adding new cert templates enforces changes gp: Template changes should invalidate cache gp: Test disabled enrollment unapplies policy gp: Send list of keys instead of dict to remove gpo: Test certificate policy without NDES gpo: Decode base64 root cert before importing gpo: Do not get templates list on first run Jo Sutton (1): python: Fix invalid escape sequences Jones Syue (1): s3:passdb: smbpasswd reset permissions only if not 0600 Jule Anger (3): VERSION: Bump version up to Samba 4.19.5... WHATSNEW: Add release notes for Samba 4.19.5. VERSION: Disable GIT_SNAPSHOT for the 4.19.5 release. Ralph Boehme (19): selftest: remove error_inject from shadow_write share s4/libcli/raw: implemement RAW_SFILEINFO_LINK_INFORMATION smbtorture: expand smb2.twrp.write test smbd: return the correct error in can_rename() smbd: set fsp_flags.is_fsa to true on printer file handles smbd: rename check_access_fsp() to check_any_access_fsp() smbd: fix check_any_access_fsp() for non-fsa fsps smbd: return correct error when trying to create a hardlink to a VSS file smbd: set fsp->fsp_flags.can_write to false for access to previous-versions smbd: replace CHECK_WRITE() macro with calls to check_any_access_fsp() smbd: use check_any_access_fsp() for all access checks smbd: check for previous versions in check_any_access_fsp() smbd: move access override for previous versions to the SMB layer vfs_default: allow disabling /proc/fds and RESOLVE_NO_SYMLINK at compile time CI: disable /proc/fds and RESOLVE_NO_SYMLINK in samba-no-opath-build runner smbd: pass symlink target path to safe_symlink_target_path() smbd: add a directory argument to safe_symlink_target_path() smbd: use safe_symlink_target_path() in symlink_target_below_conn() smbd: use dirfsp and atname in open_directory() --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-19-test updated
The branch, v4-19-test has been updated via 19e7ea8ffa8 VERSION: Bump version up to Samba 4.19.6... via 7bef2f7f1c8 VERSION: Disable GIT_SNAPSHOT for the 4.19.5 release. via 8ffa5ab1783 WHATSNEW: Add release notes for Samba 4.19.5. from 60514eb6836 python:gp: Fix logging with gp https://git.samba.org/?p=samba.git;a=shortlog;h=v4-19-test - Log - commit 19e7ea8ffa8fe70b1e4233d272e471e97b34a6fa Author: Jule Anger Date: Mon Feb 19 11:35:15 2024 +0100 VERSION: Bump version up to Samba 4.19.6... and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger commit 7bef2f7f1c89bd635e318a2f860fdb7254ba1083 Author: Jule Anger Date: Mon Feb 19 11:33:51 2024 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.19.5 release. Signed-off-by: Jule Anger commit 8ffa5ab178359d011c5ab55091e484661ecf824b Author: Jule Anger Date: Mon Feb 19 11:33:12 2024 +0100 WHATSNEW: Add release notes for Samba 4.19.5. Signed-off-by: Jule Anger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 66 ++-- 2 files changed, 65 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 5ad592252e8..aeede60164d 100644 --- a/VERSION +++ b/VERSION @@ -27,7 +27,7 @@ SAMBA_COPYRIGHT_STRING="Copyright Andrew Tridgell and the Samba Team 1992-2023" SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=19 -SAMBA_VERSION_RELEASE=5 +SAMBA_VERSION_RELEASE=6 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 1f174e9be54..79abe2da103 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,66 @@ + == + Release Notes for Samba 4.19.5 + February 19, 2024 + == + + +This is the latest stable release of the Samba 4.19 release series. + + +Changes since 4.19.4 + + +o Ralph Boehme + * BUG 13688: Windows 2016 fails to restore previous version of a file from a + shadow_copy2 snapshot. + * BUG 15549: Symlinks on AIX are broken in 4.19 (and a few version before + that). + +o Bjoern Jacke + * BUG 12421: Fake directory create times has no effect. + +o Björn Jacke + * BUG 15550: ctime mixed up with mtime by smbd. + +o David Mulder + * BUG 15548: samba-gpupdate --rsop fails if machine is not in a site. + +o Gabriel Nagy + * BUG 15557: gpupdate: The root cert import when NDES is not available is + broken. + +o Andreas Schneider + * BUG 15552: samba-gpupdate should print a useful message if cepces-submit + can't be found. + * BUG 15558: samba-gpupdate logging doesn't work. + +o Jones Syue + * BUG 1: smbpasswd reset permissions only if not 0600. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical:matrix.org matrix room, or +#samba-technical IRC channel on irc.libera.chat. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + == Release Notes for Samba 4.19.4 January 08, 2024 @@ -78,8 +141,7 @@ database (https://bugzilla.samba.org/). == -Release notes for older releases follow: - +-- == Release Notes for Samba 4.19.3 November 27, 2023 -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-20-stable updated
The branch, v4-20-stable has been updated via 0167b75a5b2 VERSION: Disable GIT_SNAPSHOT for the 4.20.0rc2 release. via f06a06b7132 WHATSNEW: Add release notes for Samba 4.20.0rc2. via f8dfce94822 WHATSNEW: Explain new AD DC Claims, authentication policies and Silos via 4872b0abf6b WHATSNEW: Add some information about new conditional aces feature via 8e8b8fc0548 WHATSNEW: note "acl_claims evaluation" smb.conf option via 7f338d6119a ndr: ignore trailing bytes in ndr_pull_security_ace() via 0f81aec9a19 ndr: ndr_push_security_ace: calculate coda size once via 4808478685c ndr: avoid object ACE push overhead for non-object ACE via 276e67fe174 ndr: avoid object ACE pull overhead for non-object ACE via 5c0f6a20745 ndr: do not push ACE->coda.ignored blob via d4547daf5ee ndr: mark invalid pull ndr_flags as unlikely via 5d0d17a92db ndr: skip talloc when pulling empty DATA_BLOB via e61d447690f ndr: ACE push avoids no-op coda pushes via e4cf11b1b39 ndr: make security_ace push manual via c9974e622bf ndr: short-circuit ace coda if no bytes left via 8787185a6ca ndr: shift ndr_pull_security_ace to manual code via f8014cae2eb pidl: calculate subcontext_size only once per pull via b5289d66e9e perftest: ndr_pack runs in none environment via fb49ce47609 perftest:ndr_pack: spin in do_nothing for a while via 14edd0fd1ef perftest:ndr_pack: use a valid dummy SID via 1287f182167 perftest:ndr_pack_performance: remove irrelevant imports, options via 7f0bdf2b99e perftest:ndr_pack: slightly reduce python overhead via 66fa6885551 perftest: ndr_pack_performance gets more SD types via daf5b5f5eb2 perftest:ndr_pack: rename SD tests with object ACEs via 59365287486 docs-xml: Build and install man page for wspsearch via 9e946a8ddd3 python:gp: Fix logging with gp via 7908c00dec2 VERSION: Bump version up to Samba 4.20.0rc2... from d05af785057 VERSION: Disable GIT_SNAPSHOT for the Samba 4.20.0rc1 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-stable - Log - --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 100 +- docs-xml/wscript_build| 1 + librpc/idl/security.idl | 2 +- librpc/ndr/libndr.h | 2 +- librpc/ndr/ndr_basic.c| 6 ++ librpc/ndr/ndr_sec_helper.c | 107 ++- pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 5 +- python/samba/gp/util/logging.py | 5 +- selftest/perf_tests.py| 4 +- source4/dsdb/tests/python/ndr_pack_performance.py | 121 ++ 11 files changed, 280 insertions(+), 75 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 3fe7a037533..12917e08428 100644 --- a/VERSION +++ b/VERSION @@ -89,7 +89,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=1 +SAMBA_VERSION_RC_RELEASE=2 # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 8158a80288c..de3b0f03d49 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements = -This is the first release candidate of Samba 4.20. This is *not* +This is the second release candidate of Samba 4.20. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. @@ -108,6 +108,90 @@ New options added are: and all files/directories below. - '--restore savefile' Restores the stored DACLS to files in directory +Samba-tool extensions for AD Claims, Authentication Policies and Silos +-- + +samba-tool now allows users to be associated with claims. In the +Samba AD DC, claims derive from Active Directory attributes mapped +into specific names. These claims can be used in rules, which are +conditional ACEs in a security descriptor, that decide if a user is +restricted by an authentication policy. + +samba-tool also allows the creation and management of authentication +policies, which are rules about where a user may authenticate from, +if NTLM is permitted, and what services a user may authenticate to. +
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 8ba3015 NEWS[4.20.0rc2]: Samba 4.20.0rc2 Available for Download from 66fbcfa NEWS[4.18.10]: Samba 4.18.10 Available for Download https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 8ba30159304a3836359adcac6ee8c396367305d8 Author: Jule Anger Date: Mon Feb 12 14:09:34 2024 +0100 NEWS[4.20.0rc2]: Samba 4.20.0rc2 Available for Download Signed-off-by: Jule Anger --- Summary of changes: posted_news/20240212-131029.4.20.0rc2.body.html | 12 posted_news/20240212-131029.4.20.0rc2.headline.html | 3 +++ 2 files changed, 15 insertions(+) create mode 100644 posted_news/20240212-131029.4.20.0rc2.body.html create mode 100644 posted_news/20240212-131029.4.20.0rc2.headline.html Changeset truncated at 500 lines: diff --git a/posted_news/20240212-131029.4.20.0rc2.body.html b/posted_news/20240212-131029.4.20.0rc2.body.html new file mode 100644 index 000..b1e6737 --- /dev/null +++ b/posted_news/20240212-131029.4.20.0rc2.body.html @@ -0,0 +1,12 @@ + +12 February 2024 +Samba 4.20.0rc2 Available for Download + +This is the second release candidate of the upcoming Samba 4.20 release series. + + +The uncompressed tarball has been signed using GnuPG (ID AA99442FB680B620). +The source code can be https://download.samba.org/pub/samba/rc/samba-4.20.0rc2.tar.gz;>downloaded now. +See https://download.samba.org/pub/samba/rc/samba-4.20.0rc2.WHATSNEW.txt;>the release notes for more info. + + diff --git a/posted_news/20240212-131029.4.20.0rc2.headline.html b/posted_news/20240212-131029.4.20.0rc2.headline.html new file mode 100644 index 000..4f8d98c --- /dev/null +++ b/posted_news/20240212-131029.4.20.0rc2.headline.html @@ -0,0 +1,3 @@ + + 12 February 2024 Samba 4.20.0rc2 Available for Download + -- Samba Website Repository
[SCM] Samba Shared Repository - annotated tag samba-4.20.0rc2 created
The annotated tag, samba-4.20.0rc2 has been created at 45d0186d21dd6e25b3a3b5afd5795b46afcb2e00 (tag) tagging 0167b75a5b2a24942d2d93dfee3cb20284c32d38 (commit) replaces samba-4.20.0rc1 tagged by Jule Anger on Mon Feb 12 14:08:59 2024 +0100 - Log - samba: tag release samba-4.20.0rc2 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmXKGGsACgkQqplEL7aA tiDPDRAAlUot6EOH4Oq+PH8ocpO0r2nJIcp7PeWOyK1kfB6lA6+U/fnd1PSuVdTV X4H9+yLGZBE8BWv86DXbwBxgcKqbBoF0umvoh43Lig2xrOhq24yyPXtNk+W7PreI G+Bbt6/CAN2OXu6CPkEpGbwIC+7eDeBoZz9cz1+uSUx8n7LlGp1BsvrlVbrwmMAm qUFaz8eCE4toklUCibHTLjuL2TsaaTn8Z3qDJIoSNfUqLMUP0KiBlI7zNy/kr4Y/ 49K9XapuUXxCJQMQZuvbxQUGNH/m1dLl07UMSoxI4GLKSI88JOe/x0MKmWpVDWE4 plietnfhGr3LTfW+DculKE8pjx2HDpBg8nZKt8HOFZTXiRHKc+YpmpPFuDdeDze/ 3Au/Fx8TB9Yj/IRK78Xw1L2YHDPqIqKuWa+JEhX32VEJUHLWWuGwTEgD2E7Z6Mpp tJnrPm+S3OOI+FIyS1LX/OmRfWzKytfhWZIyItgC3OVXj3bVXSenCZnXkIagNmIM PR+3r0UBBboayBMfeLLyKYfwli3mDMVsKtj8/doztaoTgdWakKgHf70c0zYn5fsy crgH5tZvbp5THHuQtugEeqDV9ejFODII0Qz4jW3wNWwU31KyAe8JZqkvh7cjv51w 924ARSY7LW8dvz1ZUv66gN1KHUcqJq8WlqiWfhJS53Aob9/M31s= =kjip -END PGP SIGNATURE- Andreas Schneider (1): python:gp: Fix logging with gp Andrew Bartlett (1): WHATSNEW: Explain new AD DC Claims, authentication policies and Silos Anoop C S (1): docs-xml: Build and install man page for wspsearch Douglas Bagnall (21): perftest:ndr_pack: rename SD tests with object ACEs perftest: ndr_pack_performance gets more SD types perftest:ndr_pack: slightly reduce python overhead perftest:ndr_pack_performance: remove irrelevant imports, options perftest:ndr_pack: use a valid dummy SID perftest:ndr_pack: spin in do_nothing for a while perftest: ndr_pack runs in none environment pidl: calculate subcontext_size only once per pull ndr: shift ndr_pull_security_ace to manual code ndr: short-circuit ace coda if no bytes left ndr: make security_ace push manual ndr: ACE push avoids no-op coda pushes ndr: skip talloc when pulling empty DATA_BLOB ndr: mark invalid pull ndr_flags as unlikely ndr: do not push ACE->coda.ignored blob ndr: avoid object ACE pull overhead for non-object ACE ndr: avoid object ACE push overhead for non-object ACE ndr: ndr_push_security_ace: calculate coda size once ndr: ignore trailing bytes in ndr_pull_security_ace() WHATSNEW: note "acl_claims evaluation" smb.conf option WHATSNEW: Add some information about new conditional aces feature Jule Anger (3): VERSION: Bump version up to Samba 4.20.0rc2... WHATSNEW: Add release notes for Samba 4.20.0rc2. VERSION: Disable GIT_SNAPSHOT for the 4.20.0rc2 release. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via d998b68af68 VERSION: Bump version up to Samba 4.20.0rc3... via 0167b75a5b2 VERSION: Disable GIT_SNAPSHOT for the 4.20.0rc2 release. via f06a06b7132 WHATSNEW: Add release notes for Samba 4.20.0rc2. from f8dfce94822 WHATSNEW: Explain new AD DC Claims, authentication policies and Silos https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit d998b68af68b4d06c7b3518b8e18861bbb2535e3 Author: Jule Anger Date: Mon Feb 12 14:05:12 2024 +0100 VERSION: Bump version up to Samba 4.20.0rc3... and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger commit 0167b75a5b2a24942d2d93dfee3cb20284c32d38 Author: Jule Anger Date: Mon Feb 12 14:04:39 2024 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.20.0rc2 release. Signed-off-by: Jule Anger commit f06a06b7132668af8ed3ba48a3b5caf003f4cb12 Author: Jule Anger Date: Mon Feb 12 14:01:59 2024 +0100 WHATSNEW: Add release notes for Samba 4.20.0rc2. Signed-off-by: Jule Anger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 15 ++- 2 files changed, 15 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index c90ef06f13e..486a47b8f52 100644 --- a/VERSION +++ b/VERSION @@ -89,7 +89,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=2 +SAMBA_VERSION_RC_RELEASE=3 # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index f7c38dc9f0e..de3b0f03d49 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements = -This is the first release candidate of Samba 4.20. This is *not* +This is the second release candidate of Samba 4.20. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. @@ -214,6 +214,19 @@ smb.conf changes acl claims evaluation new AD DC only +CHANGES SINCE 4.20.0rc1 +=== + +o Douglas Bagnall + * BUG 15574: Performance regression for NDR parsing of security descriptors. + +o Anoop C S + * BUG 15565: Build and install man page for wspsearch client utility. + +o Andreas Schneider + * BUG 15558: samba-gpupdate logging doesn't work. + + KNOWN ISSUES -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via f8dfce94822 WHATSNEW: Explain new AD DC Claims, authentication policies and Silos via 4872b0abf6b WHATSNEW: Add some information about new conditional aces feature via 8e8b8fc0548 WHATSNEW: note "acl_claims evaluation" smb.conf option via 7f338d6119a ndr: ignore trailing bytes in ndr_pull_security_ace() via 0f81aec9a19 ndr: ndr_push_security_ace: calculate coda size once via 4808478685c ndr: avoid object ACE push overhead for non-object ACE via 276e67fe174 ndr: avoid object ACE pull overhead for non-object ACE via 5c0f6a20745 ndr: do not push ACE->coda.ignored blob via d4547daf5ee ndr: mark invalid pull ndr_flags as unlikely via 5d0d17a92db ndr: skip talloc when pulling empty DATA_BLOB via e61d447690f ndr: ACE push avoids no-op coda pushes via e4cf11b1b39 ndr: make security_ace push manual via c9974e622bf ndr: short-circuit ace coda if no bytes left via 8787185a6ca ndr: shift ndr_pull_security_ace to manual code via f8014cae2eb pidl: calculate subcontext_size only once per pull via b5289d66e9e perftest: ndr_pack runs in none environment via fb49ce47609 perftest:ndr_pack: spin in do_nothing for a while via 14edd0fd1ef perftest:ndr_pack: use a valid dummy SID via 1287f182167 perftest:ndr_pack_performance: remove irrelevant imports, options via 7f0bdf2b99e perftest:ndr_pack: slightly reduce python overhead via 66fa6885551 perftest: ndr_pack_performance gets more SD types via daf5b5f5eb2 perftest:ndr_pack: rename SD tests with object ACEs from 59365287486 docs-xml: Build and install man page for wspsearch https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit f8dfce94822f043d27de2d92a3f0b3d0f27c5de4 Author: Andrew Bartlett Date: Thu Feb 1 11:33:27 2024 +1300 WHATSNEW: Explain new AD DC Claims, authentication policies and Silos BUG: https://bugzilla.samba.org/show_bug.cgi?id=15566 Signed-off-by: Andrew Bartlett Autobuild-User(v4-20-test): Jule Anger Autobuild-Date(v4-20-test): Mon Feb 12 11:55:51 UTC 2024 on atb-devel-224 commit 4872b0abf6b085f7e7ae14524be6fe99887468fe Author: Douglas Bagnall Date: Mon Jan 15 15:21:11 2024 +1300 WHATSNEW: Add some information about new conditional aces feature BUG: https://bugzilla.samba.org/show_bug.cgi?id=15566 Signed-off-by: Douglas Bagnall commit 8e8b8fc0548fc497473aad09e6f0f0a55e572da8 Author: Douglas Bagnall Date: Mon Jan 15 15:22:27 2024 +1300 WHATSNEW: note "acl_claims evaluation" smb.conf option BUG: https://bugzilla.samba.org/show_bug.cgi?id=15566 Signed-off-by: Douglas Bagnall commit 7f338d6119acd5a3129248d4e61df626f4087560 Author: Douglas Bagnall Date: Mon Jan 8 15:05:35 2024 +1300 ndr: ignore trailing bytes in ndr_pull_security_ace() This returns the behaviour with ordinary ACEs to where it was with 4.19. Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574 (cherry picked from commit 0c1f421c107be3156b3f1db75aced24a1bca3d2f) commit 0f81aec9a19fe3f0c7d1bcc26c2d354a22747903 Author: Douglas Bagnall Date: Mon Jan 8 14:50:30 2024 +1300 ndr: ndr_push_security_ace: calculate coda size once Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574 (cherry picked from commit a72c198921f64f2502f543c7158762c64cb3074e) commit 4808478685caea32b5d5580a940b314f785000c3 Author: Douglas Bagnall Date: Mon Jan 1 10:21:55 2024 +1300 ndr: avoid object ACE push overhead for non-object ACE Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574 (cherry picked from commit ecb5da3e49283ca3a03dea81d22db4a081e192e4) commit 276e67fe174caab58d9a020a9357ca0d04631f13 Author: Douglas Bagnall Date: Mon Jan 1 10:21:33 2024 +1300 ndr: avoid object ACE pull overhead for non-object ACE When an ACE is not an object ACE, which is common, setting the switch value and attempting the object ACE GUID pull is just going to do nothing, and we know that ahead of time. By noticing that we can save a bit of time on a common operation. Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574 (cherry picked from commit fce4d51eb492a6fc807c6849cd4bd65ca7714509) commit 5c0f6a207453c1ef11fc8cef42ab0a6b02abf99b Author: Douglas Bagnall Date: Sun Dec 31 17:45:36 2023 +1300 ndr: do not push ACE->coda.ignored blob From 1e80221b2340de5ef5e2a17f10511bbc2c041163 (2008) until c73034cf7c4392
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via 59365287486 docs-xml: Build and install man page for wspsearch via 9e946a8ddd3 python:gp: Fix logging with gp from 7908c00dec2 VERSION: Bump version up to Samba 4.20.0rc2... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit 593652874866a22a9df7a93b09627c0fbc328129 Author: Anoop C S Date: Tue Jan 30 14:33:07 2024 +0530 docs-xml: Build and install man page for wspsearch Commit 49b6137f7c2244aeb3cf9b65fc9d46fcf0b8dc55 switched the default to install `wspsearch` client from False to True but missed to build and install the corresponding man page. Therefore adding wspsearch.1 to the list of man pages to be built and installed by default. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15565 Signed-off-by: Anoop C S Reviewed-by: Andreas Schneider Autobuild-User(master): Anoop C S Autobuild-Date(master): Tue Jan 30 14:38:58 UTC 2024 on atb-devel-224 (cherry picked from commit a48f8ae30775bb2dc07768c3df88968800f51470) Autobuild-User(v4-20-test): Jule Anger Autobuild-Date(v4-20-test): Mon Feb 5 14:05:01 UTC 2024 on atb-devel-224 commit 9e946a8ddd37ac8286c08293d1509260520f252e Author: Andreas Schneider Date: Mon Jan 29 17:46:30 2024 +0100 python:gp: Fix logging with gp This allows enable INFO level logging with: `samba-gpupdate -d3` BUG: https://bugzilla.samba.org/show_bug.cgi?id=15558 Signed-off-by: Andreas Schneider Reviewed-by: Joseph Sutton Reviewed-by: Andrew Bartlett (cherry picked from commit 145194071b10c4c1857f28fe79c57fd63ffab889) --- Summary of changes: docs-xml/wscript_build | 1 + python/samba/gp/util/logging.py | 5 +++-- 2 files changed, 4 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/wscript_build b/docs-xml/wscript_build index 95ed08ed1d8..434afacaf1e 100644 --- a/docs-xml/wscript_build +++ b/docs-xml/wscript_build @@ -54,6 +54,7 @@ manpages=''' manpages/wbinfo.1 manpages/winbindd.8 manpages/samba-log-parser.1 + manpages/wspsearch.1 ''' pam_winbind_manpages = ''' diff --git a/python/samba/gp/util/logging.py b/python/samba/gp/util/logging.py index 9e70891b62c..da085d8d7e6 100644 --- a/python/samba/gp/util/logging.py +++ b/python/samba/gp/util/logging.py @@ -23,9 +23,10 @@ import gettext import random import sys -logger = logging.getLogger() +logger = logging.getLogger("gp") + + def logger_init(name, log_level): -logger = logging.getLogger(name) logger.addHandler(logging.StreamHandler(sys.stdout)) logger.setLevel(logging.CRITICAL) if log_level == 1: -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-19-test updated
The branch, v4-19-test has been updated via 60514eb6836 python:gp: Fix logging with gp via d3061f5e940 gpo: Do not get templates list on first run via 90cf23e1cca gpo: Decode base64 root cert before importing via a50016bc7ae gpo: Test certificate policy without NDES via 41cd6b95d49 python: Fix invalid escape sequences from 84020efb1fe smbd: use dirfsp and atname in open_directory() https://git.samba.org/?p=samba.git;a=shortlog;h=v4-19-test - Log - commit 60514eb68362ff883b7406fe03515d1439fb12a2 Author: Andreas Schneider Date: Mon Jan 29 17:46:30 2024 +0100 python:gp: Fix logging with gp This allows enable INFO level logging with: `samba-gpupdate -d3` BUG: https://bugzilla.samba.org/show_bug.cgi?id=15558 Signed-off-by: Andreas Schneider Reviewed-by: Joseph Sutton Reviewed-by: Andrew Bartlett (cherry picked from commit 145194071b10c4c1857f28fe79c57fd63ffab889) Autobuild-User(v4-19-test): Jule Anger Autobuild-Date(v4-19-test): Mon Feb 5 12:34:12 UTC 2024 on atb-devel-224 commit d3061f5e9409b8a43363bb46fc81077b3b0cae9b Author: Gabriel Nagy Date: Fri Jan 19 11:36:19 2024 +0200 gpo: Do not get templates list on first run This is a visual fix and has no impact on functionality apart from cleaner log messages. The point of this is to get the list of supported templates in order to compute a diff between the current applied templates and the updated list, so we are able to unapply and reapply the policy in case there are differences. However this code path is executed on first applies as well, at which point the root CA is not yet set up. This causes the `get_supported_templates` call to fail, which is not a hard failure but still pollutes the logs. In this case it's safe to avoid executing the command as the policy will be applied regardless. Signed-off-by: Gabriel Nagy Reviewed-by: David Mulder Reviewed-by: Andreas Schneider Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Mon Jan 22 16:48:57 UTC 2024 on atb-devel-224 (cherry picked from commit 8579340fc540633c13c017d896034904a8dbd55c) commit 90cf23e1ccab6cef426f4027ffd93496ab7666be Author: Gabriel Nagy Date: Thu Jan 18 20:23:24 2024 +0200 gpo: Decode base64 root cert before importing The reasoning behind this is described in the previous commit message, but essentially this should either be wrapped in certificate blocks and imported as PEM, or converted back to binary and imported as DER. I've opted for the latter since it's how it used to work before it regressed in 157335ee93e. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15557 Signed-off-by: Gabriel Nagy Reviewed-by: David Mulder Reviewed-by: Andreas Schneider (cherry picked from commit 3f3ddfa699a33c2c8a59f7fb9ee044bb2a6e0e06) commit a50016bc7aec83b21cb9ac15af29a35575c8c365 Author: Gabriel Nagy Date: Mon Jan 8 18:05:08 2024 +0200 gpo: Test certificate policy without NDES As of 8231eaf856b, the NDES feature is no longer required on Windows, as cert auto-enroll can use the certificate from the LDAP request. However, 157335ee93e changed the implementation to convert the LDAP certificate to base64 due to it failing to cleanly convert to a string. Because of insufficient test coverage I missed handling the part where NDES is disabled or not reachable and the LDAP certificate was imported. The call to load_der_x509_certificate now fails with an error because it expects binary data, yet it receives a base64 encoded string. This adds a test to confirm the issue. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15557 Signed-off-by: Gabriel Nagy Reviewed-by: David Mulder Reviewed-by: Andreas Schneider (cherry picked from commit 0d1ff69936f18ea729fc11fbbb1569a833302572) commit 41cd6b95d49845a9c865ec0adfa30f775b6117ba Author: Joseph Sutton Date: Fri Aug 25 13:56:21 2023 +1200 python: Fix invalid escape sequences Signed-off-by: Joseph Sutton Reviewed-by: Andrew Bartlett (cherry picked from commit b068592dd0dccce634cb17b66f0659ba60523908) --- Summary of changes: python/samba/gp/gp_cert_auto_enroll_ext.py | 14 ++- python/samba/gp/util/logging.py| 5 +- python/samba/graph.py | 2 +- python/samba/tests/gpo.py | 192 +++-- python/samba/tests/samba_tool/gpo.py | 2 +- 5 files changed, 166 insertions(+), 49 deletions(-) Changeset truncated at 500 lines: diff --git a/python/samba/gp/gp_cert_auto_enroll_ext.py b/python/samba/gp/gp_cert_auto_enroll_ext.py index 08d1a7348cd
[SCM] Samba Shared Repository - branch v4-18-stable updated
The branch, v4-18-stable has been updated via 51a13a23371 VERSION: Disable GIT_SNAPSHOT for the 4.18.10 release. via 13709fd743d WHATSNEW: Add release notes for Samba 4.18.10. via 974a8908223 smbd: use dirfsp and atname in open_directory() via ab7d69665d0 smbd: use safe_symlink_target_path() in symlink_target_below_conn() via 0086f3d4b7b smbd: add a directory argument to safe_symlink_target_path() via f495f6d2778 smbd: pass symlink target path to safe_symlink_target_path() via 8bac9003342 CI: disable /proc/fds and RESOLVE_NO_SYMLINK in samba-no-opath-build runner via 4b1f0c6e8bb vfs_default: allow disabling /proc/fds and RESOLVE_NO_SYMLINK at compile time via e6745b15107 s3:passdb: smbpasswd reset permissions only if not 0600 via 161efeac21d system.c: fix fake directory create times via 0d75a9acaf3 time.c: fix ctime which was feeded with the mtime seconds via ee2df0bbb34 smbd: move access override for previous versions to the SMB layer via 1e108b3ac07 smbd: check for previous versions in check_any_access_fsp() via d3f062e2122 smbd: use check_any_access_fsp() for all access checks via 77a71bc9932 smbd: replace CHECK_WRITE() macro with calls to check_any_access_fsp() via 15536403f63 smbd: set fsp->fsp_flags.can_write to false for access to previous-versions via 8ee0768d6f2 smbd: return correct error when trying to create a hardlink to a VSS file via 8c08511f97d smbd: fix check_any_access_fsp() for non-fsa fsps via b775434b7eb smbd: rename check_access_fsp() to check_any_access_fsp() via d87294724e6 smbd: set fsp_flags.is_fsa to true on printer file handles via c8e1d26cea5 smbd: return the correct error in can_rename() via 7080c5b4850 smbtorture: expand smb2.twrp.write test via 469c91c4133 s4/libcli/raw: implemement RAW_SFILEINFO_LINK_INFORMATION via 29f629a155f selftest: remove error_inject from shadow_write share via a9862b23e00 docs-xml: use XML_CATALOG_FILES env var if defined via 96897774dd7 winbind_nss_netbsd: fix missing semicolon via 49d9e55edd9 doc-xml: fix name of vfs_linux_xfs man page via 529fb888a6c smbd: Fix traversing snapshot dirs that vanished in current fileset via 7f4d5a3737f shadow_copy: Add test for missing directory in "current" fileset via 9f8a73d7cc4 s3:smbd multichannel: always refresh the network information via c2c111688c4 s3:ctdbd_conn: fix ctdbd_public_ip_foreach() for ipv6 addresses via a149a96eaf2 ctdb-server: Drop unnecessary copy of destination address via ff4ed4d760a ctdb-daemon: Use ctdb_connection_to_buf() to simplify via 279187965b8 smbd: Remove callback for release_ip when "state" is free'ed via f8c02609f48 s3:selftest: add samba3.blackbox.smbXsrv_client_ctdb_registered_ips via d9ed96c908c selftest: export/use CTDB related envvars in order to run the ctdb command via 6ca3ce4db30 ctdbd_conn: add ctdbd_passed_ips() via 18d34cea2a1 ctdbd_conn: add ctdbd_unregister_ips() via ecc0acbbff2 ctdbd_conn: Add deregister_from_ctdbd() via 562e360ed7c ctdbd_conn: let register_with_ctdbd() call CTDB_CONTROL_REGISTER_SRVID just once via 24d960d02b8 ctdbd_conn: don't use uninitialized memory in ctdbd_register_ips() via 813e7186719 ctdb: add/implement CTDB_CONTROL_TCP_CLIENT_PASSED via f7694157993 ctdb: add/implement CTDB_CONTROL_TCP_CLIENT_DISCONNECTED via 0de804ac5d6 ctdb: add ctdb_connection_same() helper via 9d8768ffd35 ctdb: make use of ctdb_canonicalize_ip_inplace() in ctdb_control_tcp_client() via d7249b3cbd2 ctdb: add ctdb_canonicalize_ip_inplace() helper via 30fddc01431 ctdb: remove unused ctdb->client_ip_list and print debug on ctdb_tcp_list instead via 849c370d92a vfs_ceph: call 'ceph_fgetxattr' only if valid fd via 0a8cf4f1c06 testprogs: Add net offlinejoin composeodj tests via ce29bbfb7db testprogs: Cleanup machine account in net offlinejoin tests via 69475590970 s3:net: Allow to load ODJ blob from stdin via 1f066b595f9 s3:net: Load ODJ blob from file only if "loadfile" parameter is present via ca6ba984095 s3:net: Add "net offlinejoin composeodj" command via 4e43af11c3a s3:libnetapi: Implement NetComposeOfflineDomainJoin_l() via ad2196fd792 s3:libnetapi: Add NetComposeOfflineDomainJoin() to API. via fddbff3d44a s3:libnetapi: Add NetComposeOfflineDomainJoin() boilerplate via a85441249de s3:libnetapi: Add NetComposeOfflineDomainJoin() to IDL via f8021a241e5 s3:libnetapi: Add some comments to document ODJ blob charset conversions via f731d75081f s3:libnetapi: Return error from RequestOfflineJoin via 6c06c9ed427 VERSION: Bump version up to Samba 4.18.10... from 2669b77d97b
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 66fbcfa NEWS[4.18.10]: Samba 4.18.10 Available for Download from 172eda7 NEWS[4.20.0rc1]: Samba 4.20.0rc1 Available for Download https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 66fbcfad91b3fe7e01ef3a73aead3b530afb56fb Author: Jule Anger Date: Wed Jan 31 21:40:03 2024 +0100 NEWS[4.18.10]: Samba 4.18.10 Available for Download Signed-off-by: Jule Anger --- Summary of changes: history/header_history.html | 1 + history/{samba-4.19.4.html => samba-4.18.10.html} | 49 +++ posted_news/20240131-204054.4.18.10.body.html | 13 ++ posted_news/20240131-204054.4.18.10.headline.html | 3 ++ 4 files changed, 40 insertions(+), 26 deletions(-) copy history/{samba-4.19.4.html => samba-4.18.10.html} (52%) create mode 100644 posted_news/20240131-204054.4.18.10.body.html create mode 100644 posted_news/20240131-204054.4.18.10.headline.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index 8a4d2df..dbbebcc 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -14,6 +14,7 @@ samba-4.19.2 samba-4.19.1 samba-4.19.0 + samba-4.18.10 samba-4.18.9 samba-4.18.8 samba-4.18.7 diff --git a/history/samba-4.19.4.html b/history/samba-4.18.10.html similarity index 52% copy from history/samba-4.19.4.html copy to history/samba-4.18.10.html index a6b57c2..8e3964d 100644 --- a/history/samba-4.19.4.html +++ b/history/samba-4.18.10.html @@ -2,67 +2,63 @@ "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;> http://www.w3.org/1999/xhtml;> -Samba 4.19.4 - Release Notes +Samba 4.18.10 - Release Notes -Samba 4.19.4 Available for Download +Samba 4.18.10 Available for Download -https://download.samba.org/pub/samba/stable/samba-4.19.4.tar.gz;>Samba 4.19.4 (gzipped) -https://download.samba.org/pub/samba/stable/samba-4.19.4.tar.asc;>Signature +https://download.samba.org/pub/samba/stable/samba-4.18.10.tar.gz;>Samba 4.18.10 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.18.10.tar.asc;>Signature -https://download.samba.org/pub/samba/patches/samba-4.19.3-4.19.4.diffs.gz;>Patch (gzipped) against Samba 4.19.3 -https://download.samba.org/pub/samba/patches/samba-4.19.3-4.19.4.diffs.asc;>Signature +https://download.samba.org/pub/samba/patches/samba-4.18.9-4.18.10.diffs.gz;>Patch (gzipped) against Samba 4.18.9 +https://download.samba.org/pub/samba/patches/samba-4.18.9-4.18.10.diffs.asc;>Signature - == - Release Notes for Samba 4.19.4 - January 08, 2024 - == + === + Release Notes for Samba 4.18.10 + January 31, 2024 + === -This is the latest stable release of the Samba 4.19 release series. +This is the latest stable release of the Samba 4.18 release series. -Changes since 4.19.3 +Changes since 4.18.9 +o Ralph Boehme s...@samba.org + * BUG 13688: Windows 2016 fails to restore previous version of a file from a + shadow_copy2 snapshot. + * BUG 15549: Symlinks on AIX are broken in 4.19 (and a few version before + that). + o Samuel Cabrero scabr...@samba.org * BUG 13577: net changesecretpw cannot set the machine account password if secrets.tdb is empty. +o Bjoern Jacke b...@sernet.de + * BUG 12421: Fake directory create times has no effect. + o Bjrn Jacke bja...@samba.org * BUG 15540: For generating doc, take, if defined, env XML_CATALOG_FILES. * BUG 15541: Trivial C typo in nsswitch/winbind_nss_netbsd.c. * BUG 15542: vfs_linux_xfs is incorrectly named. - -o Bjrn Jacke b...@sernet.de - * BUG 15377: systemd stumbled over copyright-message at smbd startup. + * BUG 15550: ctime mixed up with mtime by smbd. o Volker Lendecke v...@samba.org - * BUG 15505: Following intermediate abolute share-local symlinks is broken. * BUG 15523: ctdb RELEASE_IP causes a crash in release_ip if a connection to a non-public address disconnects first. * BUG 15544: shadow_copy2 broken when current filesets directories are removed. o Stefan Metzmacher me...@samba.org - * BUG 15377: systemd stumbled over copyright-message at smbd startup. * BUG 15523: ctdb RELEASE_IP causes a crash in release_ip if a connection to a non-public address disconnects first. * BUG 15534: smbd does not detect ctd
[SCM] Samba Shared Repository - annotated tag samba-4.18.10 created
The annotated tag, samba-4.18.10 has been created at babb87ab328bff87d655c075c2e1af37dd498dbd (tag) tagging 51a13a23371ea483811cbbdd2a700e31130453e5 (commit) replaces samba-4.18.9 tagged by Jule Anger on Wed Jan 31 21:39:42 2024 +0100 - Log - samba: tag release samba-4.18.10 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmW6sA4ACgkQqplEL7aA tiAvVA//TdVIcpffCny0q+Rw9PJd3GNpaz5eljg+yT3u+p09Cp0WZSJPJxO+lpLF zyMG5zKsof016J4lA9uzU7sMP0sL+euktyJRJlNKnbutg9zQNaDe0XQ+oTlC9iOr eT73jYMaNJ2i6Cn3wsOPPMeyBq62gPc5PA/COUBKgDTm5QFy/FwhiDbiWN1TVtxD dpY3EN7y1NAgUb3rYb2x0DNTago4VWXgh8/pfT+0o7sGRB8O3/UUyv0ZyvMbWO/n sM8ckDWtwF8xMzcZM/eOrRqOsUkHuKeVK49DHJ2DsvdGOAezlvbqXNrthR2DGKXR hRTC3CeN5fM3CUYg8aQdPAfIVFKm3NUM2mztK/s97f7WNgWv3QesFa4gwIOWoSjs WL8xjcbF4vjcs1sogFR6A5etCW7WJwFHSZu8dP4OQN+i65aaTr3sl1a4yNE9fjO9 FaJeNH8Vqth6TQgtyJOjnE0PGf8abauvGvSXq2Uiysdvg8mzNOwovzHBazWXIHzb BMVFabF2RwEBwkS81t4KqoDMJGZ1R0ArFebdxpYBVn9j/D2udUezGIYUhHeAo1Eb mVqX8DBjQ0Lv0xhaFsxUHctEbh3syyTISVCT/ZVvQDiPmAlVsd7XHNirX17LRIYP Q5uLv0TsgEMnrlOm4offojxkVxSXI9by6BrdV3dJnkyMHdYZUoU= =SIs6 -END PGP SIGNATURE- Bjoern Jacke (1): system.c: fix fake directory create times Björn Jacke (4): doc-xml: fix name of vfs_linux_xfs man page winbind_nss_netbsd: fix missing semicolon docs-xml: use XML_CATALOG_FILES env var if defined time.c: fix ctime which was feeded with the mtime seconds Jones Syue (2): s3:smbd multichannel: always refresh the network information s3:passdb: smbpasswd reset permissions only if not 0600 Jule Anger (3): VERSION: Bump version up to Samba 4.18.10... WHATSNEW: Add release notes for Samba 4.18.10. VERSION: Disable GIT_SNAPSHOT for the 4.18.10 release. Martin Schwenke (2): ctdb-daemon: Use ctdb_connection_to_buf() to simplify ctdb-server: Drop unnecessary copy of destination address Ralph Boehme (19): selftest: remove error_inject from shadow_write share s4/libcli/raw: implemement RAW_SFILEINFO_LINK_INFORMATION smbtorture: expand smb2.twrp.write test smbd: return the correct error in can_rename() smbd: set fsp_flags.is_fsa to true on printer file handles smbd: rename check_access_fsp() to check_any_access_fsp() smbd: fix check_any_access_fsp() for non-fsa fsps smbd: return correct error when trying to create a hardlink to a VSS file smbd: set fsp->fsp_flags.can_write to false for access to previous-versions smbd: replace CHECK_WRITE() macro with calls to check_any_access_fsp() smbd: use check_any_access_fsp() for all access checks smbd: check for previous versions in check_any_access_fsp() smbd: move access override for previous versions to the SMB layer vfs_default: allow disabling /proc/fds and RESOLVE_NO_SYMLINK at compile time CI: disable /proc/fds and RESOLVE_NO_SYMLINK in samba-no-opath-build runner smbd: pass symlink target path to safe_symlink_target_path() smbd: add a directory argument to safe_symlink_target_path() smbd: use safe_symlink_target_path() in symlink_target_below_conn() smbd: use dirfsp and atname in open_directory() Samuel Cabrero (11): s3:libnetapi: Return error from RequestOfflineJoin s3:libnetapi: Add some comments to document ODJ blob charset conversions s3:libnetapi: Add NetComposeOfflineDomainJoin() to IDL s3:libnetapi: Add NetComposeOfflineDomainJoin() boilerplate s3:libnetapi: Add NetComposeOfflineDomainJoin() to API. s3:libnetapi: Implement NetComposeOfflineDomainJoin_l() s3:net: Add "net offlinejoin composeodj" command s3:net: Load ODJ blob from file only if "loadfile" parameter is present s3:net: Allow to load ODJ blob from stdin testprogs: Cleanup machine account in net offlinejoin tests testprogs: Add net offlinejoin composeodj tests Shachar Sharon (1): vfs_ceph: call 'ceph_fgetxattr' only if valid fd Stefan Metzmacher (13): ctdb: remove unused ctdb->client_ip_list and print debug on ctdb_tcp_list instead ctdb: add ctdb_canonicalize_ip_inplace() helper ctdb: make use of ctdb_canonicalize_ip_inplace() in ctdb_control_tcp_client() ctdb: add ctdb_connection_same() helper ctdb: add/implement CTDB_CONTROL_TCP_CLIENT_DISCONNECTED ctdb: add/implement CTDB_CONTROL_TCP_CLIENT_PASSED ctdbd_conn: don't use uninitialized memory in ctdbd_register_ips() ctdbd_conn: let register_with_ctdbd() call CTDB_CONTROL_REGISTER_SRVID just once ctdbd_conn: add ctdbd_unregister_ips() ctdbd_conn: add ctdbd_passed_ips() selftest: export/use CTDB related envvars in order to run the ctdb command s3:selftest: add samba3.blackbox.smbXsrv_client_ctdb_registered_ips s3:ctdbd_conn: fix ctdbd_public_ip_foreach() for ipv6 addresses Volker Lendecke
[SCM] Samba Shared Repository - branch v4-18-test updated
The branch, v4-18-test has been updated via 18305d8d86c VERSION: Bump version up to Samba 4.18.11... via 51a13a23371 VERSION: Disable GIT_SNAPSHOT for the 4.18.10 release. via 13709fd743d WHATSNEW: Add release notes for Samba 4.18.10. from 974a8908223 smbd: use dirfsp and atname in open_directory() https://git.samba.org/?p=samba.git;a=shortlog;h=v4-18-test - Log - commit 18305d8d86c392704ac3e9bb4255e299d65db528 Author: Jule Anger Date: Wed Jan 31 21:34:34 2024 +0100 VERSION: Bump version up to Samba 4.18.11... and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger commit 51a13a23371ea483811cbbdd2a700e31130453e5 Author: Jule Anger Date: Wed Jan 31 21:33:46 2024 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.18.10 release. Signed-off-by: Jule Anger commit 13709fd743d7b4a91c3836f24db46481ece4997f Author: Jule Anger Date: Wed Jan 31 21:33:05 2024 +0100 WHATSNEW: Add release notes for Samba 4.18.10. Signed-off-by: Jule Anger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 82 ++-- 2 files changed, 81 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index ac25cfd99fa..a4cb410d3b8 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=18 -SAMBA_VERSION_RELEASE=10 +SAMBA_VERSION_RELEASE=11 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 3c77ebfd0f6..be2f81f823b 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,82 @@ + === + Release Notes for Samba 4.18.10 + January 31, 2024 + === + + +This is the latest stable release of the Samba 4.18 release series. + + +Changes since 4.18.9 + + +o Ralph Boehme + * BUG 13688: Windows 2016 fails to restore previous version of a file from a + shadow_copy2 snapshot. + * BUG 15549: Symlinks on AIX are broken in 4.19 (and a few version before + that). + +o Samuel Cabrero + * BUG 13577: net changesecretpw cannot set the machine account password if + secrets.tdb is empty. + +o Bjoern Jacke + * BUG 12421: Fake directory create times has no effect. + +o Björn Jacke + * BUG 15540: For generating doc, take, if defined, env XML_CATALOG_FILES. + * BUG 15541: Trivial C typo in nsswitch/winbind_nss_netbsd.c. + * BUG 15542: vfs_linux_xfs is incorrectly named. + * BUG 15550: ctime mixed up with mtime by smbd. + +o Volker Lendecke + * BUG 15523: ctdb RELEASE_IP causes a crash in release_ip if a connection to + a non-public address disconnects first. + * BUG 15544: shadow_copy2 broken when current fileset's directories are + removed. + +o Stefan Metzmacher + * BUG 15523: ctdb RELEASE_IP causes a crash in release_ip if a connection to + a non-public address disconnects first. + * BUG 15534: smbd does not detect ctdb public ipv6 addresses for multichannel + exclusion. + +o Martin Schwenke + * BUG 15523: ctdb RELEASE_IP causes a crash in release_ip if a connection to + a non-public address disconnects first. + +o Shachar Sharon + * BUG 15440: Unable to copy and write files from clients to Ceph cluster via + SMB Linux gateway with Ceph VFS module. + +o Jones Syue + * BUG 15547: Multichannel refresh network information. + * BUG 1: smbpasswd reset permissions only if not 0600. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical:matrix.org matrix room, or +#samba-technical IRC channel on irc.libera.chat. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + == Release Notes for Samba 4.18.9 November 29, 2023 @@ -117,8 +196,7 @@ database (https://bugzilla.samba
[SCM] Samba Shared Repository - branch v4-20-stable updated
The branch, v4-20-stable has been updated via d05af785057 VERSION: Disable GIT_SNAPSHOT for the Samba 4.20.0rc1 release. via 8e31cb2007a WHATSNEW: Up to Samba 4.20.0rc1. via ec91204387b ldb: release 2.9.0 for use in Samba 4.20.x via 0ba05d5bbb1 tevent: release 0.16.1 via 5032ab712c6 tdb: release 1.4.10 via f28966c1638 talloc: release 2.4.2 from 1f823424418 python:gp: Improve working of log messages to avoid confusion https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-stable - Log - --- Summary of changes: VERSION | 6 +++--- WHATSNEW.txt| 2 +- lib/ldb/wscript | 2 +- .../ABI/{pytalloc-util-2.3.0.sigs => pytalloc-util-2.4.2.sigs} | 0 lib/talloc/ABI/{talloc-2.3.5.sigs => talloc-2.4.2.sigs} | 0 lib/talloc/wscript | 2 +- lib/tdb/ABI/{tdb-1.3.17.sigs => tdb-1.4.10.sigs}| 0 lib/tdb/wscript | 2 +- lib/tevent/ABI/{tevent-0.15.0.sigs => tevent-0.16.1.sigs} | 0 lib/tevent/wscript | 2 +- 10 files changed, 8 insertions(+), 8 deletions(-) copy lib/talloc/ABI/{pytalloc-util-2.3.0.sigs => pytalloc-util-2.4.2.sigs} (100%) copy lib/talloc/ABI/{talloc-2.3.5.sigs => talloc-2.4.2.sigs} (100%) copy lib/tdb/ABI/{tdb-1.3.17.sigs => tdb-1.4.10.sigs} (100%) copy lib/tevent/ABI/{tevent-0.15.0.sigs => tevent-0.16.1.sigs} (100%) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index bde2e90dffc..3fe7a037533 100644 --- a/VERSION +++ b/VERSION @@ -79,7 +79,7 @@ SAMBA_VERSION_BETA_RELEASE= # e.g. SAMBA_VERSION_PRE_RELEASE=1 # # -> "2.2.9pre1" # -SAMBA_VERSION_PRE_RELEASE=1 +SAMBA_VERSION_PRE_RELEASE= # For 'rc' releases the version will be# @@ -89,7 +89,7 @@ SAMBA_VERSION_PRE_RELEASE=1 # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE= +SAMBA_VERSION_RC_RELEASE=1 # To mark SVN snapshots this should be set to 'yes'# @@ -101,7 +101,7 @@ SAMBA_VERSION_RC_RELEASE= # e.g. SAMBA_VERSION_IS_SVN_SNAPSHOT=yes # # -> "3.0.0-SVN-build-199" # -SAMBA_VERSION_IS_GIT_SNAPSHOT=yes +SAMBA_VERSION_IS_GIT_SNAPSHOT=no # This is for specifying a release nickname# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index e2bd54a1d01..8158a80288c 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements = -This is the first pre release of Samba 4.20. This is *not* +This is the first release candidate of Samba 4.20. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. diff --git a/lib/ldb/wscript b/lib/ldb/wscript index bb49e95382c..c249a826071 100644 --- a/lib/ldb/wscript +++ b/lib/ldb/wscript @@ -1,7 +1,7 @@ #!/usr/bin/env python APPNAME = 'ldb' -# For Samba 4.20.x +# For Samba 4.20.x ! VERSION = '2.9.0' import sys, os diff --git a/lib/talloc/ABI/pytalloc-util-2.3.0.sigs b/lib/talloc/ABI/pytalloc-util-2.4.2.sigs similarity index 100% copy from lib/talloc/ABI/pytalloc-util-2.3.0.sigs copy to lib/talloc/ABI/pytalloc-util-2.4.2.sigs diff --git a/lib/talloc/ABI/talloc-2.3.5.sigs b/lib/talloc/ABI/talloc-2.4.2.sigs similarity index 100% copy from lib/talloc/ABI/talloc-2.3.5.sigs copy to lib/talloc/ABI/talloc-2.4.2.sigs diff --git a/lib/talloc/wscript b/lib/talloc/wscript index 075f1ec4417..8b5e02d36c5 100644 --- a/lib/talloc/wscript +++ b/lib/talloc/wscript @@ -1,7 +1,7 @@ #!/usr/bin/env python APPNAME = 'talloc' -VERSION = '2.4.1' +VERSION = '2.4.2' import os import sys diff --git a/lib/tdb/ABI/tdb-1.3.17.sigs b/lib/tdb/ABI/tdb-1.4.10.sigs similarity index 100% copy from lib/tdb/ABI/tdb-1.3.17.sigs copy to lib/tdb/ABI/tdb-1.4.10.sigs diff --git a/lib/tdb/wscript b/lib/tdb/wscript index 5e6a928d5bc..2c587fbee44 100644 --- a/lib/tdb/wscript +++ b/lib/tdb/wscript @@ -1,7 +1,7 @@ #!/usr/bin/env python APPNAME = 'tdb' -VERSION = '1.4.9' +VERSION = '1.4.10' import sys, os diff --git
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 172eda7 NEWS[4.20.0rc1]: Samba 4.20.0rc1 Available for Download via a5f3416 Add 4.19.4. from df890e2 NEWS[4.19.4]: Samba 4.19.4 Available for Download https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 172eda7abc2f1144b307a01a4cefead32a743591 Author: Jule Anger Date: Mon Jan 29 17:36:12 2024 +0100 NEWS[4.20.0rc1]: Samba 4.20.0rc1 Available for Download Signed-off-by: Jule Anger commit a5f34161f9448682b78b2d6ee374fbe9e988b33b Author: Jule Anger Date: Mon Jan 29 17:38:10 2024 +0100 Add 4.19.4. Signed-off-by: Jule Anger --- Summary of changes: history/header_history.html | 1 + posted_news/20240129-163845.4.20.0rc1.body.html | 12 posted_news/20240129-163845.4.20.0rc1.headline.html | 3 +++ 3 files changed, 16 insertions(+) create mode 100644 posted_news/20240129-163845.4.20.0rc1.body.html create mode 100644 posted_news/20240129-163845.4.20.0rc1.headline.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index 257e16c..8a4d2df 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -9,6 +9,7 @@ Release Notes + samba-4.19.4. samba-4.19.3. samba-4.19.2 samba-4.19.1 diff --git a/posted_news/20240129-163845.4.20.0rc1.body.html b/posted_news/20240129-163845.4.20.0rc1.body.html new file mode 100644 index 000..b257873 --- /dev/null +++ b/posted_news/20240129-163845.4.20.0rc1.body.html @@ -0,0 +1,12 @@ + +29 January 2024 +Samba 4.20.0rc1 Available for Download + +This is the first release candidate of the upcoming Samba 4.20 release series. + + +The uncompressed tarball has been signed using GnuPG (ID AA99442FB680B620). +The source code can be https://download.samba.org/pub/samba/rc/samba-4.20.0rc1.tar.gz;>downloaded now. +See https://download.samba.org/pub/samba/rc/samba-4.20.0rc1.WHATSNEW.txt;>the release notes for more info. + + diff --git a/posted_news/20240129-163845.4.20.0rc1.headline.html b/posted_news/20240129-163845.4.20.0rc1.headline.html new file mode 100644 index 000..45d15c0 --- /dev/null +++ b/posted_news/20240129-163845.4.20.0rc1.headline.html @@ -0,0 +1,3 @@ + + 29 January 2024 Samba 4.20.0rc1 Available for Download + -- Samba Website Repository
[SCM] Samba Shared Repository - annotated tag samba-4.20.0rc1 created
The annotated tag, samba-4.20.0rc1 has been created at 9557565fc37b9aa316725badbd9cf80d803eeec8 (tag) tagging d05af785057246732b63446ba03696f38da50f81 (commit) replaces ldb-2.9.0 tagged by Jule Anger on Mon Jan 29 17:35:55 2024 +0100 - Log - samba: tag release samba-4.20.0rc1 -BEGIN PGP SIGNATURE- iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmW30+sACgkQqplEL7aA tiBmhBAAh6f2BuflOTr/ASDMnEvH8YZxZtr2k3UK4WqIFsJxbabcfvvg7njWu2Ua VZ0japV7ZAMxgA7fQaxwcSKLnC+FVAy6CMQaNmMwVK5tPJVKyY+h8gHp7Twqfl91 r/pGIzAJKWKkzMy02O+wXlUm37EAmGhnPWTUo+s3PKUriQxHllgCkRt4QYSB5iik D/VyfR6gGdNeNAbGzmXGoy+ve+Rx9mMvj+WUGhdJV1PptVdgfsqpIczpBBJS/1LI EevBMgWlGW7ORzePrFVtiTCFwCKQjjecPfid4jq0s2gJmsAVE8qA83zYxYDvf2OA 36hA3q3PWAj/4RspMvpO4CNIp909LR0QcANLS2TO8CYzp8djAWfA/zKzyTelsdIt ES5M2xrJGElaiR1kIH/y1OceQFaQxff61dAF07FW6eWR+MIbp6Rkq25XvHDkdxFQ +4Fj/ojBC+R/YeLIuHiDQ5H1MBl0IjsUpIb761jJui0k3KB5syvxbCOBbtJbFTwI 22i5oPj4XrPpHXZvZ3ioeXQ9whXpCkRdPaVYZTJ3kUyn+ut1jBniWDoytQxki/Mo 3mZGhLnl9F2jPcIHLDoWhaPY+5lgVJe4y0Pt3ZYA2pxLUep/E1Kg8D2hIZInD8OG R78bIrVHMd91e0Pxpois499VBNlmLlJUbVZE3Ux2+TgNReZGJzI= =N3GI -END PGP SIGNATURE- Jule Anger (2): WHATSNEW: Up to Samba 4.20.0rc1. VERSION: Disable GIT_SNAPSHOT for the Samba 4.20.0rc1 release. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-20-test updated
The branch, v4-20-test has been updated via 7908c00dec2 VERSION: Bump version up to Samba 4.20.0rc2... via d05af785057 VERSION: Disable GIT_SNAPSHOT for the Samba 4.20.0rc1 release. via 8e31cb2007a WHATSNEW: Up to Samba 4.20.0rc1. via ec91204387b ldb: release 2.9.0 for use in Samba 4.20.x via 0ba05d5bbb1 tevent: release 0.16.1 via 5032ab712c6 tdb: release 1.4.10 via f28966c1638 talloc: release 2.4.2 from 1f823424418 python:gp: Improve working of log messages to avoid confusion https://git.samba.org/?p=samba.git;a=shortlog;h=v4-20-test - Log - commit 7908c00dec284265531496040dddb265acb6ee5a Author: Jule Anger Date: Mon Jan 29 17:31:31 2024 +0100 VERSION: Bump version up to Samba 4.20.0rc2... and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger --- Summary of changes: VERSION | 4 ++-- WHATSNEW.txt | 2 +- lib/ldb/wscript | 2 +- lib/talloc/ABI/{pytalloc-util-2.3.0.sigs => pytalloc-util-2.4.2.sigs} | 0 lib/talloc/ABI/{talloc-2.3.5.sigs => talloc-2.4.2.sigs} | 0 lib/talloc/wscript| 2 +- lib/tdb/ABI/{tdb-1.3.17.sigs => tdb-1.4.10.sigs} | 0 lib/tdb/wscript | 2 +- lib/tevent/ABI/{tevent-0.15.0.sigs => tevent-0.16.1.sigs} | 0 lib/tevent/wscript| 2 +- 10 files changed, 7 insertions(+), 7 deletions(-) copy lib/talloc/ABI/{pytalloc-util-2.3.0.sigs => pytalloc-util-2.4.2.sigs} (100%) copy lib/talloc/ABI/{talloc-2.3.5.sigs => talloc-2.4.2.sigs} (100%) copy lib/tdb/ABI/{tdb-1.3.17.sigs => tdb-1.4.10.sigs} (100%) copy lib/tevent/ABI/{tevent-0.15.0.sigs => tevent-0.16.1.sigs} (100%) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index bde2e90dffc..c90ef06f13e 100644 --- a/VERSION +++ b/VERSION @@ -79,7 +79,7 @@ SAMBA_VERSION_BETA_RELEASE= # e.g. SAMBA_VERSION_PRE_RELEASE=1 # # -> "2.2.9pre1" # -SAMBA_VERSION_PRE_RELEASE=1 +SAMBA_VERSION_PRE_RELEASE= # For 'rc' releases the version will be# @@ -89,7 +89,7 @@ SAMBA_VERSION_PRE_RELEASE=1 # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE= +SAMBA_VERSION_RC_RELEASE=2 # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index e2bd54a1d01..8158a80288c 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements = -This is the first pre release of Samba 4.20. This is *not* +This is the first release candidate of Samba 4.20. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. diff --git a/lib/ldb/wscript b/lib/ldb/wscript index bb49e95382c..c249a826071 100644 --- a/lib/ldb/wscript +++ b/lib/ldb/wscript @@ -1,7 +1,7 @@ #!/usr/bin/env python APPNAME = 'ldb' -# For Samba 4.20.x +# For Samba 4.20.x ! VERSION = '2.9.0' import sys, os diff --git a/lib/talloc/ABI/pytalloc-util-2.3.0.sigs b/lib/talloc/ABI/pytalloc-util-2.4.2.sigs similarity index 100% copy from lib/talloc/ABI/pytalloc-util-2.3.0.sigs copy to lib/talloc/ABI/pytalloc-util-2.4.2.sigs diff --git a/lib/talloc/ABI/talloc-2.3.5.sigs b/lib/talloc/ABI/talloc-2.4.2.sigs similarity index 100% copy from lib/talloc/ABI/talloc-2.3.5.sigs copy to lib/talloc/ABI/talloc-2.4.2.sigs diff --git a/lib/talloc/wscript b/lib/talloc/wscript index 075f1ec4417..8b5e02d36c5 100644 --- a/lib/talloc/wscript +++ b/lib/talloc/wscript @@ -1,7 +1,7 @@ #!/usr/bin/env python APPNAME = 'talloc' -VERSION = '2.4.1' +VERSION = '2.4.2' import os import sys diff --git a/lib/tdb/ABI/tdb-1.3.17.sigs b/lib/tdb/ABI/tdb-1.4.10.sigs similarity index 100% copy from lib/tdb/ABI/tdb-1.3.17.sigs copy to lib/tdb/ABI/tdb-1.4.10.sigs diff --git a/lib/tdb/wscript b/lib/tdb/wscript index 5e6a928d5bc..2c587fbee44 100644 --- a/lib/tdb/wscript +++ b/lib/tdb/wscript @@ -1,7 +1,7 @@ #!/usr/bin/env python APPNAME = 'tdb' -VERSION = '1.4.9' +VERSION = '1.4.10' import sys, os diff --git a/lib/tevent/ABI/tevent-0.15.0.sigs b/lib/tevent/ABI/tevent-0.16
[SCM] Samba Shared Repository - annotated tag ldb-2.9.0 created
The annotated tag, ldb-2.9.0 has been created at 68d066d842468ceaf0544de8819a15a6789108db (tag) tagging ec91204387bd7f5c5a8d8df8534c6ca59b491ac5 (commit) replaces tevent-0.16.1 tagged by Jule Anger on Mon Jan 29 17:20:44 2024 +0100 - Log - ldb: tag release ldb-2.9.0 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAmW30FwACgkQR5ORYRMI QCUOPgf7B/QPM4CRLdeD1rJveijH2Qj3wQNCxoSHVWs8G5wCPvh9GVNnI9SUGIht kDk9IAHc+z1QkfBD40SPgac+NFOPQasKdkBu8VDOl5pmW9WR4joFHz4eCDcfXSiC 6z1wTCaAuW471FZflPzHi5HGBhdS4w079n3VD/5YCzb6W0e7k66ffjtkndQMmnUx HWGeCwzaXb7fh8JFuQay23IysZMYBuWiSBZcbmadwcMMbxTwwlh/Toy6W8G559BD 4OPEZZPfJ0OTgMEP28L2t4Eq10vjfS7JgbrGBR3P7+yKUNdtDqXMRStYeNy0sFFW Ugnv+tLZscOZ7/G2RN13FP8GtcxEyg== =Zfk4 -END PGP SIGNATURE- Jule Anger (1): ldb: release 2.9.0 for use in Samba 4.20.x --- -- Samba Shared Repository
[SCM] Samba Shared Repository - annotated tag tevent-0.16.1 created
The annotated tag, tevent-0.16.1 has been created at e5572469c00f0dbed8b72d7f674c39415a6298d6 (tag) tagging 0ba05d5bbb1788b0b8cee26748bcda0c90c48baa (commit) replaces tdb-1.4.10 tagged by Jule Anger on Mon Jan 29 17:19:37 2024 +0100 - Log - tevent: tag release tevent-0.16.1 -BEGIN PGP SIGNATURE- iQEzBAABCgAdFiEEkUejOXGVGO6QEby1R5ORYRMIQCUFAmW30BkACgkQR5ORYRMI QCV1YAgAraQgGKBl7tS0I5sc/tMdusd3hkDD/6ACEy2AtllheUVFqd19Mbdid0z4 0IOZ/X4kQL51R1w3p7QXb/mn6ZIKLwTwa0jAAi1jr4KNxKxfhUX4W8s6fB6qUzxw sJfMc4n+wNNt5WiNgqZZAO2PKCjoZiDeod790v3t1vHsfNmr4nwkJSQrMvI7PZV5 PoWqCGQTnfKHFnrHmKMxMoQhIZnI+lVAPzo8QiwYa1Hog2ssC1K/mUWp04PAEp80 OjtSXyTYgPnqmDY5rJx9bhOKbrYMxsTRULathZ3DoLT6zhebrC357Dp8UOuY9r+E o76xvQSMBjfa2SyPDBW7Rys6w/YeGg== =2VaU -END PGP SIGNATURE- Jule Anger (1): tevent: release 0.16.1 --- -- Samba Shared Repository