Skip to content
Snippets Groups Projects

Compare revisions

Changes are shown as if the source revision was being merged into the target revision. Learn more about comparing revisions.

Source

Select target project
No results found

Target

Select target project
  • lts-team/packages/samba
  • thctlo/samba-lintianfix
  • arnaudr/samba
  • jrwren/samba
  • paride/samba
  • athos/samba
  • henrich/samba
  • cnotin/samba
  • mimi89999/samba
  • samba-team/samba
  • ahasenack/samba
  • jrtc27/samba
  • noel/samba
13 results
Show changes
Commits on Source (11)
......@@ -27,7 +27,7 @@ SAMBA_COPYRIGHT_STRING="Copyright Andrew Tridgell and the Samba Team 1992-2023"
########################################################
SAMBA_VERSION_MAJOR=4
SAMBA_VERSION_MINOR=19
SAMBA_VERSION_RELEASE=5
SAMBA_VERSION_RELEASE=6
########################################################
# If a official release has a serious bug #
......
==============================
Release Notes for Samba 4.19.6
April 08, 2024
==============================
This is the latest stable release of the Samba 4.19 release series.
Changes since 4.19.5
--------------------
o Ralph Boehme <slow@samba.org>
* BUG 15527: fd_handle_destructor() panics within an smbd_smb2_close() if
vfs_stat_fsp() fails in fd_close().
o Guenther Deschner <gd@samba.org>
* BUG 15588: samba-gpupdate: Correctly implement site support.
o Noel Power <noel.power@suse.com>
* BUG 15527: fd_handle_destructor() panics within an smbd_smb2_close() if
vfs_stat_fsp() fails in fd_close().
o Andreas Schneider <asn@samba.org>
* BUG 15588: samba-gpupdate: Correctly implement site support.
* BUG 15599: libgpo: Segfault in python bindings.
o Martin Schwenke <mschwenke@ddn.com>
* BUG 15580: Packet marshalling push support missing for
CTDB_CONTROL_TCP_CLIENT_DISCONNECTED and
CTDB_CONTROL_TCP_CLIENT_PASSED.
#######################################
Reporting bugs & Development Discussion
#######################################
Please discuss this release on the samba-technical mailing list or by
joining the #samba-technical:matrix.org matrix room, or
#samba-technical IRC channel on irc.libera.chat.
If you do report problems then please try to send high quality
feedback. If you don't provide vital information to help us track down
the problem then you will probably be ignored. All bug reports should
be filed under the Samba 4.1 and newer product in the project's Bugzilla
database (https://bugzilla.samba.org/).
======================================================================
== Our Code, Our Bugs, Our Responsibility.
== The Samba Team
======================================================================
Release notes for older releases follow:
----------------------------------------
==============================
Release Notes for Samba 4.19.5
February 19, 2024
......@@ -59,8 +115,7 @@ database (https://bugzilla.samba.org/).
======================================================================
Release notes for older releases follow:
----------------------------------------
----------------------------------------------------------------------
==============================
Release Notes for Samba 4.19.4
January 08, 2024
......
......@@ -693,6 +693,14 @@ static void ctdb_req_control_data_push(struct ctdb_req_control_data *cd,
case CTDB_CONTROL_ECHO_DATA:
ctdb_echo_data_push(cd->data.echo_data, buf, &np);
break;
case CTDB_CONTROL_TCP_CLIENT_DISCONNECTED:
ctdb_connection_push(cd->data.conn, buf, &np);
break;
case CTDB_CONTROL_TCP_CLIENT_PASSED:
ctdb_connection_push(cd->data.conn, buf, &np);
break;
}
*npush = np;
......
......@@ -593,6 +593,19 @@ void fill_ctdb_req_control_data(TALLOC_CTX *mem_ctx,
case CTDB_CONTROL_ENABLE_NODE:
break;
case CTDB_CONTROL_TCP_CLIENT_DISCONNECTED:
cd->data.conn = talloc(mem_ctx, struct ctdb_connection);
assert(cd->data.conn != NULL);
fill_ctdb_connection(mem_ctx, cd->data.conn);
break;
case CTDB_CONTROL_TCP_CLIENT_PASSED:
cd->data.conn = talloc(mem_ctx, struct ctdb_connection);
assert(cd->data.conn != NULL);
fill_ctdb_connection(mem_ctx, cd->data.conn);
break;
}
}
......@@ -982,6 +995,14 @@ void verify_ctdb_req_control_data(struct ctdb_req_control_data *cd,
case CTDB_CONTROL_ENABLE_NODE:
break;
case CTDB_CONTROL_TCP_CLIENT_DISCONNECTED:
verify_ctdb_connection(cd->data.conn, cd2->data.conn);
break;
case CTDB_CONTROL_TCP_CLIENT_PASSED:
verify_ctdb_connection(cd->data.conn, cd2->data.conn);
break;
}
}
......@@ -1378,6 +1399,12 @@ void fill_ctdb_reply_control_data(TALLOC_CTX *mem_ctx,
case CTDB_CONTROL_ENABLE_NODE:
break;
case CTDB_CONTROL_TCP_CLIENT_DISCONNECTED:
break;
case CTDB_CONTROL_TCP_CLIENT_PASSED:
break;
}
}
......@@ -1715,6 +1742,12 @@ void verify_ctdb_reply_control_data(struct ctdb_reply_control_data *cd,
case CTDB_CONTROL_ENABLE_NODE:
break;
case CTDB_CONTROL_TCP_CLIENT_DISCONNECTED:
break;
case CTDB_CONTROL_TCP_CLIENT_PASSED:
break;
}
}
......
......@@ -277,7 +277,7 @@ PROTOCOL_CTDB4_TEST(struct ctdb_req_dmaster, ctdb_req_dmaster,
PROTOCOL_CTDB4_TEST(struct ctdb_reply_dmaster, ctdb_reply_dmaster,
CTDB_REPLY_DMASTER);
#define NUM_CONTROLS 159
#define NUM_CONTROLS 161
PROTOCOL_CTDB2_TEST(struct ctdb_req_control_data, ctdb_req_control_data);
PROTOCOL_CTDB2_TEST(struct ctdb_reply_control_data, ctdb_reply_control_data);
......
......@@ -116,6 +116,11 @@ static PyObject *GPO_marshall_get_sec_desc_buf(PyObject *self, PyObject *args,
uint8_t *data = NULL;
size_t len = 0;
if (gpo_ptr->security_descriptor == NULL) {
PyErr_SetString(PyExc_RuntimeError, "Uninitialized");
return NULL;
}
status = marshall_sec_desc(gpo_ptr, gpo_ptr->security_descriptor,
&data, &len);
if (!NT_STATUS_IS_OK(status)) {
......@@ -371,7 +376,7 @@ static int py_ads_init(ADS *self, PyObject *args, PyObject *kwds)
workgroup,
ldap_server,
ADS_SASL_PLAIN);
return 0;
}
......
......@@ -490,7 +490,7 @@ interface nbt
[case(NETLOGON_NT_VERSION_5EX)] NETLOGON_SAM_LOGON_RESPONSE_EX nt5_ex;
} netlogon_samlogon_response_union;
typedef [nopush,nopull] struct {
typedef [nopush,nopull,noprint,public] struct {
uint32 ntver;
[switch_is(ntver)] netlogon_samlogon_response_union data;
} netlogon_samlogon_response;
......
......@@ -392,7 +392,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_netlogon_samlogon_response(struct ndr_pull *
return NDR_ERR_SUCCESS;
}
_PUBLIC_ void ndr_print_netlogon_samlogon_response(struct ndr_print *ndr, const char *name, struct netlogon_samlogon_response *r)
_PUBLIC_ void ndr_print_netlogon_samlogon_response(struct ndr_print *ndr, const char *name, const struct netlogon_samlogon_response *r)
{
ndr_print_struct(ndr, name, "netlogon_samlogon_response");
if (r == NULL) { ndr_print_null(ndr); return; }
......
......@@ -37,6 +37,6 @@ enum ndr_err_code ndr_pull_NETLOGON_SAM_LOGON_RESPONSE_EX_with_flags(struct ndr_
uint32_t nt_version_flags);
enum ndr_err_code ndr_push_netlogon_samlogon_response(struct ndr_push *ndr, int ndr_flags, const struct netlogon_samlogon_response *r);
enum ndr_err_code ndr_pull_netlogon_samlogon_response(struct ndr_pull *ndr, int ndr_flags, struct netlogon_samlogon_response *r);
void ndr_print_netlogon_samlogon_response(struct ndr_print *ndr, const char *name, struct netlogon_samlogon_response *r);
void ndr_print_netlogon_samlogon_response(struct ndr_print *ndr, const char *name, const struct netlogon_samlogon_response *r);
#endif /* _LIBRPC_NDR_NDR_NBT_H */
......@@ -51,7 +51,7 @@ from samba.dsdb import UF_WORKSTATION_TRUST_ACCOUNT, UF_SERVER_TRUST_ACCOUNT, GP
from samba.auth import AUTH_SESSION_INFO_DEFAULT_GROUPS, AUTH_SESSION_INFO_AUTHENTICATED, AUTH_SESSION_INFO_SIMPLE_PRIVILEGES
from samba.dcerpc import security
import samba.security
from samba.dcerpc import netlogon
from samba.dcerpc import nbt
try:
......@@ -582,12 +582,6 @@ def get_dc_hostname(creds, lp):
nbt.NBT_SERVER_DS))
return cldap_ret.pdc_dns_name
def get_dc_netbios_hostname(creds, lp):
net = Net(creds=creds, lp=lp)
cldap_ret = net.finddc(domain=lp.get('realm'), flags=(nbt.NBT_SERVER_LDAP |
nbt.NBT_SERVER_DS))
return cldap_ret.pdc_name
''' Fetch a list of GUIDs for applicable GPOs '''
......@@ -756,24 +750,52 @@ def merge_nt_token(token_1, token_2):
token_1.privilege_mask |= token_2.privilege_mask
return token_1
def site_dn_for_machine(samdb, dc_hostname, lp, creds, hostname):
# [MS-GPOL] 3.2.5.1.4 Site Search
config_context = samdb.get_config_basedn()
try:
c = netlogon.netlogon("ncacn_np:%s[seal]" % dc_hostname, lp, creds)
site_name = c.netr_DsRGetSiteName(hostname)
return 'CN={},CN=Sites,{}'.format(site_name, config_context)
except WERRORError:
# Fallback to the old method found in ads_site_dn_for_machine
nb_hostname = get_dc_netbios_hostname(creds, lp)
res = samdb.search(config_context, ldb.SCOPE_SUBTREE,
"(cn=%s)" % nb_hostname, ['dn'])
if res.count != 1:
raise ldb.LdbError(ldb.ERR_NO_SUCH_OBJECT,
'site_dn_for_machine: no result')
dn = res.msgs[0]['dn']
site_dn = dn.parent().parent()
return site_dn
# The netr_DsRGetSiteName() needs to run over local rpc, however we do not
# have the call implemented in our rpc_server.
# What netr_DsRGetSiteName() actually does is an ldap query to get
# the sitename, we can do the same.
# NtVer=(NETLOGON_NT_VERSION_IP|NETLOGON_NT_VERSION_WITH_CLOSEST_SITE|
# NETLOGON_NT_VERSION_5EX) [0x20000014]
expr = "(&(DnsDomain=%s.)(User=%s)(NtVer=\\14\\00\\00\\20))" % (
samdb.domain_dns_name(),
hostname)
res = samdb.search(
base='',
scope=ldb.SCOPE_BASE,
expression=expr,
attrs=["Netlogon"])
if res.count != 1:
raise RuntimeError('site_dn_for_machine: No result')
samlogon_response = ndr_unpack(nbt.netlogon_samlogon_response,
bytes(res.msgs[0]['Netlogon'][0]))
if samlogon_response.ntver not in [nbt.NETLOGON_NT_VERSION_5EX,
(nbt.NETLOGON_NT_VERSION_1
| nbt.NETLOGON_NT_VERSION_5EX)]:
raise RuntimeError('site_dn_for_machine: Invalid NtVer in '
+ 'netlogon_samlogon_response')
# We want NETLOGON_NT_VERSION_5EX out of the union!
samlogon_response.ntver = nbt.NETLOGON_NT_VERSION_5EX
samlogon_response_ex = samlogon_response.data
client_site = "Default-First-Site-Name"
if (samlogon_response_ex.client_site
and len(samlogon_response_ex.client_site) > 1):
client_site = samlogon_response_ex.client_site
site_dn = samdb.get_config_basedn()
site_dn.add_child("CN=Sites")
site_dn.add_child("CN=%s" % (client_site))
return site_dn
def get_gpo_list(dc_hostname, creds, lp, username):
'''Get the full list of GROUP_POLICY_OBJECTs for a given username.
......
......@@ -603,6 +603,7 @@ static NTSTATUS close_remove_share_mode(files_struct *fsp,
*/
fsp->fsp_flags.delete_on_close = false;
fsp->fsp_flags.fstat_before_close = false;
lck_state.reset_delete_on_close = true;
done:
......
......@@ -942,7 +942,7 @@ NTSTATUS fd_openat(const struct files_struct *dirfsp,
NTSTATUS fd_close(files_struct *fsp)
{
NTSTATUS status;
NTSTATUS stat_status = NT_STATUS_OK;
int ret;
if (fsp == fsp->conn->cwd_fsp) {
......@@ -950,23 +950,12 @@ NTSTATUS fd_close(files_struct *fsp)
}
if (fsp->fsp_flags.fstat_before_close) {
status = vfs_stat_fsp(fsp);
if (!NT_STATUS_IS_OK(status)) {
/*
* If this is a stream and delete-on-close was set, the
* backing object (an xattr from streams_xattr) might
* already be deleted so fstat() fails with
* NT_STATUS_NOT_FOUND. So if fsp refers to a stream we
* ignore the error and only bail for normal files where
* an fstat() should still work. NB. We cannot use
* fsp_is_alternate_stream(fsp) for this as the base_fsp
* has already been closed at this point and so the value
* fsp_is_alternate_stream() checks for is already NULL.
*/
if (fsp->fsp_name->stream_name == NULL) {
return status;
}
}
/*
* capture status, if failure
* continue close processing
* and return status
*/
stat_status = vfs_stat_fsp(fsp);
}
if (fsp->dptr) {
......@@ -988,7 +977,7 @@ NTSTATUS fd_close(files_struct *fsp)
if (ret == -1) {
return map_nt_error_from_unix(errno);
}
return NT_STATUS_OK;
return stat_status;
}
/****************************************************************************
......