[Pkg-samba-maint] [Git][samba-team/samba][experimental] 164 commits: VERSION: Bump version up to Samba 4.20.3...

Michael Tokarev (@mjt) gitlab at salsa.debian.org
Wed Aug 14 13:18:37 BST 2024 


Michael Tokarev pushed to branch experimental at Debian Samba Team / samba


Commits:
eeae9fe4 by Jule Anger at 2024-06-19T16:19:36+02:00
VERSION: Bump version up to Samba 4.20.3...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Jule Anger <janger at samba.org>

- - - - -
4e57b8a5 by Andrew Bartlett at 2024-07-03T08:49:13+00:00
dsdb: Reduce minimum maxPwdAge from 1 day to nil

This allows us to have tests, which pass on Windows, that
use a very short maxPwdAge.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
(cherry picked from commit 3669479f22f2109a64250ffabd1f6453882d29f1)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655

- - - - -
c1433f82 by Jo Sutton at 2024-07-03T08:49:13+00:00
tests/krb5: Fix PK-INIT test framework to allow expired password keys

Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 7cc8f455191faacf32efc474c27e99d45ef2e024)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655

- - - - -
50a417a2 by Andrew Bartlett at 2024-07-03T08:49:13+00:00
python/tests/krb5: Prepare for PKINIT tests with UF_SMARTCARD_REQUIRED

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
(backported from commit b2fe1ea1c6aba116b31a1c803b4e0d36ac1a32ee)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655

[jsutton at samba.org Fixed conflicting import statements in
 python/samba/tests/krb5/pkinit_tests.py]

- - - - -
d4c1e215 by Jo Sutton at 2024-07-03T08:49:13+00:00
tests/krb5: Allow creation of disabled accounts for testing

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655

Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(backported from commit 6dc6168719cf232ac2c1d747f10aad9b13300c02)

[jsutton at samba.org Fixed conflicting import statements in
 python/samba/tests/krb5/kdc_base_test.py]

- - - - -
41c8a42c by Jo Sutton at 2024-07-03T08:49:13+00:00
tests/krb5: Add tests for errors produced when logging in with unusable accounts

Heimdal matches Windows in the no‐FAST case, but produces NTSTATUS codes
when it shouldn’t in the FAST case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655

Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit c5ee0b60b20011aeaa60c2f549c2a78269c97c8f)

- - - - -
bff728a8 by Jo Sutton at 2024-07-03T10:06:32+00:00
third_party/heimdal: Import lorikeet-heimdal-202406240121 (commit 4315286377278234be2f3b6d52225a17b6116d54)

This lets us match the Windows FAST reply when the password is expired.

Windows clients were upset by the NTSTATUS field in the edata,
apparently interpreting it to mean “insufficient resource”.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15655

Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit fe90576871b5d644b9e888fd7a0b0351feaba750)

Autobuild-User(v4-20-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-20-test): Wed Jul  3 10:06:33 UTC 2024 on atb-devel-224

- - - - -
5531ef4d by Douglas Bagnall at 2024-07-09T08:38:11+00:00
buildtools: sanitise strange characters in vendor strings

There is no reason to think '-' and '+' are the only characters that
might sneak into a vendor string; Debian habitually use '~'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15673

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
(cherry picked from commit 0bc5b6f29307ce758774c1b2f48ce62315fdc7f9)

- - - - -
95058b97 by Douglas Bagnall at 2024-07-09T08:38:11+00:00
build: --vendor-suffix instead of --vendor-patch-revision --vendor-name

In practice there isn't a use for two options, and neither quite
matched what people thought they were doing.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15673

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
(cherry picked from commit 673c8e6ca5994973e4887641c3599707a66a608c)

- - - - -
63b47dc0 by Xavi Hernandez at 2024-07-09T09:43:01+00:00
Fix starvation of pending writes in CTDB queues

CTDB uses a queue to receive requests and send answers. It works
asynchronously using the tevent framework. However there was an issue
that gave priority to the receiving side so, when a request was
processed and the answer posted to the queue, if another incoming
request arrived, it was served before sending the previous answer.

This scenario could repeat for long periods of time if the frequency of
incoming requests was high enough.

Eventually, a small time gap between incoming request gave a chance to
process the pending output queue, sending many answers in a burst.

This patch makes sure that both queues (input and output) are processed
if the event contains the appropriate flag.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15678
RN: Fix unnecessary delays in CTDB while processing requests under high
load.

Signed-off-by: Xavi Hernandez <xhernandez at redhat.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>

Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Jul  1 09:17:43 UTC 2024 on atb-devel-224

(cherry picked from commit 60550fbe184a5cefa55a8f0bab508f70def7a684)

Autobuild-User(v4-20-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-20-test): Tue Jul  9 09:43:01 UTC 2024 on atb-devel-224

- - - - -
52fc6551 by Douglas Bagnall at 2024-07-09T09:54:15+00:00
selftest: move some more expected failures to expectedfail.d

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Apr 10 06:15:46 UTC 2024 on atb-devel-224

(cherry picked from commit 60df2a09a4394d2b494224ad3d33314079e73066)

- - - - -
07e707c4 by Stefan Metzmacher at 2024-07-09T09:54:15+00:00
s4:libcli/ldap: ldap4_new_connection() requires a valid lp_ctx

Otherwise we'll crash in a lot of places later.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 8007569e9f7d374456a3fbd172a905173462eb5f)

- - - - -
5545d934 by Stefan Metzmacher at 2024-07-09T09:54:15+00:00
ldb_ildap: require ldb_get_opaque(ldb, "loadparm") to be valid

Without a valid loadparm_context we can't connect.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 2435ab1ad7092c004df72c2cb033eb94e5bf8274)

- - - - -
39ffaf05 by Stefan Metzmacher at 2024-07-09T09:54:15+00:00
s4:libcli/ldap: fix no memory error code in ldap_bind_sasl()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 8deba427e2697501f10e80a2ac0325a657635b92)

- - - - -
461f1425 by Stefan Metzmacher at 2024-07-09T09:54:15+00:00
s4:libcli/ldap: force GSS-SPNEGO in ldap_bind_sasl()

There's no point in asking the server for supportedSASLMechanisms,
every server (we care about) supports GSS-SPNEGO.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 68f6a461e1706f03007d3c5cfc68c71383b4ff28)

- - - - -
52adc59a by Stefan Metzmacher at 2024-07-09T09:54:15+00:00
s4:lib/tls: remove tstream_tls_push_trigger_write step

At the time of https://bugzilla.samba.org/show_bug.cgi?id=7218,
we tested this versions:
    2.4.1 -> broken
    2.4.2 -> broken
    2.6.0 -> broken
    2.8.0 -> broken
    2.8.1 -> broken
    2.8.2 -> OK
    2.8.3 -> OK
    2.8.4 -> OK
    2.8.5 -> OK
    2.8.6 -> OK
    2.10.0 -> broken
    2.10.1 -> broken
    2.10.2 -> OK

These seemed to be the fixes in gnutls upstream.

Change 2.8.1 -> 2.8.2:
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=28fb34099edaf62e5472cc6e5e2749fed369ea01

Change 2.10.1 -> 2.10.2:
http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=0d07d8432d57805a8354ebd6c1e7829f3ab159cb

This shouldn't be a problem with recent (>= 3.6) versions of gnutls.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 5844ef27aa46cba3d343035ccd35b03525db9843)

- - - - -
c117f54c by Stefan Metzmacher at 2024-07-09T09:54:15+00:00
s3:lib/tls: we need to call tstream_tls_retry_handshake/disconnect() until all buffers are flushed

Before the handshare or disconnect is over we need to wait until
we delivered the lowlevel messages to the transport/kernel socket.

Otherwise we'll have a problem if another tevent_context is used
after the handshake.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 6688945fa03f4a448708f729083ea4a1cdd1ab88)

- - - - -
3e90d30b by Stefan Metzmacher at 2024-07-09T09:54:15+00:00
s4:lib/tls: assert that event contexts are not mixed

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit ac4bca77039cbc31323fb10b3706ed959a0cbbcd)

- - - - -
0c8fd43c by Stefan Metzmacher at 2024-07-09T09:54:15+00:00
s4:lib/tls: split out tstream_tls_prepare_gnutls()

Review with: git show --patience

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 60b11645b0d1c8304eabbb2aeca8a6b5190a3a2e)

- - - - -
a55356b7 by Stefan Metzmacher at 2024-07-09T09:54:15+00:00
s4:lib/tls: we no longer need ifdef GNUTLS_NO_TICKETS

We require gnutls 3.6.13

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit ecdd76919132430372ef04b03304fc51d6014e2f)

- - - - -
1f0e6a44 by Stefan Metzmacher at 2024-07-09T09:54:15+00:00
s4:lib/tls: include a TLS server name indication in the client handshake

This is not strictly needed, but it might be useful
for load balancers.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 15fb8fcc7b98c3eba8eab79b227127b4b71b096c)

- - - - -
f1ca22f5 by Stefan Metzmacher at 2024-07-09T09:54:15+00:00
s4:lib/tls: split out tstream_tls_verify_peer() helper

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 3186cdce85a58451e9d5a05468029a13621128c3)

- - - - -
8989c3cd by Stefan Metzmacher at 2024-07-09T09:54:15+00:00
s4:lib/tls: add tstream_tls_params_client_lpcfg()

This will be able simplify the callers a lot...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 604413b98a23f28288ec4af11023717a9239e0fe)

- - - - -
7a6ce2be by Stefan Metzmacher at 2024-07-09T09:54:15+00:00
s3:rpc_server/mdssvc: make use of tstream_tls_params_client_lpcfg()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit b8b874ef5e40d266a54501ba4523c6af7032ca00)

- - - - -
254fa504 by Stefan Metzmacher at 2024-07-09T09:54:15+00:00
s4:librpc/rpc: make use of tstream_tls_params_client_lpcfg()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 493d35a6910d9d9b70f55c2273f4e8a6c93a3bf5)

- - - - -
b2f44b81 by Stefan Metzmacher at 2024-07-09T09:54:15+00:00
s4:libcli/ldap: make use of tstream_tls_params_client_lpcfg()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit c200cf1b5f430f686b39df8513a6b7e3c592ed43)

- - - - -
6fec41bd by Stefan Metzmacher at 2024-07-09T09:54:15+00:00
lib/crypto: add legacy_gnutls_server_end_point_cb() if needed

gnutls_session_channel_binding(GNUTLS_CB_TLS_SERVER_END_POINT)
is only available with gnutls 3.7.2, but we still want to
support older gnutls versions and that's easily doable...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 2f2af3aa8a0366e6502751415a08413bf28ba0cb)

- - - - -
20d5335d by Stefan Metzmacher at 2024-07-09T09:54:15+00:00
s4:lib/tls: add tstream_tls_channel_bindings()

This is based on GNUTLS_CB_TLS_SERVER_END_POINT
and is the value that is required for channel bindings
in LDAP of active directory domain controllers.

For gnutls versions before 3.7.2 we basically
copied the code from the GNUTLS_CB_TLS_SERVER_END_POINT
implementation as it only uses public gnutls functions
and it was easy to re-implement.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit cbd7ce44121246167e0c8a6d905180d82df1a2ef)

- - - - -
c86e8742 by Stefan Metzmacher at 2024-07-09T09:54:15+00:00
third_party/heimdal: import lorikeet-heimdal-202404171655 (commit 28a56d818074e049f0361ef74d7017f2a9391847)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15603
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621

See also:
https://github.com/heimdal/heimdal/pull/1234
https://github.com/heimdal/heimdal/pull/1238
https://github.com/heimdal/heimdal/pull/1240

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 9b92cbacac11fb64cca2c4770cbdce789525b87a)

- - - - -
2668243d by Stefan Metzmacher at 2024-07-09T09:54:15+00:00
wscript_configure_embedded_heimdal: define HAVE_CLIENT_GSS_C_CHANNEL_BOUND_FLAG

See https://github.com/heimdal/heimdal/pull/1234 and
https://github.com/krb5/krb5/pull/1329.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 546e39a6fa122e6a40d1e62724e1712882ce3bce)

- - - - -
c41feb6c by Stefan Metzmacher at 2024-07-09T09:54:15+00:00
auth/gensec: add gensec_set_channel_bindings() function

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit e912ba579b1469c78ca65345ec1fe8376c74272c)

- - - - -
1219bf38 by Stefan Metzmacher at 2024-07-09T09:54:15+00:00
auth/ntlmssp: implement channel binding support

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit f1d34a430d227e685e2fe983b14c74136d9c8a8e)

- - - - -
7b62c5f7 by Stefan Metzmacher at 2024-07-09T09:54:15+00:00
s4:gensec_gssapi: implement channel binding support

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 1831006b77749dda902ae4ced0a96e5f14d89adb)

- - - - -
64d4c1cd by Stefan Metzmacher at 2024-07-09T09:54:15+00:00
s3:crypto/gse: implement channel binding support

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 811d04fea7d329a7f3c8e01ac20bfad48ac9cd4f)

- - - - -
7f2e3839 by Stefan Metzmacher at 2024-07-09T09:54:15+00:00
s4:ldap_server: add support for tls channel bindings

ldap server require strong auth = allow_sasl_over_tls
is now an alias for 'allow_sasl_without_tls_channel_bindings'
and should be avoided and changed to 'yes' or
'allow_sasl_without_tls_channel_bindings'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 6c17e3d2800723bafebd1986ab59a9422c881f0b)

- - - - -
7c6c7421 by Stefan Metzmacher at 2024-07-09T09:54:15+00:00
s4:libcli/ldap: add tls channel binding support for ldap_bind_sasl()

We still allow 'ldap_testing:tls_channel_bindings = no' and
'ldap_testing:channel_bound = no' for testing
the old behavior in order to have expected failures in our tests.

And we have 'ldap_testing:forced_channel_binding = somestring'
in order to force invalid bindings.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 7acb15a53c061344ffdbd58f9b2f01f8b0233f4e)

- - - - -
ac22551d by Stefan Metzmacher at 2024-07-09T09:54:15+00:00
selftest: split out selftest/expectedfail.d/samba4.ldb.simple.ldap-tls

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 6794cc476249452c415881396bce4df663fc4fba)

- - - - -
16b430e7 by Stefan Metzmacher at 2024-07-09T10:53:40+00:00
s4:selftest: also test samba4.ldb.simple.ldap*SASL-BIND with ldap_testing:{channel_bound,tls_channel_bindings,forced_channel_binding}

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15621

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 065da873296c23ef3b9051fba39be097cfff60fa)

Autobuild-User(v4-20-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-20-test): Tue Jul  9 10:53:40 UTC 2024 on atb-devel-224

- - - - -
f4604a86 by Ralph Boehme at 2024-07-10T09:14:10+00:00
third_party/heimdal: Import lorikeet-heimdal-202407041740 (commit 42ba2a6e5dd1bc14a8b5ada8c9b8ace85956f6a0)

Fix clock skew error message and memory cache clock skew recovery

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15676

Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>

Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Jul  5 10:02:26 UTC 2024 on atb-devel-224

(cherry picked from commit e4d6a19e49260af22bffd2a417119489719ba364)

Autobuild-User(v4-20-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-20-test): Wed Jul 10 09:14:10 UTC 2024 on atb-devel-224

- - - - -
6b0b6d06 by Andreas Schneider at 2024-07-11T10:39:16+00:00
gitlab-ci: Also add the git directory for pipeline in the main mirror

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>

Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Jul  4 08:08:49 UTC 2024 on atb-devel-224

(cherry picked from commit 93a3dd48d66786cb8765d3ce84ca9f3ad419ac88)

- - - - -
f5920cee by Pavel Filipenský at 2024-07-11T11:45:35+00:00
.gitlab-ci-main.yml: Add safe.directory '*'

This is to fix the error when pushing to personal gitlab repo:

2024-07-04 08:16:05,460 Running: 'git clone --recursive --shared /builds/pfilipen/samba /builds/samba-testbase/master' in '/builds/pfilipen/samba'
Cloning into '/builds/samba-testbase/master'...
fatal: detected dubious ownership in repository at '/builds/pfilipen/samba/.git'
To add an exception for this directory, call:
	git config --global --add safe.directory /builds/pfilipen/samba/.git
fatal: Could not read from remote repository.

Instead of adding more and more explicit repositories
we should just allow any, we're in an isolated environment...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15660

Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Jul 10 10:35:00 UTC 2024 on atb-devel-224

(cherry picked from commit 3a21b7d9a4e7e9814d0be8c0ebf72b9821a5dc36)

Autobuild-User(v4-20-test): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(v4-20-test): Thu Jul 11 11:45:35 UTC 2024 on atb-devel-224

- - - - -
73207ff8 by Douglas Bagnall at 2024-07-23T07:33:12+00:00
docs-xml:manpages: allow for longer version strings

The default value (30) truncates "Samba 4.21.0pre1-DEVELOPERBUILD" to
"Samba 4.21.0pre1-DEVELOPE" in the bottom left corner of the man page.
("Samba 4.21.0pre1-DEVELOPE" is only 25 bytes long, not 30, but let's
not worry about that).

On narrow terminals (< ~75 columns) this makes it more likely that
the version string will run into the date string.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15672

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
(cherry picked from commit 7fb38aee129789cce28ddf54bd7234f8c5f57d97)

- - - - -
5d99875b by Douglas Bagnall at 2024-07-23T07:33:12+00:00
cmdline:burn: '-U' does not imply secrets without '%'

We return true from this function when a secret has been erased,
and were accidentally treating  as if it had secrets.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15671

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
(cherry picked from commit f3b240da5c209a51fa43de23e8ecfea2f32bbfd5)

- - - - -
9cbb5bdd by Douglas Bagnall at 2024-07-23T07:33:12+00:00
selftest: run the cmdline tests that we already have

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
(cherry picked from commit f17a2b1b25f2ffa5e3caeb8f81101e66b843cc29)

- - - - -
f900e532 by Douglas Bagnall at 2024-07-23T07:33:12+00:00
cmdline:tests: extend cmdline_burn tests

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
(cherry picked from commit 05128a1f5f17c55a8d8da42c6c52c4235adf36d4)

- - - - -
25329b38 by Douglas Bagnall at 2024-07-23T07:33:12+00:00
cmdline:burn: do not retain false memories

If argv contains a secret option without an '=' (or in the case of
"-U", the username is separated by space), we will get to the
`if (strlen(p) == ulen) { continue; }` without resetting the found
and is_user variables. This *sometimes* has the right effect, because
the next string in argv ought to contain the secret.

But in a case like {"--password", "1234567890"}, where the secret
string is the same length as the option, we *again* take that branch
and the password is not redacted, though the argument after it will be
unless it is also of the same length.

If we always set the flags at the start we avoid this. This makes
things worse in the short term for secrets that are not the same
length as their options, but we'll get to that in another commit soon.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
(cherry picked from commit 2f6020cf3dadf484251701040e09a10fba2f644e)

- - - - -
916d5bde by Douglas Bagnall at 2024-07-23T07:33:12+00:00
cmdline:burn: handle arguments separated from their --options

We weren't treating "--password secret" the same as "--password=secret",
which sometimes led to secrets not being redacted.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
(cherry picked from commit 53a1184525279741e116350a9b53da15cb2f41d0)

- - - - -
1315b61e by Douglas Bagnall at 2024-07-23T07:33:12+00:00
cmdline:burn: always return true if burnt

Before we have been trying to cram three cases into a boolean return
value:

 * cmdline had secrets, we burnt them       ->  true
 * cmdline had no secrets, all good         ->  false
 * cmdline has NULL string, WTF! emergency! ->  false

This return value is only used by Python which wants to know whether to
go to the trouble of replacing the command line. If samba_cmdline_burn()
returns false, no action is taken.

If samba_cmdline_burn() burns a password and then hits a NULL, it would
be better not to do nothing. It would be better to crash. And that is
what Python will end up doing, by some talloc returning NULL triggering
a MemoryError.

What about the case like {"--foo", NULL, "-Ua%b"} where the secret comes
after the NULL? That will still be ignored by Python, as it is by all C
tools, but we are hoping that can't happen anyway.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
(cherry picked from commit d3d8dffc0212662456a6251baee5afd432160fa2)

- - - - -
66da2345 by Douglas Bagnall at 2024-07-23T07:33:12+00:00
cmdline:burn: localise some variables

As this function increases in complexity, it helps to keep things close.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
(cherry picked from commit f5233ddf974f9649d8a12b151b6843412eab489c)

- - - - -
0d89d096 by Douglas Bagnall at 2024-07-23T07:33:12+00:00
cmdline:burn: do not burn options starting --user-*, --password-*

We have options that start with --user or --password that we don't
want to burn. Some grepping says:

      2 --user1
      1 --user2
     10 --user-allowed-to-authenticate-from
      6 --user-allowed-to-authenticate-to
      2 --user-allow-ntlm-auth
     25 --user-authentication-policy
      1 --user-config
      4 --user-domgroups
      5 --user-ext-name
      2 --user-groups
      6 --user-info
     27 --username
      1 --username2
      2 --userou
      1 --users
      2 --user-sidinfo
      6 --user-sids
     14 --user-tgt-lifetime-mins
      2 --password2
    118 --password-file
      2 --password-from-stdin
      # from here, grepping for strings around POPT_ constants
      5 "user"
      2 "user1"
      2 "user2"
      1 "userd"
      1 "user-domgroups"
      1 "user-groups"
      1 "user-info"
      2 "username"
      1 "user-sidinfo"
      1 "user-sids"
      1 passwordd
      4 "password"

Not all of these use lib/cmdline, but I think most do, via Python
which defers to cmdline_burn().

Note that there are options we should burn that aren't on this list,
like --adminpass. That's another matter.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
(cherry picked from commit 6effed31899a1be8194a851e5a4023276b8a5f38)

- - - - -
6bcdbdab by Douglas Bagnall at 2024-07-23T07:33:12+00:00
cmdline: test_cmdline tests more burning

We have more secret arguments, like --client-password, --adminpass,
so we are going to use an allowlist for options containing 'pass', but
we don't want to burn the likes of --group=passionfruit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
(cherry picked from commit c4df89e9640c1306aa390cdacaa974c870c3f5bb)

- - - - -
481eb6ab by Douglas Bagnall at 2024-07-23T07:33:12+00:00
cmdline:burn: use allowlist to ensure more passwords burn

We treat any option containing 'pass' with suspicion, unless we know it
is OK.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
(cherry picked from commit f1fbba6dc609590854c0d7c5e72b58fabc356695)

- - - - -
8560c854 by Douglas Bagnall at 2024-07-23T07:33:12+00:00
cmdline:burn: explicitly burn --username

This is the long form of -U in samba-tool.

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
(cherry picked from commit 63a83fb7bb312731047f361f89766e0be492f83e)

- - - - -
957654eb by Douglas Bagnall at 2024-07-23T07:33:12+00:00
cmdline:burn: add a note about short option combinations

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
(cherry picked from commit 97be45f9ea3410392cd37eab5cfafd3ad00cfe57)

- - - - -
93d34546 by Douglas Bagnall at 2024-07-23T07:33:12+00:00
cmdline: samba-tool test for bad option warning

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674
(cherry picked from commit d2b119e34b4e523a3bc6699e4d8a370bf8403d0b)

- - - - -
d6f01009 by Douglas Bagnall at 2024-07-23T07:33:12+00:00
cmdline:burn: list commands to always burn; warn on unknown

We burn arguments to all unknown options containing "pass" (e.g.
"--passionate=false") in case they are a password option, but is bad
in the case where the unknown option takes no argument but the next
option *is* a password (like "--overpass --password2 barney". In that
case "--password2" would be burnt and not "barney".

The burning behaviour doesn't change with this commit, but users will now
see an error message explaining that the option was unknown. This is not
so much aimed at end users -- for who an invalid option will hopefully
lead to --help like output -- but to developers who add a new "pass"
option.

This also slightly speeds up the processing of known password options,
which is a little bit important because we are in a race to replace the
command line in /proc before an attacker sees it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15674

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>

Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Wed Jul 10 06:28:08 UTC 2024 on atb-devel-224

(cherry picked from commit 86843685419921e28c37f3c1b33011f14940e02f)

- - - - -
4cf9af91 by Andreas Schneider at 2024-07-23T08:56:24+00:00
s3:printing: Allow to run samba-bgqd as a standalone systemd service

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15683

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit 0a532378322661b23b3393eb2ebde29402a16e62)

Autobuild-User(v4-20-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-20-test): Tue Jul 23 08:56:24 UTC 2024 on atb-devel-224

- - - - -
13fc70f5 by Jule Anger at 2024-07-29T13:38:39+02:00
VERSION: Bump version up to Samba 4.21.0rc2...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Jule Anger <janger at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>

- - - - -
f8e50d04 by Douglas Bagnall at 2024-07-29T13:29:27+00:00
libcli:security: allow spaces after BAD:

In AD_DS_Classes_Windows_Server_v1903.ldf from
https://www.microsoft.com/en-us/download/details.aspx?id=23782, we see

  defaultSecurityDescriptor: O:BAG:BAD: (A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;AU)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15685

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jo Sutton <josutton at catalyst.net.nz>

Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Thu Jul 25 06:27:27 UTC 2024 on atb-devel-224

(cherry picked from commit 8903876f65d5721d30186875d391889d1ddcd52c)

Autobuild-User(v4-20-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-20-test): Mon Jul 29 13:29:27 UTC 2024 on atb-devel-224

- - - - -
4c8c3928 by Michael Tokarev at 2024-07-30T15:43:29+03:00
samba-common-bin.lintian-override: fixup python3-script-but-no-python3-dep override

- - - - -
69b64de0 by Michael Tokarev at 2024-07-30T15:43:29+03:00
fix name of samba-common-bin.lintian-overrides (it is plural)

- - - - -
2c2f1884 by Michael Tokarev at 2024-07-30T15:54:53+03:00
update changelog; upload version 4.20.2+dfsg-11 to unstable

- - - - -
5148ff97 by Volker Lendecke at 2024-07-31T15:00:11+00:00
loadparm: Factor out lp_wi_scan_parametrics

We'll scan share parametrics soon as well.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15688
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 0536ac96e927c00121e220f45cd63682726bc8e3)

- - - - -
0b9371aa by Volker Lendecke at 2024-07-31T15:00:11+00:00
loadparm: Add lp_wi_scan_share_parametrics

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15688
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 89da15756d81746d80b43c2fe04c51fc07591849)

- - - - -
af0085ac by Volker Lendecke at 2024-07-31T15:00:11+00:00
lib: Factor out append_namearray from set_namearray

We'll have to add to an existing namearray soon.

This turns one talloc_array() into a set of reallocs. This is slower,
but set_namearray is only used for smb.conf entries where we don't
expect hundreds or more entries to add. I've done this to avoid array
length calculations, but if it turns out to be too slow we can get
smarter again.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15688
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit fcd595a4642a08169b427af534a00116daf220bf)

- - - - -
fd73c865 by Volker Lendecke at 2024-07-31T15:00:11+00:00
smbd: Respect per-user hide and veto files with parametric options

For my taste this is a nicer configuration syntax than

/../username1/file1/../username2/file2/

Is this too expensive? I don't think so. The scanning only happens an
tcon time, and it only walks the parametric options. If this turns out
to be a performance problem, we should think about smarter data
structures for parametric options instead of just a linked list of
string triples for everything.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15688
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 17becb5f526015de56d00cd1c8f603f8ddacd0ba)

- - - - -
244ade4f by Volker Lendecke at 2024-07-31T15:00:11+00:00
tests: Test parametric per-user syntax for hide/veto files

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15688
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit b5a128685e68f05a3688aa1391393b9095bf32b0)

- - - - -
13dbaf55 by Volker Lendecke at 2024-07-31T15:00:11+00:00
lib: Remove per-user support from append_to_namearray

This is done in check_user_ok now

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15688
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit b5169dd717ed5cf66d1e1e90aaf1a4646f7b5ea5)

- - - - -
d5be00ab by Volker Lendecke at 2024-07-31T15:00:11+00:00
lib: Remove "token" parameter from set_namearray

Not needed anymore

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15688
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit a150714cc64294d75028bac47132084bdf6f72c9)

- - - - -
bffa9349 by Volker Lendecke at 2024-07-31T15:00:11+00:00
docs: Document parametric form of hide and veto files

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15688
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>

Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Jul 31 09:41:54 UTC 2024 on atb-devel-224

(cherry picked from commit 10e9b858a3f9ca8d7e5dfd1c4e1e7937a03db671)

- - - - -
5ba371e0 by Stefan Metzmacher at 2024-07-31T16:07:37+00:00
WHATSNEW: update the Per-user and group "veto files" and "hide files" section

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15688

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

Autobuild-User(v4-21-test): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(v4-21-test): Wed Jul 31 16:07:37 UTC 2024 on atb-devel-224

- - - - -
f47ff9bb by Michael Tokarev at 2024-08-02T12:27:59+03:00
d/rules: use the same epoch number for libldb as for samba itself

- - - - -
717035db by Michael Tokarev at 2024-08-02T12:28:06+03:00
update changelog; upload version 4.20.2+dfsg-12 to unstable

- - - - -
47c99181 by Michael Tokarev at 2024-08-02T13:43:07+03:00
Revert "update changelog; upload version 4.20.2+dfsg-12 to unstable"

This reverts commit 717035db1eefb711d698aeb9bc0a1c9f134c06ce.

- - - - -
63a883c3 by Michael Tokarev at 2024-08-02T13:43:09+03:00
Revert "d/rules: use the same epoch number for libldb as for samba itself"

This reverts commit f47ff9bb2733c2eec12ec747fb72451013110912.

- - - - -
ae38f745 by Michael Tokarev at 2024-08-02T14:17:54+03:00
d/samba-ad-dc.lintian-overrides: add systemd-diversion override too

- - - - -
a13bed3b by Stefan Metzmacher at 2024-08-02T13:47:14+02:00
WHATSNEW: Add release notes for Samba 4.20.3.

Signed-off-by: Stefan Metzmacher <metze at samba.org>

- - - - -
803665cb by Stefan Metzmacher at 2024-08-02T13:49:07+02:00
VERSION: Disable GIT_SNAPSHOT for the 4.20.3 release.

Signed-off-by: Stefan Metzmacher <metze at samba.org>

- - - - -
f81fdcb2 by Stefan Metzmacher at 2024-08-02T13:50:36+02:00
VERSION: Bump version up to Samba 4.20.4...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Stefan Metzmacher <metze at samba.org>

- - - - -
5b88b71a by Michael Tokarev at 2024-08-02T18:17:50+03:00
New upstream version 4.20.3+dfsg
- - - - -
85478db3 by Michael Tokarev at 2024-08-02T18:18:01+03:00
Update upstream source from tag 'upstream/4.20.3+dfsg'

Update to upstream version '4.20.3+dfsg'
with Debian dir 48ef9a280e969199004fee7703a2983fe5f7e236
- - - - -
6763d663 by Michael Tokarev at 2024-08-02T18:21:54+03:00
d/rules: s/vendor-name/vendor-suffix/

- - - - -
386c8f41 by Michael Tokarev at 2024-08-02T18:29:14+03:00
d/*.symbols: add new variant of version marks (with underscore)

- - - - -
300b84ad by Michael Tokarev at 2024-08-02T18:33:45+03:00
tilde-in-version.diff: remove (not needed anymore)

- - - - -
a0650673 by Michael Tokarev at 2024-08-02T18:33:58+03:00
update changelog; upload version 4.20.3+dfsg-1 to unstable

- - - - -
181b79a9 by Andreas Schneider at 2024-08-06T08:03:15+00:00
wafsamba: Fix ABI symbol name generation

Commit 0bc5b6f29307ce758774c1b2f48ce62315fdc7f9 changed the script
for generating the ABI symbol version. It broke the ABI by changing all
dots to underscores.

This reverts the commit partially to preserve the dots in the version
part.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15673

Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>

Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Günther Deschner <gd at samba.org>

Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Tue Aug  6 00:42:56 UTC 2024 on atb-devel-224

(cherry picked from commit 46215ab1b34aa79c4c831ea1c12f73eacf1e8a12)

- - - - -
9cb2fe46 by Stefan Metzmacher at 2024-08-06T08:03:15+00:00
WHATSNEW: Add release notes for Samba 4.20.4.

Signed-off-by: Stefan Metzmacher <metze at samba.org>

- - - - -
8209a103 by Stefan Metzmacher at 2024-08-06T08:03:15+00:00
VERSION: Disable GIT_SNAPSHOT for the 4.20.4 release.

Signed-off-by: Stefan Metzmacher <metze at samba.org>

- - - - -
6d69562e by Andreas Schneider at 2024-08-06T11:46:16+00:00
wafsamba: Fix ABI symbol name generation

Commit 0bc5b6f29307ce758774c1b2f48ce62315fdc7f9 changed the script
for generating the ABI symbol version. It broke the ABI by changing all
dots to underscores.

This reverts the commit partially to preserve the dots in the version
part.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15673

Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>

Signed-off-by: Andreas Schneider <asn at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Günther Deschner <gd at samba.org>

Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Tue Aug  6 00:42:56 UTC 2024 on atb-devel-224

(cherry picked from commit 46215ab1b34aa79c4c831ea1c12f73eacf1e8a12)

- - - - -
de85c86c by Jo Sutton at 2024-08-06T11:46:16+00:00
ldb: Fix ldb public library header files being unusable

An accidental negation means that ldb_version.h is not installed when
ldb is built as a public library.

This is a regression introduced by commit
625fb48326ec62a33ce0abdbfb0f6f3d33d7cc64.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15690

Signed-off-by: Jo Sutton <josutton at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Sun Aug  4 01:35:55 UTC 2024 on atb-devel-224

(cherry picked from commit 5851ae555425ea2ba8e431162142ebae47be802e)

- - - - -
ff9d9677 by Pavel Filipenský at 2024-08-06T11:46:16+00:00
docs:smbdotconf: Improve formatting of 'sync machine password to keytab'

Hint: review this commit with ignoring white space changes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689

Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit 6c627903ee466cd1559d7f58821221c4dd668d1f)

- - - - -
ba6c2f68 by Pavel Filipenský at 2024-08-06T11:46:16+00:00
docs-xml: Fix trailing whitespace in net.8.xml

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689

Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit 374680010d42d3bca52791159dba7b42eb8d0d6c)

- - - - -
6f9a9394 by Pavel Filipenský at 2024-08-06T11:46:16+00:00
docs-xml: Delete descriptions for removed commands "net ads keytab add" and "net ads keytab add_update_ads"

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689

Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Reviewed-by: Martin Schwenke <martin at meltin.net>

Autobuild-User(master): Pavel Filipensky <pfilipensky at samba.org>
Autobuild-Date(master): Mon Aug  5 13:29:25 UTC 2024 on atb-devel-224

(cherry picked from commit a5f47f6efe67e02d7a12f30b4e6fb76bcd6aa71c)

- - - - -
72590758 by Pavel Filipenský at 2024-08-06T12:49:02+00:00
WHATSNEW: update the "Automatic keytab update after machine password change" section

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689

Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>

Autobuild-User(v4-21-test): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(v4-21-test): Tue Aug  6 12:49:02 UTC 2024 on atb-devel-224

- - - - -
5eb4ab08 by Michael Tokarev at 2024-08-06T16:54:18+03:00
New upstream version 4.20.4+dfsg
- - - - -
a0f5c062 by Michael Tokarev at 2024-08-06T16:54:31+03:00
Update upstream source from tag 'upstream/4.20.4+dfsg'

Update to upstream version '4.20.4+dfsg'
with Debian dir 0aceb2fe835527d7632c62e4ce52498777c812e2
- - - - -
c598e304 by Michael Tokarev at 2024-08-06T16:56:12+03:00
Revert "d/*.symbols: add new variant of version marks (with underscore)"

This reverts commit 386c8f41bb2b32062d83527cfec53880060e348e.
Not needed anymore for 4.20.4.

- - - - -
196c16ea by Michael Tokarev at 2024-08-06T16:57:44+03:00
mention d/*.symbols change in previous changelog entry

- - - - -
213d2e8d by Michael Tokarev at 2024-08-06T16:58:46+03:00
update changelog; upload version 4.20.4+dfsg-1 to unstable

- - - - -
0cf9c6ef by Andreas Schneider at 2024-08-07T10:00:12+00:00
autobuild: Add ABI checks for libtalloc, libtevent and libtdb

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15673

Signed-off-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit bcd49e3000736eb3c642280ac2e1f3d56a31b6bb)

- - - - -
0ca6cd90 by Stefan Metzmacher at 2024-08-07T10:00:12+00:00
tdb: version 1.4.12

* Regression fix for ABI problem
  TDB_1_4_11 vs. TDB_1.4.11

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15673

Signed-off-by: Stefan Metzmacher <metze at samba.org>

Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Aug  6 16:16:27 UTC 2024 on atb-devel-224

(cherry picked from commit 6b10cfbaf2c522cceb48c610c18656d2d69cf60b)

- - - - -
ba14164f by Stefan Metzmacher at 2024-08-07T10:00:12+00:00
s3:lib: add winbind_lookup_name_ex() fallback for --without-winbind

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15687

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 5b31b723c06a0b41f9d47e47ce79818e07d3b831)

- - - - -
b375043d by Stefan Metzmacher at 2024-08-07T11:15:19+00:00
script/autobuild.py: do some basic testing using --without-winbind

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15687

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Aug  7 07:38:35 UTC 2024 on atb-devel-224

(cherry picked from commit c0d0767a3ab2c0cd5c4f2fa5cd77f3b678794d63)

Autobuild-User(v4-21-test): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(v4-21-test): Wed Aug  7 11:15:19 UTC 2024 on atb-devel-224

- - - - -
74524c43 by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: next iteration of samba-to-cephfs bridge

Defined new module 'vfs_ceph_new.c' which serves as a place holder for
the next development phase of the bridge between samba's VFS layer and
libcephfs. Begin with a module which is almost identical to existing
'vfs_ceph.c', except for hooks-names prefix which is 'vfs_ceph_' in
order to make clear distinction from existing code base. Following
commits will also switch to low-level APIs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686

Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 3720452720b4760509875f0d2a8ed0d104bb1844)

- - - - -
5a7f6e46 by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for disk_free

Start using libcephfs low-level APIs: get reference to root inode and
use it to query statfs. Requires an explicit put-inode to avoid resource
leakage by libcephfs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686

Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 192b0cf8717d79197b985539c9db8ca07a89c570)

- - - - -
9f68daac by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for stat

Start migrating to libcephfs' low-level APIs, using explicit Inode*
reference. Implement the VFS 'stat' hook using a ceph_ll_getattr
function, encapsulated with a pair of iget/iput to hold a
pinned-to-cache Inode* instance.

Upon calling to libcephfs this new code crates and destroys on-the-fly
a Ceph UserPerm instance based on the uig, gid and groups from
'handle->conn->session_info->unix_token'. This logic ensures that the
correct caller-credentials are passed-on to cephfs (instead of those
set upon connection-creation in legacy 'vfs_ceph.c').

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686

Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 1b78d79663c48aa4b6810a875427de85ae49a2e8)

- - - - -
8e28065f by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for lstat

Use libcephfs' low-level APIs and apply the same logic as stat, but
using AT_SYMLINK_NOFOLLOW flags.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686

Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 93d786b14358db5664e13b1aa43f3f03e7cf0be3)

- - - - -
be427077 by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for statfs

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686

Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 47224fbdeb55100cf8a7ee75e13b954ab71fc158)

- - - - -
7bb3f5f2 by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for lchown

Use libcephfs' low-level API ceph_ll_setattr to implement VFS lchown_fn
hook. Use to standard pattern of iget/iput to allow operation by Inode
reference.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686

Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit beb21324c9a554f50d8d99af2a1b7fe8a17c8ebb)

- - - - -
f3e5d723 by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: ref cephmount_cached entry in handle->data

Allow direct access to ceph-mount cached-entry via 'handle->data'
private pointer. Required in order to allow more complex cached-state
with each cephfs mount. Users should now use the local-helper function
'cmount_of' to access the underlying ceph_mount_info.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686

Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 31085c7efc3572bd6200d3d8e49c1e554cdbfbcc)

- - - - -
62a43faa by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for open/close

Implement openat, close and closedir and hooks using libcephfs'
low-level APIs. Cache the open Fh* from libcephfs and its related
meta-data using VFS fsp-extension mechanism.

Upon open-create of new vfs_ceph_fh store the caller credentials
(ceph's UserPerm*) within the same context object for subsequent calls.
In addition, provide a "pseudo" fd numbering which is reported back to
VFS layer and used as debugging hints.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686

Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 491676846458980944b76d1693726627a9a32503)

- - - - -
6fdf1922 by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for fstat

Use libcephfs' low-level APIs and apply the same logic as stat, but
via explicit inode-reference.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686

Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit f16183f90abba3c2d3d26262926f1454275a9d3f)

- - - - -
655e7a15 by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for fstatat

Use libcephfs' low-level APIs to do lookup-by-name via parent's open
reference followed by getattr on the inode itself.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686

Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 13671cefffb268d84c973583669681318a2ce3bb)

- - - - -
34c84825 by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for fdopendir

Implement fdopendir using libcephfs low-level API and cached (via fsp)
open file-handle. Embed the result within cached vfs_ceph_fh so it may
be used properly by closedir.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686

Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit a8a7339c6b7a6866399fd6c409228267a585740f)

- - - - -
5eaa8749 by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for mkdirat

Implement 'mkdirat' hook using libcephfs' low-level APIs, via the open
file-handle reference to parent directory.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686

Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit bd955af86e71fa6c87648e578890ea6f4d490d4b)

- - - - -
9fd6c5b4 by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for readdir ops

Implement readdir and rewinddir operations using libcephfs' low-level
APIs. Casts the opaque DIR pointer into struct vfs_ceph_dirp (the first
member of struct vfs_ceph_fh) to resolve the ceph_dir_result pointer
which libcephfs expects for readdir operations.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686

Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 99c7179e5da6d201f03b1a04dbe2a6722090783d)

- - - - -
26851f16 by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: proper error handling to readdir

Error handling in the case of 'ceph_readdir' is done by setting 'errno'
deep within libcephfs code. In case of error, emit proper debug message
and re-update errno to avoid possible over-write by logging mechanism.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686

Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 24a3423949e127177c019a0d126c6f7523e61984)

- - - - -
7780114a by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for fchown/fchmod

Use libcephfs' low-level APIs to implement 'fchown' and 'fchmod' using
open file-handle. If fsp does not have an open cephfs Fh reference,
set errno to EBADF and return -1 to VFS.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686

Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit cb14d3630d8c110405c2a43bef15aa31ec4a0fba)

- - - - -
2b660aaf by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for fntimes

Implement fntimes hook using libcephfs' low-level APIs. Convert
smb_file_time to ceph_statx plus proper field mask on-the-fly upon
issuing low-level call to libcephfs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686

Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 20b7d2bfe06beefb5e7f091eb317ad18cb53f8a9)

- - - - -
9278e661 by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for unlinkat

Implement unlinkat using libcephfs low-level APIs. Operate using parent
directory's open file-handle. When flags has AT_REMOVEDIR bit set call
low-level rmdir; otherwise, do normal unlink.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686

Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 362a7cf8664270145bff815347e447797cc1a643)

- - - - -
69b671dc by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for symlink/readlink

Implement unlinkat using libcephfs low-level APIs. For readlink
operation need to resolve child inode by-lookup and then used the inode
reference for the actual low-level readlink.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686

Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 53c9269b219a54236500d22d8a4c7f2ed582faaf)

- - - - -
ddb5fcb2 by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for read/write

Implement read/write IO operations using libcephfs' low-level APIs.
Requires open ceph Fh* associated with fsp (extension) to complete both
pread/pwrite as well as async I/O operations.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686

Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 29bbe0f52d4ffae9dbb070ffc525acf99203444b)

- - - - -
f429baca by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for lseek

Implement lseek operation using libcephfs' low-level APIs. Requires
open ceph Fh* associated with fsp (extension).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686

Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 30c1a613fee3f625c0559e49e037af9fad04c3b8)

- - - - -
dc207c28 by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for fsync

Implement fsync operation using libcephfs' low-level APIs. Requires
open ceph Fh* associated with fsp (extension).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686

Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit e15586fc6097565208011c556282d83eeec2230b)

- - - - -
2b1c6594 by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for ftruncate/fallocate

Implement ftruncate/fallocate operations using libcephfs' low-level
APIs. Requires open ceph Fh* associated with fsp (extension).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686

Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit b536bf1fa87fb794e2992ab5368f41fdba80e3ad)

- - - - -
6af3cb81 by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for linkat

Implement link operations using libcephfs' low-level APIs. Requires two
phase operation: resolve (by-lookup) reference to inode and then do the
actual (hard) link operation using parent dir-inode reference to the
locally-cached inode.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686

Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 9a70bd606728110ad91cab547a4e31350010bb68)

- - - - -
9109ed18 by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for renameat

Implement renameat operations using libcephfs' low-level APIs. Requires
both directories to have valid inode-ref associated with their fsp
extension.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686

Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 83011357fb834e92505f17d6f65d5f32e3d37ec0)

- - - - -
e0d2953a by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for mknodat

Implement mknodat operations using libcephfs' low-level APIs. Requires
parent directory to have valid inode-ref associated with its fsp
extension.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686

Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit e714e5ddc50a771e743f5e63f686c106abe33b75)

- - - - -
ec119531 by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use low-level APIs for xattr ops

Implement extended-attributes operations using libcephfs' low-level
APIs. Whenever possible, use the open file-handle from fsp-extension to
resolve inode-reference and user-permissions. Otherwise, resolve both
on-the-fly.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686

Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit 0a8445e891c64d703d44258b2eef85296265c55f)

- - - - -
9de33d34 by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: debug-log upon libcephfs low-level calls

Add developer's debug-logging upon each call to libcephfs' low-level
APIs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686

Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit d00f20f30f4e77463e82d202099682b7ef68260f)

- - - - -
fe3471eb by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: common prefix to debug-log messages

Keep logging consistent: add "[CEPH] " prefix to DBG_DEBUG log messages
where missing.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686

Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>

Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Mon Jul 29 15:58:15 UTC 2024 on atb-devel-224

(cherry picked from commit 3bb6d441bf047bef6d95675057cecd3865a25540)

- - - - -
ff2ecedd by Shachar Sharon at 2024-08-13T15:37:12+00:00
docs-xml/manpages: add entry for vfs_ceph_new

Create man entry for the newly added vfs_ceph_new module: almost
identical to existing vfs_ceph, except to the configuration entry:

  [sharename]
  vfs objects = ceph_new
  ...

Adds a bit of info for the motivation behind this new module.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686

Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit d8c84a2993b84ebb69011c33c1b5d44801c15363)

- - - - -
0d031613 by Anoop C S at 2024-08-13T15:37:12+00:00
vfs_ceph_new: Unconditionally use ceph_select_filesystem

Currently we don't have an explicit check for the presence of
ceph_select_filesystem() libcephfs API as it is always found to
be present with the minimum ceph version that is supported with
Samba right now. Therefore under this assumption directly call
ceph_select_filesystem() without any #ifdefs. Please note that
this change is already part of vfs_ceph via ef0068cd.

ref: https://gitlab.com/samba-team/samba/-/merge_requests/3715
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686
Signed-off-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>

Autobuild-User(master): Anoop C S <anoopcs at samba.org>
Autobuild-Date(master): Mon Aug  5 16:06:47 UTC 2024 on atb-devel-224

(cherry picked from commit de2f76fa47e6e672ce353ea9d3dc4019965c6491)

- - - - -
7872fbd9 by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph{_new}: do not set errno upon successful call to libcephfs

There is code in Samba that expects errno from a previous system call
to be preserved through a subsequent system call. Thus, avoid setting
"errno = 0" in status_code() and lstatus_code() upon successful return
from libcephfs API call.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686

Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit a7f4e2bd47c7f4728f3ac8d90af693156a69c557)

- - - - -
0edfc053 by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: handle errno properly for 'readdir'

Take special care for readdir errno setting: in case of error, update
errno by libcephfs (and protect from possible over-write by debug
logging); in the case of successful result or end-of-stream restore
errno to its previous value before calling the readdir_fn VFS hook.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686

Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>

Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Wed Aug  7 14:20:02 UTC 2024 on atb-devel-224

(cherry picked from commit aa043a5808b73fc272de585c1446372fa3f21d08)

- - - - -
ab1db57e by Shachar Sharon at 2024-08-13T15:37:12+00:00
vfs_ceph_new: use 'ceph_new' for config-param prefix

Use explicit 'ceph_new' prefix to each of the ceph specific config
parameters to avoid confusion with legacy 'vfs_ceph' module. Hence,
users will have in their smb.conf a format similar to:

...
[smbshare]
        vfs objects = ceph_new
        ceph_new: config_file = /etc/ceph/ceph.conf
        ceph_new: user_id = user1
        ceph_new: filesystem = fs1
        ...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686

Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit aca4cf8327dcaef782dedd98a63a020469c45cdb)

- - - - -
74776581 by Shachar Sharon at 2024-08-13T15:37:12+00:00
docs-xml/manpages: 'ceph_new' prefix for config-param of vfs_ceph_new

With 'ceph_new' prefix used by vfs_ceph_new for config parameters,
update the relevant man-page accordingly.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15686

Signed-off-by: Shachar Sharon <ssharon at redhat.com>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>

Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Thu Aug  8 13:54:34 UTC 2024 on atb-devel-224

(cherry picked from commit 68f0835c8e1c5029cd831c267b75c02185b206c7)

- - - - -
4b6e24cb by Pavel Filipenský at 2024-08-13T15:37:12+00:00
Revert "docs-xml: Delete descriptions for removed commands "net ads keytab add" and "net ads keytab add_update_ads""

This reverts commit a5f47f6efe67e02d7a12f30b4e6fb76bcd6aa71c.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689

Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 51784e80f2bdf84c296badba2caea800ce3813db)

- - - - -
80db72bd by Pavel Filipenský at 2024-08-13T15:37:12+00:00
docs: Add examples to net.8 that use 'sync machine password to keytab'

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689

Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>

Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit cb774a74c4e1cc03ad0267cc68b93c06738e2ce6)

- - - - -
5730327b by Pavel Filipenský at 2024-08-13T15:37:12+00:00
s3:script: Rename updatekeytab.sh ==> winbind_ctdb_updatekeytab.sh

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689

Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit adcad1b537ce2e2e213b72131517233a8d2d91fd)

- - - - -
ed391186 by Pavel Filipenský at 2024-08-13T15:37:12+00:00
s3:script: Install winbind_ctdb_updatekeytab.sh

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689

Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 9f0183a9f55e52b09c6ae9f6c8badad6ba85bb64)

- - - - -
4643ddbb by Pavel Filipenský at 2024-08-13T15:37:12+00:00
docs:smbdotconf: Improve documentation for 'sync machine password script'

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689

Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>

Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit ca7acec952b0e6154927b28b1afa3e9318f22035)

- - - - -
51298583 by Pavel Filipenský at 2024-08-13T15:37:12+00:00
docs:smbdotconf: Improve documentation for 'sync machine password to keytab'

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689

Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 2dd81ec2bea46ad6caa6e40194eae4340f4acc7d)

- - - - -
8c0820a9 by Pavel Filipenský at 2024-08-13T15:37:12+00:00
docs:smbdotconf: Update 'kerberos method' with 'sync machine password to keytab'

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689

Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>

Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>

Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Aug 13 15:27:26 UTC 2024 on atb-devel-224

(cherry picked from commit 9e4074d4268e34cf93f79cd1108e7dc661ad3845)

- - - - -
2552df22 by Pavel Filipenský at 2024-08-13T15:37:12+00:00
WHATSNEW: update the "Automatic keytab update after machine password change" section

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15689

Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>

Signed-off-by: Pavel Filipenský <pfilipensky at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>

- - - - -
ac02a513 by Stefan Metzmacher at 2024-08-13T15:37:12+00:00
WHATSNEW: Add release notes for Samba 4.21.0rc2.

Signed-off-by: Stefan Metzmacher <metze at samba.org>

- - - - -
8e440c0a by Stefan Metzmacher at 2024-08-13T15:37:12+00:00
VERSION: Disable GIT_SNAPSHOT for the 4.21.0rc2 release.

Signed-off-by: Stefan Metzmacher <metze at samba.org>

- - - - -
e2664fbd by Michael Tokarev at 2024-08-14T12:21:56+03:00
switch to 4.21 branch (rc, experimental)

- - - - -
1296a89a by Michael Tokarev at 2024-08-14T12:22:50+03:00
New upstream version 4.21.0~rc2+dfsg
- - - - -
230ee390 by Michael Tokarev at 2024-08-14T12:23:00+03:00
Update upstream source from tag 'upstream/4.21.0_rc2+dfsg'

Update to upstream version '4.21.0~rc2+dfsg'
with Debian dir 2239cdef72f54846f3bfc88b05e3797e3f3704ed
- - - - -
7efe9641 by Michael Tokarev at 2024-08-14T12:24:27+03:00
fix-nfs-service-name-to-nfs-kernel-server.patch: refresh

- - - - -
4c026d46 by Michael Tokarev at 2024-08-14T12:24:45+03:00
heimdal-spelling.patch: disable for now

- - - - -
e8c7eee8 by Michael Tokarev at 2024-08-14T12:24:45+03:00
d/rules: ldb lib is now private by default, expose it as public

- - - - -
2ddfdb9c by Michael Tokarev at 2024-08-14T12:24:45+03:00
Force-LDB-as-standalone.patch: remove

- - - - -
70c30860 by Michael Tokarev at 2024-08-14T12:24:45+03:00
d/rules: ldb uses LDB_VERSION variable now, not VERSION

- - - - -
66a53401 by Michael Tokarev at 2024-08-14T12:24:45+03:00
d/ctdb.install: no more sudoers file

- - - - -
3c918dcd by Michael Tokarev at 2024-08-14T12:24:45+03:00
d/samba-libs.symbols, d/control, d/samba-libs.install: libndr4=>libndr5

d/control: libndr4=>libndr5

samba-libs.install: libndr4=>libndr5

- - - - -
132fba49 by Michael Tokarev at 2024-08-14T12:24:46+03:00
samba-libs.install, samba-dev.install, python3-samba.install, python3-ldb.install: refresh libs (with lintian-overrides)

- - - - -
9aabc5aa by Michael Tokarev at 2024-08-14T12:24:46+03:00
samba-libs.install, samba-dev.install: new (semi-public) library: libsamba-policy.so

- - - - -
b0b3e17f by Michael Tokarev at 2024-08-14T12:29:47+03:00
libldb2.symbols: add new symbols & 2.10.0 version (and remove 2.9.1 minor version)

- - - - -
faedaa08 by Michael Tokarev at 2024-08-14T12:46:33+03:00
samba-libs.install: new private library: libsamba-net-private-samba.so.0

- - - - -
c56c67cf by Michael Tokarev at 2024-08-14T12:46:38+03:00
d/control: bump libtdb version dependency to 1.4.12

- - - - -
89ce4d7c by Michael Tokarev at 2024-08-14T13:46:18+03:00
d/winbind.install: install winbind_ctdb_updatekeytab.sh file

- - - - -
b91b70cf by Michael Tokarev at 2024-08-14T13:46:38+03:00
update changelog; upload version 4.21.0~rc1+dfsg-1 to unstable

- - - - -


30 changed files:

- VERSION
- WHATSNEW.txt
- buildtools/wafsamba/samba_abi.py
- + debian/.gitignore
- + debian/README.Debian
- + debian/README.source
- + debian/README.source.md
- + debian/TODO
- + debian/changelog
- + debian/clean
- + debian/control
- + debian/copyright
- + debian/ctdb.NEWS
- + debian/ctdb.README.hurd
- + debian/ctdb.README.kfreebsd
- + debian/ctdb.dirs
- + debian/ctdb.docs
- + debian/ctdb.example/nfs-kernel-server/98-nfs-static-ports.conf
- + debian/ctdb.example/nfs-kernel-server/enable-nfs.sh
- + debian/ctdb.example/nfs-kernel-server/nfs.conf
- + debian/ctdb.example/nfs-kernel-server/quota
- + debian/ctdb.example/nfs-kernel-server/services
- + debian/ctdb.examples
- + debian/ctdb.install
- + debian/ctdb.logrotate
- + debian/ctdb.postinst
- + debian/ctdb.postrm
- + debian/ctdb.service
- + debian/gbp.conf
- + debian/gdbcommands


The diff was not included because it is too large.


View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/d67ac6100050dd66651b1292ec6a3e2f3cc37afc...b91b70cfe965e12d6739fe5b2d28f680b4da6a47

-- 
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/d67ac6100050dd66651b1292ec6a3e2f3cc37afc...b91b70cfe965e12d6739fe5b2d28f680b4da6a47
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20240814/ed13696a/attachment-0001.htm>

More information about the Pkg-samba-maint mailing list