[Pkg-samba-maint] [Git][samba-team/samba][master] 113 commits: libsmbclient: Allow server (NetApp) to return STATUS_INVALID_PARAMETER from an echo.

Mathieu Parent gitlab at salsa.debian.org
Wed Jan 10 21:37:01 UTC 2018 

Mathieu Parent pushed to branch master at Debian Samba Team / samba


Commits:
6f184288 by Jeremy Allison at 2017-11-20T13:10:11+01:00
libsmbclient: Allow server (NetApp) to return STATUS_INVALID_PARAMETER from an echo.

It does this if we send a session ID of zero. The server still replied.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13007

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Nov 11 08:44:37 CET 2017 on sn-devel-144

(cherry picked from commit a0f6ea8dec1ab3d19bc93da12a9b0a1c0ccf6142)

- - - - -
7b28a97a by Jeremy Allison at 2017-11-20T17:19:21+01:00
s3: libsmb: smbc_statvfs is missing the supporting SMB2 calls.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13138

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit eefc7a27155b70d027b1193187dd435267d863ea)

Autobuild-User(v4-7-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-7-test): Mon Nov 20 17:19:21 CET 2017 on sn-devel-144

- - - - -
641af304 by Karolin Seeger at 2017-11-22T09:07:45+01:00
Merge tag 'samba-4.7.3' into v4-7-test

samba: tag release samba-4.7.3

- - - - -
cb6ec4d5 by Karolin Seeger at 2017-11-22T09:08:06+01:00
VERSION: Bump version up to 4.7.4...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
ea297d6b by Jeremy Allison at 2017-11-22T12:42:17+01:00
s3: smbclient: Implement "volume" command over SMB2.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13140

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit aaa52ab7b5ae711b80e3967ab1ecc91888c346f6)

- - - - -
58e728ac by Jeremy Allison at 2017-11-22T12:42:17+01:00
s3: smbclient: tests: Test "volume" command over SMB1 and SMB2+.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13140

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Nov 15 19:50:54 CET 2017 on sn-devel-144

(cherry picked from commit f8cd211acc3824e01d89a6f8b6666c39aa5cd54e)

- - - - -
f6a9d348 by Volker Lendecke at 2017-11-22T12:42:18+01:00
winbind: Replace winbind_event_context with server_event_context

There's no point in having two global event contexts

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13150

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 7e83d1489406cd53d72097e40bf02295c88ea61e)

- - - - -
3aaa48c8 by Volker Lendecke at 2017-11-22T12:42:18+01:00
winbind: Remove winbind_event_context

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13150

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit e1f12acc13a3cc004518ac3460c6000ea0b95115)

- - - - -
bbe5614e by Volker Lendecke at 2017-11-22T12:42:18+01:00
winbind: winbind_messaging_context -> server_messaging_context

Don't use winbind_messaging_context anymore.

This fixes a bug analysed by Peter Somogyi <PSOMOGYI at hu.ibm.com>: If a
parent winbind forks, it only called reinit_after_fork on
winbind_messaging_context. On the other hand, deep in dbwrap_open we use
server_messaging_context(). This is not reinitialized by
winbind_reinit_after fork, so the parent and child share a ctdb
connection. This is invalid, because replies from ctdb end up in the
wrong process.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13150

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit d8a01d09c13728f36107f6eb94ecb7653706a4db)

- - - - -
f398a79d by Volker Lendecke at 2017-11-22T12:42:18+01:00
winbind: Remove winbind_messaging_context

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13150

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Nov 18 04:07:24 CET 2017 on sn-devel-144

(cherry picked from commit 050ca45dc7fc5bbab6e1c60b919ac0b1e9661e27)

- - - - -
e4cce452 by Amitay Isaacs at 2017-11-22T12:42:18+01:00
ctdb-daemon: Allocate deferred calls off calling context

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13152

This makes sure that if a client disconnects, all the deferred calls
from the client are correctly freed.

Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit 848f2425984667c243ccac847b8f48a66ce10178)

- - - - -
710c2ade by Amitay Isaacs at 2017-11-22T16:57:01+01:00
ctdb-common: Call missing tevent_wakeup_recv() in sock_daemon

https://bugzilla.samba.org/show_bug.cgi?id=13153

Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit 49308f7f22f3d6fa05cc81fdef3db020e503fa9f)

Autobuild-User(v4-7-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-7-test): Wed Nov 22 16:57:01 CET 2017 on sn-devel-144

- - - - -
3ef93aba by Niels de Vos at 2017-11-24T16:23:43+01:00
vfs_glusterfs: include glusterfs/api/glfs.h without relying on -I options

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13125

The glfs.h header file has always resided under glusterfs/api/ in the
standard include directory. The glusterfs-api.pc file adds the unneeded
-I${includedir}/glusterfs compiler option. This option will be removed
from future versions of the pkg-config file.

This change can safely be backported to older versions if there is a
need to have them build against glusterfs-3.13 or newer.

URL: https://review.gluster.org/18576
CC: Andrea Bolognani <abologna at redhat.com>
Signed-off-by: Niels de Vos <ndevos at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>

Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Thu Nov  9 22:37:30 CET 2017 on sn-devel-144

(cherry picked from commit 732ba3c84a2d40040550ea36b0478dd6af9a173a)

Autobuild-User(v4-7-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-7-test): Fri Nov 24 16:23:43 CET 2017 on sn-devel-144

- - - - -
72e69f59 by Stefan Metzmacher at 2017-11-28T10:29:18+01:00
s3:selftest: add samba3.blackbox.net_rpc_oldjoin test

This demonstrates that "net rpc oldjoin" is currently broken.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13149

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 9466796c87cc4ca8d32da553421cd8ecef1bb8e4)

- - - - -
fe6da673 by Stefan Metzmacher at 2017-11-28T14:47:32+01:00
libnet_join: fix "net rpc oldjoin"

We need to open the ncacn_np (smb) transport connection with
anonymous credentials.

In order to do netr_ServerPasswordSet*() we need to
establish a 2nd netlogon connection using dcerpc schannel
authentication.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13149

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(similar to commit d27f38d35bf111a5c0a898a5ef8b7dd0b320da0d)

Autobuild-User(v4-7-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-7-test): Tue Nov 28 14:47:32 CET 2017 on sn-devel-144

- - - - -
e90e3d7e by Andreas Schneider at 2017-11-29T09:24:25+01:00
systemd: Start processes in forground and without a process group

We should not double fork in notify mode or systemd think something
during startup will be wrong and send SIGTERM to the process. So
sometimes the daemon will not start up correctly.

systemd will also handle the process group.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13129

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

(cherry picked from commit 8b6f58194da7e849cdb9d20712dff49b17a93a77)

- - - - -
45911b03 by Andrew Bartlett at 2017-11-29T09:24:25+01:00
dbcheck: Allow removal of one-way links to missing objects

If dbcheck is not run within the tombstone lifetime, these links can
persist in the database forever.  The risk of unintentional information loss
is why these links are only removed within the same partition.  A
replication may be in progress which has created only one end of
the link, so we must keep that.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Rowland Penny <rpenny at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Oct 19 00:50:19 CEST 2017 on sn-devel-144

(cherry picked from commit 962a1b32201fce0a49c6be55943d4fbb57ed781e)

- - - - -
ed4189f3 by Andrew Bartlett at 2017-11-29T09:24:25+01:00
selftest: sort dbcheck output to avoid sort order impacting results

The GUID index code will change the returned results order

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
(cherry picked from commit da575f01313673fedfc7d15ec11ba6818dbd30d8)

- - - - -
b7c9edb3 by Andrew Bartlett at 2017-11-29T09:24:25+01:00
dbcheck: Clarify error count bumping in deleted/gone DN handling

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 3b111fbdbed99d5d90c1120243200baae9867534)

- - - - -
68bf2752 by Andrew Bartlett at 2017-11-29T09:24:25+01:00
dbcheck: Use the GUID as the DN to fix replPropertyMetaData

This allows this to still work after an object is renamed under the deleted objects container.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 527f2c95cfe24d29fa34ed19db3b073781d96d9a)

- - - - -
74688a25 by Andrew Bartlett at 2017-11-29T09:24:25+01:00
selftest: add more dbcheck tests

This validates some more combinations and ensures that the changes
in 962a1b32201fce0a49c6be55943d4fbb57ed781e are tested.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 7be38c605468786894a373e15068b8017323da78)

- - - - -
505936a9 by Andrew Bartlett at 2017-11-29T09:24:25+01:00
selftest: Split out dbcheck runs from dangling_multi_valued test

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit b99d2ee122991d0bf1742fa5665656bbbba44057)

- - - - -
df23dc81 by Andrew Bartlett at 2017-11-29T09:24:25+01:00
selftest: Split out creation of complex (often invalid) links

This will allow us to test other run-time behaviour with broken
databases.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 25ae8d72d66cbe7342b50254ede7e5890bc23b73)

- - - - -
ee05047c by Andrew Bartlett at 2017-11-29T09:24:25+01:00
selftest: Additional check for a backlink pointing at a deleted object

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit a784cc3a7f2043a5762d426e904a90e44b101ecd)

- - - - -
67270b3f by Stefan Metzmacher at 2017-11-29T09:24:25+01:00
s4:schema_samba4: mark DSDB_CONTROL_INVALID_NOT_IMPLEMENTED 1.3.6.1.4.1.7165.4.3.32 as allocated

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 126d28d0b58740a8abd4137562dda685a57449bb)

- - - - -
f0920ea4 by Stefan Metzmacher at 2017-11-29T09:24:25+01:00
s4:dsdb: allocate DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS oid

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 1eb8d8ec5a62baf1b8e3c7cb1856787de4a3ccb2)

- - - - -
aafcb738 by Stefan Metzmacher at 2017-11-29T09:24:25+01:00
dsdb:repl_meta_data: implement DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS control

This will be used by dbcheck to fix duplicate link values.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 9a1e23a1f67c38248e41e0d3aa2af8a682477364)

- - - - -
27cdadf1 by Stefan Metzmacher at 2017-11-29T09:24:26+01:00
dsdb:extended_dn_store: implement DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS control

This will be used by dbcheck to fix duplicate link values.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 83aa22260bd39ad0e6aab7764f9a7fc915d02a4b)

- - - - -
7b67da4d by Stefan Metzmacher at 2017-11-29T09:24:26+01:00
dbcheck: remove indentation level

Check with git show -w

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit eb6bd6511a98dafebaa0d3951fe78c77acf13e3a)

- - - - -
c1860d16 by Stefan Metzmacher at 2017-11-29T09:24:26+01:00
dbcheck: only calculate linked attribute helper variables once in check_dn()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 9a631560c9358e4f28b96fecf23a545e1d04098c)

- - - - -
ece46f72 by Stefan Metzmacher at 2017-11-29T09:24:26+01:00
dbcheck: detect and fix duplicate links

Check with git show -w

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 239fbeb163c24b0f08e1bd9d8f7a9f73443d4b90)

- - - - -
09a311ca by Stefan Metzmacher at 2017-11-29T09:24:26+01:00
selftest: add dbcheck tests for duplicate links

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095

Pair-Programmed-With: Andrew Bartlett <abartlet at samba.org>

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 70bf809e0cdf84029022ca95fb83d17a0d6e36c0)

- - - - -
fe3ae81c by Andrew Bartlett at 2017-11-29T09:24:26+01:00
selftest: Add more corruption cases for runtime and dbcheck

These tests now confirm we can handle these issues at runtime
as well as at dbcheck

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 4815efc0e3f89079e7c9b868b7514ea7c49a807c)

- - - - -
f2c47544 by Andrew Bartlett at 2017-11-29T09:24:26+01:00
repl_meta_data: Allow delete of an object with dangling backlinks

This should not happen, but stopping all replication because of it is a pain.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>

Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Nov 24 19:53:50 CET 2017 on sn-devel-144

(cherry picked from commit 6cf7abbcfdad84fee57852862ebe44aa6115ca25)

- - - - -
00dfe4cf by Andrej Gessel at 2017-11-29T13:43:37+01:00
repl_meta_data: Fix removing of backlink on deleted objects

USER is memberOf GROUP and they both were deleted on W2K8R2 AD. Domain join ends
with error below.

Failed to apply records: ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:421
8: Failed to remove backlink of memberOf when deleting CN=USER\0ADEL:a1f2a2cc-1
179-4734-b753-c121ed02a34c,CN=Deleted Objects,DC=samdom,DC=intern: dsdb_module_
search_dn: did not find base dn CN=GROUP\0ADEL:030d0be1-3ada-4b93-8371-927f2092
3116,CN=Deleted Objects,DC=samdom,DC=intern (0 results): Operations error
Failed to commit objects: WERR_GEN_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13120

Signed-off-by: Andrej Gessel <Andrej.Gessel at janztec.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 40bd7e145a68c9a58d6bc3c5526a12fdf0027729)

Autobuild-User(v4-7-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-7-test): Wed Nov 29 13:43:37 CET 2017 on sn-devel-144

- - - - -
e41925e5 by Gary Lockyer at 2017-11-30T09:47:14+01:00
s4/smbd: set the process group.

Set the process group in the samba daemon, the --no-process-group option
allows this to be disabled.  The no-process-group option needs to be
disabled in self test.

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Sep 18 04:39:50 CEST 2017 on sn-devel-144

- - - - -
6182708d by Andreas Schneider at 2017-11-30T09:47:14+01:00
s4:samba: Do not segfault if we run into issues

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit bfafabfb942668328401a3c89fc55b50dc56c209)

- - - - -
39922b5a by Andreas Schneider at 2017-11-30T14:11:02+01:00
s4:samba: Allow samba daemon to run in foreground

We are passing the no_process_group to become_daemon() that setsid() is
not called. In case we are double forking, we run in SysV daemon mode,
setsid() should be called!

See:
https://www.freedesktop.org/software/systemd/man/daemon.html

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13129

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

(cherry picked from commit 8736013dc42c5755b75bbb2e843a290bcd545909)

Autobuild-User(v4-7-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-7-test): Thu Nov 30 14:11:02 CET 2017 on sn-devel-144

- - - - -
b21d9f02 by Timur I. Bakeyev at 2017-12-05T10:34:26+01:00
Fix typo in the "wide links" description for the getwd cache.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12934

Signed-off-by: Timur I. Bakeyev <timur at iXsystems.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Uri Simchoni <uri at samba.org>
(cherry picked from commit e9e4cd4d2b6ae376cba90fdb56b9c9684f2dc492)

- - - - -
e36b1ced by Timur I. Bakeyev at 2017-12-05T10:34:26+01:00
Add vfs_zfsacl manpage to the list of manpages if we have this module enabled.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12934

Signed-off-by: Timur I. Bakeyev <timur at iXsystems.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Uri Simchoni <uri at samba.org>
(cherry picked from commit 8034b88d4e771663c4b7b581fb6b1992c33d5d96)

- - - - -
7dc2782a by Ralph Boehme at 2017-12-05T10:34:26+01:00
s3/loadparm: allocate a fresh sDefault object per lp_ctx

This is in preperation of preventing direct access to sDefault in all
places that currently modify it.

As currently s3/loadparm is afaict not accessing lp_ctx->sDefault, but
changes sDefault indirectly through lp_parm_ptr() this change is just a
safety measure to prevent future breakage.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13051

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 1fc103547023aa1c880713e5b65ec164acb58b54)

- - - - -
cecbc43a by Ralph Boehme at 2017-12-05T10:34:26+01:00
s3/loadparm: ensure default service options are not changed

Rename sDefault to _sDefault and make it const. sDefault is make a copy
of _sDefault in in the initialisation function lp_load_ex().

As we may end up in setup_lp_context() without going through
lp_load_ex(), sDefault may still be uninitialized at that point, so I'm
initializing lp_ctx->sDefault from _sDefault.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13051

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit ea4e6f95ae5c97e8570b8090ee7e7a577b49a8c3)

- - - - -
9990e6e4 by Ralph Boehme at 2017-12-05T10:34:26+01:00
s3/loadparm: don't mark IPC$ as autoloaded

A related problem that affects configuration for the hidden IPC$
share. This share is marked a "autoloaded" and such shares are not
reloaded when requested. That resulted in the tcon to IPC$ still using
encrpytion after running the following sequence of changes:

1. stop Samba
2. set [global] smb encrypt = required
3. start Samba
4. remove [global] smb encrypt = required
5. smbcontrol smbd reload-config
6a bin/smbclient -U slow%x //localhost/raw -c quit, or
6b bin/smbclient -U slow%x -mNT1 //localhost/raw -c ls

In 6a the client simply encrypted packets on the IPC$ tcon. In 6b the
client got a tcon failure with NT_STATUS_ACCESS_DENIED, but silently
ignore the error.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13051

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Nov 28 02:02:37 CET 2017 on sn-devel-144

(cherry picked from commit deaaff6843159f02bb15aeaf457f8af305e40164)

- - - - -
590a4cff by Ralph Boehme at 2017-12-05T10:34:26+01:00
selftest: reorder arguments for fruit tests

This just puts the auth option first matching the first test with the
"vfs_fruit" share directly above the modified lines.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 06542b2c4c000e5397f0990713de7f7bb67cc0bd)

- - - - -
1a2f5648 by Ralph Boehme at 2017-12-05T10:34:26+01:00
selftest: add localdir option to fruit subtests

A subsequent commits modifies an existing tests that needs $localdir to
also run against "vfs_fruit_metadata_stream" and
"vfs_fruit_stream_depot". This reveals test failures, those will be
fixed in a subsequent commit.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 3c1bdafde6419c266941624f57cf768e57e2bd98)

- - - - -
e24e345d by Ralph Boehme at 2017-12-05T10:34:26+01:00
s4/torture: rework stream names tests usage of local xattr call

Previously this test, that tests for correct conversion of ':' in stream
names, only worked with streams_xattr with "fruit:metadata" set to
"netatalk".

In order to have test coverage for fruit shares with other configs,
split the test into two:

one test creates the stream over SMB and run against all shares, the
other one is the unmodified existing test and is only run against the
share with streams_xattr and fruit:metadata=netatalk.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 75a3c0f3b1f843ba9a7838aa7a1c311fc262f8c7)

- - - - -
b9f7dd4a by Ralph Boehme at 2017-12-05T10:34:26+01:00
s4/torture: use torture_assert_goto in a vfs.fruit test

No change in behavior.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 9af9c5c073d88b126aebd4a2d7a1a1971527fbf4)

- - - - -
0b7e1705 by Ralph Boehme at 2017-12-05T10:34:26+01:00
selftest: run AppleDouble sidecar-file conversion test runs against all fruit shares

This needs for work in all possible fruit configs, so test it.

This currently fails with stream_depot, as we don't propely copy over
the resourcefork data from the ._ file to the stream.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit e28dd6a0ce753a880b2512eb62661411b20f763b)

- - - - -
1143b2fd by Ralph Boehme at 2017-12-05T10:34:26+01:00
s4/torture: let write_stream() deal with stream=NULL

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit ac880848a905a3840b69af2cb1d842d307401a07)

- - - - -
8946fc80 by Ralph Boehme at 2017-12-05T10:34:26+01:00
selftest: add "fruit:veto_appledouble = no" to fruit shares

This is needed for a subsequent commit that modifies an existing test to
write a ._ file over SMB instead of using the ugly local creation hack.

SMB acces of ._ files requires "fruit:veto_appledouble = no", so let's
set it.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 3f9b45a410384904d64bdd0d68ff2a5bc25bd3e9)

- - - - -
3d907519 by Ralph Boehme at 2017-12-05T10:34:26+01:00
s4/torture: fruit: remove use of localdir from test_adouble_conversion test

The previous use of localdir and torture_setup_local_file() was
motivated by the fact that by default vfs_fruit rejects access to files
with a "._" prefix.

Since a previous commit allowed SMB access to ._ files, rewrite the
test_adouble_conversion() test to create the ._ AppleDouble file over
SMB.

This also renders torture_setup_local_file() obsolete.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit ebbffd80862d7d7b025eca219bc0c8f818585ac9)

- - - - -
2d3e21f5 by Ralph Boehme at 2017-12-05T10:34:26+01:00
s4/torture: fruit: in test_adouble_conversion() also check stream list and AFPINFO_STREAM

This reveals that the conversion doesn't work properly with
fruit:metadata=stream.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 7b00b558761b6564928289efcf835e9b9cc86a89)

- - - - -
3f946806 by Ralph Boehme at 2017-12-05T10:34:26+01:00
vfs_fruit: add AfpInfo prototypes

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 84976cb670847f199598995d48bd9c3f3dd0f035)

- - - - -
73d3e642 by Ralph Boehme at 2017-12-05T10:34:26+01:00
vfs_fruit: proper VFS-stackable conversion of FinderInfo

This fixes the problem that conversion failed with
fruit:metadata=stream. Before we were calling ad_set() which stores the
metadata in the Netatalk compatible format.

Rewrite to fully go through the VFS by calling SMB_VFS_CREATE_FILE() and
SMB_VFS_PWRITE().

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Nov 29 08:38:06 CET 2017 on sn-devel-144

(cherry picked from commit 1da17204344a99a3bfa289355a996027a21814b8)

- - - - -
aba1e919 by Noel Power at 2017-12-05T10:34:27+01:00
s3:libads: net ads keytab list fails with "Key table name malformed"

When keytab_name is NULL don't call smb_krb5_kt_open use ads_keytab_open
instead, this function will determine the correct keytab to use.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13166

Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 3048ae318fc8b4d1b7663826972306372430a463)

- - - - -
0fcdf5db by Noel Power at 2017-12-05T10:34:27+01:00
testprogs: Test net ads keytab list

Test that correct keytab is picked up.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13166

Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 4be05c835e9d8b8f13856d592aaf42b40ce397c2)

- - - - -
ac32a770 by Jeremy Allison at 2017-12-05T10:34:27+01:00
s3: libsmb: Fix valgrind read-after-free error in cli_smb2_close_fnum_recv().

cli_smb2_close_fnum_recv() uses tevent_req_simple_recv_ntstatus(req), which
frees req, then uses the state pointer which was owned by req.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13171

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Nov 30 05:47:12 CET 2017 on sn-devel-144

(cherry picked from commit 5c8032b6b8ce4439b3ef8f43a62a419f081eb787)

- - - - -
8a313c8d by Ralph Boehme at 2017-12-05T14:48:41+01:00
winbindd: let normalize_name_map() call find_domain_from_name_noinit()

Let normalize_name_map fetch the domain itself with
find_domain_from_name_noinit().

This removes two calls to find_domain_from_name_noinit() in the default
configuration of "winbind normalize names = no". The domain is only need
in normalize_name_map if "winbind normalize names" is enabled.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13173

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 1ce165a73350e802500c32435dbefe3639340435)

Autobuild-User(v4-7-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-7-test): Tue Dec  5 14:48:41 CET 2017 on sn-devel-144

- - - - -
5bb2b9c9 by Ralph Boehme at 2017-12-07T14:19:57+01:00
vfs_zfsacl: fix compilation error

Bug: https://bugzilla.samba.org/show_bug.cgi?id=6133

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Nov  2 03:16:11 CET 2017 on sn-devel-144

(cherry picked from commit 11da1e5c056c92fd7f51ecce0285628cac65f174)

Autobuild-User(v4-7-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-7-test): Thu Dec  7 14:19:57 CET 2017 on sn-devel-144

- - - - -
0fdc82e1 by Amitay Isaacs at 2017-12-13T10:06:23+01:00
ctdb-takeover: Refactor code to send tickle lists for all public IPs

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13154

Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit 2b253f6b1bc4e765f3fcb614a3b67b14084a625d)

- - - - -
6f7215fd by Amitay Isaacs at 2017-12-13T10:06:23+01:00
ctdb-takeover: Send tcp tickles immediately on STARTUP control

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13154

Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
(cherry picked from commit 73e261b48c4abc91e00775ac7437752c9640e5bd)

- - - - -
97a9e81d by Amitay Isaacs at 2017-12-13T10:06:23+01:00
ctdb-daemon: Send STARTUP control after startup event

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13154

STARTUP control is primarily used to synchronise tcp tickles from running
nodes to a node which has just started up.  Earlier STARTUP control was
sent (using BROADCAST_ALL) after setup event.  Once the other nodes in
the cluster connected to this node, the queued up messages would be sent
and the tcp tickles would get synchronised.

Recent fix to drop messages to disconnected or not-yet-connected nodes,
the STARTUP control was never sent to the remote nodes and the tcp
tickles did not get synchronised.

To fix this problem send the STARTUP control (using BROADCAST_CONNECTED)
after startup event.  By this time all the running nodes in the cluster
are connected.

Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>

Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Thu Nov 30 15:29:48 CET 2017 on sn-devel-144

(cherry picked from commit d7a5cd589b7b16d625dbc64dac21a1384519e32b)

- - - - -
c43c8888 by Christof Schmitt at 2017-12-13T10:06:23+01:00
pthreadpool: Move creating of thread to new function

No functional change, but this simplifies error handling.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13170

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 949ccc3ea9073a3d38bff28345f644d39177256f)

- - - - -
fcc86164 by Christof Schmitt at 2017-12-13T10:06:23+01:00
pthreadpool: Undo put_job when returning error

When an error is returned to the caller of pthreadpool_add_job, the job
should not be kept in the internal job array. Otherwise the caller might
free the data structure and a later worker thread would still reference
it.

When it is not possible to create a single worker thread, the system
might be out of resources or hitting a configured limit. In this case
fall back to calling the job function synchronously instead of raising
the error to the caller and possibly back to the SMB client.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13170

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 065fb5d94d25d19fc85832bb85aa9e379e8551cc)

- - - - -
a6777171 by Christof Schmitt at 2017-12-13T10:06:23+01:00
wscript: Add check for --wrap linker flag

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13170

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 8e17be1c3df09c238560c8a7e62c17e9f9ff9bc7)

- - - - -
086b4538 by Christof Schmitt at 2017-12-13T10:06:23+01:00
pthreadpool: Add test for pthread_create failure

This is implemented using cmocka and the __wrap override for
pthread_create.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13170

Signed-off-by: Christof Schmitt <cs at samba.org
Reviewed-by: Andreas Schneider <asn at samba.org>

Autobuild-User(master): Christof Schmitt <cs at samba.org>
Autobuild-Date(master): Fri Dec  8 13:54:20 CET 2017 on sn-devel-144

(cherry picked from commit 8cdb3995caf7a21d0c27a56a0bf0c1efd5b491e4)

- - - - -
61140f4b by Volker Lendecke at 2017-12-13T10:06:23+01:00
pthreadpool: Fix deadlock

Christof's idea from

https://lists.samba.org/archive/samba-technical/2017-December/124384.html

was that the thread already exited. It could also be that the thread is
not yet idle when the new pthreadpool_add_jobs comes around the corner.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

Autobuild-User(master): Christof Schmitt <cs at samba.org>
Autobuild-Date(master): Wed Dec 13 04:46:12 CET 2017 on sn-devel-144

(cherry picked from commit dfc4670640341761b346065922a62a3e755e9e58)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13170

- - - - -
3f1f2a82 by Jeremy Allison at 2017-12-13T10:06:23+01:00
s3: client: Rename <oldname> to <link_target> in cmd_symlink() and cli_posix_symlink().

Stops us from mixing up the old and new names. Only behavior change
is correcting the names printed in the error messages.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13172

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 8448dcaa8da78bcb84fca6a000c75e256bce1e77)

- - - - -
2d1d00bd by Jeremy Allison at 2017-12-13T14:19:59+01:00
s3: libsmb: Fix reversing of oldname/newname paths when creating a reparse point symlink on Windows from smbclient.

This happened as smbd doesn't support reparse points so we couldn't test.
This was the reverse of the (tested) symlink parameters in the unix extensions
symlink command.

Rename parameters to link_target instead of oldname so this is clearer.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13172

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit abbc9b9ab793d22bca6a37828f4375ef38c56dd3)

Autobuild-User(v4-7-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-7-test): Wed Dec 13 14:19:59 CET 2017 on sn-devel-144

- - - - -
364f1c52 by Björn Baumbach at 2017-12-14T12:22:18+01:00
third_party: Link th aesni-intel library with -z noexecstack

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13174

Signed-off-by: Björn Baumbach <bb at sernet.de>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit 6015cfad6ebf46b9f311a069dd960ff5af5bdcd8)

- - - - -
25300536 by Andreas Schneider at 2017-12-14T12:22:18+01:00
third_party: Fix a typo in the option name

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13174

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
(cherry picked from commit e7e68958025937f97554cd956ca482dfe507f803)

- - - - -
b418ab36 by Volker Lendecke at 2017-12-14T12:22:18+01:00
pthreadpool: Fix starvation after fork

After the race is before the race:

1) Create an idle thread
2) Add a job: This won't create a thread anymore
3) Immediately fork

The idle thread will be woken twice before it's actually woken up: Both
pthreadpool_add_job and pthreadpool_prepare_pool call cond_signal, for
different reasons. We must look at pool->prefork_cond first because otherwise
we will end up in a blocking job deep within a fork call, the helper thread
must take its fingers off the condvar as quickly as possible.  This means that
after the fork there's no idle thread around anymore that would pick up the job
submitted in 2). So we must keep the idle threads around across the fork.

The quick solution to re-create one helper thread in pthreadpool_parent has a
fatal flaw: What do we do if that pthread_create call fails? We're deep in an
application calling fork(), and doing fancy signalling from there is really
something we must avoid.

This has one potential performance issue: If we have hundreds of idle threads
(do we ever have that) during the fork, the call to pthread_mutex_lock on the
fork_mutex from pthreadpool_server (the helper thread) will probably cause a
thundering herd when the _parent call unlocks the fork_mutex. The solution for
this to just keep one idle thread around. But this adds code that is not
strictly required functionally for now.

More detailed explanation from Jeremy:

First, understanding the problem the test reproduces:

add a job (num_jobs = 1) -> creates thread to run it.
job finishes, thread sticks around (num_idle = 1).
num_jobs is now zero (initial job finished).

a) Idle thread is now waiting on pool->condvar inside
pthreadpool_server() in pthread_cond_timedwait().

Now, add another job ->

	pthreadpool_add_job()
		-> pthreadpool_put_job()
			This adds the job to the queue.
		Oh, there is an idle thread so don't
		create one, do:

		pthread_cond_signal(&pool->condvar);

		and return.

Now call fork *before* idle thread in (a) wakes from
the signaling of pool->condvar.

In the parent (child is irrelevent):

Go into: pthreadpool_prepare() ->
		pthreadpool_prepare_pool()

		Set the variable to tell idle threads to exit:

		pool->prefork_cond = &prefork_cond;

		then wake them up with:

		pthread_cond_signal(&pool->condvar);

		This does nothing as the idle thread
		is already awoken.

b) Idle thread wakes up and does:

		Reduce idle thread count (num_idle = 0)

		pool->num_idle -= 1;

		Check if we're in the middle of a fork.

		if (pool->prefork_cond != NULL) {

			Yes we are, tell pthreadpool_prepare()
			we are exiting.

			pthread_cond_signal(pool->prefork_cond);

			And exit.

			pthreadpool_server_exit(pool);
			return NULL;
		}

So we come back from the fork in the parent with num_jobs = 1,
a job on the queue but no idle threads - and the code that
creates a new thread on job submission was skipped because
an idle thread existed at point (a).

OK, assuming that the previous explaination is correct, the
fix is to create a new pthreadpool context mutex:

pool->fork_mutex

and in pthreadpool_server(), when an idle thread wakes up and
notices we're in the prepare fork state, it puts itself to
sleep by waiting on the new pool->fork_mutex.

And in pthreadpool_prepare_pool(), instead of waiting for
the idle threads to exit, hold the pool->fork_mutex and
signal each idle thread in turn, and wait for the pool->num_idle
to go to zero - which means they're all blocked waiting on
pool->fork_mutex.

When the parent continues, pthreadpool_parent()
unlocks the pool->fork_mutex and all the previously
'idle' threads wake up (and you mention the thundering
herd problem, which is as you say vanishingly small :-)
and pick up any remaining job.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13179
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit f6858505aec9f1004aeaffa83f21e58868749d65)

- - - - -
dce01aca by Volker Lendecke at 2017-12-14T12:22:18+01:00
pthreadpool: Add a test for the race condition fixed in the last commit

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13179
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 53f7bbca0451e4f57cdbe8ab4f67f601fe8d40c1)

- - - - -
5ffedec1 by Ralph Boehme at 2017-12-14T12:22:18+01:00
winbindd: add domain SID to idmap mapping domains

Fetch the domain SID for every domain in the idmap-domain map. This is
in preperation of passing the domain SID as an additional argument to
xid2sid requests to the idmap child.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13052

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 59438bfd3d3551195582cf88bd1109c3cbc7e12a)

- - - - -
5724d651 by Ralph Boehme at 2017-12-14T12:22:18+01:00
winbindd: pass domain SID to wbint_UnixIDs2Sids

This makes the domain SID available to the idmap child for
wbint_UnixIDs2Sids mapping request. It's not used yet anywhere, this
comes in the next commit.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13052

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 71f99cb132f4c26f9febac6cb7dcd79f4940216a)

- - - - -
e92edf0d by Ralph Boehme at 2017-12-14T12:22:18+01:00
winbindd: idmap_rid: don't rely on the static domain list

The domain list in the idmap child is inherited from the parent winbindd
process and may not contain all domains in case enumerating trusted
domains didn't finish before the first winbind request that triggers the
idmap child fork comes along.

The previous commits added the domain SID as an additional argument to
the wbint_UnixIDs2Sids request, storing the domain SID in struct
idmap_domain.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13052

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 108675c4cf4c3d5bd29468255743423a56bd1471)

- - - - -
40ac0296 by Ralph Boehme at 2017-12-14T16:32:49+01:00
winbindd: idmap_rid: error code for failing id-to-sid mapping request

NT_STATUS_NO_SUCH_DOMAIN triggers complete request failure in the parent
winbindd. By returning NT_STATUS_NONE_MAPPED winbindd lets the individual
mapping fail but keeps processing any remaining mapping requests.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13052

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Oct 10 19:57:37 CEST 2017 on sn-devel-144

(cherry picked from commit 490c35df35bad6c2f1c4acd2f056d6fdc480ec1f)

Autobuild-User(v4-7-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-7-test): Thu Dec 14 16:32:49 CET 2017 on sn-devel-144

- - - - -
1eb08445 by Volker Lendecke at 2017-12-15T15:35:25+01:00
messaging: Always register the unique id

The winbind child does not call serverid_register, so the unique id is not
registered. ctdbd_process_exists now calls CTDB_CONTROL_CHECK_PID_SRVID, which
then fails.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13180
Signed-off-by: Volker Lendecke <vl at samba.org>

Autobuild-User(v4-7-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-7-test): Fri Dec 15 15:35:25 CET 2017 on sn-devel-144

- - - - -
edc0c992 by Andrew Bartlett at 2017-12-21T00:55:29+01:00
s4:samba: Fix default to be running samba as a deamon

Commit 8736013dc42c5755b75bbb2e843a290bcd545909 got the (confusing) sense of opt_fork
wrong.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13129

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Dec 19 11:24:29 CET 2017 on sn-devel-144

(cherry picked from commit 0806ff7dfd3f982226e4cd9b923a0e570b765f0c)

Autobuild-User(v4-7-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-7-test): Thu Dec 21 00:55:29 CET 2017 on sn-devel-144

- - - - -
6ddcbfdd by Andrew Bartlett at 2017-12-22T10:05:07+01:00
selftest: Do not use dn= filter string

This accidentially worked with SCOPE_ONELEVEL against Samba but dn= filters are
not valid in AD.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
(cherry picked from commit 44eee9ce9e9818df8387b2b3782504408112f12c)

- - - - -
5f515616 by Andrew Bartlett at 2017-12-22T10:05:07+01:00
ldb_tdb: Provide struct ltdb_private to index routines

This will make it easier to switch the GUID index mode on and off

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13191

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
(cherry picked from commit 3d952157d72b3a4635f3942449c1727c438c97c6)

- - - - -
82764c9f by Andrew Bartlett at 2017-12-22T10:05:07+01:00
ldb: Intersect the index from SCOPE_ONELEVEL with the index for the search expression

This helps ensure we do not have to scan all objects at this level
which could be very many (one per DNS zone entry).

However, due to the O(n*m) behaviour in list_intersect() for ldb
1.2 and earlier, we only do this for small numbers of matches on the
filter tree.

This behaviour will only be for ldb 1.2 and will not be kept
long-term in LDB, versions 1.3.1 and above will instead only
intersect when the GUID index is in use.

NOTE WELL: the behaviour of disallowDNFilter is enforced
in the index code, so this fixes SCOPE_ONELEVEL to also
honour disallowDNFilter if there @IDXONE is enabled.  Again,
this will change again in 1.3.1 and above.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13191

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
(adapted from ef240aaca0ef693a96726ac2366c454294b87b96 in master)

- - - - -
2cd83893 by Andrew Bartlett at 2017-12-22T10:05:07+01:00
ldb: Release 1.2.3

 - Intersect the index from SCOPE_ONELEVEL with the index for the search expression

    This helps ensure we do not have to scan all objects at this level
    which could be very many (one per DNS zone entry).

    However, due to the O(n*m) behaviour in the LDB index code
    we only do this for small numbers of matches on the
    filter tree.

    This behaviour will only be for ldb 1.2 and will not be kept
    long-term in LDB, versions 1.3.1 and above will instead only
    intersect when the more efficient GUID index is in use.

    Finally, disallowDNFilter now applies to SCOPE_ONELEVEL banning
    dn= as a filter string when so configured.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13191

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>

- - - - -
7d60443c by Andrew Bartlett at 2017-12-22T10:05:07+01:00
dns_server: Do the exact match query first, then do the wildcard lookup

The wildcard lookup is SCOPE_ONELEVEL combined with an index on the name
attribute.  This is not as efficient as a base DN lookup, so we try for
that first.

A not-found and wildcard response will still fall back to the ONELEVEL
index.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13191

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
(cherry picked from commit 3efc879d98ba136d4d70e0e2d77fac9614186ab3)

- - - - -
6c5481b9 by Andrew Bartlett at 2017-12-22T10:05:07+01:00
dns_server: Do not look for a wildcard for @

This query is made for every record returned via BIND9 DLZ.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13191

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
(cherry picked from commit 948791aca70ca973755adcef27dc02da4c46f267)

- - - - -
7249bc19 by Andrew Bartlett at 2017-12-22T10:05:07+01:00
dns_server: Use the indexed "name" attribute in wildcard lookup

(the RDN, being 'dc' in this use case, does not have an index in
the AD schema).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13191

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
(cherry picked from commit 071ad56aef33c2bfb3840e1a114e17272e926890)

- - - - -
3648ab02 by Stefan Metzmacher at 2017-12-22T10:05:07+01:00
g_lock: fix cleanup of stale entries in g_lock_trylock()

g_lock_trylock() always incremented the counter 'i', even after cleaning a stale
entry at position 'i', which means it skipped checking for a conflict against
the new entry at position 'i'.

As result a process could get a write lock, while there're still
some read lock holders. Once we get into that problem, also more than
one write lock are possible.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13195

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Dec 20 20:31:48 CET 2017 on sn-devel-144
(similar to commit 576fb4fb5dc506bf55e5cf87973999dca444149b)

- - - - -
b5e86148 by Stefan Metzmacher at 2017-12-22T10:05:07+01:00
s4:torture: add smb2.session.expire2 test

This demonstrates the interaction of NT_STATUS_NETWORK_SESSION_EXPIRED
and various SMB2 opcodes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13197

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit f60af3b61c4a374d7d1c575049a932d1824489b6)

- - - - -
2108b109 by Stefan Metzmacher at 2017-12-22T10:05:08+01:00
s3:smbd: return the correct error for cancelled SMB2 notifies on expired sessions

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13197

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit cfaba684785529d656138df454165aa08a775a01)

- - - - -
8be01985 by Stefan Metzmacher at 2017-12-22T10:05:08+01:00
s3:smb2_server: allow logoff, close, unlock, cancel and echo on expired sessions

Windows client at least doesn't have code to replay
a SMB2 Close after getting NETWORK_SESSION_EXPIRED,
which locks out a the client and generates an endless
loop around NT_STATUS_SHARING_VIOLATION.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13197

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Dec 21 23:28:42 CET 2017 on sn-devel-144

(cherry picked from commit c4919d4d5f78aeb54a438b95d4eab2f082a8174e)

- - - - -
237bead2 by Stefan Metzmacher at 2017-12-22T14:23:11+01:00
s4:kdc: only map SDB_ERR_NOT_FOUND_HERE to HDB_ERR_NOT_FOUND_HERE

HDB_ERR_NOT_FOUND_HERE indicated a very specific error on an RODC.

We should not map any error to HDB_ERR_NOT_FOUND_HERE,
we should just pass errors along unmapped.

Otherwise we'll hit the logic bug in:

    if (ret == KDC_PROXY_REQUEST) {
        uint16_t port;

        if (!sock->kdc_socket->kdc->am_rodc) {
            DEBUG(0,("kdc_udp_call_loop: proxying requested when not RODC"));
                    talloc_free(call);
            goto done;
        }

And just don't send an error message to the client.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13132

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Dec  6 23:16:54 CET 2017 on sn-devel-144

(cherry picked from commit aaa946bb9eb8088389b8ffdec460023f1961616c)

Autobuild-User(v4-7-test): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(v4-7-test): Fri Dec 22 14:23:12 CET 2017 on sn-devel-144

- - - - -
437395d0 by Karolin Seeger at 2017-12-22T21:36:39+01:00
WHATSNEW: Add release notes for Samba 4.7.4.

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
4b1b5b14 by Karolin Seeger at 2017-12-22T21:37:26+01:00
VERSION: Disable GIT_SNAPSHOT for the 4.7.4 release.

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
6f086e14 by Mathieu Parent at 2018-01-10T07:39:30+01:00
d/README.source: ensure required branches exists

- - - - -
caf526f5 by Mathieu Parent at 2018-01-10T07:42:27+01:00
d/README.source: sync all required branches

- - - - -
53fbb0f8 by Mathieu Parent at 2018-01-10T08:18:43+01:00
New upstream version 4.7.4+dfsg
- - - - -
bac50d02 by Mathieu Parent at 2018-01-10T08:23:41+01:00
Update upstream source from tag 'upstream/4.7.4+dfsg'

Update to upstream version '4.7.4+dfsg'
with Debian dir 1da65341b7d060d55722114c3676dc2f1a8be6f2
- - - - -
fed6df76 by Mathieu Parent at 2018-01-10T21:14:31+01:00
Updates patches for e90e3d7efb555dc430ba47c433c96f4f4835f33f

- - - - -
6575817a by Jelmer Vernooij at 2018-01-10T21:14:36+01:00
Always specify rpath for private libraries

Last-Update: 2012-02-24
Applied-Upstream: no

Gbp-Pq: Name 07_private_lib
- - - - -
d636f568 by Christian Perrier at 2018-01-10T21:14:36+01:00
64 bit fix for libsmbclient

Bug-Debian: http://bugs.debian.org/221618
Forwarded: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=221618#27

Gbp-Pq: Name bug_221618_precise-64bit-prototype.patch
- - - - -
3bc7d8cf by Christian Perrier at 2018-01-10T21:14:36+01:00
Mention smbldap-tools package in examples/LDAP/README

Bug-Debian: http://bugs.debian.org/341934
Forwarded: not-needed

Gbp-Pq: Name README_nosmbldap-tools.patch
- - - - -
a1e41318 by Steve Langasek at 2018-01-10T21:14:36+01:00
Use the pager alternative as pager is PAGER is undefined

Bug-Debian: http://bugs.debian.org/135603
Forwarded: not-needed

Gbp-Pq: Name smbclient-pager.patch
- - - - -
79f06210 by mathiaz at ubuntu.com at 2018-01-10T21:14:37+01:00
Enable net usershares by default at build time

Enable net usershares by default at build time, with a limit of 100, and update
the corresponding documentation.

Bug-Debian: http://bugs.debian.org/443230
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/128548
Forwarded: not-needed

Gbp-Pq: Name usershare.patch
- - - - -
44e3b3c8 by Eloy A. Paris at 2018-01-10T21:14:37+01:00
Add "Debian" as vendor suffix

Forwarded: not-needed

Gbp-Pq: Name VERSION.patch
- - - - -
344a0e54 by Jeroen Dekkers at 2018-01-10T21:14:37+01:00
Add so version number to private libraries for dpkg-shlibdeps

We also want dpkg-shlibdeps to generate correct dependency information
for the private libraries in our binary packages, but dpkg-shlibdeps
only works when the library has a version number.

Origin: vendor
Forwarded: not-needed

Gbp-Pq: Name add-so-version-to-private-libraries
- - - - -
e73d4e11 by Brian May at 2018-01-10T21:14:37+01:00
Patch in symbol table from rfc3454, for Heimdal scripts

Status: cherry-picked from heimdal package

Gbp-Pq: Name heimdal-rfc3454.txt
- - - - -
71f18803 by Jelmer Vernooij at 2018-01-10T21:14:37+01:00
drop host-specific define that prevents reproducible builds


Gbp-Pq: Name no_build_system.patch
- - - - -
edcfbba1 by Mathieu Parent at 2018-01-10T21:14:38+01:00
systemd: syslog.target is obsolete

After=syslog.target is unnecessary by now because syslog is socket-activated and will therefore be started when needed.

Ref: https://lintian.debian.org/tags/systemd-service-file-refers-to-obsolete-target.html

Gbp-Pq: Name systemd-syslog.target-is-obsolete.patch
- - - - -
8a9cccf6 by Mathieu Parent at 2018-01-10T21:14:38+01:00
Add documentation to systemd Unit files


Gbp-Pq: Name Add-documentation-to-systemd-Unit-files.patch
- - - - -
324a10e5 by Mathieu Parent at 2018-01-10T21:14:38+01:00
Fix kill path

Bug-Debian: https://bugs.debian.org/828730

Gbp-Pq: Name fix_kill_path_in_units.patch
- - - - -
bee025fe by Mathieu Parent at 2018-01-10T21:14:38+01:00
nmbd requires a working network

Bug-Debian: https://bugs.debian.org/698056
Bug-Debian: https://bugs.debian.org/842056
Bug-Debian: https://bugs.debian.org/840608
Bug-Ubuntu: https://bugs.launchpad.net/ubuntu/+source/samba/+bug/1635491

Gbp-Pq: Name nmbd-requires-a-working-network.patch
- - - - -
6bd743ab by Mathieu Parent at 2018-01-10T22:31:39+01:00
Bump ldb build-deps to 1.2.3

- - - - -
70fa2753 by Mathieu Parent at 2018-01-10T22:31:40+01:00
Changelog for previous commits

- - - - -


30 changed files:

- VERSION
- WHATSNEW.txt
- ctdb/common/sock_daemon.c
- ctdb/doc/ctdb-etcd.7
- ctdb/doc/ctdb-statistics.7
- ctdb/doc/ctdb-tunables.7
- ctdb/doc/ctdb.1
- ctdb/doc/ctdb.7
- ctdb/doc/ctdb_diagnostics.1
- ctdb/doc/ctdb_mutex_ceph_rados_helper.7
- ctdb/doc/ctdbd.1
- ctdb/doc/ctdbd.conf.5
- ctdb/doc/ctdbd_wrapper.1
- ctdb/doc/ltdbtool.1
- ctdb/doc/onnode.1
- ctdb/doc/ping_pong.1
- ctdb/server/ctdb_call.c
- ctdb/server/ctdb_daemon.c
- ctdb/server/ctdb_monitor.c
- ctdb/server/ctdb_takeover.c
- debian/README.source
- debian/changelog
- debian/control
- debian/patches/fix_kill_path_in_units.patch
- docs-xml/smbdotconf/tuning/getwdcache.xml
- docs-xml/wscript_build
- docs/manpages/cifsdd.8
- docs/manpages/dbwrap_tool.1
- docs/manpages/eventlogadm.8
- docs/manpages/findsmb.1


The diff was not included because it is too large.


View it on GitLab: https://salsa.debian.org/samba-team/samba/compare/37b52cd2f4c5e0ae85779b05d8e2c5f5c243496b...70fa2753486c10ea47e81d0ee8f6f73829fb09d5

---
View it on GitLab: https://salsa.debian.org/samba-team/samba/compare/37b52cd2f4c5e0ae85779b05d8e2c5f5c243496b...70fa2753486c10ea47e81d0ee8f6f73829fb09d5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-samba-maint/attachments/20180110/b65d65fe/attachment-0001.html>

More information about the Pkg-samba-maint mailing list