]> git.ipfire.org Git - thirdparty/samba.git/log
thirdparty/samba.git
2 months agolibads: check for if DCs are in paused state when processing CLDAP replies
Ralph Boehme [Thu, 3 Jul 2025 10:50:53 +0000 (12:50 +0200)] 
libads: check for if DCs are in paused state when processing CLDAP replies

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14981

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit d3000d7df09de724694aa0682b9750b8c7767514)

2 months agos3/libads: get rid of additional loop calling add_failed_connection_entry()
Ralph Boehme [Tue, 1 Jul 2025 16:19:32 +0000 (18:19 +0200)] 
s3/libads: get rid of additional loop calling add_failed_connection_entry()

Just call add_failed_connection_entry() in the initial loop at all places where
we have a "bad" result.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14981

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit a397801598eef4b0381a64a37af1845e9e85a50f)

2 months agos3:libads: let get_kdc_ip_string() check for a blacklisted server name
Stefan Metzmacher [Tue, 4 Jul 2023 16:07:51 +0000 (18:07 +0200)] 
s3:libads: let get_kdc_ip_string() check for a blacklisted server name

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14981

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 63051a2dcbe3a4a07f029e0c18aa90bd3f56b0a4)

2 months agos3:libads: let cldap_ping_list() check for a blacklisted server name
Stefan Metzmacher [Wed, 16 Feb 2022 12:09:14 +0000 (13:09 +0100)] 
s3:libads: let cldap_ping_list() check for a blacklisted server name

If we black listed a server we should not use it even if
it responses to CLDAP requests.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14981

Pair-Programmed-With: Ralph Boehme <slow@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 08c8760ad9706b62755e35acaa121647344a4c9e)

2 months agowinbindd: blacklist servers returning ACCESS_DENIED/authoritative=0
Stefan Metzmacher [Wed, 16 Feb 2022 13:23:16 +0000 (14:23 +0100)] 
winbindd: blacklist servers returning ACCESS_DENIED/authoritative=0

https://bugzilla.samba.org/show_bug.cgi?id=14981

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit ce80451f3af4418d1c83be009b58b3824c071cae)

2 months agowinbindd: always use winbind_add_failed_connection_entry() wrapper
Stefan Metzmacher [Wed, 16 Feb 2022 13:18:50 +0000 (14:18 +0100)] 
winbindd: always use winbind_add_failed_connection_entry() wrapper

We should not use add_failed_connection_entry() directly.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14981

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 7fed75c495ead8f476c805b91cc6624ebf933427)

2 months agos3:conncache: improve debugging for the negative connection cache
Stefan Metzmacher [Wed, 16 Feb 2022 13:18:20 +0000 (14:18 +0100)] 
s3:conncache: improve debugging for the negative connection cache

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14981

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 613ac83fb7666f5b132187d5587053e0d7dcd46d)

3 months agolibads: fix get_kdc_ip_string() ...
Ralph Boehme [Fri, 4 Jul 2025 15:50:40 +0000 (17:50 +0200)] 
libads: fix get_kdc_ip_string() ...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15881

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Jul  7 16:46:29 UTC 2025 on atb-devel-224

(cherry picked from commit 88572cc8f629a737a1d5b33d5800f3692895233f)

Autobuild-User(v4-22-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-22-test): Mon Jul 21 09:30:29 UTC 2025 on atb-devel-224

3 months agoAdd check for the GPO link to have at least two attributes separated by semicolumn...
Aleksandr Sharov [Fri, 4 Jul 2025 13:32:28 +0000 (15:32 +0200)] 
Add check for the GPO link to have at least two attributes separated by semicolumn. Allows to handle empty links.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15877
RN: Fix handling of empty GPO link

Singed-off-by: Alex Sharov (kororland@gmail.com)
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jul 10 18:55:33 UTC 2025 on atb-devel-224

(cherry picked from commit 44ee31c0258b0afb3d3f2ce17942cc86e308a690)

Autobuild-User(v4-22-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-22-test): Thu Jul 17 10:48:14 UTC 2025 on atb-devel-224

3 months agoWHATSNEW: fix typo
Jule Anger [Thu, 17 Jul 2025 09:38:11 +0000 (11:38 +0200)] 
WHATSNEW: fix typo

Found by script/codespell.sh.

Signed-off-by: Jule Anger <janger@samba.org>
3 months agoVERSION: Bump version up to Samba 4.22.4...
Jule Anger [Mon, 7 Jul 2025 16:16:50 +0000 (18:16 +0200)] 
VERSION: Bump version up to Samba 4.22.4...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Jule Anger <janger@samba.org>
3 months agoVERSION: Disable GIT_SNAPSHOT for the 4.22.3 release. samba-4.22.3
Jule Anger [Mon, 7 Jul 2025 16:16:34 +0000 (18:16 +0200)] 
VERSION: Disable GIT_SNAPSHOT for the 4.22.3 release.

Signed-off-by: Jule Anger <janger@samba.org>
3 months agoWHATSNEW: Add release notes for Samba 4.22.3.
Jule Anger [Mon, 7 Jul 2025 16:16:05 +0000 (18:16 +0200)] 
WHATSNEW: Add release notes for Samba 4.22.3.

Signed-off-by: Jule Anger <janger@samba.org>
3 months agos3-winbindd: Fix internal winbind dsgetdcname calls w.r.t. domain name
Günther Deschner [Wed, 2 Jul 2025 19:59:48 +0000 (21:59 +0200)] 
s3-winbindd: Fix internal winbind dsgetdcname calls w.r.t. domain name

when winbind calls to dsgetdcname internally, make sure to
prefer the DNS domain name if we have it. Makes DNS lookups much more
likely to succeed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15876

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Jul  7 10:44:37 UTC 2025 on atb-devel-224

(cherry picked from commit 2560c9b3224816ffd371a62103f65b3aca301ad5)

Autobuild-User(v4-22-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-22-test): Mon Jul  7 15:43:22 UTC 2025 on atb-devel-224

3 months agos3:winbindd: avoid using any netlogon call to get a dc name
Stefan Metzmacher [Fri, 9 May 2025 07:38:41 +0000 (09:38 +0200)] 
s3:winbindd: avoid using any netlogon call to get a dc name

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15876

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit f86a4bf6848ade2db7229d182576db3320c3ece7)

4 months agolib:util: Disable logging to syslog for startup messages
Andreas Schneider [Tue, 10 Jun 2025 11:46:13 +0000 (13:46 +0200)] 
lib:util: Disable logging to syslog for startup messages

D_ERR also is sent to syslog!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15869

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jun 18 12:10:03 UTC 2025 on atb-devel-224

(cherry picked from commit 58c64ba25adb1c1d272ba196529b5465ae7ee9df)

Autobuild-User(v4-22-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-22-test): Thu Jun 26 14:33:11 UTC 2025 on atb-devel-224

4 months agopython: Do not interpret 16 character group names as GUIDs
Douglas Bagnall [Fri, 13 Jun 2025 00:29:02 +0000 (12:29 +1200)] 
python: Do not interpret 16 character group names as GUIDs

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15854

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Björn Baumbach <bb@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Mon Jun 16 22:22:27 UTC 2025 on atb-devel-224

(cherry picked from commit 7c99658e22c6761ccf9abbdea588553a46af7453)

Autobuild-User(v4-22-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-22-test): Thu Jun 19 08:49:44 UTC 2025 on atb-devel-224

4 months agopytest: samba-tool group: test with 16 character name
Douglas Bagnall [Thu, 12 Jun 2025 23:38:22 +0000 (11:38 +1200)] 
pytest: samba-tool group: test with 16 character name

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15854

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Björn Baumbach <bb@samba.org>
(cherry picked from commit f545a77a3c466e2be37e0c453861566d42b1a01d)

4 months agopytest:samba-tool group: test addmembers
Douglas Bagnall [Fri, 13 Jun 2025 00:23:30 +0000 (12:23 +1200)] 
pytest:samba-tool group: test addmembers

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15854

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Björn Baumbach <bb@samba.org>
(cherry picked from commit 3150d103bb2990e005d70c90f3f9c316c5353005)

4 months agoVERSION: Bump version up to Samba 4.22.3...
Jule Anger [Thu, 5 Jun 2025 15:35:59 +0000 (17:35 +0200)] 
VERSION: Bump version up to Samba 4.22.3...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Jule Anger <janger@samba.org>
4 months agoVERSION: Disable GIT_SNAPSHOT for the 4.22.2 release. samba-4.22.2
Jule Anger [Thu, 5 Jun 2025 15:35:40 +0000 (17:35 +0200)] 
VERSION: Disable GIT_SNAPSHOT for the 4.22.2 release.

Signed-off-by: Jule Anger <janger@samba.org>
4 months agoWHATSNEW: Add release notes for Samba 4.22.2.
Jule Anger [Thu, 5 Jun 2025 15:34:47 +0000 (17:34 +0200)] 
WHATSNEW: Add release notes for Samba 4.22.2.

Signed-off-by: Jule Anger <janger@samba.org>
4 months agoCVE-2025-0620: smbd: smbd doesn't pick up group membership changes when re-authentica...
Ralph Boehme [Fri, 23 May 2025 06:47:06 +0000 (08:47 +0200)] 
CVE-2025-0620: smbd: smbd doesn't pick up group membership changes when re-authenticating an expired SMB session

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15707

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 6f0ae60428a024b4aba92a8103a698c1eca2357c)

Autobuild-User(v4-22-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-22-test): Thu Jun  5 11:55:52 UTC 2025 on atb-devel-224

4 months agosmbd: use fsp->name_hash in check_parent_access_fsp()
Ralph Boehme [Sat, 24 May 2025 09:47:37 +0000 (11:47 +0200)] 
smbd: use fsp->name_hash in check_parent_access_fsp()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15861

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Bjoern Jacke <bjacke@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed May 28 16:03:59 UTC 2025 on atb-devel-224

(backported from commit 9b9fc589e55d467c97fd4580c2d6d9aa8cb73b13)
[slow@samba.org: removed write_time arg to get_file_infos() in master]

4 months agosmbd: remove parent_dirname_compatible_open()
Ralph Boehme [Thu, 22 May 2025 15:52:28 +0000 (17:52 +0200)] 
smbd: remove parent_dirname_compatible_open()

This is now handled correctly smbd_smb2_setinfo_rename_dst_parent_check().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15861

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Bjoern Jacke <bjacke@samba.org>
(cherry picked from commit 17ed8c0f9a0ab8b4b7feb213b4e3a0765f8cc0cd)

4 months agoselftest: stop running smb2.streams against the ad_dc_ntvfs
Ralph Boehme [Mon, 26 May 2025 10:32:16 +0000 (12:32 +0200)] 
selftest: stop running smb2.streams against the ad_dc_ntvfs

This will soon start failing with

UNEXPECTED(failure): samba4.smb2.streams.rename2(ad_dc_ntvfs)
REASON: Exception: Exception: ../../source4/torture/smb2/streams.c:1533: status was NT_STATUS_OBJECT_NAME_COLLISION, expected NT_STATUS_OK: CHECK_STATUS

and I don't see the point in tracking this down for a dead product.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15861

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Bjoern Jacke <bjacke@samba.org>
(cherry picked from commit 69a7d5881bd0d91d270b4a8be4c75dcd94f19897)

4 months agoselftest: stop running smb2.streams against "ad_dc" environment
Ralph Boehme [Mon, 26 May 2025 09:18:57 +0000 (11:18 +0200)] 
selftest: stop running smb2.streams against "ad_dc" environment

Drop running smb2.streams tests against the "ad_dc" environment, to simplify
test failure handling with the knownfail file.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15861

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Bjoern Jacke <bjacke@samba.org>
(cherry picked from commit 8c0888a94bbcd55b5746305ab82c9ce50095db32)

4 months agosmbd: implement H-lease breaks on parent directory of rename target
Ralph Boehme [Thu, 22 May 2025 09:42:13 +0000 (11:42 +0200)] 
smbd: implement H-lease breaks on parent directory of rename target

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15861

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Bjoern Jacke <bjacke@samba.org>
(cherry picked from commit 91b7a5e7ac308040bd60a172280e4429ee25f3b0)

4 months agosmbd: add access_mask to delay_for_handle_lease_break_send()
Ralph Boehme [Fri, 23 May 2025 15:06:50 +0000 (17:06 +0200)] 
smbd: add access_mask to delay_for_handle_lease_break_send()

No change in behaviour, existing caller all pass SEC_RIGHTS_DIR_ALL. Prepares
for selectively breaking only H-leases if the access_mask of the corresponding
open contains DELETE_ACCESS.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15861

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Bjoern Jacke <bjacke@samba.org>
(cherry picked from commit 5d4565c1f974b75a1c080f4503613201ecaf7001)

4 months agosmbd: add has_delete_access_opens()
Ralph Boehme [Wed, 21 May 2025 17:17:54 +0000 (19:17 +0200)] 
smbd: add has_delete_access_opens()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15861

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Bjoern Jacke <bjacke@samba.org>
(cherry picked from commit 1351b613679acb063d7ef8bc63d438e1ec973a9a)

4 months agosmbd: support breaking leases on an object where we don't have an own internal open
Ralph Boehme [Thu, 22 May 2025 14:57:49 +0000 (16:57 +0200)] 
smbd: support breaking leases on an object where we don't have an own internal open

So far, when dealing with the rename destination, we had an internal open on
that which ensured get_existing_share_mode_lock() would always return a
lock.

Subsequently I'll want delay_for_handle_lease_break_send() to be callable on an
object that doesn't have a full internal open including locking.tdb entry, but
merely an open handle from filename_convert_dirfsp().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15861

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Bjoern Jacke <bjacke@samba.org>
(cherry picked from commit 03c46342e2a65e6d81bd581471310c0ec2cbbdfb)

4 months agosmbd: expand logging in contend_dirleases()
Ralph Boehme [Fri, 23 May 2025 14:35:35 +0000 (16:35 +0200)] 
smbd: expand logging in contend_dirleases()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15861

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Bjoern Jacke <bjacke@samba.org>
(cherry picked from commit 509081e7ed064899701a9e53b1597c33bcf5b77d)

4 months agosmbtorture: fix test smb2.notify-inotify.inotify-rename
Ralph Boehme [Fri, 23 May 2025 05:26:53 +0000 (07:26 +0200)] 
smbtorture: fix test smb2.notify-inotify.inotify-rename

Need to remove SEC_STD_DELETE from the access mask, otherwise we can't move
files into this directory.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15861

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Bjoern Jacke <bjacke@samba.org>
(cherry picked from commit 8b346857b837259c017b47cb6a935ed54afc8c60)

4 months agosmbtorture: add test smb2.dirlease.rename_dst_parent
Ralph Boehme [Thu, 22 May 2025 14:56:45 +0000 (16:56 +0200)] 
smbtorture: add test smb2.dirlease.rename_dst_parent

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15861

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Bjoern Jacke <bjacke@samba.org>
(cherry picked from commit a2827f4d6d8b56de08adaee35a051022f255769e)

4 months agosmbtorture: add support for closing a handle when receiving a lease break
Ralph Boehme [Thu, 22 May 2025 15:50:46 +0000 (17:50 +0200)] 
smbtorture: add support for closing a handle when receiving a lease break

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15861

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Bjoern Jacke <bjacke@samba.org>
(cherry picked from commit d88885b77cd9d86969eac2cd2010ed31e329106a)

4 months agosmbtorture: make torture_lease_break_callback() static
Ralph Boehme [Thu, 22 May 2025 15:50:09 +0000 (17:50 +0200)] 
smbtorture: make torture_lease_break_callback() static

It's only used in this compilation unit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15861

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Bjoern Jacke <bjacke@samba.org>
(cherry picked from commit 56fe5e8ef192f38b928eed9b454709242f02699e)

4 months agosmbtorture: remove unused torture_lease_ignore_handler()
Ralph Boehme [Thu, 22 May 2025 15:49:31 +0000 (17:49 +0200)] 
smbtorture: remove unused torture_lease_ignore_handler()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15861

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Bjoern Jacke <bjacke@samba.org>
(cherry picked from commit e1a38cd3f9f5665c9f7dd202fec1c7ec72fa419c)

4 months agoctdb-daemon: Modernise some DEBUGs
Martin Schwenke [Mon, 19 May 2025 00:06:21 +0000 (10:06 +1000)] 
ctdb-daemon: Modernise some DEBUGs

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15858

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu May 29 10:57:35 UTC 2025 on atb-devel-224

(cherry picked from commit 5a582bddd834fffe2b27cc8b2e9468fa84dfc6f2)

4 months agoctdb-daemon: Add configuration option shutdown extra timeout
Martin Schwenke [Sun, 18 May 2025 23:06:38 +0000 (09:06 +1000)] 
ctdb-daemon: Add configuration option shutdown extra timeout

See documentation change for details.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15858

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 3a770c8d46934870f42059640b0aaa0c76a3f4fb)

4 months agoctdb-daemon: Run "startipreallocate" event in SHUTDOWN runstate
Martin Schwenke [Thu, 15 May 2025 04:01:16 +0000 (14:01 +1000)] 
ctdb-daemon: Run "startipreallocate" event in SHUTDOWN runstate

Even though all nodes may be shutting down there is still a very small
window for a race when multiple nodes are shut down.  For simplicity,
assume 2 nodes.  Assume the shutdowns of nodes are staggered, which is
usual because they're usually initiated by a loop (e.g. onnode -p all
ctdb shutdown).  Although commands can continue in parallel, some
commands are started later than others.

Consider this sequence:

1.  Node 0 reaches ctdb_shutdown_takeover() in
    ctdb_shutdown_sequence() and a takeover run starts

2.  Node 1 has not yet set its runlevel to SHUTDOWN in
    ctdb_shutdown_sequence()

3.  The leader node asks node 1 which IPs it can host

4.  Node 1 replies "all of them"

5.  Node 1 now sets its runlevel to SHUTDOWN in
    ctdb_shutdown_sequence()

6.  The leader node continues with the takeover run, first asking all
    nodes to run "startipreallocate"

7.  Node 0 runs "startipreallocate", so its NFS server starts grace

8.  Node 1 does not run "startipreallocate" because it is not in
    RUNNING runstate, so its NFS server does not start grace

9.  The leader node continues with the takeover run, first asking all
    nodes to run "releaseip" for IPs they can no longer hold

10. Node 0 releases all IPs, since it is SHUTDOWN runstate (so can't
    host IPs)

11. As part of this, the NFS server on node 0 releases locks held
    against IPs it is releasing

12. A client connected to node 1, where the NFS server is not in
    grace, takes ("steals") one of those locks

This client is then permitted to reclaim the lock when nodes are
restarted.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15858

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 4877541cfd8f782f516f6471edc52629720963fb)

4 months agoctdb-daemon: Add configuration option shutdown failover timeout
Martin Schwenke [Mon, 12 May 2025 02:00:28 +0000 (12:00 +1000)] 
ctdb-daemon: Add configuration option shutdown failover timeout

Allows the timeout for failover during shutdown to be modified.
Defaults to 10s.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15858

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
SQ

Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit dd9b73119afd3a0c60c87c938b5aefc766ca78d2)

4 months agoctdb-daemon: Add failover on shutdown
Martin Schwenke [Mon, 12 May 2025 01:33:19 +0000 (11:33 +1000)] 
ctdb-daemon: Add failover on shutdown

Without this, NFS servers on other nodes will not go into grace before
this node releases locks.  This should also support improved behaviour
for SMB durable file handles.

The timeout is currently a constant 10s.  However, it will
subsequently be switched to an option.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15858

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit b84fbd7b3fedc998633400981ce0c5dc963d052e)

4 months agoctdb-protocol: Add CTDB server SRVID range
Martin Schwenke [Wed, 14 May 2025 06:55:51 +0000 (16:55 +1000)] 
ctdb-protocol: Add CTDB server SRVID range

Normally, communication from other components to ctdbd is done via
controls.  However, there are contexts where receiving SRVID messages
in ctdbd makes sense, such as replies to outgoing SRVID messages.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15858

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 631d1d38ad10c73aa559561bea6b5ed45c2226c4)

4 months agoctdb-daemon: Avoid aborting during early shutdown
Martin Schwenke [Wed, 21 May 2025 12:17:42 +0000 (22:17 +1000)] 
ctdb-daemon: Avoid aborting during early shutdown

An early shutdown can put ctdbd into SHUTDOWN runstate before ctdbd
has completed all early initialisation.  Some of the start-time
transitions then attempt to set the runstate to FIRST_RECOVERY or
RUNNING, which would make the runstate go backwards, so ctdbd aborts.

Upcoming changes cause ctdbd shutdown to take longer, so the problem
will become more likely.  With those changes, this can be
unreliably (50% of the time?)  triggered by:

  ctdb/tests/INTEGRATION/simple/cluster.091.version_check.sh

since it does an early shutdown due to a version mismatch.

Avoid this by noticing when the runstate is SHUTDOWN and refusing to
continue with subsequent early initialisation steps, which aren't
needed when shutting down.

Earlier runstate transitions do not seems likely to cause an abort
during early shutdown.  The following:

  ./tests/local_daemons.sh foo start 0; ./tests/local_daemons.sh foo stop 0

sees ctdbd already into FIRST_RECOVERY before the shutdown is
processed.

The change to ctdb_run_startup() probably isn't strictly necessary.
There will be no abort in this case.  ctdb_shutdown_sequence() will
always run the "shutdown" event and then stop the event daemon, so it
doesn't seem possible that services could be left running.  However,
we might as well avoid running the "startup" event when shutting down,
even if only to avoid confusing logs.

Ultimately, it seems like some redesign would be needed to avoid this
in a more predictable manner, rather than responding when an early
initialisation step inconveniently completes during shutdown.  For
example, hanging a lot of the start-time event handling off a common
talloc context, could allow it to be cancelled with a single
TALLOC_FREE().  However, a change like that would involve a lot of
analysis to ensure that the talloc hierarchy is correct and there is
no change of free'd pointers being dereferenced.  So, we're probably
better off just keeping this issue in mind during a broader redesign.

This workaround appears to be sufficient.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15858

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit c03e6b9d50cac67fe33dc6b120996d1915331be6)

5 months agos3:rpc_server: make sure we can bind to the same port on all ip addresses
Stefan Metzmacher [Wed, 23 Apr 2025 08:58:55 +0000 (10:58 +0200)] 
s3:rpc_server: make sure we can bind to the same port on all ip addresses

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15851

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 783ca9dc434bd1d18b762185ee936fcbcf292124)

Autobuild-User(v4-22-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-22-test): Thu May  8 14:04:08 UTC 2025 on atb-devel-224

5 months agovfs_ceph_snapshots: Always calculate absolute snapshot path
Anoop C S [Tue, 4 Mar 2025 10:45:05 +0000 (16:15 +0530)] 
vfs_ceph_snapshots: Always calculate absolute snapshot path

Use the same logic from shadow_copy2 module to always prepend the
connectpath to the relative snapshot path so as to return converted
path corresponding to the file's share root.

Please note that with the current working directory staying at the
connectpath level we are safe to prefix it to the smb_filename. In
other words it seems we never get past the connectpath internally
during normal file system operations via chdir(). Since all relative
paths are now based on dirfsp we could constitute absolute path by
prepending the connectpath to full_path_from_dirfsp_atname() output
ignoring the current working directory.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15819

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Wed Apr 30 11:32:59 UTC 2025 on atb-devel-224

(cherry picked from commit 95a2b50b1983a6ba810a96f50b27db7c992c02c0)

Autobuild-User(v4-22-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-22-test): Thu May  8 12:54:02 UTC 2025 on atb-devel-224

5 months agovfs_ceph_snapshots: Use full path from dirfsp at smb_fname
Anoop C S [Tue, 4 Mar 2025 09:39:33 +0000 (15:09 +0530)] 
vfs_ceph_snapshots: Use full path from dirfsp at smb_fname

In ceph_snap_gmt_openat() we hand in the incoming smb_fname as it is
to ceph_snap_gmt_strip_snapshot() which is then passed on to derive
the actual snapshot path using ceph_snap_gmt_convert(). But this can
go wrong in ceph_snap_gmt_convert_dir() while opening the snapdir.
Unless we constitute the full path from dirfsp at the first place we
always end up opening the snapdir from the parent directory with
OpenDir().

For example with dirfsp("foobar") and smb_fname("shift.txt"), we open
snapdir from share root because parent is calculated as empty string
via ceph_snap_get_parent_path(). Instead we could construct the full
path from dirfsp using full_path_from_dirfsp_atname() to ensure we
don't open the wrong snapdir.

Since we have access to the twrp token at VFS layer it doesn't make
much sense to make use of ceph_snap_gmt_strip_snapshot() in openat.
We could instead directly act based on already available twrp token
avoiding an extra copy of incoming smb_filename.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15819

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: David Disseldorp ddiss@samba.org
(cherry picked from commit ad8b2dbb67d87db22f2fa2df814dd91cbe071e60)

5 months agolib/krb5_wrap: Fix placement of TALLOC_FREE(frame)
Pavel Filipenský [Wed, 23 Apr 2025 07:34:14 +0000 (09:34 +0200)] 
lib/krb5_wrap: Fix placement of TALLOC_FREE(frame)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15727

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Apr 23 12:14:17 UTC 2025 on atb-devel-224

(cherry picked from commit b5bd36dfd7dfd9a09a3f9378330df3be9db4551f)

6 months agoVERSION: Bump version up to Samba 4.22.2...
Jule Anger [Thu, 17 Apr 2025 17:10:45 +0000 (19:10 +0200)] 
VERSION: Bump version up to Samba 4.22.2...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Jule Anger <janger@samba.org>
6 months agoVERSION: Disable GIT_SNAPSHOT for the 4.22.1 release. samba-4.22.1
Jule Anger [Thu, 17 Apr 2025 17:10:27 +0000 (19:10 +0200)] 
VERSION: Disable GIT_SNAPSHOT for the 4.22.1 release.

Signed-off-by: Jule Anger <janger@samba.org>
6 months agoWHATSNEW: Add release notes for Samba 4.22.1.
Jule Anger [Thu, 17 Apr 2025 17:09:56 +0000 (19:09 +0200)] 
WHATSNEW: Add release notes for Samba 4.22.1.

Signed-off-by: Jule Anger <janger@samba.org>
6 months agolibcli/smb: make smb2_lease_{pull,push} endian safe
Stefan Metzmacher [Wed, 16 Apr 2025 13:18:12 +0000 (15:18 +0200)] 
libcli/smb: make smb2_lease_{pull,push} endian safe

smbd_smb2_send_lease_break() is already endian safe,
which means we'll get a mismatch on big endian systems,
so that smbd_smb2_send_lease_break() sends the lease key
in reversed order.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15849

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Apr 17 11:30:58 UTC 2025 on atb-devel-224

(cherry picked from commit 80d5fa134d51b4b2238f775fea0af3d511bf3144)

Autobuild-User(v4-22-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-22-test): Thu Apr 17 17:03:35 UTC 2025 on atb-devel-224

6 months agolibcli/smb: convert smb2_lease_push() to PUSH_LE_U*
Stefan Metzmacher [Wed, 16 Apr 2025 13:18:12 +0000 (15:18 +0200)] 
libcli/smb: convert smb2_lease_push() to PUSH_LE_U*

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15849

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
(cherry picked from commit edf9cf4b29dab78f63eec8391cd1cd9eef861612)

6 months agolibcli/smb: make the last 2 reserved bytes explicit in smb2_lease_push()
Stefan Metzmacher [Wed, 16 Apr 2025 13:18:12 +0000 (15:18 +0200)] 
libcli/smb: make the last 2 reserved bytes explicit in smb2_lease_push()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15849

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
(cherry picked from commit cbe438eb1a3c44f5cd46c5e685da9964da64f892)

6 months agolibcli/smb: convert smb2_lease_pull() to PULL_LE_U*
Stefan Metzmacher [Wed, 16 Apr 2025 13:18:12 +0000 (15:18 +0200)] 
libcli/smb: convert smb2_lease_pull() to PULL_LE_U*

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15849

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
(cherry picked from commit 31ebf2cd1daeed25fab92ef71f7591fea8c92226)

6 months agos3:smbd: work around broken "vfs mkdir use tmp name" on FAT
Stefan Metzmacher [Wed, 16 Apr 2025 09:51:28 +0000 (11:51 +0200)] 
s3:smbd: work around broken "vfs mkdir use tmp name" on FAT

"vfs mkdir use tmp name" creates a name with ":" because the file should
be invisible for Windows clients. ":" however is an invalid character on
FAT filesystems and we get EINVAL back. In that case we fall back to not
using tmp names for mkdir.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15845

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Bjoern Jacke <bjacke@samba.org>
(cherry picked from commit c2b74ef093aff6175ef8e4572a203e5beacc527f)

6 months agovfs: Fix "wide links = yes"
Volker Lendecke [Thu, 3 Apr 2025 08:04:42 +0000 (10:04 +0200)] 
vfs: Fix "wide links = yes"

vfs_wide_links hides symlinks from the rest of smbd, and it implicitly
follows symlinks. Also, O_PATH will expose symlinks to the rest of
smbd, remove that.

We also need to do this for posix paths, as deep inside
rename_internals we want to avoid case-insensitive lookups by setting
SMB_FILENAME_POSIX_PATH.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15841

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 16 20:56:33 UTC 2025 on atb-devel-224

(cherry picked from commit 9e637a28bd0b5adc2d90df9ca4a1c864a648b0f4)

6 months agopython:gp_cert_auto_enrol: fix GUID stringification
Douglas Bagnall [Mon, 24 Mar 2025 22:26:12 +0000 (22:26 +0000)] 
python:gp_cert_auto_enrol: fix GUID stringification

We were using some broken ad-hoc unpacking to do what the ndr
unpacker does perfectly well.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15839

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Tue Mar 25 05:21:49 UTC 2025 on atb-devel-224

(cherry picked from commit 47ff42232048c008a7b361a948e5ac79311b5458)

Autobuild-User(v4-22-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-22-test): Thu Apr 17 12:49:13 UTC 2025 on atb-devel-224

6 months agosamba-tool gpo: better entities check copes with new lines
Douglas Bagnall [Fri, 14 Mar 2025 04:45:18 +0000 (17:45 +1300)] 
samba-tool gpo: better entities check copes with new lines

Per https://www.w3.org/TR/xml/#sec-entity-decl (and MS references)
there is always some whitespace between '<!ENTITY' and the name, and
between the name and whatever is next. Also, it is valid XML to have
newlines inside entity declarations, like this:

<!ENTITY
    bubble
      "*S-1-5-113"
      >

We used to create such files, so we should allow them.

There is a kind of entity that has '%' before the name, and there are
non-ascii names, which we continue not to support.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15829

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
(cherry picked from commit 6107656ebc8d092b2c1907940b2486ab0265aad9)

6 months agosamba-tool gpo backup fix --generalize
Douglas Bagnall [Fri, 14 Mar 2025 08:55:29 +0000 (21:55 +1300)] 
samba-tool gpo backup fix --generalize

This was broken with commit ce56d336f234febfd4cb3da11dd584842c24ce1d
but we didn't notice because the test was already broken.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15829

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
(cherry picked from commit 65751f2562f98bd7fd0734dc00784e6395d76322)

6 months agopytest: samba-tool gpo: fix has_difference(sortlines=True)
Douglas Bagnall [Fri, 14 Mar 2025 06:52:57 +0000 (19:52 +1300)] 
pytest: samba-tool gpo: fix has_difference(sortlines=True)

We had

             file1 = open(path1).readlines()
             file1.sort()
             file2 = open(path1).readlines()
             file2.sort()

which is opening path1 in both cases.

This meant we were testing nothing because the assertions are all that
the files are the same -- though the only affected check is one in
test_backup_restore_generalize().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15829

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
(cherry picked from commit 6b619b568f6661d3a5f0701cdfaf1e1e4943ff6f)

6 months agopython:netcmd:gpo: fix crash when updating an MOTD GPO
Andreas Hasenack [Tue, 18 Feb 2025 15:43:46 +0000 (12:43 -0300)] 
python:netcmd:gpo: fix crash when updating an MOTD GPO

When the policy exists already, there is no exception and the code
tries to use the "data" variable, but it doesn't exist because it was
only defined in the exception handling.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15774

Signed-off-by: Andreas Hasenack <andreas.hasenack@canonical.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
(cherry picked from commit e87e20c04d90292e3a5caac8ea3105b16f948ed3)

6 months agopytest: check we can set GPO more than once
Douglas Bagnall [Fri, 14 Mar 2025 05:22:53 +0000 (18:22 +1300)] 
pytest: check we can set GPO more than once

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15774

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jennifer Sutton <jennifersutton@catalyst.net.nz>
(cherry picked from commit 969cb41e06247949c3992cab25e824795204e31e)

6 months agos3:rpc_server/srvsvc: use brl_get_locks_readonly() instead of brl_get_locks()
Ralph Boehme [Tue, 28 Jan 2025 13:48:39 +0000 (14:48 +0100)] 
s3:rpc_server/srvsvc: use brl_get_locks_readonly() instead of brl_get_locks()

No need to keep the record locked longer then needed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15767

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit c36cc2b6720a2cfe54ce52a500dc499418e27e34)

6 months agosmbd: use share_mode_do_locked_brl() in vfs_default_durable_reconnect()
Ralph Boehme [Wed, 2 Apr 2025 12:52:03 +0000 (14:52 +0200)] 
smbd: use share_mode_do_locked_brl() in vfs_default_durable_reconnect()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15767

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(backported from commit dc03a06ffcc79d0818ae4a36fe3f2df705144138)
[slow@samba.org: conflict due to removed delayed write time handling]

6 months agosmbd: use share_mode_do_locked_brl() in vfs_default_durable_disconnect()
Ralph Boehme [Tue, 28 Jan 2025 10:19:05 +0000 (11:19 +0100)] 
smbd: use share_mode_do_locked_brl() in vfs_default_durable_disconnect()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15767

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(backported from commit 393379fc9c726eb781fd1bfb3a70ea2802739aff)
[slow@samba.org: conflict due to removed delayed write time handling]

6 months agosmbd: use share_mode_do_locked_brl() in strict_lock_check_default()
Ralph Boehme [Thu, 30 Jan 2025 06:40:32 +0000 (07:40 +0100)] 
smbd: use share_mode_do_locked_brl() in strict_lock_check_default()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15767

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 56bb20c87a733ab8f7efedd881ea0ecaf51b2ba8)

6 months agosmbd: check can_lock in strict_lock_check_default()
Ralph Boehme [Wed, 2 Apr 2025 10:43:15 +0000 (12:43 +0200)] 
smbd: check can_lock in strict_lock_check_default()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15767

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 678f28c1af7c160ffdcb0e4baa0a7d4b9906f2e5)

6 months agos3/locking: prepare brl_locktest() for upgradable read-only locks
Ralph Boehme [Thu, 30 Jan 2025 16:35:26 +0000 (17:35 +0100)] 
s3/locking: prepare brl_locktest() for upgradable read-only locks

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15767

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 8f9387ceb5c94c7db92ab342e33c64b858c301b1)

6 months agosmbd: call locking_close_file() while still holding a glock on the locking.tdb record
Ralph Boehme [Mon, 27 Jan 2025 14:22:26 +0000 (15:22 +0100)] 
smbd: call locking_close_file() while still holding a glock on the locking.tdb record

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15767

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 4d680b6c17ee7674b9686aec2b69038f89e1989a)

6 months agos3/brlock: remove brl_get_locks_for_locking()
Stefan Metzmacher [Wed, 8 Jan 2025 11:51:37 +0000 (12:51 +0100)] 
s3/brlock: remove brl_get_locks_for_locking()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15767

Pair-Programmed-With: Ralph Boehme <slow@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 0c4c430c50e15d591a0d871a5f3e59e8be0d0a83)

6 months agosmbd: use share_mode_do_locked_brl()
Ralph Boehme [Wed, 29 Jan 2025 05:13:44 +0000 (06:13 +0100)] 
smbd: use share_mode_do_locked_brl()

Fix a deadlock that can happen if two clients happen to open and byte-range-lock
two different files whos record in locking.tdb and brlock.tdb happen to sit on
the same hashchain.

The deadlock was introduced by commit
680c7907325b433856ac1dd916ab63e671fbe4ab. Before, we used share_mode_do_locked()
in do_lock() which meant we acquired a chainlock on locking.tdb before getting a
chainlock on brlock.tdb via brl_get_locks_for_locking(), so the TDB chainlock
order invariant was always uphold.

The following race between specific client requests lead to the deadlock.

Client A) issues a byte-range-lock request on a file:

A1) glock locking.tdb (via _share_mode_do_locked_vfs_allowed())
A2) chainlock brlock.tdb (via brl_lock())
A3) attempt to chainlock locking.tdb (via share_mode_g_lock_dump())
[1]

Client B) opens a different (!) file:

B1) glock and chainlock locking.tdb (via _share_mode_entry_prepare_lock())
B2) attempt to chainlock brlock.tdb (via file_has_brlocks())
[2]

The glock from A1 is per record and hence doesn't synchronize with the glock
from B1 as it is for a different file and hence a different record, subsequently
A2 and A3 violate the lock order constraint

To avoid the chainlock lock order violation in the second client we modify the
br-lock code to not take the brlock.tdb chainlock from step A2 via
br_get_locks() for the whole time we process the request. Instead we just fetch
the br-locks via br_get_locks_readonly(), so when running into
contend_level2_oplocks_begin_default() to check for leases and looking into
locking.tdb we don't hold a brlock.tdb chainlock.

Or im simpler terms, we only ever take at most one low-level TDB chainlock at a
time:

Byte-range-lock code calls share_mode_do_locked_brl(..., cb_fn, ...):
1) chainlock locking.tdb
2) glock locking.tdb (via share_mode_do_locked_vfs_allowed())
3) chainunlock locking.tdb
4) share_mode_do_locked_brl_fn() -> brl_get_locks_readonly_parse():
   a) chainlock brlock.tdb
   b) parse record and store in-memory copy
   c) chainunlock brlock.tdb
5) run cb_fn()
6) chainlock brlock.tdb:
   a) br_lck->record = dbwrap_fetch_locked(brlock_db, ...)
   b) store modifed br_lck from 5) via byte_range_lock_flush()
7) chainunlock brlock.tdb
8) chainlock locking.tdb
9) gunlock locking.tdb
10) chainunlock locking.tdb

All access to brlock.tdb is synchronized correctly via glocks on the locking.tdb
record of the file (step 3)), so operations still appear atomic to clients.

As a result of using share_mode_do_locked_brl(), the functions do_[un]lock() ->
brl_[un]lock() now loop over the same br_lck object in memory, avoiding
repeatedly fetching and storing the locks per loop.

[1]
Full SBT:

  #0  0x00007fffa0cecbb0 in __pthread_mutex_lock_full () from /lib64/glibc-hwcaps/power9/libpthread-2.28.so
  #1  0x00007fffa0a73cf8 in chain_mutex_lock (m=<optimized out>, m@entry=0x7fff9ae071b0, waitflag=<optimized out>, waitflag@entry=true) at ../../lib/tdb/common/mutex.c:182
  #2  0x00007fffa0a7432c in tdb_mutex_lock (tdb=0x1543ba120, rw=<optimized out>, off=<optimized out>, len=<optimized out>, waitflag=<optimized out>, pret=0x7fffd7df3858) at ../../lib/tdb/common/mutex.c:234
  #3  0x00007fffa0a6812c in fcntl_lock (waitflag=<optimized out>, len=1, off=376608, rw=0, tdb=0x1543ba120) at ../../lib/tdb/common/lock.c:200
  #4  tdb_brlock (tdb=0x1543ba120, rw_type=<optimized out>, offset=<optimized out>, len=1, flags=<optimized out>) at ../../lib/tdb/common/lock.c:200
  #5  0x00007fffa0a68af8 in tdb_nest_lock (flags=<optimized out>, ltype=0, offset=<optimized out>, tdb=0x1543ba120) at ../../lib/tdb/common/lock.c:390
  #6  tdb_nest_lock (tdb=0x1543ba120, offset=<optimized out>, ltype=<optimized out>, flags=<optimized out>) at ../../lib/tdb/common/lock.c:336
  #7  0x00007fffa0a69088 in tdb_lock_list (tdb=0x1543ba120, list=<optimized out>, ltype=<optimized out>, waitflag=<optimized out>) at ../../lib/tdb/common/lock.c:482
  #8  0x00007fffa0a69198 in tdb_lock (tdb=0x1543ba120, list=<optimized out>, ltype=<optimized out>) at ../../lib/tdb/common/lock.c:500
  #9  0x00007fffa0a64b50 in tdb_find_lock_hash (tdb=<optimized out>, tdb@entry=0x1543ba120, key=..., hash=<optimized out>, locktype=<optimized out>, locktype@entry=0, rec=<optimized out>, rec@entry=0x7fffd7df3ab0) at ../../lib/tdb/common/tdb.c:165
  #10 0x00007fffa0a64ed0 in tdb_parse_record (tdb=0x1543ba120, key=..., parser=0x7fffa0e74470 <db_ctdb_ltdb_parser>, private_data=0x7fffd7df3b18) at ../../lib/tdb/common/tdb.c:329
  #11 0x00007fffa0e74cbc in db_ctdb_ltdb_parse (db=<optimized out>, private_data=0x7fffd7df3b70, parser=0x7fffa0e76470 <db_ctdb_parse_record_parser_nonpersistent>, key=...) at ../../source3/lib/dbwrap/dbwrap_ctdb.c:170
  #12 db_ctdb_try_parse_local_record (ctx=ctx@entry=0x1543d4580, key=..., state=state@entry=0x7fffd7df3b70) at ../../source3/lib/dbwrap/dbwrap_ctdb.c:1385
  #13 0x00007fffa0e76024 in db_ctdb_parse_record (db=<optimized out>, key=..., parser=0x7fffa1313910 <dbwrap_watched_parse_record_parser>, private_data=0x7fffd7df3c08) at ../../source3/lib/dbwrap/dbwrap_ctdb.c:1425
  #14 0x00007fffa0884760 in dbwrap_parse_record (db=<optimized out>, key=..., parser=<optimized out>, private_data=<optimized out>) at ../../lib/dbwrap/dbwrap.c:454
  #15 0x00007fffa1313ab4 in dbwrap_watched_parse_record (db=0x1543a7160, key=..., parser=0x7fffa13187d0 <g_lock_dump_fn>, private_data=0x7fffd7df3ce8) at ../../source3/lib/dbwrap/dbwrap_watch.c:783
  #16 0x00007fffa0884760 in dbwrap_parse_record (db=<optimized out>, key=..., parser=<optimized out>, private_data=<optimized out>) at ../../lib/dbwrap/dbwrap.c:454
  #17 0x00007fffa131c004 in g_lock_dump (ctx=<error reading variable: value has been optimized out>, key=..., fn=0x7fffa14f3d70 <fsp_update_share_mode_flags_fn>, private_data=0x7fffd7df3dd8) at ../../source3/lib/g_lock.c:1653
  #18 0x00007fffa14f434c in share_mode_g_lock_dump (key=..., fn=0x7fffa14f3d70 <fsp_update_share_mode_flags_fn>, private_data=0x7fffd7df3dd8) at ../../source3/locking/share_mode_lock.c:96
  #19 0x00007fffa14f8d44 in fsp_update_share_mode_flags (fsp=0x15433c550) at ../../source3/locking/share_mode_lock.c:1181
  #20 file_has_read_lease (fsp=0x15433c550) at ../../source3/locking/share_mode_lock.c:1207
  #21 0x00007fffa15ccc98 in contend_level2_oplocks_begin_default (type=<optimized out>, fsp=0x15433c550) at ../../source3/smbd/smb2_oplock.c:1282
  #22 smbd_contend_level2_oplocks_begin (fsp=0x15433c550, type=<optimized out>) at ../../source3/smbd/smb2_oplock.c:1338
  #23 0x00007fffa0dd0b54 in contend_level2_oplocks_begin (fsp=<optimized out>, type=<optimized out>) at ../../source3/lib/smbd_shim.c:72
  #24 0x00007fffa14ecfd0 in brl_lock_windows_default (br_lck=0x154421330, plock=0x7fffd7df4250) at ../../source3/locking/brlock.c:457
  #25 0x00007fffa150b70c in vfswrap_brl_lock_windows (handle=<optimized out>, br_lck=<optimized out>, plock=<optimized out>) at ../../source3/modules/vfs_default.c:3424
  #26 0x00007fffa1561910 in smb_vfs_call_brl_lock_windows (handle=<optimized out>, br_lck=<optimized out>, plock=<optimized out>) at ../../source3/smbd/vfs.c:2686
  #27 0x00007fff9c0a7350 in smb_time_audit_brl_lock_windows (handle=<optimized out>, br_lck=0x154421330, plock=0x7fffd7df4250) at ../../source3/modules/vfs_time_audit.c:1740
  #28 0x00007fffa1561910 in smb_vfs_call_brl_lock_windows (handle=<optimized out>, br_lck=<optimized out>, plock=<optimized out>) at ../../source3/smbd/vfs.c:2686
  #29 0x00007fffa14ed410 in brl_lock (br_lck=0x154421330, smblctx=3102281601, pid=..., start=0, size=18446744073709551615, lock_type=<optimized out>, lock_flav=WINDOWS_LOCK, blocker_pid=0x7fffd7df4540, psmblctx=0x7fffd7df4558) at ../../source3/locking/brlock.c:1004
  #30 0x00007fffa14e7b18 in do_lock_fn (lck=<optimized out>, private_data=0x7fffd7df4508) at ../../source3/locking/locking.c:271
  #31 0x00007fffa14fcd94 in _share_mode_do_locked_vfs_allowed (id=..., fn=0x7fffa14e7a60 <do_lock_fn>, private_data=0x7fffd7df4508, location=<optimized out>) at ../../source3/locking/share_mode_lock.c:2927
  #32 0x00007fffa14e918c in do_lock (fsp=0x15433c550, req_mem_ctx=<optimized out>, req_guid=<optimized out>, smblctx=<optimized out>, count=18446744073709551615, offset=0, lock_type=<optimized out>, lock_flav=<optimized out>, pblocker_pid=0x7fffd7df46f0,
      psmblctx=0x7fffd7df46d8) at ../../source3/locking/locking.c:335
  #33 0x00007fffa155381c in smbd_do_locks_try (fsp=0x15433c550, num_locks=<optimized out>, locks=0x1543bc310, blocker_idx=0x7fffd7df46d6, blocking_pid=0x7fffd7df46f0, blocking_smblctx=0x7fffd7df46d8) at ../../source3/smbd/blocking.c:46
  #34 0x00007fffa159dc90 in smbd_smb2_lock_try (req=req@entry=0x1543bc080) at ../../source3/smbd/smb2_lock.c:590
  #35 0x00007fffa159ee8c in smbd_smb2_lock_send (in_locks=<optimized out>, in_lock_count=1, in_lock_sequence=<optimized out>, fsp=0x15433c550, smb2req=0x1543532e0, ev=0x154328120, mem_ctx=0x1543532e0) at ../../source3/smbd/smb2_lock.c:488
  #36 smbd_smb2_request_process_lock (req=0x1543532e0) at ../../source3/smbd/smb2_lock.c:150
  #37 0x00007fffa158a368 in smbd_smb2_request_dispatch (req=0x1543532e0) at ../../source3/smbd/smb2_server.c:3515
  #38 0x00007fffa158c540 in smbd_smb2_io_handler (fde_flags=<optimized out>, xconn=0x154313f30) at ../../source3/smbd/smb2_server.c:5112
  #39 smbd_smb2_connection_handler (ev=<optimized out>, fde=<optimized out>, flags=<optimized out>, private_data=<optimized out>) at ../../source3/smbd/smb2_server.c:5150
  #40 0x00007fffa1198b2c in tevent_common_invoke_fd_handler (fde=0x1543670f0, flags=<optimized out>, removed=0x0) at ../../lib/tevent/tevent_fd.c:158
  #41 0x00007fffa11a2b9c in epoll_event_loop (tvalp=0x7fffd7df4b28, epoll_ev=0x1543b4e80) at ../../lib/tevent/tevent_epoll.c:730
  #42 epoll_event_loop_once (ev=<optimized out>, location=<optimized out>) at ../../lib/tevent/tevent_epoll.c:946
  #43 0x00007fffa11a0090 in std_event_loop_once (ev=0x154328120, location=0x7fffa1668db8 "../../source3/smbd/smb2_process.c:2158") at ../../lib/tevent/tevent_standard.c:110
  #44 0x00007fffa119744c in _tevent_loop_once (ev=0x154328120, location=0x7fffa1668db8 "../../source3/smbd/smb2_process.c:2158") at ../../lib/tevent/tevent.c:823
  #45 0x00007fffa1197884 in tevent_common_loop_wait (ev=<optimized out>, location=<optimized out>) at ../../lib/tevent/tevent.c:950
  #46 0x00007fffa119ffc0 in std_event_loop_wait (ev=0x154328120, location=0x7fffa1668db8 "../../source3/smbd/smb2_process.c:2158") at ../../lib/tevent/tevent_standard.c:141
  #47 0x00007fffa1197978 in _tevent_loop_wait (ev=<optimized out>, location=<optimized out>) at ../../lib/tevent/tevent.c:971
  #48 0x00007fffa15737fc in smbd_process (ev_ctx=0x154328120, msg_ctx=<optimized out>, sock_fd=<optimized out>, interactive=<optimized out>) at ../../source3/smbd/smb2_process.c:2158
  #49 0x000000011db5c554 in smbd_accept_connection (ev=0x154328120, fde=<optimized out>, flags=<optimized out>, private_data=<optimized out>) at ../../source3/smbd/server.c:1150
  #50 0x00007fffa1198b2c in tevent_common_invoke_fd_handler (fde=0x1543ac2d0, flags=<optimized out>, removed=0x0) at ../../lib/tevent/tevent_fd.c:158
  #51 0x00007fffa11a2b9c in epoll_event_loop (tvalp=0x7fffd7df4f98, epoll_ev=0x154328350) at ../../lib/tevent/tevent_epoll.c:730
  #52 epoll_event_loop_once (ev=<optimized out>, location=<optimized out>) at ../../lib/tevent/tevent_epoll.c:946
  #53 0x00007fffa11a0090 in std_event_loop_once (ev=0x154328120, location=0x11db60b50 "../../source3/smbd/server.c:1499") at ../../lib/tevent/tevent_standard.c:110
  #54 0x00007fffa119744c in _tevent_loop_once (ev=0x154328120, location=0x11db60b50 "../../source3/smbd/server.c:1499") at ../../lib/tevent/tevent.c:823
  #55 0x00007fffa1197884 in tevent_common_loop_wait (ev=<optimized out>, location=<optimized out>) at ../../lib/tevent/tevent.c:950
  #56 0x00007fffa119ffc0 in std_event_loop_wait (ev=0x154328120, location=0x11db60b50 "../../source3/smbd/server.c:1499") at ../../lib/tevent/tevent_standard.c:141
  #57 0x00007fffa1197978 in _tevent_loop_wait (ev=<optimized out>, location=<optimized out>) at ../../lib/tevent/tevent.c:971
  #58 0x000000011db58c54 in smbd_parent_loop (parent=<optimized out>, ev_ctx=0x154328120) at ../../source3/smbd/server.c:1499
  #59 main (argc=<optimized out>, argv=<optimized out>) at ../../source3/smbd/server.c:2258

[2]
Full SBT:

  #0  0x00007fffa0cecbb0 in __pthread_mutex_lock_full () from /lib64/glibc-hwcaps/power9/libpthread-2.28.so
  #1  0x00007fffa0a73cf8 in chain_mutex_lock (m=<optimized out>, m@entry=0x7fff9b3a71b0, waitflag=<optimized out>, waitflag@entry=true) at ../../lib/tdb/common/mutex.c:182
  #2  0x00007fffa0a7432c in tdb_mutex_lock (tdb=0x1543c6900, rw=<optimized out>, off=<optimized out>, len=<optimized out>, waitflag=<optimized out>, pret=0x7fffd7df2e28) at ../../lib/tdb/common/mutex.c:234
  #3  0x00007fffa0a6812c in fcntl_lock (waitflag=<optimized out>, len=1, off=376608, rw=0, tdb=0x1543c6900) at ../../lib/tdb/common/lock.c:200
  #4  tdb_brlock (tdb=0x1543c6900, rw_type=<optimized out>, offset=<optimized out>, len=1, flags=<optimized out>) at ../../lib/tdb/common/lock.c:200
  #5  0x00007fffa0a68af8 in tdb_nest_lock (flags=<optimized out>, ltype=0, offset=<optimized out>, tdb=0x1543c6900) at ../../lib/tdb/common/lock.c:390
  #6  tdb_nest_lock (tdb=0x1543c6900, offset=<optimized out>, ltype=<optimized out>, flags=<optimized out>) at ../../lib/tdb/common/lock.c:336
  #7  0x00007fffa0a69088 in tdb_lock_list (tdb=0x1543c6900, list=<optimized out>, ltype=<optimized out>, waitflag=<optimized out>) at ../../lib/tdb/common/lock.c:482
  #8  0x00007fffa0a69198 in tdb_lock (tdb=0x1543c6900, list=<optimized out>, ltype=<optimized out>) at ../../lib/tdb/common/lock.c:500
  #9  0x00007fffa0a64b50 in tdb_find_lock_hash (tdb=<optimized out>, tdb@entry=0x1543c6900, key=..., hash=<optimized out>, locktype=<optimized out>, locktype@entry=0, rec=<optimized out>, rec@entry=0x7fffd7df3080) at ../../lib/tdb/common/tdb.c:165
  #10 0x00007fffa0a64ed0 in tdb_parse_record (tdb=0x1543c6900, key=..., parser=0x7fffa0e74470 <db_ctdb_ltdb_parser>, private_data=0x7fffd7df30e8) at ../../lib/tdb/common/tdb.c:329
  #11 0x00007fffa0e74cbc in db_ctdb_ltdb_parse (db=<optimized out>, private_data=0x7fffd7df3140, parser=0x7fffa0e76470 <db_ctdb_parse_record_parser_nonpersistent>, key=...) at ../../source3/lib/dbwrap/dbwrap_ctdb.c:170
  #12 db_ctdb_try_parse_local_record (ctx=ctx@entry=0x154328fc0, key=..., state=state@entry=0x7fffd7df3140) at ../../source3/lib/dbwrap/dbwrap_ctdb.c:1385
  #13 0x00007fffa0e76024 in db_ctdb_parse_record (db=<optimized out>, key=..., parser=0x7fffa14ec820 <brl_get_locks_readonly_parser>, private_data=0x7fffd7df3218) at ../../source3/lib/dbwrap/dbwrap_ctdb.c:1425
  #14 0x00007fffa0884760 in dbwrap_parse_record (db=<optimized out>, key=..., parser=<optimized out>, private_data=<optimized out>) at ../../lib/dbwrap/dbwrap.c:454
  #15 0x00007fffa14ef5bc in brl_get_locks_readonly (fsp=0x1543d01e0) at ../../source3/locking/brlock.c:1884
  #16 0x00007fffa1546968 in file_has_brlocks (fsp=0x1543d01e0) at ../../source3/smbd/open.c:2232
  #17 delay_for_oplock (pgranted=<synthetic pointer>, poplock_type=<synthetic pointer>, first_open_attempt=<optimized out>, create_disposition=1, have_sharing_violation=false, lck=0x7fffd7df3ce8, lease=0x0, oplock_request=0, fsp=0x1543d01e0) at ../../source3/smbd/open.c:2749
  #18 handle_share_mode_lease (pgranted=<synthetic pointer>, poplock_type=<synthetic pointer>, first_open_attempt=<optimized out>, lease=0x0, oplock_request=0, share_access=7, access_mask=131201, create_disposition=1, lck=0x7fffd7df3ce8, fsp=0x1543d01e0) at ../../source3/smbd/open.c:2865
  #19 check_and_store_share_mode (first_open_attempt=<optimized out>, lease=0x0, oplock_request=0, share_access=7, access_mask=131201, create_disposition=1, lck=0x7fffd7df3ce8, req=0x154414800, fsp=0x1543d01e0) at ../../source3/smbd/open.c:3333
  #20 open_ntcreate_lock_add_entry (lck=0x7fffd7df3ce8, keep_locked=0x7fffd7df3ad0, private_data=0x7fffd7df3cc8) at ../../source3/smbd/open.c:3688
  #21 0x00007fffa14f6248 in share_mode_entry_prepare_lock_fn (glck=0x7fffd7df35b8, cb_private=0x7fffd7df3a88) at ../../source3/locking/share_mode_lock.c:2978
  #22 0x00007fffa1317680 in g_lock_lock_cb_run_and_store (cb_state=cb_state@entry=0x7fffd7df35b8) at ../../source3/lib/g_lock.c:597
  #23 0x00007fffa1319df8 in g_lock_lock_simple_fn (rec=0x7fffd7df3798, value=..., private_data=0x7fffd7df39a0) at ../../source3/lib/g_lock.c:1212
  #24 0x00007fffa13160e0 in dbwrap_watched_do_locked_fn (backend_rec=<optimized out>, backend_value=..., private_data=0x7fffd7df3768) at ../../source3/lib/dbwrap/dbwrap_watch.c:458
  #25 0x00007fffa0884e48 in dbwrap_do_locked (db=<optimized out>, key=..., fn=0x7fffa1316080 <dbwrap_watched_do_locked_fn>, private_data=0x7fffd7df3768) at ../../lib/dbwrap/dbwrap.c:602
  #26 0x00007fffa1315274 in dbwrap_watched_do_locked (db=0x1543a7160, key=..., fn=0x7fffa1319ca0 <g_lock_lock_simple_fn>, private_data=0x7fffd7df39a0) at ../../source3/lib/dbwrap/dbwrap_watch.c:480
  #27 0x00007fffa0884d60 in dbwrap_do_locked (db=<optimized out>, key=..., fn=<optimized out>, private_data=<optimized out>) at ../../lib/dbwrap/dbwrap.c:582
  #28 0x00007fffa131b458 in g_lock_lock (ctx=0x1543cc630, key=..., type=<optimized out>, timeout=..., cb_fn=0x7fffa14f6190 <share_mode_entry_prepare_lock_fn>, cb_private=0x7fffd7df3a88) at ../../source3/lib/g_lock.c:1267
  #29 0x00007fffa14fd060 in _share_mode_entry_prepare_lock (prepare_state=0x7fffd7df3cc8, id=..., servicepath=<optimized out>, smb_fname=<optimized out>, old_write_time=<optimized out>, fn=<optimized out>, private_data=0x7fffd7df3cc8, location=0x7fffa165b880 "../../source3/smbd/open.c:4292") at ../../source3/locking/share_mode_lock.c:3033
  #30 0x00007fffa15491e0 in open_file_ntcreate (conn=conn@entry=0x154382050, req=req@entry=0x154414800, access_mask=<optimized out>, access_mask@entry=131201, share_access=share_access@entry=7, create_disposition=create_disposition@entry=1, create_options=create_options@entry=0, new_dos_attributes=<optimized out>, new_dos_attributes@entry=128, oplock_request=oplock_request@entry=0, lease=<optimized out>, lease@entry=0x0, private_flags=<optimized out>, private_flags@entry=0, parent_dir_fname=<optimized out>, smb_fname_atname=<optimized out>, pinfo=<optimized out>, pinfo@entry=0x7fffd7df3f1c, fsp=<optimized out>, fsp@entry=0x1543d01e0) at ../../source3/smbd/open.c:4286
  #31 0x00007fffa154b94c in create_file_unixpath (conn=conn@entry=0x154382050, req=req@entry=0x154414800, dirfsp=dirfsp@entry=0x15439a7f0, smb_fname=smb_fname@entry=0x154416300, access_mask=access_mask@entry=131201, share_access=share_access@entry=7, create_disposition=create_disposition@entry=1, create_options=create_options@entry=0, file_attributes=file_attributes@entry=128, oplock_request=<optimized out>, oplock_request@entry=0, lease=<optimized out>, lease@entry=0x0, allocation_size=allocation_size@entry=0, private_flags=private_flags@entry=0, sd=sd@entry=0x0, ea_list=ea_list@entry=0x0, result=result@entry=0x7fffd7df4168, pinfo=pinfo@entry=0x7fffd7df4160) at ../../source3/smbd/open.c:6290
  #32 0x00007fffa154dfac in create_file_default (conn=0x154382050, req=0x154414800, dirfsp=0x15439a7f0, smb_fname=0x154416300, access_mask=<optimized out>, share_access=<optimized out>, create_disposition=<optimized out>, create_options=<optimized out>, file_attributes=128, oplock_request=0, lease=0x0, allocation_size=0, private_flags=0, sd=0x0, ea_list=0x0, result=0x1544144e8, pinfo=0x1544144fc, in_context_blobs=0x7fffd7df4798, out_context_blobs=0x154414710) at ../../source3/smbd/open.c:6609
  #33 0x00007fffa150972c in vfswrap_create_file (handle=<optimized out>, req=<optimized out>, dirfsp=<optimized out>, smb_fname=<optimized out>, access_mask=<optimized out>, share_access=<optimized out>, create_disposition=<optimized out>, create_options=<optimized out>, file_attributes=128, oplock_request=0, lease=0x0, allocation_size=0, private_flags=0, sd=0x0, ea_list=0x0, result=0x1544144e8, pinfo=0x1544144fc, in_context_blobs=0x7fffd7df4798, out_context_blobs=0x154414710) at ../../source3/modules/vfs_default.c:776
  #34 0x00007fffa1559cbc in smb_vfs_call_create_file (handle=<optimized out>, req=<optimized out>, dirfsp=<optimized out>, smb_fname=<optimized out>, access_mask=<optimized out>, share_access=<optimized out>, create_disposition=<optimized out>, create_options=<optimized out>, file_attributes=128, oplock_request=0, lease=0x0, allocation_size=0, private_flags=0, sd=0x0, ea_list=0x0, result=0x1544144e8, pinfo=0x1544144fc, in_context_blobs=0x7fffd7df4798, out_context_blobs=0x154414710) at ../../source3/smbd/vfs.c:1560
  #35 0x00007fff9c0a9ec4 in smb_time_audit_create_file (handle=0x154426820, req=0x154414800, dirfsp=0x15439a7f0, fname=0x154416300, access_mask=<optimized out>, share_access=<optimized out>, create_disposition=<optimized out>, create_options=<optimized out>, file_attributes=128, oplock_request=0, lease=0x0, allocation_size=0, private_flags=0, sd=0x0, ea_list=0x0, result_fsp=0x1544144e8, pinfo=0x1544144fc, in_context_blobs=0x7fffd7df4798, out_context_blobs=0x154414710) at ../../source3/modules/vfs_time_audit.c:634
  #36 0x00007fffa1559cbc in smb_vfs_call_create_file (handle=<optimized out>, req=<optimized out>, dirfsp=<optimized out>, smb_fname=<optimized out>, access_mask=<optimized out>, share_access=<optimized out>, create_disposition=<optimized out>, create_options=<optimized out>, file_attributes=128, oplock_request=0, lease=0x0, allocation_size=0, private_flags=0, sd=0x0, ea_list=0x0, result=0x1544144e8, pinfo=0x1544144fc, in_context_blobs=0x7fffd7df4798, out_context_blobs=0x154414710) at ../../source3/smbd/vfs.c:1560
  #37 0x00007fffa1597aa8 in smbd_smb2_create_send (in_context_blobs=..., in_name=0x154413ca0, in_create_options=<optimized out>, in_create_disposition=<optimized out>, in_share_access=<optimized out>, in_file_attributes=<optimized out>, in_desired_access=<optimized out>, in_impersonation_level=<optimized out>, in_oplock_level=<optimized out>, smb2req=0x154413770, ev=0x154328120, mem_ctx=0x154413770) at ../../source3/smbd/smb2_create.c:1115
  #38 smbd_smb2_request_process_create (smb2req=0x154413770) at ../../source3/smbd/smb2_create.c:291
  #39 0x00007fffa158a628 in smbd_smb2_request_dispatch (req=0x154413770) at ../../source3/smbd/smb2_server.c:3485
  #40 0x00007fffa158c540 in smbd_smb2_io_handler (fde_flags=<optimized out>, xconn=0x154313f30) at ../../source3/smbd/smb2_server.c:5112
  #41 smbd_smb2_connection_handler (ev=<optimized out>, fde=<optimized out>, flags=<optimized out>, private_data=<optimized out>) at ../../source3/smbd/smb2_server.c:5150
  #42 0x00007fffa1198b2c in tevent_common_invoke_fd_handler (fde=0x15435add0, flags=<optimized out>, removed=0x0) at ../../lib/tevent/tevent_fd.c:158
  #43 0x00007fffa11a2b9c in epoll_event_loop (tvalp=0x7fffd7df4b28, epoll_ev=0x1543b4e80) at ../../lib/tevent/tevent_epoll.c:730
  #44 epoll_event_loop_once (ev=<optimized out>, location=<optimized out>) at ../../lib/tevent/tevent_epoll.c:946
  #45 0x00007fffa11a0090 in std_event_loop_once (ev=0x154328120, location=0x7fffa1668db8 "../../source3/smbd/smb2_process.c:2158") at ../../lib/tevent/tevent_standard.c:110
  #46 0x00007fffa119744c in _tevent_loop_once (ev=0x154328120, location=0x7fffa1668db8 "../../source3/smbd/smb2_process.c:2158") at ../../lib/tevent/tevent.c:823
  #47 0x00007fffa1197884 in tevent_common_loop_wait (ev=<optimized out>, location=<optimized out>) at ../../lib/tevent/tevent.c:950
  #48 0x00007fffa119ffc0 in std_event_loop_wait (ev=0x154328120, location=0x7fffa1668db8 "../../source3/smbd/smb2_process.c:2158") at ../../lib/tevent/tevent_standard.c:141
  #49 0x00007fffa1197978 in _tevent_loop_wait (ev=<optimized out>, location=<optimized out>) at ../../lib/tevent/tevent.c:971
  #50 0x00007fffa15737fc in smbd_process (ev_ctx=0x154328120, msg_ctx=<optimized out>, sock_fd=<optimized out>, interactive=<optimized out>) at ../../source3/smbd/smb2_process.c:2158
  #51 0x000000011db5c554 in smbd_accept_connection (ev=0x154328120, fde=<optimized out>, flags=<optimized out>, private_data=<optimized out>) at ../../source3/smbd/server.c:1150
  #52 0x00007fffa1198b2c in tevent_common_invoke_fd_handler (fde=0x1543ac2d0, flags=<optimized out>, removed=0x0) at ../../lib/tevent/tevent_fd.c:158
  #53 0x00007fffa11a2b9c in epoll_event_loop (tvalp=0x7fffd7df4f98, epoll_ev=0x154328350) at ../../lib/tevent/tevent_epoll.c:730
  #54 epoll_event_loop_once (ev=<optimized out>, location=<optimized out>) at ../../lib/tevent/tevent_epoll.c:946
  #55 0x00007fffa11a0090 in std_event_loop_once (ev=0x154328120, location=0x11db60b50 "../../source3/smbd/server.c:1499") at ../../lib/tevent/tevent_standard.c:110
  #56 0x00007fffa119744c in _tevent_loop_once (ev=0x154328120, location=0x11db60b50 "../../source3/smbd/server.c:1499") at ../../lib/tevent/tevent.c:823
  #57 0x00007fffa1197884 in tevent_common_loop_wait (ev=<optimized out>, location=<optimized out>) at ../../lib/tevent/tevent.c:950
  #58 0x00007fffa119ffc0 in std_event_loop_wait (ev=0x154328120, location=0x11db60b50 "../../source3/smbd/server.c:1499") at ../../lib/tevent/tevent_standard.c:141
  #59 0x00007fffa1197978 in _tevent_loop_wait (ev=<optimized out>, location=<optimized out>) at ../../lib/tevent/tevent.c:971
  #60 0x000000011db58c54 in smbd_parent_loop (parent=<optimized out>, ev_ctx=0x154328120) at ../../source3/smbd/server.c:1499
  #61 main (argc=<optimized out>, argv=<optimized out>) at ../../source3/smbd/server.c:2258

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15767

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 2eef298ff4c5baf15c7d29c65fb021dbed5b0a93)

6 months agos3/locking: add brl_set_modified()
Ralph Boehme [Wed, 29 Jan 2025 05:13:29 +0000 (06:13 +0100)] 
s3/locking: add brl_set_modified()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15767

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 2772f147c9b13cd2160181c4f7905b54ab765054)

6 months agos3/brlock: don't increment current_lock_count if do_lock_fn() failed
Ralph Boehme [Wed, 8 Jan 2025 14:43:04 +0000 (15:43 +0100)] 
s3/brlock: don't increment current_lock_count if do_lock_fn() failed

Also only assign psmblctx and pblocker_pid if the lock request failed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15767

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 3a0c6e99de4377f44bc29766b6ceb79040caed9f)

6 months agos3/brlock: add share_mode_do_locked_brl()
Ralph Boehme [Sat, 1 Feb 2025 09:37:40 +0000 (10:37 +0100)] 
s3/brlock: add share_mode_do_locked_brl()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15767

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit e17fb732c89f8b34de00904383044de3c4f85bd0)

6 months agos3/brlock: add brl_req_set()
Stefan Metzmacher [Mon, 6 Jan 2025 16:07:11 +0000 (17:07 +0100)] 
s3/brlock: add brl_req_set()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15767

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit c9c04c7d75dee0c3e6e843b581624a3852042057)

6 months agos3/brlock: split out brl_get_locks_readonly_parse()
Stefan Metzmacher [Mon, 6 Jan 2025 14:59:27 +0000 (15:59 +0100)] 
s3/brlock: split out brl_get_locks_readonly_parse()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15767

Pair-Programmed-With: Ralph Boehme <slow@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 94e7cbcc32b73e4d56e7209e04d22d4270a6eb5b)

6 months agosmbtorture: add test "open-brlock-deadlock"
Ralph Boehme [Thu, 9 Jan 2025 11:27:43 +0000 (12:27 +0100)] 
smbtorture: add test "open-brlock-deadlock"

smbtorture reproducer for bug 15767. As it needs a very specific setup that
can't easily be done in selftest, the test is only executed when manually called
with

  --option=torture:open_brlock_deadlock_timemout=SEC

To prepare the setup for the test set:

  tdb_hash_size:locking.tdb = 1
  tdb_hash_size:brlock.tdb = 1

and remove both tdb from disk which is needed so the TDBs get recreated with the
new hash_size.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15767

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 7c60498cee7dca5770d4d1f623c472d585ae9cae)

6 months agodbwrap: check for option "tdb_hash_size:DBNAME.tdb" in db_open()
Ralph Boehme [Thu, 9 Jan 2025 07:57:17 +0000 (08:57 +0100)] 
dbwrap: check for option "tdb_hash_size:DBNAME.tdb" in db_open()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15767

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 7eb135c42d530a16e80e165d9e8e99d920797f12)

6 months agovfs: Fix Bug 15791, vfs_acl_tdb unlinkat()
Volker Lendecke [Tue, 28 Jan 2025 13:03:49 +0000 (14:03 +0100)] 
vfs: Fix Bug 15791, vfs_acl_tdb unlinkat()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15791
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 93a6d36239dd2ce2b3863945f8b9b59cb6aa911a)

Autobuild-User(v4-22-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-22-test): Mon Mar 31 12:13:03 UTC 2025 on atb-devel-224

6 months agovfs: Fix a lock order violation in unlinkat_acl_tdb()
Volker Lendecke [Wed, 26 Feb 2025 15:04:01 +0000 (16:04 +0100)] 
vfs: Fix a lock order violation in unlinkat_acl_tdb()

unlinkat is called when the share mode record is locked.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15791
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 93bc238aa91ec8041648d17e11bf235132974eda)

6 months agosmbd: fix handling of directory leases and oplock levels
Ralph Boehme [Sat, 22 Mar 2025 15:59:07 +0000 (16:59 +0100)] 
smbd: fix handling of directory leases and oplock levels

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15836

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Mar 28 07:53:25 UTC 2025 on atb-devel-224

(cherry picked from commit 4b3f45e13f9c11920924c034a457ea2cb8e15e18)

Autobuild-User(v4-22-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-22-test): Fri Mar 28 14:53:26 UTC 2025 on atb-devel-224

6 months agosmbtorture: add test smb2.dirlease.oplocks
Ralph Boehme [Sat, 22 Mar 2025 15:57:13 +0000 (16:57 +0100)] 
smbtorture: add test smb2.dirlease.oplocks

Verifies server correctly ignores oplock on directories and only grants leases.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15836

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 9ecaa4095643729bf5f9c93316d577b603190449)

7 months agovfs_ceph_new: Add path based fallback for SMB_VFS_FNTIMES
Anoop C S [Mon, 17 Mar 2025 14:22:10 +0000 (19:52 +0530)] 
vfs_ceph_new: Add path based fallback for SMB_VFS_FNTIMES

Fallback mechanism was missing in vfs_ceph_fntimes() for path
based call.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15834

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Mon Mar 17 20:48:55 UTC 2025 on atb-devel-224

(cherry picked from commit dbc48a4cda7489363688bb38f6fa678011fedfaf)

Autobuild-User(v4-22-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-22-test): Tue Mar 18 16:50:49 UTC 2025 on atb-devel-224

7 months agovfs_ceph_new: Add path based fallback for SMB_VFS_FCHMOD
Anoop C S [Fri, 14 Mar 2025 14:29:33 +0000 (19:59 +0530)] 
vfs_ceph_new: Add path based fallback for SMB_VFS_FCHMOD

Fallback mechanism was missing in vfs_ceph_fchmod() for path based call.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15834

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 9c019ecf4eae6e6bef48323a0b093e17b0708ee8)

7 months agovfs_ceph_new: Add path based fallback for SMB_VFS_FCHOWN
Anoop C S [Fri, 14 Mar 2025 14:17:42 +0000 (19:47 +0530)] 
vfs_ceph_new: Add path based fallback for SMB_VFS_FCHOWN

Fallback mechanism was missing in vfs_ceph_fchown() for path based call.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15834

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit abb97683902f50b2a57989f30c0fb53fd3492af9)

7 months agos3/lib: fix matching interfaces with multiple assigned IPs
Ralph Boehme [Mon, 10 Mar 2025 13:29:23 +0000 (14:29 +0100)] 
s3/lib: fix matching interfaces with multiple assigned IPs

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15823

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Mar 12 01:32:30 UTC 2025 on atb-devel-224

(cherry picked from commit b85f056e7312ea9839b6fda617132fcc956da3c1)

7 months agovfs_ceph_new: detect case sensitivity in CephFS
Xavi Hernandez [Tue, 4 Mar 2025 11:48:41 +0000 (12:48 +0100)] 
vfs_ceph_new: detect case sensitivity in CephFS

CephFS has recently added support for case insensitive access to the
file system. This modification detects whether the shared volume is case
sensitive or not and reports the FILE_CASE_SENSITIVE_SEARCH capability
accordingly.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15822

Signed-off-by: Xavi Hernandez <xhernandez@redhat.com>
Reviewed-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Mar 11 20:34:26 UTC 2025 on atb-devel-224

(cherry picked from commit a52602030e6ba0e1bcddf5f611464b58076fadd0)

7 months agovfs_ceph_new: Do not resolve by inode number
Anoop C S [Tue, 25 Feb 2025 12:10:13 +0000 (17:40 +0530)] 
vfs_ceph_new: Do not resolve by inode number

CephFS snapshots within snap directory shares the same inode number from
its parent. Until unless we resolve by name we may incorrectly point at
an inode which is not a snapshot directory. Therefore to be functionally
correct we avoid resolving by inode number but proper name.

For example:

path (ino = 3)
  |
  --- dir (ino = 4)
  |
  --- .snap (ino = 3)
        |
        --- snap1 (ino = 3)
              |
              --- dir (ino = 4)

In this case an attempt to resolve 'snap1' by inode number 3 results in
pointing at 'path' which is not the desired outcome.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15818

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Mar  7 18:20:47 UTC 2025 on atb-devel-224

(cherry picked from commit a96f0542c8317a7dd0470b32350de6893fd98723)

Autobuild-User(v4-22-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-22-test): Thu Mar 13 17:06:25 UTC 2025 on atb-devel-224

7 months agovfs_ceph_new: Handle absolute path in vfs_ceph_ll_walk
Anoop C S [Mon, 24 Feb 2025 08:30:56 +0000 (14:00 +0530)] 
vfs_ceph_new: Handle absolute path in vfs_ceph_ll_walk

It can very well be the case that the incoming path is absolute in
nature which breaks the assumption inside vfs_ceph_ll_walk that it
is within the current working directory. Instead perform a check to
see whether the path includes current working directory path in its
components and accordingly trim it to make it relative in nature.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15818

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 9341d7fb466c95ea5aa0643049ce2a1f4183b9d0)

7 months agovfs_ceph_new: Remove unused code in cephmount_mount_fs()
Anoop C S [Mon, 24 Feb 2025 06:39:06 +0000 (12:09 +0530)] 
vfs_ceph_new: Remove unused code in cephmount_mount_fs()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15818

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit ee1c3e1db9a2d12ba6d9dd24faccf0020b1daf0d)

7 months agovfs_ceph_new: Remove redundant re-intialization to NULL
Anoop C S [Mon, 24 Feb 2025 06:24:45 +0000 (11:54 +0530)] 
vfs_ceph_new: Remove redundant re-intialization to NULL

TALLOC_FREE() by default re-initializes the pointer to NULL after
corresponding memory is freed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15818

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit c5ddd94a08503a52914ce351ebf1083178e8c8bc)

7 months agovfs_ceph_new: use libcephfs nonblocking API for async-io ops
Shachar Sharon [Tue, 1 Oct 2024 09:09:40 +0000 (12:09 +0300)] 
vfs_ceph_new: use libcephfs nonblocking API for async-io ops

Use libcephfs non-blocking API (ceph_ll_nonblocking_readv_writev[1]) in
combination with smb VFS async hooks ({pread,pwrite,fsync}_send/_recv).
Fills libcephfs' struct ceph_ll_io_info with single iovec and
submit/complete the operation asynchronously on libcephfs side, with
corresponding tevent schedule-immediate upon completion on smbd side.

Control nonblocking/normal I/O mode via config parameter. The common
parts of async I/O (with/without HAVE_CEPH_ASYNCIO) are united.
Specifically, use same struct vfs_ceph_aio_state and common code via
helper function for all async I/O hooks. When HAVE_CEPH_ASYNCIO
is True _and_ config option 'asyncio = yes' use libcephfs asynchronous
I/O API. Otherwise, fake async operation using normal blocking APIs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15810

[1] https://github.com/ceph/ceph/commit/b4e39f3eccd6734f1ed13c700c136e3aef1777f8

Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Mar  4 16:53:21 UTC 2025 on atb-devel-224

(cherry picked from commit 4ae9224138449fe7b8dd1e8ce8141aedd014efc4)

7 months agos3:utils: Remove call of ads_startup() from net_ads_keytab_create()
Pavel Filipenský [Thu, 6 Mar 2025 14:24:05 +0000 (15:24 +0100)] 
s3:utils: Remove call of ads_startup() from net_ads_keytab_create()

Calling ads_startup() is not needed in net_ads_keytab_create.  Keytab
creation code in sync_pw2keytabs() decides if it needs to talk to DC or
not and connects to AD accordingly.

Fixing this, makes the bug below easier to reproduce using
'net ads keytab create'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15727

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Mon Mar 10 11:09:29 UTC 2025 on atb-devel-224

(cherry picked from commit 5cadaf91bc96cd2a8e0f6bcbd8a212e86b714180)

7 months agos3:libads: Make sure that REALM is always added to keytab principals
Pavel Filipenský [Fri, 7 Mar 2025 09:32:40 +0000 (10:32 +0100)] 
s3:libads: Make sure that REALM is always added to keytab principals

The code responsible for adding SPNs to keytab should always set the
REALM part.  Current code is not adding it for e.g. SPNs synced from AD.

If REALM is missing, krb5_parse_name() will succeed (and add the REALM)
only if the krb5.conf contains libdefaults section with
default_realm set and will fail otherwise. E.g.:

[libdefaults]
default_realm = SOMETESTDOMAIN1.MY.COM

When calling 'net ads join' we get the following error if SPN is missing
REALM and krb5.conf does not provide the default_realm:

pw2kt_process_add_info: Failed to parse principal:
RestrictedKrbHost/$MACHINE_NAME
Failed to join domain: failed to create kerberos keytab

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15727

Pair-Programmed-With: Noel Power <noel.power@suse.com>

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Sun Mar  9 00:25:08 UTC 2025 on atb-devel-224

(cherry picked from commit c72554260c950d0ef7652955a59f0f68a026f4f2)

7 months agolib:krb5_wrap: Add smb_krb5_parse_name_flags()
Pavel Filipenský [Thu, 6 Mar 2025 22:20:53 +0000 (23:20 +0100)] 
lib:krb5_wrap: Add smb_krb5_parse_name_flags()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15727

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit cf34645050df64d6b8c4fa45394c3feebe691e79)

7 months agoVERSION: Bump version up to Samba 4.22.1...
Jule Anger [Thu, 6 Mar 2025 13:51:50 +0000 (14:51 +0100)] 
VERSION: Bump version up to Samba 4.22.1...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Jule Anger <janger@samba.org>
7 months agoVERSION: Disable GIT_SNAPSHOT for the 4.22.0 release. samba-4.22.0
Jule Anger [Thu, 6 Mar 2025 13:50:04 +0000 (14:50 +0100)] 
VERSION: Disable GIT_SNAPSHOT for the 4.22.0 release.

Signed-off-by: Jule Anger <janger@samba.org>
7 months agoWHATSNEW: Add release notes for Samba 4.22.0.
Jule Anger [Thu, 6 Mar 2025 13:49:01 +0000 (14:49 +0100)] 
WHATSNEW: Add release notes for Samba 4.22.0.

Signed-off-by: Jule Anger <janger@samba.org>
7 months agoWHATSNEW: mention schema upgrade speed improvements
Douglas Bagnall [Wed, 5 Mar 2025 05:01:42 +0000 (18:01 +1300)] 
WHATSNEW: mention schema upgrade speed improvements

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15821

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(v4-22-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-22-test): Thu Mar  6 12:47:56 UTC 2025 on atb-devel-224