[Pkg-samba-maint] [Git][samba-team/samba][upstream_4.24] 14 commits: VERSION: Bump version up to Samba 4.24.1...
Michael Tokarev (@mjt)
gitlab at salsa.debian.org
Fri Apr 17 09:04:54 BST 2026
Michael Tokarev pushed to branch upstream_4.24 at Debian Samba Team / samba
Commits:
e65062c4 by Björn Jacke at 2026-03-18T11:04:15+01:00
VERSION: Bump version up to Samba 4.24.1...
and re-enable GIT_SNAPSHOT.
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
- - - - -
3a240341 by Stefan Metzmacher at 2026-04-14T12:38:16+00:00
vfs_streams_xattr: fix harmless use-after-free in streams_xattr_connect()
While tools like address sanitizer and most likely valgrind
report this it's not actually a real problem.
Most likely the content of default_ext_prefix is still the same
as TALLOC_FREE doesn't explicitly change then content of
the string.
talloc_strdup(config, ext_prefix) may reuse the same memory and the
memcpy in __talloc_strlendup() may get a problem.
Also all values are only controlled by the administrator via
the smb.conf not by the client.
To prove this theory I used the following change:
diff --git a/source3/modules/vfs_streams_xattr.c b/source3/modules/vfs_streams_xattr.c
index 5d267a1c1fbf..dc20ec1eb2e3 100644
--- a/source3/modules/vfs_streams_xattr.c
+++ b/source3/modules/vfs_streams_xattr.c
@@ -1466,18 +1466,25 @@ static int streams_xattr_connect(vfs_handle_struct *handle,
return -1;
}
+ DBG_ERR("default_ext_prefix[%p][%zu][%s]\n",
+ default_ext_prefix, talloc_get_size(default_ext_prefix),
+ default_ext_prefix);
+
ext_prefix = lp_parm_const_string(SNUM(handle->conn),
"streams_xattr",
"ext_prefix",
default_ext_prefix);
+ DBG_ERR("ext_prefix[%p][%s]\n", ext_prefix, ext_prefix);
+ SMB_ASSERT(default_ext_prefix == ext_prefix);
TALLOC_FREE(default_ext_prefix);
+ DBG_ERR("ext_prefix[%p][%s]\n", ext_prefix, ext_prefix);
config->ext_prefix = talloc_strdup(config, ext_prefix);
+ DBG_ERR("config->ext_prefix[%p][%zu][%s]\n",
+ config->ext_prefix, talloc_get_size(config->ext_prefix),
+ config->ext_prefix);
+ SMB_ASSERT(config->ext_prefix == ext_prefix);
if (config->ext_prefix == NULL) {
DEBUG(1, ("talloc_strdup() failed\n"));
errno = ENOMEM;
return -1;
}
- DBG_DEBUG("using stream ext prefix: %s\n", config->ext_prefix);
+ DBG_ERR("using stream ext prefix: %s\n", config->ext_prefix);
config->store_stream_type = lp_parm_bool(SNUM(handle->conn),
"streams_xattr",
Running it twice in a debugger didn't hit any SMB_ASSERT
and printed the expected values:
smbd version 4.25.0pre1-DEVELOPERBUILD started.
Copyright Andrew Tridgell and the Samba Team 1992-2026
daemon 'smbd' : Starting process ...
streams_xattr_connect: default_ext_prefix[0x5555555ed930][19][user.DosStreamExt.]
streams_xattr_connect: ext_prefix[0x5555555ed930][user.DosStreamExt.]
streams_xattr_connect: ext_prefix[0x5555555ed930][user.DosStreamExt.]
streams_xattr_connect: config->ext_prefix[0x5555555ed930][19][user.DosStreamExt.]
streams_xattr_connect: using stream ext prefix: user.DosStreamExt.
smbd version 4.25.0pre1-DEVELOPERBUILD started.
Copyright Andrew Tridgell and the Samba Team 1992-2026
daemon 'smbd' : Starting process ...
streams_xattr_connect: default_ext_prefix[0x5555555ed6d0][19][user.DosStreamExt.]
streams_xattr_connect: ext_prefix[0x5555555ed6d0][user.DosStreamExt.]
streams_xattr_connect: ext_prefix[0x5555555ed6d0][user.DosStreamExt.]
streams_xattr_connect: config->ext_prefix[0x5555555ed6d0][19][user.DosStreamExt.]
streams_xattr_connect: using stream ext prefix: user.DosStreamExt.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16035
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Mar 19 15:00:19 UTC 2026 on atb-devel-224
(cherry picked from commit 1c9a5d40298169e391749c834e8c381d736abdb4)
- - - - -
184fd8e2 by Andreas Schneider at 2026-04-14T12:38:16+00:00
python:tests: Fix assertEqual placement in test_device_group_restrictions
The assertEqual calls checking the exception attributes were incorrectly
indented inside the 'with self.assertRaises()' block. When the expected
NTSTATUSError is raised by verify_access(), execution exits the block
immediately, so those lines were never reached.
When the exception is not raised (e.g. with MIT KRB5 1.22 where a spurious FAST
error was fixed), execution falls through to the assertEqual inside the block,
causing AttributeError because error.exception is only available after the
'with' block exits.
The exception returned is NT_STATUS_UNSUCCESSFUL with Heimdal.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16055
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jennifer Sutton <jennifersutton at catalyst.net.nz>
(cherry picked from commit fed52c9b95cf4f7628749b78843ac4189afa0950)
- - - - -
62918567 by Andreas Schneider at 2026-04-14T12:38:16+00:00
selftest: Add test_device_and_server_silo_restrictions to knownfail_mit_kdc
MIT KRB5 1.22 fixed a spurious FAST armor processing error. In
KRB5 1.21 this spurious error caused verify_access() with device FAST
armor to fail, which accidentally made the device silo restriction check
in test_device_and_server_silo_restrictions appear to work.
With KRB5 1.22 the spurious error is gone. Device authentication is
still not implemented in MIT Kerberos, so the second assertRaises block
(user has silo assigned, device does not) no longer raises NTSTATUSError
and the test fails.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16055
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jennifer Sutton <jennifersutton at catalyst.net.nz>
(cherry picked from commit 49418776f1df663558e6f3bfe162a67d2b2b3642)
- - - - -
33622e8c by Andreas Schneider at 2026-04-14T12:38:16+00:00
selftest: Fix missing --configfile in schema_pair_dc drs replicate cmd
Without the configuration argument, samba-tool falls back to
load_default() which fails in the test environment when there is no
system-wide smb.conf.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16055
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jennifer Sutton <jennifersutton at catalyst.net.nz>
(cherry picked from commit 2cf2f781142c7a2965dc97933b2646a5db2b3609)
- - - - -
b0bc7b47 by Andreas Schneider at 2026-04-14T12:38:16+00:00
python:tests/krb5: Make PADATA_PK_AS_REP optional in non-strict mode
Commit c1433f821f7 added PADATA_PK_AS_REP (PA-PK-AS-REP, type 17) to
the expected padata list when check_rep_padata sees KDC_ERR_KEY_EXPIRED.
This reflects Samba's Heimdal KDC behaviour, which includes PKINIT hints
in expired-password error responses.
Samba with MIT KDC does not include PADATA_PK_AS_REP in KDC_ERR_KEY_EXPIRED
responses; it returns a METHOD-DATA with just the NTSTATUS payload (type 3) and
the FX-COOKIE (type 133). This causes test_pw_expired to fail intermittently
when the expired-password code path is exercised against MIT KDC.
Add PADATA_PK_AS_REP to the require_strict set alongside PADATA_PK_AS_REP_19,
so it is treated as optional in non-strict checking mode (STRICT_CHECKING=0)
while still being enforced in strict mode.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16055
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jennifer Sutton <jennifersutton at catalyst.net.nz>
(cherry picked from commit b79df27457e78ec2e8e301865c553fb76a596f9d)
- - - - -
f1bb8124 by Noel Power at 2026-04-14T12:38:16+00:00
s3/librpc/crypto: Don't keep growing in memory keytab
When we have long living concurrent connections every rpc bind
ends up calling and subsequently adding keytab entries to the
memory keytab returned by 'gse_krb5_get_server_keytab(...)'. This is
happening because as long as there is a handle open for the
keytab named "MEMORY:cifs_srv_keytab" then we keep adding entries to
it.
Note: There is no leak of gensec_security nor the krb5_keytab
it contains. When rpc clients connected to the rpc worker process
exit the gensec_security and the krb5_keytab structures are
destructed as expected. However because we use a fixed name
"MEMORY:cifs_srv_keytab" clients end up with a handle to a
reference counted shared keytab. Destruction of the keytab results
in the associated reference count being decremented. When the
reference count reaches 0 the keytab is destroyed.
To avoid the keytab being extended the easiest solution is to ensure a
unique memory keytab is created for each client.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16042
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Mon Mar 30 09:36:45 UTC 2026 on atb-devel-224
(cherry picked from commit c28a86c45d9d9673de18f9c29ea80dff12c9e7dd)
- - - - -
ca8b7eb5 by Andreas Schneider at 2026-04-14T12:38:16+00:00
wafsamba: Add -D_FORTIFY_SOURCE=3 when stack protector is enabled
The capability check in SAMBA_CONFIG_H() already tests that the compiler
accepts both -Wp,-D_FORTIFY_SOURCE and the stack protector flag
together, but only the stack protector flag was added to EXTRA_CFLAGS on
success.
The glibc normally silently downgrades to the supported level if the on
specified is not supported.
Note that -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 only sets it if not
already defined.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16040
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Mar 27 08:33:09 UTC 2026 on atb-devel-224
(cherry picked from commit 333ac047c3fc151222e5ee6aaa75452276b0031e)
- - - - -
327b618d by Björn Jacke at 2026-04-14T13:43:47+00:00
samba_cross.py: autobuild fails with trailing space at line endings
autobuild fails with trailing space at line endings, so we need to strip() only
at "\n" here strictly.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16057
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Apr 10 21:20:52 UTC 2026 on atb-devel-224
(cherry picked from commit 2f8dfde1210395175e726455bdb63a7b97245a72)
Autobuild-User(v4-24-test): Björn Jacke <bjacke at samba.org>
Autobuild-Date(v4-24-test): Tue Apr 14 13:43:47 UTC 2026 on atb-devel-224
- - - - -
47986452 by Noel Power at 2026-04-16T09:46:14+00:00
s3/modules: Fix vfs snapper not finding files in subdirs
when trying to browse on windows a snapper share (exposed via windows previous versions) files in subdirs are not visible. In other words only files that are in the root dir of the versioned share can be seen
/ashare/file1
/ashare/file2
/ashare/subdir
/ashare/subdir/subfile1
For example with the file hierarchy above only file1, file2 and subdir are visible. Navigating into subdir shows an empty dir
snapper_gmt_openat is failing because when calling snapper_gmt_convert
it doesn't take into account the path to the subdirectory.
snapper_gmt_convert is just passed the leaf name where it constructs the
snapper path based on the base dir of the share.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16058
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Anoop C S <anoopcs at samba.org>
(cherry picked from commit f45b832a17a82a394076476d809b274ddbd720b0)
- - - - -
b37629e0 by Noel Power at 2026-04-16T10:49:19+00:00
s3/modules: fix snapper_gmt_fstatat
snapper_gmt_fstatat is failing when called on items in a
'previous version' snapshot because the wrong timestamp value is
passed (the raw timewarp value is used) and snapper_gmt_convert cannot
find the valid snapshot instance to use.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=16058
Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Anoop C S <anoopcs at samba.org>
Autobuild-User(master): Anoop C S <anoopcs at samba.org>
Autobuild-Date(master): Wed Apr 15 15:29:38 UTC 2026 on atb-devel-224
(cherry picked from commit 78b7ed68e8da0c95ddc60fac58a6821ab723865b)
Autobuild-User(v4-24-test): Björn Jacke <bjacke at samba.org>
Autobuild-Date(v4-24-test): Thu Apr 16 10:49:19 UTC 2026 on atb-devel-224
- - - - -
203c3d7e by Björn Jacke at 2026-04-17T09:20:42+02:00
WHATSNEW: Add release notes for Samba 4.24.1.
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
- - - - -
2e9d10d4 by Björn Jacke at 2026-04-17T09:20:42+02:00
VERSION: Disable GIT_SNAPSHOT for the 4.24.1 release.
Signed-off-by: Bjoern Jacke <bjacke at samba.org>
- - - - -
4579864f by Michael Tokarev at 2026-04-17T11:01:45+03:00
New upstream version 4.24.1+dfsg
- - - - -
14 changed files:
- VERSION
- WHATSNEW.txt
- buildtools/wafsamba/samba_autoconf.py
- buildtools/wafsamba/samba_cross.py
- python/samba/tests/blackbox/claims.py
- python/samba/tests/krb5/raw_testcase.py
- script/autobuild.py
- selftest/knownfail_mit_kdc.d/as-req
- selftest/knownfail_mit_kdc.d/claims
- selftest/knownfail_mit_kdc.d/no-implicit-dollar-canonicalization
- selftest/target/Samba4.pm
- source3/librpc/crypto/gse_krb5.c
- source3/modules/vfs_snapper.c
- source3/modules/vfs_streams_xattr.c
Changes:
=====================================
VERSION
=====================================
@@ -27,7 +27,7 @@ SAMBA_COPYRIGHT_STRING="Copyright Andrew Tridgell and the Samba Team 1992-2026"
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=24
-SAMBA_VERSION_RELEASE=0
+SAMBA_VERSION_RELEASE=1
########################################################
# If a official release has a serious bug #
=====================================
WHATSNEW.txt
=====================================
@@ -1,3 +1,53 @@
+ ==============================
+ Release Notes for Samba 4.24.1
+ April 17, 2026
+ ==============================
+
+
+This is the latest stable release of the Samba 4.24 release series.
+
+
+Changes since 4.24.0
+--------------------
+
+o Björn Jacke <bjacke at samba.org>
+ * BUG 16057: autobuild fails if /proc/version contains trailing space
+
+o Stefan Metzmacher <metze at samba.org>
+ * BUG 16035: use after free in streams_xattr_connect()
+
+o Noel Power <noel.power at suse.com>
+ * BUG 16042: rpc workers with long living clients grow server memory keytab
+ * BUG 16058: vfs_snapper failing to access or enumerate files in subfolders
+
+o Andreas Schneider <asn at samba.org>
+ * BUG 16040: Samba is not build with FORTIFY_SOURCE
+ * BUG 16055: Fix tests with MIT Kerberos 1.22.x
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored. All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
==============================
Release Notes for Samba 4.24.0
March 18, 2026
=====================================
buildtools/wafsamba/samba_autoconf.py
=====================================
@@ -733,11 +733,16 @@ def SAMBA_CONFIG_H(conf, path=None):
}
''',
execute=0,
- cflags=[ '-Werror', '-Wp,-D_FORTIFY_SOURCE=2', stack_protect_flag],
+ cflags=[
+ '-Werror',
+ '-Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3',
+ stack_protect_flag
+ ],
mandatory=False,
msg='Checking if compiler accepts %s' % (stack_protect_flag))
if flag_supported:
conf.ADD_CFLAGS('%s' % (stack_protect_flag))
+ conf.ADD_CFLAGS('-Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3')
break
flag_supported = conf.check(fragment='''
=====================================
buildtools/wafsamba/samba_cross.py
=====================================
@@ -26,7 +26,7 @@ def add_answer(ca_file, msg, answer):
# don't care about its actual content (the tests should
# yield one-line output in order to comply with the cross-answer
# format)
- retstring = retstring.strip()
+ retstring = retstring.strip("\n")
if len(retstring.split('\n')) > 1:
retstring = ''
answer = (retcode, retstring)
=====================================
python/samba/tests/blackbox/claims.py
=====================================
@@ -92,11 +92,10 @@ class ClaimsSupportTests(BlackboxTestCase):
device_password=device_password,
)
- self.assertEqual(error.exception.args[0], NT_STATUS_LOGON_FAILURE)
- self.assertEqual(
- error.exception.args[1],
- "The attempted logon is invalid. This is either due to a "
- "bad username or authentication information.")
+ self.assertEqual(error.exception.args[0], NT_STATUS_UNSUCCESSFUL)
+ self.assertIn(
+ "The requested operation was unsuccessful.",
+ error.exception.args[1])
self.check_run("group addmembers allowed-devices claims-device")
=====================================
python/samba/tests/krb5/raw_testcase.py
=====================================
@@ -5379,6 +5379,7 @@ class RawKerberosTest(TestCase):
require_strict = {PADATA_FX_COOKIE,
PADATA_FX_FAST,
PADATA_PAC_OPTIONS,
+ PADATA_PK_AS_REP,
PADATA_PK_AS_REP_19,
PADATA_PK_AS_REQ,
PADATA_PKINIT_KX,
=====================================
script/autobuild.py
=====================================
@@ -210,13 +210,7 @@ try:
except ImportError:
pass
-# on ubuntu gcc implies _FORTIFY_SOURCE
-# before 24.04 it was _FORTIFY_SOURCE=2
-# and 24.04 has _FORTIFY_SOURCE=3
-# so we do not specify it explicitly.
samba_o3_cflags = "-O3"
-if not is_ubuntu:
- samba_o3_cflags += " -Wp,-D_FORTIFY_SOURCE=2"
def format_option(name, value=None):
"""Format option as str list."""
=====================================
selftest/knownfail_mit_kdc.d/as-req
=====================================
@@ -38,7 +38,6 @@
^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_pac_False\(fl2003dc\)
^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_pac_None\(fl2003dc\)
^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_as_req_no_preauth_dummy_aes128_aes256_pac_True\(fl2003dc\)
-^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_pw_expired_wrong_password\(fl2008r2dc\)
^samba.tests.krb5.as_req_tests.samba.tests.krb5.as_req_tests.AsReqKerberosTests.test_pw_expired_wrong_password\(fl2003dc\)
#
# MIT currently fails some as_req_no_preauth tests.
=====================================
selftest/knownfail_mit_kdc.d/claims
=====================================
@@ -5,6 +5,7 @@
# Device authentication is not implemented in MIT Kerberos
^samba.tests.blackbox.claims.samba.tests.blackbox.claims.ClaimsSupportTests.test_device_silo_restrictions.ad_dc
^samba.tests.blackbox.claims.samba.tests.blackbox.claims.ClaimsSupportTests.test_device_group_restrictions.ad_dc
+^samba.tests.blackbox.claims.samba.tests.blackbox.claims.ClaimsSupportTests.test_device_and_server_silo_restrictions.ad_dc
^samba.tests.krb5.claims_tests.samba.tests.krb5.claims_tests.ClaimsTests.test_device_claims_device_to_service_no_claims_support_in_pac_options.ad_dc
^samba.tests.krb5.claims_tests.samba.tests.krb5.claims_tests.ClaimsTests.test_device_claims_device_to_service_no_claims_valid_sid.ad_dc
=====================================
selftest/knownfail_mit_kdc.d/no-implicit-dollar-canonicalization
=====================================
@@ -1,10 +1,8 @@
^samba\.tests\.krb5\.as_req_tests\.samba\.tests\.krb5\.as_req_tests\.AsReqKerberosTests\.test_logon_hours\(ad_dc_ntvfs\)
^samba\.tests\.krb5\.as_req_tests\.samba\.tests\.krb5\.as_req_tests\.AsReqKerberosTests\.test_logon_hours_wrong_password\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_req_tests\.samba\.tests\.krb5\.as_req_tests\.AsReqKerberosTests\.test_pw_expired_wrong_password\(ad_dc_ntvfs\)
^samba\.tests\.krb5\.alias_tests\.samba\.tests\.krb5\.alias_tests\.AliasTests\.test_create_alias_delete\(ad_dc_ntvfs\)
^samba\.tests\.krb5\.alias_tests\.samba\.tests\.krb5\.alias_tests\.AliasTests\.test_create_alias_rename\(ad_dc_ntvfs\)
^samba\.tests\.krb5\.alias_tests\.samba\.tests\.krb5\.alias_tests\.AliasTests\.test_dc_alias_delete\(ad_dc_ntvfs\)
^samba\.tests\.krb5\.alias_tests\.samba\.tests\.krb5\.alias_tests\.AliasTests\.test_dc_alias_rename\(ad_dc_ntvfs\)
^samba\.tests\.krb5\.as_req_tests\.samba\.tests\.krb5\.as_req_tests\.AsReqKerberosTests\.test_logon_hours\(ad_dc_ntvfs\)
^samba\.tests\.krb5\.as_req_tests\.samba\.tests\.krb5\.as_req_tests\.AsReqKerberosTests\.test_logon_hours_wrong_password\(ad_dc_ntvfs\)
-^samba\.tests\.krb5\.as_req_tests\.samba\.tests\.krb5\.as_req_tests\.AsReqKerberosTests\.test_pw_expired_wrong_password\(ad_dc_ntvfs\)
=====================================
selftest/target/Samba4.pm
=====================================
@@ -3160,7 +3160,8 @@ sub setup_schema_pair_dc
my $repl_cmd = $cmd_vars;
$repl_cmd .= "$samba_tool drs replicate $env->{SERVER} $dcvars->{SERVER}";
- $repl_cmd .= " CN=Schema,CN=Configuration,DC=schema,DC=samba,DC=example,DC=com";
+ $repl_cmd .= " $env->{CONFIGURATION}";
+ $repl_cmd .= " CN=Schema,CN=Configuration,DC=schema,DC=samba,DC=example,DC=com";
$repl_cmd .= " -U$dcvars->{DC_USERNAME}\%$dcvars->{DC_PASSWORD}";
unless (system($join_cmd) == 0) {
=====================================
source3/librpc/crypto/gse_krb5.c
=====================================
@@ -554,20 +554,36 @@ out:
krb5_error_code gse_krb5_get_server_keytab(krb5_context krbctx,
krb5_keytab *keytab)
{
+ char *memktab_name = NULL;
krb5_error_code ret = 0;
krb5_error_code ret1 = 0;
krb5_error_code ret2 = 0;
*keytab = NULL;
+ /*
+ * create a unique name so concurrent or long lived
+ * processes don't append to existing in memory copy
+ */
+ memktab_name = talloc_asprintf(NULL,
+ "%s-%p",
+ SRV_MEM_KEYTAB_NAME,
+ krbctx);
+ if (memktab_name == NULL) {
+ DBG_ERR("out of memory\n");
+ return ENOMEM;
+ }
/* create memory keytab */
- ret = krb5_kt_resolve(krbctx, SRV_MEM_KEYTAB_NAME, keytab);
+ ret = krb5_kt_resolve(krbctx, memktab_name, keytab);
if (ret) {
DEBUG(1, (__location__ ": Failed to get memory "
"keytab!\n"));
+ TALLOC_FREE(memktab_name);
return ret;
}
+ TALLOC_FREE(memktab_name);
+
switch (lp_kerberos_method()) {
default:
case KERBEROS_VERIFY_SECRETS:
=====================================
source3/modules/vfs_snapper.c
=====================================
@@ -2011,6 +2011,7 @@ static int snapper_gmt_fstatat(struct vfs_handle_struct *handle,
int flags)
{
struct smb_filename *tmp_fname = NULL;
+ time_t timestamp;
int ret;
if (smb_fname->twrp == 0) {
@@ -2018,6 +2019,8 @@ static int snapper_gmt_fstatat(struct vfs_handle_struct *handle,
handle, dirfsp, smb_fname, sbuf, flags);
}
+ timestamp = nt_time_to_unix(smb_fname->twrp);
+
tmp_fname = cp_smb_filename(talloc_tos(), smb_fname);
if (tmp_fname == NULL) {
errno = ENOMEM;
@@ -2026,8 +2029,8 @@ static int snapper_gmt_fstatat(struct vfs_handle_struct *handle,
tmp_fname->base_name = snapper_gmt_convert(tmp_fname,
handle,
- smb_fname->base_name,
- smb_fname->twrp);
+ tmp_fname->base_name,
+ timestamp);
if (tmp_fname->base_name == NULL) {
TALLOC_FREE(tmp_fname);
errno = ENOMEM;
@@ -2070,16 +2073,10 @@ static int snapper_gmt_openat(struct vfs_handle_struct *handle,
{
struct smb_filename *smb_fname = NULL;
time_t timestamp;
- char *stripped = NULL;
int ret;
int saved_errno = 0;
- if (!snapper_gmt_strip_snapshot(talloc_tos(), handle,
- smb_fname_in,
- ×tamp, &stripped)) {
- return -1;
- }
- if (timestamp == 0) {
+ if (smb_fname_in->twrp == 0) {
return SMB_VFS_NEXT_OPENAT(handle,
dirfsp,
smb_fname_in,
@@ -2087,15 +2084,21 @@ static int snapper_gmt_openat(struct vfs_handle_struct *handle,
how);
}
- smb_fname = cp_smb_filename(talloc_tos(), smb_fname_in);
+ timestamp = nt_time_to_unix(smb_fname_in->twrp);
+
+ smb_fname = full_path_from_dirfsp_atname(talloc_tos(),
+ dirfsp,
+ smb_fname_in);
+
if (smb_fname == NULL) {
- TALLOC_FREE(stripped);
+ errno = ENOMEM;
return -1;
}
- smb_fname->base_name = snapper_gmt_convert(smb_fname, handle,
- stripped, timestamp);
- TALLOC_FREE(stripped);
+ smb_fname->base_name = snapper_gmt_convert(smb_fname,
+ handle,
+ smb_fname->base_name,
+ timestamp);
if (smb_fname->base_name == NULL) {
TALLOC_FREE(smb_fname);
=====================================
source3/modules/vfs_streams_xattr.c
=====================================
@@ -1470,8 +1470,8 @@ static int streams_xattr_connect(vfs_handle_struct *handle,
"streams_xattr",
"ext_prefix",
default_ext_prefix);
- TALLOC_FREE(default_ext_prefix);
config->ext_prefix = talloc_strdup(config, ext_prefix);
+ TALLOC_FREE(default_ext_prefix);
if (config->ext_prefix == NULL) {
DEBUG(1, ("talloc_strdup() failed\n"));
errno = ENOMEM;
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/805a5066aa2023639e450d5836228f9aa01694cb...4579864fd585de03d18ef821ba3d9aa40fc89020
--
View it on GitLab: https://salsa.debian.org/samba-team/samba/-/compare/805a5066aa2023639e450d5836228f9aa01694cb...4579864fd585de03d18ef821ba3d9aa40fc89020
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20260417/052144d3/attachment-0001.htm>
More information about the Pkg-samba-maint
mailing list