[Pkg-samba-maint] [Git][samba-team/samba][master] 32 commits: VERSION: Bump version up to Samba 4.16.3...
Michael Tokarev (@mjt)
gitlab at salsa.debian.org
Mon Jul 18 14:37:04 BST 2022
Michael Tokarev pushed to branch master at Debian Samba Team / samba
Commits:
ad60cbaf by Jule Anger at 2022-06-13T08:48:17+02:00
VERSION: Bump version up to Samba 4.16.3...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
a393eab0 by Martin Schwenke at 2022-06-18T08:47:17+00:00
util: Add new debug setting debug_no_stderr_redirect
CTDB doesn't want this redirection of stderr to the log file. It
expects to be able to capture stderr of subprocesses and log them with
a header. This redirection stops that from happening.
Unfortunately this has to be a negative option (i.e. "no" in the name)
so that the default of 0/false maintains existing behaviour.
Note that the default behaviour is sub-optimal because it causes raw
data (i.e. debug data without a header) to appear in the log.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15090
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit a8091bd0c565a3f14542731e642319dbb68b4786)
- - - - -
79706765 by Martin Schwenke at 2022-06-18T08:47:17+00:00
ctdb-common: Tell file logging not to redirect stderr
This allows ctdb_set_child_logging() to work.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15090
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 1596a3e84babb8fdd86af0c4b98906b309be7907)
- - - - -
c4e176e4 by Martin Schwenke at 2022-06-18T08:47:17+00:00
ctdb-daemon: Drop unused prefix, logfn, logfn_private
These aren't set anywhere in the code.
Drop the log argument because it is also no longer used.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15090
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 88f35cf86285b7a818282d5f465711de66dfad59)
- - - - -
959d37e7 by Martin Schwenke at 2022-06-18T08:47:17+00:00
ctdb-daemon: Use DEBUG() macro for child logging
Directly using dbgtext() with file logging results in a log entry with
no header, which is wrong. This is a regression, introduced in commit
10d15c9e5dfe4e8595d0b322c96f474fc7078f46. Prior to this, CTDB's
callback for file logging would always add a header.
Use DEBUG() instead dbgtext(). Note that DEBUG() effectively compares
the passed script_log_level with DEBUGLEVEL, so an explicit check is
no longer necessary.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15090
Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Jun 16 13:33:10 UTC 2022 on sn-devel-184
(cherry picked from commit e752f841e682cc571006c09249b03d82aea5f8cd)
- - - - -
1137957a by Douglas Bagnall at 2022-06-18T08:47:17+00:00
s4/dlz: add support for bind 9.18
It seems nothing has changed since 9.16 for our purposes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14986
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Signed-off-by: Andreas Hasenack <andreas at canonical.com>
Pair-programmed-with: Andreas Hasenack <andreas at canonical.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Mon May 23 00:53:09 UTC 2022 on sn-devel-184
(cherry picked from commit 03036442deac25f58be4119e6c9ce2586e0abf51)
- - - - -
edd5a851 by Douglas Bagnall at 2022-06-18T08:47:17+00:00
cmdline_s4: re-initialise logging once loadparm is ready
The first time round we maybe didn't know which files we wanted to log to.
Suppose, for example, we had an smb.conf with
log level = 1 dsdb_group_json_audit:5@/var/log/group_json.log
we wouldn't see anything in "/var/log/group_json.log", while the level
5 dsdb_group_json_audit messages would go into the main log.
Note that the named file would still be opened by winbindd and others
that use the s3 code, but would remain empty as they don't have anything
to say about dsdb_group_json_audit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15076
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 9537ac723cfdc43e718fdd08dc28883e7057a372)
- - - - -
a9f87b92 by Andreas Schneider at 2022-06-18T09:55:28+00:00
s3:utils: Fix missing space in testparm output
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15097
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit 7009fb1a10c579262dfa62894ea674197fcee354)
Autobuild-User(v4-16-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-16-test): Sat Jun 18 09:55:28 UTC 2022 on sn-devel-184
- - - - -
8db232cb by Noel Power at 2022-06-20T10:00:16+00:00
Add new dfs node msdfs-share pointing to new msdfs-share2
Also add another node within msdfs-share2 pointing to normal share
This patch is in preperation for creating a test for 'del' &
'deltree' on DFS shares. The extra redirection is necessary to
reproduce the bug
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15100
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 39672a9676bff53d3ccc0ad7c1fa65a95cbceaab)
- - - - -
2f105c9f by Noel Power at 2022-06-20T10:00:16+00:00
Add test smbclient 'del' of file (on DFS share)
del of a file on a DFS share results in NT_STATUS_OBJECT_PATH_NOT_FOUND
Addionally add a knownfail (will be removed in following patch to
fix the bug)
We also need to add a knownfail (which will not be removed) for the
new test which will fail in smb1 envs
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15100
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
(back-ported from commit db1b4df0ab3b18821da3c2dbe6d6058f0c3019b8)
- - - - -
8bac5eed by Noel Power at 2022-06-20T10:00:16+00:00
s3/client: fix dfs delete, resolve dfs path
since 4cc4938a2866738aaff4dc91550bb7a5ad05d7fb do_list seems
to deal with non dfs root path, hence we need to resolve the
path before calling cli_unlink.
Also remove the knownfail
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15100
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 7c4cb4982330cd2eda53950e977179920b1e3b04)
- - - - -
659d6140 by Noel Power at 2022-06-20T10:00:16+00:00
Add test smbclient 'delree' of dir (on DFS share)
deltree of a file on a DFS share results in NT_STATUS_OBJECT_PATH_NOT_FOUND
Addionally add a knownfail for this (to be removed in subsequent patch
to fix bug)
We also need to add a knownfail (which will not be removed) for the
new test which will fail in smb1 envs
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15100
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 23a5a05db03a8f14ab701005a8bec9a3eeff3d77)
- - - - -
94a94383 by Noel Power at 2022-06-20T10:56:52+00:00
s3/client: fix dfs deltree, resolve dfs path
since 4cc4938a2866738aaff4dc91550bb7a5ad05d7fb do_list seems
to deal with non dfs root path, hence we need to resolve the
path before calling cli_unlink.
Also remove the knownfail
We additionally have to also remove the fallback to remove 'file3'
int the smbcacls_dfs_propagate_inherit.teardown as the deltree
that happens in the baseclass now succeeds.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15100
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Jun 17 17:12:07 UTC 2022 on sn-devel-184
(cherry picked from commit 81fdcf95ae92a02f83501753dec0f29ddd555eeb)
Autobuild-User(v4-16-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-16-test): Mon Jun 20 10:56:52 UTC 2022 on sn-devel-184
- - - - -
81dc0832 by Jeremy Allison at 2022-06-23T07:35:08+00:00
s3: tests: Add test that shows smbd crashes using vfs_fruit with fruit:resource = stream on deleting a file.
Add knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15099
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
(backported from commit 238b2cbb8f352375c448d86b462f13752640e16b)
- - - - -
58bdf100 by Jeremy Allison at 2022-06-23T08:43:30+00:00
s3: VFS: streams_xattr: Add the same accommodation to streams_xattr_unlinkat() as used in streams_xattr_renameat().
vfs_fruit passes a synthetic filename here where smb_fname->fsp==NULL
when configured to use "fruit:resource = stream" so we need to use
synthetic_pathref() to get an fsp on the smb_fname->base_name
in order to call SMB_VFS_FREMOVEXATTR().
This is the same change we already use in streams_xattr_renameat()
and streams_xattr_stat(), the other pathname operations we implement
here.
Remove knownfail.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15099
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Mon Jun 20 14:24:20 UTC 2022 on sn-devel-184
(backported from commit 808a7b8b76dbcaac1db0508fd410d0bcf702af7a)
Autobuild-User(v4-16-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-16-test): Thu Jun 23 08:43:30 UTC 2022 on sn-devel-184
- - - - -
becccbae by Andreas Schneider at 2022-06-27T08:25:10+00:00
s3:waf: Fix version number of public libsmbconf
Error: ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15108
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 8458449ddf1a5c939784116aa3f9d21edaf93a05)
Autobuild-User(v4-16-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-16-test): Mon Jun 27 08:25:10 UTC 2022 on sn-devel-184
- - - - -
cce25171 by Andreas Schneider at 2022-07-11T10:27:17+00:00
s3:printing: Do not clear the printer-list.tdb
With the new dcerpc architecture we need to keep printer-list.tdb
around. A spoolss dcerpc call will start rpc-spoolssd which will then
start the background queue process. However in order to enum the
printers we need have a printer-list.tdb. Depending on the number of
printers this task can take several seconds. It is unlinkly that
the printer-list will change all the time, so we might provide outdated
data till it gets refreshed, but this is better than providing no
printer list at all.
If there are a lot of printers, the idle_seconds for the rpc-spoolssd
should be increased so that the background task can finish.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15082
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 9080cd30d517cb50954e440bb4475c2eeb678906)
- - - - -
54ad51cd by Volker Lendecke at 2022-07-11T10:27:17+00:00
smbd: Make non_widelink_open() robust for non-cwd dirfsp
If you pass in dirfsp!=conn->cwd_fsp and a stream fsp, we don't chdir
to the parent pathname, and thus we also don't overwrite
fsp->base_fsp.
fsp->base_fsp!=NULL is thus the wrong condition to restore the
original base fsp name: If we open a stream with a non-cwd_fsp dirfsp,
we would overwrite fsp->base_fsp->fsp_name with NULL.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15105
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 280e9191cbf8a766e69ab138450f2beccbedd879)
- - - - -
42edafd3 by Andreas Schneider at 2022-07-11T10:27:17+00:00
s4:libads: Fix trailing whitespaces in ldap.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15106
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit d96a6cafe558eedc0419affc784049f915d0a6a2)
- - - - -
a708af36 by Andreas Schneider at 2022-07-11T11:33:49+00:00
s3:libads: Check if we have a valid sockaddr
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15106
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit fbf134c8d9e2fe0615824eee6ae7ccdbef4b59dc)
Autobuild-User(v4-16-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-16-test): Mon Jul 11 11:33:49 UTC 2022 on sn-devel-184
- - - - -
52ac4ce2 by Christof Schmitt at 2022-07-18T08:47:13+00:00
nfs4_acls: Correctly skip chown when gid did not change
Commit 86f7af84 introduced a problem that a chown is always attempted,
even when the owning gid did not change. Then the ACL is set in the file
system as root. Fix the check by correctly comparing with gid, not uid.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15120
Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Autobuild-User(master): Christof Schmitt <cs at samba.org>
Autobuild-Date(master): Wed Jul 13 17:30:30 UTC 2022 on sn-devel-184
(cherry picked from commit a6ccceb97ebd43d453ae4f835927cbacde0fdcef)
- - - - -
3537ef5a by Samuel Cabrero at 2022-07-18T08:47:13+00:00
replace: Check for -Wuse-after-free
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15095
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 89e0c732b1c45f6498ed0f39add77c2a52afddce)
- - - - -
17451c5a by Samuel Cabrero at 2022-07-18T08:47:13+00:00
third_party/heimdal: Fix build with gcc version 12.1
Split lib/krb5/crypto to its own subsystem to built with its own CFLAGS
and avoid the following error:
[1510/4771] Compiling third_party/heimdal/lib/krb5/crypto.c
../../third_party/heimdal/lib/krb5/crypto.c: In function ‘_krb5_internal_hmac’:
../../third_party/heimdal/lib/krb5/crypto.c:302:24: warning: cast discards ‘const’ qualifier from pointer target type [-Wcast-qual]
302 | iov[0].data.data = (void *) data;
| ^
../../third_party/heimdal/lib/krb5/crypto.c: In function ‘derive_key_sp800_hmac’:
../../third_party/heimdal/lib/krb5/crypto.c:2427:18: warning: cast discards ‘const’ qualifier from pointer target type [-Wcast-qual]
2427 | label.data = (void *)constant;
| ^
../../third_party/heimdal/lib/krb5/crypto.c: In function ‘decrypt_internal_derived’:
../../third_party/heimdal/lib/krb5/crypto.c:1280:9: error: pointer ‘p’ may be used after ‘realloc’ [-Werror=use-after-free]
1280 | free(p);
| ^~~~~~~
../../third_party/heimdal/lib/krb5/crypto.c:1278:20: note: call to ‘realloc’ here
1278 | result->data = realloc(p, l);
| ^~~~~~~~~~~~~
../../third_party/heimdal/lib/krb5/crypto.c: In function ‘decrypt_internal_enc_then_cksum’:
../../third_party/heimdal/lib/krb5/crypto.c:1365:9: error: pointer ‘p’ may be used after ‘realloc’ [-Werror=use-after-free]
1365 | free(p);
| ^~~~~~~
../../third_party/heimdal/lib/krb5/crypto.c:1363:20: note: call to ‘realloc’ here
1363 | result->data = realloc(p, l);
| ^~~~~~~~~~~~~
../../third_party/heimdal/lib/krb5/crypto.c: In function ‘decrypt_internal’:
../../third_party/heimdal/lib/krb5/crypto.c:1431:9: error: pointer ‘p’ may be used after ‘realloc’ [-Werror=use-after-free]
1431 | free(p);
| ^~~~~~~
../../third_party/heimdal/lib/krb5/crypto.c:1429:20: note: call to ‘realloc’ here
1429 | result->data = realloc(p, l);
| ^~~~~~~~~~~~~
../../third_party/heimdal/lib/krb5/crypto.c: In function ‘decrypt_internal_special’:
../../third_party/heimdal/lib/krb5/crypto.c:1478:9: error: pointer ‘p’ may be used after ‘realloc’ [-Werror=use-after-free]
1478 | free(p);
| ^~~~~~~
../../third_party/heimdal/lib/krb5/crypto.c:1476:20: note: call to ‘realloc’ here
1476 | result->data = realloc(p, sz);
| ^~~~~~~~~~~~~~
cc1: all warnings being treated as errors
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15095
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Samuel Cabrero <scabrero at samba.org>
Autobuild-Date(master): Tue Jun 14 10:16:18 UTC 2022 on sn-devel-184
(cherry picked from commit 971441ca5244b0e56f6b664d785fcefa3867ede1)
- - - - -
c5569b4f by Volker Lendecke at 2022-07-18T08:47:13+00:00
rpc_server3: Initialize mangle_fns in classic and spoolss
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15118
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky at samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Tue Jul 12 13:33:14 UTC 2022 on sn-devel-184
(cherry picked from commit 11d3d2aeac599ebbedd5332c5520465970319448)
- - - - -
e388fe2b by Samuel Cabrero at 2022-07-18T08:47:13+00:00
s3:winbind: Create service principal inside add_ccache_to_list()
The function can build the service principal itself, there is no
need to do it in the caller. This removes code duplication.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14979
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 8bef8e3de9fc96ff45319f80529e878977563f3a)
- - - - -
89b914b3 by Samuel Cabrero at 2022-07-18T09:40:12+00:00
s3:winbind: Use the canonical realm name to renew the credentials
Consider the following AD topology where all trusts are parent-child
trusts:
ADOM.AFOREST.AD
|
ACHILD.ADOM.AFOREST.AD
|
AGRANDCHILD.ACHILD.ADOM.AFOREST.AD <-- Samba joined
When logging into the Samba machine using pam_winbind with kerberos enabled
with user ACHILD\user1, the ccache content is:
Default principal: user1 at ACHILD.ADOM.AFOREST.AD
Valid starting Expires Service principal
07/06/2022 16:09:23 07/06/2022 16:14:23 krbtgt/ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD
renew until 07/13/2022 16:09:23
--> 07/06/2022 16:09:23 07/06/2022 16:14:23 krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD <-- NOTE this TGT ticket
renew until 07/13/2022 16:09:23
07/06/2022 16:09:23 07/06/2022 16:14:23 SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD
renew until 07/13/2022 16:09:23
But when logging in with user ADOM\user1, the ccache content is:
Default principal: user1 at ADOM.AFOREST.AD
Valid starting Expires Service principal
07/06/2022 16:04:37 07/06/2022 16:09:37 krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD
renew until 07/13/2022 16:04:37
07/06/2022 16:04:37 07/06/2022 16:09:37 SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD
renew until 07/13/2022 16:04:37
MIT does not store the intermediate TGTs when there is more than one hop:
ads_krb5_cli_get_ticket: Getting ticket for service [SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD] using creds from [FILE:/tmp/krb5cc_11105] and impersonating [(null)]
Getting credentials user1 at ADOM.AFOREST.AD -> SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD using ccache FILE:/tmp/krb5cc_11105
Starting with TGT for client realm: user1 at ADOM.AFOREST.AD -> krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD
Requesting TGT krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ADOM.AFOREST.AD using TGT krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD
Sending request to ADOM.AFOREST.AD
Received answer from stream 192.168.101.32:88
TGS reply is for user1 at ADOM.AFOREST.AD -> krbtgt/ACHILD.ADOM.AFOREST.AD at ADOM.AFOREST.AD with session key rc4-hmac/D88B
--> Received TGT for offpath realm ACHILD.ADOM.AFOREST.AD <-- NOTE this TGT ticket is not stored
Requesting TGT krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD using TGT krbtgt/ACHILD.ADOM.AFOREST.AD at ADOM.AFOREST.AD
Sending request (1748 bytes) to ACHILD.ADOM.AFOREST.AD
Received answer (1628 bytes) from stream 192.168.101.33:88
TGS reply is for user1 at ADOM.AFOREST.AD -> krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD with session key rc4-hmac/D015
--> Received TGT for service realm: krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD <-- NOTE this TGT is not stored
Requesting tickets for SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD, referrals on
Sending request (1721 bytes) to AGRANDCHILD.ACHILD.ADOM.AFOREST.AD
Received answer (1647 bytes) from stream 192.168.101.34:88
TGS reply is for user1 at ADOM.AFOREST.AD -> SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD with session key aes256-cts/345A
Received creds for desired service SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD
Storing user1 at ADOM.AFOREST.AD -> SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD in FILE:/tmp/krb5cc_11105
In the case of ACHILD\user1:
ads_krb5_cli_get_ticket: Getting ticket for service [SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD] using creds from [FILE:/tmp/krb5cc_2000] and impersonating [(null)]
Getting credentials user1 at ACHILD.ADOM.AFOREST.AD -> SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD using ccache FILE:/tmp/krb5cc_2000
Starting with TGT for client realm: user1 at ACHILD.ADOM.AFOREST.AD -> krbtgt/ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD
Requesting TGT krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD using TGT krbtgt/ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD
Sending request to ACHILD.ADOM.AFOREST.AD
Received answer from stream 192.168.101.33:88
TGS reply is for user1 at ACHILD.ADOM.AFOREST.AD -> krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD with session key rc4-hmac/0F60
--> Storing user1 at ACHILD.ADOM.AFOREST.AD -> krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD in FILE:/tmp/krb5cc_2000 <-- NOTE this TGT is stored
Received TGT for service realm: krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ACHILD.ADOM.AFOREST.AD
Requesting tickets for SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD, referrals on
Sending request (1745 bytes) to AGRANDCHILD.ACHILD.ADOM.AFOREST.AD
Received answer (1675 bytes) from stream 192.168.101.34:88
TGS reply is for user1 at ACHILD.ADOM.AFOREST.AD -> SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD with session key aes256-cts/3576
Received creds for desired service SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD
Storing user1 at ACHILD.ADOM.AFOREST.AD -> SAMBA$@AGRANDCHILD.ACHILD.ADOM.AFOREST.AD in FILE:/tmp/krb5cc_2000
The result is that winbindd can't refresh the tickets for ADOM\user1
because the local realm is used to build the TGT service name.
smb_krb5_renew_ticket: Using FILE:/tmp/krb5cc_11105 as ccache for client 'user1 at ADOM.AFOREST.AD' and service 'krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at AGRANDCHILD.ACHILD.ADOM.AFOREST.AD'
Retrieving user1 at ADOM.AFOREST.AD -> krbtgt/AGRANDCHILD.ACHILD.ADOM.AFOREST.AD at ADOM.AFOREST.AD from FILE:/tmp/krb5cc_11105 with result: -1765328243/Matching credential not found (filename: /tmp/krb5cc_11105)
The canonical realm name must be used instead:
smb_krb5_renew_ticket: Using FILE:/tmp/krb5cc_11105 as ccache for client 'user1 at ADOM.AFOREST.AD' and service 'krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD'
Retrieving user1 at ADOM.AFOREST.AD -> krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD from FILE:/tmp/krb5cc_11105 with result: 0/Success
Get cred via TGT krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD after requesting krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD (canonicalize off)
Sending request to ADOM.AFOREST.AD
Received answer from stream 192.168.101.32:88
TGS reply is for user1 at ADOM.AFOREST.AD -> krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD with session key aes256-cts/8C7B
Storing user1 at ADOM.AFOREST.AD -> krbtgt/ADOM.AFOREST.AD at ADOM.AFOREST.AD in FILE:/tmp/krb5cc_11105
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14979
Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Jul 12 12:38:55 UTC 2022 on sn-devel-184
(cherry picked from commit 116af0df4f74aa450cbb77c79f8cac4bfc288631)
Autobuild-User(v4-16-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-16-test): Mon Jul 18 09:40:12 UTC 2022 on sn-devel-184
- - - - -
36eeba73 by Jule Anger at 2022-07-18T13:08:52+02:00
WHATSNEW: Add release notes for Samba 4.16.3.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
b3cbf421 by Jule Anger at 2022-07-18T13:09:27+02:00
VERSION: Disable GIT_SNAPSHOT for the 4.16.3 release.
Signed-off-by: Jule Anger <janger at samba.org>
- - - - -
55d4cb9e by Michael Tokarev at 2022-07-18T16:25:30+03:00
d/watch: repacksuffix=+dfsg
- - - - -
460c18f4 by Michael Tokarev at 2022-07-18T16:27:17+03:00
New upstream version 4.16.3+dfsg
- - - - -
af9de44b by Michael Tokarev at 2022-07-18T16:28:08+03:00
Update upstream source from tag 'upstream/4.16.3+dfsg'
Update to upstream version '4.16.3+dfsg'
with Debian dir c3da4b5cf54c461216ab252e9a34b77dcd3055d9
- - - - -
b8a32a98 by Michael Tokarev at 2022-07-18T16:36:34+03:00
start changelog for 4.16.3
- - - - -
30 changed files:
- VERSION
- WHATSNEW.txt
- ctdb/common/logging.c
- ctdb/doc/ctdb-etcd.7
- ctdb/doc/ctdb-script.options.5
- ctdb/doc/ctdb-statistics.7
- ctdb/doc/ctdb-tunables.7
- ctdb/doc/ctdb.1
- ctdb/doc/ctdb.7
- ctdb/doc/ctdb.conf.5
- ctdb/doc/ctdb.sysconfig.5
- ctdb/doc/ctdb_diagnostics.1
- ctdb/doc/ctdb_mutex_ceph_rados_helper.7
- ctdb/doc/ctdbd.1
- ctdb/doc/ctdbd_wrapper.1
- ctdb/doc/ltdbtool.1
- ctdb/doc/onnode.1
- ctdb/doc/ping_pong.1
- ctdb/server/ctdb_logging.c
- debian/changelog
- debian/watch
- docs/manpages/cifsdd.8
- docs/manpages/dbwrap_tool.1
- docs/manpages/eventlogadm.8
- docs/manpages/idmap_ad.8
- docs/manpages/idmap_autorid.8
- docs/manpages/idmap_hash.8
- docs/manpages/idmap_ldap.8
- docs/manpages/idmap_nss.8
- docs/manpages/idmap_rfc2307.8
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/13eb6050d1e9176126a5b50529f9f7cea016a502...b8a32a98de745a08740c846c1cde8fee3a6f5b97
--
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/13eb6050d1e9176126a5b50529f9f7cea016a502...b8a32a98de745a08740c846c1cde8fee3a6f5b97
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20220718/3ca990ad/attachment-0001.htm>
More information about the Pkg-samba-maint
mailing list