[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via af05bf7911e libcli: permit larger values of DataLength in SMB2_ENCRYPTION_CAPABILITIES of negotiate response via 815be52b600 lib: Make fd_load work for non-regular files via e769bd66089 s4/messaging: Fix undefined reference in linking libMESSAGING-samba4.so via 0e94b0a3144 s4:dlz make b9_has_soa check dc=@ node via 7921aa6365b dlz: Add test to ensure there are writable zones via 78b72ff339d regfio tests: Update comment style to match README.Coding via 722c5b32548 regfio: Update code near recent changes to match README.Coding via d4ef858ec11 regfio: Improve handling of malformed registry hive files via bf6a8517820 regfio: Add trivial unit test via cfffac0fc9f regfio: Use correct function names in debug information via 3f278c3f911 Fix typos in "valid" via 76b38e19d3c py/logger: use python 2.6 compatible arguments via f52ebe258ba py/uptodateness: use 2.6 compatible dictionary construction via 9b8398ecbbd py/kcc_utils: py2.6 compatibility via 75b6e02a8e6 py/graph: use 2.6 compatible check for set membership via 868356cf365 acl_read: Fix regression caused by db15fcfa899e1fe4d6994f68ceb299921b8aa6f1 for empty lists via 286b80cb7a3 ldb: cmocka test for empty attributes bug via 10a390e8975 dbcheck: use the str() value of the "name" attribute via 6602a77b649 dbcheck: don't check expired tombstone objects by default anymore via 4b658a5a396 blackbox/dbcheck-links.sh: prepare regression test for skipping expired tombstones via 40b6af9c000 blackbox/dbcheck*.sh: pass --selftest-check-expired-tombstones to dbcheck via b292ef1d9f6 dbcheck: add --selftest-check-expired-tombstones cmdline option via 178fad24f2c python/samba/netcmd: provide SUPPRESS_HELP via Option class via 89fb9d0a81b dbcheck: detect the change after deletion bug via 4f0b554b955 blackbox/dbcheck-links.sh: add regression test for lost deleted object repair via caf0caba4e4 dbcheck: add find_repl_attid() helper function via a47b27b2c96 dbcheck: don't remove dangling one-way links on already deleted objects via 0c2f7224e07 dbcheck: don't move already deleted objects to LostAndFound via 95f5b9f246a dbcheck: do isDeleted, systemFlags and replPropertyMetaData detection first via 8736fb5eb4e dbcheck: use DSDB_CONTROL_DBCHECK_FIX_LINK_DN_NAME when renaming deleted objects via 3e539f756ac dsdb:repl_meta_data: allow CONTROL_DBCHECK_FIX_LINK_DN_NAME to by pass rename via 4fc17804088 blackbox/dbcheck-links.sh: reproduce lost deleted object problem via 8d1241dac6b blackbox/*.sh: pass -u to 'diff' via 18f4167198a selftest: force running with TZ=UTC via 2d4820f0a8e s3:waf: Fix the detection of makdev() macro on Linux via a21e9754c74 s3:tests: Add test for smbstatus and smbstatus --resolve_uids via 79d3de4de41 selftest: Add smbstatus to testhelper via b866bdbe4fa s3:utils: Add 'smbstatus -L --resolve-uids' to show usernames via 084d2f1bc4f s3:utils: Use C99 initializer for poptOption in smbstatus from c8e8d97959d s3:lib: Fix the debug message for adding cache entries. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit af05bf7911eed71315843c5333cc5bb6b6a06ec3 Author: Philipp Gesang Date: Thu Feb 14 10:17:28 2019 +0100 libcli: permit larger values of DataLength in SMB2_ENCRYPTION_CAPABILITIES of negotiate response Certain Netapp versions are sending SMB2_ENCRYPTION_CAPABILITIES structures containing DataLength field that includes the padding [0]. Microsoft has since clarified that only values smaller than the size are considered invalid [1]. While parsing the NegotiateContext it is ensured that DataLength does not exceed the message bounds. Also, the value is not actually used anywhere outside the validation. Thus values greater than the actual data size are safe to use. This patch makes Samba fail only on values that are too small for the (fixed size) payload. [0] https://lists.samba.org/archive/samba/2019-February/221139.html [1] https://lists.samba.org/archive/cifs-protocol/2019-March/003210.html BUG: https://bugzilla.samba.org/show_bug.cgi?id=13869 Signed-off-by: Philipp Gesang Reviewed-by: Ralph Böhme Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Sun Mar 31 01:11:09 UTC 2019 on sn-devel-144 (cherry picked from commit 865b7b0c7d2ba7fa0a045586d1e83a72028a0864) Autobuild-User(v4-10-test): Karolin Seeger Autobuild-Date(v4-10-test): Tue Apr 2 13:52:02 UTC 2019 on sn-dev
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via d59cefc8c3b libcli: permit larger values of DataLength in SMB2_ENCRYPTION_CAPABILITIES of negotiate response via 9c52fdc1871 s3:lib: Fix the debug message for adding cache entries. from 5b7161153d0 s3:waf: Fix the detection of makdev() macro on Linux https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit d59cefc8c3bf025c454193f501bd18b8786ac737 Author: Philipp Gesang Date: Thu Feb 14 10:17:28 2019 +0100 libcli: permit larger values of DataLength in SMB2_ENCRYPTION_CAPABILITIES of negotiate response Certain Netapp versions are sending SMB2_ENCRYPTION_CAPABILITIES structures containing DataLength field that includes the padding [0]. Microsoft has since clarified that only values smaller than the size are considered invalid [1]. While parsing the NegotiateContext it is ensured that DataLength does not exceed the message bounds. Also, the value is not actually used anywhere outside the validation. Thus values greater than the actual data size are safe to use. This patch makes Samba fail only on values that are too small for the (fixed size) payload. [0] https://lists.samba.org/archive/samba/2019-February/221139.html [1] https://lists.samba.org/archive/cifs-protocol/2019-March/003210.html BUG: https://bugzilla.samba.org/show_bug.cgi?id=13869 Signed-off-by: Philipp Gesang Reviewed-by: Ralph Böhme Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Sun Mar 31 01:11:09 UTC 2019 on sn-devel-144 (cherry picked from commit 865b7b0c7d2ba7fa0a045586d1e83a72028a0864) Autobuild-User(v4-9-test): Karolin Seeger Autobuild-Date(v4-9-test): Tue Apr 2 13:44:38 UTC 2019 on sn-devel-144 commit 9c52fdc18713e6d9c1c871eaf18c3fbf3b2a53cd Author: Andreas Schneider Date: Thu Jan 17 13:58:14 2019 +0100 s3:lib: Fix the debug message for adding cache entries. To get correct values, we need to cast 'timeout' to 'long int' first in order to do calculation in that integer space! Calculations are don in the space of the lvalue! BUG: https://bugzilla.samba.org/show_bug.cgi?id=13848 Signed-off-by: Andreas Schneider Reviewed-by: Volker Lendecke (cherry picked from commit 5822449a7340f53987ce4c04851652427f5b49e8) --- Summary of changes: libcli/smb/smbXcli_base.c | 2 +- source3/lib/gencache.c| 8 2 files changed, 5 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c index a237bf17d0a..a8c73be445a 100644 --- a/libcli/smb/smbXcli_base.c +++ b/libcli/smb/smbXcli_base.c @@ -5064,7 +5064,7 @@ static void smbXcli_negprot_smb2_done(struct tevent_req *subreq) return; } - if (cipher->data.length != (2 + 2 * cipher_count)) { + if (cipher->data.length < (2 + 2 * cipher_count)) { tevent_req_nterror(req, NT_STATUS_INVALID_NETWORK_RESPONSE); return; diff --git a/source3/lib/gencache.c b/source3/lib/gencache.c index ab12fc1c531..9f4e1cfcaa3 100644 --- a/source3/lib/gencache.c +++ b/source3/lib/gencache.c @@ -294,11 +294,11 @@ bool gencache_set_data_blob(const char *keystr, DATA_BLOB blob, dbufs[0] = (TDB_DATA) { .dptr = (uint8_t *)hdr, .dsize = hdr_len }; dbufs[1] = (TDB_DATA) { .dptr = blob.data, .dsize = blob.length }; - DEBUG(10, ("Adding cache entry with key=[%s] and timeout=" - "[%s] (%d seconds %s)\n", keystr, + DBG_DEBUG("Adding cache entry with key=[%s] and timeout=" + "[%s] (%ld seconds %s)\n", keystr, timestring(talloc_tos(), timeout), - (int)(timeout - time(NULL)), - timeout > time(NULL) ? "ahead" : "in the past")); + ((long int)timeout) - time(NULL), + timeout > time(NULL) ? "ahead" : "in the past"); ret = tdb_storev(cache_notrans->tdb, string_term_tdb_data(keystr), dbufs, 2, 0); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-8-test updated
The branch, v4-8-test has been updated via 77b4430bd5e s3:waf: Fix the detection of makdev() macro on Linux via cf7d657a4d0 dbcheck: use the str() value of the "name" attribute via a41fa4dd1e9 dbcheck: don't check expired tombstone objects by default anymore via e0f6e6cff3e blackbox/dbcheck-links.sh: prepare regression test for skipping expired tombstones via 57f7ec5c1ca blackbox/dbcheck*.sh: pass --selftest-check-expired-tombstones to dbcheck via b388052af91 dbcheck: add --selftest-check-expired-tombstones cmdline option via f6f2efd080b python/samba/netcmd: provide SUPPRESS_HELP via Option class via 42c9e569e81 dbcheck: detect the change after deletion bug via 08f7f33acb9 blackbox/dbcheck-links.sh: add regression test for lost deleted object repair via 2272dea483e dbcheck: add find_repl_attid() helper function via 0473eab6862 dbcheck: don't remove dangling one-way links on already deleted objects via 0fd3f38c1cf dbcheck: don't move already deleted objects to LostAndFound via ac900c23b5b dbcheck: do isDeleted, systemFlags and replPropertyMetaData detection first via 3136a2cc546 dbcheck: use DSDB_CONTROL_DBCHECK_FIX_LINK_DN_NAME when renaming deleted objects via 9daeafbfec8 dsdb:repl_meta_data: allow CONTROL_DBCHECK_FIX_LINK_DN_NAME to by pass rename via f91050ee547 blackbox/dbcheck-links.sh: reproduce lost deleted object problem via 833d543717c selftest: force running with TZ=UTC via 6da5ef15ec1 python/samba: extra ndr_unpack needs bytes function via 19a77a10b76 python/samba: PY3 port for ridalloc_exop test to work from 300d52de7e5 s4:librpc: Fix installation of Samba https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test - Log - commit 77b4430bd5ed540a8b3b68c814920abe5621b66d Author: Andreas Schneider Date: Thu Mar 21 11:55:46 2019 +0100 s3:waf: Fix the detection of makdev() macro on Linux BUG: https://bugzilla.samba.org/show_bug.cgi?id=13853 Signed-off-by: Andreas Schneider Reviewed-by: Jeremy Allison (cherry picked from commit eace58b539a382c61edd7c2be6fdfab31114719f) Autobuild-User(v4-8-test): Karolin Seeger Autobuild-Date(v4-8-test): Thu Mar 28 17:42:25 UTC 2019 on sn-devel-144 commit cf7d657a4d04cb3016b9f1c902f767123d3d1c34 Author: Stefan Metzmacher Date: Tue Mar 19 13:05:16 2019 +0100 dbcheck: use the str() value of the "name" attribute We do the same with the rdn attribute value and we need the same logic on both in order to check they are the same. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816 Signed-off-by: Stefan Metzmacher Reviewed-by: Noel Power (cherry picked from commit dd6f0dad218ec1d5aa38ea8aa6848ec81035cb3f) commit a41fa4dd1e9b1883397cc9dc1b349cc3657830d5 Author: Stefan Metzmacher Date: Tue Mar 12 11:41:01 2019 +0100 dbcheck: don't check expired tombstone objects by default anymore These will be removed anyway and any change on them risks to be an originating update that causes replication problems. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816 Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Thu Mar 14 03:12:27 UTC 2019 on sn-devel-144 (cherry picked from commit a2c5f8cf41c2dfdc4f122e8427d1dfeabb6ba311) commit e0f6e6cff3e74c5f8c2f521866f7e4962d988b6f Author: Stefan Metzmacher Date: Tue Mar 12 11:38:22 2019 +0100 blackbox/dbcheck-links.sh: prepare regression test for skipping expired tombstones BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816 Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett (cherry picked from commit b096a3117ed9249fd6f65f3221a26c88efbba3b8) commit 57f7ec5c1ca16c6e8cfa67ac48bc05cead20e271 Author: Stefan Metzmacher Date: Tue Mar 12 11:04:33 2019 +0100 blackbox/dbcheck*.sh: pass --selftest-check-expired-tombstones to dbcheck These tests operate on provision dumps created long ago, they still want to run tests on deleted objects, when the next commits remove processing expired tombstone objects in dbcheck. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816 Signed-off-by: Stefan Metzmacher Reviewed-by: Andrew Bartlett (cherry picked from commit 5fccc4e9044d2e57be33471f5e6b9be7cc37ac3a) commit b388052af91a34e5df95ebcffc218c9bd4e1d125 Author: Stefan Metzmacher Date: Tue Mar 12 11:02:18 2019 +0100 dbcheck: add --selftest-check-expired-tombstones cmdline option This will be used by dbcheck tests which operate on static/old provision dumps in the following commits. Signed-off-by: Stefan Metz
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via 5b7161153d0 s3:waf: Fix the detection of makdev() macro on Linux via 055b971a7b0 regfio tests: Update comment style to match README.Coding via 0cc3508242b regfio: Update code near recent changes to match README.Coding via f3552ad511c regfio: Improve handling of malformed registry hive files via b5ae06cc653 regfio: Add trivial unit test via 223352ee944 regfio: Use correct function names in debug information via 4644b23b91c Fix typos in "valid" via 87ffad41af1 py/kcc_utils: py2.6 compatibility via d44f2157a72 py/graph: use 2.6 compatible check for set membership via 42b62465fcc dbcheck: use the str() value of the "name" attribute via 693c349874f dbcheck: don't check expired tombstone objects by default anymore via 3fca3dcc1c9 blackbox/dbcheck-links.sh: prepare regression test for skipping expired tombstones via 543fc3e9c04 blackbox/dbcheck*.sh: pass --selftest-check-expired-tombstones to dbcheck via 02f3d0a1a2c dbcheck: add --selftest-check-expired-tombstones cmdline option via aebf46d957f python/samba/netcmd: provide SUPPRESS_HELP via Option class via 107883dff6c dbcheck: detect the change after deletion bug via 860b04aa7ae blackbox/dbcheck-links.sh: add regression test for lost deleted object repair via 45850169a9c dbcheck: add find_repl_attid() helper function via 7402d9cfcf7 dbcheck: don't remove dangling one-way links on already deleted objects via 07ebd654a01 dbcheck: don't move already deleted objects to LostAndFound via 76de43f052f dbcheck: do isDeleted, systemFlags and replPropertyMetaData detection first via 0aaf7c98bb7 dbcheck: use DSDB_CONTROL_DBCHECK_FIX_LINK_DN_NAME when renaming deleted objects via 44c83b09c60 dsdb:repl_meta_data: allow CONTROL_DBCHECK_FIX_LINK_DN_NAME to by pass rename via 9339b096793 blackbox/dbcheck-links.sh: reproduce lost deleted object problem via 7bcb0729652 selftest: force running with TZ=UTC via 5602db1b1d5 python/samba: extra ndr_unpack needs bytes function via 139da67cb3b python/samba: PY3 port for ridalloc_exop test to work from b861e5e91f5 s4:librpc: Fix installation of Samba https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit 5b7161153d0799adc249e99cb16b9b0cdbde896a Author: Andreas Schneider Date: Thu Mar 21 11:55:46 2019 +0100 s3:waf: Fix the detection of makdev() macro on Linux BUG: https://bugzilla.samba.org/show_bug.cgi?id=13853 Signed-off-by: Andreas Schneider Reviewed-by: Jeremy Allison (cherry picked from commit eace58b539a382c61edd7c2be6fdfab31114719f) Autobuild-User(v4-9-test): Karolin Seeger Autobuild-Date(v4-9-test): Thu Mar 28 13:46:27 UTC 2019 on sn-devel-144 commit 055b971a7b0e91f00d29873b58a3596a9313ee23 Author: Andrew Bartlett Date: Wed Mar 20 17:33:46 2019 +1300 regfio tests: Update comment style to match README.Coding BUG: https://bugzilla.samba.org/show_bug.cgi?id=13840 Signed-off-by: Andrew Bartlett Reviewed-by: Douglas Bagnall (cherry picked from commit 68c0fc4335d0c3c526a38481538a33290be6d58a) commit 0cc3508242b82727e03147d2e1c414558d6b23b6 Author: Andrew Bartlett Date: Wed Mar 20 17:32:39 2019 +1300 regfio: Update code near recent changes to match README.Coding This file long predates our current code conventions. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13840 Signed-off-by: Andrew Bartlett Reviewed-by: Douglas Bagnall (cherry picked from commit acbf103fcaa4150a57bfbab2450e36b5b39e399b) commit f3552ad511c8c2a343dd503c0faf3ea8410cf895 Author: Michael Hanselmann Date: Sun Mar 17 13:49:20 2019 +0100 regfio: Improve handling of malformed registry hive files * next_record: A malformed file can lead to an endless loop. * regfio_rootkey: Supplying a malformed registry hive file to the registry hive I/O code can lead to out-of-bounds reads. Test cases are included. Both issues resolved have been identified using AddressSanitizer. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13840 Signed-off-by: Michael Hanselmann Reviewed-by: Douglas Bagnall Reviewed-by: Andrew Bartlett (cherry picked from commit 601afd690346087fbd53819dba9b1afa81560064) commit b5ae06cc65322bc60c6dd1277c309db20d2ec2b2 Author: Michael Hanselmann Date: Tue Mar 19 00:47:52 2019 +0100 regfio: Add trivial unit test An upcoming commit will resolve two cases of insufficient handling of mangled registry hive files and will include unit tests. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13840 Signed-off-by: Michael Hanselman
[SCM] Samba Shared Repository - branch v4-8-test updated
The branch, v4-8-test has been updated via 300d52de7e5 s4:librpc: Fix installation of Samba via 96a229b0281 ctdb-tests: Add some testing for IPv4-mapped IPv6 address parsing via 02da215c104 ctdb: Initialize addr struct to zero before reparsing as IPV4 via aeba27d3a48 ctdb-common: Add fd argument to ctdb_connection_list_read() via cd5f1904032 ctdb-protocol: Avoid fgets in ctdb_connection_list_read via 2c89c388518 ctdb-common: Add line based I/O via 4a5868be3a9 s3:client: Fix smbspool device uri handling via e28dd0f95b3 s3:client: Make sure we work on a copy of the title via f284a5c10f7 s3:client: Evaluate the AUTH_INFO_REQUIRED variable set by cups via f0f56e7e84f s3:client: Pass DEVICE_URI and AUTH_INFO_REQUIRED env to smbspool via cc43f3cd3aa s3:script: Fix jobid check in test_smbspool.sh via c7e7ea8d953 ndr_spoolss_buf: fix out of scope use of stack variable in NDR_SPOOLSS_PUSH_ENUM_OUT() via 7b52da5ecdc Send status to systemd on daemon start from d3e306433f7 lib:util: Move debug message for mkdir failing to log level 1 https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test - Log - commit 300d52de7e5ca115a9427b62c14bd20afc320015 Author: Andreas Schneider Date: Wed Mar 20 11:09:21 2019 +0100 s4:librpc: Fix installation of Samba This breaks installation of Samba 4.10 on Fedora. https://bugzilla.samba.org/show_bug.cgi?id=13847 Signed-off-by: Andreas Schneider Reviewed-by: Alexander Bokovoy (cherry picked from commit bf469343f577e2d78df0e38d80e7976b351eaf0d) Autobuild-User(v4-8-test): Karolin Seeger Autobuild-Date(v4-8-test): Tue Mar 26 12:30:35 UTC 2019 on sn-devel-144 commit 96a229b02812e3a989eb9b96f888e087d9e0969a Author: Martin Schwenke Date: Thu Mar 14 16:32:02 2019 +1100 ctdb-tests: Add some testing for IPv4-mapped IPv6 address parsing ctdb_sock_addr values are hashed in some contexts. This means that all of the memory used for the ctdb_sock_addr should be consistent regardless of how parsing is done. The first 2 cases are just sanity checks but the 3rd case involving an IPv4-mapped IPv6 address is the real target of this test addition. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13839 Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs (cherry picked from commit d9286701cd9253bf3b42cac3d850ae8c23743e6d) commit 02da215c10422d28fbe8646f5dca07448c12d7e1 Author: Zhu Shangzhong Date: Tue Mar 12 20:49:48 2019 +0800 ctdb: Initialize addr struct to zero before reparsing as IPV4 Failed to kill the tcp connection that using IPv4-mapped IPv6 address (e.g. ctdb_killtcp eth0 :::192.168.200.44:2049 :::192.168.200.45:863). When the ctdb_killtcp is used to kill the tcp connection, the IPs and ports in the connection will be parsed to conn.client and conn.server (call stack: main->ctdb_sock_addr_from_string->ip_from_string). In the ip_from_string, as we are using IPv4-mapped IPv6 addresses, the ipv6_from_string will be used to parse ip to addr.ip6 first. The next step the ipv4_from_string will be used to reparse ip to addr.ip. As a result, the data that dump from conn.server is "2 0 8 1 192 168 200 44 0 0 0 0 0 0 0 0 0 0 255 255 192 168 200 44 0 0 0 0", the data from conn.client is "2 0 3 95 192 168 200 45 0 0 0 0 0 0 0 0 0 0 255 255 192 168 200 45 0 0 0 0". The connection will be add to conn_list by ctdb_connection_list_add. Then the reset_connections_send uses conn_list as parameter to start to reset connections in the conn_list. In the reset_connections_send, the database "connections" will be created. The connections from conn_list will be written to the database(call db_hash_add), and use the data that dump from conn_client and conn_server as key. In the reset_connections_capture_tcp_handler, the ctdb_sys_read_tcp_packet will receive data on the raw socket. And extract the IPs and ports from the tcp packet. when extracting IP and port, the tcp4_extract OR tcp6_extract will be used. Then we got the new conn.client and conn.server. the data that dump from the conn.server is "2 0 8 1 192 168 200 44 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0", the data from conn.client is "2 0 3 95 192 168 200 45 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0". Finally, we use the data as key to check if this connection is one being reset(call db_hash_delete). The db_hash_delete will return ENOENT. Because the two key that being used by db_hash_delete and db_hash_add are different. So, the TCP RST will be NOT sent for the connection forever. We should initialize addr struct to zero before r
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via b861e5e91f5 s4:librpc: Fix installation of Samba via 5f94bc518cc ctdb-tests: Add some testing for IPv4-mapped IPv6 address parsing via eb4e66cd0ff ctdb: Initialize addr struct to zero before reparsing as IPV4 via 9e4b17aaaba ctdb-packaging: Test package requires tcpdump via 6e76e884f5e ctdb-packaging: ctdb package should not own system library directory via 7f4492c7f5b s3:client: Fix smbspool device uri handling via e07b8444f53 s3:client: Make sure we work on a copy of the title via 590fd475878 s3:client: Evaluate the AUTH_INFO_REQUIRED variable set by cups via d311eff5aa4 s3:client: Pass DEVICE_URI and AUTH_INFO_REQUIRED env to smbspool via 6c2d5bca41e s3:script: Fix jobid check in test_smbspool.sh via 166dd92d249 ndr_spoolss_buf: fix out of scope use of stack variable in NDR_SPOOLSS_PUSH_ENUM_OUT() via 1e40887120d Send status to systemd on daemon start from fc40f87ebbc lib:util: Move debug message for mkdir failing to log level 1 https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit b861e5e91f54057194b8cd9f9c2eb28ccd6d6c3d Author: Andreas Schneider Date: Wed Mar 20 11:09:21 2019 +0100 s4:librpc: Fix installation of Samba This breaks installation of Samba 4.10 on Fedora. https://bugzilla.samba.org/show_bug.cgi?id=13847 Signed-off-by: Andreas Schneider Reviewed-by: Alexander Bokovoy (cherry picked from commit bf469343f577e2d78df0e38d80e7976b351eaf0d) Autobuild-User(v4-9-test): Karolin Seeger Autobuild-Date(v4-9-test): Fri Mar 22 13:39:46 UTC 2019 on sn-devel-144 commit 5f94bc518cc2ae8dfc24f4c9695580017ed8e0a5 Author: Martin Schwenke Date: Thu Mar 14 16:32:02 2019 +1100 ctdb-tests: Add some testing for IPv4-mapped IPv6 address parsing ctdb_sock_addr values are hashed in some contexts. This means that all of the memory used for the ctdb_sock_addr should be consistent regardless of how parsing is done. The first 2 cases are just sanity checks but the 3rd case involving an IPv4-mapped IPv6 address is the real target of this test addition. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13839 Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs (cherry picked from commit d9286701cd9253bf3b42cac3d850ae8c23743e6d) commit eb4e66cd0ffbe6e0463fb9c0f4a19d26fc4f338f Author: Zhu Shangzhong Date: Tue Mar 12 20:49:48 2019 +0800 ctdb: Initialize addr struct to zero before reparsing as IPV4 Failed to kill the tcp connection that using IPv4-mapped IPv6 address (e.g. ctdb_killtcp eth0 :::192.168.200.44:2049 :::192.168.200.45:863). When the ctdb_killtcp is used to kill the tcp connection, the IPs and ports in the connection will be parsed to conn.client and conn.server (call stack: main->ctdb_sock_addr_from_string->ip_from_string). In the ip_from_string, as we are using IPv4-mapped IPv6 addresses, the ipv6_from_string will be used to parse ip to addr.ip6 first. The next step the ipv4_from_string will be used to reparse ip to addr.ip. As a result, the data that dump from conn.server is "2 0 8 1 192 168 200 44 0 0 0 0 0 0 0 0 0 0 255 255 192 168 200 44 0 0 0 0", the data from conn.client is "2 0 3 95 192 168 200 45 0 0 0 0 0 0 0 0 0 0 255 255 192 168 200 45 0 0 0 0". The connection will be add to conn_list by ctdb_connection_list_add. Then the reset_connections_send uses conn_list as parameter to start to reset connections in the conn_list. In the reset_connections_send, the database "connections" will be created. The connections from conn_list will be written to the database(call db_hash_add), and use the data that dump from conn_client and conn_server as key. In the reset_connections_capture_tcp_handler, the ctdb_sys_read_tcp_packet will receive data on the raw socket. And extract the IPs and ports from the tcp packet. when extracting IP and port, the tcp4_extract OR tcp6_extract will be used. Then we got the new conn.client and conn.server. the data that dump from the conn.server is "2 0 8 1 192 168 200 44 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0", the data from conn.client is "2 0 3 95 192 168 200 45 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0". Finally, we use the data as key to check if this connection is one being reset(call db_hash_delete). The db_hash_delete will return ENOENT. Because the two key that being used by db_hash_delete and db_hash_add are different. So, the TCP RST will be NOT sent for the connection forever. We should initialize addr struct to zero before reparsing as IPV4 in the ip_from_string.
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via c8e8d97959d s3:lib: Fix the debug message for adding cache entries. via f6df8d97686 s4:librpc: Fix installation of Samba via eb632754830 ctdb-tests: Add some testing for IPv4-mapped IPv6 address parsing via 909cecd3606 ctdb: Initialize addr struct to zero before reparsing as IPV4 via fc4e3273316 ctdb-packaging: Test package requires tcpdump via 755f624e2bb ctdb-packaging: ctdb package should not own system library directory via 84aad2ea7d5 s3:client: Fix smbspool device uri handling via c6f1719b5e2 s3:client: Make sure we work on a copy of the title via 0db9487434a s3:client: Evaluate the AUTH_INFO_REQUIRED variable set by cups via 18515064c9b s3:client: Pass DEVICE_URI and AUTH_INFO_REQUIRED env to smbspool via d3ed17e74e7 s3:script: Fix jobid check in test_smbspool.sh via 4cafdc7f2eb ctdb-tests: Build cluster mutex path manually via 5f1d98c233e ndr_spoolss_buf: fix out of scope use of stack variable in NDR_SPOOLSS_PUSH_ENUM_OUT() via f515f1a5486 ctdb-version: Simplify version string usage via 6401d809566 ctdb-build: Drop creation of .distversion in tarball via 2b30986174d ctdb-build: use a fixed ctdb_version.h using SAMBA_VERSION_STRING from 3170d75b5f1 VERSION: Bump version up to 4.10.1... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit c8e8d97959dd5f3ae9ac7556ee0282baec861326 Author: Andreas Schneider Date: Thu Jan 17 13:58:14 2019 +0100 s3:lib: Fix the debug message for adding cache entries. To get correct values, we need to cast 'timeout' to 'long int' first in order to do calculation in that integer space! Calculations are don in the space of the lvalue! BUG: https://bugzilla.samba.org/show_bug.cgi?id=13848 Signed-off-by: Andreas Schneider Reviewed-by: Volker Lendecke (cherry picked from commit 5822449a7340f53987ce4c04851652427f5b49e8) Autobuild-User(v4-10-test): Karolin Seeger Autobuild-Date(v4-10-test): Fri Mar 22 12:50:24 UTC 2019 on sn-devel-144 commit f6df8d976866cad14da492d6f581c9fdeb0c82b3 Author: Andreas Schneider Date: Wed Mar 20 11:09:21 2019 +0100 s4:librpc: Fix installation of Samba This breaks installation of Samba 4.10 on Fedora. https://bugzilla.samba.org/show_bug.cgi?id=13847 Signed-off-by: Andreas Schneider Reviewed-by: Alexander Bokovoy (cherry picked from commit bf469343f577e2d78df0e38d80e7976b351eaf0d) commit eb63275483035550ac7760d83fbbdef357f3860b Author: Martin Schwenke Date: Thu Mar 14 16:32:02 2019 +1100 ctdb-tests: Add some testing for IPv4-mapped IPv6 address parsing ctdb_sock_addr values are hashed in some contexts. This means that all of the memory used for the ctdb_sock_addr should be consistent regardless of how parsing is done. The first 2 cases are just sanity checks but the 3rd case involving an IPv4-mapped IPv6 address is the real target of this test addition. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13839 Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs (cherry picked from commit d9286701cd9253bf3b42cac3d850ae8c23743e6d) commit 909cecd3606c0811bd91a631569441681f05e568 Author: Zhu Shangzhong Date: Tue Mar 12 20:49:48 2019 +0800 ctdb: Initialize addr struct to zero before reparsing as IPV4 Failed to kill the tcp connection that using IPv4-mapped IPv6 address (e.g. ctdb_killtcp eth0 :::192.168.200.44:2049 :::192.168.200.45:863). When the ctdb_killtcp is used to kill the tcp connection, the IPs and ports in the connection will be parsed to conn.client and conn.server (call stack: main->ctdb_sock_addr_from_string->ip_from_string). In the ip_from_string, as we are using IPv4-mapped IPv6 addresses, the ipv6_from_string will be used to parse ip to addr.ip6 first. The next step the ipv4_from_string will be used to reparse ip to addr.ip. As a result, the data that dump from conn.server is "2 0 8 1 192 168 200 44 0 0 0 0 0 0 0 0 0 0 255 255 192 168 200 44 0 0 0 0", the data from conn.client is "2 0 3 95 192 168 200 45 0 0 0 0 0 0 0 0 0 0 255 255 192 168 200 45 0 0 0 0". The connection will be add to conn_list by ctdb_connection_list_add. Then the reset_connections_send uses conn_list as parameter to start to reset connections in the conn_list. In the reset_connections_send, the database "connections" will be created. The connections from conn_list will be written to the database(call db_hash_add), and use the data that dump from conn_client and conn_server as key. In the reset_connections_capture_tcp_handler, the ctdb_sys_
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 82f41e7 NEWS[agenda_XP19]: Agenda SambaXP 2019 online from 3d0f865 docs: move "implementing cifs" to "older docs" https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 82f41e740bfb55c94b34f03298767ad9e810cc03 Author: Karolin Seeger Date: Fri Mar 22 12:06:56 2019 +0100 NEWS[agenda_XP19]: Agenda SambaXP 2019 online Signed-off-by: Karolin Seeger --- Summary of changes: posted_news/20190322-110447.agenda_XP19.body.html | 12 posted_news/20190322-110447.agenda_XP19.headline.html | 3 +++ 2 files changed, 15 insertions(+) create mode 100644 posted_news/20190322-110447.agenda_XP19.body.html create mode 100644 posted_news/20190322-110447.agenda_XP19.headline.html Changeset truncated at 500 lines: diff --git a/posted_news/20190322-110447.agenda_XP19.body.html b/posted_news/20190322-110447.agenda_XP19.body.html new file mode 100644 index 000..2cfce48 --- /dev/null +++ b/posted_news/20190322-110447.agenda_XP19.body.html @@ -0,0 +1,12 @@ + +22 March 2019 +Agenda SambaXP 2019 online + +This year's SambaXP https://sambaxp.org/#c77";>conference program is online! + + +The annual Samba Conference, SambaXP takes +place on 4th - 6th of June 2019 in Göttingen, +Germany. + + diff --git a/posted_news/20190322-110447.agenda_XP19.headline.html b/posted_news/20190322-110447.agenda_XP19.headline.html new file mode 100644 index 000..59f6ef6 --- /dev/null +++ b/posted_news/20190322-110447.agenda_XP19.headline.html @@ -0,0 +1,3 @@ + + 22 March 2019 Agenda SambaXP 2019 online + -- Samba Website Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 6873e01 Add Samba 4.10.0. via ad0c5bf NEWS[4.10.0]: Samba 4.10.0 Available for Download from 1eb87be docs: remove dead links to outdated and valished doc translations https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 6873e01a73f1c8650faa791dc1933f6759f6c825 Author: Karolin Seeger Date: Tue Mar 19 11:15:44 2019 +0100 Add Samba 4.10.0. Signed-off-by: Karolin Seeger commit ad0c5bf11b9149722e17cdfdd30bad7edffdbc36 Author: Karolin Seeger Date: Tue Mar 19 11:12:00 2019 +0100 NEWS[4.10.0]: Samba 4.10.0 Available for Download Signed-off-by: Karolin Seeger --- Summary of changes: history/header_history.html | 1 + history/samba-4.10.0.html| 413 +++ posted_news/20190319-101508.4.10.0.body.html | 12 + posted_news/20190319-101508.4.10.0.headline.html | 3 + 4 files changed, 429 insertions(+) create mode 100644 history/samba-4.10.0.html create mode 100644 posted_news/20190319-101508.4.10.0.body.html create mode 100644 posted_news/20190319-101508.4.10.0.headline.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index 1eb2399..e4e89c5 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -9,6 +9,7 @@ Release Notes + samba-4.10.0 samba-4.9.5 samba-4.9.4 samba-4.9.3 diff --git a/history/samba-4.10.0.html b/history/samba-4.10.0.html new file mode 100644 index 000..e84fb70 --- /dev/null +++ b/history/samba-4.10.0.html @@ -0,0 +1,413 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> +http://www.w3.org/1999/xhtml";> + +Samba 4.10.0 - Release Notes + + +Samba 4.10.0 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.10.0.tar.gz";>Samba 4.10.0 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.10.0.tar.asc";>Signature + + + + == + Release Notes for Samba 4.10.0 + March 19, 2019 + == + + +This is the first stable release of the Samba 4.10 release series. +Please read the release notes carefully before upgrading. + + +NEW FEATURES/CHANGES + + +GPO Improvements + + +A new 'samba-tool gpo backup' command has been added that can export a +set of Group Policy Objects from a domain in a generalised XML format. + +A corresponding 'samba-tool gpo restore' command has been added to +rebuild the Group Policy Objects from the XML after generalization. +(The administrator needs to correct the values of XML entities between +the backup and restore to account for the change in domain). + +KDC prefork +--- + +The KDC now supports the pre-fork process model and worker processes will be +forked for the KDC when the pre-fork process model is selected for samba. + +Prefork 'prefork children' +-- + +The default value for this smdb.conf parameter has been increased from 1 to +4. + +Netlogon prefork + + +DCERPC now supports pre-forked NETLOGON processes. The netlogon processes are +pre-forked when the prefork process model is selected for samba. + +Offline domain backups +-- + +The 'samba-tool domain backup' command has been extended with a new 'offline' +option. This safely creates a backup of the local DC's database directly from +disk. The main benefits of an offline backup are it's quicker, it stores more +database details (for forensic purposes), and the samba process does not have +to be running when the backup is made. Refer to the samba-tool help for more +details on using this command. + +Group membership statistics +--- + +A new 'samba-tool group stats' command has been added. This provides summary +information about how the users are spread across groups in your domain. +The 'samba-tool group list --verbose' command has also been updated to include +the number of users in each group. + +Paged results LDAP control +-- + +The behaviour of the paged results control (1.2.840.113556.1.4.319, RFC2696) +has been changed to more closely match Windows servers, to improve memory +usage. Paged results may be used internally (or is requested by the user) by +LDAP libraries or tools that deal with large result sizes, for example, when +listing all the objects in the database. + +Previously, results were returned as a snapshot o
[SCM] Samba Shared Repository - branch v4-10-stable updated
The branch, v4-10-stable has been updated via 25f2fe02a61 VERSION: Disable GIT_SNAPSHOT for the 4.10.0 release. via 983bcc352cb VERSION: Bump version up to 4.10.0. via 5da71ca11d4 WHATSNEW: Add release notes for Samba 4.10.0. via 00ea6a7d24e lib:util: Move debug message for mkdir failing to log level 1 via 6d901af0f1c lib/winbind_util: Add winbind_xid_to_sid for --without-winbind via 3c32774b925 lib/winbind_util: Move include out of ifdef via 545914afefa passdb: Update ABI to 0.27.2 via 2021080a41d passdb: Make [ug]id_to_sid use xid_to_sid via 8c0268a5fec passdb: Introduce xid_to_sid via 10a0d77f17c lib: Introduce winbind_xid_to_sid via ba6dd781d4a winbind: Use idmap_cache_find_xid2sid via a20e68bcc63 torture: Add tests for idmap cache via f6f0994a597 idmap_cache: Introduce idmap_cache_find_xid2sid via 6434de2b76d winbind: Now we explicitly track if we got ids from cache via 465bd07ff70 winbind: Initialize "expired" parameter to idmap_cache_xid2sid via 1df6720d74b idmap_cache: Only touch "sid" on success in find_xid_to_sid via 41c1870a8c2 lib: Make idmap_cache return negative mappings via 5c2a243d3e7 CI: don't use swap via 7bd135d25d6 s4/scripting/bin: open unicode files with utf8 encoding and write unicode string via 5d0e2bf8190 libcli/security: fix handling of deny type ACEs in access_check_max_allowed() via cc7629a20e9 s4:torture: Add test_deny1(). via c9b6b7ed4be s4:torture: Add test_owner_rights_deny1(). via 1dc2e296f17 libcli/security: correct access check and maximum access calculation for Owner Rights ACEs via 3026c1a36c3 s4:torture: Add test_owner_rights_deny(). via 63f0db77204 s4:torture: Fix the test_owner_rights() test to show permissions are additive. via 7e95499d39a libcli/security: add "Owner Rights" calculation to access_check_max_allowed() via ac08949dcdf s4:torture: add a Maximum Access check with an Owner Rights ACE via 3b52cba505a s4:libcli: remember return code from maximum access via 49bac77e789 autobuild: Add -py2 tests for new split backup/restore testenvs via 9f85efa76d3 autobuild: Split backup/restore testenvs out into separate job via ea33a7b0911 sambaundoguididx: use the right escaped oder unescaped sam ldb files via 2f4d8214601 s4-server: Open and close a transaction on sam.ldb at startup via 0e80b245bf4 WHATSNEW: mention new vfs_glusterfs_fuse module via 9169e9722d6 VERSION: Bump version up to 4.10.0rc5... from e399a0209f4 VERSION: Disable GIT_SNAPSHOT for the 4.10.0rc4 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-stable - Log - --- Summary of changes: .gitlab-ci.yml | 17 +- VERSION| 2 +- WHATSNEW.txt | 58 ++- lib/util/util.c| 6 +- libcli/security/access_check.c | 127 +++-- script/autobuild.py| 13 + source3/lib/idmap_cache.c | 48 +- source3/lib/idmap_cache.h | 2 + source3/lib/winbind_util.c | 41 +- source3/lib/winbind_util.h | 2 + ...passdb-0.27.1.sigs => samba-passdb-0.27.2.sigs} | 2 + source3/passdb/lookup_sid.c| 235 +++-- source3/passdb/lookup_sid.h| 1 + source3/selftest/tests.py | 1 + source3/torture/proto.h| 1 + source3/torture/test_idmap_cache.c | 122 + source3/torture/torture.c | 1 + source3/winbindd/wb_xids2sids.c| 33 +- source3/wscript_build | 3 +- source4/libcli/raw/interfaces.h| 1 + source4/libcli/smb2/create.c | 4 +- source4/scripting/bin/gen_ntstatus.py | 11 +- source4/scripting/bin/gen_werror.py| 11 +- source4/scripting/bin/sambaundoguididx | 3 +- source4/smbd/server.c | 42 ++ source4/torture/smb2/acls.c| 558 + 26 files changed, 1066 insertions(+), 279 deletions(-) copy source3/passdb/ABI/{samba-passdb-0.27.1.sigs => samba-passdb-0.27.2.sigs} (99%) create mode 100644 source3/torture/test_idmap_cache.c Changeset truncated at 500 lines: diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 04d57cb0491..4249f5296b3 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -7,12 +7,7 @@ variables: GIT_DEPTH: "3" befor
[SCM] Samba Shared Repository - annotated tag samba-4.10.0 created
The annotated tag, samba-4.10.0 has been created at 63caf233095af11038b8e9950952adad68f2af00 (tag) tagging 25f2fe02a615e2cf906b6fa495acd8ea0aa9998a (commit) replaces samba-4.10.0rc4 tagged by Karolin Seeger on Tue Mar 19 11:11:47 2019 +0100 - Log - samba: tag release samba-4.10.0 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXJDAYwAKCRBvM5FbZWi3 6kbOAJ44gUx8nSFRZBllwSkF00Bhv7dbmACgxqu5NzfFpxT7BVdvppfEm+PBFjM= =i6XK -END PGP SIGNATURE- Andreas Schneider (1): lib:util: Move debug message for mkdir failing to log level 1 Andrew Bartlett (2): s4-server: Open and close a transaction on sam.ldb at startup autobuild: Add -py2 tests for new split backup/restore testenvs Björn Jacke (1): sambaundoguididx: use the right escaped oder unescaped sam ldb files Christof Schmitt (3): passdb: Update ABI to 0.27.2 lib/winbind_util: Move include out of ifdef lib/winbind_util: Add winbind_xid_to_sid for --without-winbind Günther Deschner (1): WHATSNEW: mention new vfs_glusterfs_fuse module Jeremy Allison (3): s4:torture: Fix the test_owner_rights() test to show permissions are additive. s4:torture: Add test_owner_rights_deny(). s4:torture: Add test_owner_rights_deny1(). Joe Guo (1): s4/scripting/bin: open unicode files with utf8 encoding and write unicode string Karolin Seeger (4): VERSION: Bump version up to 4.10.0rc5... WHATSNEW: Add release notes for Samba 4.10.0. VERSION: Bump version up to 4.10.0. VERSION: Disable GIT_SNAPSHOT for the 4.10.0 release. Ralph Boehme (7): s4:libcli: remember return code from maximum access s4:torture: add a Maximum Access check with an Owner Rights ACE libcli/security: add "Owner Rights" calculation to access_check_max_allowed() libcli/security: correct access check and maximum access calculation for Owner Rights ACEs s4:torture: Add test_deny1(). libcli/security: fix handling of deny type ACEs in access_check_max_allowed() CI: don't use swap Tim Beale (1): autobuild: Split backup/restore testenvs out into separate job Volker Lendecke (10): lib: Make idmap_cache return negative mappings idmap_cache: Only touch "sid" on success in find_xid_to_sid winbind: Initialize "expired" parameter to idmap_cache_xid2sid winbind: Now we explicitly track if we got ids from cache idmap_cache: Introduce idmap_cache_find_xid2sid torture: Add tests for idmap cache winbind: Use idmap_cache_find_xid2sid lib: Introduce winbind_xid_to_sid passdb: Introduce xid_to_sid passdb: Make [ug]id_to_sid use xid_to_sid --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via 3170d75b5f1 VERSION: Bump version up to 4.10.1... via 25f2fe02a61 VERSION: Disable GIT_SNAPSHOT for the 4.10.0 release. via 983bcc352cb VERSION: Bump version up to 4.10.0. via 5da71ca11d4 WHATSNEW: Add release notes for Samba 4.10.0. from 00ea6a7d24e lib:util: Move debug message for mkdir failing to log level 1 https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit 3170d75b5f110259383244fb4a4cb0474302f5e3 Author: Karolin Seeger Date: Tue Mar 19 10:57:53 2019 +0100 VERSION: Bump version up to 4.10.1... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger commit 25f2fe02a615e2cf906b6fa495acd8ea0aa9998a Author: Karolin Seeger Date: Tue Mar 19 10:57:00 2019 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.10.0 release. Signed-off-by: Karolin Seeger commit 983bcc352cb6d4f894e4b0b3cc90fde48b8a443b Author: Karolin Seeger Date: Tue Mar 19 10:55:47 2019 +0100 VERSION: Bump version up to 4.10.0. Signed-off-by: Karolin Seeger commit 5da71ca11d4369b611d5421ea50908fbb7fdd8c1 Author: Karolin Seeger Date: Tue Mar 19 10:54:30 2019 +0100 WHATSNEW: Add release notes for Samba 4.10.0. Signed-off-by: Karolin Seeger --- Summary of changes: VERSION | 4 ++-- WHATSNEW.txt | 45 ++--- 2 files changed, 36 insertions(+), 13 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 4cfcef23944..1e0a345368a 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=10 -SAMBA_VERSION_RELEASE=0 +SAMBA_VERSION_RELEASE=1 # If a official release has a serious bug # @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=5 +SAMBA_VERSION_RC_RELEASE= # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index f2eff485c8c..5d3d23ab9da 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,16 +1,11 @@ -Release Announcements -= + == + Release Notes for Samba 4.10.0 + March 19, 2019 + == -This is the fourth release candidate of Samba 4.10. This is *not* -intended for production environments and is designed for testing -purposes only. Please report any defects via the Samba bug reporting -system at https://bugzilla.samba.org/. -Samba 4.10 will be the next version of the Samba suite. - - -UPGRADING -= +This is the first stable release of the Samba 4.10 release series. +Please read the release notes carefully before upgrading. NEW FEATURES/CHANGES @@ -255,6 +250,34 @@ smb.conf changes sharemode" but for SMB getinfo +CHANGES SINCE 4.10.0rc4 +=== + +o Andrew Bartlett + * BUG 13760: s4-server: Open and close a transaction on sam.ldb at startup. + +o Ralph Boehme + * BUG 13812: access_check_max_allowed() doesn't process "Owner Rights" ACEs. + +o Joe Guo + * s4/scripting/bin: Open unicode files with utf8 encoding and write + * unicode string. + +o Björn Jacke + * BUG 13759: sambaundoguididx: Use the right escaped oder unescaped sam ldb + files. + +o Volker Lendecke + * BUG 13813: Fix idmap cache pollution with S-1-22- IDs on winbind hickup. + +o Christof Schmitt + * passdb: Update ABI to 0.27.2. + * BUG 13813: lib/winbind_util: Add winbind_xid_to_sid for --without-winbind. + +o Andreas Schneider + * BUG 13823: lib:util: Move debug message for mkdir failing to log level 1. + + CHANGES SINCE 4.10.0rc3 === -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via 00ea6a7d24e lib:util: Move debug message for mkdir failing to log level 1 via 6d901af0f1c lib/winbind_util: Add winbind_xid_to_sid for --without-winbind via 3c32774b925 lib/winbind_util: Move include out of ifdef via 545914afefa passdb: Update ABI to 0.27.2 via 2021080a41d passdb: Make [ug]id_to_sid use xid_to_sid via 8c0268a5fec passdb: Introduce xid_to_sid via 10a0d77f17c lib: Introduce winbind_xid_to_sid via ba6dd781d4a winbind: Use idmap_cache_find_xid2sid via a20e68bcc63 torture: Add tests for idmap cache via f6f0994a597 idmap_cache: Introduce idmap_cache_find_xid2sid via 6434de2b76d winbind: Now we explicitly track if we got ids from cache via 465bd07ff70 winbind: Initialize "expired" parameter to idmap_cache_xid2sid via 1df6720d74b idmap_cache: Only touch "sid" on success in find_xid_to_sid via 41c1870a8c2 lib: Make idmap_cache return negative mappings from 5c2a243d3e7 CI: don't use swap https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit 00ea6a7d24ed7f6fbbc585a73755070f38d07a2a Author: Andreas Schneider Date: Thu Mar 7 12:31:42 2019 +0100 lib:util: Move debug message for mkdir failing to log level 1 If you connnect to a host with smbclient this gets always printed. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13823 Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett (cherry picked from commit c71334ec0c92e791022a9b7c900aa0dd649226c2) Autobuild-User(v4-10-test): Karolin Seeger Autobuild-Date(v4-10-test): Wed Mar 13 12:15:10 UTC 2019 on sn-devel-144 commit 6d901af0f1ca5ffe349f50c72ad33987f009a73f Author: Christof Schmitt Date: Tue Mar 5 11:56:49 2019 -0700 lib/winbind_util: Add winbind_xid_to_sid for --without-winbind BUG: https://bugzilla.samba.org/show_bug.cgi?id=13813 Signed-off-by: Christof Schmitt Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Wed Mar 6 01:53:16 UTC 2019 on sn-devel-144 (cherry picked from commit 4125ff89e44a3e98882cfc38c06e559a6e1e56a5) commit 3c32774b9254dc58801d5a734d148eade1223aaf Author: Christof Schmitt Date: Tue Mar 5 11:50:48 2019 -0700 lib/winbind_util: Move include out of ifdef This fixes compile errors about missing prototypes with --picky-developer and --without-winbind Signed-off-by: Christof Schmitt Reviewed-by: Jeremy Allison (cherry picked from commit 4b1e4c22128bdefe549a58b181e9b755854f4c3e) commit 545914afefa41708b423299a33730b6f3e46f684 Author: Christof Schmitt Date: Wed Mar 6 11:55:32 2019 -0800 passdb: Update ABI to 0.27.2 This change is for the backport only. The change in master increased the ABI version to 0.28.0 and removed some functions; this should not happen in a backport. Signed-off-by: Christof Schmitt Reviewed-by: Jeremy Allison commit 2021080a41d296e9ba8a648e10a418cfce6200ae Author: Volker Lendecke Date: Tue Feb 26 15:17:36 2019 +0100 passdb: Make [ug]id_to_sid use xid_to_sid Signed-off-by: Volker Lendecke Reviewed-by: Christof Schmitt Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit 40de67f1fcc46b7a64a7364c91dcedb474826d51) commit 8c0268a5fec09e546b98cc88f8fce28dc4543d36 Author: Volker Lendecke Date: Tue Feb 26 15:10:21 2019 +0100 passdb: Introduce xid_to_sid This explicitly avoids the legacy_[ug]id_to_sid calls, which create long-term cache entries to S-1-22-x-y if anthing fails. We can't do this, because this will turn temporary winbind communication failures into long-term problems: A short hickup in winbind_uid_to_sid will create a mapping to S-1-22-1-uid for a week. It should be up to the lower layers to do the caching. Signed-off-by: Volker Lendecke Reviewed-by: Christof Schmitt Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit 92f27ebb14c0c18b1d0fd49544ad851aeb14781c) commit 10a0d77f17caf49ba35f2f23974c9518c2f37c83 Author: Volker Lendecke Date: Tue Feb 26 14:45:32 2019 +0100 lib: Introduce winbind_xid_to_sid This does not merge a winbind communication error into "global_sid_NULL" (S-1-0-0), which by the way non-intuitively does not go along with is_null_sid(). Instead, this just touches the output sid when winbind returned success. This success might well be a negative mapping indicated by S-0-0, which *is* is_null_sid()... Signed-off-by: Volker Lendecke Reviewed-by: Christof Schmitt Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit ef706a3e6
[SCM] Samba Shared Repository - branch v4-8-test updated
The branch, v4-8-test has been updated via d3e306433f7 lib:util: Move debug message for mkdir failing to log level 1 via e655fa0a437 WHATSNEW: mention new vfs_glusterfs_fuse module via 57158ba47e7 lib/winbind_util: Add winbind_xid_to_sid for --without-winbind via 38d723896da lib/winbind_util: Move include out of ifdef via e2588af9cc4 passdb: Update ABI to 0.27.2 via d7ba89435d4 s3:passdb: add create_builtin_guests() via 79191a7193a passdb: Make [ug]id_to_sid use xid_to_sid via 4fd495159d1 passdb: Introduce xid_to_sid via e8bb1f65cd1 lib: Add dom_sid_str_buf via b9ac92992ce lib: Introduce winbind_xid_to_sid via 8d0a8864b17 winbind: Use idmap_cache_find_xid2sid via 0a2db567327 torture: Add tests for idmap cache via 894567e19ec idmap_cache: Introduce idmap_cache_find_xid2sid via dd9ca43d6a7 winbind: Now we explicitly track if we got ids from cache via c031b9e23ac winbind: Initialize "expired" parameter to idmap_cache_xid2sid via b0a1d90050c idmap_cache: Only touch "sid" on success in find_xid_to_sid via 14234542aa5 lib: Make idmap_cache return negative mappings from 29984beafc9 libcli/security: fix handling of deny type ACEs in access_check_max_allowed() https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test - Log - commit d3e306433f7be4f0d190884ba078cd39d02ab318 Author: Andreas Schneider Date: Thu Mar 7 12:31:42 2019 +0100 lib:util: Move debug message for mkdir failing to log level 1 If you connnect to a host with smbclient this gets always printed. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13823 Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett (cherry picked from commit c71334ec0c92e791022a9b7c900aa0dd649226c2) Autobuild-User(v4-8-test): Karolin Seeger Autobuild-Date(v4-8-test): Tue Mar 12 17:01:14 UTC 2019 on sn-devel-144 commit e655fa0a437faa7b9335a6f09b571d734df4b810 Author: Günther Deschner Date: Mon Mar 11 14:13:18 2019 +0100 WHATSNEW: mention new vfs_glusterfs_fuse module Guenther Signed-off-by: Guenther Deschner commit 57158ba47e72c748f9096c9597cdb490e03403aa Author: Christof Schmitt Date: Tue Mar 5 11:56:49 2019 -0700 lib/winbind_util: Add winbind_xid_to_sid for --without-winbind BUG: https://bugzilla.samba.org/show_bug.cgi?id=13813 Signed-off-by: Christof Schmitt Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Wed Mar 6 01:53:16 UTC 2019 on sn-devel-144 (cherry picked from commit 4125ff89e44a3e98882cfc38c06e559a6e1e56a5) commit 38d723896da46e5e799f2cb6ee6a25711a40e450 Author: Christof Schmitt Date: Tue Mar 5 11:50:48 2019 -0700 lib/winbind_util: Move include out of ifdef This fixes compile errors about missing prototypes with --picky-developer and --without-winbind Signed-off-by: Christof Schmitt Reviewed-by: Jeremy Allison (cherry picked from commit 4b1e4c22128bdefe549a58b181e9b755854f4c3e) commit e2588af9cc4e712eb5afc6333e1d98fc7943af18 Author: Christof Schmitt Date: Mon Mar 4 13:38:48 2019 -0700 passdb: Update ABI to 0.27.2 This change is for the backport only. The change in master increased the ABI version to 0.28.0 and removed some functions; this should not happen in a backport. Signed-off-by: Christof Schmitt commit d7ba89435d4c14529f6d91ccb9c24cc8814d0fe5 Author: Stefan Metzmacher Date: Tue Mar 6 22:47:42 2018 +0100 s3:passdb: add create_builtin_guests() Signed-off-by: Stefan Metzmacher Reviewed-by: Andreas Schneider (cherry picked from commit c5874b9b68e0795e9dc23b04efa5959ac03ec8dc) commit 79191a7193afe430cd81ff48a59965ed3b6c81d3 Author: Volker Lendecke Date: Tue Feb 26 15:17:36 2019 +0100 passdb: Make [ug]id_to_sid use xid_to_sid Signed-off-by: Volker Lendecke Reviewed-by: Christof Schmitt Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit 40de67f1fcc46b7a64a7364c91dcedb474826d51) commit 4fd495159d183fa9fd2e74bb74893a842e8cbcad Author: Volker Lendecke Date: Tue Feb 26 15:10:21 2019 +0100 passdb: Introduce xid_to_sid This explicitly avoids the legacy_[ug]id_to_sid calls, which create long-term cache entries to S-1-22-x-y if anthing fails. We can't do this, because this will turn temporary winbind communication failures into long-term problems: A short hickup in winbind_uid_to_sid will create a mapping to S-1-22-1-uid for a week. It should be up to the lower layers to do the caching. Signed-off-by: Volker Lendecke Reviewed-by: Christof Schmitt Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via fc40f87ebbc lib:util: Move debug message for mkdir failing to log level 1 via aaefa8ea0bf WHATSNEW: mention new vfs_glusterfs_fuse module via f232cd76d3d CI: don't use swap via 65c85aee4cb lib/winbind_util: Add winbind_xid_to_sid for --without-winbind via 7f74413a9b9 lib/winbind_util: Move include out of ifdef via f506180c0b8 passdb: Update ABI to 0.27.2 via 1f915119d5d passdb: Make [ug]id_to_sid use xid_to_sid via f175abcc68d passdb: Introduce xid_to_sid via 522b85013ee lib: Add dom_sid_str_buf via 713c48eb9bd lib: Introduce winbind_xid_to_sid via 5bf41f42bb3 winbind: Use idmap_cache_find_xid2sid via d74b8a1cba2 torture: Add tests for idmap cache via 71f7738ca4c idmap_cache: Introduce idmap_cache_find_xid2sid via 527ecdbe9c2 winbind: Now we explicitly track if we got ids from cache via bdeacbabd20 winbind: Initialize "expired" parameter to idmap_cache_xid2sid via d9b762a3d2d idmap_cache: Only touch "sid" on success in find_xid_to_sid via 00baebb8dc9 lib: Make idmap_cache return negative mappings from 3e6b84f8b43 VERSION: Bump version up to 4.9.6... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit fc40f87ebbc7c24190b3044f045e3e0d20e80889 Author: Andreas Schneider Date: Thu Mar 7 12:31:42 2019 +0100 lib:util: Move debug message for mkdir failing to log level 1 If you connnect to a host with smbclient this gets always printed. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13823 Signed-off-by: Andreas Schneider Reviewed-by: Andrew Bartlett (cherry picked from commit c71334ec0c92e791022a9b7c900aa0dd649226c2) Autobuild-User(v4-9-test): Karolin Seeger Autobuild-Date(v4-9-test): Tue Mar 12 16:13:29 UTC 2019 on sn-devel-144 commit aaefa8ea0bf6d69e2ade5ab47af64e373ac3f179 Author: Günther Deschner Date: Mon Mar 11 14:11:23 2019 +0100 WHATSNEW: mention new vfs_glusterfs_fuse module Guenther Signed-off-by: Guenther Deschner commit f232cd76d3d2d7fe72670993b22eb0c6f607ff05 Author: Ralph Boehme Date: Sun Mar 3 22:09:26 2019 +0100 CI: don't use swap Signed-off-by: Ralph Boehme Reviewed-by: Andreas Schneider Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Mon Mar 4 13:59:42 UTC 2019 on sn-devel-144 (adapted from from commit 7798bc14fbdae3461eb30421923d53978b3f781d by Andrew Bartlett) commit 65c85aee4cbb102d482221ce4be2cf079f9fe294 Author: Christof Schmitt Date: Tue Mar 5 11:56:49 2019 -0700 lib/winbind_util: Add winbind_xid_to_sid for --without-winbind BUG: https://bugzilla.samba.org/show_bug.cgi?id=13813 Signed-off-by: Christof Schmitt Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Wed Mar 6 01:53:16 UTC 2019 on sn-devel-144 (cherry picked from commit 4125ff89e44a3e98882cfc38c06e559a6e1e56a5) commit 7f74413a9b98477bc8476672002555e1a18377b4 Author: Christof Schmitt Date: Tue Mar 5 11:50:48 2019 -0700 lib/winbind_util: Move include out of ifdef This fixes compile errors about missing prototypes with --picky-developer and --without-winbind Signed-off-by: Christof Schmitt Reviewed-by: Jeremy Allison (cherry picked from commit 4b1e4c22128bdefe549a58b181e9b755854f4c3e) commit f506180c0b8bedb0c284413056ea2a71430ad36e Author: Christof Schmitt Date: Mon Mar 4 13:38:48 2019 -0700 passdb: Update ABI to 0.27.2 This change is for the backport only. The change in master increased the ABI version to 0.28.0 and removed some functions; this should not happen in a backport. Signed-off-by: Christof Schmitt commit 1f915119d5df275cd0389f31abb5c9181fe6c2ce Author: Volker Lendecke Date: Tue Feb 26 15:17:36 2019 +0100 passdb: Make [ug]id_to_sid use xid_to_sid Signed-off-by: Volker Lendecke Reviewed-by: Christof Schmitt Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813 (cherry picked from commit 40de67f1fcc46b7a64a7364c91dcedb474826d51) commit f175abcc68d26fe1852d7470c26dada164ee90bb Author: Volker Lendecke Date: Tue Feb 26 15:10:21 2019 +0100 passdb: Introduce xid_to_sid This explicitly avoids the legacy_[ug]id_to_sid calls, which create long-term cache entries to S-1-22-x-y if anthing fails. We can't do this, because this will turn temporary winbind communication failures into long-term problems: A short hickup in winbind_uid_to_sid will create a mapping to S-1-22-1-uid for a week. It should be up to the lower layers to do the caching. Signed-off-by: Volker Lendecke Reviewed-by: Christof Schmitt Bug: https:/
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via f2b1d83 Add Samba 4.9.5. via 0f7afe3 NEWS[4.9.5]: Samba 4.9.5 Available for Download from 9843326 NEWS[4.10.0rc4]: Samba 4.10.0rc4 Available for Download https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit f2b1d836575b2465ca50073a6ea5982105f391ff Author: Karolin Seeger Date: Tue Mar 12 09:24:15 2019 +0100 Add Samba 4.9.5. Signed-off-by: Karolin Seeger commit 0f7afe35d8a04b0ca9c5b4e118a2a6bd51229917 Author: Karolin Seeger Date: Tue Mar 12 09:22:46 2019 +0100 NEWS[4.9.5]: Samba 4.9.5 Available for Download Signed-off-by: Karolin Seeger --- Summary of changes: history/header_history.html | 1 + history/samba-4.9.5.html| 140 posted_news/20190312-082348.4.9.5.body.html | 13 +++ posted_news/20190312-082348.4.9.5.headline.html | 3 + 4 files changed, 157 insertions(+) create mode 100644 history/samba-4.9.5.html create mode 100644 posted_news/20190312-082348.4.9.5.body.html create mode 100644 posted_news/20190312-082348.4.9.5.headline.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index 29bde65..1eb2399 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -9,6 +9,7 @@ Release Notes + samba-4.9.5 samba-4.9.4 samba-4.9.3 samba-4.9.2 diff --git a/history/samba-4.9.5.html b/history/samba-4.9.5.html new file mode 100644 index 000..f23a05a --- /dev/null +++ b/history/samba-4.9.5.html @@ -0,0 +1,140 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> +http://www.w3.org/1999/xhtml";> + +Samba 4.9.5 - Release Notes + + +Samba 4.9.5 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.9.5.tar.gz";>Samba 4.9.5 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.9.5.tar.asc";>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.9.4-4.9.5.diffs.gz";>Patch (gzipped) against Samba 4.9.4 +https://download.samba.org/pub/samba/patches/samba-4.9.4-4.9.5.diffs.asc";>Signature + + + + = + Release Notes for Samba 4.9.5 + March 12, 2019 + = + + +Changes since 4.9.4: + + +o Andrew Bartlett <abart...@samba.org> + * BUG 13714: audit_logging: Remove debug log header and JSON Authentication: + prefix. + * BUG 13760: Fix upgrade from 4.7 (or earlier) to 4.9. + +o Jeremy Allison <j...@samba.org> + * BUG 11495: s3: lib: nmbname: Ensure we limit the NetBIOS name correctly. + CID: 1433607. + * BUG 13690: smbd: uid: Don't crash if 'force group' is added to an existing + share connection. + * BUG 13770: s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility + code. + * BUG 13803: s3: SMB1 POSIX mkdir does case insensitive name lookup. + +o Christian Ambach <a...@samba.org> + * BUG 13199: s3:utils/smbget fix recursive download with empty source + directories. + +o Douglas Bagnall <douglas.bagn...@catalyst.net.nz> + * BUG 13716: samba-tool drs showrepl: Do not crash if no dnsHostName found. + +o Tim Beale <timbe...@catalyst.net.nz> + * BUG 13736: s3:libsmb: cli_smb2_list() can sometimes fail initially on a + connection. + * BUG 13747: join: Throw CommandError instead of Exception for simple errors. + * BUG 13762: ldb: Avoid inefficient one-level searches. + +o Ralph Boehme <s...@samba.org> + * BUG 13736: s3: libsmb: use smb2cli_conn_max_trans_size() in + cli_smb2_list(). + * BUG 13776: tldap: Avoid use after free errors. + * BUG 13802: Fix idmap xid2sid cache churn. + * BUG 13812: access_check_max_allowed() doesn't process "Owner Rights" ACEs. + +o Günther Deschner <g...@samba.org> + * BUG 13720: s3-smbd: Avoid assuming fsp is always intact after close_file + call. + * BUG 13725: s3-vfs-fruit: Add close call. + * BUG 13746: s3-smbd: Use fruit:model string for mDNS registration. + * BUG 13774: s3-vfs: add glusterfs_fuse vfs module. + +o David Disseldorp <dd...@samba.org> + * BUG 13766: printing: Check lp_load_printers() prior to pcap cache update. + * BUG 13807: vfs_ceph: vfs_ceph strict_allocate_ftruncate calls (local FS) + ftruncate and fallocate. + +o Philipp Gesang <philipp.ges...@intra2net.com> + * BUG 13737: lib/audit_logging: Actually create talloc. + +o Joe Guo <j...@catalyst.net.nz> + * BUG 13728: netcmd/user
[SCM] Samba Shared Repository - branch v4-9-stable updated
The branch, v4-9-stable has been updated via 214ec9cf8f4 VERSION: Disable GIT_SNAPSHOT for the 4.9.5 release. via 2bbbc1aae27 WHATSNEW: Add release notes for Samba 4.9.5. via 43957ab96e7 libcli/security: fix handling of deny type ACEs in access_check_max_allowed() via 4fe9eff4dd6 s4:torture: Add test_deny1(). via 824a058aa92 s4:torture: Add test_owner_rights_deny1(). via b4289aa34ae libcli/security: correct access check and maximum access calculation for Owner Rights ACEs via f801b824815 s4:torture: Add test_owner_rights_deny(). via b1ce4d436a1 s4:torture: Fix the test_owner_rights() test to show permissions are additive. via 8f9858671fd libcli/security: add "Owner Rights" calculation to access_check_max_allowed() via 2a7e1bb9c03 s4:torture: add a Maximum Access check with an Owner Rights ACE via 953039c7a78 s4:libcli: remember return code from maximum access via 9dc374fee03 sambaundoguididx: use the right escaped oder unescaped sam ldb files via f8748b8bfc2 s4-server: Open and close a transaction on sam.ldb at startup via 47fb4ba84f3 vfs_ceph: remove ceph_fallocate/ceph_ftruncate fallback via ba75d5f4839 vfs_ceph: fix strict_allocate_ftruncate() via 15ef70cb53a vfs_ceph: add missing fallocate hook via 13bf811858f s3: smbd: filenames - ensure we replace the missing '/' if we error in an intermediate POSIX path. via ffb706ddbce s3: torture: Add additional POSIX mkdir tests. via 4b58042f3fa smbd: unix_convert: Ensure we don't call get_real_filename on POSIX paths. via fe4254ef4e1 smbd: SMB1-POSIX: Add missing info-level SMB_POSIX_PATH_OPEN for UCF_UNIX_NAME_LOOKUP flag. via f59064f8a96 s3: smbtorture3: Add POSIX-MKDIR test for posix_mkdir case sensitive bug. via 53dfd92b82e winbindd: set idmap cache entries as the last step in async wb_xids2sids via 9c36a6dd16a winbindd: track whether a result from xid2sid was coming from the cache via b6587172d0c winbindd: switch send-next/done order via 06862c77d5c winbindd: update xid in wb_xids2sids_state->xids with what we got via 4cf7bddc645 winbindd: convert id to a pointer in wb_xids2sids_dom_done() via 577ac999fbd winbindd: make xids a const argument to wb_xids2sids_send() via 915aff6fe7c winbindd: make a copy of xid's in wb_xids2sids_send() via eb16d3b7bc1 ctdb-cluster-mutex: Separate out command and file handling via 65c3c5801ff ctdb-recoverd: Time out attempt to take recovery lock after 120s via 4c059e03ef7 ctdb-recoverd: Ban node on unknown error when taking recovery lock via fd9a02c0bb2 ctdb-recoverd: Make recoverd context available in recovery lock handle via f63f2a0ee39 ctdb-recoverd: Clean up logging on failure to take recovery lock via fb8c3bd8995 ctdb-recoverd: Free cluster mutex handler on failure to take lock via 592f02112bb ctdb-config: Change example recovery lock setting to one that fails via ad3751b5a51 messages_dgm: Properly handle receiver re-initialization via 9dd1b416654 torture3: Extend read3 for the "messaging target re-inits" failure via 6bea9304998 messages_dgm: Use saved errno value via 6a38b9917b2 man pages: document prefork process model via ab66f70056c notifyd: Fix SIGBUS on sparc via 2bbd2dcf282 CVE-2019-3824 ldb: Release ldb 1.4.6 via 47b2344bdb1 CVE-2019-3824 ldb: Add tests for ldb_wildcard_match via 2a88a47b9f8 CVE-2019-3824 ldb: wildcard_match end of data check via 73187de7138 CVE-2019-3824 ldb: wildcard_match check tree operation via 754bc1a76e9 CVE-2019-3824 ldb: ldb_parse_tree use talloc_zero via 33fa01b4be0 CVE-2019-3824 ldb: Improve code style and layout in wildcard processing via cedc4e89625 CVE-2019-3824 ldb: Extra comments to clarify no pointer wrap in wildcard processing via fd8e90b9a51 CVE-2019-3824 ldb: Out of bound read in ldb_wildcard_compare via 2f5823c5015 waf: Check for libnscd via d85f9fdc8ac tldap: avoid more use after free errors via 5995d5b91bf tldap: avoid a use after free crash via c0858bc990c s3:vfs: Correctly check if OFD locks should be enabled or not via 53d2623b2fd s3:vfs: Initialize pid to 0 in test_netatalk_lock() via eb425d50447 s4: torture: vfs_fruit. Change test_fruit_locking_conflict() to match the vfs_fruit working server code. via b650db4d06a s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility code. via 6f697b9c68a netcmd/user: python[3]-gpgme unsupported and replaced by python[3]-gpg via 7644bb26be0 smbd: uid: Don't crash if 'force group' is added to an existing share connection. via eac00de2a09 s3: tests: Add regression test for smbd crash on share force group change with existing connection. v
[SCM] Samba Shared Repository - annotated tag samba-4.9.5 created
The annotated tag, samba-4.9.5 has been created at e4bd06ab0291b4e0d7ac924c33b23f49ca1b736e (tag) tagging 214ec9cf8f4e9d3e5bbab6e163f768e7dae6df6b (commit) replaces ldb-1.4.6 tagged by Karolin Seeger on Tue Mar 12 09:22:33 2019 +0100 - Log - samba: tag release samba-4.9.5 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXIdsSQAKCRBvM5FbZWi3 6ipYAJ4mdsUqwJraKcYW/hxC4xN1JmQtbACgmKixkWly52GY9Fz5pJHNF1ptKXQ= =jGrw -END PGP SIGNATURE- Andrew Bartlett (1): s4-server: Open and close a transaction on sam.ldb at startup Björn Jacke (1): sambaundoguididx: use the right escaped oder unescaped sam ldb files David Disseldorp (3): vfs_ceph: add missing fallocate hook vfs_ceph: fix strict_allocate_ftruncate() vfs_ceph: remove ceph_fallocate/ceph_ftruncate fallback Gary Lockyer (1): man pages: document prefork process model Jeremy Allison (8): s3: smbtorture3: Add POSIX-MKDIR test for posix_mkdir case sensitive bug. smbd: SMB1-POSIX: Add missing info-level SMB_POSIX_PATH_OPEN for UCF_UNIX_NAME_LOOKUP flag. smbd: unix_convert: Ensure we don't call get_real_filename on POSIX paths. s3: torture: Add additional POSIX mkdir tests. s3: smbd: filenames - ensure we replace the missing '/' if we error in an intermediate POSIX path. s4:torture: Fix the test_owner_rights() test to show permissions are additive. s4:torture: Add test_owner_rights_deny(). s4:torture: Add test_owner_rights_deny1(). Jiří Šašek (1): notifyd: Fix SIGBUS on sparc Karolin Seeger (2): WHATSNEW: Add release notes for Samba 4.9.5. VERSION: Disable GIT_SNAPSHOT for the 4.9.5 release. Martin Schwenke (7): ctdb-config: Change example recovery lock setting to one that fails ctdb-recoverd: Free cluster mutex handler on failure to take lock ctdb-recoverd: Clean up logging on failure to take recovery lock ctdb-recoverd: Make recoverd context available in recovery lock handle ctdb-recoverd: Ban node on unknown error when taking recovery lock ctdb-recoverd: Time out attempt to take recovery lock after 120s ctdb-cluster-mutex: Separate out command and file handling Ralph Boehme (13): winbindd: make a copy of xid's in wb_xids2sids_send() winbindd: make xids a const argument to wb_xids2sids_send() winbindd: convert id to a pointer in wb_xids2sids_dom_done() winbindd: update xid in wb_xids2sids_state->xids with what we got winbindd: switch send-next/done order winbindd: track whether a result from xid2sid was coming from the cache winbindd: set idmap cache entries as the last step in async wb_xids2sids s4:libcli: remember return code from maximum access s4:torture: add a Maximum Access check with an Owner Rights ACE libcli/security: add "Owner Rights" calculation to access_check_max_allowed() libcli/security: correct access check and maximum access calculation for Owner Rights ACEs s4:torture: Add test_deny1(). libcli/security: fix handling of deny type ACEs in access_check_max_allowed() Volker Lendecke (3): messages_dgm: Use saved errno value torture3: Extend read3 for the "messaging target re-inits" failure messages_dgm: Properly handle receiver re-initialization --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via 3e6b84f8b43 VERSION: Bump version up to 4.9.6... via 214ec9cf8f4 VERSION: Disable GIT_SNAPSHOT for the 4.9.5 release. via 2bbbc1aae27 WHATSNEW: Add release notes for Samba 4.9.5. from 43957ab96e7 libcli/security: fix handling of deny type ACEs in access_check_max_allowed() https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit 3e6b84f8b43f769b823c13852237f47ebfad6d77 Author: Karolin Seeger Date: Fri Feb 22 11:36:16 2019 +0100 VERSION: Bump version up to 4.9.6... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger commit 214ec9cf8f4e9d3e5bbab6e163f768e7dae6df6b Author: Karolin Seeger Date: Fri Feb 22 11:35:39 2019 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.9.5 release. Signed-off-by: Karolin Seeger commit 2bbbc1aae27cd6d643b43f2c1eedd9e6fce0d59a Author: Karolin Seeger Date: Fri Feb 22 11:35:04 2019 +0100 WHATSNEW: Add release notes for Samba 4.9.5. Signed-off-by: Karolin Seeger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 145 ++- 2 files changed, 144 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 18174c3ff41..94639913d30 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=9 -SAMBA_VERSION_RELEASE=5 +SAMBA_VERSION_RELEASE=6 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index b3a39d3291a..22eeec2ddcc 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,144 @@ + = + Release Notes for Samba 4.9.5 + March 12, 2019 + = + + +Changes since 4.9.4: + + +o Andrew Bartlett + * BUG 13714: audit_logging: Remove debug log header and JSON Authentication: + prefix. + * BUG 13760: Fix upgrade from 4.7 (or earlier) to 4.9. + +o Jeremy Allison + * BUG 11495: s3: lib: nmbname: Ensure we limit the NetBIOS name correctly. + CID: 1433607. + * BUG 13690: smbd: uid: Don't crash if 'force group' is added to an existing + share connection. + * BUG 13770: s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility + code. + * BUG 13803: s3: SMB1 POSIX mkdir does case insensitive name lookup. + +o Christian Ambach + * BUG 13199: s3:utils/smbget fix recursive download with empty source + directories. + +o Douglas Bagnall + * BUG 13716: samba-tool drs showrepl: Do not crash if no dnsHostName found. + +o Tim Beale + * BUG 13736: s3:libsmb: cli_smb2_list() can sometimes fail initially on a + connection. + * BUG 13747: join: Throw CommandError instead of Exception for simple errors. + * BUG 13762: ldb: Avoid inefficient one-level searches. + +o Ralph Boehme + * BUG 13736: s3: libsmb: use smb2cli_conn_max_trans_size() in + cli_smb2_list(). + * BUG 13776: tldap: Avoid use after free errors. + * BUG 13802: Fix idmap xid2sid cache churn. + * BUG 13812: access_check_max_allowed() doesn't process "Owner Rights" ACEs. + +o Günther Deschner + * BUG 13720: s3-smbd: Avoid assuming fsp is always intact after close_file + call. + * BUG 13725: s3-vfs-fruit: Add close call. + * BUG 13746: s3-smbd: Use fruit:model string for mDNS registration. + * BUG 13774: s3-vfs: add glusterfs_fuse vfs module. + +o David Disseldorp + * BUG 13766: printing: Check lp_load_printers() prior to pcap cache update. + * BUG 13807: vfs_ceph: vfs_ceph strict_allocate_ftruncate calls (local FS) + ftruncate and fallocate. + +o Philipp Gesang + * BUG 13737: lib/audit_logging: Actually create talloc. + +o Joe Guo + * BUG 13728: netcmd/user: python[3]-gpgme unsupported and replaced by + python[3]-gpg. + +o Aaron Haslett + * BUG 13738: dns: Changing onelevel search for wildcard to subtree. + +o Björn Jacke + * BUG 13721: samba-tool: Don't print backtrace on simple DNS errors. + * BUG 13759: sambaundoguididx: Use the right escaped oder unescaped sam ldb + files. + +o Volker Lendecke + * BUG 13742: ctdb: Print locks latency in machinereadable stats. + * BUG 13786: messages_dgm: Messaging gets stuck when pids are recycled. + +o Gary Lockyer + * BUG 13715: audit_logging: auth_json_audit required auth_json. + * BUG 13765: man pages: Document prefork process model. + * BUG 13773: CVE-2019-3824 ldb: Release ldb 1.4.6. + +o Stefan Metzmacher + * BUG 13697: s3:auth: ignore create_builtin_guests() failing without a valid +
[SCM] Samba Shared Repository - branch v4-8-test updated
The branch, v4-8-test has been updated via 29984beafc9 libcli/security: fix handling of deny type ACEs in access_check_max_allowed() via 05a54f9c0ef s4:torture: Add test_deny1(). via 8f77ba1b7c7 s4:torture: Add test_owner_rights_deny1(). via ebee56db540 libcli/security: correct access check and maximum access calculation for Owner Rights ACEs via b079f59768d s4:torture: Add test_owner_rights_deny(). via 72bab8d08b0 s4:torture: Fix the test_owner_rights() test to show permissions are additive. via 2fd618413db libcli/security: add "Owner Rights" calculation to access_check_max_allowed() via 7ab6b04558c s4:torture: add a Maximum Access check with an Owner Rights ACE via 021321f5a89 s4:libcli: remember return code from maximum access via 66a0bb5575d sambaundoguididx: use the right escaped oder unescaped sam ldb files from 7c476487867 vfs_ceph: remove ceph_fallocate/ceph_ftruncate fallback https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test - Log - commit 29984beafc91ef6f45884adc3a0bd4617acbc0a0 Author: Ralph Boehme Date: Fri Mar 1 18:57:23 2019 +0100 libcli/security: fix handling of deny type ACEs in access_check_max_allowed() Deny ACEs must always be evaluated against explicitly granted rights from previous ACEs. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit 8d355dd9769e8990ce998b4c9f28977669b43616) Autobuild-User(v4-8-test): Karolin Seeger Autobuild-Date(v4-8-test): Mon Mar 11 13:04:13 UTC 2019 on sn-devel-144 commit 05a54f9c0efa7cd1f1e66cec2dc26658d0cce1f2 Author: Ralph Boehme Date: Sun Mar 3 08:33:51 2019 +0100 s4:torture: Add test_deny1(). Creates a 2-element ALLOW + DENY ACE showing that when calculating effective permissions and maximum access already seen allow bits are not removed. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit b205d695d769e910a91bec87451dec189ec33740) commit 8f77ba1b7c7620910f9735681f8e357e4ed053e4 Author: Jeremy Allison Date: Thu Feb 28 14:59:01 2019 -0800 s4:torture: Add test_owner_rights_deny1(). Creates a 3-element ALLOW + ALLOW + DENY ACE showing that when calculating maximum access already seen allow bits are not removed. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme (cherry picked from commit 0ebd8c99aed28a0ba43a22c429837f66f7e94409) commit ebee56db540dbc7504bebc96d1b77e1252a536a1 Author: Ralph Boehme Date: Fri Mar 1 18:20:35 2019 +0100 libcli/security: correct access check and maximum access calculation for Owner Rights ACEs We basically must process the Owner Rights ACEs as any other ACE wrt to the order of adding granted permissions and checking denied permissions. According to MS-DTYP 2.5.3.2 Owner Rights ACEs must be evaluated in the main loop over the ACEs in an ACL and the corresponding access_mask must be directly applied to bits_remaining. We currently defer this to after the loop over the ACEs in ACL, this is wrong. We just have to do some initial magic to determine if an ACL contains and Owner Rights ACEs, and in case it doesn't we grant SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL at the *beginning*. MS-DTYP: -- the owner of an object is always granted READ_CONTROL and WRITE_DAC. CALL SidInToken(Token, SecurityDescriptor.Owner, PrincipalSelfSubst) IF SidInToken returns True THEN IF DACL does not contain ACEs from object owner THEN Remove READ_CONTROL and WRITE_DAC from RemainingAccess Set GrantedAccess to GrantedAccess or READ_CONTROL or WRITE_OWNER END IF END IF BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit 9722f75757c0e38c7f42c7cc310d56aa6eaf6392) commit b079f59768dadbca25c74c73dce442dd66171ea1 Author: Jeremy Allison Date: Thu Feb 28 14:37:09 2019 -0800 s4:torture: Add test_owner_rights_deny(). Shows that owner and SID_OWNER_RIGHTS ACE entries interact in max permissions requests. Tested against Windows. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme (cherry picked from commit fadc4c1bc5fcc3b2d9daea44ef8daf8a8ae0fbe2) commit 72bab8d08b0847dd99e7822099af4075ad23fa87 Author: Jeremy Allison Date: Thu Feb 28 13:55:31 2019 -0800 s4:torture: Fix the test_owner_rights() test to show permissions are additive. Tested
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via 43957ab96e7 libcli/security: fix handling of deny type ACEs in access_check_max_allowed() via 4fe9eff4dd6 s4:torture: Add test_deny1(). via 824a058aa92 s4:torture: Add test_owner_rights_deny1(). via b4289aa34ae libcli/security: correct access check and maximum access calculation for Owner Rights ACEs via f801b824815 s4:torture: Add test_owner_rights_deny(). via b1ce4d436a1 s4:torture: Fix the test_owner_rights() test to show permissions are additive. via 8f9858671fd libcli/security: add "Owner Rights" calculation to access_check_max_allowed() via 2a7e1bb9c03 s4:torture: add a Maximum Access check with an Owner Rights ACE via 953039c7a78 s4:libcli: remember return code from maximum access via 9dc374fee03 sambaundoguididx: use the right escaped oder unescaped sam ldb files via f8748b8bfc2 s4-server: Open and close a transaction on sam.ldb at startup from 47fb4ba84f3 vfs_ceph: remove ceph_fallocate/ceph_ftruncate fallback https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit 43957ab96e7f62c83fe3e46e7467b974ea44f99b Author: Ralph Boehme Date: Fri Mar 1 18:57:23 2019 +0100 libcli/security: fix handling of deny type ACEs in access_check_max_allowed() Deny ACEs must always be evaluated against explicitly granted rights from previous ACEs. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit 8d355dd9769e8990ce998b4c9f28977669b43616) Autobuild-User(v4-9-test): Karolin Seeger Autobuild-Date(v4-9-test): Mon Mar 11 12:25:05 UTC 2019 on sn-devel-144 commit 4fe9eff4dd63cd7aca4caa63057e27399cc3b929 Author: Ralph Boehme Date: Sun Mar 3 08:33:51 2019 +0100 s4:torture: Add test_deny1(). Creates a 2-element ALLOW + DENY ACE showing that when calculating effective permissions and maximum access already seen allow bits are not removed. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit b205d695d769e910a91bec87451dec189ec33740) commit 824a058aa92a379fb4c0078e8f4594724419d1ae Author: Jeremy Allison Date: Thu Feb 28 14:59:01 2019 -0800 s4:torture: Add test_owner_rights_deny1(). Creates a 3-element ALLOW + ALLOW + DENY ACE showing that when calculating maximum access already seen allow bits are not removed. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme (cherry picked from commit 0ebd8c99aed28a0ba43a22c429837f66f7e94409) commit b4289aa34ae88c28a4b68214e33c57abc98e2f7a Author: Ralph Boehme Date: Fri Mar 1 18:20:35 2019 +0100 libcli/security: correct access check and maximum access calculation for Owner Rights ACEs We basically must process the Owner Rights ACEs as any other ACE wrt to the order of adding granted permissions and checking denied permissions. According to MS-DTYP 2.5.3.2 Owner Rights ACEs must be evaluated in the main loop over the ACEs in an ACL and the corresponding access_mask must be directly applied to bits_remaining. We currently defer this to after the loop over the ACEs in ACL, this is wrong. We just have to do some initial magic to determine if an ACL contains and Owner Rights ACEs, and in case it doesn't we grant SEC_STD_WRITE_DAC | SEC_STD_READ_CONTROL at the *beginning*. MS-DTYP: -- the owner of an object is always granted READ_CONTROL and WRITE_DAC. CALL SidInToken(Token, SecurityDescriptor.Owner, PrincipalSelfSubst) IF SidInToken returns True THEN IF DACL does not contain ACEs from object owner THEN Remove READ_CONTROL and WRITE_DAC from RemainingAccess Set GrantedAccess to GrantedAccess or READ_CONTROL or WRITE_OWNER END IF END IF BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit 9722f75757c0e38c7f42c7cc310d56aa6eaf6392) commit f801b824815ca310731dd9243ab091af3a2d9802 Author: Jeremy Allison Date: Thu Feb 28 14:37:09 2019 -0800 s4:torture: Add test_owner_rights_deny(). Shows that owner and SID_OWNER_RIGHTS ACE entries interact in max permissions requests. Tested against Windows. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme (cherry picked from commit fadc4c1bc5fcc3b2d9daea44ef8daf8a8ae0fbe2) commit b1ce4d436a122e0fc15bc41219839fd74941b87c Author: Jeremy Allison Date: Thu Feb 28 13:55:31 2019 -0800 s4:t
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via 5c2a243d3e7 CI: don't use swap via 7bd135d25d6 s4/scripting/bin: open unicode files with utf8 encoding and write unicode string via 5d0e2bf8190 libcli/security: fix handling of deny type ACEs in access_check_max_allowed() via cc7629a20e9 s4:torture: Add test_deny1(). via c9b6b7ed4be s4:torture: Add test_owner_rights_deny1(). via 1dc2e296f17 libcli/security: correct access check and maximum access calculation for Owner Rights ACEs via 3026c1a36c3 s4:torture: Add test_owner_rights_deny(). via 63f0db77204 s4:torture: Fix the test_owner_rights() test to show permissions are additive. via 7e95499d39a libcli/security: add "Owner Rights" calculation to access_check_max_allowed() via ac08949dcdf s4:torture: add a Maximum Access check with an Owner Rights ACE via 3b52cba505a s4:libcli: remember return code from maximum access via 49bac77e789 autobuild: Add -py2 tests for new split backup/restore testenvs via 9f85efa76d3 autobuild: Split backup/restore testenvs out into separate job via ea33a7b0911 sambaundoguididx: use the right escaped oder unescaped sam ldb files via 2f4d8214601 s4-server: Open and close a transaction on sam.ldb at startup from 0e80b245bf4 WHATSNEW: mention new vfs_glusterfs_fuse module https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit 5c2a243d3e74c2c7c82e2ae63010f59f77757aea Author: Ralph Boehme Date: Sun Mar 3 22:09:26 2019 +0100 CI: don't use swap Signed-off-by: Ralph Boehme Reviewed-by: Andreas Schneider Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Mon Mar 4 13:59:42 UTC 2019 on sn-devel-144 (adapted from from commit 7798bc14fbdae3461eb30421923d53978b3f781d by Andrew Bartlett) Autobuild-User(v4-10-test): Karolin Seeger Autobuild-Date(v4-10-test): Mon Mar 11 11:50:37 UTC 2019 on sn-devel-144 commit 7bd135d25d67c96b92f732bee1d4acad67db241c Author: Joe Guo Date: Wed Jan 30 15:52:08 2019 +1300 s4/scripting/bin: open unicode files with utf8 encoding and write unicode string In files like `libcli/util/werror_err_table.txt` and `libcli/util/ntstatus_err_table.txt`, there were unicode quote symbols at line 6: ...(“this documentation”)... In `libcli/util/wscript_build`, it will run `gen_werror.py` and `gen_ntstatus.py` to `open` above files, read content from them and write to other files. When encoding not specified, `open` in both python 2/3 will guess encoding from locale. When locale is not set, it defaults to POSIX or C, and then python will use encoding `ANSI_X3.4-1968`. So, on a system locale is not set, `make` will fail with encoding error for both python 2 and 3: File "/home/ubuntu/samba/source4/scripting/bin/gen_werror.py", line 139, in main errors = parseErrorDescriptions(input_file, True, transformErrorName) File "/home/ubuntu/samba/source4/scripting/bin/gen_error_common.py", line 52, in parseErrorDescriptions for line in file_contents: File "/usr/lib/python3.5/encodings/ascii.py", line 26, in decode return codecs.ascii_decode(input, self.errors)[0] UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 318: ordinal not in range(128) In this case, we have to use `io.open` with `encoding='utf8'`. However, then we got unicode strs and try to write them with other strs into new file, which means the new file must also open with utf-8 and all other strs have to be unicode, too. Instead of prefix `u` to all strs, a more easier/elegant way is to enable unicode literals for the python scripts, which we normally didn't do in samba. Since both `gen_werror.py` and `gen_ntstatus.py` are bin scripts and no other modules import them, it should be ok for this case. Signed-off-by: Joe Guo Autobuild-User(master): Douglas Bagnall Autobuild-Date(master): Fri Feb 8 06:34:47 CET 2019 on sn-devel-144 (cherry picked from commit 87149445af26b8577566dfe5e311b32e3650c6e6) commit 5d0e2bf81901013f4052094bca180717a5213f16 Author: Ralph Boehme Date: Fri Mar 1 18:57:23 2019 +0100 libcli/security: fix handling of deny type ACEs in access_check_max_allowed() Deny ACEs must always be evaluated against explicitly granted rights from previous ACEs. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit 8d355dd9769e8990ce998b4c9f28977669b43616) commit cc7629a20e93408f79a8522f2c482c7258afc18c Author: Ral
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via 0e80b245bf4 WHATSNEW: mention new vfs_glusterfs_fuse module from 9169e9722d6 VERSION: Bump version up to 4.10.0rc5... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit 0e80b245bf4af890f275f1cc7409063983a12a78 Author: Günther Deschner Date: Fri Feb 22 15:44:59 2019 +0100 WHATSNEW: mention new vfs_glusterfs_fuse module Guenther Signed-off-by: Guenther Deschner Autobuild-User(v4-10-test): Karolin Seeger Autobuild-Date(v4-10-test): Wed Mar 6 14:00:05 UTC 2019 on sn-devel-144 --- Summary of changes: WHATSNEW.txt | 13 + 1 file changed, 13 insertions(+) Changeset truncated at 500 lines: diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 875d168e749..f2eff485c8c 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -194,6 +194,19 @@ DC that had SMBv1 disabled. SMBv2 support has now been added for samba-tool. The affected commands are 'samba-tool domain backup|rename' and the 'samba-tool gpo' set of commands. Refer also bug #13676. +New glusterfs_fuse VFS module +- + +The new vfs_glusterfs_fuse module improves performance when Samba +accesses a glusterfs volume mounted via FUSE (Filesystem in Userspace +as part of the Linux kernel). It achieves that by leveraging a +mechanism to retrieve the appropriate case of filenames by querying a +specific extended attribute in the filesystem. No extra configuration +is required to use this module, only glusterfs_fuse needs to be set in +the "vfs objects" parameter. Further details can be found in the +vfs_glusterfs_fuse(8) manpage. This new vfs_glusterfs_fuse module does +not replace the existing vfs_glusterfs module, it just provides an +additional, alternative mechanism to access a Gluster volume. REMOVED FEATURES -- Samba Shared Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 9843326 NEWS[4.10.0rc4]: Samba 4.10.0rc4 Available for Download from 61d0721 NEWS[4.10.0rc3]: Samba 4.10.0rc3 Available for Download https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 984332667210cfe4a3fa88ec66a8d09e97b6785e Author: Karolin Seeger Date: Wed Mar 6 09:23:44 2019 +0100 NEWS[4.10.0rc4]: Samba 4.10.0rc4 Available for Download Signed-off-by: Karolin Seeger --- Summary of changes: posted_news/20190306-083205.4.10.0rc4.body.html | 12 posted_news/20190306-083205.4.10.0rc4.headline.html | 3 +++ 2 files changed, 15 insertions(+) create mode 100644 posted_news/20190306-083205.4.10.0rc4.body.html create mode 100644 posted_news/20190306-083205.4.10.0rc4.headline.html Changeset truncated at 500 lines: diff --git a/posted_news/20190306-083205.4.10.0rc4.body.html b/posted_news/20190306-083205.4.10.0rc4.body.html new file mode 100644 index 000..fdb9557 --- /dev/null +++ b/posted_news/20190306-083205.4.10.0rc4.body.html @@ -0,0 +1,12 @@ + +06 March 2019 +Samba 4.10.0rc4 Available for Download + +This is the fourth release candidate of the upcoming Samba 4.10 release series. + + +The uncompressed tarball has been signed using GnuPG (ID 6F33915B6568B7EA). +The source code can be https://download.samba.org/pub/samba/rc/samba-4.10.0rc4.tar.gz";>downloaded now. +See https://download.samba.org/pub/samba/rc/samba-4.10.0rc4.WHATSNEW.txt";>the release notes for more info. + + diff --git a/posted_news/20190306-083205.4.10.0rc4.headline.html b/posted_news/20190306-083205.4.10.0rc4.headline.html new file mode 100644 index 000..e4364df --- /dev/null +++ b/posted_news/20190306-083205.4.10.0rc4.headline.html @@ -0,0 +1,3 @@ + + 06 March 2019 Samba 4.10.0rc4 Available for Download + -- Samba Website Repository
[SCM] Samba Shared Repository - branch v4-10-stable updated
The branch, v4-10-stable has been updated via e399a0209f4 VERSION: Disable GIT_SNAPSHOT for the 4.10.0rc4 release. via 74aa2abf861 WHATSNEW: Add release notes for Samba 4.10.0rc4. via a65f7b71a25 WHATSNEW: Add some detail on the changes to paged results via 3fe0c3031e6 fix samba-tool gpo backup syntax in WHATSNEW.txt via 19b2885de7c vfs_ceph: remove ceph_fallocate/ceph_ftruncate fallback via 3332a895ed1 vfs_ceph: fix strict_allocate_ftruncate() via 0a784f28b46 vfs_ceph: add missing fallocate hook via 0c034112280 s3: smbd: filenames - ensure we replace the missing '/' if we error in an intermediate POSIX path. via b58c6f1f8b0 s3: torture: Add additional POSIX mkdir tests. via 179db55a3bb smbd: unix_convert: Ensure we don't call get_real_filename on POSIX paths. via 230c557e2f7 smbd: SMB1-POSIX: Add missing info-level SMB_POSIX_PATH_OPEN for UCF_UNIX_NAME_LOOKUP flag. via f765b515814 s3: smbtorture3: Add POSIX-MKDIR test for posix_mkdir case sensitive bug. via ce4c9c40fab winbindd: set idmap cache entries as the last step in async wb_xids2sids via 3b9ef9090a9 winbindd: track whether a result from xid2sid was coming from the cache via 3577293313c winbindd: switch send-next/done order via e9ffadb2b21 winbindd: update xid in wb_xids2sids_state->xids with what we got via 406a1cdff42 winbindd: convert id to a pointer in wb_xids2sids_dom_done() via f877231507e winbindd: make xids a const argument to wb_xids2sids_send() via 07820a3144f winbindd: make a copy of xid's in wb_xids2sids_send() via e0720c16c43 ctdb-cluster-mutex: Separate out command and file handling via c39430b0ae6 ctdb-tests: Add a test for configuring the recovery lock as a command via 75fcaea7251 ctdb-tests: Add -R option for local daemons to use recovery lock command via 6ac45076549 ctdb-tests: Force test failure if local daemon setup fails via d7fe81405aa ctdb-recoverd: Time out attempt to take recovery lock after 120s via bf774b81051 ctdb-recoverd: Ban node on unknown error when taking recovery lock via 5a060f07469 ctdb-recoverd: Make recoverd context available in recovery lock handle via 04baa822c40 ctdb-recoverd: Clean up logging on failure to take recovery lock via 6ee34859e86 ctdb-recoverd: Free cluster mutex handler on failure to take lock via a4a8351c1f3 ctdb-tests: Add test for ctdb_io.c via 8d28f78bfd7 ctdb: buffer write beyond limits via b69bb1f7619 ctdb-config: Change example recovery lock setting to one that fails via caf15a440a2 messages_dgm: Properly handle receiver re-initialization via d3a84988073 torture3: Extend read3 for the "messaging target re-inits" failure via 5b7e33f0556 messages_dgm: Use saved errno value via da238723afe man pages: document prefork process model via a2f740691a7 notifyd: Fix SIGBUS on sparc via 97fcdfb58a7 CVE-2019-3824 ldb: version 1.5.4 via 21a44989274 CVE-2019-3824 ldb: Add tests for ldb_wildcard_match via aecd14f8bdc CVE-2019-3824 ldb: wildcard_match end of data check via 41fd2cde0c7 CVE-2019-3824 ldb: wildcard_match check tree operation via 9a0ace32390 CVE-2019-3824 ldb: ldb_parse_tree use talloc_zero via 4cd0abe3c70 CVE-2019-3824 ldb: Improve code style and layout in wildcard processing via e9afae48efa CVE-2019-3824 ldb: Extra comments to clarify no pointer wrap in wildcard processing via aa13a46221a CVE-2019-3824 ldb: Out of bound read in ldb_wildcard_compare via bfa9353ce1d ldb: The test api.py should not rely on order of entries in dict via 942822e7165 lib:ldb: Use correct C99 initializer for 'struct tm' via d16b81cf586 lib:ldb: Use C99 initializer for tdb_logging_context via 7d0902c2a2b lib:ldb: Use C99 initializer for PyGetSetDef in pyldb via 0da2d830806 tevent: version 0.9.39 via f868654638a py_tevent: add_timer takes float argument via 6b125f6ce2d lib:tevent: Use correct C99 initializer for tevent_req via 7bc0d67e2f5 talloc: version 2.1.16 via dd2ec6de72d tdb: version 1.3.18 via 0130b999d2a lib:tdb: Use C99 initializer for tdb_logging_context via a5284f9ce32 lib:tdb: Use C99 initializer for tdb_header via b6bb285d9a9 lib:tdb: Use C99 initializer for PyGetSetDef in pytdb via 50be2c58274 tdb: Fix compatibility of wscript with older python via ba5a93c860a Search for location of waf script via fb1d5988e30 buildtools/wafsamba: Avoid decode when using python2 via 9dde00c3e0a VERSION: Bump version up to 4.10.0rc4... from 3d91947b53e VERSION: Disable GIT_SNAPSHOT for the 4.10.0rc3 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-stable - Log --
[SCM] Samba Shared Repository - annotated tag samba-4.10.0rc4 created
The annotated tag, samba-4.10.0rc4 has been created at a88ce5a6189bf237df4cd2650bee3eefac134f84 (tag) tagging e399a0209f4607ddaaec2ba8f6efd56149495652 (commit) replaces ldb-1.5.4 tagged by Karolin Seeger on Wed Mar 6 09:23:31 2019 +0100 - Log - samba: tag release samba-4.10.0rc4 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXH+DgwAKCRBvM5FbZWi3 6iw/AJ0ZlzvJNWLW6kRFwXdhqpH7HsOobwCeJFSOW3euC+aqcLsKhtYW0doD/X8= =96sB -END PGP SIGNATURE- Christof Schmitt (1): ctdb-tests: Add test for ctdb_io.c David Disseldorp (3): vfs_ceph: add missing fallocate hook vfs_ceph: fix strict_allocate_ftruncate() vfs_ceph: remove ceph_fallocate/ceph_ftruncate fallback Denis Cardon (1): fix samba-tool gpo backup syntax in WHATSNEW.txt Garming Sam (1): WHATSNEW: Add some detail on the changes to paged results Gary Lockyer (1): man pages: document prefork process model Jeremy Allison (5): s3: smbtorture3: Add POSIX-MKDIR test for posix_mkdir case sensitive bug. smbd: SMB1-POSIX: Add missing info-level SMB_POSIX_PATH_OPEN for UCF_UNIX_NAME_LOOKUP flag. smbd: unix_convert: Ensure we don't call get_real_filename on POSIX paths. s3: torture: Add additional POSIX mkdir tests. s3: smbd: filenames - ensure we replace the missing '/' if we error in an intermediate POSIX path. Jiří Šašek (1): notifyd: Fix SIGBUS on sparc Karolin Seeger (2): WHATSNEW: Add release notes for Samba 4.10.0rc4. VERSION: Disable GIT_SNAPSHOT for the 4.10.0rc4 release. Martin Schwenke (10): ctdb-config: Change example recovery lock setting to one that fails ctdb-recoverd: Free cluster mutex handler on failure to take lock ctdb-recoverd: Clean up logging on failure to take recovery lock ctdb-recoverd: Make recoverd context available in recovery lock handle ctdb-recoverd: Ban node on unknown error when taking recovery lock ctdb-recoverd: Time out attempt to take recovery lock after 120s ctdb-tests: Force test failure if local daemon setup fails ctdb-tests: Add -R option for local daemons to use recovery lock command ctdb-tests: Add a test for configuring the recovery lock as a command ctdb-cluster-mutex: Separate out command and file handling Ralph Boehme (7): winbindd: make a copy of xid's in wb_xids2sids_send() winbindd: make xids a const argument to wb_xids2sids_send() winbindd: convert id to a pointer in wb_xids2sids_dom_done() winbindd: update xid in wb_xids2sids_state->xids with what we got winbindd: switch send-next/done order winbindd: track whether a result from xid2sid was coming from the cache winbindd: set idmap cache entries as the last step in async wb_xids2sids Swen Schillig (1): ctdb: buffer write beyond limits Volker Lendecke (3): messages_dgm: Use saved errno value torture3: Extend read3 for the "messaging target re-inits" failure messages_dgm: Properly handle receiver re-initialization --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via 9169e9722d6 VERSION: Bump version up to 4.10.0rc5... via e399a0209f4 VERSION: Disable GIT_SNAPSHOT for the 4.10.0rc4 release. via 74aa2abf861 WHATSNEW: Add release notes for Samba 4.10.0rc4. via a65f7b71a25 WHATSNEW: Add some detail on the changes to paged results via 3fe0c3031e6 fix samba-tool gpo backup syntax in WHATSNEW.txt via 19b2885de7c vfs_ceph: remove ceph_fallocate/ceph_ftruncate fallback via 3332a895ed1 vfs_ceph: fix strict_allocate_ftruncate() via 0a784f28b46 vfs_ceph: add missing fallocate hook via 0c034112280 s3: smbd: filenames - ensure we replace the missing '/' if we error in an intermediate POSIX path. via b58c6f1f8b0 s3: torture: Add additional POSIX mkdir tests. via 179db55a3bb smbd: unix_convert: Ensure we don't call get_real_filename on POSIX paths. via 230c557e2f7 smbd: SMB1-POSIX: Add missing info-level SMB_POSIX_PATH_OPEN for UCF_UNIX_NAME_LOOKUP flag. via f765b515814 s3: smbtorture3: Add POSIX-MKDIR test for posix_mkdir case sensitive bug. via ce4c9c40fab winbindd: set idmap cache entries as the last step in async wb_xids2sids via 3b9ef9090a9 winbindd: track whether a result from xid2sid was coming from the cache via 3577293313c winbindd: switch send-next/done order via e9ffadb2b21 winbindd: update xid in wb_xids2sids_state->xids with what we got via 406a1cdff42 winbindd: convert id to a pointer in wb_xids2sids_dom_done() via f877231507e winbindd: make xids a const argument to wb_xids2sids_send() via 07820a3144f winbindd: make a copy of xid's in wb_xids2sids_send() via e0720c16c43 ctdb-cluster-mutex: Separate out command and file handling via c39430b0ae6 ctdb-tests: Add a test for configuring the recovery lock as a command via 75fcaea7251 ctdb-tests: Add -R option for local daemons to use recovery lock command via 6ac45076549 ctdb-tests: Force test failure if local daemon setup fails via d7fe81405aa ctdb-recoverd: Time out attempt to take recovery lock after 120s via bf774b81051 ctdb-recoverd: Ban node on unknown error when taking recovery lock via 5a060f07469 ctdb-recoverd: Make recoverd context available in recovery lock handle via 04baa822c40 ctdb-recoverd: Clean up logging on failure to take recovery lock via 6ee34859e86 ctdb-recoverd: Free cluster mutex handler on failure to take lock via a4a8351c1f3 ctdb-tests: Add test for ctdb_io.c via 8d28f78bfd7 ctdb: buffer write beyond limits via b69bb1f7619 ctdb-config: Change example recovery lock setting to one that fails via caf15a440a2 messages_dgm: Properly handle receiver re-initialization via d3a84988073 torture3: Extend read3 for the "messaging target re-inits" failure via 5b7e33f0556 messages_dgm: Use saved errno value via da238723afe man pages: document prefork process model via a2f740691a7 notifyd: Fix SIGBUS on sparc from 97fcdfb58a7 CVE-2019-3824 ldb: version 1.5.4 https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit 9169e9722d65209a4fcb22a63823a813e9690f0f Author: Karolin Seeger Date: Tue Mar 5 11:21:02 2019 +0100 VERSION: Bump version up to 4.10.0rc5... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger Autobuild-User(v4-10-test): Karolin Seeger Autobuild-Date(v4-10-test): Wed Mar 6 00:34:53 UTC 2019 on sn-devel-144 commit e399a0209f4607ddaaec2ba8f6efd56149495652 Author: Karolin Seeger Date: Tue Mar 5 11:20:16 2019 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.10.0rc4 release. Signed-off-by: Karolin Seeger commit 74aa2abf8614a0a5f6352959d4fc5af61cf1df8e Author: Karolin Seeger Date: Tue Mar 5 11:19:43 2019 +0100 WHATSNEW: Add release notes for Samba 4.10.0rc4. Signed-off-by: Karolin Seeger commit a65f7b71a2533b393e4d150fc1d0b07576dd95a0 Author: Garming Sam Date: Thu Feb 28 16:21:57 2019 +1300 WHATSNEW: Add some detail on the changes to paged results Signed-off-by: Garming Sam commit 3fe0c3031e6cc4848e069c7ab916ac79d7f2692c Author: Denis Cardon Date: Fri Feb 15 15:35:46 2019 +0100 fix samba-tool gpo backup syntax in WHATSNEW.txt Signed-off-by: Denis Cardon commit 19b2885de7c0ea8ea720603238a40f1f15e895e0 Author: David Disseldorp Date: Wed Feb 27 11:52:42 2019 +0100 vfs_ceph: remove ceph_fallocate/ceph_ftruncate fallback Both libcephfs functions are supported and capable of extending files, so fallback can be dropped. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13807 Signed-off-by: David Disseldorp Reviewed-by: Guenther Deschner (cherry picked from commit 155f128
[SCM] Samba Shared Repository - branch v4-8-test updated
The branch, v4-8-test has been updated via 7c476487867 vfs_ceph: remove ceph_fallocate/ceph_ftruncate fallback via c539cf176a6 vfs_ceph: fix strict_allocate_ftruncate() via cf279fbdd53 vfs_ceph: add missing fallocate hook via 03e4555f344 s3: smbd: filenames - ensure we replace the missing '/' if we error in an intermediate POSIX path. via c249c88cdb7 s3: torture: Add additional POSIX mkdir tests. via 1ca055cb13b smbd: unix_convert: Ensure we don't call get_real_filename on POSIX paths. via 8d407971129 smbd: SMB1-POSIX: Add missing info-level SMB_POSIX_PATH_OPEN for UCF_UNIX_NAME_LOOKUP flag. via 3060221960b s3: smbtorture3: Add POSIX-MKDIR test for posix_mkdir case sensitive bug. via 89c3db2e9bb winbindd: set idmap cache entries as the last step in async wb_xids2sids via 29e16f4737c winbindd: track whether a result from xid2sid was coming from the cache via 447b0ad3a95 winbindd: switch send-next/done order via 19d06f27688 winbindd: update xid in wb_xids2sids_state->xids with what we got via 3197810fe1f winbindd: convert id to a pointer in wb_xids2sids_dom_done() via 8234ef264a7 winbindd: make xids a const argument to wb_xids2sids_send() via a76277af385 winbindd: make a copy of xid's in wb_xids2sids_send() via 0f1525d430e messages_dgm: Properly handle receiver re-initialization via e2b7d3ff627 torture3: Extend read3 for the "messaging target re-inits" failure via 069dd7189c1 messages_dgm: Use saved errno value via 1cb278ddaea notifyd: Fix SIGBUS on sparc from 8be2836cd82 PVE-2019-3824 ldb: Release ldb 1.3.8 https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test - Log - commit 7c476487867e5dc83b9e844db7be4c3d358fc006 Author: David Disseldorp Date: Wed Feb 27 11:52:42 2019 +0100 vfs_ceph: remove ceph_fallocate/ceph_ftruncate fallback Both libcephfs functions are supported and capable of extending files, so fallback can be dropped. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13807 Signed-off-by: David Disseldorp Reviewed-by: Guenther Deschner (cherry picked from commit 155f1289ba7a4802fbb99fbc9ea90d8bc6cff0c9) [dd...@samba.org: rebase atop 48t without 532ff3a5b958] Autobuild-User(v4-8-test): Karolin Seeger Autobuild-Date(v4-8-test): Tue Mar 5 13:01:15 UTC 2019 on sn-devel-144 commit c539cf176a669e54ccddefa6b57a9285d12c93a9 Author: David Disseldorp Date: Tue Feb 26 16:07:27 2019 +0100 vfs_ceph: fix strict_allocate_ftruncate() The vfs_ceph "strict allocate = yes" ftruncate wrapper may attempt *local* filesystem ftruncate(). Fix this. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13807 Signed-off-by: David Disseldorp Reviewed-by: Guenther Deschner (cherry picked from commit 70329c36ed91dd0e50ff66f9b0a85c62ac8a621e) commit cf279fbdd531d4cab9cb0e6b8341e6cb1bbd9978 Author: David Disseldorp Date: Tue Feb 26 21:26:27 2019 +0100 vfs_ceph: add missing fallocate hook SMB_VFS_FALLOCATE() calls atop a vfs_ceph share currently fall through to vfs_default, which results in a local filesystem I/O attempt using a libcephfs file-descriptor. Add the missing fallocate hook to vfs_ceph. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13807 Signed-off-by: David Disseldorp Reviewed-by: Guenther Deschner (cherry picked from commit 5a7e7280813559fb70a9fc8e4238cb6015ee3b53) commit 03e4555f344e6806c80fefc8cf00a08d6ea2766e Author: Jeremy Allison Date: Sun Feb 24 08:15:23 2019 -0800 s3: smbd: filenames - ensure we replace the missing '/' if we error in an intermediate POSIX path. Previous regression test ensures we still return the correct error code for POSIX pathname operations. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13803 Signed-off-by: Jeremy Allison Reviewed-by: Volker Lendecke Autobuild-User(master): Volker Lendecke Autobuild-Date(master): Mon Feb 25 09:33:27 CET 2019 on sn-devel-144 (cherry picked from commit 3f1a13a94a753c5cb3b9f2cf795df5adb0f74205) commit c249c88cdb731026da04819e165717bb89278a42 Author: Jeremy Allison Date: Sun Feb 24 08:03:32 2019 -0800 s3: torture: Add additional POSIX mkdir tests. Ensure that if POSIX_foo exists as a file we return the correct error code NT_STATUS_OBJECT_PATH_NOT_FOUND if we try and traverse it as a directory. Also ensure creation/deletion of POSIX_foo/foo fails for directories and files with NT_STATUS_OBJECT_PATH_NOT_FOUND if the directory POSIX_foo/ doesn't exist. knownfail is back :-). BUG: https://bugzilla.samba.org/show_bug.cgi?id=13803 Signed-off-by: Jeremy Allison Re
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via 47fb4ba84f3 vfs_ceph: remove ceph_fallocate/ceph_ftruncate fallback via ba75d5f4839 vfs_ceph: fix strict_allocate_ftruncate() via 15ef70cb53a vfs_ceph: add missing fallocate hook via 13bf811858f s3: smbd: filenames - ensure we replace the missing '/' if we error in an intermediate POSIX path. via ffb706ddbce s3: torture: Add additional POSIX mkdir tests. via 4b58042f3fa smbd: unix_convert: Ensure we don't call get_real_filename on POSIX paths. via fe4254ef4e1 smbd: SMB1-POSIX: Add missing info-level SMB_POSIX_PATH_OPEN for UCF_UNIX_NAME_LOOKUP flag. via f59064f8a96 s3: smbtorture3: Add POSIX-MKDIR test for posix_mkdir case sensitive bug. via 53dfd92b82e winbindd: set idmap cache entries as the last step in async wb_xids2sids via 9c36a6dd16a winbindd: track whether a result from xid2sid was coming from the cache via b6587172d0c winbindd: switch send-next/done order via 06862c77d5c winbindd: update xid in wb_xids2sids_state->xids with what we got via 4cf7bddc645 winbindd: convert id to a pointer in wb_xids2sids_dom_done() via 577ac999fbd winbindd: make xids a const argument to wb_xids2sids_send() via 915aff6fe7c winbindd: make a copy of xid's in wb_xids2sids_send() via eb16d3b7bc1 ctdb-cluster-mutex: Separate out command and file handling via 65c3c5801ff ctdb-recoverd: Time out attempt to take recovery lock after 120s via 4c059e03ef7 ctdb-recoverd: Ban node on unknown error when taking recovery lock via fd9a02c0bb2 ctdb-recoverd: Make recoverd context available in recovery lock handle via f63f2a0ee39 ctdb-recoverd: Clean up logging on failure to take recovery lock via fb8c3bd8995 ctdb-recoverd: Free cluster mutex handler on failure to take lock via 592f02112bb ctdb-config: Change example recovery lock setting to one that fails via ad3751b5a51 messages_dgm: Properly handle receiver re-initialization via 9dd1b416654 torture3: Extend read3 for the "messaging target re-inits" failure via 6bea9304998 messages_dgm: Use saved errno value via 6a38b9917b2 man pages: document prefork process model via ab66f70056c notifyd: Fix SIGBUS on sparc from 2bbd2dcf282 CVE-2019-3824 ldb: Release ldb 1.4.6 https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit 47fb4ba84f307f1a89a0821276be26caab1826d9 Author: David Disseldorp Date: Wed Feb 27 11:52:42 2019 +0100 vfs_ceph: remove ceph_fallocate/ceph_ftruncate fallback Both libcephfs functions are supported and capable of extending files, so fallback can be dropped. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13807 Signed-off-by: David Disseldorp Reviewed-by: Guenther Deschner (cherry picked from commit 155f1289ba7a4802fbb99fbc9ea90d8bc6cff0c9) Autobuild-User(v4-9-test): Karolin Seeger Autobuild-Date(v4-9-test): Mon Mar 4 15:02:26 UTC 2019 on sn-devel-144 commit ba75d5f483911b0f44828a0e9cfc35cfd7dfe4c6 Author: David Disseldorp Date: Tue Feb 26 16:07:27 2019 +0100 vfs_ceph: fix strict_allocate_ftruncate() The vfs_ceph "strict allocate = yes" ftruncate wrapper may attempt *local* filesystem ftruncate(). Fix this. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13807 Signed-off-by: David Disseldorp Reviewed-by: Guenther Deschner (cherry picked from commit 70329c36ed91dd0e50ff66f9b0a85c62ac8a621e) commit 15ef70cb53a038847f424a7881bcbc09f8e0a80f Author: David Disseldorp Date: Tue Feb 26 21:26:27 2019 +0100 vfs_ceph: add missing fallocate hook SMB_VFS_FALLOCATE() calls atop a vfs_ceph share currently fall through to vfs_default, which results in a local filesystem I/O attempt using a libcephfs file-descriptor. Add the missing fallocate hook to vfs_ceph. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13807 Signed-off-by: David Disseldorp Reviewed-by: Guenther Deschner (cherry picked from commit 5a7e7280813559fb70a9fc8e4238cb6015ee3b53) commit 13bf811858fe41f30960871b0618b3c53cacf1dc Author: Jeremy Allison Date: Sun Feb 24 08:15:23 2019 -0800 s3: smbd: filenames - ensure we replace the missing '/' if we error in an intermediate POSIX path. Previous regression test ensures we still return the correct error code for POSIX pathname operations. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13803 Signed-off-by: Jeremy Allison Reviewed-by: Volker Lendecke Autobuild-User(master): Volker Lendecke Autobuild-Date(master): Mon Feb 25 09:33:27 CET 2019 on sn-devel-144 (cherry picked from commit 3f1a13a94a753c5cb3b9f2cf795df5adb0f74205) commit ff
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via fb1d5988e30 buildtools/wafsamba: Avoid decode when using python2 from 9dde00c3e0a VERSION: Bump version up to 4.10.0rc4... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit fb1d5988e30fffe9c4965b3112b9f43fdbf5ec33 Author: Noel Power Date: Wed Feb 6 15:27:41 2019 + buildtools/wafsamba: Avoid decode when using python2 To avoid problematic type checking for 'str' types which fail when result from str.decode is used. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13777 Signed-off-by: Noel Power Reviewed-by: Andrew Bartlett (cherry picked from commit 244e2a02796b2ee85b9db01cbea7043a7448a110) Autobuild-User(v4-10-test): Karolin Seeger Autobuild-Date(v4-10-test): Fri Feb 22 13:44:34 CET 2019 on sn-devel-144 --- Summary of changes: buildtools/wafsamba/samba_abi.py | 2 +- buildtools/wafsamba/samba_conftests.py | 6 +++--- buildtools/wafsamba/samba_cross.py | 3 ++- buildtools/wafsamba/samba_dist.py | 4 ++-- buildtools/wafsamba/samba_perl.py | 4 ++-- buildtools/wafsamba/samba_utils.py | 32 buildtools/wafsamba/samba_version.py | 2 +- 7 files changed, 43 insertions(+), 10 deletions(-) Changeset truncated at 500 lines: diff --git a/buildtools/wafsamba/samba_abi.py b/buildtools/wafsamba/samba_abi.py index 80db7f87be5..5e7686da3d6 100644 --- a/buildtools/wafsamba/samba_abi.py +++ b/buildtools/wafsamba/samba_abi.py @@ -85,7 +85,7 @@ def abi_check_task(self): libpath = self.inputs[0].abspath(self.env) libname = os.path.basename(libpath) -sigs = Utils.cmd_output([abi_gen, libpath]).decode('utf8') +sigs = samba_utils.get_string(Utils.cmd_output([abi_gen, libpath])) parsed_sigs = parse_sigs(sigs, self.ABI_MATCH) sig_file = self.ABI_FILE diff --git a/buildtools/wafsamba/samba_conftests.py b/buildtools/wafsamba/samba_conftests.py index c0b9ae49296..7d9b5316902 100644 --- a/buildtools/wafsamba/samba_conftests.py +++ b/buildtools/wafsamba/samba_conftests.py @@ -4,7 +4,7 @@ import os, shutil, re from waflib import Build, Configure, Utils, Options, Logs, Errors from waflib.Configure import conf -from samba_utils import TO_LIST, ADD_LD_LIBRARY_PATH +from samba_utils import TO_LIST, ADD_LD_LIBRARY_PATH, get_string def add_option(self, *k, **kw): @@ -418,7 +418,7 @@ def CHECK_COMMAND(conf, cmd, msg=None, define=None, on_target=True, boolean=Fals if on_target: cmd.extend(conf.SAMBA_CROSS_ARGS(msg=msg)) try: -ret = Utils.cmd_output(cmd).decode('utf8') +ret = get_string(Utils.cmd_output(cmd)) except: conf.COMPOUND_END(False) return False @@ -508,7 +508,7 @@ def CHECK_STANDARD_LIBPATH(conf): # at least gcc and clang support this: try: cmd = conf.env.CC + ['-print-search-dirs'] -out = Utils.cmd_output(cmd).decode('utf8').split('\n') +out = get_string(Utils.cmd_output(cmd)).split('\n') except ValueError: # option not supported by compiler - use a standard list of directories dirlist = [ '/usr/lib', '/usr/lib64' ] diff --git a/buildtools/wafsamba/samba_cross.py b/buildtools/wafsamba/samba_cross.py index f9c4b10e82b..8863c2c53e7 100644 --- a/buildtools/wafsamba/samba_cross.py +++ b/buildtools/wafsamba/samba_cross.py @@ -3,6 +3,7 @@ import os, sys, re, shlex from waflib import Utils, Logs, Options, Errors, Context from waflib.Configure import conf +from wafsamba import samba_utils real_Popen = None @@ -121,7 +122,7 @@ class cross_Popen(Utils.subprocess.Popen): stdout=Utils.subprocess.PIPE, stderr=Utils.subprocess.PIPE) ce_out, ce_err = p.communicate() -ans = (p.returncode, ce_out.decode('utf8')) +ans = (p.returncode, samba_utils.get_string(ce_out)) add_answer(ca_file, msg, ans) else: args = newargs diff --git a/buildtools/wafsamba/samba_dist.py b/buildtools/wafsamba/samba_dist.py index c3144e9adf7..6af7bb4eaff 100644 --- a/buildtools/wafsamba/samba_dist.py +++ b/buildtools/wafsamba/samba_dist.py @@ -4,7 +4,7 @@ import os, sys, tarfile from waflib import Utils, Scripting, Logs, Options from waflib.Configure import conf -from samba_utils import os_path_relpath +from samba_utils import os_path_relpath, get_string from waflib import Context dist_dirs = None @@ -119,7 +119,7 @@ def vcs_dir_contents(path): repo = os.path.dirname(repo) if repo == "/": raise Exception("unsupported or no vcs for %s" % path) -ret
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 61d0721 NEWS[4.10.0rc3]: Samba 4.10.0rc3 Available for Download from faa03b5 Add Samba 4.8.9. https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 61d07214e35edf1b2d7b224277d2730f1b5c4c29 Author: Karolin Seeger Date: Fri Feb 22 09:03:53 2019 +0100 NEWS[4.10.0rc3]: Samba 4.10.0rc3 Available for Download Signed-off-by: Karolin Seeger --- Summary of changes: posted_news/20190222-080453.4.10.0rc3.body.html | 12 posted_news/20190222-080453.4.10.0rc3.headline.html | 3 +++ 2 files changed, 15 insertions(+) create mode 100644 posted_news/20190222-080453.4.10.0rc3.body.html create mode 100644 posted_news/20190222-080453.4.10.0rc3.headline.html Changeset truncated at 500 lines: diff --git a/posted_news/20190222-080453.4.10.0rc3.body.html b/posted_news/20190222-080453.4.10.0rc3.body.html new file mode 100644 index 000..7a6d2c2 --- /dev/null +++ b/posted_news/20190222-080453.4.10.0rc3.body.html @@ -0,0 +1,12 @@ + +22 February 2019 +Samba 4.10.0rc3 Available for Download + +This is the third release candidate of the upcoming Samba 4.10 release series. + + +The uncompressed tarball has been signed using GnuPG (ID 6F33915B6568B7EA). +The source code can be https://download.samba.org/pub/samba/rc/samba-4.10.0rc3.tar.gz";>downloaded now. +See https://download.samba.org/pub/samba/rc/samba-4.10.0rc3.WHATSNEW.txt";>the release notes for more info. + + diff --git a/posted_news/20190222-080453.4.10.0rc3.headline.html b/posted_news/20190222-080453.4.10.0rc3.headline.html new file mode 100644 index 000..951f9c8 --- /dev/null +++ b/posted_news/20190222-080453.4.10.0rc3.headline.html @@ -0,0 +1,3 @@ + + 22 February 2019 Samba 4.10.0rc3 Available for Download + -- Samba Website Repository
[SCM] Samba Shared Repository - branch v4-10-stable updated
The branch, v4-10-stable has been updated via 3d91947b53e VERSION: Disable GIT_SNAPSHOT for the 4.10.0rc3 release. via 1f749eb6f6a WHATSNEW: Add release notes for Samba 4.10.0rc3. via a3a9630a464 waf: Check for libnscd via d8911eaa54d WHATSNEW: Add note that python2 support will be dropped on v4.11 via be6f8d41ca7 waf: Do not install internal header via 9bf434a941b lib:util: Move discard_const(_p) to own header for libndr.h via 66bf14d8322 pidl: Use NDR_ZERO_STRUCT(P) macros via f6a44c807a9 librpc:ndr: Add NDR_ZERO_STRUCT(P) macros via 2ba1d9dd8d2 librpc:ndr: Implement ndr_zero_memory() via 6d2af886f40 tldap: avoid more use after free errors via 9a530ee4f91 tldap: avoid a use after free crash via 1ed75df5711 s3:vfs: Correctly check if OFD locks should be enabled or not via fcd5865f3ff s3:vfs: Initialize pid to 0 in test_netatalk_lock() via fbc8ea71c5c s4: torture: vfs_fruit. Change test_fruit_locking_conflict() to match the vfs_fruit working server code. via 72bcae77752 s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility code. via eba5d055376 smbd: uid: Don't crash if 'force group' is added to an existing share connection. via f68aab42318 s3: tests: Add regression test for smbd crash on share force group change with existing connection. via d6dbd33fdcd printing: check lp_load_printers() prior to pcap cache update via 3d0450ef3c5 printing: drop pcap_cache_loaded() guard around load_printers() via 7621c622f83 s3-smbd: use fruit:model string for mDNS registration via e21e24d8345 ldb: Release ldb 1.5.3 via bb850a07502 ldb: Add even more comments on what strict does to the list intersections via 2a915942295 ldb: Rename variable via 62fea7e9c3f ldb: Elaborate on ldb_kv_search_indexed() comments via f7774530936 ldb: Remove comment that no longer makes sense via 7fc34817657 ldb: Avoid inefficient one-level searches via 0c75bfe674b VERSION: Bump version up to 4.10.0rc2... from 61e654828c1 VERSION: Diable GIT_SNAPSHOT for the 4.10.0rc2 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-stable - Log - --- Summary of changes: VERSION| 2 +- WHATSNEW.txt | 89 +++-- lib/ldb/ABI/{ldb-1.5.1.sigs => ldb-1.5.3.sigs} | 0 ...yldb-util-1.1.10.sigs => pyldb-util-1.5.3.sigs} | 0 ...-util-1.1.10.sigs => pyldb-util.py3-1.5.3.sigs} | 0 lib/ldb/ldb_key_value/ldb_kv_index.c | 76 ++-- lib/ldb/wscript| 2 +- lib/util/discard.h | 51 ++ lib/util/memory.h | 27 --- lib/util/samba_util.h | 1 + lib/util/wscript_build | 18 +- librpc/ABI/{ndr-0.1.2.sigs => ndr-0.2.0.sigs} | 1 + librpc/ndr/libndr.h| 10 +- librpc/ndr/util.c | 5 + librpc/wscript_build | 2 +- pidl/lib/Parse/Pidl/Samba3/ServerNDR.pm| 2 +- pidl/lib/Parse/Pidl/Samba4/COM/Proxy.pm| 2 +- pidl/lib/Parse/Pidl/Samba4/NDR/Client.pm | 6 +- pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 6 +- selftest/selftesthelpers.py| 1 + selftest/target/Samba3.pm | 5 + source3/include/proto.h| 2 +- source3/lib/tldap.c| 1 - source3/lib/tldap_util.c | 2 - source3/lib/util.c | 7 +- source3/libsmb/samlogon_cache.c| 1 + source3/modules/vfs_default.c | 14 +- source3/modules/vfs_fruit.c| 204 ++--- source3/printing/load.c| 4 +- source3/printing/pcap.c| 5 + source3/printing/queue_process.c | 6 +- source3/printing/spoolssd.c| 8 +- source3/script/tests/test_force_group_change.sh| 73 source3/selftest/tests.py | 4 + source3/smbd/avahi_register.c | 27 +++ source3/smbd/files.c | 9 + source3/smbd/uid.c | 35 +++- source3/wscript| 3 + source3/wscript_build | 1 + source4/torture/vfs/fruit.c| 26 ++- 40 files changed, 516 insertions(+), 222 deletions(-) copy lib/ldb/ABI/{ldb-1.5.1.sigs => ld
[SCM] Samba Shared Repository - annotated tag samba-4.10.0rc3 created
The annotated tag, samba-4.10.0rc3 has been created at b708446736b31bbdd058428963bb651b898aebf1 (tag) tagging 3d91947b53e78d2b08a8b85726dee8025208d4de (commit) replaces ldb-1.5.3 tagged by Karolin Seeger on Fri Feb 22 09:03:41 2019 +0100 - Log - samba: tag release samba-4.10.0rc3 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXG+s3QAKCRBvM5FbZWi3 6ivgAJ0U39GRhaLy3hFpLj6WsO0tp1LtVgCfbw5C11U7wvWIWn16F+FG/O/Zvb0= =oIRh -END PGP SIGNATURE- Andreas Schneider (7): s3:vfs: Initialize pid to 0 in test_netatalk_lock() s3:vfs: Correctly check if OFD locks should be enabled or not librpc:ndr: Implement ndr_zero_memory() librpc:ndr: Add NDR_ZERO_STRUCT(P) macros pidl: Use NDR_ZERO_STRUCT(P) macros lib:util: Move discard_const(_p) to own header for libndr.h waf: Do not install internal header Christof Schmitt (1): waf: Check for libnscd David Disseldorp (2): printing: drop pcap_cache_loaded() guard around load_printers() printing: check lp_load_printers() prior to pcap cache update Günther Deschner (1): s3-smbd: use fruit:model string for mDNS registration Jeremy Allison (4): s3: tests: Add regression test for smbd crash on share force group change with existing connection. smbd: uid: Don't crash if 'force group' is added to an existing share connection. s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility code. s4: torture: vfs_fruit. Change test_fruit_locking_conflict() to match the vfs_fruit working server code. Karolin Seeger (2): WHATSNEW: Add release notes for Samba 4.10.0rc3. VERSION: Disable GIT_SNAPSHOT for the 4.10.0rc3 release. Ralph Boehme (2): tldap: avoid a use after free crash tldap: avoid more use after free errors Tim Beale (1): WHATSNEW: Add note that python2 support will be dropped on v4.11 --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via 9dde00c3e0a VERSION: Bump version up to 4.10.0rc4... via 3d91947b53e VERSION: Disable GIT_SNAPSHOT for the 4.10.0rc3 release. via 1f749eb6f6a WHATSNEW: Add release notes for Samba 4.10.0rc3. from a3a9630a464 waf: Check for libnscd https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit 9dde00c3e0ae7c095f61e1499c9ab939047f17bd Author: Karolin Seeger Date: Fri Feb 22 09:00:37 2019 +0100 VERSION: Bump version up to 4.10.0rc4... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger commit 3d91947b53e78d2b08a8b85726dee8025208d4de Author: Karolin Seeger Date: Fri Feb 22 08:59:50 2019 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.10.0rc3 release. Signed-off-by: Karolin Seeger commit 1f749eb6f6a56eb0a184bce6f924f5d03d024b08 Author: Karolin Seeger Date: Fri Feb 22 08:59:15 2019 +0100 WHATSNEW: Add release notes for Samba 4.10.0rc3. Signed-off-by: Karolin Seeger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 46 -- 2 files changed, 41 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index d457f23e00e..106dddf3149 100644 --- a/VERSION +++ b/VERSION @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=3 +SAMBA_VERSION_RC_RELEASE=4 # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index efbcb171ce5..2d535610583 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements = -This is the second release candidate of Samba 4.10. This is *not* +This is the third release candidate of Samba 4.10. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. @@ -27,19 +27,19 @@ rebuild the Group Policy Objects from the XML after generalization. (The administrator needs to correct the values of XML entities between the backup and restore to account for the change in domain). -kdc prefork +KDC prefork --- The KDC now supports the pre-fork process model and worker processes will be forked for the KDC when the pre-fork process model is selected for samba. -prefork 'prefork children' +Prefork 'prefork children' -- The default value for this smdb.conf parameter has been increased from 1 to 4. -netlogon prefork +Netlogon prefork DCERPC now supports pre-forked NETLOGON processes. The netlogon processes are @@ -63,7 +63,7 @@ information about how the users are spread across groups in your domain. The 'samba-tool group list --verbose' command has also been updated to include the number of users in each group. -prefork process restart +Prefork process restart --- The pre-fork process model now restarts failed processes. The delay between @@ -75,7 +75,7 @@ delay between restart attempts up until it reaches "prefork maximum backoff". Using the default sequence the restart delays (in seconds) are: 0, 10, 20, ..., 120, 120, ... -standard process model +Standard process model -- When using the standard process model samba forks a new process to handle ldap @@ -224,6 +224,40 @@ smb.conf changes sharemode" but for SMB getinfo +CHANGES SINCE 4.10.0rc2 +=== + +o Jeremy Allison + * BUG 13690: smbd: uid: Don't crash if 'force group' is added to an existing + share connection. + * BUG 13770: s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility + code. + +o Andrew Bartlett + * ldb: Release ldb 1.5.3 + * BUG 13762: Avoid inefficient one-level searches. + * BUG 13772: The test api.py should not rely on order of entries in dict. + +o Tim Beale + * BUG 13762: ldb: Avoid inefficient one-level searches. + +o Ralph Boehme + * BUG 13776: tldap: Avoid use after free errors. + +o Günther Deschner + * BUG 13746: s3-smbd: Use fruit:model string for mDNS registration. + +o David Disseldorp + * BUG 13766: printing: Check lp_load_printers() prior to pcap cache update. + +o Christof Schmitt + * BUG 13787: waf: Check for libnscd. + +o Andreas Schneider + * BUG 13770: s3:vfs: Correctly check if OFD locks should be enabled or not. + * BUG 13778: Public
[SCM] Samba Shared Repository - branch v4-8-test updated
The branch, v4-8-test has been updated via 080dae06412 waf: Check for libnscd via e60d5ca3a7b tldap: avoid more use after free errors via 24c71628c34 tldap: avoid a use after free crash via 2f8bd74b67c s3:vfs: Correctly check if OFD locks should be enabled or not via b9120174c66 s3:vfs: Initialize pid to 0 in test_netatalk_lock() via 0b15de2db78 s4: torture: vfs_fruit. Change test_fruit_locking_conflict() to match the vfs_fruit working server code. via aec654431dd s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility code. via 3a50ce1cc9d netcmd/user: python[3]-gpgme unsupported and replaced by python[3]-gpg via 83d82e735bb smbd: uid: Don't crash if 'force group' is added to an existing share connection. via b3638852508 s3: tests: Add regression test for smbd crash on share force group change with existing connection. via 8c8457150c5 printing: check lp_load_printers() prior to pcap cache update via 32d6bf67801 printing: drop pcap_cache_loaded() guard around load_printers() via 6e0514d273e s3-smbd: use fruit:model string for mDNS registration from 22d5649e895 ldb: Bump ldb version to 1.3.7 https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test - Log - commit 080dae0641293547cb88e4d39e7a9266d4decb0e Author: Christof Schmitt Date: Tue Feb 12 12:28:32 2019 -0700 waf: Check for libnscd The check was in the old autoconf, but not in waf. As the code is still in source3/lib/util_nscd.c, add the check for libnscd to allow building and using the code. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13787 Signed-off-by: Christof Schmitt Reviewed-by: Guenther Deschner Autobuild-User(master): Günther Deschner Autobuild-Date(master): Wed Feb 13 17:58:33 CET 2019 on sn-devel-144 (cherry picked from commit 3a793497796395ffa3efda5807bdb1ca8e09e35b) Autobuild-User(v4-8-test): Karolin Seeger Autobuild-Date(v4-8-test): Thu Feb 21 17:42:07 CET 2019 on sn-devel-144 commit e60d5ca3a7b4b962e012c4ee8f0ff9062c534af4 Author: Ralph Boehme Date: Tue Feb 5 14:08:56 2019 +0100 tldap: avoid more use after free errors See the previous commit for an explanation. :) Bug: https://bugzilla.samba.org/show_bug.cgi?id=13776 Signed-off-by: Ralph Boehme Reviewed-by: Volker Lendecke Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Feb 6 10:19:12 CET 2019 on sn-devel-144 (cherry picked from commit bf91ee0a9727cc392583fe84ad069204be758515) commit 24c71628c3415089b34fe998ff923db7cc6165c6 Author: Ralph Boehme Date: Tue Feb 5 13:56:53 2019 +0100 tldap: avoid a use after free crash I saw the following crash in tldap in the winbindd idmap child on a member server after messing with the LDAP server on the DC: 0 0x7f77ea9a307a in __GI___waitpid (pid=9815, stat_loc=stat_loc@entry=0x7ffe77569eb0, options=options@entry=0) at ../sysdeps/unix/sysv/linux/waitpid.c:29 1 0x7f77ea91bfbb in do_system (line=) at ../sysdeps/posix/system.c:148 2 0x7f77edd8c24b in smb_panic_s3 (why=0x7f77f08e6e88 "Bad talloc magic value - access after free") at ../source3/lib/util.c:828 3 0x7f77f15afe85 in smb_panic (why=0x7f77f08e6e88 "Bad talloc magic value - access after free") at ../lib/util/fault.c:170 4 0x7f77f08e2678 in talloc_abort (reason=0x7f77f08e6e88 "Bad talloc magic value - access after free") at ../lib/talloc/talloc.c:472 5 0x7f77f08e268b in talloc_abort_access_after_free () at ../lib/talloc/talloc.c:477 6 0x7f77f08e2710 in talloc_chunk_from_ptr (ptr=0x55da7605a020) at ../lib/talloc/talloc.c:494 7 0x7f77f08e4a19 in _talloc_free (ptr=0x55da7605a020, location=0x7f77e181474d "../source3/lib/tldap.c:1918") at ../lib/talloc/talloc.c:1716 8 0x7f77e180b65c in tldap_search_all_done (subreq=0x55da7605a020) at ../source3/lib/tldap.c:1918 9 0x7f77f0af0fd0 in _tevent_req_notify_callback (req=0x55da7605a020, location=0x7f77e1813e50 "../source3/lib/tldap.c:47") at ../lib/tevent/tevent_req.c:125 10 0x7f77f0af10a5 in tevent_req_finish (req=0x55da7605a020, state=TEVENT_REQ_USER_ERROR, location=0x7f77e1813e50 "../source3/lib/tldap.c:47") at ../lib/tevent/tevent_req.c:162 11 0x7f77f0af1113 in _tevent_req_error (req=0x55da7605a020, error=9780923860630110289, location=0x7f77e1813e50 "../source3/lib/tldap.c:47") at ../lib/tevent/tevent_req.c:180 12 0x7f77e180781a in tevent_req_ldap_error (req=0x55da7605a020, rc=...) at ../source3/lib/tldap.c:47 13 0x7f77e180b2c4 in tldap_search_done (subreq=0x55da76058280) at ../source3/lib/tldap.c:1813 14 0x7f77f0af0fd0 in _tevent_req_notify_c
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via a3a9630a464 waf: Check for libnscd via d8911eaa54d WHATSNEW: Add note that python2 support will be dropped on v4.11 via be6f8d41ca7 waf: Do not install internal header via 9bf434a941b lib:util: Move discard_const(_p) to own header for libndr.h via 66bf14d8322 pidl: Use NDR_ZERO_STRUCT(P) macros via f6a44c807a9 librpc:ndr: Add NDR_ZERO_STRUCT(P) macros via 2ba1d9dd8d2 librpc:ndr: Implement ndr_zero_memory() via 6d2af886f40 tldap: avoid more use after free errors via 9a530ee4f91 tldap: avoid a use after free crash via 1ed75df5711 s3:vfs: Correctly check if OFD locks should be enabled or not via fcd5865f3ff s3:vfs: Initialize pid to 0 in test_netatalk_lock() via fbc8ea71c5c s4: torture: vfs_fruit. Change test_fruit_locking_conflict() to match the vfs_fruit working server code. via 72bcae77752 s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility code. via eba5d055376 smbd: uid: Don't crash if 'force group' is added to an existing share connection. via f68aab42318 s3: tests: Add regression test for smbd crash on share force group change with existing connection. via d6dbd33fdcd printing: check lp_load_printers() prior to pcap cache update via 3d0450ef3c5 printing: drop pcap_cache_loaded() guard around load_printers() via 7621c622f83 s3-smbd: use fruit:model string for mDNS registration from e21e24d8345 ldb: Release ldb 1.5.3 https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit a3a9630a464979159cac2ea6783982584d3a450e Author: Christof Schmitt Date: Tue Feb 12 12:28:32 2019 -0700 waf: Check for libnscd The check was in the old autoconf, but not in waf. As the code is still in source3/lib/util_nscd.c, add the check for libnscd to allow building and using the code. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13787 Signed-off-by: Christof Schmitt Reviewed-by: Guenther Deschner Autobuild-User(master): Günther Deschner Autobuild-Date(master): Wed Feb 13 17:58:33 CET 2019 on sn-devel-144 (cherry picked from commit 3a793497796395ffa3efda5807bdb1ca8e09e35b) Autobuild-User(v4-10-test): Karolin Seeger Autobuild-Date(v4-10-test): Thu Feb 21 16:26:51 CET 2019 on sn-devel-144 commit d8911eaa54d5c82046311e856cbc8e7269477aa4 Author: Tim Beale Date: Wed Feb 13 11:28:29 2019 +1300 WHATSNEW: Add note that python2 support will be dropped on v4.11 Add a warning to Samba users that v4.10 will be the last Samba release with python2 support. I've reworked the existing text describing the different python2 build options for 4.10. Hopefully this makes it slightly clearer. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13785 Signed-off-by: Tim Beale commit be6f8d41ca7452840545356c7320355be815b5cd Author: Andreas Schneider Date: Wed Feb 13 10:44:45 2019 +0100 waf: Do not install internal header We should not install header files without an public API: - memory.h - safe_strings.h - talloc_stack.h BUG: https://bugzilla.samba.org/show_bug.cgi?id=13778 Signed-off-by: Andreas Schneider Reviewed-by: Stefan Metzmacher (cherry picked from commit 6d232f3f7c64f9b01439326e0e9b6d9df9a0bcbb) commit 9bf434a941be2f3b13b5cc59b5ad6f77f0c0fb8d Author: Andreas Schneider Date: Wed Feb 6 16:05:48 2019 +0100 lib:util: Move discard_const(_p) to own header for libndr.h BUG: https://bugzilla.samba.org/show_bug.cgi?id=13778 Signed-off-by: Andreas Schneider Reviewed-by: Guenther Deschner Reviewed-by: Stefan Metzmacher (cherry picked from commit 96df6878ed521b7e744d703abb32a585500d3b94) commit 66bf14d832286f5f5b9b4b68cd9b5b96975dbbed Author: Andreas Schneider Date: Wed Feb 13 10:41:19 2019 +0100 pidl: Use NDR_ZERO_STRUCT(P) macros BUG: https://bugzilla.samba.org/show_bug.cgi?id=13778 Signed-off-by: Andreas Schneider Reviewed-by: Stefan Metzmacher (cherry picked from commit 532ce0d20a8016c1270ea689de627da8aa4abfdd) commit f6a44c807a9cf9061ab82930c7b0799c785ff6b2 Author: Andreas Schneider Date: Wed Feb 13 10:38:02 2019 +0100 librpc:ndr: Add NDR_ZERO_STRUCT(P) macros BUG: https://bugzilla.samba.org/show_bug.cgi?id=13778 Signed-off-by: Andreas Schneider Reviewed-by: Stefan Metzmacher (cherry picked from commit 666802a3db3115ca09f3ffed58c8e4a8cabd65de) commit 2ba1d9dd8d2ab2b11e13a1e1355cbc391226e084 Author: Andreas Schneider Date: Wed Feb 13 10:35:13 2019 +0100 librpc:ndr: Implement ndr_zero_memory() BUG: https://bugzilla.samba.org/show_bug.cgi?id=13778 Signed-off-by: Andreas Schneider Reviewed-b
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via 2f5823c5015 waf: Check for libnscd via d85f9fdc8ac tldap: avoid more use after free errors via 5995d5b91bf tldap: avoid a use after free crash via c0858bc990c s3:vfs: Correctly check if OFD locks should be enabled or not via 53d2623b2fd s3:vfs: Initialize pid to 0 in test_netatalk_lock() via eb425d50447 s4: torture: vfs_fruit. Change test_fruit_locking_conflict() to match the vfs_fruit working server code. via b650db4d06a s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility code. via 6f697b9c68a netcmd/user: python[3]-gpgme unsupported and replaced by python[3]-gpg via 7644bb26be0 smbd: uid: Don't crash if 'force group' is added to an existing share connection. via eac00de2a09 s3: tests: Add regression test for smbd crash on share force group change with existing connection. via 44f49283cb8 printing: check lp_load_printers() prior to pcap cache update via 3ec3f9dcb3f printing: drop pcap_cache_loaded() guard around load_printers() via 455099bd9dd s3-smbd: use fruit:model string for mDNS registration from c7b04443226 ldb: Bump ldb version to 1.4.5 https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit 2f5823c50159cf7eebf3ca5aa283eaf4ba49c033 Author: Christof Schmitt Date: Tue Feb 12 12:28:32 2019 -0700 waf: Check for libnscd The check was in the old autoconf, but not in waf. As the code is still in source3/lib/util_nscd.c, add the check for libnscd to allow building and using the code. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13787 Signed-off-by: Christof Schmitt Reviewed-by: Guenther Deschner Autobuild-User(master): Günther Deschner Autobuild-Date(master): Wed Feb 13 17:58:33 CET 2019 on sn-devel-144 (cherry picked from commit 3a793497796395ffa3efda5807bdb1ca8e09e35b) Autobuild-User(v4-9-test): Karolin Seeger Autobuild-Date(v4-9-test): Thu Feb 21 16:17:23 CET 2019 on sn-devel-144 commit d85f9fdc8acb35d682e6965a16b00b364eda5abb Author: Ralph Boehme Date: Tue Feb 5 14:08:56 2019 +0100 tldap: avoid more use after free errors See the previous commit for an explanation. :) Bug: https://bugzilla.samba.org/show_bug.cgi?id=13776 Signed-off-by: Ralph Boehme Reviewed-by: Volker Lendecke Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Feb 6 10:19:12 CET 2019 on sn-devel-144 (cherry picked from commit bf91ee0a9727cc392583fe84ad069204be758515) commit 5995d5b91bf60010064b6a8593bb3548ac80fb12 Author: Ralph Boehme Date: Tue Feb 5 13:56:53 2019 +0100 tldap: avoid a use after free crash I saw the following crash in tldap in the winbindd idmap child on a member server after messing with the LDAP server on the DC: 0 0x7f77ea9a307a in __GI___waitpid (pid=9815, stat_loc=stat_loc@entry=0x7ffe77569eb0, options=options@entry=0) at ../sysdeps/unix/sysv/linux/waitpid.c:29 1 0x7f77ea91bfbb in do_system (line=) at ../sysdeps/posix/system.c:148 2 0x7f77edd8c24b in smb_panic_s3 (why=0x7f77f08e6e88 "Bad talloc magic value - access after free") at ../source3/lib/util.c:828 3 0x7f77f15afe85 in smb_panic (why=0x7f77f08e6e88 "Bad talloc magic value - access after free") at ../lib/util/fault.c:170 4 0x7f77f08e2678 in talloc_abort (reason=0x7f77f08e6e88 "Bad talloc magic value - access after free") at ../lib/talloc/talloc.c:472 5 0x7f77f08e268b in talloc_abort_access_after_free () at ../lib/talloc/talloc.c:477 6 0x7f77f08e2710 in talloc_chunk_from_ptr (ptr=0x55da7605a020) at ../lib/talloc/talloc.c:494 7 0x7f77f08e4a19 in _talloc_free (ptr=0x55da7605a020, location=0x7f77e181474d "../source3/lib/tldap.c:1918") at ../lib/talloc/talloc.c:1716 8 0x7f77e180b65c in tldap_search_all_done (subreq=0x55da7605a020) at ../source3/lib/tldap.c:1918 9 0x7f77f0af0fd0 in _tevent_req_notify_callback (req=0x55da7605a020, location=0x7f77e1813e50 "../source3/lib/tldap.c:47") at ../lib/tevent/tevent_req.c:125 10 0x7f77f0af10a5 in tevent_req_finish (req=0x55da7605a020, state=TEVENT_REQ_USER_ERROR, location=0x7f77e1813e50 "../source3/lib/tldap.c:47") at ../lib/tevent/tevent_req.c:162 11 0x7f77f0af1113 in _tevent_req_error (req=0x55da7605a020, error=9780923860630110289, location=0x7f77e1813e50 "../source3/lib/tldap.c:47") at ../lib/tevent/tevent_req.c:180 12 0x7f77e180781a in tevent_req_ldap_error (req=0x55da7605a020, rc=...) at ../source3/lib/tldap.c:47 13 0x7f77e180b2c4 in tldap_search_done (subreq=0x55da76058280) at ../source3/lib/tldap.c:1813 14 0x7f77f0af0fd0 in _tevent_req_notify_c
[SCM] Samba Shared Repository - branch v4-8-stable updated
The branch, v4-8-stable has been updated via 42a6fee788d VERSION: Disable GIT_SNAPSHOT for the 4.8.9 release. via be692dd1918 WHATSNEW: Add release notes for Samba 4.8.9. via 1be33edc670 s3-vfs: Use ENOATTR in errno comparison for getxattr via 3db3eff3120 s3-vfs: add glusterfs_fuse vfs module. via 10360077122 selftest:Samba4: use 'smbcontrol samba shutdown' via 37b9360c714 s4:server: add support for 'smbcontrol samba shutdown' via 676a2fcfdf0 s4:server: avoid using pid=0 for the parent 'samba' process via 121348d4a56 s4:messaging: add support 'smbcontrol debug/debuglevel' via 39abec8db34 manpages/samba.7.xml: smbcontrol can also work with 'samba' via 72e45c8841d join: Throw CommandError instead of Exception for simple errors via 7acef6b7f43 join: Fix TypeError when handling exception via 244bd50e364 vfs_glusterfs: Adapt to changes in libgfapi signatures via b5bc51a7511 vfs_fileid: fix fsname_norootdir algorithm via c56beb9a1fd vfs_fileid: fix get_connectpath_ino via df175f06f9f s3:libsmb: cli_smb2_list() can sometimes fail initially on a connection via bb76511f413 libcli: Add error log if insufficient SMB2 credits via b7134e36f8d s3: libsmb: use smb2cli_conn_max_trans_size() in cli_smb2_list() via 8932a4a161f s3: lib: nmbname: Ensure we limit the NetBIOS name correctly. CID: 1433607 via 129423d3657 s3-vfs-fruit: add close call via c5e171f72e5 s3-vfs-streams_xattr: add close call via 8dc1d8c431a dns: changing onelevel search for wildcard to subtree via cfad63624ce s3:auth_winbind: ignore a missing winbindd as NT4 PDC/BDC without trusts via 2181925b13c s3:auth_winbind: return NT_STATUS_NO_LOGON_SERVERS if winbindd is not available via ab1bcc4e56f s3:auth_winbind: remove fallback to optional backend via 5b0d2f79534 s3-smbd: avoid assuming fsp is always intact after close_file call. via daac3542983 lib/util: Count a trailing line that doesn't end in a newline via 5067926e4fe s3:utils/smbget fix recursive download with empty source directories via 7aba48de14f s3:utils/smbget add error handling for mkdir() calls via 6058729541a s3:script/tests reduce code duplication via 74507e182c7 vfs_shadow_copy2: in fstat also convert fsp->fsp_name and fsp->base_fsp->fsp_name via 0d353c2ab06 s3:smbd: pass down twrp from SMB2_CREATE to filename_convert() via 299eef1e7e1 s3:smbd: add twrp args to filename_convert() via b2dcbafef73 s3:smbd: add twrp processing to filename_convert_internal() via b12bceb8b7e s3:smbd: prepare filename_convert_internal() for twrp via 450ac189c88 s3:selftest: add a VSS test reading a stream via 6f55dc0ccdf s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs. via 06336d8a59e vfs_shadow_copy2: nicely deal with attempts to open previous version for writing via eae534f01ca vfs_shadow_copy2: add shadow_copy2_strip_snapshot_converted via 5a0d7463c60 vfs_shadow_copy2: add _already_converted arg to shadow_copy2_strip_snapshot_internal() via de114204480 s3:script/tests: add a test for VSS write behaviour via 8c031cf05e5 s4:torture: add a test-suite for VSS via b22e8f355bd vfs_error_inject: add EBADF error via 688f91e366a vfs_error_inject: add pwrite via a988dcb90c4 VERSION: Bump version up to 4.8.9... from 91c4bf85967 VERSION: Disable GIT_SNAPSHOT for the 4.8.8 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-stable - Log - --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 89 - docs-xml/manpages/samba.7.xml| 2 +- docs-xml/manpages/vfs_glusterfs_fuse.8.xml | 103 ++ docs-xml/wscript_build | 1 + lib/util/tests/file.c| 152 +++ lib/util/util_file.c | 6 +- libcli/smb/smbXcli_base.c| 3 + python/samba/join.py | 9 +- python/samba/netcmd/domain.py| 2 +- selftest/target/Samba3.pm| 9 + selftest/target/Samba4.pm| 9 + source3/auth/auth.c | 2 +- source3/auth/auth_winbind.c | 47 +++-- source3/libsmb/cli_smb2_fnum.c | 15 +- source3/libsmb/nmblib.c | 34 ++-- source3/modules/posixacl_xattr.c | 4 +- source3/modules/vfs_error_inject.c | 19 ++ source3/modules/vfs_fileid.c | 7 +- source3/
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via faa03b5 Add Samba 4.8.9. via 10da62e NEWS[4.8.9]: Samba 4.8.9 Available for Download from 8079dc1 NEWS[4.10.0rc2]: Samba 4.10.0rc2 Available for Download https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit faa03b5455050f02bcf256a55281ecfea2a6e674 Author: Karolin Seeger Date: Thu Feb 7 10:28:25 2019 +0100 Add Samba 4.8.9. Signed-off-by: Karolin Seeger commit 10da62e05aa6a02a7b84773426d0497cd012aa57 Author: Karolin Seeger Date: Thu Feb 7 10:27:09 2019 +0100 NEWS[4.8.9]: Samba 4.8.9 Available for Download Signed-off-by: Karolin Seeger --- Summary of changes: history/header_history.html | 1 + history/samba-4.8.9.html| 84 + posted_news/20190207-092804.4.8.9.body.html | 13 posted_news/20190207-092804.4.8.9.headline.html | 3 + 4 files changed, 101 insertions(+) create mode 100644 history/samba-4.8.9.html create mode 100644 posted_news/20190207-092804.4.8.9.body.html create mode 100644 posted_news/20190207-092804.4.8.9.headline.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index 0144df8..29bde65 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -14,6 +14,7 @@ samba-4.9.2 samba-4.9.1 samba-4.9.0 + samba-4.8.9 samba-4.8.8 samba-4.8.7 samba-4.8.6 diff --git a/history/samba-4.8.9.html b/history/samba-4.8.9.html new file mode 100644 index 000..ad488ae --- /dev/null +++ b/history/samba-4.8.9.html @@ -0,0 +1,84 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> +http://www.w3.org/1999/xhtml";> + +Samba 4.8.9 - Release Notes + + +Samba 4.8.9 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.8.9.tar.gz";>Samba 4.8.9 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.8.9.tar.asc";>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.8.8-4.8.9.diffs.gz";>Patch (gzipped) against Samba 4.8.8 +https://download.samba.org/pub/samba/patches/samba-4.8.8-4.8.9.diffs.asc";>Signature + + + + = + Release Notes for Samba 4.8.9 + February 7, 2019 + = + + +This is the latest stable release of the Samba 4.8 release series. + + +Changes since 4.8.8: + + +o Jeremy Allison <j...@samba.org> + * BUG 11495: s3: lib: nmbname: Ensure we limit the NetBIOS name correctly. + CID: 1433607. + +o Christian Ambach <a...@samba.org> + * BUG 13199: s3:utils/smbget: Fix recursive download with empty source + directories. + +o Tim Beale <timbe...@catalyst.net.nz> + * BUG 13736: s3:libsmb: cli_smb2_list() can sometimes fail initially on a + connection. + * BUG 13747: join: Throw CommandError instead of Exception for simple errors. + +o Ralph Boehme <s...@samba.org> + * BUG 13688: Windows 2016 fails to restore previous version of a file from a + shadow_copy2 snapshot. + * BUG 13455: Restoring previous version of stream with vfs_shadow_copy2 fails + with NT_STATUS_OBJECT_NAME_INVALID. + * BUG 13736: s3: libsmb: Use smb2cli_conn_max_trans_size() in + cli_smb2_list(). + +o Günther Deschner <g...@samba.org> + * BUG 13708: s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs. + * BUG 13720: s3-smbd: Avoid assuming fsp is always intact after close_file + call. + * BUG 13725: s3-vfs-fruit,s3-vfs-streams_xattr: Add close call. + * BUG 13774: s3-vfs: Add glusterfs_fuse vfs module. + +o Aaron Haslett <aaronhasl...@catalyst.net.nz> + * BUG 13738: dns: Changing onelevel search for wildcard to subtree. + +o Stefan Metzmacher <me...@samba.org> + * BUG 13722: s3:auth_winbind: Ignore a missing winbindd as NT4 PDC/BDC + without trusts. + * BUG 13723: s3:auth_winbind: Return NT_STATUS_NO_LOGON_SERVERS if winbindd + is not available. + * BUG 13752: s4:messaging: Add support 'smbcontrol <pid> debug/debuglevel'. + +o Anoop C S <anoo...@redhat.com> + * BUG 13330: vfs_glusterfs: Adapt to changes in libgfapi signatures. + * BUG 13774: s3-vfs: Use ENOATTR in errno comparison for getxattr. + +o Martin Schwenke <mar...@meltin.net> + * BUG 13717: lib/util: Count a trailing line that doesn't end in a newline. + +o Ralph Wuerthner <ralph.wuerth...@de.ibm.com> + * BUG 13741: vfs_fileid: Fix get_connectpath_ino. + * BUG 13744: vfs_fileid: Fix fsna
[SCM] Samba Shared Repository - annotated tag samba-4.8.9 created
The annotated tag, samba-4.8.9 has been created at d300df1b95d0661c50874ec8fc940b77f3d6a2f8 (tag) tagging 42a6fee788d537f7852f5ab352863a72f5a30568 (commit) replaces samba-4.8.8 tagged by Karolin Seeger on Thu Feb 7 10:26:52 2019 +0100 - Log - samba: tag release samba-4.8.9 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXFv53AAKCRBvM5FbZWi3 6vzAAKCds7jG1F1nkrYf2so+E0PREUE06ACgxXRvnmxJc1EBP8tjYEigmQ6Zduc= =ws7N -END PGP SIGNATURE- Aaron Haslett (1): dns: changing onelevel search for wildcard to subtree Anoop C S (2): vfs_glusterfs: Adapt to changes in libgfapi signatures s3-vfs: Use ENOATTR in errno comparison for getxattr Christian Ambach (3): s3:script/tests reduce code duplication s3:utils/smbget add error handling for mkdir() calls s3:utils/smbget fix recursive download with empty source directories Günther Deschner (5): s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs. s3-smbd: avoid assuming fsp is always intact after close_file call. s3-vfs-streams_xattr: add close call s3-vfs-fruit: add close call s3-vfs: add glusterfs_fuse vfs module. Jeremy Allison (1): s3: lib: nmbname: Ensure we limit the NetBIOS name correctly. CID: 1433607 Karolin Seeger (3): VERSION: Bump version up to 4.8.9... WHATSNEW: Add release notes for Samba 4.8.9. VERSION: Disable GIT_SNAPSHOT for the 4.8.9 release. Martin Schwenke (1): lib/util: Count a trailing line that doesn't end in a newline Ralph Boehme (14): vfs_error_inject: add pwrite vfs_error_inject: add EBADF error s4:torture: add a test-suite for VSS s3:script/tests: add a test for VSS write behaviour vfs_shadow_copy2: add _already_converted arg to shadow_copy2_strip_snapshot_internal() vfs_shadow_copy2: add shadow_copy2_strip_snapshot_converted vfs_shadow_copy2: nicely deal with attempts to open previous version for writing s3:selftest: add a VSS test reading a stream s3:smbd: prepare filename_convert_internal() for twrp s3:smbd: add twrp processing to filename_convert_internal() s3:smbd: add twrp args to filename_convert() s3:smbd: pass down twrp from SMB2_CREATE to filename_convert() vfs_shadow_copy2: in fstat also convert fsp->fsp_name and fsp->base_fsp->fsp_name s3: libsmb: use smb2cli_conn_max_trans_size() in cli_smb2_list() Ralph Wuerthner (2): vfs_fileid: fix get_connectpath_ino vfs_fileid: fix fsname_norootdir algorithm Stefan Metzmacher (8): s3:auth_winbind: remove fallback to optional backend s3:auth_winbind: return NT_STATUS_NO_LOGON_SERVERS if winbindd is not available s3:auth_winbind: ignore a missing winbindd as NT4 PDC/BDC without trusts manpages/samba.7.xml: smbcontrol can also work with 'samba' s4:messaging: add support 'smbcontrol debug/debuglevel' s4:server: avoid using pid=0 for the parent 'samba' process s4:server: add support for 'smbcontrol samba shutdown' selftest:Samba4: use 'smbcontrol samba shutdown' Tim Beale (4): libcli: Add error log if insufficient SMB2 credits s3:libsmb: cli_smb2_list() can sometimes fail initially on a connection join: Fix TypeError when handling exception join: Throw CommandError instead of Exception for simple errors --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-8-test updated
The branch, v4-8-test has been updated via 9917a7e70ea VERSION: Bump version up to 4.8.10... via 42a6fee788d VERSION: Disable GIT_SNAPSHOT for the 4.8.9 release. via be692dd1918 WHATSNEW: Add release notes for Samba 4.8.9. from 1be33edc670 s3-vfs: Use ENOATTR in errno comparison for getxattr https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test - Log - commit 9917a7e70eae095647af00c1ea4436bacdcef386 Author: Karolin Seeger Date: Thu Feb 7 10:19:57 2019 +0100 VERSION: Bump version up to 4.8.10... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger commit 42a6fee788d537f7852f5ab352863a72f5a30568 Author: Karolin Seeger Date: Thu Feb 7 10:19:12 2019 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.8.9 release. Signed-off-by: Karolin Seeger commit be692dd191877fe7f9fc971eda0a53240b03513f Author: Karolin Seeger Date: Thu Feb 7 10:18:35 2019 +0100 WHATSNEW: Add release notes for Samba 4.8.9. Signed-off-by: Karolin Seeger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 89 ++-- 2 files changed, 88 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index cfae53693af..4af3bce2529 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=8 -SAMBA_VERSION_RELEASE=9 +SAMBA_VERSION_RELEASE=10 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index d48d1897469..ecb3db1c713 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,88 @@ + = + Release Notes for Samba 4.8.9 + February 7, 2019 + = + + +This is the latest stable release of the Samba 4.8 release series. + + +Changes since 4.8.8: + + +o Jeremy Allison + * BUG 11495: s3: lib: nmbname: Ensure we limit the NetBIOS name correctly. + CID: 1433607. + +o Christian Ambach + * BUG 13199: s3:utils/smbget: Fix recursive download with empty source + directories. + +o Tim Beale + * BUG 13736: s3:libsmb: cli_smb2_list() can sometimes fail initially on a + connection. + * BUG 13747: join: Throw CommandError instead of Exception for simple errors. + +o Ralph Boehme + * BUG 13688: Windows 2016 fails to restore previous version of a file from a + shadow_copy2 snapshot. + * BUG 13455: Restoring previous version of stream with vfs_shadow_copy2 fails + with NT_STATUS_OBJECT_NAME_INVALID. + * BUG 13736: s3: libsmb: Use smb2cli_conn_max_trans_size() in + cli_smb2_list(). + +o Günther Deschner + * BUG 13708: s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs. + * BUG 13720: s3-smbd: Avoid assuming fsp is always intact after close_file + call. + * BUG 13725: s3-vfs-fruit,s3-vfs-streams_xattr: Add close call. + * BUG 13774: s3-vfs: Add glusterfs_fuse vfs module. + +o Aaron Haslett + * BUG 13738: dns: Changing onelevel search for wildcard to subtree. + +o Stefan Metzmacher + * BUG 13722: s3:auth_winbind: Ignore a missing winbindd as NT4 PDC/BDC + without trusts. + * BUG 13723: s3:auth_winbind: Return NT_STATUS_NO_LOGON_SERVERS if winbindd + is not available. + * BUG 13752: s4:messaging: Add support 'smbcontrol debug/debuglevel'. + +o Anoop C S + * BUG 13330: vfs_glusterfs: Adapt to changes in libgfapi signatures. + * BUG 13774: s3-vfs: Use ENOATTR in errno comparison for getxattr. + +o Martin Schwenke + * BUG 13717: lib/util: Count a trailing line that doesn't end in a newline. + +o Ralph Wuerthner + * BUG 13741: vfs_fileid: Fix get_connectpath_ino. + * BUG 13744: vfs_fileid: Fix fsname_norootdir algorithm. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the "Samba 4.1 and newer" product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +
[SCM] Samba Shared Repository - branch v4-10-stable updated
The branch, v4-10-stable has been updated via 61e654828c1 VERSION: Diable GIT_SNAPSHOT for the 4.10.0rc2 release. via d902eec5bae WHATSNEW: Add release notes for Samba 4.10.0rc2. via 676b549321a s3-vfs: Use ENOATTR in errno comparison for getxattr via f8773e8a78e s3-vfs: add glusterfs_fuse vfs module. via a2e889740b3 selftest:Samba4: use 'smbcontrol samba shutdown' via 902de86daa6 s4:server: add support for 'smbcontrol samba shutdown' via 45c19f4c253 s4:server: avoid using pid=0 for the parent 'samba' process via f105c379545 s4:messaging: add support 'smbcontrol debug/debuglevel' via 9d2e05b1a6d manpages/samba.7.xml: smbcontrol can also work with 'samba' via 520c062db5f libcli: dns: Change internal DNS_REQUEST_TIMEOUT from 2 to 10 seconds. via 6990f5018d9 python: dns_hub: Fix indentation of 'raise' on error. via 56549fd07d6 join: Throw CommandError instead of Exception for simple errors via 334f1e6f56a join: Fix TypeError when handling exception via 9ae7ffa5f05 vfs_glusterfs: Adapt to changes in libgfapi signatures via 94aff506747 WHATSNEW: fix typo. via 9859cc5c1b0 WHATSNEW: Add missing parenthesis via a4466ec4282 ctdb: Print locks latency in machinereadable stats via 16b1971ea0a WHATSNEW: Update for Bug 13676 changes in Samba 4.10 via 26cd687f14d netcmd: Try to improve domain backup error message via f088f070b4c tests: Run ntacls_backup tests against testenv with SMBv1 disabled via 7399fe07fea selftest: Give the backup testenvs a 'test1' share via 349cfec01df tests: Run GPO commands against testenv with SMBv1 disabled via e682347bc18 ntacls: Pass correct use_ntvfs through to setntacl() via 6158ca6e299 tests: Run samba_tool.gpo tests against backup testenvs via 9d9b00566c1 s4:pysmb: Add error log that the s4 bindings are deprecated via c4323c00ec5 netcmd: Change GPO commands to use s3 SMB Py bindings via c9fdea2e361 s3:pylibsmb: Add FILE_READ_ATTRIBUTES access to .loadfile() API via b47e42e0400 netcmd: Change SMB flags from s4 Py bindings to s3 via 3ed03bd24eb s3:pylibsmb: Add .set_acl API to SMB py bindings via f43abe39d56 python/gpclass: Convert gpclass to use s3 SMB Python bindings via 529b29203d4 s3:libsmb: Honor disable_netbios option in smbsock_connect_send via 248c234e06b VERSION: Bump version up to 4.10.0rc2... from 1c9e1bcda1c VERSION: Bump version up to 4.10.0rc1... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-stable - Log - --- Summary of changes: VERSION| 2 +- WHATSNEW.txt | 50 +- ctdb/tools/ctdb.c | 5 + docs-xml/manpages/samba.7.xml | 2 +- docs-xml/manpages/vfs_glusterfs_fuse.8.xml | 103 + docs-xml/wscript_build | 1 + libcli/dns/dns.c | 2 +- python/samba/gpclass.py| 10 +- python/samba/join.py | 7 +- python/samba/netcmd/domain.py | 2 +- python/samba/netcmd/domain_backup.py | 5 +- python/samba/netcmd/gpo.py | 20 ++-- python/samba/ntacls.py | 3 +- .../samba/tests/dns_forwarder_helpers/dns_hub.py | 4 +- selftest/target/Samba4.pm | 17 source3/libsmb/pylibsmb.c | 54 ++- source3/libsmb/smbsock_connect.c | 7 ++ source3/modules/posixacl_xattr.c | 4 +- source3/modules/vfs_glusterfs.c| 21 - source3/modules/vfs_glusterfs_fuse.c | 71 ++ source3/modules/wscript_build | 8 ++ source3/wscript| 4 + source4/lib/messaging/messaging.c | 72 ++ source4/libcli/pysmb.c | 12 +++ source4/selftest/tests.py | 15 +-- source4/smbd/server.c | 39 +++- 26 files changed, 500 insertions(+), 40 deletions(-) create mode 100644 docs-xml/manpages/vfs_glusterfs_fuse.8.xml create mode 100644 source3/modules/vfs_glusterfs_fuse.c Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index fde61a99da4..a251f875c42 100644 --- a/VERSION +++ b/VERSION @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # #
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 8079dc1 NEWS[4.10.0rc2]: Samba 4.10.0rc2 Available for Download from 2b89598 NEWS[4.10.0rc1]: Samba 4.10.0rc1 Available for Download https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 8079dc1c74d2df48d68b5e8d717064697f68eb99 Author: Karolin Seeger Date: Wed Feb 6 09:17:17 2019 +0100 NEWS[4.10.0rc2]: Samba 4.10.0rc2 Available for Download Signed-off-by: Karolin Seeger --- Summary of changes: posted_news/20190206-083359.4.10.0rc2.body.html | 12 posted_news/20190206-083359.4.10.0rc2.headline.html | 3 +++ 2 files changed, 15 insertions(+) create mode 100644 posted_news/20190206-083359.4.10.0rc2.body.html create mode 100644 posted_news/20190206-083359.4.10.0rc2.headline.html Changeset truncated at 500 lines: diff --git a/posted_news/20190206-083359.4.10.0rc2.body.html b/posted_news/20190206-083359.4.10.0rc2.body.html new file mode 100644 index 000..ce7e31e --- /dev/null +++ b/posted_news/20190206-083359.4.10.0rc2.body.html @@ -0,0 +1,12 @@ + +06 February 2019 +Samba 4.10.0rc2 Available for Download + +This is the second release candidate of the upcoming Samba 4.10 release series. + + +The uncompressed tarball has been signed using GnuPG (ID 6F33915B6568B7EA). +The source code can be https://download.samba.org/pub/samba/rc/samba-4.10.0rc2.tar.gz";>downloaded now. +See https://download.samba.org/pub/samba/rc/samba-4.10.0rc2.WHATSNEW.txt";>the release notes for more info. + + diff --git a/posted_news/20190206-083359.4.10.0rc2.headline.html b/posted_news/20190206-083359.4.10.0rc2.headline.html new file mode 100644 index 000..81ef28f --- /dev/null +++ b/posted_news/20190206-083359.4.10.0rc2.headline.html @@ -0,0 +1,3 @@ + + 06 February 2019 Samba 4.10.0rc2 Available for Download + -- Samba Website Repository
[SCM] Samba Shared Repository - annotated tag samba-4.10.0rc2 created
The annotated tag, samba-4.10.0rc2 has been created at 773d6e321301485f1f3ab169ccf050b04e7eb18b (tag) tagging 61e654828c1340a6b5814a62ada39491ca2c6380 (commit) replaces samba-4.10.0rc1 tagged by Karolin Seeger on Wed Feb 6 09:17:10 2019 +0100 - Log - samba: tag release samba-4.10.0rc2 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXFqYBgAKCRBvM5FbZWi3 6gjHAJ4jdFp62e6Kn4qtMdn4SVDhyn+LDQCfVLAP/PVtTBRfPVm9nfgHCzcjx90= =MYIP -END PGP SIGNATURE- Anoop C S (3): WHATSNEW: Add missing parenthesis vfs_glusterfs: Adapt to changes in libgfapi signatures s3-vfs: Use ENOATTR in errno comparison for getxattr Günther Deschner (2): WHATSNEW: fix typo. s3-vfs: add glusterfs_fuse vfs module. Jeremy Allison (2): python: dns_hub: Fix indentation of 'raise' on error. libcli: dns: Change internal DNS_REQUEST_TIMEOUT from 2 to 10 seconds. Justin Stephenson (1): s3:libsmb: Honor disable_netbios option in smbsock_connect_send Karolin Seeger (3): VERSION: Bump version up to 4.10.0rc2... WHATSNEW: Add release notes for Samba 4.10.0rc2. VERSION: Diable GIT_SNAPSHOT for the 4.10.0rc2 release. Stefan Metzmacher (5): manpages/samba.7.xml: smbcontrol can also work with 'samba' s4:messaging: add support 'smbcontrol debug/debuglevel' s4:server: avoid using pid=0 for the parent 'samba' process s4:server: add support for 'smbcontrol samba shutdown' selftest:Samba4: use 'smbcontrol samba shutdown' Tim Beale (15): python/gpclass: Convert gpclass to use s3 SMB Python bindings s3:pylibsmb: Add .set_acl API to SMB py bindings netcmd: Change SMB flags from s4 Py bindings to s3 s3:pylibsmb: Add FILE_READ_ATTRIBUTES access to .loadfile() API netcmd: Change GPO commands to use s3 SMB Py bindings s4:pysmb: Add error log that the s4 bindings are deprecated tests: Run samba_tool.gpo tests against backup testenvs ntacls: Pass correct use_ntvfs through to setntacl() tests: Run GPO commands against testenv with SMBv1 disabled selftest: Give the backup testenvs a 'test1' share tests: Run ntacls_backup tests against testenv with SMBv1 disabled netcmd: Try to improve domain backup error message WHATSNEW: Update for Bug 13676 changes in Samba 4.10 join: Fix TypeError when handling exception join: Throw CommandError instead of Exception for simple errors Volker Lendecke (1): ctdb: Print locks latency in machinereadable stats --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via 0c75bfe674b VERSION: Bump version up to 4.10.0rc2... via 61e654828c1 VERSION: Diable GIT_SNAPSHOT for the 4.10.0rc2 release. via d902eec5bae WHATSNEW: Add release notes for Samba 4.10.0rc2. from 676b549321a s3-vfs: Use ENOATTR in errno comparison for getxattr https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit 0c75bfe674b9e2d3fc9671fb85b334c0a392e13d Author: Karolin Seeger Date: Wed Feb 6 09:00:43 2019 +0100 VERSION: Bump version up to 4.10.0rc2... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger commit 61e654828c1340a6b5814a62ada39491ca2c6380 Author: Karolin Seeger Date: Wed Feb 6 08:59:54 2019 +0100 VERSION: Diable GIT_SNAPSHOT for the 4.10.0rc2 release. Signed-off-by: Karolin Seeger commit d902eec5bae7e862ee8a19460f028189c8eb39d2 Author: Karolin Seeger Date: Wed Feb 6 08:57:04 2019 +0100 WHATSNEW: Add release notes for Samba 4.10.0rc2. Signed-off-by: Karolin Seeger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 32 +++- 2 files changed, 32 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 60f28019c64..d457f23e00e 100644 --- a/VERSION +++ b/VERSION @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=2 +SAMBA_VERSION_RC_RELEASE=3 # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index bed631c5eaa..8bbb1fd705f 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements = -This is the first release candidate of Samba 4.10. This is *not* +This is the second release candidate of Samba 4.10. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. @@ -208,6 +208,36 @@ smb.conf changes smbd getinfo ask sharemode New: similar to "smbd search ask yes sharemode" but for SMB getinfo + +CHANGES SINCE 4.10.0rc1 +=== + +o Jeremy Allison + * BUG 13750: libcli: dns: Change internal DNS_REQUEST_TIMEOUT from 2 to 10 + seconds. + +o Tim Beale + * BUG 13676: samba-tool SMB/sysvol connections do not work if SMBv1 is + disabled. + * BUG 13747: join: Throw CommandError instead of Exception for simple errors. + +o Günther Deschner + * BUG 13774: s3-vfs: Add glusterfs_fuse vfs module. + +o Volker Lendecke + * BUG 13742: ctdb: Print locks latency in machinereadable stats. + +o Stefan Metzmacher + * BUG 13752: s4:server: Add support for 'smbcontrol samba shutdown'. + +o Anoop C S + * BUG 13330: vfs_glusterfs: Adapt to changes in libgfapi signatures. + * BUG 13774: s3-vfs: Use ENOATTR in errno comparison for getxattr. + +o Justin Stephenson + * BUG 13727: s3:libsmb: Honor disable_netbios option in smbsock_connect_send. + + KNOWN ISSUES -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via 676b549321a s3-vfs: Use ENOATTR in errno comparison for getxattr via f8773e8a78e s3-vfs: add glusterfs_fuse vfs module. via a2e889740b3 selftest:Samba4: use 'smbcontrol samba shutdown' via 902de86daa6 s4:server: add support for 'smbcontrol samba shutdown' via 45c19f4c253 s4:server: avoid using pid=0 for the parent 'samba' process via f105c379545 s4:messaging: add support 'smbcontrol debug/debuglevel' via 9d2e05b1a6d manpages/samba.7.xml: smbcontrol can also work with 'samba' via 520c062db5f libcli: dns: Change internal DNS_REQUEST_TIMEOUT from 2 to 10 seconds. via 6990f5018d9 python: dns_hub: Fix indentation of 'raise' on error. via 56549fd07d6 join: Throw CommandError instead of Exception for simple errors via 334f1e6f56a join: Fix TypeError when handling exception via 9ae7ffa5f05 vfs_glusterfs: Adapt to changes in libgfapi signatures via 94aff506747 WHATSNEW: fix typo. via 9859cc5c1b0 WHATSNEW: Add missing parenthesis from a4466ec4282 ctdb: Print locks latency in machinereadable stats https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit 676b549321abe61c63cb07681bd566b05369a876 Author: Anoop C S Date: Wed Jan 23 15:40:43 2019 +0530 s3-vfs: Use ENOATTR in errno comparison for getxattr * ENODATA is not defined in FreeBSD * ENOATTR is defined to be a synonym for ENODATA in Linux * In its absence Samba already defines ENOATTR to either ENODATA or ENOENT Thus it is safe and correct to compare with ENOATTR rather than ENODATA. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13774 Signed-off-by: Anoop C S Reviewed-by: Uri Simchoni Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Wed Jan 23 21:59:10 CET 2019 on sn-devel-144 (cherry picked from commit c99402724a65f4e1f8ed4dcd236a43e0603bef0a) Autobuild-User(v4-10-test): Karolin Seeger Autobuild-Date(v4-10-test): Tue Feb 5 23:59:06 CET 2019 on sn-devel-144 commit f8773e8a78e6dc666f9b6b49e897b1a070898113 Author: Günther Deschner Date: Thu Jan 17 15:21:07 2019 +0100 s3-vfs: add glusterfs_fuse vfs module. This module only implements the get_real_filename function by accessing a distinct extended attribute that is available over a glusterfs fuse mount. By implementing this vfs function users of a glusterfs fuse mount achieve a much better performance in create based workloads where samba then can avoid trying multiple case folding options to detect the real filename. Patch is based on an initial patch provided by Poornima G BUG: https://bugzilla.samba.org/show_bug.cgi?id=13774 Guenther Signed-off-by: Günther Deschner Reviewed-by: Ralph Boehme Autobuild-User(master): Günther Deschner Autobuild-Date(master): Tue Jan 22 18:37:56 CET 2019 on sn-devel-144 (cherry picked from commit adffe0dcf002aa4721dc7897261895e3486d5271) commit a2e889740b3fa42e0287b42366a73a3cae43 Author: Stefan Metzmacher Date: Thu Jan 17 23:50:45 2019 +0100 selftest:Samba4: use 'smbcontrol samba shutdown' BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752 Signed-off-by: Stefan Metzmacher Reviewed-by: Björn Baumbach Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Wed Jan 30 01:51:48 CET 2019 on sn-devel-144 (cherry picked from commit d03991f569b54ae0a11911b622107fbae701715d) commit 902de86daa685b864594df5026f60d7cd7171b2e Author: Stefan Metzmacher Date: Thu Jan 17 16:27:10 2019 +0100 s4:server: add support for 'smbcontrol samba shutdown' BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752 Signed-off-by: Stefan Metzmacher Reviewed-by: Björn Baumbach (cherry picked from commit 832776c0fcf7cc658c128765514755c2d15b06a6) commit 45c19f4c25393bcc9db56e93a79ac25cef7e6280 Author: Stefan Metzmacher Date: Mon Jan 28 16:29:51 2019 +0100 s4:server: avoid using pid=0 for the parent 'samba' process It confuses the 'samba-tool processes' output and log messages. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752 Signed-off-by: Stefan Metzmacher Reviewed-by: Björn Baumbach (cherry picked from commit 5bd7a8e5685caa09067745b108ef7e53e3108e97) commit f105c379545ad51227126a239a60f946a2ab4a09 Author: Stefan Metzmacher Date: Tue Jan 15 01:39:06 2019 +0100 s4:messaging: add support 'smbcontrol debug/debuglevel' BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752 Signed-off-by: Stefan Metzmacher
[SCM] Samba Shared Repository - branch v4-8-test updated
The branch, v4-8-test has been updated via 1be33edc670 s3-vfs: Use ENOATTR in errno comparison for getxattr via 3db3eff3120 s3-vfs: add glusterfs_fuse vfs module. via 10360077122 selftest:Samba4: use 'smbcontrol samba shutdown' via 37b9360c714 s4:server: add support for 'smbcontrol samba shutdown' via 676a2fcfdf0 s4:server: avoid using pid=0 for the parent 'samba' process via 121348d4a56 s4:messaging: add support 'smbcontrol debug/debuglevel' via 39abec8db34 manpages/samba.7.xml: smbcontrol can also work with 'samba' via 72e45c8841d join: Throw CommandError instead of Exception for simple errors via 7acef6b7f43 join: Fix TypeError when handling exception via 244bd50e364 vfs_glusterfs: Adapt to changes in libgfapi signatures via b5bc51a7511 vfs_fileid: fix fsname_norootdir algorithm from c56beb9a1fd vfs_fileid: fix get_connectpath_ino https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test - Log - commit 1be33edc670f26fc77bef45fa7275d524d54fd59 Author: Anoop C S Date: Wed Jan 23 15:40:43 2019 +0530 s3-vfs: Use ENOATTR in errno comparison for getxattr * ENODATA is not defined in FreeBSD * ENOATTR is defined to be a synonym for ENODATA in Linux * In its absence Samba already defines ENOATTR to either ENODATA or ENOENT Thus it is safe and correct to compare with ENOATTR rather than ENODATA. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13774 Signed-off-by: Anoop C S Reviewed-by: Uri Simchoni Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Wed Jan 23 21:59:10 CET 2019 on sn-devel-144 (cherry picked from commit c99402724a65f4e1f8ed4dcd236a43e0603bef0a) Autobuild-User(v4-8-test): Karolin Seeger Autobuild-Date(v4-8-test): Tue Feb 5 20:31:37 CET 2019 on sn-devel-144 commit 3db3eff31200022106f417c26c4d23f4870d07ab Author: Günther Deschner Date: Thu Jan 17 15:21:07 2019 +0100 s3-vfs: add glusterfs_fuse vfs module. This module only implements the get_real_filename function by accessing a distinct extended attribute that is available over a glusterfs fuse mount. By implementing this vfs function users of a glusterfs fuse mount achieve a much better performance in create based workloads where samba then can avoid trying multiple case folding options to detect the real filename. Patch is based on an initial patch provided by Poornima G BUG: https://bugzilla.samba.org/show_bug.cgi?id=13774 Guenther Signed-off-by: Günther Deschner Reviewed-by: Ralph Boehme Autobuild-User(master): Günther Deschner Autobuild-Date(master): Tue Jan 22 18:37:56 CET 2019 on sn-devel-144 (cherry picked from commit adffe0dcf002aa4721dc7897261895e3486d5271) commit 103600771227e074b46038f1bbb5a345c786d0b9 Author: Stefan Metzmacher Date: Thu Jan 17 23:50:45 2019 +0100 selftest:Samba4: use 'smbcontrol samba shutdown' BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752 Signed-off-by: Stefan Metzmacher Reviewed-by: Björn Baumbach Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Wed Jan 30 01:51:48 CET 2019 on sn-devel-144 (cherry picked from commit d03991f569b54ae0a11911b622107fbae701715d) commit 37b9360c714f1913e5107a5882d551bc35a20b24 Author: Stefan Metzmacher Date: Thu Jan 17 16:27:10 2019 +0100 s4:server: add support for 'smbcontrol samba shutdown' BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752 Signed-off-by: Stefan Metzmacher Reviewed-by: Björn Baumbach (cherry picked from commit 832776c0fcf7cc658c128765514755c2d15b06a6) commit 676a2fcfdf043cee82a47c8b340671c351e5e75c Author: Stefan Metzmacher Date: Mon Jan 28 16:29:51 2019 +0100 s4:server: avoid using pid=0 for the parent 'samba' process It confuses the 'samba-tool processes' output and log messages. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752 Signed-off-by: Stefan Metzmacher Reviewed-by: Björn Baumbach (cherry picked from commit 5bd7a8e5685caa09067745b108ef7e53e3108e97) commit 121348d4a560e925d1355a1cf4a9db39b25b2d9d Author: Stefan Metzmacher Date: Tue Jan 15 01:39:06 2019 +0100 s4:messaging: add support 'smbcontrol debug/debuglevel' BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752 Signed-off-by: Stefan Metzmacher Reviewed-by: Björn Baumbach (cherry picked from commit 3a0c1da432c53de234b54bac90a3fb84534994eb) commit 39abec8db3485ac603565fedf6a4d11bf2eb276b Author: Stefan Metzmacher Date: Thu Jan 17 16:29:37 2019 +0100 manpages/samba.7.xml:
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via 9b21b518d72 s3-vfs: Use ENOATTR in errno comparison for getxattr via 676b43893d7 s3-vfs: add glusterfs_fuse vfs module. via d94e82305e6 selftest:Samba4: use 'smbcontrol samba shutdown' via aced074c363 s4:server: add support for 'smbcontrol samba shutdown' via e896ca8f9c5 s4:server: avoid using pid=0 for the parent 'samba' process via 562ceb1f43d s4:messaging: add support 'smbcontrol debug/debuglevel' via f6ebd9d2a9e manpages/samba.7.xml: smbcontrol can also work with 'samba' via 56b401ebd38 join: Throw CommandError instead of Exception for simple errors via e51de1d48a4 join: Fix TypeError when handling exception via 3477e19d742 vfs_glusterfs: Adapt to changes in libgfapi signatures via 6ddc44fbb7a vfs_fileid: fix fsname_norootdir algorithm from d1428435b52 ctdb: Print locks latency in machinereadable stats https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit 9b21b518d7264cb1e1fddfeea440fb70d0bc8e50 Author: Anoop C S Date: Wed Jan 23 15:40:43 2019 +0530 s3-vfs: Use ENOATTR in errno comparison for getxattr * ENODATA is not defined in FreeBSD * ENOATTR is defined to be a synonym for ENODATA in Linux * In its absence Samba already defines ENOATTR to either ENODATA or ENOENT Thus it is safe and correct to compare with ENOATTR rather than ENODATA. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13774 Signed-off-by: Anoop C S Reviewed-by: Uri Simchoni Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Wed Jan 23 21:59:10 CET 2019 on sn-devel-144 (cherry picked from commit c99402724a65f4e1f8ed4dcd236a43e0603bef0a) Autobuild-User(v4-9-test): Karolin Seeger Autobuild-Date(v4-9-test): Tue Feb 5 19:13:57 CET 2019 on sn-devel-144 commit 676b43893d7a5ff1f935e1db633878bc7cc6bfb6 Author: Günther Deschner Date: Thu Jan 17 15:21:07 2019 +0100 s3-vfs: add glusterfs_fuse vfs module. This module only implements the get_real_filename function by accessing a distinct extended attribute that is available over a glusterfs fuse mount. By implementing this vfs function users of a glusterfs fuse mount achieve a much better performance in create based workloads where samba then can avoid trying multiple case folding options to detect the real filename. Patch is based on an initial patch provided by Poornima G BUG: https://bugzilla.samba.org/show_bug.cgi?id=13774 Guenther Signed-off-by: Günther Deschner Reviewed-by: Ralph Boehme Autobuild-User(master): Günther Deschner Autobuild-Date(master): Tue Jan 22 18:37:56 CET 2019 on sn-devel-144 (cherry picked from commit adffe0dcf002aa4721dc7897261895e3486d5271) commit d94e82305e63615edcceee1095a8442012fb12ae Author: Stefan Metzmacher Date: Thu Jan 17 23:50:45 2019 +0100 selftest:Samba4: use 'smbcontrol samba shutdown' BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752 Signed-off-by: Stefan Metzmacher Reviewed-by: Björn Baumbach Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Wed Jan 30 01:51:48 CET 2019 on sn-devel-144 (cherry picked from commit d03991f569b54ae0a11911b622107fbae701715d) commit aced074c3635408962d52d8d488d4bee759b24b5 Author: Stefan Metzmacher Date: Thu Jan 17 16:27:10 2019 +0100 s4:server: add support for 'smbcontrol samba shutdown' BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752 Signed-off-by: Stefan Metzmacher Reviewed-by: Björn Baumbach (cherry picked from commit 832776c0fcf7cc658c128765514755c2d15b06a6) commit e896ca8f9c5d6f8f0500944dc8ceea9a8dcdabb5 Author: Stefan Metzmacher Date: Mon Jan 28 16:29:51 2019 +0100 s4:server: avoid using pid=0 for the parent 'samba' process It confuses the 'samba-tool processes' output and log messages. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752 Signed-off-by: Stefan Metzmacher Reviewed-by: Björn Baumbach (cherry picked from commit 5bd7a8e5685caa09067745b108ef7e53e3108e97) commit 562ceb1f43da0e7fd640bb7a8d5eb65a92ea2e89 Author: Stefan Metzmacher Date: Tue Jan 15 01:39:06 2019 +0100 s4:messaging: add support 'smbcontrol debug/debuglevel' BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752 Signed-off-by: Stefan Metzmacher Reviewed-by: Björn Baumbach (cherry picked from commit 3a0c1da432c53de234b54bac90a3fb84534994eb) commit f6ebd9d2a9eb135c51cbea5909f54b61196ecef4 Author: Stefan Metzmacher Date: Thu Jan 17 16:29:37 2019 +0100
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via a4466ec4282 ctdb: Print locks latency in machinereadable stats via 16b1971ea0a WHATSNEW: Update for Bug 13676 changes in Samba 4.10 via 26cd687f14d netcmd: Try to improve domain backup error message via f088f070b4c tests: Run ntacls_backup tests against testenv with SMBv1 disabled via 7399fe07fea selftest: Give the backup testenvs a 'test1' share via 349cfec01df tests: Run GPO commands against testenv with SMBv1 disabled via e682347bc18 ntacls: Pass correct use_ntvfs through to setntacl() via 6158ca6e299 tests: Run samba_tool.gpo tests against backup testenvs via 9d9b00566c1 s4:pysmb: Add error log that the s4 bindings are deprecated via c4323c00ec5 netcmd: Change GPO commands to use s3 SMB Py bindings via c9fdea2e361 s3:pylibsmb: Add FILE_READ_ATTRIBUTES access to .loadfile() API via b47e42e0400 netcmd: Change SMB flags from s4 Py bindings to s3 via 3ed03bd24eb s3:pylibsmb: Add .set_acl API to SMB py bindings via f43abe39d56 python/gpclass: Convert gpclass to use s3 SMB Python bindings via 529b29203d4 s3:libsmb: Honor disable_netbios option in smbsock_connect_send from 248c234e06b VERSION: Bump version up to 4.10.0rc2... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit a4466ec428265be9b31cec0820ce44c6c9bbc61e Author: Volker Lendecke Date: Mon Jan 14 15:04:59 2019 +0100 ctdb: Print locks latency in machinereadable stats Bug: https://bugzilla.samba.org/show_bug.cgi?id=13742 Signed-off-by: Volker Lendecke Reviewed-by: Martin Schwenke Autobuild-User(master): Volker Lendecke Autobuild-Date(master): Wed Jan 16 05:34:17 CET 2019 on sn-devel-144 (cherry picked from commit 193a0d6f01372604b925d1972591062a0bb2400f) Autobuild-User(v4-10-test): Karolin Seeger Autobuild-Date(v4-10-test): Mon Feb 4 13:09:49 CET 2019 on sn-devel-144 commit 16b1971ea0ae76d0738f1dae9997b58af1bd5eac Author: Tim Beale Date: Tue Jan 22 11:08:13 2019 +1300 WHATSNEW: Update for Bug 13676 changes in Samba 4.10 Although it's unlikely that users will be using the 'smb' Python bindings, it's probably worth noting in the release notes that these bindings will be deprecated in future releases. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Tim Beale Reviewed-by: Jeremy Allison commit 26cd687f14d70676c41e038b98551944ebd95356 Author: Tim Beale Date: Thu Jan 17 09:41:21 2019 +1300 netcmd: Try to improve domain backup error message I ran this command as non-root by mistake and didn't find the error message particularly helpful. Tweak the error message so it reminds the user that they should be root. Also display the path we're looking for the sam.ldb file in, to give them more clues. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Tim Beale Reviewed-by: Noel Power Autobuild-User(master): Noel Power Autobuild-Date(master): Mon Jan 21 16:34:06 CET 2019 on sn-devel-144 (cherry picked from commit 10e54a095f005c0988a7e5e8a35cea6200197854) commit f088f070b4cb5a18fdb6f819c5857ef325f53033 Author: Tim Beale Date: Wed Jan 16 10:02:07 2019 +1300 tests: Run ntacls_backup tests against testenv with SMBv1 disabled Just to prove that the NTACL backup works over SMBv2. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Tim Beale Reviewed-by: Jeremy Allison (cherry picked from commit 7fb93eaca74ffe17bbe7255210dd3090afe8d5dc) commit 7399fe07feadfe7adf76c650a511fb7948554d18 Author: Tim Beale Date: Thu Dec 13 16:29:33 2018 +1300 selftest: Give the backup testenvs a 'test1' share The ntacls_backup tests use the test1 share, and we want to run them against the restoredc (which has SMBv1 disabled). The xattr.tdb file is needed for the backend_obj.wrap_getxattr() call (in ntacls.py) to work. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Tim Beale Reviewed-by: Jeremy Allison (cherry picked from commit a310de2db13c02a602e74139cb47ea9a25628e01) commit 349cfec01df89f0591b04a5f39a9876b73d217d9 Author: Tim Beale Date: Tue Jan 15 17:12:20 2019 +1300 tests: Run GPO commands against testenv with SMBv1 disabled Just to prove that they work across SMBv2. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676 Signed-off-by: Tim Beale Reviewed-by: Jeremy Allison (cherry picked from commit da33c2c4e4849f0985b08fbdc58cbd59b8426ec6) commit e682347bc1863a800373703f33866ea9c1f11626 Author: Tim Beale Date: Tue Jan 15 14:09:15 2019 +1300 ntacls: Pass c
[SCM] Samba Shared Repository - branch v4-8-test updated
The branch, v4-8-test has been updated via c56beb9a1fd vfs_fileid: fix get_connectpath_ino via df175f06f9f s3:libsmb: cli_smb2_list() can sometimes fail initially on a connection via bb76511f413 libcli: Add error log if insufficient SMB2 credits via b7134e36f8d s3: libsmb: use smb2cli_conn_max_trans_size() in cli_smb2_list() via 8932a4a161f s3: lib: nmbname: Ensure we limit the NetBIOS name correctly. CID: 1433607 from 129423d3657 s3-vfs-fruit: add close call https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test - Log - commit c56beb9a1fd18146093b49965938388597425999 Author: Ralph Wuerthner Date: Thu Jan 10 14:28:14 2019 +0100 vfs_fileid: fix get_connectpath_ino Bug: https://bugzilla.samba.org/show_bug.cgi?id=13741 Signed-off-by: Ralph Wuerthner Reviewed-by: Volker Lendecke Reviewed-by: Jeremy Allison Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Tue Jan 15 04:13:15 CET 2019 on sn-devel-144 (cherry picked from commit 12398a2d1ddcd326e02e5d8b0749e0e796145165) Autobuild-User(v4-8-test): Karolin Seeger Autobuild-Date(v4-8-test): Fri Feb 1 17:06:06 CET 2019 on sn-devel-144 commit df175f06f9fb63a04ae7635d6d0cbcbfe8ef2ceb Author: Tim Beale Date: Mon Jan 7 15:28:12 2019 +1300 s3:libsmb: cli_smb2_list() can sometimes fail initially on a connection cli_smb2_list() appears to be a slightly unique SMB operation in that it specifies the max transaction size for the response buffer size. The Python bindings highlighted a problem where if cli_smb2_list() were one of the first operations performed on the SMBv2 connection, it would fail due to insufficient credits. Because the response buffer size is (potentially) so much larger, it requires more credits (128) compared with other SMB operations. When talking to a samba DC, the connection credits seem to start off at 1, then increase by 32 for every SMB reply we receive back from the server. After cli_full_connection(), the connection has 65 credits. The cli_smb2_create_fnum() in cli_smb2_list() adds another 32 credits, but this is still less than the 128 that smb2cli_query_directory() requires. This problem doesn't happen for smbclient because the cli_cm_open() API it uses ends up sending more messages, and so the connection has more credits. This patch changes cli_smb2_list(), so it requests a smaller response buffer size if it doesn't have enough credits available for the max transaction size. smb2cli_query_directory() is already in a loop, so it can span multiple SMB messages if for some reason the transaction size isn't big enough for the listings. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13736 Signed-off-by: Tim Beale Reviewed-by: Stefan Metzmacher Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Thu Jan 10 02:40:16 CET 2019 on sn-devel-144 (cherry picked from commit fd355dff906f5f4832901bce76544f1a4e50c33d) commit bb76511f41355b7d3a8a20b69d86eaeb89ebe0e5 Author: Tim Beale Date: Mon Jan 7 12:06:15 2019 +1300 libcli: Add error log if insufficient SMB2 credits Although it's unusual to hit this case, I was seeing it happen while working on the SMB python bindings. Even with debug level 10, there was nothing coming out to help pin down the source of the NT_STATUS_INTERNAL_ERROR. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13736 Signed-off-by: Tim Beale Reviewed-by: Stefan Metzmacher (cherry picked from commit bf229de7926f12e329cdb3201f68f20ae776fe32) commit b7134e36f8d0d2bf9941aad52a0e995c8436117b Author: Ralph Boehme Date: Tue Mar 20 15:27:44 2018 +0100 s3: libsmb: use smb2cli_conn_max_trans_size() in cli_smb2_list() BUG: https://bugzilla.samba.org/show_bug.cgi?id=13736 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher (cherry picked from commit 580ff206431969dc2924d520053b956b7169ca07) commit 8932a4a161f2647057e1fe815562354e0a12ccbd Author: Jeremy Allison Date: Mon Nov 12 11:37:31 2018 -0800 s3: lib: nmbname: Ensure we limit the NetBIOS name correctly. CID: 1433607 Firstly, make the exit condition from the loop explicit (we must never write into byte n, where n >= sizeof(name->name). Secondly ensure exiting from the loop that n==MAX_NETBIOSNAME_LEN, as this is the sign of a correct NetBIOS name encoding (RFC1002) in order to properly read the NetBIOS name type (which is always encoded in byte 16 == name->name[15]). BUG: https://bugzilla.samba.org/show_bug.cgi?id=11495 Signed-off-by: Jeremy Allison Reviewed-by: David Disseldorp Autobuild-User(master): David Disseldorp
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via d1428435b52 ctdb: Print locks latency in machinereadable stats via bb3e0c5c829 vfs_fileid: fix get_connectpath_ino via 4588c1c704a lib/audit_logging: actually create talloc via 3b19257a7d3 s3:libsmb: cli_smb2_list() can sometimes fail initially on a connection via 5cbce550a76 libcli: Add error log if insufficient SMB2 credits via 833505239e3 s3: libsmb: use smb2cli_conn_max_trans_size() in cli_smb2_list() via 0493165a22b s3:libsmb: Honor disable_netbios option in smbsock_connect_send via 8e2514a1b1c s3:utils:net: Print debug message about Netbios via c824d35f36c s3:smbpasswd: Print debug message about Netbios via fc3f516a41d s3:libsmb: Print debug message about Netbios via f13c5a9c1fd s3:libsmb: Check disable_netbios in socket connect via 3145dae212c audit_logging: Remove debug log header and JSON Authentication: prefix via 2cebe0b84f5 json: Modify API to use return codes from 76bcdecae23 ldb: Bump ldb version to 1.4.4 https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit d1428435b528f8c6e3b8a38a2160f551aea5f33c Author: Volker Lendecke Date: Mon Jan 14 15:04:59 2019 +0100 ctdb: Print locks latency in machinereadable stats Bug: https://bugzilla.samba.org/show_bug.cgi?id=13742 Signed-off-by: Volker Lendecke Reviewed-by: Martin Schwenke Autobuild-User(master): Volker Lendecke Autobuild-Date(master): Wed Jan 16 05:34:17 CET 2019 on sn-devel-144 (cherry picked from commit 193a0d6f01372604b925d1972591062a0bb2400f) Autobuild-User(v4-9-test): Karolin Seeger Autobuild-Date(v4-9-test): Fri Feb 1 15:18:15 CET 2019 on sn-devel-144 commit bb3e0c5c8290575331b636720dbc59d7cf90c65c Author: Ralph Wuerthner Date: Thu Jan 10 14:28:14 2019 +0100 vfs_fileid: fix get_connectpath_ino Bug: https://bugzilla.samba.org/show_bug.cgi?id=13741 Signed-off-by: Ralph Wuerthner Reviewed-by: Volker Lendecke Reviewed-by: Jeremy Allison Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Tue Jan 15 04:13:15 CET 2019 on sn-devel-144 (cherry picked from commit 12398a2d1ddcd326e02e5d8b0749e0e796145165) commit 4588c1c704ae29f924c2c0d45aa55c1e0afc0055 Author: Philipp Gesang Date: Tue Dec 18 16:09:19 2018 +0100 lib/audit_logging: actually create talloc Heal damage of 79f494e51e.. That context is being passed around and freed but is never actually allocated on that stack. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13737 Signed-off-by: Philipp Gesang Reviewed-by: Gary Lockyer Reviewed-by: Jeremy Allison (cherry picked from commit 5c928d7cd1d0ac994fe95892eec235b939ad2ec9) commit 3b19257a7d31e525c2246c6c8c158d86cccb99a5 Author: Tim Beale Date: Mon Jan 7 15:28:12 2019 +1300 s3:libsmb: cli_smb2_list() can sometimes fail initially on a connection cli_smb2_list() appears to be a slightly unique SMB operation in that it specifies the max transaction size for the response buffer size. The Python bindings highlighted a problem where if cli_smb2_list() were one of the first operations performed on the SMBv2 connection, it would fail due to insufficient credits. Because the response buffer size is (potentially) so much larger, it requires more credits (128) compared with other SMB operations. When talking to a samba DC, the connection credits seem to start off at 1, then increase by 32 for every SMB reply we receive back from the server. After cli_full_connection(), the connection has 65 credits. The cli_smb2_create_fnum() in cli_smb2_list() adds another 32 credits, but this is still less than the 128 that smb2cli_query_directory() requires. This problem doesn't happen for smbclient because the cli_cm_open() API it uses ends up sending more messages, and so the connection has more credits. This patch changes cli_smb2_list(), so it requests a smaller response buffer size if it doesn't have enough credits available for the max transaction size. smb2cli_query_directory() is already in a loop, so it can span multiple SMB messages if for some reason the transaction size isn't big enough for the listings. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13736 Signed-off-by: Tim Beale Reviewed-by: Stefan Metzmacher Autobuild-User(master): Stefan Metzmacher Autobuild-Date(master): Thu Jan 10 02:40:16 CET 2019 on sn-devel-144 (cherry picked from commit fd355dff906f5f4832901bce76544f1a4e50c33d) commit 5cbce550a7683ad8d62ab0029e283ede5650a3d2 Author: Tim Beale Date: Mon Jan 7 12:06:15 2019 +1300 libcli: Add error log if insufficie
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via 76bcdecae23 ldb: Bump ldb version to 1.4.4 via 8738db2afad lib/ldb: Use new PYARG_ES format for parseTuple via 869ae9a17b2 lib/ldb/tests/python: Add test to pass utf8 encoded bytes to ldb.Dn via 043e6e8b7d4 s4/libnet: use 'et' as format for ParseTuple with python2 via d253c470ae4 python: Add new compat PYARG_STR_UNI format via 38c459223d2 s3: lib: nmbname: Ensure we limit the NetBIOS name correctly. CID: 1433607 from 0a3a26179f8 s3: net: Do not set NET_FLAGS_ANONYMOUS with -k https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit 76bcdecae236277f1510601aa35c207850c4e91e Author: Noel Power Date: Mon Jan 14 10:38:10 2019 + ldb: Bump ldb version to 1.4.4 Python: Ensure ldb.Dn can doesn't rencoded str with py2 (bug 13616) BUG: https://bugzilla.samba.org/show_bug.cgi?id=13616 Signed-off-by: Noel Power Autobuild-User(v4-9-test): Karolin Seeger Autobuild-Date(v4-9-test): Mon Jan 21 12:55:04 CET 2019 on sn-devel-144 commit 8738db2afadc449db26a79ccb6a6112fdbcac005 Author: Noel Power Date: Mon Nov 12 16:06:10 2018 + lib/ldb: Use new PYARG_ES format for parseTuple While 'es' format works great for unicode (in python2) and str (in python3) The behaviour with str (in python2) is unexpected. In python2 the str type is (re-encoded) with the specified encoding. In python2 the 'et' type would be a better match, that ensures 'str' type is treated like it was with 's' (no reencoding) and unicode is encoded with the specified encoding. However in python3 'et' allows byte (or bytearray) params to be accepted (with no reencoding), we don't want this. This patch adds a new PYARG_STR_UNI format code which is a hybrid, in python2 it evaluates to 'et' and in python3 'es' and so gives the desired behaviour for each python version. Additionally remove the associated known fail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13616 Signed-off-by: Noel Power Reviewed-by: Douglas Bagnall Autobuild-User(master): Douglas Bagnall Autobuild-Date(master): Sun Jan 13 03:53:00 CET 2019 on sn-devel-144 (cherry picked from commit 8900e0b4cb05613df9cbeeb8b8253273b06b3c17) commit 869ae9a17b2fb502714d68c73e95bd066d290a3d Author: Noel Power Date: Thu Jan 17 10:05:04 2019 + lib/ldb/tests/python: Add test to pass utf8 encoded bytes to ldb.Dn This test should demonstrate an error with the 'es' format in python where a 'str' byte-string is passed (containing utf8 encoded bytes) with some characters that cannot be decoded as ascii. The same code if run in python3 should generate an error (needs string not bytes) Also Add knownfail for ldb.Dn passed utf8 encoded byte string BUG: https://bugzilla.samba.org/show_bug.cgi?id=13616 Signed-off-by: Noel Power Reviewed-by: Douglas Bagnall (cherry picked from commit f8758b3b1f98476469501dd45a7c898950294e05) commit 043e6e8b7d4a87253b01e0c37e4a17d358cc7b1e Author: Noel Power Date: Tue Dec 11 15:58:44 2018 + s4/libnet: use 'et' as format for ParseTuple with python2 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13616 Signed-off-by: Noel Power Reviewed-by: Douglas Bagnall (cherry picked from commit b6c8ef5fb70c65c04c8269ff95e661e219968767) commit d253c470ae410436a5fbde817cb66cea92c1243c Author: Noel Power Date: Tue Dec 11 15:18:10 2018 + python: Add new compat PYARG_STR_UNI format In python2 PYARG_STR_UNI evaluates to et which allows str type (e.g bytes) pass through unencoded and accepts unicode objects encoded as utf8 In python3 PYARG_STR_UNI evaluates to es which allows str type encoded as named/specified encoding BUG: https://bugzilla.samba.org/show_bug.cgi?id=13616 Signed-off-by: Noel Power Reviewed-by: Douglas Bagnall (cherry picked from commit 253af8b85450c2830a442084e98734ca338c1b2f) commit 38c459223d217bf8be6858bfc7066c9c9d3adbdd Author: Jeremy Allison Date: Mon Nov 12 11:37:31 2018 -0800 s3: lib: nmbname: Ensure we limit the NetBIOS name correctly. CID: 1433607 Firstly, make the exit condition from the loop explicit (we must never write into byte n, where n >= sizeof(name->name). Secondly ensure exiting from the loop that n==MAX_NETBIOSNAME_LEN, as this is the sign of a correct NetBIOS name encoding (RFC1002) in order to properly read the NetBIOS name type (which is always encoded in byte 16 == name->name[15]). BUG: https://bugzilla.samba.org/show_bug.cgi?id=11495 Signed-off-by: Jeremy Allison Reviewed-by: Da
[SCM] Samba Shared Repository - branch v4-10-stable updated
The branch, v4-10-stable has been updated via 1c9e1bcda1c VERSION: Bump version up to 4.10.0rc1... via 86253ce3845 WHATSNEW: Add release note for Samba 4.10.0rc1. via 340cb9ca97b ldb: version 1.5.2 via 1c73f38633c tevent: version 0.9.38 via b915626087c talloc: version 2.1.15 via 33de2f0727e Merge remote-tracking branch 'origin/v4-10-test' into HEAD via 08f27a00832 Revert "WHATSNEW: Add release note for Samba 4.10.0rc1." via a4e37680d35 Revert "VERSION: Bump version up to 4.10.0rc1..." via 118b492d3ec Revert "VERSION: Bump version up to 4.10.0rc2..." via f2d8308c22c addns: Async ads_dns_lookup_ns via 75106e05b42 VERSION: Bump version up to 4.10.0rc2... via 9537e5d2a14 VERSION: Bump version up to 4.10.0rc1... via 3f4bd61b840 WHATSNEW: Add release note for Samba 4.10.0rc1. via 4b4ae005b20 addns: Async ads_dns_lookup_srv via 9563fcf6ffa samba_dnsupdate: With dns_hub, we don't need resolv_wrap via 99b775336b7 selftest: Use dns_hub's resolv.conf via 5f02a6af948 selftest: Add dns_hub deps via 62584f3d081 selftest: setup_dns_hub via 61e64791294 selftest: add central dns forwarder via a8191f88ca8 libcli/dns: Add dns_res_rec_get_sockaddr via dbbce1a4545 libcli/dns: clidns must depend on ndr_standard, not on NDR_DNS via 237c06aad81 libcli/dns: Make "clidns" a library via b7418203eeb dns_lookup: Let make test override the resolv.conf location via 5f393deb309 libcli/dns: Add dns_lookup via e9e4aeafc0c libcli/dns: Add resolv.conf parsing via ff2dbe24b80 dns_update: samba_dnsupdate's exit code is not an errno via a7e28a7eb56 addns: Centralize siteless lookup fallback from 12398a2d1dd vfs_fileid: fix get_connectpath_ino https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-stable - Log - --- Summary of changes: VERSION| 6 +- WHATSNEW.txt | 2 +- lib/addns/dnsquery.c | 906 +++-- lib/addns/dnsquery.h | 16 + lib/addns/wscript_build| 2 +- lib/ldb/ABI/{ldb-1.5.1.sigs => ldb-1.5.2.sigs} | 0 ...yldb-util-1.1.10.sigs => pyldb-util-1.5.2.sigs} | 0 ...-util-1.1.10.sigs => pyldb-util.py3-1.5.2.sigs} | 0 lib/ldb/wscript| 2 +- ...-util-2.1.10.sigs => pytalloc-util-2.1.15.sigs} | 0 ...3-2.1.10.sigs => pytalloc-util.py3-2.1.15.sigs} | 0 .../ABI/{talloc-2.1.10.sigs => talloc-2.1.15.sigs} | 0 lib/talloc/wscript | 2 +- .../ABI/{tevent-0.9.37.sigs => tevent-0.9.38.sigs} | 0 lib/tevent/wscript | 2 +- libcli/dns/dns_lookup.c| 374 + libcli/dns/dns_lookup.h| 48 ++ libcli/dns/{dns.h => dns_lookuptest.c} | 75 +- libcli/dns/resolvconf.c| 123 +++ .../libads/krb5_errs.h => libcli/dns/resolvconf.h | 25 +- libcli/dns/resolvconftest.c| 82 ++ libcli/dns/wscript_build | 21 +- .../samba/tests/dns_forwarder_helpers/dns_hub.py | 156 selftest/target/Samba.pm | 2 + selftest/target/Samba3.pm | 4 + selftest/target/Samba4.pm | 159 +++- .../{test_pthreadpool.sh => test_resolvconf.sh}| 8 +- source3/selftest/tests.py | 4 + source4/dsdb/dns/dns_update.c | 4 +- source4/scripting/bin/samba_dnsupdate | 37 +- 30 files changed, 1331 insertions(+), 729 deletions(-) copy lib/ldb/ABI/{ldb-1.5.1.sigs => ldb-1.5.2.sigs} (100%) copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util-1.5.2.sigs} (100%) copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util.py3-1.5.2.sigs} (100%) copy lib/talloc/ABI/{pytalloc-util-2.1.10.sigs => pytalloc-util-2.1.15.sigs} (100%) copy lib/talloc/ABI/{pytalloc-util.py3-2.1.10.sigs => pytalloc-util.py3-2.1.15.sigs} (100%) copy lib/talloc/ABI/{talloc-2.1.10.sigs => talloc-2.1.15.sigs} (100%) copy lib/tevent/ABI/{tevent-0.9.37.sigs => tevent-0.9.38.sigs} (100%) create mode 100644 libcli/dns/dns_lookup.c create mode 100644 libcli/dns/dns_lookup.h copy libcli/dns/{dns.h => dns_lookuptest.c} (52%) create mode 100644 libcli/dns/resolvconf.c copy source3/libads/krb5_errs.h => libcli/dns/resolvconf.h (63%) create mode 100644 libcli/dns/resolvconftest.c create mode 100755 python/samba/tests/dns_forwarder_helpers/dns_hub.py copy source3/script/tests/{test_pthreadpool.sh => test_resolvconf.sh} (54%) Changeset truncated at 500 lines: d
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 2b89598 NEWS[4.10.0rc1]: Samba 4.10.0rc1 Available for Download from ead19cc Remove additional headline. https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 2b89598d56cd36fbf5d222b37a7346b3d0d61f90 Author: Karolin Seeger Date: Tue Jan 15 11:54:04 2019 +0100 NEWS[4.10.0rc1]: Samba 4.10.0rc1 Available for Download Signed-off-by: Karolin Seeger --- Summary of changes: posted_news/20190115-105601.4.10.0rc1.body.html | 12 posted_news/20190115-105601.4.10.0rc1.headline.html | 3 +++ 2 files changed, 15 insertions(+) create mode 100644 posted_news/20190115-105601.4.10.0rc1.body.html create mode 100644 posted_news/20190115-105601.4.10.0rc1.headline.html Changeset truncated at 500 lines: diff --git a/posted_news/20190115-105601.4.10.0rc1.body.html b/posted_news/20190115-105601.4.10.0rc1.body.html new file mode 100644 index 000..ad84013 --- /dev/null +++ b/posted_news/20190115-105601.4.10.0rc1.body.html @@ -0,0 +1,12 @@ + +15 January 2019 +Samba 4.10.0rc1 Available for Download + +This is the first release candidate of the upcoming Samba 4.10 release series. + + +The uncompressed tarball has been signed using GnuPG (ID 6F33915B6568B7EA). +The source code can be https://download.samba.org/pub/samba/rc/samba-4.10.0rc1.tar.gz";>downloaded now. +See https://download.samba.org/pub/samba/rc/samba-4.10.0rc1.WHATSNEW.txt";>the release notes for more info. + + diff --git a/posted_news/20190115-105601.4.10.0rc1.headline.html b/posted_news/20190115-105601.4.10.0rc1.headline.html new file mode 100644 index 000..fdbbc37 --- /dev/null +++ b/posted_news/20190115-105601.4.10.0rc1.headline.html @@ -0,0 +1,3 @@ + + 15 January 2019 Samba 4.10.0rc1 Available for Download + -- Samba Website Repository
[SCM] Samba Shared Repository - annotated tag samba-4.10.0rc1 created
The annotated tag, samba-4.10.0rc1 has been created at 65344e4eae35415746be7391071236ed3901504a (tag) tagging 1c9e1bcda1c365df9b33c4ea984d48728615e353 (commit) replaces ldb-1.5.2 tagged by Karolin Seeger on Tue Jan 15 11:53:50 2019 +0100 - Log - samba: tag release samba-4.10.0rc1 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXD27vgAKCRBvM5FbZWi3 6mdqAKC+wIayfWcW6I1+afyjgzpEyQYIIwCffU3JTLpKMdQnM3GilKDVAvodpUk= =6laG -END PGP SIGNATURE- Karolin Seeger (2): WHATSNEW: Add release note for Samba 4.10.0rc1. VERSION: Bump version up to 4.10.0rc1... --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via 248c234e06b VERSION: Bump version up to 4.10.0rc2... via 1c9e1bcda1c VERSION: Bump version up to 4.10.0rc1... via 86253ce3845 WHATSNEW: Add release note for Samba 4.10.0rc1. via 340cb9ca97b ldb: version 1.5.2 via 1c73f38633c tevent: version 0.9.38 via b915626087c talloc: version 2.1.15 via 33de2f0727e Merge remote-tracking branch 'origin/v4-10-test' into HEAD via f2d8308c22c addns: Async ads_dns_lookup_ns via 4b4ae005b20 addns: Async ads_dns_lookup_srv via 9563fcf6ffa samba_dnsupdate: With dns_hub, we don't need resolv_wrap via 99b775336b7 selftest: Use dns_hub's resolv.conf via 5f02a6af948 selftest: Add dns_hub deps via 62584f3d081 selftest: setup_dns_hub via 61e64791294 selftest: add central dns forwarder via a8191f88ca8 libcli/dns: Add dns_res_rec_get_sockaddr via dbbce1a4545 libcli/dns: clidns must depend on ndr_standard, not on NDR_DNS via 237c06aad81 libcli/dns: Make "clidns" a library via b7418203eeb dns_lookup: Let make test override the resolv.conf location via 5f393deb309 libcli/dns: Add dns_lookup via e9e4aeafc0c libcli/dns: Add resolv.conf parsing via ff2dbe24b80 dns_update: samba_dnsupdate's exit code is not an errno via a7e28a7eb56 addns: Centralize siteless lookup fallback from 08f27a00832 Revert "WHATSNEW: Add release note for Samba 4.10.0rc1." https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit 248c234e06bf09a7f6ca3f6cafbac47baea7b302 Author: Karolin Seeger Date: Tue Jan 15 11:02:10 2019 +0100 VERSION: Bump version up to 4.10.0rc2... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger Reviewed-by: Stefan Metzmacher (replaces commit 75106e05b42e5d4629aacfa941213745d9d6e819) --- Summary of changes: VERSION| 4 +- WHATSNEW.txt | 2 +- lib/addns/dnsquery.c | 906 +++-- lib/addns/dnsquery.h | 16 + lib/addns/wscript_build| 2 +- lib/ldb/ABI/{ldb-1.5.1.sigs => ldb-1.5.2.sigs} | 0 ...yldb-util-1.1.10.sigs => pyldb-util-1.5.2.sigs} | 0 ...-util-1.1.10.sigs => pyldb-util.py3-1.5.2.sigs} | 0 lib/ldb/wscript| 2 +- ...-util-2.1.10.sigs => pytalloc-util-2.1.15.sigs} | 0 ...3-2.1.10.sigs => pytalloc-util.py3-2.1.15.sigs} | 0 .../ABI/{talloc-2.1.10.sigs => talloc-2.1.15.sigs} | 0 lib/talloc/wscript | 2 +- .../ABI/{tevent-0.9.37.sigs => tevent-0.9.38.sigs} | 0 lib/tevent/wscript | 2 +- libcli/dns/dns_lookup.c| 374 + libcli/dns/dns_lookup.h| 48 ++ libcli/dns/{dns.h => dns_lookuptest.c} | 75 +- libcli/dns/resolvconf.c| 123 +++ .../libads/krb5_errs.h => libcli/dns/resolvconf.h | 25 +- libcli/dns/resolvconftest.c| 82 ++ libcli/dns/wscript_build | 21 +- .../samba/tests/dns_forwarder_helpers/dns_hub.py | 156 selftest/target/Samba.pm | 2 + selftest/target/Samba3.pm | 4 + selftest/target/Samba4.pm | 159 +++- .../{test_pthreadpool.sh => test_resolvconf.sh}| 8 +- source3/selftest/tests.py | 4 + source4/dsdb/dns/dns_update.c | 4 +- source4/scripting/bin/samba_dnsupdate | 37 +- 30 files changed, 1330 insertions(+), 728 deletions(-) copy lib/ldb/ABI/{ldb-1.5.1.sigs => ldb-1.5.2.sigs} (100%) copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util-1.5.2.sigs} (100%) copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util.py3-1.5.2.sigs} (100%) copy lib/talloc/ABI/{pytalloc-util-2.1.10.sigs => pytalloc-util-2.1.15.sigs} (100%) copy lib/talloc/ABI/{pytalloc-util.py3-2.1.10.sigs => pytalloc-util.py3-2.1.15.sigs} (100%) copy lib/talloc/ABI/{talloc-2.1.10.sigs => talloc-2.1.15.sigs} (100%) copy lib/tevent/ABI/{tevent-0.9.37.sigs => tevent-0.9.38.sigs} (100%) create mode 100644 libcli/dns/dns_lookup.c create mode 100644 libcli/dns/dns_lookup.h copy libcli/dns/{dns.h => dns_lookuptest.c} (52%) create mode 100644 libcli/dns/resolvconf.c copy source3/libads/krb5_errs.h => libcli/dns/resolvconf.h (63%) create mode 100644 libcli/dns/resolvconftest.c create mode 100755 python/samba/tests/dns_forwarder_helpers/dns_hub.py copy source3/script/t
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via d40ad902aea WHATSNEW: Start release notes for Samba 4.11.0pre1. via de516b958d8 VERSION: Bump version up to 4.11.0pre1 via 1c9e1bcda1c VERSION: Bump version up to 4.10.0rc1... via 86253ce3845 WHATSNEW: Add release note for Samba 4.10.0rc1. via 340cb9ca97b ldb: version 1.5.2 via 1c73f38633c tevent: version 0.9.38 via b915626087c talloc: version 2.1.15 via 33de2f0727e Merge remote-tracking branch 'origin/v4-10-test' into HEAD via 08f27a00832 Revert "WHATSNEW: Add release note for Samba 4.10.0rc1." via a4e37680d35 Revert "VERSION: Bump version up to 4.10.0rc1..." via 118b492d3ec Revert "VERSION: Bump version up to 4.10.0rc2..." via 75106e05b42 VERSION: Bump version up to 4.10.0rc2... via 9537e5d2a14 VERSION: Bump version up to 4.10.0rc1... via 3f4bd61b840 WHATSNEW: Add release note for Samba 4.10.0rc1. from f2d8308c22c addns: Async ads_dns_lookup_ns https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit d40ad902aea3794e145c8ce7b7fd99f72889e96b Author: Karolin Seeger Date: Tue Jan 15 11:40:06 2019 +0100 WHATSNEW: Start release notes for Samba 4.11.0pre1. Signed-off-by: Karolin Seeger Reviewed-by: Stefan Metzmacher commit de516b958d801b11ffe82f41fb60e794b0b65ccb Author: Karolin Seeger Date: Tue Jan 15 11:37:30 2019 +0100 VERSION: Bump version up to 4.11.0pre1 and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger Reviewed-by: Stefan Metzmacher commit 1c9e1bcda1c365df9b33c4ea984d48728615e353 Author: Karolin Seeger Date: Tue Jan 15 11:01:07 2019 +0100 VERSION: Bump version up to 4.10.0rc1... and disable GIT_SNAPSHOT for the release. Signed-off-by: Karolin Seeger Reviewed-by: Stefan Metzmacher (replaces commit 9537e5d2a14a35bcba659d679d2d156de6c678cc) commit 86253ce38455cc6eb8d6a5b5f536a8ced81504e4 Author: Karolin Seeger Date: Tue Jan 15 10:59:52 2019 +0100 WHATSNEW: Add release note for Samba 4.10.0rc1. Signed-off-by: Karolin Seeger Reviewed-by: Stefan Metzmacher (replaces commit 3f4bd61b8408f8d97817023f07de20746ce54f90) commit 340cb9ca97bc2a23f102f80897a8d8f4809f0072 Author: Stefan Metzmacher Date: Mon Jan 14 23:41:49 2019 +0100 ldb: version 1.5.2 * Build fixes * dirsync: Allow arbitrary length cookies (bug #13686) * The build uses python3 by default: * --extra-python would take python2 now * To build with python2 only use: PYTHON=python2 ./configure PYTHON=python2 make PYTHON=python2 make install Signed-off-by: Stefan Metzmacher Reviewed-by: Karolin Seeger commit 1c73f38633ce40bcf19775fbeaf5e3baacdba9ab Author: Stefan Metzmacher Date: Mon Jan 14 23:40:36 2019 +0100 tevent: version 0.9.38 * Deprecate tevent wrapper api again * Build fixes * The build uses python3 by default: * --extra-python would take python2 now * To build with python2 only use: PYTHON=python2 ./configure PYTHON=python2 make PYTHON=python2 make install Signed-off-by: Stefan Metzmacher Reviewed-by: Karolin Seeger commit b915626087c2340c7cd89cd2ecb7a8b20a756c0a Author: Stefan Metzmacher Date: Mon Jan 14 23:40:05 2019 +0100 talloc: version 2.1.15 * Deprecate talloc_set_memlimit() and talloc_autofree_context() * Fix undefined behavior in talloc_memdup * The build uses python3 by default: * --extra-python would take python2 now * To build with python2 only use: PYTHON=python2 ./configure PYTHON=python2 make PYTHON=python2 make install Signed-off-by: Stefan Metzmacher Reviewed-by: Karolin Seeger commit 33de2f0727e939d404781672633c360b5fa81709 Merge: f2d8308c22c 08f27a00832 Author: Stefan Metzmacher Date: Tue Jan 15 11:23:20 2019 +0100 Merge remote-tracking branch 'origin/v4-10-test' into HEAD This is a noop just to get the history of origin/v4-10-test inline with master before the real 4.10.0rc1. Signed-off-by: Stefan Metzmacher --- Summary of changes: VERSION| 2 +- WHATSNEW.txt | 174 + lib/ldb/ABI/{ldb-1.5.1.sigs => ldb-1.5.2.sigs} | 0 ...yldb-util-1.1.10.sigs => pyldb-util-1.5.2.sigs} | 0 ...-util-1.1.10.sigs => pyldb-util.py3-1.5.2.sigs} | 0 lib/ldb/wscript| 2 +- ...-util-2.1.10.sigs => pytalloc-util-2.1.15.sigs} | 0 ...3-2.1.10.sigs => pytalloc-util.py3-2.1.15.sigs} | 0 .../ABI/{talloc-2.1.10.sigs => talloc-2.1.15.sigs} | 0 lib/talloc/wscr
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via 08f27a00832 Revert "WHATSNEW: Add release note for Samba 4.10.0rc1." via a4e37680d35 Revert "VERSION: Bump version up to 4.10.0rc1..." via 118b492d3ec Revert "VERSION: Bump version up to 4.10.0rc2..." from 75106e05b42 VERSION: Bump version up to 4.10.0rc2... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit 08f27a00832245e637e0696fb27e23459b8ca820 Author: Karolin Seeger Date: Tue Jan 15 11:19:46 2019 +0100 Revert "WHATSNEW: Add release note for Samba 4.10.0rc1." This reverts commit 3f4bd61b8408f8d97817023f07de20746ce54f90. commit a4e37680d35fcb2073846c74a90a2a644bcde25a Author: Karolin Seeger Date: Tue Jan 15 11:19:43 2019 +0100 Revert "VERSION: Bump version up to 4.10.0rc1..." This reverts commit 9537e5d2a14a35bcba659d679d2d156de6c678cc. commit 118b492d3ecbf1672daa8fc578dbeac4f48c4022 Author: Karolin Seeger Date: Tue Jan 15 11:19:40 2019 +0100 Revert "VERSION: Bump version up to 4.10.0rc2..." This reverts commit 75106e05b42e5d4629aacfa941213745d9d6e819. --- Summary of changes: VERSION | 4 ++-- WHATSNEW.txt | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 60f28019c64..5e214673edb 100644 --- a/VERSION +++ b/VERSION @@ -77,7 +77,7 @@ SAMBA_VERSION_BETA_RELEASE= # e.g. SAMBA_VERSION_PRE_RELEASE=1 # # -> "2.2.9pre1" # -SAMBA_VERSION_PRE_RELEASE= +SAMBA_VERSION_PRE_RELEASE=1 # For 'rc' releases the version will be# @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE= # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE=2 +SAMBA_VERSION_RC_RELEASE= # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 267cc5402a9..5f237713015 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements = -This is the first release candidate of Samba 4.10. This is *not* +This is the first preview release of Samba 4.10. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-10-test updated
The branch, v4-10-test has been updated via 75106e05b42 VERSION: Bump version up to 4.10.0rc2... via 9537e5d2a14 VERSION: Bump version up to 4.10.0rc1... via 3f4bd61b840 WHATSNEW: Add release note for Samba 4.10.0rc1. from 12398a2d1dd vfs_fileid: fix get_connectpath_ino https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test - Log - commit 75106e05b42e5d4629aacfa941213745d9d6e819 Author: Karolin Seeger Date: Tue Jan 15 11:02:10 2019 +0100 VERSION: Bump version up to 4.10.0rc2... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger commit 9537e5d2a14a35bcba659d679d2d156de6c678cc Author: Karolin Seeger Date: Tue Jan 15 11:01:07 2019 +0100 VERSION: Bump version up to 4.10.0rc1... and disable GIT_SNAPSHOT for the release. Signed-off-by: Karolin Seeger commit 3f4bd61b8408f8d97817023f07de20746ce54f90 Author: Karolin Seeger Date: Tue Jan 15 10:59:52 2019 +0100 WHATSNEW: Add release note for Samba 4.10.0rc1. Signed-off-by: Karolin Seeger --- Summary of changes: VERSION | 4 ++-- WHATSNEW.txt | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 5e214673edb..60f28019c64 100644 --- a/VERSION +++ b/VERSION @@ -77,7 +77,7 @@ SAMBA_VERSION_BETA_RELEASE= # e.g. SAMBA_VERSION_PRE_RELEASE=1 # # -> "2.2.9pre1" # -SAMBA_VERSION_PRE_RELEASE=1 +SAMBA_VERSION_PRE_RELEASE= # For 'rc' releases the version will be# @@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE=1 # e.g. SAMBA_VERSION_RC_RELEASE=1 # # -> "3.0.0rc1" # -SAMBA_VERSION_RC_RELEASE= +SAMBA_VERSION_RC_RELEASE=2 # To mark SVN snapshots this should be set to 'yes'# diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 5f237713015..267cc5402a9 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,7 +1,7 @@ Release Announcements = -This is the first preview release of Samba 4.10. This is *not* +This is the first release candidate of Samba 4.10. This is *not* intended for production environments and is designed for testing purposes only. Please report any defects via the Samba bug reporting system at https://bugzilla.samba.org/. -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-8-test updated
The branch, v4-8-test has been updated via 129423d3657 s3-vfs-fruit: add close call via c5e171f72e5 s3-vfs-streams_xattr: add close call via 8dc1d8c431a dns: changing onelevel search for wildcard to subtree from cfad63624ce s3:auth_winbind: ignore a missing winbindd as NT4 PDC/BDC without trusts https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test - Log - commit 129423d36572edf48a6931a0e5dab4a8e1acc05e Author: Günther Deschner Date: Tue Dec 18 17:18:33 2018 +0100 s3-vfs-fruit: add close call https://bugzilla.samba.org/show_bug.cgi?id=13725 We cannot always rely on vfs_default to close the fake fds. This mostly is relevant when used with another non-local VFS filesystem module such as gluster. Guenther Signed-off-by: Günther Deschner Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Fri Dec 21 07:20:49 CET 2018 on sn-devel-144 (cherry picked from commit ba016939aa91e0806f509c8b8ce9506bebceb7e5) Autobuild-User(v4-8-test): Karolin Seeger Autobuild-Date(v4-8-test): Mon Jan 14 14:50:09 CET 2019 on sn-devel-144 commit c5e171f72e5fa873873c3727f61d55ecf2f1639e Author: Günther Deschner Date: Tue Dec 18 17:20:29 2018 +0100 s3-vfs-streams_xattr: add close call https://bugzilla.samba.org/show_bug.cgi?id=13725 We cannot always rely on vfs_default to close the fake fds. This mostly is relevant when used with another non-local VFS filesystem module such as gluster. Guenther Signed-off-by: Günther Deschner Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Thu Dec 20 07:18:20 CET 2018 on sn-devel-144 (cherry picked from commit 1b263ed631c86bf4117c9388fce3fa1f24cea4c9) commit 8dc1d8c431add361fa20853f98746fb137b24d14 Author: Aaron Haslett Date: Wed Jan 9 16:22:40 2019 +1300 dns: changing onelevel search for wildcard to subtree SCOPE_ONELEVEL is used on wildcard dns searches, but onelevel searches currently have a performance problem related to GUID indexing, so this patch changes the search scope to SCOPE_SUBTREE. In this case, as the onelevel and subtree sets of records are roughly the same, and the query is matching against the DN itself, we don't believe there's any benefit in using SCOPE_ONELEVEL over SCOPE_SUBTREE. The onelevel performance problem will be fixed separately later, but in the meantime this solves the DNS performance problem. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13738 Signed-off-by: Aaron Haslett Reviewed-by: Douglas Bagnall Reviewed-by: Gary Lockyer (cherry picked from commit ef379880037c10589ceeab7f985e3245817908a4) --- Summary of changes: source3/modules/vfs_fruit.c | 82 +++ source3/modules/vfs_streams_xattr.c | 26 +++ source4/dns_server/dnsserver_common.c | 2 +- 3 files changed, 109 insertions(+), 1 deletion(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c index 7b24256f0e4..f7e0bbce2ce 100644 --- a/source3/modules/vfs_fruit.c +++ b/source3/modules/vfs_fruit.c @@ -3719,6 +3719,87 @@ static int fruit_open(vfs_handle_struct *handle, return fd; } +static int fruit_close_meta(vfs_handle_struct *handle, + files_struct *fsp) +{ + int ret; + struct fruit_config_data *config = NULL; + + SMB_VFS_HANDLE_GET_DATA(handle, config, + struct fruit_config_data, return -1); + + switch (config->meta) { + case FRUIT_META_STREAM: + ret = SMB_VFS_NEXT_CLOSE(handle, fsp); + break; + + case FRUIT_META_NETATALK: + ret = close(fsp->fh->fd); + fsp->fh->fd = -1; + break; + + default: + DBG_ERR("Unexpected meta config [%d]\n", config->meta); + return -1; + } + + return ret; +} + + +static int fruit_close_rsrc(vfs_handle_struct *handle, + files_struct *fsp) +{ + int ret; + struct fruit_config_data *config = NULL; + + SMB_VFS_HANDLE_GET_DATA(handle, config, + struct fruit_config_data, return -1); + + switch (config->rsrc) { + case FRUIT_RSRC_STREAM: + case FRUIT_RSRC_ADFILE: + ret = SMB_VFS_NEXT_CLOSE(handle, fsp); + break; + + case FRUIT_RSRC_XATTR: + ret = close(fsp->fh->fd); + fsp->fh->fd = -1; + break; + + default: + DBG_ERR("Unexpected
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via 0a3a26179f8 s3: net: Do not set NET_FLAGS_ANONYMOUS with -k via d94403d1dc7 s3-vfs-fruit: add close call via 16bd1112e2a s3-vfs-streams_xattr: add close call via f6ff49b3da8 audit_logging: auth_json_audit required auth_json via d1027b4b8e6 dns: changing onelevel search for wildcard to subtree from 1d927b23f63 samba-tool: don't print backtrace on simple DNS errors https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit 0a3a26179f8cd7b78ea7f970dd21fc75da2c46cd Author: Justin Stephenson Date: Mon Dec 17 11:26:11 2018 -0500 s3: net: Do not set NET_FLAGS_ANONYMOUS with -k This affects net rpc getsid and net rpc changetrustpw commands. This avoids an anonymous IPC connection being made when -k is used, this only affects net rpc getsid and net rpc changetrustpw commands. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13726 Signed-off-by: Justin Stephenson Reviewed-by: Andreas Schneider Reviewed-by: Noel Power Autobuild-User(v4-9-test): Karolin Seeger Autobuild-Date(v4-9-test): Mon Jan 14 13:34:32 CET 2019 on sn-devel-144 commit d94403d1dc77c1d56c0dfa23e649c8d8315f4c8b Author: Günther Deschner Date: Tue Dec 18 17:18:33 2018 +0100 s3-vfs-fruit: add close call https://bugzilla.samba.org/show_bug.cgi?id=13725 We cannot always rely on vfs_default to close the fake fds. This mostly is relevant when used with another non-local VFS filesystem module such as gluster. Guenther Signed-off-by: Günther Deschner Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Fri Dec 21 07:20:49 CET 2018 on sn-devel-144 (cherry picked from commit ba016939aa91e0806f509c8b8ce9506bebceb7e5) commit 16bd1112e2a0e8369219b5ebab16a128a380e324 Author: Günther Deschner Date: Tue Dec 18 17:20:29 2018 +0100 s3-vfs-streams_xattr: add close call https://bugzilla.samba.org/show_bug.cgi?id=13725 We cannot always rely on vfs_default to close the fake fds. This mostly is relevant when used with another non-local VFS filesystem module such as gluster. Guenther Signed-off-by: Günther Deschner Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Thu Dec 20 07:18:20 CET 2018 on sn-devel-144 (cherry picked from commit 1b263ed631c86bf4117c9388fce3fa1f24cea4c9) commit f6ff49b3da8432f061b557c7ca3eb04680228f79 Author: Gary Lockyer Date: Mon Jan 14 09:53:13 2019 +1300 audit_logging: auth_json_audit required auth_json To log JSON the human-readable logs must also have been enabled BUG: https://bugzilla.samba.org/show_bug.cgi?id=13715 Signed-off-by: Andrew Bartlett Reviewed-by: Gary Lockyer Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Fri Dec 14 14:32:25 CET 2018 on sn-devel-144 (cherry picked from commit 31957c7fe9d0f67bef08177e982043a23b172c7d) Edited to apply to y4.9: Gary Lockyer commit d1027b4b8e65d8bede4e4fb9316c484f941f6b2a Author: Aaron Haslett Date: Wed Jan 9 16:22:40 2019 +1300 dns: changing onelevel search for wildcard to subtree SCOPE_ONELEVEL is used on wildcard dns searches, but onelevel searches currently have a performance problem related to GUID indexing, so this patch changes the search scope to SCOPE_SUBTREE. In this case, as the onelevel and subtree sets of records are roughly the same, and the query is matching against the DN itself, we don't believe there's any benefit in using SCOPE_ONELEVEL over SCOPE_SUBTREE. The onelevel performance problem will be fixed separately later, but in the meantime this solves the DNS performance problem. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13738 Signed-off-by: Aaron Haslett Reviewed-by: Douglas Bagnall Reviewed-by: Gary Lockyer (cherry picked from commit ef379880037c10589ceeab7f985e3245817908a4) --- Summary of changes: auth/auth_log.c | 4 +- source3/modules/vfs_fruit.c | 82 +++ source3/modules/vfs_streams_xattr.c | 26 +++ source3/utils/net_rpc.c | 10 - source4/dns_server/dnsserver_common.c | 2 +- 5 files changed, 119 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/auth/auth_log.c b/auth/auth_log.c index 67d23c12a1b..38d29db4396 100644 --- a/auth/auth_log.c +++ b/auth/auth_log.c @@ -201,7 +201,7 @@ static void log_authentication_event_json( lp_ctx, &wrapper, AUTH_JSON_TYPE, -
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via 1d927b23f63 samba-tool: don't print backtrace on simple DNS errors from d4b8049d781 s3:auth_winbind: ignore a missing winbindd as NT4 PDC/BDC without trusts https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit 1d927b23f63b2fce29416dc94445d3c7171d96da Author: Björn Jacke Date: Tue Dec 18 12:58:53 2018 +0100 samba-tool: don't print backtrace on simple DNS errors samba-tool throws backtraces even for simple DNS error messages, we should not frighten users for no good reason. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13721 Signed-off-by: Bjoern Jacke Reviewed-by: Stefan Metzmacher Autobuild-User(master): Björn Jacke Autobuild-Date(master): Wed Dec 19 20:58:52 CET 2018 on sn-devel-144 (cherry picked from commit 49dc04f9f553c443c78c8073c07ea2a38cde61b2) Autobuild-User(v4-9-test): Karolin Seeger Autobuild-Date(v4-9-test): Thu Jan 10 16:55:06 CET 2019 on sn-devel-144 --- Summary of changes: python/samba/netcmd/dns.py | 10 +- 1 file changed, 5 insertions(+), 5 deletions(-) Changeset truncated at 500 lines: diff --git a/python/samba/netcmd/dns.py b/python/samba/netcmd/dns.py index ab6bacc6050..5d6dd0423cb 100644 --- a/python/samba/netcmd/dns.py +++ b/python/samba/netcmd/dns.py @@ -781,7 +781,7 @@ class cmd_zonedelete(Command): None) except WERRORError as e: if e.args[0] == werror.WERR_DNS_ERROR_ZONE_DOES_NOT_EXIST: -self.outf.write('Zone does not exist and so could not be deleted.') +raise CommandError('Zone does not exist and so could not be deleted.') raise e self.outf.write('Zone %s deleted successfully\n' % zone) @@ -861,7 +861,7 @@ class cmd_query(Command): None, record_type, select_flags, None, None) except WERRORError as e: if e.args[0] == werror.WERR_DNS_ERROR_NAME_DOES_NOT_EXIST: -self.outf.write('Record or zone does not exist.') +raise CommandError('Record or zone does not exist.') raise e print_dnsrecords(self.outf, res) @@ -941,7 +941,7 @@ class cmd_add_record(Command): 0, server, zone, name, add_rec_buf, None) except WERRORError as e: if e.args[0] == werror.WERR_DNS_ERROR_NAME_DOES_NOT_EXIST: -self.outf.write('Zone does not exist; record could not be added.\n') +raise CommandError('Zone does not exist; record could not be added.') raise e self.outf.write('Record added successfully\n') @@ -1012,7 +1012,7 @@ class cmd_update_record(Command): del_rec_buf) except WERRORError as e: if e.args[0] == werror.WERR_DNS_ERROR_NAME_DOES_NOT_EXIST: -self.outf.write('Zone does not exist; record could not be updated.\n') +raise CommandError('Zone does not exist; record could not be updated.') raise e self.outf.write('Record updated successfully\n') @@ -1067,7 +1067,7 @@ class cmd_delete_record(Command): del_rec_buf) except WERRORError as e: if e.args[0] == werror.WERR_DNS_ERROR_NAME_DOES_NOT_EXIST: -self.outf.write('Zone does not exist; record could not be deleted.\n') +raise CommandError('Zone does not exist; record could not be deleted.') raise e self.outf.write('Record deleted successfully\n') -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via d4b8049d781 s3:auth_winbind: ignore a missing winbindd as NT4 PDC/BDC without trusts via cb7dabb89d3 s3:auth_winbind: return NT_STATUS_NO_LOGON_SERVERS if winbindd is not available via 887030b71c9 s3:auth_winbind: remove fallback to optional backend via 48af1338396 s3-smbd: avoid assuming fsp is always intact after close_file call. via e7b344747eb lib/util: Count a trailing line that doesn't end in a newline via 55e8277a975 samba-tool drs showrepl: do not crash if no dnsHostName found via a1486390762 s3:auth: ignore create_builtin_guests() failing without a valid idmap configuration from 41889196769 s3:utils/smbget fix recursive download with empty source directories https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit d4b8049d78118be7b412f62367894caa43d40d5f Author: Stefan Metzmacher Date: Sat Dec 8 23:25:40 2018 +0100 s3:auth_winbind: ignore a missing winbindd as NT4 PDC/BDC without trusts BUG: https://bugzilla.samba.org/show_bug.cgi?id=13722 Signed-off-by: Stefan Metzmacher Reviewed-by: Alexander Bokovoy Autobuild-User(master): Alexander Bokovoy Autobuild-Date(master): Thu Dec 20 12:15:09 CET 2018 on sn-devel-144 (cherry picked from commit 63dc60767eb13d8fc09ed4bc44faa538581b18f1) Autobuild-User(v4-9-test): Karolin Seeger Autobuild-Date(v4-9-test): Wed Jan 9 14:01:30 CET 2019 on sn-devel-144 commit cb7dabb89d3aae8cb4c33831ec6a1daef2ee56ea Author: Stefan Metzmacher Date: Sat Dec 8 22:53:21 2018 +0100 s3:auth_winbind: return NT_STATUS_NO_LOGON_SERVERS if winbindd is not available BUG: https://bugzilla.samba.org/show_bug.cgi?id=13722 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13723 Signed-off-by: Stefan Metzmacher Reviewed-by: Alexander Bokovoy (cherry picked from commit ec3adc1e5b3cc953576efa795dfb25af08a8ab79) commit 887030b71c92615e65a6e9e2526aa9ed4d22e884 Author: Stefan Metzmacher Date: Sat Dec 8 22:48:33 2018 +0100 s3:auth_winbind: remove fallback to optional backend This is not possible anymore, as the trustdomain backend was removed in commit 75c152c0d764165a4a9dd0a85390af063dd0192a. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13722 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13723 Signed-off-by: Stefan Metzmacher Reviewed-by: Alexander Bokovoy (cherry picked from commit f3bac8c91121871bf8ce852bc3e3ea2e834d3f27) commit 48af13383966c89ee4d1f20ca088bab33ecbf56c Author: Günther Deschner Date: Tue Dec 18 11:10:04 2018 +0100 s3-smbd: avoid assuming fsp is always intact after close_file call. Instead use the already copied smb_fname directly. https://bugzilla.samba.org/show_bug.cgi?id=13720 Guenther Signed-off-by: Guenther Deschner Reviewed-by: Stefan Metzmacher Autobuild-User(master): Günther Deschner Autobuild-Date(master): Tue Dec 18 20:11:07 CET 2018 on sn-devel-144 (cherry picked from commit 90fab07f0710bb2061d3f14326c874dd049823fc) commit e7b344747eb7df22e91d857f40c8babf94665e97 Author: Martin Schwenke Date: Fri Dec 14 14:43:57 2018 +1100 lib/util: Count a trailing line that doesn't end in a newline If the final line of a file does not contain a newline then it isn't included in the line count. Change i to point to the next slot in the array instead of the current one. This means that that the current line won't be thrown away if no newline is seen. Without changing i to unsigned int, the -O3 --picky -developer build fails with: [ 745/4136] Compiling lib/util/util_file.c ==> /builds/samba-team/devel/samba/samba-o3.stderr <== ../../lib/util/util_file.c: In function ‘file_lines_parse’: ../../lib/util/util_file.c:251:8: error: assuming signed overflow does not occur when simplifying conditional to constant [-Werror=strict-overflow] while (i > 0 && ret[i-1][0] == 0) { ^ cc1: all warnings being treated as errors BUG: https://bugzilla.samba.org/show_bug.cgi?id=13717 Signed-off-by: Martin Schwenke Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Wed Dec 19 08:08:28 CET 2018 on sn-devel-144 (cherry picked from commit 5118985841aa0363147d552f243ab5a7d90dbdaf) commit 55e8277a9751bbf00bc6ad6e5f12d9163ddbdf36 Author: Douglas Bagnall Date: Thu Oct 11 11:59:52 2018 +1300 samba-tool drs showrepl: do not crash if no dnsHostName found This should not happen, but it does sometimes in an autobuild environment. Rather than reporting this by crashing, we report it by showing there is no DNS name. BUG: https://bug
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via ead19cc Remove additional headline. from 02385fb NEWS[SambaXP]: Call for Papers SambaXP 2019 https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit ead19ccdc38401cb68b040cd99b45d8d39da88e1 Author: Karolin Seeger Date: Tue Jan 8 11:07:24 2019 +0100 Remove additional headline. Signed-off-by: Karolin Seeger --- Summary of changes: posted_news/20190108-095146.SambaXP.body.html | 1 - 1 file changed, 1 deletion(-) Changeset truncated at 500 lines: diff --git a/posted_news/20190108-095146.SambaXP.body.html b/posted_news/20190108-095146.SambaXP.body.html index e5d2e35..60afaa6 100644 --- a/posted_news/20190108-095146.SambaXP.body.html +++ b/posted_news/20190108-095146.SambaXP.body.html @@ -1,6 +1,5 @@ 08 January 2019 -Call for Papers SambaXP 2019 Call for Papers SambaXP 2019 From June 4th to 6th 2019, developers and users will meet again in Goettingen, Germany at the 18th international SAMBA conference, the -- Samba Website Repository
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 02385fb NEWS[SambaXP]: Call for Papers SambaXP 2019 from 77622ad Add Samba 4.9.4 to the list. https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 02385fbde6b6652242038fffa67489a5e6bd4eaa Author: Karolin Seeger Date: Tue Jan 8 10:55:46 2019 +0100 NEWS[SambaXP]: Call for Papers SambaXP 2019 Signed-off-by: Karolin Seeger --- Summary of changes: posted_news/20190108-095146.SambaXP.body.html | 10 ++ posted_news/20190108-095146.SambaXP.headline.html | 3 +++ 2 files changed, 13 insertions(+) create mode 100644 posted_news/20190108-095146.SambaXP.body.html create mode 100644 posted_news/20190108-095146.SambaXP.headline.html Changeset truncated at 500 lines: diff --git a/posted_news/20190108-095146.SambaXP.body.html b/posted_news/20190108-095146.SambaXP.body.html new file mode 100644 index 000..e5d2e35 --- /dev/null +++ b/posted_news/20190108-095146.SambaXP.body.html @@ -0,0 +1,10 @@ + +08 January 2019 +Call for Papers SambaXP 2019 +Call for Papers SambaXP 2019 +From June 4th to 6th 2019, developers and users will meet again in +Goettingen, Germany at the 18th international SAMBA conference, the +"samba eXPerience 2019". +The call for papers and early bird registration are open until February +28th 2019. Please find all necessary information at the +http://sambaXP.org";>conference site. diff --git a/posted_news/20190108-095146.SambaXP.headline.html b/posted_news/20190108-095146.SambaXP.headline.html new file mode 100644 index 000..c926bc9 --- /dev/null +++ b/posted_news/20190108-095146.SambaXP.headline.html @@ -0,0 +1,3 @@ + + 08 January 2019 Call for Papers SambaXP 2019 + -- Samba Website Repository
[SCM] Samba Shared Repository - branch v4-8-test updated
The branch, v4-8-test has been updated via 5067926e4fe s3:utils/smbget fix recursive download with empty source directories via 7aba48de14f s3:utils/smbget add error handling for mkdir() calls via 6058729541a s3:script/tests reduce code duplication from 74507e182c7 vfs_shadow_copy2: in fstat also convert fsp->fsp_name and fsp->base_fsp->fsp_name https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test - Log - commit 5067926e4fe7fce7790243bb938677d0c4182edb Author: Christian Ambach Date: Tue Oct 23 20:05:04 2018 +0200 s3:utils/smbget fix recursive download with empty source directories Bug: https://bugzilla.samba.org/show_bug.cgi?id=13199 Signed-off-by: Christian Ambach Reviewed-by: Andreas Schneider Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Fri Oct 26 09:58:07 CEST 2018 on sn-devel-144 (cherry picked from commit fce0d1b290c7a2205f2454b268b55909d1044f1b) Autobuild-User(v4-8-test): Karolin Seeger Autobuild-Date(v4-8-test): Mon Jan 7 15:56:31 CET 2019 on sn-devel-144 commit 7aba48de14f133b23839dc831beb562005a448a5 Author: Christian Ambach Date: Mon Oct 22 16:28:21 2018 +0200 s3:utils/smbget add error handling for mkdir() calls Signed-off-by: Christian Ambach Reviewed-by: Andreas Schneider (cherry picked from commit b89732c31be350828110fe46f2c655f77cb488f3) commit 6058729541ae217c0c128c83925943f31eb60149 Author: Christian Ambach Date: Mon Oct 22 16:22:00 2018 +0200 s3:script/tests reduce code duplication Signed-off-by: Christian Ambach Reviewed-by: Andreas Schneider (cherry picked from commit 525b19fafb43bd97e3dfc1d3e7dc13955c0f387f) --- Summary of changes: source3/script/tests/test_smbget.sh | 86 - source3/utils/smbget.c | 11 - 2 files changed, 85 insertions(+), 12 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/script/tests/test_smbget.sh b/source3/script/tests/test_smbget.sh index f21a131f840..b0ff75f5eb5 100755 --- a/source3/script/tests/test_smbget.sh +++ b/source3/script/tests/test_smbget.sh @@ -37,15 +37,18 @@ create_test_data() remove_test_data() { - rm -rf dir1 dir2 testfile pushd $WORKDIR rm -rf dir1 dir2 testfile popd } +clear_download_area() { + rm -rf dir1 dir2 testfile dir001 dir004 +} + test_singlefile_guest() { - [ -e testfile ] && rm testfile + clear_download_area echo "$SMBGET -v -a smb://$SERVER_IP/smbget/testfile" $SMBGET -v -a smb://$SERVER_IP/smbget/testfile if [ $? -ne 0 ]; then @@ -62,7 +65,7 @@ test_singlefile_guest() test_singlefile_U() { - [ -e testfile ] && rm testfile + clear_download_area $SMBGET -v -U$USERNAME%$PASSWORD smb://$SERVER_IP/smbget/testfile if [ $? -ne 0 ]; then echo 'ERROR: RC does not match, expected: 0' @@ -78,7 +81,7 @@ test_singlefile_U() test_singlefile_smburl() { - [ -e testfile ] && rm testfile + clear_download_area $SMBGET -w $DOMAIN smb://$USERNAME:$PASSWORD@$SERVER_IP/smbget/testfile if [ $? -ne 0 ]; then echo 'ERROR: RC does not match, expected: 0' @@ -94,7 +97,7 @@ test_singlefile_smburl() test_singlefile_rcfile() { - [ -e testfile ] && rm testfile + clear_download_area echo "user $USERNAME%$PASSWORD" > $TMPDIR/rcfile $SMBGET -vn -f $TMPDIR/rcfile smb://$SERVER_IP/smbget/testfile rc=$? @@ -113,9 +116,28 @@ test_singlefile_rcfile() test_recursive_U() { - [ -e testfile ] && rm testfile - [ -d dir1 ] && rm -rf dir1 - [ -d dir2 ] && rm -rf dir2 + clear_download_area + $SMBGET -v -R -U$USERNAME%$PASSWORD smb://$SERVER_IP/smbget/ + if [ $? -ne 0 ]; then + echo 'ERROR: RC does not match, expected: 0' + return 1 + fi + + cmp --silent $WORKDIR/testfile ./testfile && \ + cmp --silent $WORKDIR/dir1/testfile1 ./dir1/testfile1 && \ + cmp --silent $WORKDIR/dir2/testfile2 ./dir2/testfile2 + if [ $? -ne 0 ]; then + echo 'ERROR: file content does not match' + return 1 + fi + + return 0 +} + +test_recursive_existing_dir() +{ + clear_download_area + mkdir dir1 $SMBGET -v -R -U$USERNAME%$PASSWORD smb://$SERVER_IP/smbget/ if [ $? -ne 0 ]; then echo 'ERROR: RC does not match, expected: 0' @@ -133,9 +155,42 @@ test_recursive_U() return 0 } + +test_recursive_with_empty() # see Bug 13199 +{ + clear_download_area + # creat
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via 41889196769 s3:utils/smbget fix recursive download with empty source directories via b9a1a179e62 s3:utils/smbget add error handling for mkdir() calls via a5c8e943d34 s3:script/tests reduce code duplication from 2c51c8f8ac1 VERISON: Bump version up to 4.9.5... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit 41889196769973e879657df2bf36cce6ea86eeb8 Author: Christian Ambach Date: Tue Oct 23 20:05:04 2018 +0200 s3:utils/smbget fix recursive download with empty source directories Bug: https://bugzilla.samba.org/show_bug.cgi?id=13199 Signed-off-by: Christian Ambach Reviewed-by: Andreas Schneider Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Fri Oct 26 09:58:07 CEST 2018 on sn-devel-144 (cherry picked from commit fce0d1b290c7a2205f2454b268b55909d1044f1b) Autobuild-User(v4-9-test): Karolin Seeger Autobuild-Date(v4-9-test): Mon Jan 7 14:23:36 CET 2019 on sn-devel-144 commit b9a1a179e62b14e3831fbd12a50df0c52b8d372d Author: Christian Ambach Date: Mon Oct 22 16:28:21 2018 +0200 s3:utils/smbget add error handling for mkdir() calls Signed-off-by: Christian Ambach Reviewed-by: Andreas Schneider (cherry picked from commit b89732c31be350828110fe46f2c655f77cb488f3) commit a5c8e943d34e0118ab0f98cb3ae77a8333e4fd92 Author: Christian Ambach Date: Mon Oct 22 16:22:00 2018 +0200 s3:script/tests reduce code duplication Signed-off-by: Christian Ambach Reviewed-by: Andreas Schneider (cherry picked from commit 525b19fafb43bd97e3dfc1d3e7dc13955c0f387f) --- Summary of changes: source3/script/tests/test_smbget.sh | 86 - source3/utils/smbget.c | 11 - 2 files changed, 85 insertions(+), 12 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/script/tests/test_smbget.sh b/source3/script/tests/test_smbget.sh index f21a131f840..b0ff75f5eb5 100755 --- a/source3/script/tests/test_smbget.sh +++ b/source3/script/tests/test_smbget.sh @@ -37,15 +37,18 @@ create_test_data() remove_test_data() { - rm -rf dir1 dir2 testfile pushd $WORKDIR rm -rf dir1 dir2 testfile popd } +clear_download_area() { + rm -rf dir1 dir2 testfile dir001 dir004 +} + test_singlefile_guest() { - [ -e testfile ] && rm testfile + clear_download_area echo "$SMBGET -v -a smb://$SERVER_IP/smbget/testfile" $SMBGET -v -a smb://$SERVER_IP/smbget/testfile if [ $? -ne 0 ]; then @@ -62,7 +65,7 @@ test_singlefile_guest() test_singlefile_U() { - [ -e testfile ] && rm testfile + clear_download_area $SMBGET -v -U$USERNAME%$PASSWORD smb://$SERVER_IP/smbget/testfile if [ $? -ne 0 ]; then echo 'ERROR: RC does not match, expected: 0' @@ -78,7 +81,7 @@ test_singlefile_U() test_singlefile_smburl() { - [ -e testfile ] && rm testfile + clear_download_area $SMBGET -w $DOMAIN smb://$USERNAME:$PASSWORD@$SERVER_IP/smbget/testfile if [ $? -ne 0 ]; then echo 'ERROR: RC does not match, expected: 0' @@ -94,7 +97,7 @@ test_singlefile_smburl() test_singlefile_rcfile() { - [ -e testfile ] && rm testfile + clear_download_area echo "user $USERNAME%$PASSWORD" > $TMPDIR/rcfile $SMBGET -vn -f $TMPDIR/rcfile smb://$SERVER_IP/smbget/testfile rc=$? @@ -113,9 +116,28 @@ test_singlefile_rcfile() test_recursive_U() { - [ -e testfile ] && rm testfile - [ -d dir1 ] && rm -rf dir1 - [ -d dir2 ] && rm -rf dir2 + clear_download_area + $SMBGET -v -R -U$USERNAME%$PASSWORD smb://$SERVER_IP/smbget/ + if [ $? -ne 0 ]; then + echo 'ERROR: RC does not match, expected: 0' + return 1 + fi + + cmp --silent $WORKDIR/testfile ./testfile && \ + cmp --silent $WORKDIR/dir1/testfile1 ./dir1/testfile1 && \ + cmp --silent $WORKDIR/dir2/testfile2 ./dir2/testfile2 + if [ $? -ne 0 ]; then + echo 'ERROR: file content does not match' + return 1 + fi + + return 0 +} + +test_recursive_existing_dir() +{ + clear_download_area + mkdir dir1 $SMBGET -v -R -U$USERNAME%$PASSWORD smb://$SERVER_IP/smbget/ if [ $? -ne 0 ]; then echo 'ERROR: RC does not match, expected: 0' @@ -133,9 +155,42 @@ test_recursive_U() return 0 } + +test_recursive_with_empty() # see Bug 13199 +{ + clear_download_area + # create some additional empty directories + mkdir -p
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via 77622ad Add Samba 4.9.4 to the list. via 0b258c4 NEWS[4.9.4]: Samba 4.9.4 Available for Download from ea99b56 Add Samba 4.8.8. https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit 77622ad0eb5625af4387ce29bf849fb74f793439 Author: Karolin Seeger Date: Thu Dec 20 09:31:05 2018 +0100 Add Samba 4.9.4 to the list. Signed-off-by: Karolin Seeger commit 0b258c4b4e176d50ea65b21fbf177edd6606ad55 Author: Karolin Seeger Date: Thu Dec 20 09:29:07 2018 +0100 NEWS[4.9.4]: Samba 4.9.4 Available for Download Signed-off-by: Karolin Seeger --- Summary of changes: history/header_history.html | 1 + history/samba-4.9.4.html| 78 + posted_news/20181220-083045.4.9.4.body.html | 13 + posted_news/20181220-083045.4.9.4.headline.html | 3 + 4 files changed, 95 insertions(+) create mode 100644 history/samba-4.9.4.html create mode 100644 posted_news/20181220-083045.4.9.4.body.html create mode 100644 posted_news/20181220-083045.4.9.4.headline.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index d61b8e5..0144df8 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -9,6 +9,7 @@ Release Notes + samba-4.9.4 samba-4.9.3 samba-4.9.2 samba-4.9.1 diff --git a/history/samba-4.9.4.html b/history/samba-4.9.4.html new file mode 100644 index 000..20417ca --- /dev/null +++ b/history/samba-4.9.4.html @@ -0,0 +1,78 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> +http://www.w3.org/1999/xhtml";> + +Samba 4.9.4 - Release Notes + + +Samba 4.9.4 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.9.4.tar.gz";>Samba 4.9.4 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.9.4.tar.asc";>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.9.3-4.9.4.diffs.gz";>Patch (gzipped) against Samba 4.9.3 +https://download.samba.org/pub/samba/patches/samba-4.9.3-4.9.4.diffs.asc";>Signature + + + + = + Release Notes for Samba 4.9.4 + December 20, 2018 + = + + +Major bug fixes include: + + + o dns: Fix CNAME loop prevention using counter regression (bug #13600). + + +Changes since 4.9.3: + + +o Ralph Boehme <s...@samba.org> + * BUG 9175: libcli/smb: Don't overwrite status code. + * BUG 12164: wbinfo --group-info 'NT AUTHORITY\System' does not work. + * BUG 13661: Session setup reauth fails to sign response. + * BUG 13677: vfs_fruit: Validation of writes on AFP_AfpInfo stream. + * BUG 13688: vfs_shadow_copy2: Nicely deal with attempts to open previous + version for writing. + * BUG 13455: Restoring previous version of stream with vfs_shadow_copy2 fails + with NT_STATUS_OBJECT_NAME_INVALID fsp->base_fsp->fsp_name. + +o Isaac Boukris <ibouk...@gmail.com> + * BUG 13571: CVE-2018-16853: Fix S4U2Self crash with MIT KDC build. + +o Günther Deschner <g...@samba.org> + * BUG 13708: s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs. + +o Joe Guo <j...@catalyst.net.nz> + * PEP8: fix E231: missing whitespace after ','. + +o Volker Lendecke <v...@samba.org> + * BUG 13629: winbindd: Fix crash when taking profiles. + +o Stefan Metzmacher <me...@samba.org> + * BUG 13600: CVE-2018-14629 dns: Fix CNAME loop prevention using counter + regression. + +o Garming Sam <garm...@catalyst.net.nz> + * BUG 13686: 'samba-tool user syscpasswords' fails on a domain with many DCs. + +o Andreas Schneider <a...@samba.org> + * BUG 13571: CVE-2018-16853: Do not segfault if client is not set. + * BUG 13679: lib:util: Fix DEBUGCLASS pointer initializiation. + +o Martin Schwenke <mar...@meltin.net> + * BUG 13696: ctdb-daemon: Exit with error if a database directory does not + exist. + +o Justin Stephenson <jstep...@redhat.com> + * BUG 13498: s3:libads: Add net ads leave keep-account option. + + + + + + diff --git a/posted_news/20181220-083045.4.9.4.body.html b/posted_news/20181220-083045.4.9.4.body.html new file mode 100644 index 000..c5fe919 --- /dev/null +++ b/posted_news/20181220-083045.4.9.4.body.html @@ -0,0 +1,13 @@ + +20 December 2018 +Samba 4.9.4 Available for Download + +This is the latest stable release of the Samba 4.9 release series. + + +The uncompres
[SCM] Samba Shared Repository - branch v4-9-stable updated
The branch, v4-9-stable has been updated via f1a0c8355e6 VERSION: Disable GIT_SNAPSHOT for the 4.9.4 release. via 9da8cd023f2 WHATSNEW: Add release notes for Samba 4.9.4. via d18c5775771 vfs_shadow_copy2: in fstat also convert fsp->fsp_name and fsp->base_fsp->fsp_name via fa2a9c3be08 s3:smbd: pass down twrp from SMB2_CREATE to filename_convert() via baf1e0f30fe s3:smbd: add twrp args to filename_convert() via f8c144fa191 s3:smbd: add twrp processing to filename_convert_internal() via 88863119323 s3:smbd: prepare filename_convert_internal() for twrp via 3295cc8b4a5 s3:selftest: add a VSS test reading a stream via 1f897e6c1d2 s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs. via e60c9431c6e vfs_shadow_copy2: nicely deal with attempts to open previous version for writing via 256d488b593 vfs_shadow_copy2: add shadow_copy2_strip_snapshot_converted via 0e355e3826f vfs_shadow_copy2: add _already_converted arg to shadow_copy2_strip_snapshot_internal() via 0244de24cfe s3:script/tests: add a test for VSS write behaviour via 6f8ea0a08ea s4:torture: add a test-suite for VSS via 1cf55de5ceb vfs_error_inject: add EBADF error via 8eaf7922410 vfs_error_inject: add pwrite via f53459c9232 s3:libads: Add net ads leave keep-account option via 1d0e4511ce1 winbindd: Route predefined domains through the BUILTIN domain child via ac2c24cc424 winbindd: fix predefined domains routing in find_lookup_domain_from_sid() via fd91429b529 winbindd: add some braces via cf7e9d3d90f libcli/security: add dom_sid_lookup_is_predefined_domain() via 7cc1a8d9caa selftest: test wbinfo -n and --gid-info with "NT Authority" via 53b2e9aff3a CVE-2018-14629 dns: fix CNAME loop prevention using counter regression via 850a5521a3b CVE-2018-14629: Tests to expose regression from dns cname loop fix via 6a549df2419 ctdb-daemon: Exit with error if a database directory does not exist via b2ef0e08a9b CVE-2018-16853: fix crash in expired passowrd case via a26e6160b33 CVE-2018-16853: Do not segfault if client is not set via a2f4d49c1c5 CVE-2018-16853: Add a test to verify s4u2self doesn't crash via 09f9bb28371 CVE-2018-16853: The ticket in check_policy_as can actually be a TGS via d2a6e3e1bb4 CVE-2018-16853: Fix kinit test on system lacking ldbsearch via 2332c99cba7 libcli/smb: don't overwrite status code via 739ce2c7335 s4:torture/smb2/session: test smbXcli_session_set_disconnect_expired() works via f678c6f06f0 ldb_controls: Add some talloc error checking for controls via f4105adc285 sync_passwords: Remove dirsync cookie logging for continuous operation via 517df6d3da3 dirsync: Allow arbitrary length cookies via a816ca4004a PEP8: fix E231: missing whitespace after ',' via b3d376b7d4d VERSION: Bump version up to 4.9.4. via 9e05ff6b9bf Merge tag 'samba-4.9.3' into v4-9-test via 7cd5db7a63d ctdb-tests: Make the debug hung script test cope with unreadable stacks via 041e0945cb5 s3:smb2_sesssetup: check session_info security level before it gets talloc_move'd via 77cf7167374 s4:torture/smb2/session: session reauth response must be signed via f2c456aa1b7 s4:torture/smb2/session: add force_signing to test_session_expire1i via 2b164eca304 s4:torture/smb2/session: require a signed session setup reauth response via ff0db7ec9c2 s4:torture/smb2/session: invalidate credential cache via 6c3577a5885 libcli/smb: use require_signed_response in smb2cli_conn_dispatch_incoming() via 6ca7a8a2ffb libcli/smb: defer singing check a little bit via cd8ea322a32 libcli/smb: maintain require_signed_response in smbXcli_req_state via 4f5af7ba729 libcli/smb: add smb2cli_session_require_signed_response() via 052df0f679d s3:selftest: also run smb2.session torture testsuite against ad_member via e71252ecb2b s3:selftest: split "raw.session" and "smb2.session" via 299e6edd0e6 torture: Fix the 32-bit build via 5420863dd11 vfs_fruit: validation of writes on AFP_AfpInfo stream via 4672656d9e1 vfs_fruit: move a comment to the right place via b6585b6fa67 s4:torture/vfs/fruit: torture writing AFP_AfpInfo stream via 7f8740c0acf winbindd: Fix crash when taking profiles via 7a542190501 lib:util: Fix DEBUGCLASS pointer initializiation via 424d4d2b408 VERSION: Bump version up to 4.9.3... from 40c057c900a VERSION: Disable GIT_SNAPSHOT for the 4.9.3 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-stable - Log - --- Summary of changes: VERSION
[SCM] Samba Shared Repository - annotated tag samba-4.9.4 created
The annotated tag, samba-4.9.4 has been created at 34c53c775c9ffb3c93ba0d890eb83b2732d4e644 (tag) tagging f1a0c8355e60c0fbaf6333132803d8fea0b290a8 (commit) replaces samba-4.9.3 tagged by Karolin Seeger on Thu Dec 20 09:28:52 2018 +0100 - Log - samba: tag release samba-4.9.4 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXBtSxAAKCRBvM5FbZWi3 6qPxAKC+x+kF5wOB67R/qo6caOpsVNNJqACfQKrI1pIbCuqxcsbEhuuyOsHkBE8= =yeUu -END PGP SIGNATURE- Aaron Haslett (1): CVE-2018-14629: Tests to expose regression from dns cname loop fix Andreas Schneider (2): lib:util: Fix DEBUGCLASS pointer initializiation CVE-2018-16853: Do not segfault if client is not set Garming Sam (3): dirsync: Allow arbitrary length cookies sync_passwords: Remove dirsync cookie logging for continuous operation ldb_controls: Add some talloc error checking for controls Günther Deschner (1): s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs. Isaac Boukris (4): CVE-2018-16853: Fix kinit test on system lacking ldbsearch CVE-2018-16853: The ticket in check_policy_as can actually be a TGS CVE-2018-16853: Add a test to verify s4u2self doesn't crash CVE-2018-16853: fix crash in expired passowrd case Joe Guo (1): PEP8: fix E231: missing whitespace after ',' Justin Stephenson (1): s3:libads: Add net ads leave keep-account option Karolin Seeger (5): VERSION: Bump version up to 4.9.3... Merge tag 'samba-4.9.3' into v4-9-test VERSION: Bump version up to 4.9.4. WHATSNEW: Add release notes for Samba 4.9.4. VERSION: Disable GIT_SNAPSHOT for the 4.9.4 release. Martin Schwenke (2): ctdb-tests: Make the debug hung script test cope with unreadable stacks ctdb-daemon: Exit with error if a database directory does not exist Ralph Boehme (34): s4:torture/vfs/fruit: torture writing AFP_AfpInfo stream vfs_fruit: move a comment to the right place vfs_fruit: validation of writes on AFP_AfpInfo stream s3:selftest: split "raw.session" and "smb2.session" s3:selftest: also run smb2.session torture testsuite against ad_member libcli/smb: add smb2cli_session_require_signed_response() libcli/smb: maintain require_signed_response in smbXcli_req_state libcli/smb: defer singing check a little bit libcli/smb: use require_signed_response in smb2cli_conn_dispatch_incoming() s4:torture/smb2/session: invalidate credential cache s4:torture/smb2/session: require a signed session setup reauth response s4:torture/smb2/session: add force_signing to test_session_expire1i s4:torture/smb2/session: session reauth response must be signed s3:smb2_sesssetup: check session_info security level before it gets talloc_move'd s4:torture/smb2/session: test smbXcli_session_set_disconnect_expired() works libcli/smb: don't overwrite status code selftest: test wbinfo -n and --gid-info with "NT Authority" libcli/security: add dom_sid_lookup_is_predefined_domain() winbindd: add some braces winbindd: fix predefined domains routing in find_lookup_domain_from_sid() winbindd: Route predefined domains through the BUILTIN domain child vfs_error_inject: add pwrite vfs_error_inject: add EBADF error s4:torture: add a test-suite for VSS s3:script/tests: add a test for VSS write behaviour vfs_shadow_copy2: add _already_converted arg to shadow_copy2_strip_snapshot_internal() vfs_shadow_copy2: add shadow_copy2_strip_snapshot_converted vfs_shadow_copy2: nicely deal with attempts to open previous version for writing s3:selftest: add a VSS test reading a stream s3:smbd: prepare filename_convert_internal() for twrp s3:smbd: add twrp processing to filename_convert_internal() s3:smbd: add twrp args to filename_convert() s3:smbd: pass down twrp from SMB2_CREATE to filename_convert() vfs_shadow_copy2: in fstat also convert fsp->fsp_name and fsp->base_fsp->fsp_name Stefan Metzmacher (1): CVE-2018-14629 dns: fix CNAME loop prevention using counter regression Volker Lendecke (2): winbindd: Fix crash when taking profiles torture: Fix the 32-bit build --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via 2c51c8f8ac1 VERISON: Bump version up to 4.9.5... via f1a0c8355e6 VERSION: Disable GIT_SNAPSHOT for the 4.9.4 release. via 9da8cd023f2 WHATSNEW: Add release notes for Samba 4.9.4. from d18c5775771 vfs_shadow_copy2: in fstat also convert fsp->fsp_name and fsp->base_fsp->fsp_name https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit 2c51c8f8ac1512cee88a7d5fcfab9b4745a59874 Author: Karolin Seeger Date: Thu Dec 20 09:25:20 2018 +0100 VERISON: Bump version up to 4.9.5... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger commit f1a0c8355e60c0fbaf6333132803d8fea0b290a8 Author: Karolin Seeger Date: Thu Dec 20 09:23:46 2018 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.9.4 release. commit 9da8cd023f263e61ca8e91fa1d656cfe643730b0 Author: Karolin Seeger Date: Thu Dec 20 09:23:09 2018 +0100 WHATSNEW: Add release notes for Samba 4.9.4. Signed-off-by: Karolin Seeger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 83 ++-- 2 files changed, 82 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index bf3e347fa2c..18174c3ff41 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=9 -SAMBA_VERSION_RELEASE=4 +SAMBA_VERSION_RELEASE=5 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index fc1541dbbe5..b3a39d3291a 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,82 @@ + = + Release Notes for Samba 4.9.4 + December 20, 2018 + = + + +Major bug fixes include: + + + o dns: Fix CNAME loop prevention using counter regression (bug #13600). + + +Changes since 4.9.3: + + +o Ralph Boehme + * BUG 9175: libcli/smb: Don't overwrite status code. + * BUG 12164: wbinfo --group-info 'NT AUTHORITY\System' does not work. + * BUG 13661: Session setup reauth fails to sign response. + * BUG 13677: vfs_fruit: Validation of writes on AFP_AfpInfo stream. + * BUG 13688: vfs_shadow_copy2: Nicely deal with attempts to open previous + version for writing. + * BUG 13455: Restoring previous version of stream with vfs_shadow_copy2 fails + with NT_STATUS_OBJECT_NAME_INVALID fsp->base_fsp->fsp_name. + +o Isaac Boukris + * BUG 13571: CVE-2018-16853: Fix S4U2Self crash with MIT KDC build. + +o Günther Deschner + * BUG 13708: s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs. + +o Joe Guo + * PEP8: fix E231: missing whitespace after ','. + +o Volker Lendecke + * BUG 13629: winbindd: Fix crash when taking profiles. + +o Stefan Metzmacher + * BUG 13600: CVE-2018-14629 dns: Fix CNAME loop prevention using counter + regression. + +o Garming Sam + * BUG 13686: 'samba-tool user syscpasswords' fails on a domain with many DCs. + +o Andreas Schneider + * BUG 13571: CVE-2018-16853: Do not segfault if client is not set. + * BUG 13679: lib:util: Fix DEBUGCLASS pointer initializiation. + +o Martin Schwenke + * BUG 13696: ctdb-daemon: Exit with error if a database directory does not + exist. + +o Justin Stephenson + * BUG 13498: s3:libads: Add net ads leave keep-account option. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical IRC channel on irc.freenode.net. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the "Samba 4.1 and newer" product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +== + + +Release notes for older releases follow: + + = Release Notes for Samba 4.9.3 November 27, 2018 @@ -122,8 +201,8 @@ database (https://bugzilla.samba.org/). =
[SCM] Samba Shared Repository - branch v4-8-test updated
The branch, v4-8-test has been updated via 74507e182c7 vfs_shadow_copy2: in fstat also convert fsp->fsp_name and fsp->base_fsp->fsp_name via 0d353c2ab06 s3:smbd: pass down twrp from SMB2_CREATE to filename_convert() via 299eef1e7e1 s3:smbd: add twrp args to filename_convert() via b2dcbafef73 s3:smbd: add twrp processing to filename_convert_internal() via b12bceb8b7e s3:smbd: prepare filename_convert_internal() for twrp via 450ac189c88 s3:selftest: add a VSS test reading a stream via 6f55dc0ccdf s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs. via 06336d8a59e vfs_shadow_copy2: nicely deal with attempts to open previous version for writing via eae534f01ca vfs_shadow_copy2: add shadow_copy2_strip_snapshot_converted via 5a0d7463c60 vfs_shadow_copy2: add _already_converted arg to shadow_copy2_strip_snapshot_internal() via de114204480 s3:script/tests: add a test for VSS write behaviour via 8c031cf05e5 s4:torture: add a test-suite for VSS via b22e8f355bd vfs_error_inject: add EBADF error via 688f91e366a vfs_error_inject: add pwrite from a988dcb90c4 VERSION: Bump version up to 4.8.9... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test - Log - commit 74507e182c7b0b4382cedc1b1c9d3c5c0830e411 Author: Ralph Boehme Date: Wed Nov 21 17:20:30 2018 +0100 vfs_shadow_copy2: in fstat also convert fsp->fsp_name and fsp->base_fsp->fsp_name Stacked VFS modules might use the file name, not the file handle. Looking at you, vfs_fruit... Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit aa1fac696956f96e89e54ddd4535a6e2844161b0) Autobuild-User(v4-8-test): Karolin Seeger Autobuild-Date(v4-8-test): Thu Dec 13 18:20:47 CET 2018 on sn-devel-144 commit 0d353c2ab0692a95b4e7f0d1b13cdfe34d24047e Author: Ralph Boehme Date: Sat Nov 24 10:54:06 2018 +0100 s3:smbd: pass down twrp from SMB2_CREATE to filename_convert() Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit 9c462e1b324ebad60c51bd6e8e659b39a31ec02e) commit 299eef1e7e1a282f9aef0ebd9b6d948ef6cbdd9f Author: Ralph Boehme Date: Sat Nov 24 10:45:49 2018 +0100 s3:smbd: add twrp args to filename_convert() All existing callers pass NULL, no change in behaviour. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit 14b6e6842b76d7c3e53249ba026a3ff51615ebd7) commit b2dcbafef734cf77ee7c0c53ca7f173a9482259d Author: Ralph Boehme Date: Sat Nov 24 09:05:37 2018 +0100 s3:smbd: add twrp processing to filename_convert_internal() Not used for now, existing callers pass NULL. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit c69bd336a17ca04dbfb4f5d04a963d25b9925118) commit b12bceb8b7e6a89c09bd5ca4d002925c1afc535e Author: Ralph Boehme Date: Sat Nov 24 08:56:49 2018 +0100 s3:smbd: prepare filename_convert_internal() for twrp Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit bffc540bc8459cbb1bd1a98528fb1d3b2b54d1d2) commit 450ac189c88bfa43e0a15ac4d81a5192e59c5ec4 Author: Ralph Boehme Date: Fri Nov 23 14:36:56 2018 +0100 s3:selftest: add a VSS test reading a stream Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit cfffa2e2428b42db65a4ece00602e0cef8ceb5a3) commit 6f55dc0ccdf7f576719d08b22ef17af7e6769c2c Author: Günther Deschner Date: Wed Oct 10 17:32:25 2018 +0200 s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13708 Guenther Signed-off-by: Guenther Deschner Reviewed-by: Ralph Boehme Autobuild-User(master): Günther Deschner Autobuild-Date(master): Tue Dec 11 17:26:31 CET 2018 on sn-devel-144 (cherry picked from commit 75d15484f3b71b1a2684c4a73e53aaa467f9932b) commit 06336d8a59e1d25a06834c1df0b73817c822353b Author: Ralph Boehme Date: Fri Nov 23 14:08:15 2018 +0100 vfs_shadow_copy2: nicely deal with attempts to open previous version for writing Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit cf95756235f718478e556ce1fbf7c032f9c9acfb) commit eae534f01cae6ea6fa875bae15f11
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via d18c5775771 vfs_shadow_copy2: in fstat also convert fsp->fsp_name and fsp->base_fsp->fsp_name via fa2a9c3be08 s3:smbd: pass down twrp from SMB2_CREATE to filename_convert() via baf1e0f30fe s3:smbd: add twrp args to filename_convert() via f8c144fa191 s3:smbd: add twrp processing to filename_convert_internal() via 88863119323 s3:smbd: prepare filename_convert_internal() for twrp via 3295cc8b4a5 s3:selftest: add a VSS test reading a stream via 1f897e6c1d2 s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs. via e60c9431c6e vfs_shadow_copy2: nicely deal with attempts to open previous version for writing via 256d488b593 vfs_shadow_copy2: add shadow_copy2_strip_snapshot_converted via 0e355e3826f vfs_shadow_copy2: add _already_converted arg to shadow_copy2_strip_snapshot_internal() via 0244de24cfe s3:script/tests: add a test for VSS write behaviour via 6f8ea0a08ea s4:torture: add a test-suite for VSS via 1cf55de5ceb vfs_error_inject: add EBADF error via 8eaf7922410 vfs_error_inject: add pwrite via f53459c9232 s3:libads: Add net ads leave keep-account option from 1d0e4511ce1 winbindd: Route predefined domains through the BUILTIN domain child https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit d18c5775771d8c3bb9661335c0af2415a2c4b0e8 Author: Ralph Boehme Date: Wed Nov 21 17:20:30 2018 +0100 vfs_shadow_copy2: in fstat also convert fsp->fsp_name and fsp->base_fsp->fsp_name Stacked VFS modules might use the file name, not the file handle. Looking at you, vfs_fruit... Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit aa1fac696956f96e89e54ddd4535a6e2844161b0) Autobuild-User(v4-9-test): Karolin Seeger Autobuild-Date(v4-9-test): Thu Dec 13 16:47:40 CET 2018 on sn-devel-144 commit fa2a9c3be08c42c8b2f800e384c0d428a232bacb Author: Ralph Boehme Date: Sat Nov 24 10:54:06 2018 +0100 s3:smbd: pass down twrp from SMB2_CREATE to filename_convert() Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit 9c462e1b324ebad60c51bd6e8e659b39a31ec02e) commit baf1e0f30fe052156ba10f956a870e0e4937f1d5 Author: Ralph Boehme Date: Sat Nov 24 10:45:49 2018 +0100 s3:smbd: add twrp args to filename_convert() All existing callers pass NULL, no change in behaviour. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit 14b6e6842b76d7c3e53249ba026a3ff51615ebd7) commit f8c144fa191b1c30f7a16fa527ddd540266f7927 Author: Ralph Boehme Date: Sat Nov 24 09:05:37 2018 +0100 s3:smbd: add twrp processing to filename_convert_internal() Not used for now, existing callers pass NULL. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit c69bd336a17ca04dbfb4f5d04a963d25b9925118) commit 88863119323fd758b922e2cfe05b13462f72bde9 Author: Ralph Boehme Date: Sat Nov 24 08:56:49 2018 +0100 s3:smbd: prepare filename_convert_internal() for twrp Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit bffc540bc8459cbb1bd1a98528fb1d3b2b54d1d2) commit 3295cc8b4a51c09009785026b541c5ce1fc2fd2a Author: Ralph Boehme Date: Fri Nov 23 14:36:56 2018 +0100 s3:selftest: add a VSS test reading a stream Bug: https://bugzilla.samba.org/show_bug.cgi?id=13455 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit cfffa2e2428b42db65a4ece00602e0cef8ceb5a3) commit 1f897e6c1d2b29e92b9ddbc62a07ce66dbec4d93 Author: Günther Deschner Date: Wed Oct 10 17:32:25 2018 +0200 s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13708 Guenther Signed-off-by: Guenther Deschner Reviewed-by: Ralph Boehme Autobuild-User(master): Günther Deschner Autobuild-Date(master): Tue Dec 11 17:26:31 CET 2018 on sn-devel-144 (cherry picked from commit 75d15484f3b71b1a2684c4a73e53aaa467f9932b) commit e60c9431c6e5619f84374851b90cbbf59e4fbb61 Author: Ralph Boehme Date: Fri Nov 23 14:08:15 2018 +0100 vfs_shadow_copy2: nicely deal with attempts to open previous version for writing Bug: https://bugzilla.samba.org/show_bug.cgi?id=13688 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (
[SCM] Samba Shared Repository - branch v4-8-stable updated
The branch, v4-8-stable has been updated via 91c4bf85967 VERSION: Disable GIT_SNAPSHOT for the 4.8.8 release. via 1ce5bb68c78 WHATSNEW: Add release notes for Samba 4.8.8. via 064f8f2d8cd winbindd: Route predefined domains through the BUILTIN domain child via bd464e2892c winbindd: fix predefined domains routing in find_lookup_domain_from_sid() via 1dd91d1463b winbindd: add some braces via 887cc66ff8f libcli/security: add dom_sid_lookup_is_predefined_domain() via d85ce20d988 selftest: test wbinfo -n and --gid-info with "NT Authority" via c81921da2e5 CVE-2018-14629 dns: fix CNAME loop prevention using counter regression via 9d58994621f CVE-2018-14629: Tests to expose regression from dns cname loop fix via 6d9c94e82c0 CVE-2018-16853: fix crash in expired passowrd case via c4c0a23a34c CVE-2018-16853: Do not segfault if client is not set via e57433c46ba CVE-2018-16853: Add a test to verify s4u2self doesn't crash via fb634be8327 CVE-2018-16853: The ticket in check_policy_as can actually be a TGS via 1c4004425d0 CVE-2018-16853: Fix kinit test on system lacking ldbsearch via c33afb1e2c9 libcli/smb: don't overwrite status code via 50c2d78c270 s4:torture/smb2/session: test smbXcli_session_set_disconnect_expired() works via 903c3a0fb67 vfs_zfsacl: return synthesized ACL when ZFS return ENOTSUP via 5c1d414053d s3:smbd: make psbuf arg to make_default_acl_posix() const via 03f60c3ab36 VERSION: Bump version up to 4.8.8. via db08ec4c941 Merge tag 'samba-4.8.7' into v4-8-test via 58c53ddef51 s3:smb2_sesssetup: check session_info security level before it gets talloc_move'd via 3d9debd0f7e s4:torture/smb2/session: session reauth response must be signed via 9694933cc39 s4:torture/smb2/session: add force_signing to test_session_expire1i via b79e847e351 s4:torture/smb2/session: require a signed session setup reauth response via 288a79d997b s4:torture/smb2/session: invalidate credential cache via 7a5077d7e9a libcli/smb: use require_signed_response in smb2cli_conn_dispatch_incoming() via 4ba496bf3c1 libcli/smb: defer singing check a little bit via 2b73c8a0df4 libcli/smb: maintain require_signed_response in smbXcli_req_state via 33dc0907353 libcli/smb: add smb2cli_session_require_signed_response() via c25a69a0861 s3:selftest: also run smb2.session torture testsuite against ad_member via eb8a35e7f84 s3:selftest: split "raw.session" and "smb2.session" via aa3a07a01f9 torture: Fix the 32-bit build via 42c3b3325a3 vfs_fruit: validation of writes on AFP_AfpInfo stream via b6987c345de vfs_fruit: move a comment to the right place via 8f251ab43ff s4:torture/vfs/fruit: torture writing AFP_AfpInfo stream via e3e037c6f13 lib:util: Fix DEBUGCLASS pointer initializiation via 09298298200 selftest: Run smb2.delete-on-close-perms also with "delete readonly = yes" via ab041bf5346 selftest: Add share to test "delete readonly" option via d60ad0171a0 smbd: Fix DELETE_ON_CLOSE behaviour on files with READ_ONLY attribute via e674f23a106 smbtorture: Add test for DELETE_ON_CLOSE on files with READ_ONLY attribute via b51ef80a7aa torture: Fix the clang build via 0eebb6e0a47 vfs_fruit: let fruit_open_meta() with O_CREAT return a fake-fd via cbbd530968b vfs_fruit: don't check for delete-on-close on the FinderInfo stream via 80c95670e21 vfs_fruit: let fruit_pwrite_meta_stream also ftruncate empty FinderInfo via 248b5fc305b vfs_fruit: pass stream size to delete_invalid_meta_stream() via 1078e220e5a vfs_fruit: let fruit handle all aio on the FinderInfo metadata stream via 8c8d2d028db vfs_fruit: do ino calculation via a9b6f3a03da vfs_fruit: prepare fruit_pread_meta() for reading on fake-fd via 257281c7c7f vfs_fruit: prepare fruit_pwrite_meta() for on-demand opening and writing via a3cc00f7187 vfs_fruit: prepare struct fio for fake-fd and on-demand opening via bc6d5c9fa75 vfs_fruit: add fio->created via 82783db2b10 vfs_fruit: remove resource fork special casing via 02987f70469 vfs_fruit: add some debugging of dev/ino via 6501f483946 s4:torture/vfs/fruit: add test "empty_stream" via 76fb134af85 s4:torture/vfs/fruit: add check_stream_list_handle() via e38c76eed41 s4:torture/util: add torture_smb2_open() via 28072273496 vfs_fruit: filter empty streams via b0657faba45 vfs_fruit: use check on global_fruit_config.nego_aapl for macOS specific behaviour via fd53ad87f87 s4:torture/vfs/fruit: enable AAPL extensions in a bunch of tests via aa7de9869be vfs_fruit: don't unlink 0-byte size truncated streams via 0893dd1a772 s4:torture/vfs/fruit: write some data to a j
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via ea99b56 Add Samba 4.8.8. via 2760f0c NEWS[4.8.8]: Samba 4.8.8 Available for Download from cb0b96e NEWS[4.9.3]: Samba 4.9.3, 4.8.7 and 4.7.12 Security Releases Available https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit ea99b56534f0b49cbf6c90726a6550fd38e32fe2 Author: Karolin Seeger Date: Thu Dec 13 10:19:20 2018 +0100 Add Samba 4.8.8. Signed-off-by: Karolin Seeger commit 2760f0cc19e4d91a9ff7294d7fbebf230e137bf2 Author: Karolin Seeger Date: Thu Dec 13 10:12:24 2018 +0100 NEWS[4.8.8]: Samba 4.8.8 Available for Download Signed-off-by: Karolin Seeger --- Summary of changes: history/header_history.html | 1 + history/samba-4.8.8.html| 100 posted_news/20181213-091816.4.8.8.body.html | 13 +++ posted_news/20181213-091816.4.8.8.headline.html | 3 + 4 files changed, 117 insertions(+) create mode 100644 history/samba-4.8.8.html create mode 100644 posted_news/20181213-091816.4.8.8.body.html create mode 100644 posted_news/20181213-091816.4.8.8.headline.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index 6ffd230..d61b8e5 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -13,6 +13,7 @@ samba-4.9.2 samba-4.9.1 samba-4.9.0 + samba-4.8.8 samba-4.8.7 samba-4.8.6 samba-4.8.5 diff --git a/history/samba-4.8.8.html b/history/samba-4.8.8.html new file mode 100644 index 000..0139106 --- /dev/null +++ b/history/samba-4.8.8.html @@ -0,0 +1,100 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> +http://www.w3.org/1999/xhtml";> + +Samba 4.8.8 - Release Notes + + +Samba 4.8.8 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.8.8.tar.gz";>Samba 4.8.8 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.8.8.tar.asc";>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.8.7-4.8.8.diffs.gz";>Patch (gzipped) against Samba 4.8.7 +https://download.samba.org/pub/samba/patches/samba-4.8.7-4.8.8.diffs.asc";>Signature + + + + = + Release Notes for Samba 4.8.8 + December 13, 2018 + = + + +This is the latest stable release of the Samba 4.8 release series. + +Major bug fixes include: + + + o dns: Fix CNAME loop prevention using counter regression (bug #13600). + + +Changes since 4.8.7: + + +o Jeremy Allison <j...@samba.org> + * BUG 13633: s3: smbd: Prevent valgrind errors in smbtorture3 POSIX test. + +o Andrew Bartlett <abart...@samba.org> + * BUG 13418: dsdb: Add comments explaining the limitations of our current + backlink behaviour. + * BUG 13495: dbcheck: Use symbolic control name for + DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS. + +o Tim Beale <timbe...@catalyst.net.nz> + * BUG 13495: dbchecker: Fixing up incorrect DNs wasn't working. + +o Ralph Boehme <s...@samba.org> + * BUG 9175: libcli/smb: Don't overwrite status code. + * BUG 12164: 'wbinfo --group-info' 'NT AUTHORITY\System' does not work. + * BUG 13175: Fix accessing ZFS snapshot directories over SMB. + * BUG 13642: vfs_fruit should be able to cleanup AppleDouble files. + * BUG 13465: testparm crashes with PANIC: Messaging not initialized on + SLES 12 SP3. + * BUG 13646: File saving issues with vfs_fruit on samba >= 4.8.5. + * BUG 13649: Enabling vfs_fruit looses FinderInfo. + * BUG 13661: Session setup reauth fails to sign response. + * BUG 13667: Cancelling of SMB2 aio reads and writes returns wrong error + NT_STATUS_INTERNAL_ERROR. + * BUG 13677: Fix copy with vfs_fruit if AFP_AfpInfo stream file + size > 60bytes. + +o Isaac Boukris <ibouk...@gmail.com> + * BUG 13571: CVE-2018-16853: Fix S4U2Self crash with MIT KDC build. + +o Amitay Isaacs <ami...@gmail.com> + * BUG 13641: Fix CTDB recovery record resurrection from inactive nodes and + simplify vacuuming. + * BUG 13659: Fix bugs in CTDB event handling. + +o Volker Lendecke <v...@samba.org> + * BUG 13465: examples: Fix the smb2mount build. + * BUG 13662: winbindd_cache: Fix timeout calculation for sid<->name cache. + +o Stefan Metzmacher <me...@samba.org> + * BUG 13418: Extended DN SID component missing for member after switching + group membership. + * BUG 13600: CVE-2018-1462
[SCM] Samba Shared Repository - annotated tag samba-4.8.8 created
The annotated tag, samba-4.8.8 has been created at 2d16c6588eb1cbf15d71cd7e4f2b0c2a81309b6c (tag) tagging 91c4bf85967339fff09f6576c6756d3695390e13 (commit) replaces samba-4.8.7 tagged by Karolin Seeger on Thu Dec 13 10:11:47 2018 +0100 - Log - samba: tag release samba-4.8.8 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCXBIiUwAKCRBvM5FbZWi3 6nvyAJ4wjxsw5eZIdDoQNSZnAEtoLbewFgCgjwPE37xGlONQ7Vscw/G/5bRlKcU= =4+T/ -END PGP SIGNATURE- Aaron Haslett (1): CVE-2018-14629: Tests to expose regression from dns cname loop fix Amitay Isaacs (12): ctdb-daemon: Add invalid_records flag to ctdb_db_context ctdb-daemon: Don't pull any records if records are invalidated ctdb-daemon: Invalidate records if a node becomes INACTIVE ctdb-vacuum: Simplify the deletion of vacuumed records ctdb-vacuum: Fix the incorrect counting of remote errors ctdb-vacuum: Remove unnecessary check for zero records in delete list ctdb-daemon: Drop implementation of RECEIVE_RECORDS control ctdb-protocol: Mark RECEIVE_RECORDS control obsolete ctdb-protocol: Drop marshalling code for RECEIVE_RECORDS control ctdb-tests: Drop code for RECEIVE_RECORDS control ctdb-common: Set close-on-exec for startup fd ctdb-event: Check the return status of sock_daemon_set_startup_fd Andreas Schneider (2): lib:util: Fix DEBUGCLASS pointer initializiation CVE-2018-16853: Do not segfault if client is not set Andrew Bartlett (2): dbcheck: Use symbolic control name for DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS dsdb: Add comments explaining the limitations of our current backlink behaviour Christof Schmitt (20): s3/lib:popt_common: Move setup_logging to common callback s3:lib: Move popt_common_credentials to separate file s3:lib: Introduce cmdline context wrapper test:doc: Skip 'clustering=yes' s3:smbpasswd: Use cmdline_messaging_context s3:smbstatus: Use cmdline_messaging_context rpcclient: Use cmdline_messaging_context s3:net: Use cmdline_messaging_context s3:pdbedit: Use cmdline_messaging_context s3:testparm: Use cmdline_messaging_context s3:sharesec: Use cmdline_messaging_context s3: ntlm_auth: Use cmdline_messaging_context s3:eventlogadm: Use cmdline_messaging_context s3:dbwrap_tool: Use cmdline_messaging_context s3:smbcontrol: Use cmdline_messaging_context s3:smbget: Use cmdline_messaging_context smbtorture: Add test for DELETE_ON_CLOSE on files with READ_ONLY attribute smbd: Fix DELETE_ON_CLOSE behaviour on files with READ_ONLY attribute selftest: Add share to test "delete readonly" option selftest: Run smb2.delete-on-close-perms also with "delete readonly = yes" Isaac Boukris (4): CVE-2018-16853: Fix kinit test on system lacking ldbsearch CVE-2018-16853: The ticket in check_policy_as can actually be a TGS CVE-2018-16853: Add a test to verify s4u2self doesn't crash CVE-2018-16853: fix crash in expired passowrd case Jeremy Allison (1): s3: smbd: Prevent valgrind errors in smbtorture3 POSIX test. Karolin Seeger (5): VERSION: Bump version up to 4.8.6... Merge tag 'samba-4.8.7' into v4-8-test VERSION: Bump version up to 4.8.8. WHATSNEW: Add release notes for Samba 4.8.8. VERSION: Disable GIT_SNAPSHOT for the 4.8.8 release. Martin Schwenke (4): ctdb-tests: Add recovery record resurrection test for volatile databases ctdb-daemon: Return early when refusing to run an event script ctdb-daemon: Exit if eventd goes away ctdb-recovery: Ban a node that causes recovery failure Ralph Boehme (99): s3:lib/server_contexts: make server_event_ctx and server_msg_ctx static s3:loadparm: reinit_globals in lp_load_with_registry_shares() selftest: pass configfile to pdbedit s3:popt_common: use cmdline_messaging_context() in popt_common_credentials_callback() s3:messaging: remove unused messaging_init_client() s4:torture: FinderInfo conversion test with AppleDouble without xattr data vfs_fruit: fix two comments vfs_fruit: store filler bytes from AppleDouble file header in struct adouble vfs_fruit: move setting ADEID_FINDERI length to ad_convert_xattr() vfs_fruit: do direct return from error checks in ad_convert() vfs_fruit: remove unneeded fd argument from ad_convert() vfs_fruit: move storing of modified struct adouble to ad_convert() vfs_fruit: move FinderInfo conversion to helper function and call it from ad_convert() vfs_fruit: move FinderInfo lenght check to ad_convert() vfs_fruit: split out truncating from ad_convert() vfs_fruit: use ADEDOFF_RFORK_DOT_UND offset macro in ad_convert_truncate()
[SCM] Samba Shared Repository - branch v4-8-test updated
The branch, v4-8-test has been updated via a988dcb90c4 VERSION: Bump version up to 4.8.9... via 91c4bf85967 VERSION: Disable GIT_SNAPSHOT for the 4.8.8 release. via 1ce5bb68c78 WHATSNEW: Add release notes for Samba 4.8.8. from 064f8f2d8cd winbindd: Route predefined domains through the BUILTIN domain child https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test - Log - commit a988dcb90c4136baf4303700852d78b28e549970 Author: Karolin Seeger Date: Thu Dec 13 09:59:22 2018 +0100 VERSION: Bump version up to 4.8.9... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger commit 91c4bf85967339fff09f6576c6756d3695390e13 Author: Karolin Seeger Date: Thu Dec 13 09:53:41 2018 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.8.8 release. Signed-off-by: Karolin Seeger commit 1ce5bb68c7843874a935e677327521e0df0aef59 Author: Karolin Seeger Date: Wed Dec 5 09:40:24 2018 +0100 WHATSNEW: Add release notes for Samba 4.8.8. Signed-off-by: Karolin Seeger --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 105 +-- 2 files changed, 104 insertions(+), 3 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 57150635ca3..cfae53693af 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=8 -SAMBA_VERSION_RELEASE=8 +SAMBA_VERSION_RELEASE=9 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 9f604b0d457..d48d1897469 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,104 @@ + = + Release Notes for Samba 4.8.8 + December 13, 2018 + = + + +This is the latest stable release of the Samba 4.8 release series. + +Major bug fixes include: + + + o dns: Fix CNAME loop prevention using counter regression (bug #13600). + + +Changes since 4.8.7: + + +o Jeremy Allison + * BUG 13633: s3: smbd: Prevent valgrind errors in smbtorture3 POSIX test. + +o Andrew Bartlett + * BUG 13418: dsdb: Add comments explaining the limitations of our current + backlink behaviour. + * BUG 13495: dbcheck: Use symbolic control name for + DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS. + +o Tim Beale + * BUG 13495: dbchecker: Fixing up incorrect DNs wasn't working. + +o Ralph Boehme + * BUG 9175: libcli/smb: Don't overwrite status code. + * BUG 12164: 'wbinfo --group-info' 'NT AUTHORITY\System' does not work. + * BUG 13175: Fix accessing ZFS snapshot directories over SMB. + * BUG 13642: vfs_fruit should be able to cleanup AppleDouble files. + * BUG 13465: testparm crashes with PANIC: Messaging not initialized on + SLES 12 SP3. + * BUG 13646: File saving issues with vfs_fruit on samba >= 4.8.5. + * BUG 13649: Enabling vfs_fruit looses FinderInfo. + * BUG 13661: Session setup reauth fails to sign response. + * BUG 13667: Cancelling of SMB2 aio reads and writes returns wrong error + NT_STATUS_INTERNAL_ERROR. + * BUG 13677: Fix copy with vfs_fruit if AFP_AfpInfo stream file + size > 60bytes. + +o Isaac Boukris + * BUG 13571: CVE-2018-16853: Fix S4U2Self crash with MIT KDC build. + +o Amitay Isaacs + * BUG 13641: Fix CTDB recovery record resurrection from inactive nodes and + simplify vacuuming. + * BUG 13659: Fix bugs in CTDB event handling. + +o Volker Lendecke + * BUG 13465: examples: Fix the smb2mount build. + * BUG 13662: winbindd_cache: Fix timeout calculation for sid<->name cache. + +o Stefan Metzmacher + * BUG 13418: Extended DN SID component missing for member after switching + group membership. + * BUG 13600: CVE-2018-14629 dns: Fix CNAME loop prevention using counter + regression. + * BUG 13624: STATUS_SESSION_EXPIRED error is returned unencrypted, if the + request was encrypted. + +o Christof Schmitt + * BUG 13465: testparm crashes with PANIC: Messaging not initialized on + SLES 12 SP3. + * BUG 13673: smbd: Fix DELETE_ON_CLOSE behaviour on files with READ_ONLY + attribute. + +o Andreas Schneider + * BUG 13571: CVE-2018-16853: Fix S4U2Self crash with MIT KDC build. + * BUG 13679: Fix a segfault in pyglue. + +o Martin Schwenke + * BUG 13670: ctdb-recovery: Ban a node that causes recovery failure. + + +### +Reporting bugs & Development Discussion +### + +Please discuss this release on the samba-technical mailing list or b
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via 1d0e4511ce1 winbindd: Route predefined domains through the BUILTIN domain child via ac2c24cc424 winbindd: fix predefined domains routing in find_lookup_domain_from_sid() via fd91429b529 winbindd: add some braces via cf7e9d3d90f libcli/security: add dom_sid_lookup_is_predefined_domain() via 7cc1a8d9caa selftest: test wbinfo -n and --gid-info with "NT Authority" via 53b2e9aff3a CVE-2018-14629 dns: fix CNAME loop prevention using counter regression via 850a5521a3b CVE-2018-14629: Tests to expose regression from dns cname loop fix from 6a549df2419 ctdb-daemon: Exit with error if a database directory does not exist https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit 1d0e4511ce1e2e79d2b8633de769639b5db856a0 Author: Ralph Boehme Date: Wed Nov 28 15:39:21 2018 +0100 winbindd: Route predefined domains through the BUILTIN domain child Without this eg "NT Authority" didn't work: $ bin/wbinfo -n "NT Authority/Authenticated Users" failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND Could not lookup name NT Authority/Authenticated Users $ bin/wbinfo --group-info="NT Authority/Authenticated Users" failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for group NT Authority/Authenticated Users With the patch: $ bin/wbinfo -n "NT Authority/Authenticated Users" S-1-5-11 SID_WKN_GROUP (5) $ bin/wbinfo --group-info="NT Authority/Authenticated Users" NT AUTHORITY\authenticated users:x:10002: BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164 Signed-off-by: Ralph Boehme Reviewed-by: David Mulder Reviewed-by: Andreas Schneider Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Dec 5 11:27:22 CET 2018 on sn-devel-144 (cherry picked from commit 8b8d9fdad4a4e2c479141b3d40e9a7320a49c0dd) Autobuild-User(v4-9-test): Karolin Seeger Autobuild-Date(v4-9-test): Mon Dec 10 13:43:15 CET 2018 on sn-devel-144 commit ac2c24cc42429516150e511ed13dd84c2cb948f8 Author: Ralph Boehme Date: Wed Nov 28 17:20:41 2018 +0100 winbindd: fix predefined domains routing in find_lookup_domain_from_sid() Route predefined domains through the BUILTIN domain child, not passdb. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164 Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Ralph Boehme Signed-off-by: Stefan Metzmacher Reviewed-by: David Mulder Reviewed-by: Andreas Schneider (cherry picked from commit b512a58bbd7361cbbcf68f6713943377338fc2a1) commit fd91429b5290a0e76e522fe743841514053576db Author: Ralph Boehme Date: Tue Nov 27 17:32:09 2018 +0100 winbindd: add some braces BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164 Signed-off-by: Ralph Boehme Reviewed-by: David Mulder Reviewed-by: Andreas Schneider (cherry picked from commit e0f784baeaa73096534d9a1ed941028d99f84ece) commit cf7e9d3d90f99d2fc726c8230b3b6129474b602b Author: Ralph Boehme Date: Wed Nov 28 17:19:39 2018 +0100 libcli/security: add dom_sid_lookup_is_predefined_domain() BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164 Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Ralph Boehme Signed-off-by: Stefan Metzmacher Reviewed-by: David Mulder Reviewed-by: Andreas Schneider (cherry picked from commit 2de5f06d399109009c343b0acfef822db38502a1) commit 7cc1a8d9caacb8dfe29fe6c0c533f016db707a42 Author: Ralph Boehme Date: Tue Nov 27 20:32:09 2018 +0100 selftest: test wbinfo -n and --gid-info with "NT Authority" BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164 Signed-off-by: Ralph Boehme Reviewed-by: David Mulder Reviewed-by: Andreas Schneider (cherry picked from commit c46b6b111e8adcd7cf029e5c3293cbdc471793db) commit 53b2e9aff3a292e0383168aa0e1c3d8fc417f17a Author: Stefan Metzmacher Date: Wed Nov 28 15:21:56 2018 +0100 CVE-2018-14629 dns: fix CNAME loop prevention using counter regression The loop prevention should only be done for CNAME records! Otherwise we truncate the answer records for A, or SRV queries, which is a bad idea if you have more than 20 DCs. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600 Signed-off-by: Stefan Metzmacher Reviewed-by: Douglas Bagnall Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Tue Dec 4 08:52:29 CET 2018 on sn-devel-144 (cherry picked from commit 34f4491d79b47b2fe2457b8882f11644cf773bc4) commit 850a5521a3bfcbacd6fe029200eb9ea0f908a80c Author: Aaron Haslett Date: Fri
[SCM] Samba Shared Repository - branch v4-7-test updated
The branch, v4-7-test has been updated via 23b41ebe1de CVE-2018-14629 dns: fix CNAME loop prevention using counter regression via afc79912685 CVE-2018-14629: Tests to expose regression from dns cname loop fix via 29481e9dd5d .gitlab-ci.yml: Adapt to current GitLab CI setup via 463ee44 gitlab-ci: add .gitlab-ci.yml via fcbea2c7c96 CVE-2018-16853: fix crash in expired passowrd case via 09b9a9bed3a CVE-2018-16853: Do not segfault if client is not set via 03607d79e35 CVE-2018-16853: Add a test to verify s4u2self doesn't crash via 22794132513 CVE-2018-16853: The ticket in check_policy_as can actually be a TGS via 51518080df9 CVE-2018-16853: Fix kinit test on system lacking ldbsearch from c4ec9d57608 VERSION: Bump version up to 4.7.13. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test - Log - commit 23b41ebe1deca762e03d4d688f0a11e11f809afd Author: Stefan Metzmacher Date: Wed Nov 28 15:21:56 2018 +0100 CVE-2018-14629 dns: fix CNAME loop prevention using counter regression The loop prevention should only be done for CNAME records! Otherwise we truncate the answer records for A, or SRV queries, which is a bad idea if you have more than 20 DCs. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600 Signed-off-by: Stefan Metzmacher Reviewed-by: Douglas Bagnall Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Tue Dec 4 08:52:29 CET 2018 on sn-devel-144 (cherry picked from commit 34f4491d79b47b2fe2457b8882f11644cf773bc4) Autobuild-User(v4-7-test): Karolin Seeger Autobuild-Date(v4-7-test): Fri Dec 7 16:59:16 CET 2018 on sn-devel-144 commit afc799126853e1ce9cb498c4cc0eb17b9e0dd565 Author: Aaron Haslett Date: Fri Nov 30 18:37:27 2018 +1300 CVE-2018-14629: Tests to expose regression from dns cname loop fix These tests expose the regression described by Stefan Metzmacher in discussion on the bugzilla paged linked below. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600 Signed-off-by: Aaron Haslett Reviewed-by: Douglas Bagnall Reviewed-by: Stefan Metzmacher (cherry picked from commit 14399fd818b130a6347eec860460929c292d5996) commit 29481e9dd5dc1765d1108eee5d6ab2a3551c5192 Author: Andrew Bartlett Date: Tue Jun 26 14:59:26 2018 +1200 .gitlab-ci.yml: Adapt to current GitLab CI setup Signed-off-by: Andrew Bartlett (cherry picked from commit fb522c1ba0afa1b2298e66dfde42806cae72e5b9) commit 463ee44ec1757b9b16d293a331e2f5c962e6 Author: Joe Guo Date: Wed Sep 20 09:33:27 2017 +1200 gitlab-ci: add .gitlab-ci.yml Add .gitlab-ci.yml file, and define build jobs in groups. Once gitlab-runner set up, builds and tests can be triggered automatically in parallel when push to gitlab. Also, with gitlab-runner autoscale mode, build instances will be created and removed on demand. Signed-off-by: Joe Guo Reviewed-by: Andrew Bartlett Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Tue Oct 31 15:32:16 CET 2017 on sn-devel-144 (cherry picked from commit 8be4236b323b5f755ff6c0bf0a4a5fb99343c84d) commit fcbea2c7c9680ad7e24235150d61f9a0aee36bb4 Author: Isaac Boukris Date: Wed Nov 7 22:53:35 2018 +0200 CVE-2018-16853: fix crash in expired passowrd case When calling encode_krb5_padata_sequence() make sure to pass a null terminated array as required. Fixes expired passowrd case in samba4.blackbox.kinit test. Signed-off-by: Isaac Boukris Reviewed-by: Andreas Schneider Reviewed-by: Stefan Metzmacher commit 09b9a9bed3aae0fbd945921849cd66ce9e22e0ea Author: Andreas Schneider Date: Wed Sep 28 07:22:32 2016 +0200 CVE-2018-16853: Do not segfault if client is not set This can be triggered with FAST but we don't support this yet. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571 Signed-off-by: Andreas Schneider Reviewed-by: Stefan Metzmacher commit 03607d79e358c664bcf25a5304684dccb49b3ffe Author: Isaac Boukris Date: Sat Aug 18 16:01:59 2018 +0300 CVE-2018-16853: Add a test to verify s4u2self doesn't crash BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571 Signed-off-by: Isaac Boukris Reviewed-by: Andreas Schneider Reviewed-by: Stefan Metzmacher commit 22794132513e7c8ddc3cff98f7786a48554499dc Author: Isaac Boukris Date: Sat Aug 18 00:40:30 2018 +0300 CVE-2018-16853: The ticket in check_policy_as can actually be a TGS This happens when we are called from S4U2Self flow, and in that case kdcreq->client is NULL. Use the name from client entry instead. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571 Si
[SCM] Samba Shared Repository - branch v4-8-test updated
The branch, v4-8-test has been updated via 064f8f2d8cd winbindd: Route predefined domains through the BUILTIN domain child via bd464e2892c winbindd: fix predefined domains routing in find_lookup_domain_from_sid() via 1dd91d1463b winbindd: add some braces via 887cc66ff8f libcli/security: add dom_sid_lookup_is_predefined_domain() via d85ce20d988 selftest: test wbinfo -n and --gid-info with "NT Authority" via c81921da2e5 CVE-2018-14629 dns: fix CNAME loop prevention using counter regression via 9d58994621f CVE-2018-14629: Tests to expose regression from dns cname loop fix from 6d9c94e82c0 CVE-2018-16853: fix crash in expired passowrd case https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test - Log - commit 064f8f2d8cd8292c09310c4f13258d843597c5e8 Author: Ralph Boehme Date: Wed Nov 28 15:39:21 2018 +0100 winbindd: Route predefined domains through the BUILTIN domain child Without this eg "NT Authority" didn't work: $ bin/wbinfo -n "NT Authority/Authenticated Users" failed to call wbcLookupName: WBC_ERR_DOMAIN_NOT_FOUND Could not lookup name NT Authority/Authenticated Users $ bin/wbinfo --group-info="NT Authority/Authenticated Users" failed to call wbcGetgrnam: WBC_ERR_DOMAIN_NOT_FOUND Could not get info for group NT Authority/Authenticated Users With the patch: $ bin/wbinfo -n "NT Authority/Authenticated Users" S-1-5-11 SID_WKN_GROUP (5) $ bin/wbinfo --group-info="NT Authority/Authenticated Users" NT AUTHORITY\authenticated users:x:10002: BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164 Signed-off-by: Ralph Boehme Reviewed-by: David Mulder Reviewed-by: Andreas Schneider Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Wed Dec 5 11:27:22 CET 2018 on sn-devel-144 (cherry picked from commit 8b8d9fdad4a4e2c479141b3d40e9a7320a49c0dd) Autobuild-User(v4-8-test): Karolin Seeger Autobuild-Date(v4-8-test): Fri Dec 7 16:15:58 CET 2018 on sn-devel-144 commit bd464e2892c212287658146f544364ebafb36050 Author: Ralph Boehme Date: Wed Nov 28 17:20:41 2018 +0100 winbindd: fix predefined domains routing in find_lookup_domain_from_sid() Route predefined domains through the BUILTIN domain child, not passdb. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164 Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Ralph Boehme Signed-off-by: Stefan Metzmacher Reviewed-by: David Mulder Reviewed-by: Andreas Schneider (cherry picked from commit b512a58bbd7361cbbcf68f6713943377338fc2a1) commit 1dd91d1463bc399050008ad410a6a81fb572a0f0 Author: Ralph Boehme Date: Tue Nov 27 17:32:09 2018 +0100 winbindd: add some braces BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164 Signed-off-by: Ralph Boehme Reviewed-by: David Mulder Reviewed-by: Andreas Schneider (cherry picked from commit e0f784baeaa73096534d9a1ed941028d99f84ece) commit 887cc66ff8f4f00e564452590aabc03fd30512bf Author: Ralph Boehme Date: Wed Nov 28 17:19:39 2018 +0100 libcli/security: add dom_sid_lookup_is_predefined_domain() BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164 Pair-Programmed-With: Stefan Metzmacher Signed-off-by: Ralph Boehme Signed-off-by: Stefan Metzmacher Reviewed-by: David Mulder Reviewed-by: Andreas Schneider (cherry picked from commit 2de5f06d399109009c343b0acfef822db38502a1) commit d85ce20d988233968b48193e0193132892ce1323 Author: Ralph Boehme Date: Tue Nov 27 20:32:09 2018 +0100 selftest: test wbinfo -n and --gid-info with "NT Authority" BUG: https://bugzilla.samba.org/show_bug.cgi?id=12164 Signed-off-by: Ralph Boehme Reviewed-by: David Mulder Reviewed-by: Andreas Schneider (cherry picked from commit c46b6b111e8adcd7cf029e5c3293cbdc471793db) commit c81921da2e5b2c42c9db25cdbb443891656a4df7 Author: Stefan Metzmacher Date: Wed Nov 28 15:21:56 2018 +0100 CVE-2018-14629 dns: fix CNAME loop prevention using counter regression The loop prevention should only be done for CNAME records! Otherwise we truncate the answer records for A, or SRV queries, which is a bad idea if you have more than 20 DCs. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600 Signed-off-by: Stefan Metzmacher Reviewed-by: Douglas Bagnall Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Tue Dec 4 08:52:29 CET 2018 on sn-devel-144 (cherry picked from commit 34f4491d79b47b2fe2457b8882f11644cf773bc4) commit 9d58994621f37e3d1be1eb1ddf68d0675d188cd2 Author: Aaron Haslett Date: Fri Nov 30 18:37:27 201
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via 6a549df2419 ctdb-daemon: Exit with error if a database directory does not exist from b2ef0e08a9b CVE-2018-16853: fix crash in expired passowrd case https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit 6a549df2419199e2364e6206fc3ab3cc2b4b0eaf Author: Martin Schwenke Date: Fri Nov 30 12:44:26 2018 +1100 ctdb-daemon: Exit with error if a database directory does not exist Since 4.9.0, the log messages can be confusing if a required database directory does not exist. Explicitly check for database directories, logging a clear error and exiting if one is missing. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13696 Signed-off-by: Martin Schwenke Reviewed-by: Amitay Isaacs Autobuild-User(master): Amitay Isaacs Autobuild-Date(master): Mon Dec 3 06:56:41 CET 2018 on sn-devel-144 (cherry picked from commit dd7574afd1b2fb6a88defa154bc3d15e94f9ce0d) Autobuild-User(v4-9-test): Karolin Seeger Autobuild-Date(v4-9-test): Wed Dec 5 13:01:52 CET 2018 on sn-devel-144 --- Summary of changes: ctdb/server/ctdbd.c | 20 1 file changed, 20 insertions(+) Changeset truncated at 500 lines: diff --git a/ctdb/server/ctdbd.c b/ctdb/server/ctdbd.c index 721347c4733..45519a7fc3d 100644 --- a/ctdb/server/ctdbd.c +++ b/ctdb/server/ctdbd.c @@ -299,8 +299,28 @@ int main(int argc, const char *argv[]) */ ctdb->db_directory = ctdb_config.dbdir_volatile; + ok = directory_exist(ctdb->db_directory); + if (! ok) { + D_ERR("Volatile database directory %s does not exist\n", + ctdb->db_directory); + goto fail; + } + ctdb->db_directory_persistent = ctdb_config.dbdir_persistent; + ok = directory_exist(ctdb->db_directory_persistent); + if (! ok) { + D_ERR("Persistent database directory %s does not exist\n", + ctdb->db_directory_persistent); + goto fail; + } + ctdb->db_directory_state = ctdb_config.dbdir_state; + ok = directory_exist(ctdb->db_directory_state); + if (! ok) { + D_ERR("State database directory %s does not exist\n", + ctdb->db_directory_state); + goto fail; + } if (ctdb_config.lock_debug_script != NULL) { ret = setenv("CTDB_DEBUG_LOCKS", -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-8-test updated
The branch, v4-8-test has been updated via 6d9c94e82c0 CVE-2018-16853: fix crash in expired passowrd case via c4c0a23a34c CVE-2018-16853: Do not segfault if client is not set via e57433c46ba CVE-2018-16853: Add a test to verify s4u2self doesn't crash via fb634be8327 CVE-2018-16853: The ticket in check_policy_as can actually be a TGS via 1c4004425d0 CVE-2018-16853: Fix kinit test on system lacking ldbsearch via c33afb1e2c9 libcli/smb: don't overwrite status code via 50c2d78c270 s4:torture/smb2/session: test smbXcli_session_set_disconnect_expired() works from 903c3a0fb67 vfs_zfsacl: return synthesized ACL when ZFS return ENOTSUP https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test - Log - commit 6d9c94e82c0cc9fa314de2ad8969d01bac11bd0f Author: Isaac Boukris Date: Wed Nov 7 22:53:35 2018 +0200 CVE-2018-16853: fix crash in expired passowrd case When calling encode_krb5_padata_sequence() make sure to pass a null terminated array as required. Fixes expired passowrd case in samba4.blackbox.kinit test. Signed-off-by: Isaac Boukris Reviewed-by: Andreas Schneider Reviewed-by: Stefan Metzmacher Autobuild-User(v4-8-test): Karolin Seeger Autobuild-Date(v4-8-test): Tue Dec 4 18:36:56 CET 2018 on sn-devel-144 commit c4c0a23a34cfe21484f2dbc2830d85aff5929724 Author: Andreas Schneider Date: Wed Sep 28 07:22:32 2016 +0200 CVE-2018-16853: Do not segfault if client is not set This can be triggered with FAST but we don't support this yet. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571 Signed-off-by: Andreas Schneider Reviewed-by: Stefan Metzmacher commit e57433c46ba8429f633a739052139de1e29c2b23 Author: Isaac Boukris Date: Sat Aug 18 16:01:59 2018 +0300 CVE-2018-16853: Add a test to verify s4u2self doesn't crash BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571 Signed-off-by: Isaac Boukris Reviewed-by: Andreas Schneider Reviewed-by: Stefan Metzmacher commit fb634be8327f48f5401f7f10013cd01599932af2 Author: Isaac Boukris Date: Sat Aug 18 00:40:30 2018 +0300 CVE-2018-16853: The ticket in check_policy_as can actually be a TGS This happens when we are called from S4U2Self flow, and in that case kdcreq->client is NULL. Use the name from client entry instead. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571 Signed-off-by: Isaac Boukris Reviewed-by: Andreas Schneider Reviewed-by: Stefan Metzmacher commit 1c4004425d08492ae9ea53ef96297c858aa6b1b8 Author: Isaac Boukris Date: Sat Aug 18 15:32:43 2018 +0300 CVE-2018-16853: Fix kinit test on system lacking ldbsearch By fixing bindir variable name. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571 Signed-off-by: Isaac Boukris Reviewed-by: Andreas Schneider Reviewed-by: Stefan Metzmacher commit c33afb1e2c9285ed399bd2f07f0626edabbbe555 Author: Ralph Boehme Date: Wed Nov 7 14:00:25 2018 +0100 libcli/smb: don't overwrite status code The original commit c5cd22b5bbce724dcd68fe94320382b3f772cabf from bug 9175 never worked, as the preceeding signing check overwrote the status variable. Bug: https://bugzilla.samba.org/show_bug.cgi?id=9175 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Tue Nov 13 17:28:45 CET 2018 on sn-devel-144 (cherry picked from commit 5a8583ed701be97c33a20b2a20f6bbb8ac2f8e99) commit 50c2d78c270a6b4466bfde4ea68559fa1c03558a Author: Ralph Boehme Date: Tue Nov 13 12:08:10 2018 +0100 s4:torture/smb2/session: test smbXcli_session_set_disconnect_expired() works This adds a simple test that verifies that after having set smbXcli_session_set_disconnect_expired() a session gets disconnected when it expires. Bug: https://bugzilla.samba.org/show_bug.cgi?id=9175 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher (cherry picked from commit a5d1bb5c5b5a57a2d7710dc5ab962683fe5c8e68) --- Summary of changes: libcli/smb/smbXcli_base.c| 12 ++-- source4/kdc/mit-kdb/kdb_samba_policies.c | 24 ++- source4/kdc/mit_samba.c | 7 +- source4/torture/smb2/session.c | 110 +++ testprogs/blackbox/test_kinit_mit.sh | 20 -- 5 files changed, 159 insertions(+), 14 deletions(-) Changeset truncated at 500 lines: diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c index 512cbd8c6f4..3f65216a669 100644 --- a/libcli/smb/smbXcli_base.c +++ b/libcli/smb/smbXcli_base.c @@ -3907,15 +3907,17 @@ static NTSTATUS smb2cli_c
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via b2ef0e08a9b CVE-2018-16853: fix crash in expired passowrd case via a26e6160b33 CVE-2018-16853: Do not segfault if client is not set via a2f4d49c1c5 CVE-2018-16853: Add a test to verify s4u2self doesn't crash via 09f9bb28371 CVE-2018-16853: The ticket in check_policy_as can actually be a TGS via d2a6e3e1bb4 CVE-2018-16853: Fix kinit test on system lacking ldbsearch via 2332c99cba7 libcli/smb: don't overwrite status code via 739ce2c7335 s4:torture/smb2/session: test smbXcli_session_set_disconnect_expired() works via f678c6f06f0 ldb_controls: Add some talloc error checking for controls via f4105adc285 sync_passwords: Remove dirsync cookie logging for continuous operation via 517df6d3da3 dirsync: Allow arbitrary length cookies via a816ca4004a PEP8: fix E231: missing whitespace after ',' from b3d376b7d4d VERSION: Bump version up to 4.9.4. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit b2ef0e08a9beda7231629dce6875a8c37360acf8 Author: Isaac Boukris Date: Wed Nov 7 22:53:35 2018 +0200 CVE-2018-16853: fix crash in expired passowrd case When calling encode_krb5_padata_sequence() make sure to pass a null terminated array as required. Fixes expired passowrd case in samba4.blackbox.kinit test. Signed-off-by: Isaac Boukris Reviewed-by: Andreas Schneider Reviewed-by: Stefan Metzmacher Autobuild-User(v4-9-test): Karolin Seeger Autobuild-Date(v4-9-test): Tue Dec 4 17:27:18 CET 2018 on sn-devel-144 commit a26e6160b3361f02d9d91f04114b8a03adf11780 Author: Andreas Schneider Date: Wed Sep 28 07:22:32 2016 +0200 CVE-2018-16853: Do not segfault if client is not set This can be triggered with FAST but we don't support this yet. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571 Signed-off-by: Andreas Schneider Reviewed-by: Stefan Metzmacher commit a2f4d49c1c545d9a64d34d0413f3e840d8f109f6 Author: Isaac Boukris Date: Sat Aug 18 16:01:59 2018 +0300 CVE-2018-16853: Add a test to verify s4u2self doesn't crash BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571 Signed-off-by: Isaac Boukris Reviewed-by: Andreas Schneider Reviewed-by: Stefan Metzmacher commit 09f9bb2837180ca27085b27aa636bfbae975f294 Author: Isaac Boukris Date: Sat Aug 18 00:40:30 2018 +0300 CVE-2018-16853: The ticket in check_policy_as can actually be a TGS This happens when we are called from S4U2Self flow, and in that case kdcreq->client is NULL. Use the name from client entry instead. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571 Signed-off-by: Isaac Boukris Reviewed-by: Andreas Schneider Reviewed-by: Stefan Metzmacher commit d2a6e3e1bb4609224fc9316abaaa156b3f71cb34 Author: Isaac Boukris Date: Sat Aug 18 15:32:43 2018 +0300 CVE-2018-16853: Fix kinit test on system lacking ldbsearch By fixing bindir variable name. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571 Signed-off-by: Isaac Boukris Reviewed-by: Andreas Schneider Reviewed-by: Stefan Metzmacher commit 2332c99cba77bea1113014011d840b2005a4a75f Author: Ralph Boehme Date: Wed Nov 7 14:00:25 2018 +0100 libcli/smb: don't overwrite status code The original commit c5cd22b5bbce724dcd68fe94320382b3f772cabf from bug 9175 never worked, as the preceeding signing check overwrote the status variable. Bug: https://bugzilla.samba.org/show_bug.cgi?id=9175 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Tue Nov 13 17:28:45 CET 2018 on sn-devel-144 (cherry picked from commit 5a8583ed701be97c33a20b2a20f6bbb8ac2f8e99) commit 739ce2c733521fe53a74927f9c801ba503cc1586 Author: Ralph Boehme Date: Tue Nov 13 12:08:10 2018 +0100 s4:torture/smb2/session: test smbXcli_session_set_disconnect_expired() works This adds a simple test that verifies that after having set smbXcli_session_set_disconnect_expired() a session gets disconnected when it expires. Bug: https://bugzilla.samba.org/show_bug.cgi?id=9175 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher (cherry picked from commit a5d1bb5c5b5a57a2d7710dc5ab962683fe5c8e68) commit f678c6f06f03b81cec1ea38ee1a4f4c67c38dcfe Author: Garming Sam Date: Wed Nov 14 10:29:01 2018 +1300 ldb_controls: Add some talloc error checking for controls BUG: https://bugzilla.samba.org/show_bug.cgi?id=13686 Signed-off-by: Garming Sam Reviewed-by: Andrew Bartlett (cherry picked from commit ad8bb6fcd08be28c40f2522d640333e9e69b7852) commit f4105adc2
[SCM] Samba Shared Repository - branch v4-8-test updated
The branch, v4-8-test has been updated via 903c3a0fb67 vfs_zfsacl: return synthesized ACL when ZFS return ENOTSUP via 5c1d414053d s3:smbd: make psbuf arg to make_default_acl_posix() const from 03f60c3ab36 VERSION: Bump version up to 4.8.8. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test - Log - commit 903c3a0fb6793c8706bfd3d5f48ff51a2183586c Author: Ralph Boehme Date: Tue Dec 5 08:28:28 2017 +0100 vfs_zfsacl: return synthesized ACL when ZFS return ENOTSUP This allows accessing the ZFS .snapshots directory where ZFS returns ENOTSUP when calling acl(".snapshots"). Bug: https://bugzilla.samba.org/show_bug.cgi?id=13175 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Fri May 18 22:03:21 CEST 2018 on sn-devel-144 (cherry picked from commit f93cc232377d4c686ac35ee5e14e798974bc0700) Autobuild-User(v4-8-test): Karolin Seeger Autobuild-Date(v4-8-test): Wed Nov 28 13:20:55 CET 2018 on sn-devel-144 commit 5c1d414053d5b41012fcfc0c7c3a2c0acaaf229f Author: Ralph Boehme Date: Fri May 18 13:14:57 2018 +0200 s3:smbd: make psbuf arg to make_default_acl_posix() const Bug: https://bugzilla.samba.org/show_bug.cgi?id=13175 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit ec2a40831359ae93f437ef76f8ba76bbd95bc6dc) --- Summary of changes: source3/modules/vfs_zfsacl.c | 36 ++-- source3/smbd/posix_acls.c| 8 source3/smbd/proto.h | 2 +- 3 files changed, 39 insertions(+), 7 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c index 0bc4ba6604f..43e41f95c1a 100644 --- a/source3/modules/vfs_zfsacl.c +++ b/source3/modules/vfs_zfsacl.c @@ -238,7 +238,20 @@ static NTSTATUS zfsacl_fget_nt_acl(struct vfs_handle_struct *handle, fsp->fsp_name, &pacl); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(frame); - return status; + if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) { + return status; + } + + status = make_default_filesystem_acl(mem_ctx, +DEFAULT_ACL_POSIX, +fsp->fsp_name->base_name, +&fsp->fsp_name->st, +ppdesc); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + (*ppdesc)->type |= SEC_DESC_DACL_PROTECTED; + return NT_STATUS_OK; } status = smb_fget_nt_acl_nfs4(fsp, NULL, security_info, mem_ctx, @@ -260,7 +273,26 @@ static NTSTATUS zfsacl_get_nt_acl(struct vfs_handle_struct *handle, status = zfs_get_nt_acl_common(handle->conn, frame, smb_fname, &pacl); if (!NT_STATUS_IS_OK(status)) { TALLOC_FREE(frame); - return status; + if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_SUPPORTED)) { + return status; + } + + if (!VALID_STAT(smb_fname->st)) { + DBG_ERR("No stat info for [%s]\n", + smb_fname_str_dbg(smb_fname)); + return NT_STATUS_INTERNAL_ERROR; + } + + status = make_default_filesystem_acl(mem_ctx, +DEFAULT_ACL_POSIX, +smb_fname->base_name, +&smb_fname->st, +ppdesc); + if (!NT_STATUS_IS_OK(status)) { + return status; + } + (*ppdesc)->type |= SEC_DESC_DACL_PROTECTED; + return NT_STATUS_OK; } status = smb_get_nt_acl_nfs4(handle->conn, diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c index 8d42535d877..6396f818176 100644 --- a/source3/smbd/posix_acls.c +++ b/source3/smbd/posix_acls.c @@ -4779,7 +4779,7 @@ int posix_sys_acl_blob_get_fd(vfs_handle_struct *handle, static NTSTATUS make_default_acl_posix(TALLOC_CTX *ctx, const char *name, - SMB_STRUCT_STAT *psbuf, + const SMB_STRUCT_STAT *psbuf, struct security_descriptor **ppdesc) { st
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via fde9f7c81b4 CVE-2018-16857 dsdb/util: Add better default lockOutObservationWindow via 13014aea13a CVE-2018-16857 dsdb/util: Fix lockOutObservationWindow for PSOs via c7b937c5aae CVE-2018-16857 dsdb/util: Correctly treat lockOutObservationWindow as 64-bit int via 77de8278e4b CVE-2018-16857 tests: Sanity-check password lockout works with default values via 6ab51b2af90 CVE-2018-16853: fix crash in expired passowrd case via 7cddbcf039a CVE-2018-16853: Do not segfault if client is not set via c556ac5c66b CVE-2018-16853: Add a test to verify s4u2self doesn't crash via 6c453aeb0c7 CVE-2018-16853: The ticket in check_policy_as can actually be a TGS via bf0e9041bec CVE-2018-16853: Fix kinit test on system lacking ldbsearch via c5370a4349d CVE-2018-16853 WHATSNEW: The Samba AD DC, when build with MIT Kerberos is experimental via 07c49d25cdc CVE-2018-16853 build: The Samba AD DC, when build with MIT Kerberos is experimental via 9a12a001466 CVE-2018-16852 dcerpc dnsserver: refactor common properties handling via 2b00f8fa9fd CVE-2018-16852 dcerpc dnsserver: Ensure properties are handled correctly via c1d4033e09a CVE-2018-16852 dcerpc dnsserver: Verification tests via d2c98abde12 CVE-2018-16851 ldap_server: Check ret before manipulating blob via c835e27a998 CVE-2018-16841 selftest: Check for mismatching principal in certficate compared with principal in AS-REQ via b6e9c4b8bbd CVE-2018-16841 heimdal: Fix segfault on PKINIT with mis-matching principal via 97b426babaa CVE-2018-14629 dns: CNAME loop prevention using counter via c3f60859919 dns: prevent self-referencing CNAME from 1f42e62e46f notifyd: Improve a debug message https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit fde9f7c81b42419e71b2fc8c31d92db4a05176af Author: Tim Beale Date: Tue Nov 13 13:22:41 2018 +1300 CVE-2018-16857 dsdb/util: Add better default lockOutObservationWindow Clearly the lockOutObservationWindow value is important, and using a default value of zero doesn't work very well. This patch adds a better default value (the domain default setting of 30 minutes). BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683 Signed-off-by: Tim Beale Reviewed-by: Andrew Bartlett Autobuild-User(master): Karolin Seeger Autobuild-Date(master): Wed Nov 28 11:31:14 CET 2018 on sn-devel-144 commit 13014aea13a77f6a75ab948e2a29d814ebd9dd22 Author: Tim Beale Date: Tue Nov 13 13:19:04 2018 +1300 CVE-2018-16857 dsdb/util: Fix lockOutObservationWindow for PSOs Fix a remaining place where we were trying to read the msDS-LockoutObservationWindow as an int instead of an int64. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683 Signed-off-by: Tim Beale Reviewed-by: Andrew Bartlett commit c7b937c5aae40483f2f37727758ed50877f17a5b Author: Tim Beale Date: Tue Nov 13 12:24:16 2018 +1300 CVE-2018-16857 dsdb/util: Correctly treat lockOutObservationWindow as 64-bit int Commit 442a38c918ae1666b35 refactored some code into a new get_lockout_observation_window() function. However, in moving the code, an ldb_msg_find_attr_as_int64() inadvertently got converted to a ldb_msg_find_attr_as_int(). ldb_msg_find_attr_as_int() will only work for values up to -2147483648 (about 3.5 minutes in MS timestamp form). Unfortunately, the automated tests used a low enough timeout that they still worked, however, password lockout would not work with the Samba default settings. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683 Signed-off-by: Tim Beale Reviewed-by: Andrew Bartlett commit 77de8278e4b467b66a477c09945a9bcc6b08b194 Author: Tim Beale Date: Tue Nov 13 11:49:56 2018 +1300 CVE-2018-16857 tests: Sanity-check password lockout works with default values Sanity-check that when we use the default lockOutObservationWindow that user lockout actually works. The easiest way to do this is to reuse the _test_login_lockout() test-case, but stop at the point where we wait for the lockout duration to expire (because we don't want the test to wait 30 mins). This highlights a problem currently where the default values don't work. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683 Signed-off-by: Tim Beale Reviewed-by: Andrew Bartlett commit 6ab51b2af90f5dca11b8587b2a16215ab4497069 Author: Isaac Boukris Date: Wed Nov 7 22:53:35 2018 +0200 CVE-2018-16853: fix crash in expired passowrd case When calling encode_krb5_padata_sequence() make sure to pass a null terminated array as required. Fixes expired pas
[SCM] Samba Shared Repository - branch v4-7-test updated
The branch, v4-7-test has been updated via c4ec9d57608 VERSION: Bump version up to 4.7.13. via ba16fccfccc Merge tag 'samba-4.7.12' into v4-7-test via b7d190f89d7 VERSION: Disable GIT_SNAPSHOT for the 4.7.12 release. via fb5d78cfa06 WHATSNEW: Add release notes for Samba 4.7.12. via 5f7f57fbe30 CVE-2018-16853 build: The Samba AD DC, when build with MIT Kerberos is experimental via ac0b38fb285 CVE-2018-16851 ldap_server: Check ret before manipulating blob via b49c87f8d64 CVE-2018-16841 selftest: Check for mismatching principal in certficate compared with principal in AS-REQ via e1026a1685b CVE-2018-16841 heimdal: Fix segfault on PKINIT with mis-matching principal via f7a8294d65e CVE-2018-14629 dns: CNAME loop prevention using counter via 32299234424 VERSION: Bump version up to 4.7.12... from 787ab099388 VERSION: Bump version up to 4.7.12... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test - Log - commit c4ec9d57608a1d010973890d91f9ae9bba6a9ebc Author: Karolin Seeger Date: Tue Nov 27 11:08:33 2018 +0100 VERSION: Bump version up to 4.7.13. Signed-off-by: Karolin Seeger commit ba16fccfcccd408a01b2bf1c6f7212c1a18eb1fd Merge: 787ab099388 b7d190f89d7 Author: Karolin Seeger Date: Tue Nov 27 11:08:12 2018 +0100 Merge tag 'samba-4.7.12' into v4-7-test samba: tag release samba-4.7.12 --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 103 +- python/samba/tests/dns.py | 24 +++ selftest/knownfail.d/dns | 6 ++ source4/dns_server/dns_query.c| 6 ++ source4/kdc/db-glue.c | 6 +- source4/ldap_server/ldap_server.c | 4 +- testprogs/blackbox/test_pkinit_heimdal.sh | 8 +++ wscript | 17 + 9 files changed, 168 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index a8a6777bdd1..43f0495fecc 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=7 -SAMBA_VERSION_RELEASE=12 +SAMBA_VERSION_RELEASE=13 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index e3da5bfadb5..be9dc7e56c3 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,102 @@ + == + Release Notes for Samba 4.7.12 + November 27, 2018 + == + + +This is a security release in order to address the following defects: + +o CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD + Internal DNS server) +o CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT) +o CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server) +o CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos + configuration (unsupported)) + + +=== +Details +=== + +o CVE-2018-14629: + All versions of Samba from 4.0.0 onwards are vulnerable to infinite + query recursion caused by CNAME loops. Any dns record can be added via + ldap by an unprivileged user using the ldbadd tool, so this is a + security issue. + +o CVE-2018-16841: + When configured to accept smart-card authentication, Samba's KDC will call + talloc_free() twice on the same memory if the principal in a validly signed + certificate does not match the principal in the AS-REQ. + + This is only possible after authentication with a trusted certificate. + + talloc is robust against further corruption from a double-free with + talloc_free() and directly calls abort(), terminating the KDC process. + + There is no further vulnerability associated with this issue, merely a + denial of service. + +o CVE-2018-16851: + During the processing of an LDAP search before Samba's AD DC returns + the LDAP entries to the client, the entries are cached in a single + memory object with a maximum size of 256MB. When this size is + reached, the Samba process providing the LDAP service will follow the + NULL pointer, terminating the process. + + There is no further vulnerability associated with this issue, merely a + denial of service. + +o CVE-2018-16853: + A user in a Samba AD domain can crash the KDC when Samba is built in the + non-default MIT Kerberos configuration. + + With this advisory we clarify that the MIT Kerberos build of the Samba + AD DC is considered experimental. Therefore the Samba Team will not + i
[SCM] Samba Shared Repository - branch v4-8-test updated
The branch, v4-8-test has been updated via 03f60c3ab36 VERSION: Bump version up to 4.8.8. via db08ec4c941 Merge tag 'samba-4.8.7' into v4-8-test via cd870beb978 VERSION: Disable GIT_SNAPSHOT for the 4.8.7 release. via de51a73e070 WHATSNEW: Add release notes for Samba 4.8.7. via 52aa2e14144 CVE-2018-16853 build: The Samba AD DC, when build with MIT Kerberos is experimental via fff405ae28b CVE-2018-16851 ldap_server: Check ret before manipulating blob via b904c680eed CVE-2018-16841 selftest: Check for mismatching principal in certficate compared with principal in AS-REQ via da96fce CVE-2018-16841 heimdal: Fix segfault on PKINIT with mis-matching principal via 86ddd703248 CVE-2018-14629 dns: CNAME loop prevention using counter via 623c3a99ef7 VERSION: Bump version up to 4.8.7... from 58c53ddef51 s3:smb2_sesssetup: check session_info security level before it gets talloc_move'd https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test - Log - commit 03f60c3ab3662a8fde5dd457ece1faf638b7faa9 Author: Karolin Seeger Date: Tue Nov 27 11:06:59 2018 +0100 VERSION: Bump version up to 4.8.8. Signed-off-by: Karolin Seeger commit db08ec4c941d6d775d441260cd4e804bc7b4157a Merge: 58c53ddef51 cd870beb978 Author: Karolin Seeger Date: Tue Nov 27 11:06:43 2018 +0100 Merge tag 'samba-4.8.7' into v4-8-test samba: tag release samba-4.8.7 --- Summary of changes: VERSION | 2 +- WHATSNEW.txt | 103 +- python/samba/tests/dns.py | 24 +++ selftest/knownfail.d/dns | 6 ++ source4/dns_server/dns_query.c| 6 ++ source4/kdc/db-glue.c | 6 +- source4/ldap_server/ldap_server.c | 4 +- testprogs/blackbox/test_pkinit_heimdal.sh | 8 +++ wscript | 17 + 9 files changed, 168 insertions(+), 8 deletions(-) Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 94bec4b98dd..57150635ca3 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=8 -SAMBA_VERSION_RELEASE=7 +SAMBA_VERSION_RELEASE=8 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index b93039803be..9f604b0d457 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,102 @@ + = + Release Notes for Samba 4.8.7 + November 27, 2018 + = + + +This is a security release in order to address the following defects: + +o CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD + Internal DNS server) +o CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT) +o CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server) +o CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos + configuration (unsupported)) + + +=== +Details +=== + +o CVE-2018-14629: + All versions of Samba from 4.0.0 onwards are vulnerable to infinite + query recursion caused by CNAME loops. Any dns record can be added via + ldap by an unprivileged user using the ldbadd tool, so this is a + security issue. + +o CVE-2018-16841: + When configured to accept smart-card authentication, Samba's KDC will call + talloc_free() twice on the same memory if the principal in a validly signed + certificate does not match the principal in the AS-REQ. + + This is only possible after authentication with a trusted certificate. + + talloc is robust against further corruption from a double-free with + talloc_free() and directly calls abort(), terminating the KDC process. + + There is no further vulnerability associated with this issue, merely a + denial of service. + +o CVE-2018-16851: + During the processing of an LDAP search before Samba's AD DC returns + the LDAP entries to the client, the entries are cached in a single + memory object with a maximum size of 256MB. When this size is + reached, the Samba process providing the LDAP service will follow the + NULL pointer, terminating the process. + + There is no further vulnerability associated with this issue, merely a + denial of service. + +o CVE-2018-16853: + A user in a Samba AD domain can crash the KDC when Samba is built in the + non-default MIT Kerberos configuration. + + With this advisory we clarify that the MIT Kerberos build of the Samba + AD DC is considered experimental.
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via b3d376b7d4d VERSION: Bump version up to 4.9.4. via 9e05ff6b9bf Merge tag 'samba-4.9.3' into v4-9-test via 40c057c900a VERSION: Disable GIT_SNAPSHOT for the 4.9.3 release. via bec29625127 WHATSNEW: Add release notes for Samba 4.9.3. via 60b2cd50f4d CVE-2018-16857 dsdb/util: Add better default lockOutObservationWindow via d12b02c7884 CVE-2018-16857 dsdb/util: Fix lockOutObservationWindow for PSOs via 4f86beeaf34 CVE-2018-16857 dsdb/util: Correctly treat lockOutObservationWindow as 64-bit int via ec9cc4ed5a0 CVE-2018-16857 tests: Sanity-check password lockout works with default values via 9cb6b4e9131 CVE-2018-16857 PEP8: fix E251: unexpected spaces around keyword / parameter equals via fe8e05a9ea8 CVE-2018-16857 PEP8: fix E127: continuation line over-indented for visual indent via 4d0fd1a421a CVE-2018-16857 selftest: Split up password_lockout into tests with and without a call to sleep() via 31198d39a76 CVE-2018-16857 PEP8: fix E305: expected 2 blank lines after class or function definition, found 1 via 862d4909ecc CVE-2018-16857 selftest: Prepare to allow override of lockout duration in password_lockout tests via 4aabfecd290 CVE-2018-16853 build: The Samba AD DC, when build with MIT Kerberos is experimental via f33f52c366f CVE-2018-16851 ldap_server: Check ret before manipulating blob via c78ca8b9b48 CVE-2018-16852 dcerpc dnsserver: refactor common properties handling via 05f867db81f CVE-2018-16852 dcerpc dnsserver: Ensure properties are handled correctly via f40e1b3b42c CVE-2018-16852 dcerpc dnsserver: Verification tests via 4783b9d6a43 CVE-2018-16841 selftest: Check for mismatching principal in certficate compared with principal in AS-REQ via 6e84215d4aa CVE-2018-16841 heimdal: Fix segfault on PKINIT with mis-matching principal via bf596c14c24 CVE-2018-14629 dns: CNAME loop prevention using counter via a96d403ff30 VERSION: Bump version up to 4.9.3... from 7cd5db7a63d ctdb-tests: Make the debug hung script test cope with unreadable stacks https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit b3d376b7d4d81cf4e955c3d2794c8d6f005ba6b5 Author: Karolin Seeger Date: Tue Nov 27 11:05:40 2018 +0100 VERSION: Bump version up to 4.9.4. Signed-off-by: Karolin Seeger commit 9e05ff6b9bffe3bba5439453ba65589f9518b57e Merge: 7cd5db7a63d 40c057c900a Author: Karolin Seeger Date: Tue Nov 27 11:05:18 2018 +0100 Merge tag 'samba-4.9.3' into v4-9-test samba: tag release samba-4.9.3 --- Summary of changes: VERSION| 2 +- WHATSNEW.txt | 131 - python/samba/tests/dns.py | 22 ++ selftest/knownfail.d/dns | 6 + source4/dns_server/dns_query.c | 6 + source4/dns_server/dnsserver_common.c | 129 ++--- source4/dns_server/dnsserver_common.h | 3 + source4/dsdb/common/util.c | 20 +- source4/dsdb/tests/python/password_lockout.py | 321 - source4/dsdb/tests/python/password_lockout_base.py | 77 +++-- source4/kdc/db-glue.c | 6 +- source4/ldap_server/ldap_server.c | 4 +- source4/rpc_server/dnsserver/dnsutils.c| 59 +--- .../tests/rpc_dns_server_dnsutils_test.c | 304 +++ source4/rpc_server/wscript_build | 17 +- source4/selftest/tests.py | 2 + testprogs/blackbox/test_pkinit_heimdal.sh | 8 + wscript| 17 ++ 18 files changed, 848 insertions(+), 286 deletions(-) create mode 100644 source4/rpc_server/tests/rpc_dns_server_dnsutils_test.c Changeset truncated at 500 lines: diff --git a/VERSION b/VERSION index 210dbed56d4..bf3e347fa2c 100644 --- a/VERSION +++ b/VERSION @@ -25,7 +25,7 @@ SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=9 -SAMBA_VERSION_RELEASE=3 +SAMBA_VERSION_RELEASE=4 # If a official release has a serious bug # diff --git a/WHATSNEW.txt b/WHATSNEW.txt index 978502e8a00..fc1541dbbe5 100644 --- a/WHATSNEW.txt +++ b/WHATSNEW.txt @@ -1,3 +1,130 @@ + = + Release Notes for Samba 4.9.3 + November 27, 2018 + = + + +This is a security release in order to address the following defects:
[SCM] Samba Website Repository - branch master updated
The branch, master has been updated via cb0b96e NEWS[4.9.3]: Samba 4.9.3, 4.8.7 and 4.7.12 Security Releases Available from 218c436 Rework github contributor link text https://git.samba.org/?p=samba-web.git;a=shortlog;h=master - Log - commit cb0b96e83cb3cdc121236273c570994e514f2448 Author: Karolin Seeger Date: Sun Nov 25 15:27:09 2018 +0100 NEWS[4.9.3]: Samba 4.9.3, 4.8.7 and 4.7.12 Security Releases Available Signed-off-by: Karolin Seeger --- Summary of changes: history/header_history.html | 3 + history/samba-4.7.12.html | 98 ++ history/samba-4.8.7.html| 98 ++ history/samba-4.9.3.html| 126 history/security.html | 27 + posted_news/20181127-085351.4.9.3.body.html | 35 +++ posted_news/20181127-085351.4.9.3.headline.html | 4 + security/CVE-2018-14629.html| 76 ++ security/CVE-2018-16841.html| 82 +++ security/CVE-2018-16851.html| 83 security/CVE-2018-16852.html| 79 +++ security/CVE-2018-16853.html| 75 ++ security/CVE-2018-16857.html| 117 ++ 13 files changed, 903 insertions(+) create mode 100644 history/samba-4.7.12.html create mode 100644 history/samba-4.8.7.html create mode 100644 history/samba-4.9.3.html create mode 100644 posted_news/20181127-085351.4.9.3.body.html create mode 100644 posted_news/20181127-085351.4.9.3.headline.html create mode 100644 security/CVE-2018-14629.html create mode 100644 security/CVE-2018-16841.html create mode 100644 security/CVE-2018-16851.html create mode 100644 security/CVE-2018-16852.html create mode 100644 security/CVE-2018-16853.html create mode 100644 security/CVE-2018-16857.html Changeset truncated at 500 lines: diff --git a/history/header_history.html b/history/header_history.html index bfc59e0..6ffd230 100755 --- a/history/header_history.html +++ b/history/header_history.html @@ -9,9 +9,11 @@ Release Notes + samba-4.9.3 samba-4.9.2 samba-4.9.1 samba-4.9.0 + samba-4.8.7 samba-4.8.6 samba-4.8.5 samba-4.8.4 @@ -19,6 +21,7 @@ samba-4.8.2 samba-4.8.1 samba-4.8.0 + samba-4.7.12 samba-4.7.11 samba-4.7.10 samba-4.7.9 diff --git a/history/samba-4.7.12.html b/history/samba-4.7.12.html new file mode 100644 index 000..b9647bd --- /dev/null +++ b/history/samba-4.7.12.html @@ -0,0 +1,98 @@ +http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";> +http://www.w3.org/1999/xhtml";> + +Samba 4.7.12 - Release Notes + + +Samba 4.7.12 Available for Download + +https://download.samba.org/pub/samba/stable/samba-4.7.12.tar.gz";>Samba 4.7.12 (gzipped) +https://download.samba.org/pub/samba/stable/samba-4.7.12.tar.asc";>Signature + + +https://download.samba.org/pub/samba/patches/samba-4.7.11-4.7.12.diffs.gz";>Patch (gzipped) against Samba 4.7.11 +https://download.samba.org/pub/samba/patches/samba-4.7.11-4.7.12.diffs.asc";>Signature + + + + == + Release Notes for Samba 4.7.12 + November 27, 2018 + == + + +This is a security release in order to address the following defects: + +o CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD + Internal DNS server) +o CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT) +o CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server) +o CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos + configuration (unsupported)) + + +=== +Details +=== + +o CVE-2018-14629: + All versions of Samba from 4.0.0 onwards are vulnerable to infinite + query recursion caused by CNAME loops. Any dns record can be added via + ldap by an unprivileged user using the ldbadd tool, so this is a + security issue. + +o CVE-2018-16841: + When configured to accept smart-card authentication, Samba's KDC will call + talloc_free() twice on the same memory if the principal in a validly signed + certificate does not match the principal in the AS-REQ. + + This is only possible after authe
[SCM] Samba Shared Repository - branch v4-7-stable updated
The branch, v4-7-stable has been updated via b7d190f89d7 VERSION: Disable GIT_SNAPSHOT for the 4.7.12 release. via fb5d78cfa06 WHATSNEW: Add release notes for Samba 4.7.12. via 5f7f57fbe30 CVE-2018-16853 build: The Samba AD DC, when build with MIT Kerberos is experimental via ac0b38fb285 CVE-2018-16851 ldap_server: Check ret before manipulating blob via b49c87f8d64 CVE-2018-16841 selftest: Check for mismatching principal in certficate compared with principal in AS-REQ via e1026a1685b CVE-2018-16841 heimdal: Fix segfault on PKINIT with mis-matching principal via f7a8294d65e CVE-2018-14629 dns: CNAME loop prevention using counter via 32299234424 VERSION: Bump version up to 4.7.12... from 9a8a7255853 VERSION: Disable GIT_SNAPSHOT for the 4.7.11 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-stable - Log - commit b7d190f89d7674cf58a02486fa9887d393918611 Author: Karolin Seeger Date: Mon Nov 26 09:43:45 2018 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.7.12 release. o CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD Internal DNS server) o CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT) o CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server) o CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos configuration (unsupported)) Signed-off-by: Karolin Seeger commit fb5d78cfa064ac76826bc92c61c4a2f4a252c00b Author: Karolin Seeger Date: Mon Nov 26 09:42:44 2018 +0100 WHATSNEW: Add release notes for Samba 4.7.12. o CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD Internal DNS server) o CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT) o CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server) o CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos configuration (unsupported)) Signed-off-by: Karolin Seeger commit 5f7f57fbe30ba59be894cace9476361974b4b43e Author: Andrew Bartlett Date: Tue Nov 6 13:32:05 2018 +1300 CVE-2018-16853 build: The Samba AD DC, when build with MIT Kerberos is experimental This matches https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC BUG: https://bugzilla.samba.org/show_bug.cgi?id=13678 Signed-off-by: Andrew Bartlett Reviewed-by: Gary Lockyer commit ac0b38fb285fad3165560a26afeeeaf23d850c1c Author: Garming Sam Date: Mon Nov 5 16:18:18 2018 +1300 CVE-2018-16851 ldap_server: Check ret before manipulating blob In the case of hitting the talloc ~256MB limit, this causes a crash in the server. Note that you would actually need to load >256MB of data into the LDAP. Although there is some generated/hidden data which would help you reach that limit (descriptors and RMD blobs). BUG: https://bugzilla.samba.org/show_bug.cgi?id=13674 Signed-off-by: Garming Sam Reviewed-by: Andrew Bartlett commit b49c87f8d64677390e5c4c6698b95beb74468653 Author: Andrew Bartlett Date: Wed Oct 24 15:41:28 2018 +1300 CVE-2018-16841 selftest: Check for mismatching principal in certficate compared with principal in AS-REQ BUG: https://bugzilla.samba.org/show_bug.cgi?id=13628 Signed-off-by: Andrew Bartlett Reviewed-by: Gary Lockyer commit e1026a1685b5838f2ca67965025b2381751c35cb Author: Andrew Bartlett Date: Tue Oct 23 17:33:46 2018 +1300 CVE-2018-16841 heimdal: Fix segfault on PKINIT with mis-matching principal In Heimdal KRB5_KDC_ERR_CLIENT_NAME_MISMATCH is an enum, so we tried to double-free mem_ctx. This was introduced in 9a0263a7c316112caf0265237bfb2cfb3a3d370d for the MIT KDC effort. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13628 Signed-off-by: Andrew Bartlett Reviewed-by: Gary Lockyer commit f7a8294d65e5a7424da93499074a30cb65418ce7 Author: Aaron Haslett Date: Tue Oct 23 17:25:51 2018 +1300 CVE-2018-14629 dns: CNAME loop prevention using counter Count number of answers generated by internal DNS query routine and stop at 20 to match Microsoft's loop prevention mechanism. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600 Signed-off-by: Aaron Haslett Reviewed-by: Andrew Bartlett Reviewed-by: Garming Sam commit 322992344246a880430de38c27aabc6135a85147 Author: Karolin Seeger Date: Mon Oct 22 12:51:33 2018 +0200 VERSION: Bump version up to 4.7.12... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger (cherry picked from commit 787ab0993889f5ac06691426d7eca3d78bded4a6) --- Summary of
[SCM] Samba Shared Repository - annotated tag samba-4.7.12 created
The annotated tag, samba-4.7.12 has been created at e6a010638c3918efb785500d6bad9f91538869c5 (tag) tagging b7d190f89d7674cf58a02486fa9887d393918611 (commit) replaces samba-4.7.11 tagged by Karolin Seeger on Mon Nov 26 09:45:30 2018 +0100 - Log - samba: tag release samba-4.7.12 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCW/uyqgAKCRBvM5FbZWi3 6ohzAJ9m7xV87dTFbySUqhlBF2oGjsNAXgCgh39C63uC7mmBJ6URKdji4GnbQzk= =X6iT -END PGP SIGNATURE- Aaron Haslett (1): CVE-2018-14629 dns: CNAME loop prevention using counter Andrew Bartlett (3): CVE-2018-16841 heimdal: Fix segfault on PKINIT with mis-matching principal CVE-2018-16841 selftest: Check for mismatching principal in certficate compared with principal in AS-REQ CVE-2018-16853 build: The Samba AD DC, when build with MIT Kerberos is experimental Garming Sam (1): CVE-2018-16851 ldap_server: Check ret before manipulating blob Karolin Seeger (3): VERSION: Bump version up to 4.7.12... WHATSNEW: Add release notes for Samba 4.7.12. VERSION: Disable GIT_SNAPSHOT for the 4.7.12 release. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-8-stable updated
The branch, v4-8-stable has been updated via cd870beb978 VERSION: Disable GIT_SNAPSHOT for the 4.8.7 release. via de51a73e070 WHATSNEW: Add release notes for Samba 4.8.7. via 52aa2e14144 CVE-2018-16853 build: The Samba AD DC, when build with MIT Kerberos is experimental via fff405ae28b CVE-2018-16851 ldap_server: Check ret before manipulating blob via b904c680eed CVE-2018-16841 selftest: Check for mismatching principal in certficate compared with principal in AS-REQ via da96fce CVE-2018-16841 heimdal: Fix segfault on PKINIT with mis-matching principal via 86ddd703248 CVE-2018-14629 dns: CNAME loop prevention using counter via 623c3a99ef7 VERSION: Bump version up to 4.8.7... from 03a6d361c28 VERSION: Disable GIT_SNAPSHOT for the 4.8.6 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-stable - Log - commit cd870beb978a334b948c6992059540c864dd2540 Author: Karolin Seeger Date: Mon Nov 26 09:04:19 2018 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.8.7 release. o CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD Internal DNS server) o CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT) o CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server) o CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos configuration (unsupported)) Signed-off-by: Karolin Seeger commit de51a73e0706979eb991fcb41ad111b68e0b7993 Author: Karolin Seeger Date: Mon Nov 26 09:02:34 2018 +0100 WHATSNEW: Add release notes for Samba 4.8.7. o CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD Internal DNS server) o CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT) o CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server) o CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos configuration (unsupported)) Signed-off-by: Karolin Seeger commit 52aa2e141449dc976b3a6721d28b322f661d455e Author: Andrew Bartlett Date: Tue Nov 6 13:32:05 2018 +1300 CVE-2018-16853 build: The Samba AD DC, when build with MIT Kerberos is experimental This matches https://wiki.samba.org/index.php/Running_a_Samba_AD_DC_with_MIT_Kerberos_KDC BUG: https://bugzilla.samba.org/show_bug.cgi?id=13678 Signed-off-by: Andrew Bartlett Reviewed-by: Gary Lockyer commit fff405ae28bd2ddc2e2a876c21229726e78461e7 Author: Garming Sam Date: Mon Nov 5 16:18:18 2018 +1300 CVE-2018-16851 ldap_server: Check ret before manipulating blob In the case of hitting the talloc ~256MB limit, this causes a crash in the server. Note that you would actually need to load >256MB of data into the LDAP. Although there is some generated/hidden data which would help you reach that limit (descriptors and RMD blobs). BUG: https://bugzilla.samba.org/show_bug.cgi?id=13674 Signed-off-by: Garming Sam Reviewed-by: Andrew Bartlett commit b904c680eed3c027e65badb696693b210289e85b Author: Andrew Bartlett Date: Wed Oct 24 15:41:28 2018 +1300 CVE-2018-16841 selftest: Check for mismatching principal in certficate compared with principal in AS-REQ BUG: https://bugzilla.samba.org/show_bug.cgi?id=13628 Signed-off-by: Andrew Bartlett Reviewed-by: Gary Lockyer commit da96fce920b78e375e7be3993f1c4dbd1c14 Author: Andrew Bartlett Date: Tue Oct 23 17:33:46 2018 +1300 CVE-2018-16841 heimdal: Fix segfault on PKINIT with mis-matching principal In Heimdal KRB5_KDC_ERR_CLIENT_NAME_MISMATCH is an enum, so we tried to double-free mem_ctx. This was introduced in 9a0263a7c316112caf0265237bfb2cfb3a3d370d for the MIT KDC effort. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13628 Signed-off-by: Andrew Bartlett Reviewed-by: Gary Lockyer commit 86ddd7032489053acba6d240db5db7ef49c38429 Author: Aaron Haslett Date: Tue Oct 23 17:25:51 2018 +1300 CVE-2018-14629 dns: CNAME loop prevention using counter Count number of answers generated by internal DNS query routine and stop at 20 to match Microsoft's loop prevention mechanism. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600 Signed-off-by: Aaron Haslett Reviewed-by: Andrew Bartlett Reviewed-by: Garming Sam commit 623c3a99ef7c057fc6685d7671b6a81fdb537bfa Author: Karolin Seeger Date: Tue Sep 25 09:48:24 2018 +0200 VERSION: Bump version up to 4.8.7... and re-enable GIT_SNAPSHOT. Signed-off-by: Karolin Seeger (cherry picked from commit a6f15a0dd69b1f01f4c29aed9631abe098830ad3) --- Summary of
[SCM] Samba Shared Repository - annotated tag samba-4.8.7 created
The annotated tag, samba-4.8.7 has been created at 22e951bff3ba5116d35e3cbc67f42f03cabbb0c2 (tag) tagging cd870beb978a334b948c6992059540c864dd2540 (commit) replaces samba-4.8.6 tagged by Karolin Seeger on Mon Nov 26 09:08:39 2018 +0100 - Log - samba: tag release samba-4.8.7 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCW/uqBwAKCRBvM5FbZWi3 6hGtAJ0V2nx62Ush59tVfyQ/XYX2bdcgywCeLn7AqGLB9rk4F2qTz04Vtq6K3Gc= =zm7c -END PGP SIGNATURE- Aaron Haslett (1): CVE-2018-14629 dns: CNAME loop prevention using counter Andrew Bartlett (3): CVE-2018-16841 heimdal: Fix segfault on PKINIT with mis-matching principal CVE-2018-16841 selftest: Check for mismatching principal in certficate compared with principal in AS-REQ CVE-2018-16853 build: The Samba AD DC, when build with MIT Kerberos is experimental Garming Sam (1): CVE-2018-16851 ldap_server: Check ret before manipulating blob Karolin Seeger (3): VERSION: Bump version up to 4.8.7... WHATSNEW: Add release notes for Samba 4.8.7. VERSION: Disable GIT_SNAPSHOT for the 4.8.7 release. --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-9-stable updated
The branch, v4-9-stable has been updated via 40c057c900a VERSION: Disable GIT_SNAPSHOT for the 4.9.3 release. via bec29625127 WHATSNEW: Add release notes for Samba 4.9.3. via 60b2cd50f4d CVE-2018-16857 dsdb/util: Add better default lockOutObservationWindow via d12b02c7884 CVE-2018-16857 dsdb/util: Fix lockOutObservationWindow for PSOs via 4f86beeaf34 CVE-2018-16857 dsdb/util: Correctly treat lockOutObservationWindow as 64-bit int via ec9cc4ed5a0 CVE-2018-16857 tests: Sanity-check password lockout works with default values via 9cb6b4e9131 CVE-2018-16857 PEP8: fix E251: unexpected spaces around keyword / parameter equals via fe8e05a9ea8 CVE-2018-16857 PEP8: fix E127: continuation line over-indented for visual indent via 4d0fd1a421a CVE-2018-16857 selftest: Split up password_lockout into tests with and without a call to sleep() via 31198d39a76 CVE-2018-16857 PEP8: fix E305: expected 2 blank lines after class or function definition, found 1 via 862d4909ecc CVE-2018-16857 selftest: Prepare to allow override of lockout duration in password_lockout tests via 4aabfecd290 CVE-2018-16853 build: The Samba AD DC, when build with MIT Kerberos is experimental via f33f52c366f CVE-2018-16851 ldap_server: Check ret before manipulating blob via c78ca8b9b48 CVE-2018-16852 dcerpc dnsserver: refactor common properties handling via 05f867db81f CVE-2018-16852 dcerpc dnsserver: Ensure properties are handled correctly via f40e1b3b42c CVE-2018-16852 dcerpc dnsserver: Verification tests via 4783b9d6a43 CVE-2018-16841 selftest: Check for mismatching principal in certficate compared with principal in AS-REQ via 6e84215d4aa CVE-2018-16841 heimdal: Fix segfault on PKINIT with mis-matching principal via bf596c14c24 CVE-2018-14629 dns: CNAME loop prevention using counter via a96d403ff30 VERSION: Bump version up to 4.9.3... from 865cc283d1b VERSION: Disable GIT_SNAPSHOT for the 4.9.2 release. https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-stable - Log - commit 40c057c900a9367e8020c943d29547ea8942212f Author: Karolin Seeger Date: Sun Nov 25 15:24:31 2018 +0100 VERSION: Disable GIT_SNAPSHOT for the 4.9.3 release. o CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD Internal DNS server) o CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT) o CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server) o CVE-2018-16852 (NULL pointer de-reference in Samba AD DC DNS servers) o CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos configuration (unsupported)) o CVE-2018-16857 (Bad password count in AD DC not always effective) Signed-off-by: Karolin Seeger commit bec29625127fc62ae2f023ea43d918638dd4156e Author: Karolin Seeger Date: Sun Nov 25 15:23:23 2018 +0100 WHATSNEW: Add release notes for Samba 4.9.3. o CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD Internal DNS server) o CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT) o CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server) o CVE-2018-16852 (NULL pointer de-reference in Samba AD DC DNS servers) o CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos configuration (unsupported)) o CVE-2018-16857 (Bad password count in AD DC not always effective) Signed-off-by: Karolin Seeger commit 60b2cd50f4d0554cc5ca8c53b2d1fa89e56a6d06 Author: Tim Beale Date: Tue Nov 13 13:22:41 2018 +1300 CVE-2018-16857 dsdb/util: Add better default lockOutObservationWindow Clearly the lockOutObservationWindow value is important, and using a default value of zero doesn't work very well. This patch adds a better default value (the domain default setting of 30 minutes). BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683 Signed-off-by: Tim Beale Reviewed-by: Andrew Bartlett commit d12b02c78842786969557b9be7c953e9594d90dd Author: Tim Beale Date: Tue Nov 13 13:19:04 2018 +1300 CVE-2018-16857 dsdb/util: Fix lockOutObservationWindow for PSOs Fix a remaining place where we were trying to read the msDS-LockoutObservationWindow as an int instead of an int64. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13683 Signed-off-by: Tim Beale Reviewed-by: Andrew Bartlett commit 4f86beeaf3408383385ee99a74520a805dd63c0f Author: Tim Beale Date: Tue Nov 13 12:24:16 2018 +1300 CVE-2018-16857 dsdb/util: Correctly treat lockOutObservationWindow as 64-bit int Commit 442a38c918ae1666b35 refactored some code into a new get_lockout_observation_w
[SCM] Samba Shared Repository - annotated tag samba-4.9.3 created
The annotated tag, samba-4.9.3 has been created at 3fa55ddac7ba5dcadd91a05a157b267ae224a3c4 (tag) tagging 40c057c900a9367e8020c943d29547ea8942212f (commit) replaces samba-4.9.2 tagged by Karolin Seeger on Sun Nov 25 15:26:56 2018 +0100 - Log - samba: tag release samba-4.9.3 -BEGIN PGP SIGNATURE- iF0EABECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCW/qxMAAKCRBvM5FbZWi3 6goBAJ4s3Eh9DN5TbmxaP9sdpOBvNMGKEQCeIBP36NJWLUbvAMshGgWtokdwjGw= =rGwF -END PGP SIGNATURE- Aaron Haslett (1): CVE-2018-14629 dns: CNAME loop prevention using counter Andrew Bartlett (5): CVE-2018-16841 heimdal: Fix segfault on PKINIT with mis-matching principal CVE-2018-16841 selftest: Check for mismatching principal in certficate compared with principal in AS-REQ CVE-2018-16853 build: The Samba AD DC, when build with MIT Kerberos is experimental CVE-2018-16857 selftest: Prepare to allow override of lockout duration in password_lockout tests CVE-2018-16857 selftest: Split up password_lockout into tests with and without a call to sleep() Garming Sam (1): CVE-2018-16851 ldap_server: Check ret before manipulating blob Gary Lockyer (3): CVE-2018-16852 dcerpc dnsserver: Verification tests CVE-2018-16852 dcerpc dnsserver: Ensure properties are handled correctly CVE-2018-16852 dcerpc dnsserver: refactor common properties handling Joe Guo (3): CVE-2018-16857 PEP8: fix E305: expected 2 blank lines after class or function definition, found 1 CVE-2018-16857 PEP8: fix E127: continuation line over-indented for visual indent CVE-2018-16857 PEP8: fix E251: unexpected spaces around keyword / parameter equals Karolin Seeger (3): VERSION: Bump version up to 4.9.3... WHATSNEW: Add release notes for Samba 4.9.3. VERSION: Disable GIT_SNAPSHOT for the 4.9.3 release. Tim Beale (4): CVE-2018-16857 tests: Sanity-check password lockout works with default values CVE-2018-16857 dsdb/util: Correctly treat lockOutObservationWindow as 64-bit int CVE-2018-16857 dsdb/util: Fix lockOutObservationWindow for PSOs CVE-2018-16857 dsdb/util: Add better default lockOutObservationWindow --- -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-8-test updated
The branch, v4-8-test has been updated via 58c53ddef51 s3:smb2_sesssetup: check session_info security level before it gets talloc_move'd via 3d9debd0f7e s4:torture/smb2/session: session reauth response must be signed via 9694933cc39 s4:torture/smb2/session: add force_signing to test_session_expire1i via b79e847e351 s4:torture/smb2/session: require a signed session setup reauth response via 288a79d997b s4:torture/smb2/session: invalidate credential cache via 7a5077d7e9a libcli/smb: use require_signed_response in smb2cli_conn_dispatch_incoming() via 4ba496bf3c1 libcli/smb: defer singing check a little bit via 2b73c8a0df4 libcli/smb: maintain require_signed_response in smbXcli_req_state via 33dc0907353 libcli/smb: add smb2cli_session_require_signed_response() via c25a69a0861 s3:selftest: also run smb2.session torture testsuite against ad_member via eb8a35e7f84 s3:selftest: split "raw.session" and "smb2.session" from aa3a07a01f9 torture: Fix the 32-bit build https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test - Log - commit 58c53ddef51239c9581728131b60188c663c14a6 Author: Ralph Boehme Date: Thu Nov 8 17:31:41 2018 +0100 s3:smb2_sesssetup: check session_info security level before it gets talloc_move'd We talloc_move() session_info to session->global->auth_session_info which sets session_info to NULL. This means security_session_user_level(NULL, NULL) will always return SECURITY_ANONYMOUS so we never sign the session setup response. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher Reviewed-by: Andreas Schneider Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Tue Nov 13 14:22:46 CET 2018 on sn-devel-144 (cherry picked from commit bb93e691ca9b1922bf552363a1e7d70792749d67) Autobuild-User(v4-8-test): Karolin Seeger Autobuild-Date(v4-8-test): Fri Nov 23 13:52:04 CET 2018 on sn-devel-144 commit 3d9debd0f7e43dc20450acef90ce0180193a6ad6 Author: Ralph Boehme Date: Fri Nov 9 12:39:41 2018 +0100 s4:torture/smb2/session: session reauth response must be signed This test checks that a session setup reauth is signed even when neither client nor server require signing. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661 Signed-off-by: Ralph Boehme Reviewed-by: Andreas Schneider (cherry picked from commit 181f18c4bf70754a6f3132375d06250baab2871b) commit 9694933cc39adfb37afaec7edc6a1650b5ec57a8 Author: Ralph Boehme Date: Fri Nov 9 12:19:16 2018 +0100 s4:torture/smb2/session: add force_signing to test_session_expire1i Existing callers pass true, so no change in behaviour. The next commit adds an additional test that passes force_signing=false. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661 Signed-off-by: Ralph Boehme Reviewed-by: Andreas Schneider (cherry picked from commit 5fdea4095ac82536192c8d91c411b22e2683a5c1) commit b79e847e35145ad04b7582f64a3c6aeae36212d8 Author: Ralph Boehme Date: Fri Nov 9 15:34:24 2018 +0100 s4:torture/smb2/session: require a signed session setup reauth response All existing tests using this function require signing, so currently this passes. A subsequent commit adds a test where neither client nor server require signing and that's where this trap will explode. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661 Signed-off-by: Ralph Boehme Reviewed-by: Andreas Schneider (cherry picked from commit ffc424ee6bedc3c208acb4c0c83da836a12d6123) commit 288a79d997b30acbd611b17b024cec1cc33fba10 Author: Ralph Boehme Date: Thu Nov 8 15:42:46 2018 +0100 s4:torture/smb2/session: invalidate credential cache Invalidate credential cache before connecting to the server, otherwise we will reuse the credentials from the credential cache populated by the preceeding tests. Also invalidate it at the end, otherwise subsequent tests might run into problems if the credentials expire while authenticating. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661 Signed-off-by: Ralph Boehme Reviewed-by: Andreas Schneider (cherry picked from commit 368e1860654e737aa2fa9516cdd3668fa644009a) commit 7a5077d7e9a5ef8c346877f10426355a298ea6e4 Author: Ralph Boehme Date: Sat Nov 10 22:00:04 2018 +0100 libcli/smb: use require_signed_response in smb2cli_conn_dispatch_incoming() This can be used by the upper layers to force checking a response is signed. It will be used to implement verification of session setup reauth responses in a torture test. That comes next. Bug: https://bugzilla.samba.org/
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via 7cd5db7a63d ctdb-tests: Make the debug hung script test cope with unreadable stacks via 041e0945cb5 s3:smb2_sesssetup: check session_info security level before it gets talloc_move'd via 77cf7167374 s4:torture/smb2/session: session reauth response must be signed via f2c456aa1b7 s4:torture/smb2/session: add force_signing to test_session_expire1i via 2b164eca304 s4:torture/smb2/session: require a signed session setup reauth response via ff0db7ec9c2 s4:torture/smb2/session: invalidate credential cache via 6c3577a5885 libcli/smb: use require_signed_response in smb2cli_conn_dispatch_incoming() via 6ca7a8a2ffb libcli/smb: defer singing check a little bit via cd8ea322a32 libcli/smb: maintain require_signed_response in smbXcli_req_state via 4f5af7ba729 libcli/smb: add smb2cli_session_require_signed_response() via 052df0f679d s3:selftest: also run smb2.session torture testsuite against ad_member via e71252ecb2b s3:selftest: split "raw.session" and "smb2.session" from 299e6edd0e6 torture: Fix the 32-bit build https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit 7cd5db7a63db2746c600e740e33e426a975bd901 Author: Martin Schwenke Date: Wed Nov 14 14:09:42 2018 +1100 ctdb-tests: Make the debug hung script test cope with unreadable stacks Ideally this would just involve using "test -r". However, operating system security features may mean that kernel stacks are not readable even though they appear to be. Instead, try reading that stack of a process on the test node. If that succeeds then so should reading the stack of the "stuck" sleep process in the test. BUG: https://bugzilla.samba.org/show_bug.cgi?id=13684 Signed-off-by: Martin Schwenke Reviewed-by: Tim Beale Autobuild-User(master): Tim Beale Autobuild-Date(master): Thu Nov 15 08:15:32 CET 2018 on sn-devel-144 (cherry picked from commit c1dd6382e3211792e313f7d559b943f55c9cb0e1) Autobuild-User(v4-9-test): Karolin Seeger Autobuild-Date(v4-9-test): Tue Nov 20 15:50:33 CET 2018 on sn-devel-144 commit 041e0945cb559c492a3f741cdaab48c85c0dde04 Author: Ralph Boehme Date: Thu Nov 8 17:31:41 2018 +0100 s3:smb2_sesssetup: check session_info security level before it gets talloc_move'd We talloc_move() session_info to session->global->auth_session_info which sets session_info to NULL. This means security_session_user_level(NULL, NULL) will always return SECURITY_ANONYMOUS so we never sign the session setup response. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661 Signed-off-by: Ralph Boehme Reviewed-by: Stefan Metzmacher Reviewed-by: Andreas Schneider Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Tue Nov 13 14:22:46 CET 2018 on sn-devel-144 (cherry picked from commit bb93e691ca9b1922bf552363a1e7d70792749d67) commit 77cf7167374b65258ff9da9aaf6118ba0e63f1aa Author: Ralph Boehme Date: Fri Nov 9 12:39:41 2018 +0100 s4:torture/smb2/session: session reauth response must be signed This test checks that a session setup reauth is signed even when neither client nor server require signing. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661 Signed-off-by: Ralph Boehme Reviewed-by: Andreas Schneider (cherry picked from commit 181f18c4bf70754a6f3132375d06250baab2871b) commit f2c456aa1b7d0a90d73265085d53275d868b56ac Author: Ralph Boehme Date: Fri Nov 9 12:19:16 2018 +0100 s4:torture/smb2/session: add force_signing to test_session_expire1i Existing callers pass true, so no change in behaviour. The next commit adds an additional test that passes force_signing=false. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661 Signed-off-by: Ralph Boehme Reviewed-by: Andreas Schneider (cherry picked from commit 5fdea4095ac82536192c8d91c411b22e2683a5c1) commit 2b164eca30453381d666b9ed190880272ba7a165 Author: Ralph Boehme Date: Fri Nov 9 15:34:24 2018 +0100 s4:torture/smb2/session: require a signed session setup reauth response All existing tests using this function require signing, so currently this passes. A subsequent commit adds a test where neither client nor server require signing and that's where this trap will explode. Bug: https://bugzilla.samba.org/show_bug.cgi?id=13661 Signed-off-by: Ralph Boehme Reviewed-by: Andreas Schneider (cherry picked from commit ffc424ee6bedc3c208acb4c0c83da836a12d6123) commit ff0db7ec9c2f7bae0b90b92dabbb611520f8d310 Author: Ralph Boehme Date: Thu Nov 8 15:42:46 2018 +0100 s4:torture/smb2/session: inv
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via 299e6edd0e6 torture: Fix the 32-bit build from 5420863dd11 vfs_fruit: validation of writes on AFP_AfpInfo stream https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit 299e6edd0e6f6f7f2f9712f686f4bbbc70718894 Author: Volker Lendecke Date: Thu Nov 15 15:21:36 2018 +0100 torture: Fix the 32-bit build Unfortunately there's no off_t printf specifier as there's one for size_t. So we have to use intmax_t. Signed-off-by: Volker Lendecke Reviewed-by: Andreas Schneider Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Thu Nov 15 19:45:24 CET 2018 on sn-devel-144 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13677 (cherry picked from commit 0872f140c4a354511b25bb5ed937b9e9409ade3a) Autobuild-User(v4-9-test): Karolin Seeger Autobuild-Date(v4-9-test): Mon Nov 19 13:49:34 CET 2018 on sn-devel-144 --- Summary of changes: source4/torture/vfs/fruit.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/torture/vfs/fruit.c b/source4/torture/vfs/fruit.c index c532afab729..3b01cf876d0 100644 --- a/source4/torture/vfs/fruit.c +++ b/source4/torture/vfs/fruit.c @@ -4727,9 +4727,9 @@ static bool test_writing_afpinfo(struct torture_context *tctx, size_t fi_check_size; torture_comment(tctx, - "Test %d: offset=%zd size=%zu result=%s\n", + "Test %d: offset=%jd size=%zu result=%s\n", i, - test_sizes[i].offset, + (intmax_t)test_sizes[i].offset, test_sizes[i].size, test_sizes[i].expected_result ? "true":"false"); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-8-test updated
The branch, v4-8-test has been updated via aa3a07a01f9 torture: Fix the 32-bit build from 42c3b3325a3 vfs_fruit: validation of writes on AFP_AfpInfo stream https://git.samba.org/?p=samba.git;a=shortlog;h=v4-8-test - Log - commit aa3a07a01f90fe889c55b5cc56109dd0c61ce32f Author: Volker Lendecke Date: Thu Nov 15 15:21:36 2018 +0100 torture: Fix the 32-bit build Unfortunately there's no off_t printf specifier as there's one for size_t. So we have to use intmax_t. Signed-off-by: Volker Lendecke Reviewed-by: Andreas Schneider Autobuild-User(master): Andreas Schneider Autobuild-Date(master): Thu Nov 15 19:45:24 CET 2018 on sn-devel-144 BUG: https://bugzilla.samba.org/show_bug.cgi?id=13677 (cherry picked from commit 0872f140c4a354511b25bb5ed937b9e9409ade3a) Autobuild-User(v4-8-test): Karolin Seeger Autobuild-Date(v4-8-test): Fri Nov 16 17:13:21 CET 2018 on sn-devel-144 --- Summary of changes: source4/torture/vfs/fruit.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) Changeset truncated at 500 lines: diff --git a/source4/torture/vfs/fruit.c b/source4/torture/vfs/fruit.c index 53db504619b..e321b072da4 100644 --- a/source4/torture/vfs/fruit.c +++ b/source4/torture/vfs/fruit.c @@ -4727,9 +4727,9 @@ static bool test_writing_afpinfo(struct torture_context *tctx, size_t fi_check_size; torture_comment(tctx, - "Test %d: offset=%zd size=%zu result=%s\n", + "Test %d: offset=%jd size=%zu result=%s\n", i, - test_sizes[i].offset, + (intmax_t)test_sizes[i].offset, test_sizes[i].size, test_sizes[i].expected_result ? "true":"false"); -- Samba Shared Repository
[SCM] Samba Shared Repository - branch v4-9-test updated
The branch, v4-9-test has been updated via 5420863dd11 vfs_fruit: validation of writes on AFP_AfpInfo stream via 4672656d9e1 vfs_fruit: move a comment to the right place via b6585b6fa67 s4:torture/vfs/fruit: torture writing AFP_AfpInfo stream via 7f8740c0acf winbindd: Fix crash when taking profiles from 7a542190501 lib:util: Fix DEBUGCLASS pointer initializiation https://git.samba.org/?p=samba.git;a=shortlog;h=v4-9-test - Log - commit 5420863dd11161e50163eb20b022994c229ff836 Author: Ralph Boehme Date: Tue Nov 6 13:24:14 2018 +0100 vfs_fruit: validation of writes on AFP_AfpInfo stream Bug: https://bugzilla.samba.org/show_bug.cgi?id=13677 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit a7c877847f855be5ee6673e541a181b818013abf) Autobuild-User(v4-9-test): Karolin Seeger Autobuild-Date(v4-9-test): Fri Nov 16 11:31:10 CET 2018 on sn-devel-144 commit 4672656d9e1daadcf32ed95f05cf6bd4478d1f93 Author: Ralph Boehme Date: Tue Nov 6 12:34:17 2018 +0100 vfs_fruit: move a comment to the right place Bug: https://bugzilla.samba.org/show_bug.cgi?id=13677 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit 4901d71c3de754a106662d01481b960ed7c2c4dd) commit b6585b6fa67e273104be0401fd23075dac458b93 Author: Ralph Boehme Date: Tue Nov 6 12:24:54 2018 +0100 s4:torture/vfs/fruit: torture writing AFP_AfpInfo stream Bug: https://bugzilla.samba.org/show_bug.cgi?id=13677 Signed-off-by: Ralph Boehme Reviewed-by: Jeremy Allison (cherry picked from commit 221133b0e9ed28274f7513d9416f13a81b7b458b) commit 7f8740c0acfbd9f18971dec233140822053d9b67 Author: Volker Lendecke Date: Mon Nov 12 16:21:55 2018 +0100 winbindd: Fix crash when taking profiles Bug: https://bugzilla.samba.org/show_bug.cgi?id=13629 Signed-off-by: Volker Lendecke --- Summary of changes: source3/modules/vfs_fruit.c | 86 +--- source3/winbindd/winbindd.c | 3 +- source4/torture/vfs/fruit.c | 336 3 files changed, 407 insertions(+), 18 deletions(-) Changeset truncated at 500 lines: diff --git a/source3/modules/vfs_fruit.c b/source3/modules/vfs_fruit.c index 14d7a797451..9d6efb2c38c 100644 --- a/source3/modules/vfs_fruit.c +++ b/source3/modules/vfs_fruit.c @@ -4534,6 +4534,12 @@ static ssize_t fruit_pwrite_meta_stream(vfs_handle_struct *handle, } if (ai_empty_finderinfo(ai)) { + /* +* Writing an all 0 blob to the metadata stream results in the +* stream being removed on a macOS server. This ensures we +* behave the same and it verified by the "delete AFP_AfpInfo by +* writing all 0" test. +*/ ret = SMB_VFS_NEXT_FTRUNCATE(handle, fsp, 0); if (ret != 0) { DBG_ERR("SMB_VFS_NEXT_FTRUNCATE on [%s] failed\n", @@ -4606,6 +4612,12 @@ static ssize_t fruit_pwrite_meta_netatalk(vfs_handle_struct *handle, return n; } + /* +* Writing an all 0 blob to the metadata stream results in the stream +* being removed on a macOS server. This ensures we behave the same and +* it verified by the "delete AFP_AfpInfo by writing all 0" test. +*/ + ok = set_delete_on_close( fsp, true, @@ -4626,34 +4638,67 @@ static ssize_t fruit_pwrite_meta(vfs_handle_struct *handle, { struct fio *fio = (struct fio *)VFS_FETCH_FSP_EXTENSION(handle, fsp); ssize_t nwritten; + uint8_t buf[AFP_INFO_SIZE]; + size_t to_write; + size_t to_copy; + int cmp; - /* -* Writing an all 0 blob to the metadata stream -* results in the stream being removed on a macOS -* server. This ensures we behave the same and it -* verified by the "delete AFP_AfpInfo by writing all -* 0" test. -*/ - if (n != AFP_INFO_SIZE || offset != 0) { - DBG_ERR("unexpected offset=%jd or size=%jd\n", - (intmax_t)offset, (intmax_t)n); + if (fio == NULL) { + DBG_ERR("Failed to fetch fsp extension"); return -1; } - if (fio == NULL) { - DBG_ERR("Failed to fetch fsp extension"); + if (n < 3) { + errno = EINVAL; + return -1; + } + + if (offset != 0 && n < 60) { + errno = EINVAL; return -1; } + cmp = memcmp(data, "AFP", 3); + if (cmp != 0) { +