Update samba to version 4.15.9 #142
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
and re-enable GIT_SNAPSHOT. Signed-off-by: Jule Anger <janger@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15054 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 756cd0e)
This address an issue if sssd is running and handling nsswitch. If we look up
a user with getpwnam("DOMAIN\user") it will return user@REALM in the passwd
structure. We need to be able to deal with that.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15054
Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 2a03fb9)
Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit ed8e466)
This will be changed to support UPNs too in the next patch. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15054 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 2690310)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15054 Signed-off-by: Andreas Schneider <asn@cryptomilk.org> Reviewed-by: Jeremy Allison <jra@samba.org> (cherry picked from commit 28fc44f) Autobuild-User(v4-15-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-15-test): Thu Apr 28 08:45:28 UTC 2022 on sn-devel-184
Setting gpfs:recalls=no should prevent data access to offline files. Since Samba 4.14, the VFS openat function is also called with O_PATH to get a reference to the path. These accesses should not be blocked, otherwise this would prevent offline files from being included in directory listings. Fix this by skipping the check for pathref fds. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15055 Signed-off-by: Christof Schmitt <cs@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Autobuild-User(master): Ralph Böhme <slow@samba.org> Autobuild-Date(master): Thu Apr 28 07:59:47 UTC 2022 on sn-devel-184 (cherry picked from commit 03d0dd2) Autobuild-User(v4-15-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-15-test): Mon May 2 07:55:37 UTC 2022 on sn-devel-184
Passes against Windows. Shows that Windows allows a durable handle on a leased open for READ_ATTRUBUTES only (a stat open). Mark as knownfail for now. NB. Not sure why we are testing smb2.durable-open against ad_dc as that provisioning has "smb2 leases = no" which precludes granting durable handles. Not changing for this bug but this should be looked at in future. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15042 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (cherry picked from commit bb329d4)
Remove knownfail. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15042 Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> (back-ported from commit fe7daae) Autobuild-User(v4-15-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-15-test): Mon May 9 07:29:28 UTC 2022 on sn-devel-184
./third_party/waf/update.sh Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> (cherry picked from commit e41bc0f)
New in waf 2.0.22 * Fix stdin propagation with faulty vcvarsall scripts #2315 * Enable mixing Unix-style paths with destdir on Windows platforms #2337 * Fix shell escaping unit test parameters #2314 * Improve extras/clang_compilation_database and extras/swig compatibility #2336 * Propagate C++ flags to the Cuda compiler in extras/cuda #2311 * Fix detection of Qt 5.0.0 (preparation for Qt6) #2331 * Enable Haxe processing #2308 * Fix regression in MACOSX_DEPLOYMENT_TARGET caused by distutils #2330 * Fix extras/wafcache concurrent trimming issues #2312 * Fix extras/wafcache symlink handling #2327 The import was done like this: ./third_party/waf/update.sh Then changing buildtools/bin/waf and buildtools/wafsamba/wafsamba.py by hand. Pair-Programmed-With: Stefan Metzmacher <metze@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu Sep 2 21:22:17 UTC 2021 on sn-devel-184 (cherry picked from commit 59ed099)
…ript Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> (cherry picked from commit 6b8d30e)
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Alexander Bokovoy <ab@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon Feb 21 10:06:27 UTC 2022 on sn-devel-184 (cherry picked from commit fb17557)
This fixes building of python libraries with Python 3.11! BUG: https://bugzilla.samba.org/show_bug.cgi?id=15071 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Mon May 23 09:34:51 UTC 2022 on sn-devel-184 (cherry picked from commit d19dfe1)
Before commit 1d066f3, when the LDAP connection wasn't established yet (ads->ldap.ld == NULL), the ads_current_time() function always allocated and initialized a new ADS_STRUCT even when ads->ldap.ss had a good address after having called ads_find_dc(). After that commit, when the ADS_STRUCT is reused and passed to the ads_connect() call, ads_try_connect() may fail depending on the contacted DC because ads->config.flags field can contain the flags returned by the previous CLDAP call. For example, when having 5 DCs: * 192.168.101.31 has PDC FSMO role * 192.168.101.32 * 192.168.101.33 * 192.168.101.34 * 192.168.101.35 $> net ads info -S 192.168.101.35 net_ads_info() ads_startup_nobind() ads_startup_int() ads_init() ads_connect() ads_try_connect(192.168.101.35) check_cldap_reply_required_flags(returned=0xF1FC, required=0x0) ads_current_time() ads_connect() ads_try_connect(192.168.101.35) check_cldap_reply_required_flags(returned=0xF1FC, required=0xF1FC) The check_cldap_reply_required_flags() call fails because ads->config.flags contain the flags returned by the previous CLDAP call, even when the returned and required values match because they have different semantics: if (req_flags & DS_PDC_REQUIRED) RETURN_ON_FALSE(ret_flags & NBT_SERVER_PDC); translates to: if (0xF1FC & 0x80) RETURN_ON_FALSE(0xF1FC & 0x01); which returns false because 192.168.101.35 has no PDC FSMO role. The easiest fix for now is to reset ads->config.flags in ads_current_time() when reusing an ADS_STRUCT before calling ads_connect(), but we should consider storing the required and returned flags in different fields or at least use the same bitmap for them because check_cldap_reply_required_flags() is checking a netr_DsRGetDCName_flags value using the nbt_server_type bitmap. BUG: https://bugzilla.samba.org/show_bug.cgi?id=14674 Signed-off-by: Samuel Cabrero <scabrero@samba.org> Reviewed-by: Ralph Boehme <slow@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Mon May 23 19:18:38 UTC 2022 on sn-devel-184 (cherry picked from commit a26f535) Autobuild-User(v4-15-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-15-test): Mon May 30 10:11:03 UTC 2022 on sn-devel-184
Best viewed with git show -w. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org> (cherry picked from commit a0f7ced)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org> (cherry picked from commit ad06d80)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org> (cherry picked from commit 5f4625a)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org> (cherry picked from commit c26efe0)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org> (cherry picked from commit 3764be7)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org> (cherry picked from commit ac45864)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org> (cherry picked from commit 1b2c70f)
Adds handle based version of gpfswrap_getacl(). BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org> (cherry picked from commit d373ff3)
Replaces path based gpfswrap_getacl() with handle based version
gpfswrap_fgetacl(). When dealing with files in snapshots fsp->fsp_name points to
the active dataset, which will cause ENOENT failures if files are deleted there
any only present in the snapshot:
[2022/05/06 11:32:55.233435, 4, pid=12962, effective(1460548, 273710), real(1460548, 0)]
calling open_file with flags=0x0 flags2=0x800 mode=0644, access_mask = 0x80, open_access_mask = 0x80
[2022/05/06 11:32:55.233460, 10, pid=12962, effective(1460548, 273710), real(1460548, 0), class=vfs]
gpfs_get_nfs4_acl invoked for dir/subdir/file.txt
[2022/05/06 11:32:55.233495, 5, pid=12962, effective(1460548, 273710), real(1460548, 0), class=vfs]
smbd_gpfs_getacl failed with No such file or directory
[2022/05/06 11:32:55.233521, 9, pid=12962, effective(1460548, 273710), real(1460548, 0), class=vfs]
gpfs_getacl failed for dir/subdir/file.txt with No such file or directory
[2022/05/06 11:32:55.233546, 10, pid=12962, effective(1460548, 273710), real(1460548, 0)]
smbd_check_access_rights_fsp: Could not get acl on dir/subdir/file.txt {@GMT-2022.05.04-11.58.53}: NT_STATUS_OBJECT_NAME_NOT_FOUND
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
(cherry picked from commit a0dc4c9)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org> (cherry picked from commit 9172c5f)
Fixes detecting offline flag for files in snapshot – no idea if this is actually expected. Replaces path based gpfswrap_get_winattrs_path() with handle based version gpfswrap_get_winattrs(). When dealing with files in snapshots fsp->fsp_name points to the active dataset, which will cause ENOENT failures if files are deleted there any only present in the snapshot. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org> (cherry picked from commit 8ae672f)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15069 Signed-off-by: Ralph Boehme <slow@samba.org> Reviewed-by: Christof Schmitt <cs@samba.org> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Fri Jun 3 21:53:31 UTC 2022 on sn-devel-184 (cherry picked from commit 3bd7539) Autobuild-User(v4-15-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-15-test): Thu Jun 9 09:53:47 UTC 2022 on sn-devel-184
regedit_hexedit.c:166:39: error: format ‘%X’ expects argument of type ‘unsigned
int’, but argument 3 has type ‘size_t’ {aka ‘long unsigned int’}
166 | wprintw(buf->win, "%08X ", off);
| ~~~^ ~~~
| | |
| | size_t {aka long unsigned int}
| unsigned int
| %08lX
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit cc3081c)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15091
Reviewed-by: Stefan Metzmacher <metze@samba.org>
* Fix build problems BUG: https://bugzilla.samba.org/show_bug.cgi?id=15071 Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(v4-15-test): Stefan Metzmacher <metze@samba.org> Autobuild-Date(v4-15-test): Thu Jun 9 15:02:57 UTC 2022 on sn-devel-184
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14443 Signed-off-by: Robert Sprowson <webpages@sprow.co.uk> Reviewed-by: Jeremy Allison <jra@samba.org> Reviewed-by: Noel Power <noel.power@suse.com> Autobuild-User(master): Jeremy Allison <jra@samba.org> Autobuild-Date(master): Wed Jun 8 19:50:08 UTC 2022 on sn-devel-184 (cherry picked from commit 174a76c) Autobuild-User(v4-15-test): Jule Anger <janger@samba.org> Autobuild-Date(v4-15-test): Fri Jun 10 08:29:52 UTC 2022 on sn-devel-184
View with 'git show -b'. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
…th MIT kpasswd BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047 Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz> [jsutton@samba.org Adapted entry to entry_ex->entry]
…ction BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> [jsutton@samba.org Adapted entry to entry_ex->entry] [jsutton@samba.org Fixed conflicts caused by superfluous whitespace]
This eliminates some duplicate branches. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Pair-Programmed-With: Andreas Schneider <asn@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>
Since this principal goes through the samba_kdc_fetch_server() path, setting the canonicalisation flag would cause the principal to be replaced with the sAMAccountName; this meant requests to kadmin/changepw@REALM would result in a ticket to krbtgt@REALM. Now we properly handle canonicalisation for the kadmin/changepw principal. View with 'git show -b'. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047 Pair-Programmed-With: Andreas Schneider <asn@samba.org> Signed-off-by: Andreas Schneider <asn@samba.org> Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> [jsutton@samba.org Adapted entry to entry_ex->entry; removed MIT KDC 1.20-specific knownfails]
… less This matches the behaviour of Windows. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> [jsutton@samba.org Adapted entry to entry_ex->entry; included samba_kdc.h header file]
…heir life For Heimdal, this now matches the behaviour of Windows. The object of this requirement is to ensure we don't allow kpasswd tickets, not having a lifetime of more than two minutes, to be passed off as TGTs. An existing requirement for TGTs to contain a REQUESTER_SID PAC buffer suffices to prevent kpasswd ticket misuse, so this is just an additional precaution on top. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> [jsutton@samba.org As we don't have access to the ticket or the request in the plugin, rewrote check directly in Heimdal KDC]
We should not be able to use krb@REALM instead of krbtgt@REALM. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> [jsutton@samba.org Fixed conflicts due to having older version of _run_as_req_enc_timestamp()]
We would only compare the first 'n' characters, where 'n' is the length of the principal component string, so 'k@REALM' would erroneously be considered equal to 'krbtgt@REALM'. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
This makes explicitly clear the purpose of this keytab. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> [jsutton@samba.org Fixed conflicts due to lacking HDBGET support]
It appears we no longer require it. Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
…cipal This plugin is now only used by the kpasswd service. Thus, ensuring we only look up the kadmin/changepw principal means we can't be fooled into accepting tickets for other service principals. We make sure not to specify a specific kvno, to ensure that we do not accept RODC-issued tickets. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> [jsutton@samba.org Fixed knownfail conflicts] [jsutton@samba.org Renamed entry to entry_ex; fixed knownfail conflicts; retained knownfail for test_kpasswd_from_rodc which now causes the KDC to panic]
…l into krb5_rd_req_ctx() To ensure that, when decrypting the kpasswd ticket, we look up the correct principal and don't trust the sname from the ticket, we should pass the principal name of the kpasswd service into krb5_rd_req_ctx(). However, gensec_krb5_update_internal() will pass in NULL unless the principal in our credentials is CRED_SPECIFIED. At present, our principal will be considered obtained as CRED_SMB_CONF (from the cli_credentials_set_conf() a few lines up), so we explicitly set the realm again, but this time as CRED_SPECIFIED. Now the value of server_in_keytab that we provide to smb_krb5_rd_req_decoded() will not be NULL. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15074 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> [jsutton@samba.org Removed knownfail as KDC no longer panics]
…asswd The kpasswd service should require a kpasswd service ticket, and disallow TGTs. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> [jsutton@samba.org Fixed knownfail conflicts] [jsutton@samba.org Fixed knownfail conflicts]
…th_session_info This field may be used to convey whether we were provided with a TGT or a non-TGT. We ensure both structures are zeroed out to avoid incorrect results being produced by an uninitialised field. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
We use the presence or absence of a REQUESTER_SID PAC buffer to determine whether the ticket is a TGT. We will later use this to reject TGTs where a service ticket is expected. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org>
If TGTs can be used as kpasswd tickets, the two-minute lifetime of a authentic kpasswd ticket may be bypassed. Furthermore, kpasswd tickets are not supposed to be cached, but using this flaw, a stolen credentials cache containing a TGT may be used to change that account's password, and thus is made more valuable to an attacker. Since all TGTs should be issued with a REQUESTER_SID PAC buffer, and service tickets without it, we assert the absence of this buffer to ensure we're not accepting a TGT. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047 BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz> Reviewed-by: Andreas Schneider <asn@samba.org> [jsutton@samba.org Fixed knownfail conflicts] [jsutton@samba.org Fixed knownfail conflicts]
…coming trust We ensure that the KDC does not reject a TGS-REQ with our short-lived TGT over an incoming trust. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047 Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reproduces the test code in: BUG: https://bugzilla.samba.org/show_bug.cgi?id=15085 Add knownfail. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
Fixes the raw.write.bad-write test. NB. We need the two (==0) changes in source3/smbd/reply.c as the gcc optimizer now knows that the return from smbreq_bufrem() can never be less than zero. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15085 Remove knownfail. Signed-off-by: Jeremy Allison <jra@samba.org> Reviewed-by: David Disseldorp <ddiss@samba.org>
Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Jule Anger <janger@samba.org>
samba: tag release samba-4.15.9
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
https://www.samba.org/samba/history/samba-4.15.9.html