1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00
Commit Graph

136785 Commits

Author SHA1 Message Date
Jule Anger
8e31cb2007 WHATSNEW: Up to Samba 4.20.0rc1.
Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2024-01-29 14:39:32 +00:00
Jule Anger
ec91204387 ldb: release 2.9.0 for use in Samba 4.20.x
- documentation fixes
- build with Python 3.12 (bug #15513)
- a lot of additional error checking in
  the python bindings
- minor code fixes

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15513

Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2024-01-29 14:39:32 +00:00
Jule Anger
0ba05d5bbb tevent: release 0.16.1
- build with Python 3.12 (bug #15513)
- documentation fixes

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15513

Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2024-01-29 14:39:32 +00:00
Jule Anger
5032ab712c tdb: release 1.4.10
- build with Python 3.12 (bug #15513)
- documentation fixes
- minor build fixes

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15513

Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2024-01-29 14:39:32 +00:00
Jule Anger
f28966c163 talloc: release 2.4.2
- build with Python 3.12 (bug #15513)
- documentation fixes

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15513

Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2024-01-29 14:39:32 +00:00
Andreas Schneider
1f82342441 python:gp: Improve working of log messages to avoid confusion
We should not use the word "Failed". We are totally fine if we can't
connect to NDES in the meantime. This logs:

Try to get root or server certificates.
Unable to install root certificates (requires NDES).
Installing the server certificate only.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15559

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jan 29 10:37:29 UTC 2024 on atb-devel-224
2024-01-29 10:37:29 +00:00
Andreas Schneider
367756b85a python:gp: Log an error if update fails
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15559

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2024-01-29 09:32:46 +00:00
Andreas Schneider
98dc44286e python:gp: Do not print an error if template already exists
We will get an exit status for duplicate in future:
https://www.pagure.io/certmonger/issue/269
We can't really fix that right now, as older version of certmonger
don't support the `-v` option.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15559

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2024-01-29 09:32:46 +00:00
Andreas Schneider
728757cd1f python:gp: Do not print an error, if CA already exists
We will get an exit status for duplicate in future:
https://www.pagure.io/certmonger/issue/269
We can't really fix that right now, as older version of certmonger
don't support the `-v` option.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15559

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2024-01-29 09:32:46 +00:00
Andreas Schneider
6d5507e050 python:gp: Improve logging for certificate enrollment
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15559

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2024-01-29 09:32:46 +00:00
Andreas Schneider
6a9630eff6 python:gp: Avoid path check for cepces-submit
find_cepces_submit() uses which(), which returns None if not found.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15559

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2024-01-29 09:32:46 +00:00
Anoop C S
6e6d8384f3 vfs_ceph: Use ceph_fdopendir() when available for SMB_VFS_FDOPENDIR
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Sat Jan 27 00:01:12 UTC 2024 on atb-devel-224
2024-01-27 00:01:12 +00:00
Stefan Metzmacher
447e131ebf smb2_tcon: add "smb3 share cap:{CONTINUOUS AVAILABILITY,SCALE OUT,CLUSTER,ASYMMETRIC}" options
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jan 26 18:04:10 UTC 2024 on atb-devel-224
2024-01-26 18:04:10 +00:00
Stefan Metzmacher
941f53f0c9 python:tests/rpcd_witness_samba_only: add tests for 'net witness force-response'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-01-26 17:00:33 +00:00
Stefan Metzmacher
946bf10068 s3:utils: add 'net witness force-response'
This allows generating any possible AsyncNotify response
for the specified selection of witness registrations
from rpcd_witness_registration.tdb.

This can be used by developers to test the (windows)
client behavior to specific AsyncNotify responses.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-01-26 17:00:33 +00:00
Stefan Metzmacher
8a643fea95 python:tests/rpcd_witness_samba_only: add tests for 'net witness force-unregister'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-01-26 17:00:33 +00:00
Stefan Metzmacher
8536a21792 s3:utils: add 'net witness force-unregister'
This allows removing of the specified selection
of witness registrations from rpcd_witness_registration.tdb.

Any pending AsyncNotify will get WERR_NOT_FOUND.

Typically this triggers a clean re-registration on the client.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-01-26 17:00:33 +00:00
Stefan Metzmacher
290ef547d8 python:tests/rpcd_witness_samba_only: add tests for 'net witness {client,share}-move'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-01-26 17:00:33 +00:00
Stefan Metzmacher
df3b5f9339 s3:utils: add 'net witness client-move' and 'net witness share-move'
These can be used to generate CLIENT_MOVE or SHARE_MOVE message
to the specified selection of witness registrations from
rpcd_witness_registration.tdb

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-01-26 17:00:33 +00:00
Stefan Metzmacher
4fba5bcaad s3:rpc_server/witness: add handling of MSG_RPCD_WITNESS_REGISTRATION_UPDATE messages
This implements the server side features for the
'net witness [client-move,...]' commands in the end.

These are administrator driven notifications for the witness client.

RPCD_WITNESS_REGISTRATION_UPDATE_FORCE_RESPONSE and
RPCD_WITNESS_REGISTRATION_UPDATE_FORCE_UNREGISTER will be very useful
for later automated testing.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-01-26 17:00:33 +00:00
Stefan Metzmacher
b722dc74f8 s3:rpcd_witness.idl: add rpcd_witness_registration_updateB message definitions
This will be used for rpcd_witness_registration_updateB messages
in 'net witness [client-move,...]' commands later.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-01-26 17:00:33 +00:00
Stefan Metzmacher
0744d55be0 messaging.idl: add MSG_RPCD_WITNESS_REGISTRATION_UPDATE
This will be used for rpcd_witness_registration_updateB messages
in 'net witness [client-move,...]' commands later.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-01-26 17:00:33 +00:00
Stefan Metzmacher
3e70b31f01 python:tests/rpcd_witness_samba_only: add tests for 'net witness list'
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-01-26 17:00:33 +00:00
Stefan Metzmacher
46fdeca696 s3:utils: add 'net witness list' command
It lists the entries from the rpcd_witness_registration.tdb.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-01-26 17:00:33 +00:00
Stefan Metzmacher
fcc8e0978b s3:rpc_server/witness: let Register[Ex] store rpcd_witness_registration.tdb records
This will allow 'net witness list' to be implemented in the end.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-01-26 17:00:33 +00:00
Stefan Metzmacher
a9829ce6cf s3:rpcd_witness.idl: introduce definitions for rpcd_witness_registration.tdb records
A rpcd_witness_registration.tdb will be added shortly in order to
implement useful 'net witness [list,client-move,...]' commands
in the end.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-01-26 17:00:33 +00:00
Stefan Metzmacher
b17e090e7c python/blackbox: add rpcd_witness_samba_only.py test
This tests the witness service and its interaction with
ctdb.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-01-26 17:00:33 +00:00
Stefan Metzmacher
b3c51c4b82 python/tests: add TestCase.get_loadparm(s3=True) support
This will be used for tests with registry shares,
as the top level loadparm system doesn't support them.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-01-26 17:00:33 +00:00
Stefan Metzmacher
ea1ec424ad script/autobuild.py: also pass PYTHONPATH to make test of 'samba-ctdb'
Otherwise tests won't find the custom tdb python bindings

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-01-26 17:00:33 +00:00
Stefan Metzmacher
3ede69552c selftest/Samba: export CTDB_PREFIX in clusteredmember testenv
It means ctdb/tests/local_daemons.sh will be easily useable

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-01-26 17:00:33 +00:00
Stefan Metzmacher
2f9dfaae44 selftest/Samba3: start samba_dcerpcd in clusteredmember
This enables the rpcd_witness to be available.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-01-26 17:00:33 +00:00
Stefan Metzmacher
15b17f1fff selftest/Samba3: remove unused variable in setup_clusteredmember
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-01-26 17:00:33 +00:00
Stefan Metzmacher
bc2a77373a selftest/Samba3: get NETBIOSNAME correct for clusteredmember
It was missed in commit
7598b9069d

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-01-26 17:00:33 +00:00
Stefan Metzmacher
cb1d711e25 s3:rpc_server/witness: add implementation based on CTDB_SRVID_IPREALLOCATED and ctdbd_all_ip_foreach()
The design is relatively simple in the end:

- We use ctdbd_all_ip_foreach() in order to build an
  in memory list of interfaces(ip addresses) and
  record if:
  - they are currently available or not
  - if they node local or not

- The current list is would we use for the
  GetInterfaceList() call.

- Register[Ex] will create an in memory structure
  holding a queue for pending AsyncNotify requests.

- Unregister() will cancel pending AsyncNotify requests and
  let them return NOT_FOUND.

- CTDB_SRVID_IPREALLOCATED messages will cause we refresh
  with ctdbd_all_ip_foreach():
  - this will detect changes in the interface state
    and remove stale interfaces.
  - for each change the list of registrations is checked
    for a matching ip address and a RESOURCE_CHANGE
    will be scheduled in the queue of the registration,
    the started queue will trigger AsyncNotify responses

- We also register the connections with ctdb in order
  to give other nodes a chance to generate tickle-acks
  for the witness tcp connections.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-01-26 17:00:33 +00:00
Stefan Metzmacher
85f30bcf0b s3:rpc_server: add basic rpcd_witness template
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-01-26 17:00:32 +00:00
Stefan Metzmacher
9083f49e76 s3:ctdbd_conn: add ctdbd_all_ip_foreach() helper
This can we used to traverse through all ip addresses ctdb knows
about.

The caller can select node ips and/or public ips.

This will we useful to monitor the addresses from a witness
service...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-01-26 17:00:32 +00:00
Stefan Metzmacher
3106709c89 s3:ctdbd_conn: split out ctdbd_control_get_nodemap()
This will simplify future changes...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-01-26 17:00:32 +00:00
Stefan Metzmacher
ceda79b6cc s3:ctdbd_conn: pass vnn to ctdbd_control_get_public_ips()
In future we also want to ask other nodes for their public_ips.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-01-26 17:00:32 +00:00
Stefan Metzmacher
f21e380064 witness.idl: make witness_interfaceList public to that ndr_print works in python
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-01-26 17:00:32 +00:00
Stefan Metzmacher
b9bd7e89f2 smbstatus: let --json include session.{creation,expiration,auth}_time
This is very useful in order to predict NETWORK_SESSION_EXPIRED
messages...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2024-01-26 17:00:32 +00:00
Anoop C S
fe8d866d2c vfs_ceph: Implement SMB_VFS_FSTATAT
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Jan 26 16:56:59 UTC 2024 on atb-devel-224
2024-01-26 16:56:59 +00:00
Anoop C S
fe16ae1fe8 source3/wscript: Announce deprecation of old Ceph version support
*at() variants for various libcephfs APIs were added with Ceph v17.x.
Any other version less than v17.x is soon to be considered EOL[1] which
we will now indicate with the help of a warning message during configure
time. Going further such a situation will result in disabling the module
altogether with the next major Samba version after v4.20.

[1] https://docs.ceph.com/en/latest/releases/#ceph-releases-index

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2024-01-26 15:53:33 +00:00
Anoop C S
858b1d064d vfs_ceph: Indicate a successful connection in logs
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2024-01-26 15:53:33 +00:00
Anoop C S
e657fca589 vfs_ceph: Fix a usage in comments
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
2024-01-26 15:53:33 +00:00
Noel Power
d63e972aa0 WHATSNEW: Add entry for new save/restore options for smbcacls
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Jan 26 11:30:07 UTC 2024 on atb-devel-224
2024-01-26 11:30:07 +00:00
Noel Power
a9028f25e6 WHATSNEW: Add entry for wspsearch client utility
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
2024-01-26 10:26:30 +00:00
Noel Power
49b6137f7c s3: Make build of wspsearch client enabled by default
Although wspsearch client is experimental it is probably better to
enable its building by default so it gets has some opportunity to be
used/tested by users.

Signed-off-by: Noel Power <noel.power@suse.com>
2024-01-26 10:26:30 +00:00
Anoop C S
697d41420b Revert "vfs_acl_xattr.c: prefer capabilities over become_root"
This reverts commit 0e3836e396.

With capabilities preferred over become_root() we failed to achieve
the basic goal of storing NT ACLs in xattrs using vfs_acl_xattr. This
is due to the fact that apart from CAP_DAC_OVERRIDE it is manadatory
to have CAP_SYS_ADMIN for write access to xattrs from security
namespace[1]. Despite the option to configure the xattr name within
the module we should not anticipate and miss to consider xattrs from
security namespace which is far more protected even with our default
name "security.NTACL".

Theorotically we could make it work by adding another capability on
top of existing ones. But given the functions designed around this
area we may not be able to come up with a cleaner change which can
handle the fallback mechanism to become_root(). Any failure to set
the very first capability would put us in become_root() path where
further capabilities are mostly not required. Thus reverting to old
behaviour to always become_root() until we have a cleaner approach
to handle the fallback while modifying multiple capabilities at once.

[1] https://www.man7.org/linux/man-pages/man7/xattr.7.html

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2024-01-26 10:26:30 +00:00
Volker Lendecke
39e3300b8d smbd: Some README.Coding in smbd_do_qfilepathinfo()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 24 00:35:33 UTC 2024 on atb-devel-224
2024-01-24 00:35:33 +00:00
Volker Lendecke
ebb8084c67 samr_server: Modernize a DBG statement
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-01-23 23:28:31 +00:00