Version in base suite: 4.22.6+dfsg-0+deb13u1 Base version: samba_4.22.6+dfsg-0+deb13u1 Target version: samba_4.22.8+dfsg-0+deb13u1 Base file: /srv/ftp-master.debian.org/ftp/pool/main/s/samba/samba_4.22.6+dfsg-0+deb13u1.dsc Target file: /srv/ftp-master.debian.org/policy/pool/main/s/samba/samba_4.22.8+dfsg-0+deb13u1.dsc VERSION | 4 WHATSNEW.txt | 127 +++++++++- ctdb/config/events/legacy/10.interface.script | 17 + ctdb/config/functions | 4 ctdb/server/ctdb_recover.c | 2 ctdb/server/ctdb_takeover.c | 10 ctdb/tests/UNIT/eventscripts/10.interface.updateip.001.sh | 16 + debian/changelog | 57 ++++ debian/clean | 1 debian/patches/add-support-for-bind-9.20.patch | 55 ---- debian/patches/revert-ldb-use-hexchars_upper-from-replace.h.patch | 36 -- debian/patches/series | 2 docs-xml/manpages/net.8.xml | 2 docs-xml/manpages/samba-bgqd.8.xml | 37 ++ docs-xml/smbdotconf/misc/ctdbdsocket.xml | 16 - lib/ldb/common/ldb_dn.c | 11 python/samba/provision/sambadns.py | 3 selftest/target/Samba3.pm | 3 source3/libads/kerberos.c | 16 + source3/libads/ldap.c | 45 +-- source3/librpc/idl/ads.idl | 4 source3/libsmb/namequery_dc.c | 4 source3/modules/vfs_ceph_new.c | 17 - source3/modules/vfs_fruit.c | 2 source3/modules/vfs_recycle.c | 6 source3/printing/print_cups.c | 3 source3/printing/printing.c | 5 source3/printing/queue_process.c | 3 source3/rpc_client/cli_pipe.c | 2 source3/rpc_server/mdssvc/es_parser.y | 18 + source3/rpc_server/mdssvc/mdssvc_es.c | 10 source3/rpc_server/mdssvc/test_mdsparser_es.c | 17 + source3/script/tests/test_recycle.sh | 37 ++ source3/script/tests/test_winbind_cache_sanity.sh | 112 ++++++++ source3/selftest/tests.py | 4 source3/smbd/filename.c | 16 - source3/smbd/files.c | 108 ++++++++ source3/smbd/proto.h | 4 source3/smbd/smb2_oplock.c | 4 source3/winbindd/winbindd_cache.c | 82 +++--- source3/winbindd/winbindd_cm.c | 6 source3/winbindd/winbindd_proto.h | 3 source4/setup/named.conf.dlz | 4 43 files changed, 709 insertions(+), 226 deletions(-) dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpyy_pm3bq/samba_4.22.6+dfsg-0+deb13u1.dsc: no acceptable signature found dpkg-source: warning: cannot verify inline signature for /srv/release.debian.org/tmp/tmpyy_pm3bq/samba_4.22.8+dfsg-0+deb13u1.dsc: no acceptable signature found diff -Nru samba-4.22.6+dfsg/VERSION samba-4.22.8+dfsg/VERSION --- samba-4.22.6+dfsg/VERSION 2025-10-16 14:34:01.621333100 +0000 +++ samba-4.22.8+dfsg/VERSION 2026-02-19 09:46:34.625000500 +0000 @@ -27,7 +27,7 @@ ######################################################## SAMBA_VERSION_MAJOR=4 SAMBA_VERSION_MINOR=22 -SAMBA_VERSION_RELEASE=6 +SAMBA_VERSION_RELEASE=8 ######################################################## # If a official release has a serious bug # @@ -101,7 +101,7 @@ # e.g. SAMBA_VERSION_IS_SVN_SNAPSHOT=yes # # -> "3.0.0-SVN-build-199" # ######################################################## -SAMBA_VERSION_IS_GIT_SNAPSHOT=no +SAMBA_VERSION_IS_GIT_SNAPSHOT=no ######################################################## # This is for specifying a release nickname # diff -Nru samba-4.22.6+dfsg/WHATSNEW.txt samba-4.22.8+dfsg/WHATSNEW.txt --- samba-4.22.6+dfsg/WHATSNEW.txt 2025-10-16 14:34:01.621333100 +0000 +++ samba-4.22.8+dfsg/WHATSNEW.txt 2026-02-19 09:46:34.625000500 +0000 @@ -1,4 +1,128 @@ ============================== + Release Notes for Samba 4.22.8 + February 19, 2026 + ============================== + + +This is the latest stable release of the Samba 4.22 release series. + + +Changes since 4.22.7 +-------------------- + +o Ralph Boehme + * BUG 15959: New Spotlight default search field incorrectly initialized + * BUG 15984: smbd: in contend_dirleases() don't bother checking when not + enabled + +o Samuel Cabrero + * BUG 15979: possible memory leak on rpc_spoolss + +o Günther Deschner + * BUG 15964: "net offlinejoin requestodj" manpage entry incorrectly mentiones + provided credentials + +o Pavel Filipenský + * BUG 15972: Winbind group resolution failure + +o Noel Power + * BUG 15979: possible memory leak on rpc_spoolss + +o Martin Schwenke + * BUG 15977: ctdbd socket documentation is wrong + +o Michael Tokarev + * BUG 15790: Bind dlz 9.20 + + +####################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical:matrix.org matrix room, or +#samba-technical IRC channel on irc.libera.chat. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +Release notes for older releases follow: +---------------------------------------- + ============================== + Release Notes for Samba 4.22.7 + December 18, 2025 + ============================== + + +This is the latest stable release of the Samba 4.22 release series. + + +Changes since 4.22.6 +-------------------- + +o Ralph Boehme + * BUG 15926: Samba 4.22 breaks Time Machine + * BUG 15930: Searching for numbers doesn't work with Spotlight + * BUG 15947: mdssvc doesn't support $time.iso dates before 1970 + +o Günther Deschner + * BUG 15963: Fix winbind cache consistency + +o Pavel Filipenský + * BUG 15940: vfs_recycle does not update mtime + +o Volker Lendecke + * BUG 15897: Assert failed: (dirfd != -1) || (smb_fname->base_name[0] == '/') + in vfswrap_openat + * BUG 15950: ctdb can crash with inconsistent cluster lock configuration + +o Anoop C S + * BUG 15897: Assert failed: (dirfd != -1) || (smb_fname->base_name[0] == '/') + in vfswrap_openat + +o Andreas Schneider + * BUG 15809: samba-bgqd: rework man page + * BUG 15936: samba-bgqd can't find [printers] share + * BUG 15955: Winbind can hang forever in gssapi if there are network issues. + * BUG 15961: libldb requires linking libreplace on Linux + +o Martin Schwenke + * BUG 15935: Crash in ctdbd on failed updateip + + +####################################### +Reporting bugs & Development Discussion +####################################### + +Please discuss this release on the samba-technical mailing list or by +joining the #samba-technical:matrix.org matrix room, or +#samba-technical IRC channel on irc.libera.chat. + +If you do report problems then please try to send high quality +feedback. If you don't provide vital information to help us track down +the problem then you will probably be ignored. All bug reports should +be filed under the Samba 4.1 and newer product in the project's Bugzilla +database (https://bugzilla.samba.org/). + + +====================================================================== +== Our Code, Our Bugs, Our Responsibility. +== The Samba Team +====================================================================== + + +---------------------------------------------------------------------- + ============================== Release Notes for Samba 4.22.6 October 16, 2025 ============================== @@ -59,8 +183,7 @@ ====================================================================== -Release notes for older releases follow: ----------------------------------------- +---------------------------------------------------------------------- ============================== Release Notes for Samba 4.22.5 October 15, 2025 diff -Nru samba-4.22.6+dfsg/ctdb/config/events/legacy/10.interface.script samba-4.22.8+dfsg/ctdb/config/events/legacy/10.interface.script --- samba-4.22.6+dfsg/ctdb/config/events/legacy/10.interface.script 2025-02-06 10:31:53.712144000 +0000 +++ samba-4.22.8+dfsg/ctdb/config/events/legacy/10.interface.script 2026-02-19 09:44:03.051993400 +0000 @@ -78,6 +78,11 @@ "$ip" "$maskbits" "$_maskbits_in" fi else + if [ "$_iface_in" = "__none__" ]; then + echo "WARNING: Unable to determine interface for IP ${ip}" + iface="$_iface_in" + return + fi die "ERROR: Unable to determine interface for IP ${ip}" fi } @@ -214,10 +219,14 @@ exit 0 fi - ip_block "$ip" "$oiface" - - delete_ip_from_iface "$oiface" "$ip" "$maskbits" 2>/dev/null - delete_ip_from_iface "$niface" "$ip" "$maskbits" 2>/dev/null + # Behave more like takeip when the IP is not assigned. No + # need for a similar condition around ip_unblock()s because + # they will silently fail. + if [ "$oiface" != "__none__" ]; then + ip_block "$ip" "$oiface" + delete_ip_from_iface "$oiface" "$ip" "$maskbits" >/dev/null 2>&1 + fi + delete_ip_from_iface "$niface" "$ip" "$maskbits" >/dev/null 2>&1 add_ip_to_iface "$niface" "$ip" "$maskbits" || { ip_unblock "$ip" "$oiface" diff -Nru samba-4.22.6+dfsg/ctdb/config/functions samba-4.22.8+dfsg/ctdb/config/functions --- samba-4.22.6+dfsg/ctdb/config/functions 2025-02-06 10:31:53.712144000 +0000 +++ samba-4.22.8+dfsg/ctdb/config/functions 2026-02-19 09:44:03.055993300 +0000 @@ -630,6 +630,10 @@ _conns=$(get_tcp_connections_for_ip "$_ip" | awk '{ print $1, $2 ; print $2, $1 }') + if [ -z "$_conns" ]; then + return + fi + echo "$_conns" | awk '{ print "Tickle TCP connection", $1, $2 }' echo "$_conns" | ctdb tickle } diff -Nru samba-4.22.6+dfsg/ctdb/server/ctdb_recover.c samba-4.22.8+dfsg/ctdb/server/ctdb_recover.c --- samba-4.22.6+dfsg/ctdb/server/ctdb_recover.c 2025-02-06 10:31:53.732143900 +0000 +++ samba-4.22.8+dfsg/ctdb/server/ctdb_recover.c 2026-02-19 09:44:03.099993700 +0000 @@ -977,6 +977,8 @@ local == NULL ? "NULL" : local)); talloc_free(state); ctdb_shutdown_sequence(ctdb, 1); + /* In case above returns due to duplicate shutdown */ + return; } DEBUG(DEBUG_INFO, ("Recovery lock consistency check successful\n")); diff -Nru samba-4.22.6+dfsg/ctdb/server/ctdb_takeover.c samba-4.22.8+dfsg/ctdb/server/ctdb_takeover.c --- samba-4.22.6+dfsg/ctdb/server/ctdb_takeover.c 2025-06-05 15:38:33.746580800 +0000 +++ samba-4.22.8+dfsg/ctdb/server/ctdb_takeover.c 2026-02-19 09:44:03.103993700 +0000 @@ -617,7 +617,15 @@ */ ctdb_vnn_unassign_iface(ctdb, state->vnn); state->vnn->iface = state->old; - state->vnn->iface->references++; + /* + * state->old (above) can be NULL if the IP wasn't + * recorded as held by this node but the system thinks + * the IP was assigned. In that case, a move could + * still be desirable.. + */ + if (state->vnn->iface != NULL) { + state->vnn->iface->references++; + } ctdb_request_control_reply(ctdb, state->c, NULL, status, NULL); talloc_free(state); diff -Nru samba-4.22.6+dfsg/ctdb/tests/UNIT/eventscripts/10.interface.updateip.001.sh samba-4.22.8+dfsg/ctdb/tests/UNIT/eventscripts/10.interface.updateip.001.sh --- samba-4.22.6+dfsg/ctdb/tests/UNIT/eventscripts/10.interface.updateip.001.sh 1970-01-01 00:00:00.000000000 +0000 +++ samba-4.22.8+dfsg/ctdb/tests/UNIT/eventscripts/10.interface.updateip.001.sh 2026-02-19 09:44:03.123993600 +0000 @@ -0,0 +1,16 @@ +#!/bin/sh + +. "${TEST_SCRIPTS_DIR}/unit.sh" + +define_test "error - update a non-existent ip" + +setup + +public_address=$(ctdb_get_1_public_address) +ip="${public_address% *}" +ip="${ip#* }" + +ok "WARNING: Unable to determine interface for IP ${ip}" +# Want separate words from public_address: interface IP maskbits +# shellcheck disable=SC2086 +simple_test "__none__" $public_address diff -Nru samba-4.22.6+dfsg/debian/changelog samba-4.22.8+dfsg/debian/changelog --- samba-4.22.6+dfsg/debian/changelog 2025-10-16 16:19:45.000000000 +0000 +++ samba-4.22.8+dfsg/debian/changelog 2026-02-19 12:17:34.000000000 +0000 @@ -1,3 +1,60 @@ +samba (2:4.22.8+dfsg-0+deb13u1) trixie; urgency=medium + + * new upstream stable/bugfix release: + - https://bugzilla.samba.org/show_bug.cgi?id=15790: + Bind dlz 9.20 + - https://bugzilla.samba.org/show_bug.cgi?id=15959: + New Spotlight default search field incorrectly initialized + - https://bugzilla.samba.org/show_bug.cgi?id=15964: + "net offlinejoin requestodj" manpage entry incorrectly mentiones + provided credentials + - https://bugzilla.samba.org/show_bug.cgi?id=15972: + Winbind group resolution failure + - https://bugzilla.samba.org/show_bug.cgi?id=15977: + ctdbd socket documentation is wrong + - https://bugzilla.samba.org/show_bug.cgi?id=15979: + possible memory leak on rpc_spoolss + - https://bugzilla.samba.org/show_bug.cgi?id=15984: + smbd: in contend_dirleases() don't bother checking when not enabled + * add-support-for-bind-9.20.patch: remove (now applied upstream) + * d/clean: also remove python/samba/provision/kerberos_implementation.py + (Closes: #1048754) + + -- Michael Tokarev Thu, 19 Feb 2026 15:17:34 +0300 + +samba (2:4.22.7+dfsg-0+deb13u1) trixie; urgency=medium + + * new upstream stable/bugfix release: + - https://bugzilla.samba.org/show_bug.cgi?id=15809: + samba-bgqd: rework man page + - https://bugzilla.samba.org/show_bug.cgi?id=15897: + Assert failed: (dirfd != -1) || (smb_fname->base_name[0] == '/') + in vfswrap_openat + - https://bugzilla.samba.org/show_bug.cgi?id=15926: + Samba 4.22 breaks Time Machine + - https://bugzilla.samba.org/show_bug.cgi?id=15930: + Searching for numbers doesn't work with Spotlight + - https://bugzilla.samba.org/show_bug.cgi?id=15935: + Crash in ctdbd on failed updateip + - https://bugzilla.samba.org/show_bug.cgi?id=15936: + samba-bgqd can't find [printers] share + - https://bugzilla.samba.org/show_bug.cgi?id=15940: + vfs_recycle does not update mtime + - https://bugzilla.samba.org/show_bug.cgi?id=15947: + mdssvc doesn't support $time.iso dates before 1970 + - https://bugzilla.samba.org/show_bug.cgi?id=15950: + ctdb can crash with inconsistent cluster lock configuration + - https://bugzilla.samba.org/show_bug.cgi?id=15955: + Winbind can hang forever in gssapi if there are network issues + - https://bugzilla.samba.org/show_bug.cgi?id=15961: + libldb requires linking libreplace on Linux + - https://bugzilla.samba.org/show_bug.cgi?id=15963: + Fix winbind cache consistency + * revert-ldb-use-hexchars_upper-from-replace.h.patch: remove + (now applied by upstream) + + -- Michael Tokarev Thu, 18 Dec 2025 22:13:42 +0300 + samba (2:4.22.6+dfsg-0+deb13u1) trixie; urgency=medium * new upstream stable/security release: diff -Nru samba-4.22.6+dfsg/debian/clean samba-4.22.8+dfsg/debian/clean --- samba-4.22.6+dfsg/debian/clean 2025-10-16 08:31:54.000000000 +0000 +++ samba-4.22.8+dfsg/debian/clean 2026-02-19 11:59:08.000000000 +0000 @@ -7,3 +7,4 @@ third_party/waf/waflib/__pycache__/ third_party/waf/waflib/extras/__pycache__/ third_party/waf/waflib/Tools/__pycache__/ +python/samba/provision/kerberos_implementation.py diff -Nru samba-4.22.6+dfsg/debian/patches/add-support-for-bind-9.20.patch samba-4.22.8+dfsg/debian/patches/add-support-for-bind-9.20.patch --- samba-4.22.6+dfsg/debian/patches/add-support-for-bind-9.20.patch 2025-10-16 08:31:54.000000000 +0000 +++ samba-4.22.8+dfsg/debian/patches/add-support-for-bind-9.20.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,55 +0,0 @@ -From: Michael Tokarev -Date: Tue, 3 Jun 2025 09:41:57 +0300 -Subject: s4/dlz: add support for bind 9.20 -Forwarded: yes, https://gitlab.com/samba-team/samba/-/merge_requests/4067 -Bug-Debian: https://bugs.debian.org/1107139 - -bind dlz interface does not change much, yet we build -dlz_bind9_NN for every bind9 version NN we support - -despite many of them differ only in soversion, with -the code being identical. - -For bind9_20, use dlz_bind9_18.so which we already have. - -It'd be nice to extract actual bind9 version string in -sambadns.py and use it in more direct way. - -Bug: https://bugzilla.samba.org/show_bug.cgi?id=15790 -Signed-off-by: Michael Tokarev ---- - python/samba/provision/sambadns.py | 3 ++- - source4/setup/named.conf.dlz | 4 ++-- - 2 files changed, 4 insertions(+), 3 deletions(-) - -diff --git a/python/samba/provision/sambadns.py b/python/samba/provision/sambadns.py -index 952e875c862..a3515bbe37b 100644 ---- a/python/samba/provision/sambadns.py -+++ b/python/samba/provision/sambadns.py -@@ -1030,7 +1030,8 @@ def create_named_conf(paths, realm, dnsdomain, dns_backend, logger): - bind9_14 = '' - elif bind_info.upper().find('BIND 9.16') != -1: - bind9_16 = '' -- elif bind_info.upper().find('BIND 9.18') != -1: -+ elif bind_info.upper().find('BIND 9.18') != -1 \ -+ or bind_info.upper().find('BIND 9.20') != -1: - bind9_18 = '' - elif bind_info.upper().find('BIND 9.7') != -1: - raise ProvisioningError("DLZ option incompatible with BIND 9.7.") -diff --git a/source4/setup/named.conf.dlz b/source4/setup/named.conf.dlz -index cbe7d805f58..9753cdc503b 100644 ---- a/source4/setup/named.conf.dlz -+++ b/source4/setup/named.conf.dlz -@@ -30,8 +30,8 @@ dlz "AD DNS Zone" { - - # For BIND 9.16.x - ${BIND9_16} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_16.so"; -- # -- # For BIND 9.18.x -+ -+ # For BIND 9.18.x and 9.20.x - ${BIND9_18} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_18.so"; - }; - --- -2.39.5 - diff -Nru samba-4.22.6+dfsg/debian/patches/revert-ldb-use-hexchars_upper-from-replace.h.patch samba-4.22.8+dfsg/debian/patches/revert-ldb-use-hexchars_upper-from-replace.h.patch --- samba-4.22.6+dfsg/debian/patches/revert-ldb-use-hexchars_upper-from-replace.h.patch 2025-10-16 08:31:54.000000000 +0000 +++ samba-4.22.8+dfsg/debian/patches/revert-ldb-use-hexchars_upper-from-replace.h.patch 1970-01-01 00:00:00.000000000 +0000 @@ -1,36 +0,0 @@ -From: Michael Tokarev -Date: Thu, 6 Feb 2025 18:11:02 +0300 -Subject: Revert "ldb: User hexchars_upper from replace.h" -Forwarded: not-needed -Debian-Specific: yes - -This reverts commit 542cf01bfe530a83dfbc8a606d182c0a5a622059. - -This commit switched ldb code to use hexchars_upper from libreplace, -introducing circular dependency between libraries. Restore the status-quo. - ---- - lib/ldb/common/ldb_dn.c | 5 +++-- - 1 file changed, 3 insertions(+), 2 deletions(-) - -diff --git a/lib/ldb/common/ldb_dn.c b/lib/ldb/common/ldb_dn.c -index 5b8c0f4f580..1321f0d8420 100644 ---- a/lib/ldb/common/ldb_dn.c -+++ b/lib/ldb/common/ldb_dn.c -@@ -232,10 +232,11 @@ static int ldb_dn_escape_internal(char *dst, const char *src, int len) - case '\0': { - /* any others get \XX form */ - unsigned char v; -+ const char *hexbytes = "0123456789ABCDEF"; - v = (const unsigned char)c; - *d++ = '\\'; -- *d++ = hexchars_upper[v>>4]; -- *d++ = hexchars_upper[v&0xF]; -+ *d++ = hexbytes[v>>4]; -+ *d++ = hexbytes[v&0xF]; - break; - } - default: --- -2.39.5 - diff -Nru samba-4.22.6+dfsg/debian/patches/series samba-4.22.8+dfsg/debian/patches/series --- samba-4.22.6+dfsg/debian/patches/series 2025-10-16 16:19:45.000000000 +0000 +++ samba-4.22.8+dfsg/debian/patches/series 2026-02-19 12:17:34.000000000 +0000 @@ -21,6 +21,4 @@ meaningful-error-if-no-samba-ad-provision.patch meaningful-error-if-no-python3-markdown.patch ctdb-use-run-instead-of-var-run.patch -revert-ldb-use-hexchars_upper-from-replace.h.patch replace-xpg-strerror.patch -add-support-for-bind-9.20.patch diff -Nru samba-4.22.6+dfsg/docs-xml/manpages/net.8.xml samba-4.22.8+dfsg/docs-xml/manpages/net.8.xml --- samba-4.22.6+dfsg/docs-xml/manpages/net.8.xml 2025-02-20 12:58:50.509504800 +0000 +++ samba-4.22.8+dfsg/docs-xml/manpages/net.8.xml 2026-02-19 09:46:34.629000400 +0000 @@ -3261,7 +3261,7 @@ Example: - net offlinejoin requestodj -U administrator%secret loadfile=provisioning.txt + net offlinejoin requestodj loadfile=provisioning.txt diff -Nru samba-4.22.6+dfsg/docs-xml/manpages/samba-bgqd.8.xml samba-4.22.8+dfsg/docs-xml/manpages/samba-bgqd.8.xml --- samba-4.22.6+dfsg/docs-xml/manpages/samba-bgqd.8.xml 2025-02-06 10:31:53.884144800 +0000 +++ samba-4.22.8+dfsg/docs-xml/manpages/samba-bgqd.8.xml 2026-02-19 09:44:03.163994000 +0000 @@ -14,29 +14,54 @@ samba-bgqd This is an internal helper program performing - asynchronous printing-related jobs. + asynchronous printing-related tasks samba-bgqd + -D|--daemon + -i|--interactive + -F|--foreground + --no-process-group + -d <debug level> + --debug-stdout + --configfile=<configuration file> + --option=<name>=<value> + -l|--log-basename <log directory> + --ready-signal-fd <fd> + --parent-watch-fd <fd> DESCRIPTION - This tool is part of the + This program is part of the samba 7 suite. - samba-bgqd is an helper program to be spawned by smbd or - spoolssd to perform jobs like updating the printer list or - other management tasks asynchronously on demand. It is not - intended to be called by users or administrators. + samba-bgqd is not intended to be invoked + directly by users. + + Likewise, while samba-bgqd is also not + intended to be run manually by system administrators, on systems with a + large number of printers configured via CUPS, it is recommended to run + samba-bgqd as a systemd service to improve + performance and responsiveness of printing operations. + SEE ALSO + + + smbd + 8, and + smb.conf + 5. + + + AUTHOR The original Samba software and related utilities diff -Nru samba-4.22.6+dfsg/docs-xml/smbdotconf/misc/ctdbdsocket.xml samba-4.22.8+dfsg/docs-xml/smbdotconf/misc/ctdbdsocket.xml --- samba-4.22.6+dfsg/docs-xml/smbdotconf/misc/ctdbdsocket.xml 2025-02-06 10:31:53.908145000 +0000 +++ samba-4.22.8+dfsg/docs-xml/smbdotconf/misc/ctdbdsocket.xml 2026-02-19 09:46:34.629000400 +0000 @@ -4,12 +4,16 @@ function="_ctdbd_socket" xmlns:samba="http://www.samba.org/samba/DTD/samba-doc"> - If you set clustering=yes, - you need to tell Samba where ctdbd listens on its unix domain - socket. The default path as of ctdb 1.0 is /tmp/ctdb.socket which - you have to explicitly set for Samba in smb.conf. - + + In a test environment, this parameter can be used when + clustering=yes to specify an alternate + location for the CTDB Unix domain socket. + + + This parameter should not be set in production environments. If it + is not set then the (correct) build-time default is used. + -/tmp/ctdb.socket +/var/run/altctdb/ctdbd.socket diff -Nru samba-4.22.6+dfsg/lib/ldb/common/ldb_dn.c samba-4.22.8+dfsg/lib/ldb/common/ldb_dn.c --- samba-4.22.6+dfsg/lib/ldb/common/ldb_dn.c 2025-02-06 10:31:53.980145500 +0000 +++ samba-4.22.8+dfsg/lib/ldb/common/ldb_dn.c 2026-02-19 09:44:03.247994700 +0000 @@ -232,10 +232,15 @@ case '\0': { /* any others get \XX form */ unsigned char v; + /* + * Do not use libreplace for this. We don't want to have + * a hard requirement for it. + */ + const char *hexbytes = "0123456789ABCDEF"; v = (const unsigned char)c; *d++ = '\\'; - *d++ = hexchars_upper[v>>4]; - *d++ = hexchars_upper[v&0xF]; + *d++ = hexbytes[v>>4]; + *d++ = hexbytes[v&0xF]; break; } default: @@ -2100,7 +2105,7 @@ unsigned int i; struct ldb_val v2; const struct ldb_dn_extended_syntax *ext_syntax; - + if ( ! ldb_dn_validate(dn)) { return LDB_ERR_OTHER; } diff -Nru samba-4.22.6+dfsg/python/samba/provision/sambadns.py samba-4.22.8+dfsg/python/samba/provision/sambadns.py --- samba-4.22.6+dfsg/python/samba/provision/sambadns.py 2025-02-06 10:31:54.316147300 +0000 +++ samba-4.22.8+dfsg/python/samba/provision/sambadns.py 2026-02-19 09:46:34.633000400 +0000 @@ -1030,7 +1030,8 @@ bind9_14 = '' elif bind_info.upper().find('BIND 9.16') != -1: bind9_16 = '' - elif bind_info.upper().find('BIND 9.18') != -1: + elif bind_info.upper().find('BIND 9.18') != -1 \ + or bind_info.upper().find('BIND 9.20') != -1: bind9_18 = '' elif bind_info.upper().find('BIND 9.7') != -1: raise ProvisioningError("DLZ option incompatible with BIND 9.7.") diff -Nru samba-4.22.6+dfsg/selftest/target/Samba3.pm samba-4.22.8+dfsg/selftest/target/Samba3.pm --- samba-4.22.6+dfsg/selftest/target/Samba3.pm 2025-10-16 14:34:01.645333300 +0000 +++ samba-4.22.8+dfsg/selftest/target/Samba3.pm 2026-02-19 09:44:03.567996700 +0000 @@ -3722,6 +3722,9 @@ path = $recycle_shrdir vfs objects = recycle recycle : repository = .trash + recycle : keeptree = yes + recycle : touch = yes + recycle : touch_mtime = yes recycle : exclude = *.tmp recycle : directory_mode = 755 diff -Nru samba-4.22.6+dfsg/source3/libads/kerberos.c samba-4.22.8+dfsg/source3/libads/kerberos.c --- samba-4.22.6+dfsg/source3/libads/kerberos.c 2025-08-21 15:22:16.459915600 +0000 +++ samba-4.22.8+dfsg/source3/libads/kerberos.c 2026-02-19 09:44:03.623997000 +0000 @@ -1380,6 +1380,15 @@ char *enctypes = NULL; const char *include_system_krb5 = ""; mode_t mask; + /* + * The default will be 15 seconds, it can be changed in the smb.conf: + * [global] + * krb5:request_timeout = 30 + */ + int timeout_sec = lp_parm_int(-1, + "krb5", + "request_timeout", + 15 /* default */); if (!lp_create_krb5_conf()) { return false; @@ -1449,6 +1458,12 @@ file_contents = talloc_asprintf(fname, "[libdefaults]\n" +#ifdef SAMBA4_USES_HEIMDAL + "\tkdc_timeout = %d\n" +#else + "\trequest_timeout = %ds\n" + "\tudp_preference_limit = 0\n" +#endif "\tdefault_realm = %s\n" "%s" "\tdns_lookup_realm = false\n" @@ -1458,6 +1473,7 @@ "\t%s = {\n" "%s\t}\n" "%s\n", + timeout_sec, realm_upper, enctypes, realm_upper, diff -Nru samba-4.22.6+dfsg/source3/libads/ldap.c samba-4.22.8+dfsg/source3/libads/ldap.c --- samba-4.22.6+dfsg/source3/libads/ldap.c 2025-08-21 15:22:16.463915800 +0000 +++ samba-4.22.8+dfsg/source3/libads/ldap.c 2026-02-19 09:46:34.633000400 +0000 @@ -237,7 +237,7 @@ bool ads_closest_dc(ADS_STRUCT *ads) { - if (ads->config.flags & NBT_SERVER_CLOSEST) { + if (ads->config.server_flags & NBT_SERVER_CLOSEST) { DEBUG(10,("ads_closest_dc: NBT_SERVER_CLOSEST flag set\n")); return True; } @@ -344,7 +344,7 @@ sitename_store(cldap_reply->dns_domain, cldap_reply->client_site); /* Leave this until last so that the flags are not clobbered */ - ads->config.flags = cldap_reply->server_type; + ads->config.server_flags = cldap_reply->server_type; ret = true; @@ -379,7 +379,8 @@ ok = ads_cldap_netlogon_5(frame, ss, ads->server.realm, - ads->config.flags | DS_ONLY_LDAP_NEEDED, + ads->config.required_flags | + DS_ONLY_LDAP_NEEDED, &cldap_reply); if (!ok) { DBG_NOTICE("ads_cldap_netlogon_5(%s, %s) failed.\n", @@ -490,20 +491,21 @@ return status; } - status = netlogon_pings(frame, /* mem_ctx */ - lp_client_netlogon_ping_protocol(), /* proto */ - ts_list, /* servers */ - num_requests, /* num_servers */ - (struct netlogon_ping_filter){ - .ntversion = nt_version, - .domain = ads->server.realm, - .acct_ctrl = -1, - .required_flags = ads->config.flags | - DS_ONLY_LDAP_NEEDED, - }, - 1, /* wanted_servers */ - endtime, /* timeout */ - &responses); + status = netlogon_pings( + frame, /* mem_ctx */ + lp_client_netlogon_ping_protocol(), /* proto */ + ts_list, /* servers */ + num_requests, /* num_servers */ + (struct netlogon_ping_filter){ + .ntversion = nt_version, + .domain = ads->server.realm, + .acct_ctrl = -1, + .required_flags = ads->config.required_flags | + DS_ONLY_LDAP_NEEDED, + }, + 1, /* wanted_servers */ + endtime, /* timeout */ + &responses); if (!NT_STATUS_IS_OK(status)) { DBG_WARNING("netlogon_pings(realm=%s, num_requests=%zu) " "for count[%zu] - %s\n", @@ -1261,6 +1263,7 @@ if (ads->ldap_wrap_data.mem_ctx) { talloc_free(ads->ldap_wrap_data.mem_ctx); } + ads->config.server_flags = 0; ads_zero_ldap(ads); ZERO_STRUCT(ads->ldap_tls_data); ZERO_STRUCT(ads->ldap_wrap_data); @@ -3725,10 +3728,10 @@ } /* - * Reset ads->config.flags as it can contain the flags + * Reset flags as it can contain the flags * returned by the previous CLDAP ping when reusing the struct. */ - ads_s->config.flags = 0; + ads_s->config.server_flags = 0; status = ads_connect_simple_anon(ads_s); if ( !ADS_ERR_OK(status)) @@ -3814,10 +3817,10 @@ } /* - * Reset ads->config.flags as it can contain the flags + * Reset flags as it can contain the flags * returned by the previous CLDAP ping when reusing the struct. */ - ads_s->config.flags = 0; + ads_s->config.server_flags = 0; status = ads_connect_simple_anon(ads_s); if ( !ADS_ERR_OK(status)) diff -Nru samba-4.22.6+dfsg/source3/librpc/idl/ads.idl samba-4.22.8+dfsg/source3/librpc/idl/ads.idl --- samba-4.22.6+dfsg/source3/librpc/idl/ads.idl 2025-02-06 10:31:54.452148200 +0000 +++ samba-4.22.8+dfsg/source3/librpc/idl/ads.idl 2026-02-19 09:46:34.637000600 +0000 @@ -6,6 +6,7 @@ */ import "nbt.idl"; +import "netlogon.idl"; cpp_quote("#include ") @@ -51,7 +52,8 @@ } ads_auth; typedef [nopull,nopush] struct { - nbt_server_type flags; /* cldap flags identifying the services. */ + nbt_server_type server_flags; /* NBT_* cldap flags identifying the services. */ + netr_DsRGetDCName_flags required_flags; /* DS_* - Netlogon flags */ string workgroup; string realm; string bind_path; diff -Nru samba-4.22.6+dfsg/source3/libsmb/namequery_dc.c samba-4.22.8+dfsg/source3/libsmb/namequery_dc.c --- samba-4.22.6+dfsg/source3/libsmb/namequery_dc.c 2025-02-06 10:31:54.464148300 +0000 +++ samba-4.22.8+dfsg/source3/libsmb/namequery_dc.c 2026-02-19 09:46:34.637000600 +0000 @@ -109,7 +109,9 @@ } #ifdef HAVE_ADS - if (is_our_primary_domain(domain) && (ads->config.flags & NBT_SERVER_KDC)) { + if (is_our_primary_domain(domain) && + (ads->config.server_flags & NBT_SERVER_KDC)) + { if (ads_closest_dc(ads)) { /* We're going to use this KDC for this realm/domain. If we are using sites, then force the krb5 libs diff -Nru samba-4.22.6+dfsg/source3/modules/vfs_ceph_new.c samba-4.22.8+dfsg/source3/modules/vfs_ceph_new.c --- samba-4.22.6+dfsg/source3/modules/vfs_ceph_new.c 2025-10-16 14:34:01.669333500 +0000 +++ samba-4.22.8+dfsg/source3/modules/vfs_ceph_new.c 2026-02-19 09:46:34.641000500 +0000 @@ -864,13 +864,14 @@ struct statvfs *stbuf) { struct vfs_ceph_config *config = NULL; + int ret = -1; SMB_VFS_HANDLE_GET_DATA(handle, config, struct vfs_ceph_config, return -ENOMEM); - DBG_DEBUG("[CEPH] ceph_ll_statfs: ino=%" PRIu64 "\n", iref->ino); - - return config->ceph_ll_statfs_fn(config->mount, iref->inode, stbuf); + ret = config->ceph_ll_statfs_fn(config->mount, iref->inode, stbuf); + DBG_DEBUG("[CEPH] ceph_ll_statfs: ino=%" PRIu64 " ret=%d\n", iref->ino, ret); + return ret; } static int vfs_ceph_ll_getattr2(const struct vfs_handle_struct *handle, @@ -1986,23 +1987,21 @@ uint64_t *dsize) { struct statvfs statvfs_buf = { 0 }; - struct Inode *inode = NULL; int ret; struct vfs_ceph_config *config = NULL; + struct vfs_ceph_iref iref = {0}; SMB_VFS_HANDLE_GET_DATA(handle, config, struct vfs_ceph_config, return -ENOMEM); - ret = config->ceph_ll_lookup_root_fn(config->mount, &inode); + ret = vfs_ceph_iget(handle, smb_fname->base_name, 0, &iref); if (ret != 0) { - DBG_DEBUG("[CEPH] ceph_ll_lookup_root returned %d\n", ret); errno = -ret; return (uint64_t)(-1); } - ret = config->ceph_ll_statfs_fn(config->mount, inode, &statvfs_buf); - config->ceph_ll_put_fn(config->mount, inode); + ret = vfs_ceph_ll_statfs(handle, &iref, &statvfs_buf); + vfs_ceph_iput(handle, &iref); if (ret != 0) { - DBG_DEBUG("[CEPH] ceph_ll_statfs returned %d\n", ret); errno = -ret; return (uint64_t)(-1); } diff -Nru samba-4.22.6+dfsg/source3/modules/vfs_fruit.c samba-4.22.8+dfsg/source3/modules/vfs_fruit.c --- samba-4.22.6+dfsg/source3/modules/vfs_fruit.c 2025-10-16 14:34:01.669333500 +0000 +++ samba-4.22.8+dfsg/source3/modules/vfs_fruit.c 2026-02-19 09:44:03.667997400 +0000 @@ -4655,7 +4655,7 @@ DBG_DEBUG("%s\n", fsp_str_dbg(fsp)); - if (config->ignore_zero_aces && (psd->dacl->num_aces == 0)) { + if (config->ignore_zero_aces && (orig_num_aces == 0)) { /* * Just ignore Set-ACL requests with zero ACEs. */ diff -Nru samba-4.22.6+dfsg/source3/modules/vfs_recycle.c samba-4.22.8+dfsg/source3/modules/vfs_recycle.c --- samba-4.22.6+dfsg/source3/modules/vfs_recycle.c 2025-02-06 10:31:54.484148300 +0000 +++ samba-4.22.8+dfsg/source3/modules/vfs_recycle.c 2026-02-19 09:44:03.671997300 +0000 @@ -363,9 +363,9 @@ return False; } - /* + /* * Walk the components of path, looking for matches with the - * exclude list on each component. + * exclude list on each component. */ for (startp = path; startp; startp = endp) { @@ -612,7 +612,7 @@ goto done; } - if (config->keeptree) { + if (config->keeptree && !ISDOT(path_name)) { temp_name = talloc_asprintf(frame, "%s/%s", config->repository, path_name); diff -Nru samba-4.22.6+dfsg/source3/printing/print_cups.c samba-4.22.8+dfsg/source3/printing/print_cups.c --- samba-4.22.6+dfsg/source3/printing/print_cups.c 2025-02-06 10:31:54.508148400 +0000 +++ samba-4.22.8+dfsg/source3/printing/print_cups.c 2026-02-19 09:46:34.641000500 +0000 @@ -1130,6 +1130,9 @@ if (http) httpClose(http); + if (num_options) { + cupsFreeOptions(num_options, options); + } TALLOC_FREE(frame); return ret; diff -Nru samba-4.22.6+dfsg/source3/printing/printing.c samba-4.22.8+dfsg/source3/printing/printing.c --- samba-4.22.6+dfsg/source3/printing/printing.c 2025-02-06 10:31:54.508148400 +0000 +++ samba-4.22.8+dfsg/source3/printing/printing.c 2026-02-19 09:46:34.641000500 +0000 @@ -2836,7 +2836,7 @@ pjob->filename, pjob->size ? "deleted" : "zero length" )); unlink(pjob->filename); pjob_delete(global_event_context(), msg_ctx, sharename, jobid); - return NT_STATUS_OK; + goto out; } /* don't strip out characters like '$' from the printername */ @@ -2878,7 +2878,8 @@ /* make sure the database is up to date */ if (print_cache_expired(lp_const_servicename(snum), True)) print_queue_update(msg_ctx, snum, False); - +out: + talloc_free(tmp_ctx); return NT_STATUS_OK; fail: diff -Nru samba-4.22.6+dfsg/source3/printing/queue_process.c samba-4.22.8+dfsg/source3/printing/queue_process.c --- samba-4.22.6+dfsg/source3/printing/queue_process.c 2025-02-06 10:31:54.508148400 +0000 +++ samba-4.22.8+dfsg/source3/printing/queue_process.c 2026-02-19 09:44:03.699997400 +0000 @@ -265,6 +265,7 @@ DEBUG(10,("smb_conf_updated: Got message saying smb.conf was " "updated. Reloading.\n")); change_to_root_user(); + lp_load_with_shares(get_dyn_CONFIGFILE()); pcap_cache_reload(state->ev, msg_ctx, reload_pcap_change_notify); printing_subsystem_queue_tasks(state); } @@ -322,6 +323,8 @@ goto fail_free_handlers; } + /* Load shares, needed for [printers] */ + lp_load_with_shares(get_dyn_CONFIGFILE()); /* Initialize the printcap cache as soon as the daemon starts. */ pcap_cache_reload(state->ev, state->msg, reload_pcap_change_notify); diff -Nru samba-4.22.6+dfsg/source3/rpc_client/cli_pipe.c samba-4.22.8+dfsg/source3/rpc_client/cli_pipe.c --- samba-4.22.6+dfsg/source3/rpc_client/cli_pipe.c 2025-02-20 12:58:50.533505000 +0000 +++ samba-4.22.8+dfsg/source3/rpc_client/cli_pipe.c 2026-02-19 09:46:34.645000500 +0000 @@ -3624,7 +3624,7 @@ } if (local_server_name == NULL) { - local_server_name = get_myname(result); + local_server_name = get_myname(frame); } if (local_server_addr != NULL) { diff -Nru samba-4.22.6+dfsg/source3/rpc_server/mdssvc/es_parser.y samba-4.22.8+dfsg/source3/rpc_server/mdssvc/es_parser.y --- samba-4.22.6+dfsg/source3/rpc_server/mdssvc/es_parser.y 2025-10-16 14:34:01.673333600 +0000 +++ samba-4.22.8+dfsg/source3/rpc_server/mdssvc/es_parser.y 2026-02-19 09:44:03.715997700 +0000 @@ -219,6 +219,13 @@ } else { $$ = map_expr($3, '~', $5, $7); } +} +| FUNC_INRANGE OBRACE attribute COMMA isodate COMMA isodate CBRACE { + if ($3 == NULL) { + $$ = NULL; + } else { + $$ = map_expr($3, '~', $5, $7); + } }; attribute: @@ -412,7 +419,7 @@ end = ")"; break; default: - DBG_ERR("Mapping fts [%s] unexpected op [%c]\n", val, op); + DBG_DEBUG("Mapping fts [%s] unexpected op [%c]\n", val, op); return NULL; } @@ -487,15 +494,16 @@ static char *map_sldate_to_esdate(TALLOC_CTX *mem_ctx, const char *sldate) { + char *endp = NULL; struct tm *tm = NULL; char *esdate = NULL; char buf[21]; size_t len; time_t t; - int error; - t = (time_t)smb_strtoull(sldate, NULL, 10, &error, SMB_STR_STANDARD); - if (error != 0) { + errno = 0; + t = (time_t)strtoll(sldate, &endp, 10); + if (*sldate == '\0' || endp == sldate || *endp != '\0' || errno != 0) { DBG_ERR("smb_strtoull [%s] failed\n", sldate); return NULL; } @@ -508,7 +516,7 @@ } len = strftime(buf, sizeof(buf), - "%Y-%m-%dT%H:%M:%SZ", tm); + "%4Y-%m-%dT%H:%M:%SZ", tm); if (len != 20) { DBG_ERR("strftime [%s] failed\n", sldate); return NULL; diff -Nru samba-4.22.6+dfsg/source3/rpc_server/mdssvc/mdssvc_es.c samba-4.22.8+dfsg/source3/rpc_server/mdssvc/mdssvc_es.c --- samba-4.22.6+dfsg/source3/rpc_server/mdssvc/mdssvc_es.c 2025-10-16 14:34:01.673333600 +0000 +++ samba-4.22.8+dfsg/source3/rpc_server/mdssvc/mdssvc_es.c 2026-02-19 09:46:34.645000500 +0000 @@ -108,10 +108,12 @@ } TALLOC_FREE(default_path); - mdssvc_es_ctx->default_fields = lp_parm_const_string(GLOBAL_SECTION_SNUM, - "elasticsearch", - "default_fields", - default_fields); + default_fields = lp_parm_const_string(GLOBAL_SECTION_SNUM, + "elasticsearch", + "default_fields", + default_fields); + mdssvc_es_ctx->default_fields = talloc_strdup(mdssvc_es_ctx, + default_fields); if (mdssvc_es_ctx->default_fields == NULL) { TALLOC_FREE(mdssvc_es_ctx); return false; diff -Nru samba-4.22.6+dfsg/source3/rpc_server/mdssvc/test_mdsparser_es.c samba-4.22.8+dfsg/source3/rpc_server/mdssvc/test_mdsparser_es.c --- samba-4.22.6+dfsg/source3/rpc_server/mdssvc/test_mdsparser_es.c 2025-10-16 14:34:01.673333600 +0000 +++ samba-4.22.8+dfsg/source3/rpc_server/mdssvc/test_mdsparser_es.c 2026-02-19 09:44:03.715997700 +0000 @@ -54,6 +54,20 @@ "kMDItemFSContentChangeDate==$time.iso(2018-10-01T10:00:00Z)", "file.last_modified:2018\\\\-10\\\\-01T10\\\\:00\\\\:00Z" }, { + "kMDItemFSContentChangeDate==$time.iso(1960-10-01T10:00:00Z)", + "file.last_modified:1960\\\\-10\\\\-01T10\\\\:00\\\\:00Z" +#ifdef __LP64__ + }, { + "kMDItemFSContentChangeDate==$time.iso(1000-10-01T10:00:00Z)", + "file.last_modified:1000\\\\-10\\\\-01T10\\\\:00\\\\:00Z" + }, { + "kMDItemFSContentChangeDate==$time.iso(0000-10-01T10:00:00Z)", + "file.last_modified:0000\\\\-10\\\\-01T10\\\\:00\\\\:00Z" + }, { + "kMDItemFSContentChangeDate==$time.iso(9999-10-01T10:00:00Z)", + "file.last_modified:9999\\\\-10\\\\-01T10\\\\:00\\\\:00Z" +#endif + }, { "kMDItemFSContentChangeDate==\"1\"", "file.last_modified:2001\\\\-01\\\\-01T00\\\\:00\\\\:01Z" }, { @@ -155,6 +169,9 @@ }, { "InRange(kMDItemFSSize,1,2)", "file.filesize:[1 TO 2]" + }, { + "InRange(kMDItemContentCreationDate,$time.iso(2024-12-31T23:00:00Z),$time.iso(2025-12-31T23:00:00Z))", + "file.created:[2024\\\\-12\\\\-31T23\\\\:00\\\\:00Z TO 2025\\\\-12\\\\-31T23\\\\:00\\\\:00Z]" } }; diff -Nru samba-4.22.6+dfsg/source3/script/tests/test_recycle.sh samba-4.22.8+dfsg/source3/script/tests/test_recycle.sh --- samba-4.22.6+dfsg/source3/script/tests/test_recycle.sh 2025-02-06 10:31:54.548148600 +0000 +++ samba-4.22.8+dfsg/source3/script/tests/test_recycle.sh 2026-02-19 09:44:03.735997700 +0000 @@ -42,6 +42,7 @@ cd "$share_test_dir" || return rm -f testfile1 rm -f testfile2.tmp + rm -f test_mtime rm -rf .trash ) ( @@ -117,6 +118,38 @@ return 0 } +test_touch() +{ + tmpfile=$PREFIX/test_mtime + touch "$tmpfile" + if ! $SMBCLIENT -U$USERNAME%$PASSWORD //$SERVER/recycle -I$SERVER_IP $ADDARGS -c "put $tmpfile test_mtime" ; then + printf "failed recycle smbclient" + return 1 + fi + rm -f "$tmpfile" + atime1=`stat -c '%x' "$share_test_dir/test_mtime"` + mtime1=`stat -c '%y' "$share_test_dir/test_mtime"` + if ! $SMBCLIENT -U$USERNAME%$PASSWORD //$SERVER/recycle -I$SERVER_IP $ADDARGS -c 'del test_mtime' ; then + printf "failed recycle smbclient" + return 1 + fi + test -e "$share_test_dir/.trash/test_mtime" || { + printf ".trash/test_mtime expected to exist but does NOT exist\n" + return 1 + } + atime2=`stat -c '%x' "$share_test_dir/.trash/test_mtime"` + mtime2=`stat -c '%y' "$share_test_dir/.trash/test_mtime"` + test "$atime1" != "$atime2" || { + printf "recycle:touch failed: atime should differ: $atime1, $atime2\n" + return 1 + } + test "$mtime1" != "$mtime2" || { + printf "recycle:touch_mtime failed: mtime should differ: $mtime1, $mtime2\n" + return 1 + } + return 0 +} + test_recycle_crossrename() { tmpfile=$PREFIX/smbclient_interactive_prompt_commands @@ -168,6 +201,10 @@ test_recycle || failed=$((failed + 1)) +testit "recycle_touch" \ + test_touch || + failed=$((failed + 1)) + testit "recycle_crossrename" \ test_recycle_crossrename || failed=$((failed + 1)) diff -Nru samba-4.22.6+dfsg/source3/script/tests/test_winbind_cache_sanity.sh samba-4.22.8+dfsg/source3/script/tests/test_winbind_cache_sanity.sh --- samba-4.22.6+dfsg/source3/script/tests/test_winbind_cache_sanity.sh 1970-01-01 00:00:00.000000000 +0000 +++ samba-4.22.8+dfsg/source3/script/tests/test_winbind_cache_sanity.sh 2026-02-19 09:44:03.743997800 +0000 @@ -0,0 +1,112 @@ +#!/bin/sh + +if [ $# -lt 2 ]; then + cat <conn; + struct files_struct *fsp = NULL; + struct smb_filename *full_fname = NULL; + struct vfs_open_how how = { .flags = O_NOFOLLOW, }; + struct smb_filename *dot = NULL; + NTSTATUS status; + int fd; + +#ifdef O_DIRECTORY + how.flags |= O_DIRECTORY; +#endif + +#ifdef O_PATH + how.flags |= O_PATH; +#else + how.flags |= (O_RDONLY | O_NONBLOCK); +#endif + + dot = synthetic_smb_fname(mem_ctx, ".", NULL, NULL, 0, flags); + if (dot == NULL) { + return NT_STATUS_NO_MEMORY; + } + + status = fsp_new(conn, conn, &fsp); + if (!NT_STATUS_IS_OK(status)) { + DBG_DEBUG("fsp_new() failed: %s\n", nt_errstr(status)); + return status; + } + + GetTimeOfDay(&fsp->open_time); + fsp_set_gen_id(fsp); + ZERO_STRUCT(conn->sconn->fsp_fi_cache); + + fsp->fsp_flags.is_pathref = true; + + full_fname = full_path_from_dirfsp_atname(conn, dirfsp, dot); + if (full_fname == NULL) { + DBG_DEBUG("full_path_from_dirfsp_atname(%s/%s) failed\n", + dirfsp->fsp_name->base_name, + dot->base_name); + file_free(NULL, fsp); + return NT_STATUS_NO_MEMORY; + } + + status = fsp_attach_smb_fname(fsp, &full_fname); + if (!NT_STATUS_IS_OK(status)) { + DBG_DEBUG("fsp_attach_smb_fname(fsp, %s) failed: %s\n", + smb_fname_str_dbg(full_fname), + nt_errstr(status)); + file_free(NULL, fsp); + return status; + } + + fd = SMB_VFS_OPENAT(conn, dirfsp, dot, fsp, &how); + if (fd == -1) { + status = map_nt_error_from_unix(errno); + DBG_DEBUG("smb_vfs_openat(%s/%s) failed: %s\n", + dirfsp->fsp_name->base_name, + dot->base_name, + strerror(errno)); + file_free(NULL, fsp); + return status; + } + + fsp_set_fd(fsp, fd); + + status = vfs_stat_fsp(fsp); + + if (!NT_STATUS_IS_OK(status)) { + DBG_DEBUG("vfs_stat_fsp(\"/\") failed: %s\n", + nt_errstr(status)); + fd_close(fsp); + file_free(NULL, fsp); + return status; + } + + fsp->fsp_flags.is_directory = S_ISDIR(fsp->fsp_name->st.st_ex_mode); + fsp->fsp_flags.posix_open = + ((dot->flags & SMB_FILENAME_POSIX_PATH) != 0); + fsp->file_id = vfs_file_id_from_sbuf(conn, &fsp->fsp_name->st); + + dot->st = fsp->fsp_name->st; + + status = fsp_smb_fname_link(fsp, + &dot->fsp_link, + &dot->fsp); + if (!NT_STATUS_IS_OK(status)) { + DBG_DEBUG("fsp_smb_fname_link() failed: %s\n", + nt_errstr(status)); + fd_close(fsp); + file_free(NULL, fsp); + return status; + } + + DBG_DEBUG("fsp [%s]: OK, fd=%d\n", fsp_str_dbg(fsp), fd); + + talloc_set_destructor(dot, smb_fname_fsp_destructor); + + *_dot = dot; + + return NT_STATUS_OK; +} + void smb_fname_fsp_unlink(struct smb_filename *smb_fname) { talloc_set_destructor(smb_fname, NULL); diff -Nru samba-4.22.6+dfsg/source3/smbd/proto.h samba-4.22.8+dfsg/source3/smbd/proto.h --- samba-4.22.6+dfsg/source3/smbd/proto.h 2025-06-05 15:38:33.770581000 +0000 +++ samba-4.22.8+dfsg/source3/smbd/proto.h 2026-02-19 09:44:03.759997800 +0000 @@ -402,6 +402,10 @@ NTSTATUS openat_pathref_fsp_lcomp(struct files_struct *dirfsp, struct smb_filename *smb_fname_rel, uint32_t ucf_flags); +NTSTATUS openat_pathref_fsp_dot(TALLOC_CTX *mem_ctx, + struct files_struct *dirfsp, + uint32_t flags, + struct smb_filename **_dot); NTSTATUS readlink_talloc( TALLOC_CTX *mem_ctx, struct files_struct *dirfsp, diff -Nru samba-4.22.6+dfsg/source3/smbd/smb2_oplock.c samba-4.22.8+dfsg/source3/smbd/smb2_oplock.c --- samba-4.22.6+dfsg/source3/smbd/smb2_oplock.c 2025-06-05 15:38:33.770581000 +0000 +++ samba-4.22.8+dfsg/source3/smbd/smb2_oplock.c 2026-02-19 09:46:34.645000500 +0000 @@ -1316,6 +1316,10 @@ int ret; bool ok; + if (!lp_smb3_directory_leases()) { + return; + } + if (lease != NULL) { DBG_DEBUG("Parent leasekey %"PRIx64"/%"PRIx64"\n", lease->parent_lease_key.data[0], diff -Nru samba-4.22.6+dfsg/source3/winbindd/winbindd_cache.c samba-4.22.8+dfsg/source3/winbindd/winbindd_cache.c --- samba-4.22.6+dfsg/source3/winbindd/winbindd_cache.c 2025-02-06 10:31:54.616149200 +0000 +++ samba-4.22.8+dfsg/source3/winbindd/winbindd_cache.c 2026-02-19 09:44:03.819998300 +0000 @@ -505,8 +505,8 @@ return NT_STATUS_OK; } -bool wcache_store_seqnum(const char *domain_name, uint32_t seqnum, - time_t last_seq_check) +static bool wcache_store_seqnum(const char *domain_name, uint32_t seqnum, + time_t last_seq_check) { size_t len = strlen(domain_name); char keystr[len+8]; @@ -3167,10 +3167,40 @@ return true; } -static bool init_wcache(void) +static TDB_CONTEXT *wcache_open(void) { char *db_path; + TDB_CONTEXT *tdb = NULL; + bool wcache_wiped = !lp_winbind_offline_logon(); + db_path = wcache_path(); + if (db_path == NULL) { + return NULL; + } + + /* when working offline we must not clear the cache on restart */ + tdb = tdb_open_log(db_path, + WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE, + TDB_INCOMPATIBLE_HASH | + (lp_winbind_offline_logon() + ? TDB_DEFAULT + : (TDB_DEFAULT | + TDB_CLEAR_IF_FIRST)), + O_RDWR | O_CREAT, + 0600); + TALLOC_FREE(db_path); + + if (wcache_wiped) { + tdb_store_uint32(tdb, + WINBINDD_CACHE_VERSION_KEYSTR, + WINBINDD_CACHE_VERSION); + } + + return tdb; +} + +static bool init_wcache(void) +{ if (wcache == NULL) { wcache = SMB_XMALLOC_P(struct winbind_cache); ZERO_STRUCTP(wcache); @@ -3179,23 +3209,19 @@ if (wcache->tdb != NULL) return true; - db_path = wcache_path(); - if (db_path == NULL) { - return false; - } - - /* when working offline we must not clear the cache on restart */ - wcache->tdb = tdb_open_log(db_path, - WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE, - TDB_INCOMPATIBLE_HASH | - (lp_winbind_offline_logon() ? TDB_DEFAULT : (TDB_DEFAULT | TDB_CLEAR_IF_FIRST)), - O_RDWR|O_CREAT, 0600); - TALLOC_FREE(db_path); + wcache->tdb = wcache_open(); if (wcache->tdb == NULL) { DBG_ERR("Failed to open winbindd_cache.tdb!\n"); return false; } + /* + * Create a dummy SEQNUM entry early, otherwise every call via the + * winbind NDR interface will fail to call wcache_store_ndr() when there + * is no SEQNUM present already + */ + wcache_store_seqnum(lp_workgroup(), 0, 0); + return true; } @@ -3205,7 +3231,7 @@ only opener. ************************************************************************/ -bool initialize_winbindd_cache(void) +static bool initialize_winbindd_cache(void) { bool cache_bad = false; uint32_t vers = 0; @@ -3390,8 +3416,6 @@ /* flush the cache */ static void wcache_flush_cache(void) { - char *db_path; - if (!wcache) return; if (wcache->tdb) { @@ -3402,18 +3426,7 @@ return; } - db_path = wcache_path(); - if (db_path == NULL) { - return; - } - - /* when working offline we must not clear the cache on restart */ - wcache->tdb = tdb_open_log(db_path, - WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE, - TDB_INCOMPATIBLE_HASH | - (lp_winbind_offline_logon() ? TDB_DEFAULT : (TDB_DEFAULT | TDB_CLEAR_IF_FIRST)), - O_RDWR|O_CREAT, 0600); - TALLOC_FREE(db_path); + wcache->tdb = wcache_open(); if (!wcache->tdb) { DBG_ERR("Failed to open winbindd_cache.tdb!\n"); return; @@ -4239,14 +4252,7 @@ goto done; } - tdb = tdb_open_log(tdb_path, - WINBINDD_CACHE_TDB_DEFAULT_HASH_SIZE, - TDB_INCOMPATIBLE_HASH | - ( lp_winbind_offline_logon() - ? TDB_DEFAULT - : TDB_DEFAULT | TDB_CLEAR_IF_FIRST ), - O_RDWR|O_CREAT, - 0600); + tdb = wcache_open(); if (!tdb) { DBG_ERR("winbindd_validate_cache: " "error opening/initializing tdb\n"); diff -Nru samba-4.22.6+dfsg/source3/winbindd/winbindd_cm.c samba-4.22.8+dfsg/source3/winbindd/winbindd_cm.c --- samba-4.22.6+dfsg/source3/winbindd/winbindd_cm.c 2025-08-21 15:22:16.475915700 +0000 +++ samba-4.22.8+dfsg/source3/winbindd/winbindd_cm.c 2026-02-19 09:46:34.649000600 +0000 @@ -1061,7 +1061,7 @@ ads_status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY); goto out; } - ads->config.flags |= request_flags; + ads->config.required_flags |= request_flags; ads->server.no_fallback = true; ads_status = ads_connect_cldap_only(ads); @@ -1077,9 +1077,9 @@ } namecache_store(name, 0x20, 1, sa); - DBG_DEBUG("CLDAP flags = 0x%"PRIx32"\n", ads->config.flags); + DBG_DEBUG("CLDAP flags = 0x%" PRIx32 "\n", ads->config.server_flags); - if (domain->primary && (ads->config.flags & NBT_SERVER_KDC)) { + if (domain->primary && (ads->config.server_flags & NBT_SERVER_KDC)) { if (ads_closest_dc(ads)) { char *sitename = sitename_fetch(tmp_ctx, ads->config.realm); diff -Nru samba-4.22.6+dfsg/source3/winbindd/winbindd_proto.h samba-4.22.8+dfsg/source3/winbindd/winbindd_proto.h --- samba-4.22.6+dfsg/source3/winbindd/winbindd_proto.h 2025-08-21 15:22:16.479915600 +0000 +++ samba-4.22.8+dfsg/source3/winbindd/winbindd_proto.h 2026-02-19 09:44:03.823998200 +0000 @@ -143,7 +143,6 @@ const struct dom_sid *user_sid); bool wcache_invalidate_cache(void); bool wcache_invalidate_cache_noinit(void); -bool initialize_winbindd_cache(void); void close_winbindd_cache(void); bool lookup_cached_sid(TALLOC_CTX *mem_ctx, const struct dom_sid *sid, char **domain_name, char **name, @@ -178,8 +177,6 @@ bool wcache_tdc_add_domain( struct winbindd_domain *domain ); struct winbindd_tdc_domain * wcache_tdc_fetch_domain( TALLOC_CTX *ctx, const char *name ); void wcache_tdc_clear( void ); -bool wcache_store_seqnum(const char *domain_name, uint32_t seqnum, - time_t last_seq_check); bool wcache_fetch_ndr(TALLOC_CTX *mem_ctx, struct winbindd_domain *domain, uint32_t opnum, const DATA_BLOB *req, DATA_BLOB *resp); void wcache_store_ndr(struct winbindd_domain *domain, uint32_t opnum, diff -Nru samba-4.22.6+dfsg/source4/setup/named.conf.dlz samba-4.22.8+dfsg/source4/setup/named.conf.dlz --- samba-4.22.6+dfsg/source4/setup/named.conf.dlz 2025-02-06 10:31:55.560154700 +0000 +++ samba-4.22.8+dfsg/source4/setup/named.conf.dlz 2026-02-19 09:46:34.649000600 +0000 @@ -30,8 +30,8 @@ # For BIND 9.16.x ${BIND9_16} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_16.so"; - # - # For BIND 9.18.x + + # For BIND 9.18.x and 9.20.x ${BIND9_18} database "dlopen ${MODULESDIR}/bind9/dlz_bind9_18.so"; };