[Pkg-samba-maint] [Git][samba-team/samba][upstream_4.17] Deleted 33 commits: VERSION: Bump version up to Samba 4.17.9...

Michael Tokarev (@mjt) gitlab at salsa.debian.org
Thu Jul 6 20:51:47 BST 2023



Michael Tokarev pushed to branch upstream_4.17 at Debian Samba Team / samba


WARNING: The push did not contain any new commits, but force pushed to delete the commits and changes below.


Deleted commits:
01d3f583 by Jule Anger at 2023-05-11T09:05:04+02:00
VERSION: Bump version up to Samba 4.17.9...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Jule Anger <janger at samba.org>

- - - - -
98b8ffdb by Stefan Metzmacher at 2023-05-23T07:13:09+00:00
librpc/rpc: allow smb3_sid_parse() to accept modern encryption algorithms

We should not limit the possible encryption algorithms to the currently
known ones.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15374

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed May 17 07:34:28 UTC 2023 on atb-devel-224

(cherry picked from commit e03e738dfc96b3c8ce54e2d280143965713f4778)

- - - - -
e8094b79 by Volker Lendecke at 2023-05-23T07:13:09+00:00
libcli: Add security_token_count_flag_sids()

To be used in a few places when checking special-case Samba SIDs.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 5e8c7192ba5469547ba3101885dfbaba2f8181f4)

- - - - -
2d1e69dc by Volker Lendecke at 2023-05-23T07:13:09+00:00
smbd: Use security_token_count_flag_sids() in open_np_file()

Simpler logic in the caller

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 244ee8ad75c2c968997dfdd5eeb9e9cb97a191fb)

- - - - -
9a3ae1d0 by Volker Lendecke at 2023-05-23T07:13:09+00:00
librpc: Simplify dcerpc_is_transport_encrypted()

Simplify logic by using security_token_count_flag_sids()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 1d11e0489b2c91fc05c6befc0463695d7102abcc)

- - - - -
61a71886 by Volker Lendecke at 2023-05-23T07:13:09+00:00
rpc: Add global_sid_Samba_NPA_Flags SID

This will be used as a flexible way to pass per-RPC-connection flags
over ncalrpc to the RPC server without having to modify
named_pipe_auth_req_info6 every time something new needs to be
passed. It's modeled after global_sid_Samba_SMB3.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit ebbb93cc7a57a118b82b8f383d25f1eb022397d6)

- - - - -
270855cf by Joseph Sutton at 2023-05-23T07:13:09+00:00
named_pipe_auth: Bump info5 to info6

In the next commit, we shall replace the 'authenticated' field of
named_pipe_auth_req_info.info5.session_info.session_info.info with a
more general 'user_flags' field.

Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 8aef16bbbc1e55f0a9f5a8ec87e5348688d93785)

- - - - -
f5323412 by Volker Lendecke at 2023-05-23T07:13:09+00:00
rpc_server3: Use global_sid_Samba_NPA_Flags to pass "need_idle"

More code, but will be more flexible in the future.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 31180e0e6d9e43d54e7656a56ed3af129f578105)

- - - - -
c21560a0 by Volker Lendecke at 2023-05-23T07:13:09+00:00
rpc: Remove named_pipe_auth_req_info6->need_idle_server

Involves bumping up the version number

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit bdba027a33e35aab7bb322bc3167cdd7babfc059)

- - - - -
99f28fec by Volker Lendecke at 2023-05-23T07:13:09+00:00
lib: Add security_token_del_npa_flags() helper function

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit bb3ea36e10079ad9c73c68d7ed8fce51ecb40ebe)

- - - - -
e1c3f832 by Volker Lendecke at 2023-05-23T08:09:23+00:00
rpc_server3: Pass winbind_env_set() state through to rpcd_*

Winbind can ask rpcd_lsad for LookupNames etc. This can recurse back
into winbind for getpwnam. We have the "_NO_WINBINDD" environment
variable set in winbind itself for this case, but this is lost on the
way into rpcd_lsad. Use a flag in global_sid_Samba_NPA_Flags to pass
this information to dcerpc_core, where it sets the variable on every
call if requested.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15361
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>

Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Tue May 16 11:54:32 UTC 2023 on atb-devel-224

(cherry picked from commit 59694ad0a4cc489f1baa4c2c94c6322c0f22c1df)

Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Tue May 23 08:09:23 UTC 2023 on sn-devel-184

- - - - -
f544dc9c by Ralph Boehme at 2023-05-31T07:49:14+00:00
CI: add a test for fruit AppleDouble conversion when deletion triggers conversion

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15378

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 59eadfe21aca6d563f86ea656517216036421bca)

- - - - -
ed1979c7 by Ralph Boehme at 2023-05-31T07:49:14+00:00
vfs_fruit: return ENOENT instead of EISDIR when trying to open AFP_Resource for a directory

Translates to NT_STATUS_OBJECT_NAME_NOT_FOUND which is the same error macOS
returns in this case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15378

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 9b91a8bad2ff8da9eb56f1f9d640bcea294a5a0a)

- - - - -
b0e8932b by Ralph Boehme at 2023-05-31T07:49:14+00:00
vfs_fruit: never return AFP_Resource stream for directories

The macOS client creates ._ AppleDouble files for directories that do contain
an (empty) resource fork AppleDouble entry. So when going from a Samba server
config without streams module (or when migrating data from another server
without streams support), to a Samba config with a streams module and vfs_fruit,
fruit_streaminfo() will wrongly return the AFP_Resource from the AppleDouble
file as stream to the client.

To address this, just never return an AFP_Resource stream for directories when
listing streams in fruit_streaminfo(). ad_convert(), when configured with

  fruit:delete_empty_adfiles = true
  fruit:wipe_intentionally_left_blank_rfork = true

will happily discard the AFP_Resource from the AppleDouble file.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15378

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 06f0c070a0b18313f48362aa326e3e7e6a096492)

- - - - -
4e0850b7 by Ralph Boehme at 2023-05-31T07:49:14+00:00
libadouble: allow FILE_SHARE_DELETE in ad_convert_xattr()

Not specifying FILE_SHARE_DELETE wasn't done intentionally. Not setting the flag
triggers the following problem:

* client sends a CREATE with delete access

* this triggers a call to open_streams_for_delete() where we check for
conflicting opens on any of the streams of the file or directory

* if the file (or directory) has a stream like ":com.apple.quarantine" the
stream is opened with DELETE_ACCESS and kept open when the next step might:

* if the file (or directory) has a Mac specific :AFP_AfpInfo stream, the
ad_convert() routine in fruit_create_file() is triggered

* ad_convert() checks if the file (or ...) has a sidecar ._ AppleDouble file, if
it has:

* in ad_convert_xattr() we unpack any set of xattrs encoded in the AppleDouble
file and recreate them as streams with the VFS. Now, if any of these xattrs
happens to be converted to a stream that we still have open in
open_streams_for_delete() (see above) we get a NT_STATUS_SHARING_VIOLATION

This error gets passed up the stack back to open_streams_for_delete() so the
client CREATE request fails and the client is unhappy.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15378

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 55bd10456486628cad2bd085618e873598401c3b)

- - - - -
a2567c17 by Ralph Boehme at 2023-05-31T07:49:14+00:00
vfs_fruit: just log failing AppleDouble conversion

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15378

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 3bf97f19c36d26b4178f7cb6202bbdd44de0c1aa)

- - - - -
dff3946d by Ralph Boehme at 2023-05-31T08:48:25+00:00
vfs_fruit: add fruit:convert_adouble parameter

https://bugzilla.samba.org/show_bug.cgi?id=15378

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri May 26 00:52:29 UTC 2023 on atb-devel-224

(cherry picked from commit 035f6d914d133cf3248f15b1be06a9e1837238da)

Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Wed May 31 08:48:25 UTC 2023 on sn-devel-184

- - - - -
25b75ecc by Samuel Cabrero at 2023-06-02T12:51:11+00:00
s4:dnsserver: Rename dns_name_equal() to samba_dns_name_equal()

This function already exists in bind9 but takes different arguments, so when
the DLZ is loaded and this function is called bind crashes:

  named[1523]: samba_dlz: allowing update of signer=DESKTOP-8BUKMBK\$\@AFOREST.AD name=118.101.168.192.in-addr.arpa tcpaddr=192.168.101.118  type=PTR key=1264-ms-7.1-2ac9.9ef238e1-9747-11ed-9f95-525400dc6981/159/0
  named[1523]: samba_dlz: allowing update of signer=DESKTOP-8BUKMBK\$\@AFOREST.AD name=118.101.168.192.in-addr.arpa tcpaddr=192.168.101.118  type=PTR key=1264-ms-7.1-2ac9.9ef238e1-9747-11ed-9f95-525400dc6981/159/0
  named[1523]: client @0x7f26caa90f68 192.168.101.118#58223/key DESKTOP-8BUKMBK\$\@AFOREST.AD: updating zone '101.168.192.in-addr.arpa/NONE': deleting rrset at '118.101.168.192.in-addr.ar
  named[1523]: name.c:664: REQUIRE(((name1) != ((void *)0) && ((const isc__magic_t *)(name1))->magic == ((('D') << 24 | ('N') << 16 | ('S') << 8 | ('n'))))) failed, back trace

Backtrace:

  #0  0x00007f2716c957ec in __pthread_kill_implementation () from /lib64/libc.so.6
  #1  0x00007f2716c42816 in raise () from /lib64/libc.so.6
  #2  0x00007f2716c2b81c in abort () from /lib64/libc.so.6
  #3  0x000055d4de847995 in assertion_failed (file=<optimized out>, line=<optimized out>,
      type=<optimized out>, cond=<optimized out>) at /usr/src/debug/bind-9.18.10/bin/named/main.c:237
  #4  0x00007f27176388fc in isc_assertion_failed (file=file at entry=0x7f27173b0df6 "name.c",
      line=line at entry=664, type=type at entry=isc_assertiontype_require,
      cond=cond at entry=0x7f27173b0268 "((name1) != ((void *)0) && ((const isc__magic_t *)(name1))->magic == ((('D') << 24 | ('N') << 16 | ('S') << 8 | ('n'))))")
      at /usr/src/debug/bind-9.18.10/lib/isc/assertions.c:48
  #5  0x00007f27172946f9 in dns_name_equal (name1=<optimized out>, name2=<optimized out>)
      at /usr/src/debug/bind-9.18.10/lib/dns/name.c:664

  **** Here bind's dns_name_equal() is called instead of samba's dns_name_equal() ****

  #6  0x00007f27077ad6f2 in dns_record_match (rec1=0x7f26f8042d70, rec2=0x7f26f8044d10)
      at ../../source4/dns_server/dnsserver_common.c:1346
  #7  0x00007f271404732c in b9_record_match (rec1=0x7f26f8042d70, rec2=0x7f26f8044d10)
      at ../../source4/dns_server/dlz_bind9.c:1830
  #8  0x00007f2714047daa in dlz_subrdataset (name=0x7f2706ff82f0 "118.101.168.192.in-addr.arpa",
      rdatastr=0x7f26c9c10000 "118.101.168.192.in-addr.arpa.\t1200\tIN\tPTR\tDESKTOP-8BUKMBK.aforest.ad.",
      dbdata=0x7f271003d300, version=0x7f26f8044b20) at ../../source4/dns_server/dlz_bind9.c:2077
  #9  0x000055d4de84afb4 in dlopen_dlz_subrdataset (name=0x7f2706ff82f0 "118.101.168.192.in-addr.arpa",
      rdatastr=<optimized out>, driverarg=<optimized out>, dbdata=0x7f270430f680, version=<optimized out>)
      at /usr/src/debug/bind-9.18.10/bin/named/dlz_dlopen_driver.c:483
  #10 0x00007f271738e734 in modrdataset.constprop.0 (db=0x7f2704291740, node=0x7f26c9c006e0,
      version=0x7f26f8044b20, rdataset=0x7f2706ff8830,
      mod_function=0x55d4de84af80 <dlopen_dlz_subrdataset>, options=<optimized out>)
      at /usr/src/debug/bind-9.18.10/lib/dns/sdlz.c:1107
  #11 0x00007f2717251855 in diff_apply (diff=diff at entry=0x7f2706ff8df0, db=db at entry=0x7f2704291740,
      ver=ver at entry=0x7f26f8044b20, warn=warn at entry=true) at /usr/src/debug/bind-9.18.10/lib/dns/diff.c:370
  #12 0x00007f2717251c8a in dns_diff_apply (diff=diff at entry=0x7f2706ff8df0, db=db at entry=0x7f2704291740,
      ver=ver at entry=0x7f26f8044b20) at /usr/src/debug/bind-9.18.10/lib/dns/diff.c:465
  #13 0x00007f2717d105aa in do_one_tuple (tuple=tuple at entry=0x7f2706ff8e50, db=db at entry=0x7f2704291740,
      ver=ver at entry=0x7f26f8044b20, diff=diff at entry=0x7f2706ff9400)
      at /usr/src/debug/bind-9.18.10/lib/ns/update.c:454
  #14 0x00007f2717d10fff in update_one_rr (rdata=0x7f2706ff8ee8, ttl=<optimized out>,
      name=<optimized out>, op=DNS_DIFFOP_DEL, diff=0x7f2706ff9400, ver=0x7f26f8044b20, db=0x7f2704291740)
      at /usr/src/debug/bind-9.18.10/lib/ns/update.c:505
  #15 delete_if_action (data=<optimized out>, rr=0x7f2706ff8ee0)
      at /usr/src/debug/bind-9.18.10/lib/ns/update.c:1427
  #16 0x00007f2717d10ccd in foreach_rr (db=0x7f2704291740, ver=<optimized out>, name=0x7f26caa61d00,
      type=<optimized out>, covers=<optimized out>,
      rr_action=rr_action at entry=0x7f2717d10f60 <delete_if_action>, rr_action_data=0x7f2706ff9280)
      at /usr/src/debug/bind-9.18.10/lib/ns/update.c:736
  #17 0x00007f2717d10e76 in delete_if (predicate=predicate at entry=0x7f2717d0fb10 <true_p>,
      db=<optimized out>, ver=<optimized out>, name=<optimized out>, type=<optimized out>,
      covers=<optimized out>, update_rr=0x7f2706ff94b0, diff=0x7f2706ff9400)
      at /usr/src/debug/bind-9.18.10/lib/ns/update.c:1454
  #18 0x00007f2717d1bccd in update_action (task=<optimized out>, event=<optimized out>)
      at /usr/src/debug/bind-9.18.10/lib/ns/update.c:3299
  #19 0x00007f271765eb4c in task_run (task=0x7f27155ccf00)
      at /usr/src/debug/bind-9.18.10/lib/isc/task.c:823
  #20 isc_task_run (task=0x7f27155ccf00) at /usr/src/debug/bind-9.18.10/lib/isc/task.c:904
  #21 0x00007f271762cb12 in isc__nm_async_task (worker=0x7f2716236560, ev0=0x7f26caa07000)
      at netmgr/netmgr.c:840
  #22 process_netievent (worker=worker at entry=0x7f2716236560, ievent=0x7f26caa07000) at netmgr/netmgr.c:918
  #23 0x00007f271762d197 in process_queue (worker=worker at entry=0x7f2716236560,
      type=type at entry=NETIEVENT_TASK) at netmgr/netmgr.c:1011
  #24 0x00007f271762d3b3 in process_all_queues (worker=0x7f2716236560) at netmgr/netmgr.c:765
  #25 async_cb (handle=0x7f27162368c0) at netmgr/netmgr.c:794
  #26 0x00007f2717c4cb0d in uv__async_io (loop=0x7f2716236570, w=<optimized out>, events=<optimized out>)
      at src/unix/async.c:163
  #27 0x00007f2717c6825d in uv__io_poll (loop=0x7f2716236570, timeout=<optimized out>)
      at src/unix/epoll.c:374
  #28 0x00007f2717c5247a in uv__io_poll (timeout=<optimized out>, loop=0x7f2716236570)
      at src/unix/udp.c:122
  #29 uv_run (loop=loop at entry=0x7f2716236570, mode=mode at entry=UV_RUN_DEFAULT) at src/unix/core.c:406
  #30 0x00007f271762d834 in nm_thread (worker0=0x7f2716236560) at netmgr/netmgr.c:696
  #31 0x00007f27176627f5 in isc__trampoline_run (arg=0x55d4dfe3ad70)
      at /usr/src/debug/bind-9.18.10/lib/isc/trampoline.c:189
  #32 0x00007f2716c9398d in start_thread () from /lib64/libc.so.6
  #33 0x00007f2716d19344 in clone () from /lib64/libc.so.6

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14030

Signed-off-by: Samuel Cabrero <scabrero at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

Autobuild-User(master): Samuel Cabrero <scabrero at samba.org>
Autobuild-Date(master): Thu Jan 19 10:20:27 UTC 2023 on atb-devel-224

(cherry picked from commit fcecdfa8e5c651d4a27f8fcd5df6e9bce37ed8a7)

- - - - -
0a27a04e by Volker Lendecke at 2023-06-02T12:51:11+00:00
tests: Make timelimit available to test scripts

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15382

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 4804d6b89a9146f1fc5270de158cd25254505f61)

- - - - -
72149cd8 by Volker Lendecke at 2023-06-02T12:51:11+00:00
tests: Show that we 100% loop in cli_list_old_recv()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15382

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit e86234f3d61c62e4365e1ea105bdd29feaf7ccbe)

- - - - -
af55bfe4 by Volker Lendecke at 2023-06-02T13:52:29+00:00
libsmb: Fix directory listing against old servers

cli_list_trans_recv() can be called multiple times. When it's done, it
return NT_STATUS_OK and set *finfo to NULL. cli_list_old_recv() did
not do the NULL part, so smbclient would endlessly loop.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15382

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Jun  1 21:54:42 UTC 2023 on atb-devel-224

(cherry picked from commit f30f5793ad592e193546586b765837c0ac9f5647)

Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Fri Jun  2 13:52:29 UTC 2023 on sn-devel-184

- - - - -
f26b2057 by Volker Lendecke at 2023-06-09T14:43:33+00:00
smbclient: Fix fd leak with "showacls;ls"

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15391

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Jun  8 16:55:14 UTC 2023 on atb-devel-224

(cherry picked from commit 5c52f71c0d0e162dcbf42378357313035efa860f)

Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Fri Jun  9 14:43:33 UTC 2023 on sn-devel-184

- - - - -
88c24655 by Jones Syue at 2023-06-28T21:03:31+00:00
s3:utils: smbget fix a memory leak

Using smbget to download files recursively (-R).

If smbget found that a file is already existed in the destination,
smbget would said 'File exists', return early, and 'newname' allocated
memory is never freed, this is found by valgrind.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15403

Signed-off-by: Jones Syue <jonessyue at qnap.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Jun 28 07:02:34 UTC 2023 on atb-devel-224

(cherry picked from commit afbed653526b572f7309e67ed742a76ef7b2b8ec)

Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Wed Jun 28 21:03:31 UTC 2023 on sn-devel-184

- - - - -
c366a064 by Douglas Bagnall at 2023-06-30T12:44:07+00:00
pidl: avoid py compile issues with --pidl-developer

We get these warnings-as-errors:

librpc/gen_ndr/py_netlogon.c:61903:53: error: stray ‘\’ in program
61903 |    PyErr_Format(PyExc_TypeError, "Expected type %s",\  //<PIDL> Parse::Pidl::Samba4::Python::ConvertObjectFromPythonData  lib/Parse/Pidl/Samba4/Python.pm:2005

but the '\' is unnecessary and unconventional anyway, since we're in a
function argument list.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15404

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Feb  3 03:27:54 UTC 2023 on atb-devel-224

(cherry picked from commit e26a01a48c4a6ca6f9424ced72eda68e6eb1e7e3)

Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Fri Jun 30 12:44:07 UTC 2023 on sn-devel-184

- - - - -
426b6ecc by Ralph Boehme at 2023-07-06T12:31:16+00:00
smbd: call exit_server_cleanly() to avoid panicking

The parent smdb forwards SIGTERM to its process group in order to kill all
children like the scavenger. This happens from a function registered via
atexit() which means the signal forwarding is happening very briefly before the
main smbd process exits. When exiting the pipe between smbd and scavenger is
closed which triggers a file event in the scavenger.

However, due to kernel sheduling it is possible that the file descriptor event
is received before the signal, where we call exit_server() which call
smb_panic() at the end.

Change the exit to exit_server_cleanly() and just log this event at level 2
which we already do.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15275

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>

Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Jul  5 13:14:08 UTC 2023 on atb-devel-224

(cherry picked from commit 083fe1c28c6ec69cbd15d8cc2f7f06b1b630f2bc)

- - - - -
62507b11 by Stefan Metzmacher at 2023-07-06T12:31:16+00:00
s3:winbindd: call reset_cm_connection_on_error() in wb_cache_query_user_list()

This is mostly for consistency, every remote call should call
reset_cm_connection_on_error(). Note this is more than
a simple invalidate_cm_connection() as it may set
domain->conn.netlogon_force_reauth = true.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit cb59fd43bbf758e4bad774cfc19ef87b157052c2)

- - - - -
0afed23b by Stefan Metzmacher at 2023-07-06T12:31:16+00:00
s3:winbindd: make use of reset_cm_connection_on_error() for winbindd_lookup_{names,sids}()

Note this is more than a simple invalidate_cm_connection() as it may set
domain->conn.netlogon_force_reauth = true.

This is not strictly needed as the callers call
reset_cm_connection_on_error() via reconnect_need_retry().
But it might avoid one roundtrip.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 4ad5a35a3f67860aa7a1345efcfc92fe40578e31)

- - - - -
38a9e17d by Stefan Metzmacher at 2023-07-06T12:31:16+00:00
s3:winbindd: let winbind_samlogon_retry_loop() always start with authoritative = 1

Otherwise we could treat a local problem as non-authoritative.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 0cb6de4b1d5410f3699172952be81c6eb75c2c86)

- - - - -
b5b4fd3e by Stefan Metzmacher at 2023-07-06T12:31:16+00:00
s3:winbindd: make use of reset_cm_connection_on_error() in winbind_samlogon_retry_loop()

Note this is more than a simple invalidate_cm_connection() as it may set
domain->conn.netlogon_force_reauth = true, which is important in order
to recover from NT_STATUS_RPC_SEC_PKG_ERROR errors.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit b317b10dffd99d1add3ff0b85b958edd9639abc8)

- - - - -
65f35a5b by Stefan Metzmacher at 2023-07-06T13:29:28+00:00
s3:winbindd: let winbind_samlogon_retry_loop() fallback to NT_STATUS_NO_LOGON_SERVERS

When we were not able to get a valid response from any DC we should
report NT_STATUS_NO_LOGON_SERVERS with authoritative = 1.

This matches what windows does. In a chain of transitive
trusts the ACCESS_DENIED/authoritative=0 is not propagated,
instead NT_STATUS_NO_LOGON_SERVERS/authoritative=1 is
passed along the chain if there's no other DC is available.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 50e771c12f84f9268c2e9ddeef0965f79f85de3d)

Autobuild-User(v4-17-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-17-test): Thu Jul  6 13:29:28 UTC 2023 on sn-devel-184

- - - - -
95fd96db by Jule Anger at 2023-07-06T15:40:45+02:00
WHATSNEW: Add release notes for Samba 4.17.9.

Signed-off-by: Jule Anger <janger at samba.org>

- - - - -
b8598d4b by Jule Anger at 2023-07-06T15:41:10+02:00
VERSION: Disable GIT_SNAPSHOT for the 4.17.9 release.

Signed-off-by: Jule Anger <janger at samba.org>

- - - - -
98ae3bac by Michael Tokarev at 2023-07-06T18:56:03+03:00
New upstream version 4.17.9+dfsg
- - - - -


14 changed files:

- VERSION
- WHATSNEW.txt
- − ctdb/doc/ctdb-etcd.7
- ctdb/doc/ctdb-etcd.7.html
- − ctdb/doc/ctdb-script.options.5
- ctdb/doc/ctdb-script.options.5.html
- − ctdb/doc/ctdb-statistics.7
- ctdb/doc/ctdb-statistics.7.html
- − ctdb/doc/ctdb-tunables.7
- ctdb/doc/ctdb-tunables.7.html
- − ctdb/doc/ctdb.1
- ctdb/doc/ctdb.1.html
- − ctdb/doc/ctdb.7
- ctdb/doc/ctdb.7.html


The diff was not included because it is too large.


View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/6a7beeafee09ef74cb47213bb14eab8745f22476...98ae3bacaae3a793039fe27d249541d7cddea68e

-- 
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/6a7beeafee09ef74cb47213bb14eab8745f22476...98ae3bacaae3a793039fe27d249541d7cddea68e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20230706/a3a31660/attachment-0001.htm>


More information about the Pkg-samba-maint mailing list