[Pkg-samba-maint] [Git][samba-team/samba][upstream_4.9] 278 commits: VERSION: Bump version up to 4.9.6...

Mathieu Parent gitlab at salsa.debian.org
Sun Jul 7 09:20:50 BST 2019



Mathieu Parent pushed to branch upstream_4.9 at Debian Samba Team / samba


Commits:
3e6b84f8 by Karolin Seeger at 2019-03-11T19:40:58Z
VERSION: Bump version up to 4.9.6...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
00baebb8 by Volker Lendecke at 2019-03-12T12:47:29Z
lib: Make idmap_cache return negative mappings

Without this we'd query non-existent mappings over and over
again.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit d9303e8eb90d48f09f2e2e8bdf01f4a7c3c21d11)

- - - - -
d9b762a3 by Volker Lendecke at 2019-03-12T12:47:29Z
idmap_cache: Only touch "sid" on success in find_xid_to_sid

Why? This makes the negative mapping condition (is_null_sid) more
explicit in the code.

The callers in lookup_sid initialized "psid" anyway before, and the ones
in wb_xids2sids now do as well. This is more in line with other APIs we
have: Only touch output parameters if you have something to say.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit 4faf3e9f6da7515fc263d79f77226d105c2f8524)

- - - - -
bdeacbab by Volker Lendecke at 2019-03-12T12:47:29Z
winbind: Initialize "expired" parameter to idmap_cache_xid2sid

The code in idmap_cache only touches its output parameters upon success

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit 8c28c12702c0935a852c7fed6565987623f09fee)

- - - - -
527ecdbe by Volker Lendecke at 2019-03-12T12:47:30Z
winbind: Now we explicitly track if we got ids from cache

This now properly makes us use negative cache entries

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit 95d33ca79cc315f1a2e41cd60859ef01d6548c77)

- - - - -
71f7738c by Volker Lendecke at 2019-03-12T12:47:30Z
idmap_cache: Introduce idmap_cache_find_xid2sid

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit bb8122dd8c53bb307819a79b7888cc0940a7c13b)

- - - - -
d74b8a1c by Volker Lendecke at 2019-03-12T12:47:30Z
torture: Add tests for idmap cache

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit e5a903bab6eda8f7ff2a7c8149d51022d9d8aede)

- - - - -
5bf41f42 by Volker Lendecke at 2019-03-12T12:47:30Z
winbind: Use idmap_cache_find_xid2sid

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit bc9824bd42d9370279819ea0d927e236f6041324)

- - - - -
713c48eb by Volker Lendecke at 2019-03-12T12:47:30Z
lib: Introduce winbind_xid_to_sid

This does not merge a winbind communication error into
"global_sid_NULL" (S-1-0-0), which by the way non-intuitively does not
go along with is_null_sid(). Instead, this just touches the output sid
when winbind returned success. This success might well be a negative
mapping indicated by S-0-0, which *is* is_null_sid()...

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit ef706a3e63b3e25edd27e0f99c3e2d8ff7209cb6)

- - - - -
522b8501 by Volker Lendecke at 2019-03-12T12:47:30Z
lib: Add dom_sid_str_buf

This is modeled after server_id_str_buf, which as an API to me is easier to
use: I can rely on the compiler to get the buffer size right.

It is designed to violate README.Coding's "Make use of helper variables", but
as this API is simple enough and the output should never be a surprise at all,
I think that's worth it.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Nov  2 20:11:11 CET 2018 on sn-devel-144

(cherry picked from commit 8b9d36221930a487ca5c51bf2e38ed04de9d50f7)

- - - - -
f175abcc by Volker Lendecke at 2019-03-12T12:47:30Z
passdb: Introduce xid_to_sid

This explicitly avoids the legacy_[ug]id_to_sid calls, which create
long-term cache entries to S-1-22-x-y if anthing fails. We can't do
this, because this will turn temporary winbind communication failures
into long-term problems: A short hickup in winbind_uid_to_sid will
create a mapping to S-1-22-1-uid for a week. It should be up to the
lower layers to do the caching.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit 92f27ebb14c0c18b1d0fd49544ad851aeb14781c)

- - - - -
1f915119 by Volker Lendecke at 2019-03-12T12:47:30Z
passdb: Make [ug]id_to_sid use xid_to_sid

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit 40de67f1fcc46b7a64a7364c91dcedb474826d51)

- - - - -
f506180c by Christof Schmitt at 2019-03-12T12:47:30Z
passdb: Update ABI to 0.27.2

This change is for the backport only. The change in master increased the
ABI version to 0.28.0 and removed some functions; this should not happen
in a backport.

Signed-off-by: Christof Schmitt <cs at samba.org>

- - - - -
7f74413a by Christof Schmitt at 2019-03-12T12:47:30Z
lib/winbind_util: Move include out of ifdef

This fixes compile errors about missing prototypes with
--picky-developer and --without-winbind

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 4b1e4c22128bdefe549a58b181e9b755854f4c3e)

- - - - -
65c85aee by Christof Schmitt at 2019-03-12T12:47:30Z
lib/winbind_util: Add winbind_xid_to_sid for --without-winbind

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13813

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Mar  6 01:53:16 UTC 2019 on sn-devel-144

(cherry picked from commit 4125ff89e44a3e98882cfc38c06e559a6e1e56a5)

- - - - -
f232cd76 by Ralph Boehme at 2019-03-12T12:47:31Z
CI: don't use swap

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Mar  4 13:59:42 UTC 2019 on sn-devel-144

(adapted from from commit 7798bc14fbdae3461eb30421923d53978b3f781d
by Andrew Bartlett)

- - - - -
aaefa8ea by Günther Deschner at 2019-03-12T12:47:31Z
WHATSNEW: mention new vfs_glusterfs_fuse module

Guenther

Signed-off-by: Guenther Deschner <gd at samba.org>

- - - - -
fc40f87e by Andreas Schneider at 2019-03-12T16:13:29Z
lib:util: Move debug message for mkdir failing to log level 1

If you connnect to a host with smbclient this gets always printed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13823

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

(cherry picked from commit c71334ec0c92e791022a9b7c900aa0dd649226c2)

Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Tue Mar 12 16:13:29 UTC 2019 on sn-devel-144

- - - - -
1e408871 by Marcos Mello at 2019-03-22T09:55:33Z
Send status to systemd on daemon start

systemd service files run in no-forking mode (--foreground) since
8b6f58194da7e849cdb9d20712dff49b17a93a77.

Rearrange sd_notify() call in become_daemon() to only send status to systemd
in this mode (Type=notify is not designed to monitor forking). Drop READY=0
(it does nothing) and MAINPID= (unnecessary because the process spawned by
systemd is already the main PID).

Also remove STATUS= prefix from debug messages.

Signed-off-by: Marcos Mello <marcosfrm at gmail.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 440ddf8470b11a46066d282bf8945201d547c192)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11568

- - - - -
166dd92d by Stefan Metzmacher at 2019-03-22T09:55:33Z
ndr_spoolss_buf: fix out of scope use of stack variable in NDR_SPOOLSS_PUSH_ENUM_OUT()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13818

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
(cherry picked from commit 6da3664f8a11397fd3fb38e89c2432b8bf321e59)

- - - - -
6c2d5bca by Andreas Schneider at 2019-03-22T09:55:34Z
s3:script: Fix jobid check in test_smbspool.sh

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13832

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Bryan Mason <bmason at redhat.com>
Signed-off-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit fad5e4eaeb9202c1b63c42ea09254c17c473e33a)

- - - - -
d311eff5 by Andreas Schneider at 2019-03-22T09:55:34Z
s3:client: Pass DEVICE_URI and AUTH_INFO_REQUIRED env to smbspool

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13832

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Bryan Mason <bmason at redhat.com>
Signed-off-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 43160184d254a57f87bb2adeba47f48d8539533a)

- - - - -
590fd475 by Andreas Schneider at 2019-03-22T09:55:34Z
s3:client: Evaluate the AUTH_INFO_REQUIRED variable set by cups

This should not switch to username,password if cups has been configured
to use negotiate (Kerberos authentication).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13832

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Bryan Mason <bmason at redhat.com>
Signed-off-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 5274b09fbaa5e45cc58f3301818d4e9f6a402845)

- - - - -
e07b8444 by Andreas Schneider at 2019-03-22T09:55:35Z
s3:client: Make sure we work on a copy of the title

We can't be sure we can write to the input buffer.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13832

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Bryan Mason <bmason at redhat.com>
Signed-off-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 129ae27946318a075e99c9e6d1bacf8963f72282)

- - - - -
7f4492c7 by Andreas Schneider at 2019-03-22T09:55:35Z
s3:client: Fix smbspool device uri handling

If we are executed as a CUPS backend, argv[0] is set to the device uri.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13832

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Bryan Mason <bmason at redhat.com>
Signed-off-by: Guenther Deschner <gd at samba.org>

(cherry picked from commit 69d7a496d3bf52eaa10e81132bb61430863fdd8a)

- - - - -
6e76e884 by Martin Schwenke at 2019-03-22T09:55:35Z
ctdb-packaging: ctdb package should not own system library directory

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13838

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>
(cherry picked from commit b2b8dce4fc56c27ef0131104b316346565369dd7)

- - - - -
9e4b17aa by Martin Schwenke at 2019-03-22T09:55:36Z
ctdb-packaging: Test package requires tcpdump

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13838

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>
(cherry picked from commit 957c38b65ca060eabe1e676f8dfb54839d706155)

- - - - -
eb4e66cd by Zhu Shangzhong at 2019-03-22T09:55:36Z
ctdb: Initialize addr struct to zero before reparsing as IPV4

Failed to kill the tcp connection that using IPv4-mapped IPv6 address
(e.g. ctdb_killtcp eth0 ::ffff:192.168.200.44:2049
::ffff:192.168.200.45:863).

When the ctdb_killtcp is used to kill the tcp connection, the IPs and
ports in the connection will be parsed to conn.client and conn.server
(call stack: main->ctdb_sock_addr_from_string->ip_from_string). In
the ip_from_string, as we are using IPv4-mapped IPv6 addresses, the
ipv6_from_string will be used to parse ip to addr.ip6 first. The next
step the ipv4_from_string will be used to reparse ip to addr.ip.

As a result, the data that dump from conn.server is "2 0 8 1 192 168
200 44 0 0 0 0 0 0 0 0 0 0 255 255 192 168 200 44 0 0 0 0", the data
from conn.client is "2 0 3 95 192 168 200 45 0 0 0 0 0 0 0 0 0 0 255 255
192 168 200 45 0 0 0 0". The connection will be add to conn_list by
ctdb_connection_list_add. Then the reset_connections_send uses conn_list
as parameter to start to reset connections in the conn_list.

In the reset_connections_send, the database "connections" will be
created. The connections from conn_list will be written to the
database(call db_hash_add), and use the data that dump from conn_client
and conn_server as key.

In the reset_connections_capture_tcp_handler, the
ctdb_sys_read_tcp_packet will receive data on the raw socket. And
extract the IPs and ports from the tcp packet. when extracting IP and
port, the tcp4_extract OR tcp6_extract will be used. Then we got the
new conn.client and conn.server. the data that dump from the
conn.server is "2 0 8 1 192 168 200 44 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0", the data from conn.client is "2 0 3 95 192 168 200 45 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0". Finally, we use the data as key to check
if this connection is one being reset(call db_hash_delete). The
db_hash_delete will return ENOENT. Because the two key that being used
by db_hash_delete and db_hash_add are different.

So, the TCP RST will be NOT sent for the connection forever. We should
initialize addr struct to zero before reparsing as IPV4 in the
ip_from_string.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13839

Signed-off-by: Zhu Shangzhong <zhu.shangzhong at zte.com.cn>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>
(cherry picked from commit 539b5ff32b32b7c75dfaaa119e41f5af6ff1e6fc)

- - - - -
5f94bc51 by Martin Schwenke at 2019-03-22T09:55:36Z
ctdb-tests: Add some testing for IPv4-mapped IPv6 address parsing

ctdb_sock_addr values are hashed in some contexts.  This means that
all of the memory used for the ctdb_sock_addr should be consistent
regardless of how parsing is done.  The first 2 cases are just sanity
checks but the 3rd case involving an IPv4-mapped IPv6 address is the
real target of this test addition.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13839

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>
(cherry picked from commit d9286701cd9253bf3b42cac3d850ae8c23743e6d)

- - - - -
b861e5e9 by Andreas Schneider at 2019-03-22T13:39:46Z
s4:librpc: Fix installation of Samba

This breaks installation of Samba 4.10 on Fedora.

https://bugzilla.samba.org/show_bug.cgi?id=13847

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>

(cherry picked from commit bf469343f577e2d78df0e38d80e7976b351eaf0d)

Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Fri Mar 22 13:39:46 UTC 2019 on sn-devel-144

- - - - -
139da67c by Noel Power at 2019-03-28T08:35:20Z
python/samba: PY3 port for ridalloc_exop test to work

Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit fc13a1268a4a9de94efd312a8309aa55d331ae19)

- - - - -
5602db1b by Noel Power at 2019-03-28T08:35:20Z
python/samba: extra ndr_unpack needs bytes function

(cherry picked from commit 8db43696e70d7c4cb21172b7e7461cf6a72914a2)

- - - - -
7bcb0729 by Stefan Metzmacher at 2019-03-28T08:35:20Z
selftest: force running with TZ=UTC

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Feb 27 11:24:59 UTC 2019 on sn-devel-144

(cherry picked from commit 4f307f2302b0fe8fd0fc6379eb8e6491faf8520c)

- - - - -
9339b096 by Stefan Metzmacher at 2019-03-28T08:35:20Z
blackbox/dbcheck-links.sh: reproduce lost deleted object problem

When a parent object is removed during the tombstone garbage collection
before a child object and samba-tool dbcheck runs at the same time, the
following can happen:

- If the object child had DISALLOW_MOVE_ON_DELETE in systemFlags,
  samba-tool dbcheck moves the object under the LostAndFound[Config]
  object (as an originating update!)
- The lastKnownParent attribute is removed (as an originating update!)

These originating updates cause the object to have an extended time
as tombstone. And these changes are replicated to other DCs,
which very likely already removed the object completely!

This means the destination DC of replication has no chance to handle
the object it gets from the source DC with just 2 attributes (name, lastKnownParent).

The destination logs something like:

  No objectClass found in replPropertyMetaData

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 5357f591accffbf8c62335c308b985811b66f0b5)

- - - - -
44c83b09 by Stefan Metzmacher at 2019-03-28T08:35:20Z
dsdb:repl_meta_data: allow CONTROL_DBCHECK_FIX_LINK_DN_NAME to by pass rename

We need a way to rename an object without updating the replication meta
data.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 3e8a435d27da899d0e3dab7cbc0a1c738067eba3)

- - - - -
0aaf7c98 by Stefan Metzmacher at 2019-03-28T08:35:21Z
dbcheck: use DSDB_CONTROL_DBCHECK_FIX_LINK_DN_NAME when renaming deleted objects

We should never do originating updates on deleted objects.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 07a8326746f0c444eedf3860b178fc29d84e8d16)

- - - - -
76de43f0 by Stefan Metzmacher at 2019-03-28T08:35:21Z
dbcheck: do isDeleted, systemFlags and replPropertyMetaData detection first

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 9afcd5331ce567bd80d35175f8e4e21c506e9347)

- - - - -
07ebd654 by Stefan Metzmacher at 2019-03-28T08:35:21Z
dbcheck: don't move already deleted objects to LostAndFound

This would typically happen when the garbage collection
removed a parent object before a child object (both with
the DISALLOW_MOVE_ON_DELETE bit set in systemFlags),
while dbcheck is running at the same time as the garbage collection.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 6d50ee74920c39cdb18b427bfaaf200775bf2d73)

- - - - -
7402d9cf by Stefan Metzmacher at 2019-03-28T08:35:21Z
dbcheck: don't remove dangling one-way links on already deleted objects

This would typically happen when the garbage collection
removed a parent object before a child object (both with
the DISALLOW_MOVE_ON_DELETE bit set in systemFlags),
while dbcheck is running at the same time as the garbage collection.
In this case the lastKnownParent attributes points a non existing
object.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit e388e599495b6d7c38b8b6966332e27f8b958783)

- - - - -
45850169 by Stefan Metzmacher at 2019-03-28T08:35:21Z
dbcheck: add find_repl_attid() helper function

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 598e38d2a5e0832429ba65b4e55bf7127618f894)

- - - - -
860b04aa by Stefan Metzmacher at 2019-03-28T08:35:21Z
blackbox/dbcheck-links.sh: add regression test for lost deleted object repair

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 1ccc21a34d295be3bb2ab481a5918003eae88bf4)

- - - - -
107883df by Stefan Metzmacher at 2019-03-28T08:35:21Z
dbcheck: detect the change after deletion bug

Old versions of 'samba-tool dbcheck' could reanimate
deleted objects, when running at the same time as the
tombstone garbage collection.

When the (deleted) parent of a deleted object
(with the DISALLOW_MOVE_ON_DELETE bit in systemFlags),
is removed before the object itself, dbcheck moved
it in the LostAndFound[Config] subtree of the partition
as an originating change. That means that the object
will be in tombstone state again for 180 days on the local
DC. And other DCs fail to replicate the object as
it's already removed completely there and the replication
only gives the name and lastKnownParent attributes, because
all other attributes should already be known to the other DC.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit a1658b306d85452407388b91a745078c9c1f7dc7)

- - - - -
aebf46d9 by Stefan Metzmacher at 2019-03-28T08:35:21Z
python/samba/netcmd: provide SUPPRESS_HELP via Option class

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit b61d580fb7dba8ff94e9e98c958e324865cd2f1d)

- - - - -
02f3d0a1 by Stefan Metzmacher at 2019-03-28T08:35:21Z
dbcheck: add --selftest-check-expired-tombstones cmdline option

This will be used by dbcheck tests which operate on static/old provision
dumps in the following commits.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 6f9c5ed8de47bb98e21e8064d8e90f963f2f71ca)

- - - - -
543fc3e9 by Stefan Metzmacher at 2019-03-28T08:35:22Z
blackbox/dbcheck*.sh: pass --selftest-check-expired-tombstones to dbcheck

These tests operate on provision dumps created long ago, they still
want to run tests on deleted objects, when the next commits remove
processing expired tombstone objects in dbcheck.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 5fccc4e9044d2e57be33471f5e6b9be7cc37ac3a)

- - - - -
3fca3dcc by Stefan Metzmacher at 2019-03-28T08:35:22Z
blackbox/dbcheck-links.sh: prepare regression test for skipping expired tombstones

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit b096a3117ed9249fd6f65f3221a26c88efbba3b8)

- - - - -
693c3498 by Stefan Metzmacher at 2019-03-28T08:35:22Z
dbcheck: don't check expired tombstone objects by default anymore

These will be removed anyway and any change on them risks to
be an originating update that causes replication problems.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Mar 14 03:12:27 UTC 2019 on sn-devel-144

(cherry picked from commit a2c5f8cf41c2dfdc4f122e8427d1dfeabb6ba311)

- - - - -
42b62465 by Stefan Metzmacher at 2019-03-28T08:35:22Z
dbcheck: use the str() value of the "name" attribute

We do the same with the rdn attribute value
and we need the same logic on both in order to
check they are the same.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
(cherry picked from commit dd6f0dad218ec1d5aa38ea8aa6848ec81035cb3f)

- - - - -
d44f2157 by Douglas Bagnall at 2019-03-28T08:35:22Z
py/graph: use 2.6 compatible check for set membership

It is better this way anyway.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13837
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Mar 20 06:36:05 UTC 2019 on sn-devel-144

(cherry picked from commit c0aca17a4c9ec06f0127d5c972f3fa979a87a77f)

- - - - -
87ffad41 by Douglas Bagnall at 2019-03-28T08:35:22Z
py/kcc_utils: py2.6 compatibility

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13837
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>

- - - - -
4644b23b by Michael Hanselmann at 2019-03-28T08:35:22Z
Fix typos in "valid"

s/vald/valid/

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13840

Signed-off-by: Michael Hanselmann <public at hansmi.ch>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 305346d360d3c13fd315c1af27b037f46fd10650)

- - - - -
223352ee by Michael Hanselmann at 2019-03-28T08:35:22Z
regfio: Use correct function names in debug information

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13840

Signed-off-by: Michael Hanselmann <public at hansmi.ch>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit aa6b355858a0d8b77bf49384e5329642add1a5ff)

- - - - -
b5ae06cc by Michael Hanselmann at 2019-03-28T08:35:22Z
regfio: Add trivial unit test

An upcoming commit will resolve two cases of insufficient handling of
mangled registry hive files and will include unit tests.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13840

Signed-off-by: Michael Hanselmann <public at hansmi.ch>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 9b2cb845b23cd1c91ab3b5ea8ad791b18b3ab733)

- - - - -
f3552ad5 by Michael Hanselmann at 2019-03-28T08:35:23Z
regfio: Improve handling of malformed registry hive files

* next_record: A malformed file can lead to an endless loop.
* regfio_rootkey: Supplying a malformed registry hive file to the
  registry hive I/O code can lead to out-of-bounds reads.

Test cases are included. Both issues resolved have been identified using
AddressSanitizer.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13840

Signed-off-by: Michael Hanselmann <public at hansmi.ch>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 601afd690346087fbd53819dba9b1afa81560064)

- - - - -
0cc35082 by Andrew Bartlett at 2019-03-28T08:35:23Z
regfio: Update code near recent changes to match README.Coding

This file long predates our current code conventions.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13840

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit acbf103fcaa4150a57bfbab2450e36b5b39e399b)

- - - - -
055b971a by Andrew Bartlett at 2019-03-28T08:35:23Z
regfio tests: Update comment style to match README.Coding

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13840

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 68c0fc4335d0c3c526a38481538a33290be6d58a)

- - - - -
5b716115 by Andreas Schneider at 2019-03-28T13:46:27Z
s3:waf: Fix the detection of makdev() macro on Linux

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13853

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit eace58b539a382c61edd7c2be6fdfab31114719f)

Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Thu Mar 28 13:46:27 UTC 2019 on sn-devel-144

- - - - -
9c52fdc1 by Andreas Schneider at 2019-04-02T09:11:45Z
s3:lib: Fix the debug message for adding cache entries.

To get correct values, we need to cast 'timeout' to 'long int' first in
order to do calculation in that integer space! Calculations are don in
the space of the lvalue!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13848

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 5822449a7340f53987ce4c04851652427f5b49e8)

- - - - -
d59cefc8 by Philipp Gesang at 2019-04-02T13:44:38Z
libcli: permit larger values of DataLength in SMB2_ENCRYPTION_CAPABILITIES of negotiate response

Certain Netapp versions are sending SMB2_ENCRYPTION_CAPABILITIES
structures containing DataLength field that includes the padding
[0]. Microsoft has since clarified that only values smaller than
the size are considered invalid [1].

While parsing the NegotiateContext it is ensured that DataLength
does not exceed the message bounds. Also, the value is not
actually used anywhere outside the validation. Thus values
greater than the actual data size are safe to use. This patch
makes Samba fail only on values that are too small for the (fixed
size) payload.

[0] https://lists.samba.org/archive/samba/2019-February/221139.html
[1] https://lists.samba.org/archive/cifs-protocol/2019-March/003210.html

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13869

Signed-off-by: Philipp Gesang <philipp.gesang at intra2net.com>
Reviewed-by: Ralph Böhme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sun Mar 31 01:11:09 UTC 2019 on sn-devel-144

(cherry picked from commit 865b7b0c7d2ba7fa0a045586d1e83a72028a0864)

Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Tue Apr  2 13:44:38 UTC 2019 on sn-devel-144

- - - - -
49231313 by Karolin Seeger at 2019-04-05T07:26:54Z
VERSION: Bump version up to 4.9.6...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger <kseeger at samba.org>
(cherry picked from commit 3e6b84f8b43f769b823c13852237f47ebfad6d77)

- - - - -
b708ce3f by Tim Beale at 2019-04-05T07:48:18Z
CVE-2019-3870 tests: Extend smbd tests to check for umask being overwritten

The smbd changes the umask - if the code fails to restore the umask to
what it was, then this is very bad. Add an extra check to every
smbd-related test that the umask at the end of the test is the same as
what it was at the beginning (i.e. if the smbd code changed the umask
then it correctly restored the value afterwards).

As the selftest sets the umask for all tests to zero, it makes it hard
to detect this problem, so the test setUp() needs to set it to something
else first.

This extra checking is added to the setUp()/tearDown() so that it
applies to all test-cases. However, any failure that occur with this
approach will not be able to be known-failed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

(This backport to Samba 4.9 by Andrew Bartlett was not a pure
cherry-pick due to merge conflicts)

- - - - -
83cc536a by Tim Beale at 2019-04-05T07:48:18Z
CVE-2019-3870 tests: Add test to check file-permissions are correct after provision

This provisions a new DC and checks there are no world-writable
files in the new DC's private directory.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
65a175aa by Andrew Bartlett at 2019-04-05T07:48:18Z
CVE-2019-3870 pysmbd: Include tests to show the outside umask has no impact

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
30db4865 by Andrew Bartlett at 2019-04-05T07:48:18Z
CVE-2019-3870 pysmbd: Move umask manipuations as close as possible to users

Umask manipulation was added to pysmbd with e146fe5ef96c1522175a8e81db15d1e8879e5652 in 2012
and init_files_struct was split out in 747c3f1fb379bb68cc7479501b85741493c05812 in 2018 for
Samba 4.9. (It was added to assist the smbd.create_file() routine used in the backup and
restore tools, which needed to write files with full metadata).

This in turn avoids leaving init_files_struct() without resetting the umask to
the original, saved, value.

Per umask(2) this is required before open() and mkdir() system calls (along
side other file-like things such as those for Unix domain socks and FIFOs etc).

Therefore for safety and clarify the additional 'belt and braces' umask
manipuations elsewhere are removed.

mkdir() will be protected by a umask() bracket, for correctness, in the next patch.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834

Signed-off-by: Andrew Bartlett <abartlet at samba.org>

(This backport to Samba 4.9 by Andrew Bartlett is not a pure
cherry-pick due to merge conflicts)

- - - - -
c92ac5ad by Andrew Bartlett at 2019-04-05T07:48:18Z
CVE-2019-3870 pysmbd: Ensure a zero umask is set for smbd.mkdir()

mkdir() is the other call that requires a umask of 0 in Samba.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
d53121af by Jeremy Allison at 2019-04-05T07:48:18Z
CVE-2019-3880 s3: rpc: winreg: Remove implementations of SaveKey/RestoreKey.

The were not using VFS backend calls and could only work
locally, and were unsafe against symlink races and other
security issues.

If the incoming handle is valid, return WERR_BAD_PATHNAME.

[MS-RRP] states "The format of the file name is implementation-specific"
so ensure we don't allow this.

As reported by Michael Hanselmann.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13851

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
424563db by Karolin Seeger at 2019-04-05T07:48:18Z
WHATSNEW: Add release notes for Samba 4.9.6.

CVE-2019-3870 (World writable files in Samba AD DC private/ dir)
CVE-2019-3880 (Save registry file outside share as unprivileged user)

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
dd7b68d1 by Karolin Seeger at 2019-04-05T07:48:18Z
VERSION: Disable GIT_SNAPSHOT for the 4.9.6 release.

CVE-2019-3870 (World writable files in Samba AD DC private/ dir)
CVE-2019-3880 (Save registry file outside share as unprivileged user)

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
8ee79597 by Karolin Seeger at 2019-04-08T10:29:09Z
Merge tag 'samba-4.9.6' into v4-9-test

samba: tag release samba-4.9.6

- - - - -
d162726a by Karolin Seeger at 2019-04-08T10:29:27Z
VERSION: Bump version up to 4.9.7.

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
b1d1f5f5 by Andreas Schneider at 2019-04-09T09:49:51Z
docs: Update smbclient manpage for --max-protocol

We default to SMB3 now.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13857

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 63084375e3c536f22f65e7b7796d114fa8c804c9)

- - - - -
be37e77b by Andreas Schneider at 2019-04-09T09:49:51Z
s3:libads: Print more information when LDAP fails

Currently we just get an error but don't know what exactly we tried to
do in 'net ads join -d10'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 40669e3739eb5cde135c371e2c8134d3f11a16a5)

- - - - -
0acb2e42 by Andreas Schneider at 2019-04-09T09:49:52Z
s3:libsmb: Add some useful debug output to cliconnect

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 011a47f04dabe22095a30d284662d8ca50463ee8)

- - - - -
7dce8031 by Guenther Deschner at 2019-04-09T09:49:52Z
s3:libnet: Fix debug message in libnet_DomainJoin()

A newline is missing but also use DBG_INFO macro and cleanup spelling.

Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 3a33c360071bb7cada58f1f71ccd8949fda70662)

- - - - -
1a239fa0 by Guenther Deschner at 2019-04-09T09:49:52Z
auth:ntlmssp: Add back CRAP ndr debug output

This got lost somehow during refactoring. This is still viable
information when trying to figure out what is going wrong when
authenticating a user over NTLMSSP.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 9e92654899db3c951bee0203415a15737402e7b7)

- - - - -
33ec6f82 by Andreas Schneider at 2019-04-09T09:49:52Z
auth:creds: Prefer the principal over DOMAIN/username when using NTLM

If we want to authenticate using -Wadmin at otherdomain the DC should do
take care of the authentication with the right DC for us.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Pair-Programmed-With: Guenther Deschner <gd at samba.org>
Signed-off-by: Guenther Deschner <gd at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 5c7f0a6902cfdd698e5f4159d37537bb4c9c1cc3)

- - - - -
cf210317 by Andreas Schneider at 2019-04-09T09:49:52Z
s3:libnet: Use more secure name for the JOIN krb5.conf

Currently we create krb5.conf..JOIN, use krb5.conf._JOIN_ instead.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit b7f0c64514a28cfb5d2cdee683c18943b97ea753)

- - - - -
55da00ce by Andreas Schneider at 2019-04-09T09:49:52Z
s3:libads: Make sure we can lookup KDCs which are not configured

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Pair-Programmed-With: Guenther Deschner <gd at samba.org>
Signed-off-by: Guenther Deschner <gd at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit c016afc832543514ebf7ecda1fbe6b272ea533d6)

- - - - -
e933ddb7 by Guenther Deschner at 2019-04-09T09:49:52Z
s3:ldap: Leave add machine code early for pre-existing accounts

This avoids numerous LDAP constraint violation errors when we try to
re-precreate an already existing machine account.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Signed-off-by: Guenther Deschner <gd at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 2044ca0e20bd3180720a82506b3af041d14b5c68)

- - - - -
4147349c by Günther Deschner at 2019-04-09T09:49:52Z
s3-libnet_join: always pass down admin domain to ads layer

Otherwise we could loose the information that a non-default domain name
has been used for admin creds.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Guenther

Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit ea29aa27cbac4253ee1701fed99a3e0811f7475d)

- - - - -
d101da49 by Günther Deschner at 2019-04-09T09:49:53Z
s3-libnet_join: setup libnet join error string when AD connect fails

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Guenther

Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 68121f46c74df9cef7a377040d01ba75cdcf5a26)

- - - - -
7f1811ee by Günther Deschner at 2019-04-09T09:49:53Z
s3-libnet_join: allow fallback to NTLMSSP auth in libnet_join

When a non-DNS and non-default admin domain is provided during the join
sometimes we might not be able to kinit with 'user at SHORTDOMAINNAME'
(e.g. when the winbind krb5 locator is not installed). In that case lets
fallback to NTLMSSP, like we do in winbind.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Guenther

Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Apr  3 18:57:31 UTC 2019 on sn-devel-144

(cherry picked from commit 377d27359ccdb8f2680fda36ca388f44456590e5)

- - - - -
d78118d0 by Douglas Bagnall at 2019-04-09T13:52:03Z
py/provision: fix for Python 2.6

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13882
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Tue Apr  9 13:52:03 UTC 2019 on sn-devel-144

- - - - -
d415458f by Martin Schwenke at 2019-04-12T07:57:10Z
ctdb-scripts: Reindent some functions prior to making changes

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>
(cherry picked from commit d7e187c1a7046196ec96637bdc14cc6b042eafcc)

- - - - -
11758628 by Martin Schwenke at 2019-04-12T07:57:10Z
ctdb-scripts: Rename variable nfslock_service to nfs_lock_service

There will be more of these variable for other services so, for
readability, it makes sense for them to start with "nfs_".

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>
(cherry picked from commit 9981353ab79dce81b698c535977be4a681119d1e)

- - - - -
022b9a6c by Martin Schwenke at 2019-04-12T07:57:10Z
ctdb-scripts: Add test variable CTDB_NFS_DISTRO_STYLE

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>
(cherry picked from commit e72c3c800a50fe746164e319e21180c44d041619)

- - - - -
f0082767 by Martin Schwenke at 2019-04-12T07:57:10Z
ctdb-scripts: Factor out nfs_load_config()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>
(cherry picked from commit 8de0a339b550e7363d265af04ad69f2179af75c6)

- - - - -
5a97b7f0 by Martin Schwenke at 2019-04-12T07:57:11Z
ctdb-scripts: Stop/start mount/rquotad/status via NFS call-out

When an NFS check restarts a failed service by hand then systemd will
be unable to stop or start this service again because (at least) the
PID file will be wrong.  Do this via the NFS Linux kernel call-out
instead.  Allow the call-out to use the services instead of doing
manual restarts.  Add variables for mount, status and rquotad services
to support this.

Adding systemd NFS services to the call-out will follow.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>
(cherry picked from commit 42103b568698d8087d27f0848b402ccb7cfac86b)

- - - - -
7932032d by Martin Schwenke at 2019-04-12T07:57:11Z
ctdb-scripts: Start NFS quota service if defined

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>
(cherry picked from commit 708c04071af8d6ddc3bf2bddbde4d5847f440c0e)

- - - - -
aee71ea6 by Martin Schwenke at 2019-04-12T07:57:11Z
ctdb-scripts: Add systemd services to NFS call-out

At least Red Hat and Debian appear to use (a variant of?) the upstream
systemd units for NFS, so adding support for these services is
relatively easy.  Distributions using Sys-V init can patch the
call-out to use the relevant Sys-V init services.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>
(cherry picked from commit a8fafd377ff0cb07ab161e437c5fe024704345eb)

- - - - -
14069988 by Martin Schwenke at 2019-04-12T07:57:11Z
ctdb-tests: Update NFS test infrastructure to support systemd services

The tests are written around the default of sysvinit-redhat.  Add
support for systemd-redhat.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>
(cherry picked from commit 2833ddcfcb780497264e0f412a9ad6e26a9bc657)

- - - - -
dae0e8ec by Martin Schwenke at 2019-04-12T07:57:11Z
ctdb-scripts: Allow load_system_config() to take multiple alternatives

The situation for NFS config has got more complicated and is probably
broken in statd-callout on Debian-like systems at the moment.  Allow
several alternative configuration names to be tried.  Stop after the
first that is found and loaded.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>
(cherry picked from commit 0d67ea5fcca766734ecc73ad6b0139f7c13a15c5)

- - - - -
49fa0881 by Martin Schwenke at 2019-04-12T07:57:11Z
ctdb-scripts: Update statd-callout to try several configuration files

The alternative seems to be to try something via CTDB_NFS_CALLOUT.
That would be complicated and seems like overkill for something this
simple.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>
(cherry picked from commit a2bd4085896804ee2da811e17f18c78a5bf4e658)

- - - - -
116c874f by Christof Schmitt at 2019-04-12T07:57:11Z
memcache: Introduce struct for storing talloc pointer

This allows extending the additional data stored for talloced objects
later.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13865

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 7c44f2f76eefb9156cb1d170c92b4ff07dd6a3d5)

- - - - -
a54038bf by Christof Schmitt at 2019-04-12T07:57:11Z
memcache: Properly track the size of talloc objects

With memcache_add_talloc, the talloc object becomes part of the pool and
the memcache_element stores a pointer to the talloc object. The
size of the the talloc object was not used when tracking the used space,
allowing the cache to grow larger than defined in the memcache_init
call.

Fix this by adding the size of the talloc object to the used space.

Also record the initial size of the talloc object for proper adjustment
of the used space in the cache later. This is in case the size of the
talloc object is modified while being owned by the cache (e.g.
allocating talloc child objects). This should never happen, but better
be safe than ending up with a broken cache usage counter.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13865

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit a04ca6f3438595ba7e1a110877f53d1cac0f0402)

- - - - -
e09262b7 by Christof Schmitt at 2019-04-12T07:57:11Z
memcache: Increase size of default memcache to 512k

With the fixed accounting of talloc objects, the default cache size
needs to increase. The exact increase required depends on the workloads,
going form 256k to 512k seems like a reasonable guess.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13865

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 9ff5c0bab76c5d3d7bea1fcb79861d0c9a3b9839)

- - - - -
e974e440 by Christof Schmitt at 2019-04-12T11:29:26Z
torture: Add test for talloc size accounting in memcache

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13865

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Apr  6 06:08:42 UTC 2019 on sn-devel-144

(cherry picked from commit b7028c42462c34cf86cb949bfdb16ebc7ed0a6c6)

Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Fri Apr 12 11:29:26 UTC 2019 on sn-devel-144

- - - - -
d9c47cb8 by Martin Schwenke at 2019-04-15T08:28:11Z
ctdb-daemon: Revert "We can not assume that just because we could complete a TCP handshake"

We also can not assume that nodes can be marked as connected via only
the keepalive mechanism.  Keepalives are not sent to disconnected
nodes so, in the absence of other packets (e.g. broadcasts), 2 nodes
may never become marked as connected to each other.

Revert to marking nodes as connected in the TCP transport code.  If a
connection is to a non(-operational) ctdbd then it will revert to
disconnected after a short while and may actually flap.  This should
be rare.

This reverts commit 66919db3d7ab1e091223faf515b183af8bfddc83.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13888

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit 38dc6d11a26c2e9a2cae7927321f2216ceb1c5ec)

- - - - -
945a41d3 by Amitay Isaacs at 2019-04-15T12:55:46Z
ctdb-common: Avoid race between fd and signal events

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13895

In run_proc, there was an implicit assumption that when a process exits,
fd event (pipe between parent and child) would be processed first and
signal event (SIGCHLD for the child) would be processed later.

However, that is not the case.  SIGCHLD can be received asynchronously
any time even when the pipe data has not fully been read.  This causes
run_proc to miss some of the output from child process in tests.

When SIGCHLD is being processed, if the pipe between parent and child is
still open, then do an explict read from the pipe to ensure we read any
data still in the pipe before closing the pipe.

Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>

Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Fri Apr 12 08:19:29 UTC 2019 on sn-devel-144

(cherry picked from commit 289201277cd983b27cdfd5376c607eab112b4082)

Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Mon Apr 15 12:55:46 UTC 2019 on sn-devel-144

- - - - -
7aa443a3 by Stefan Metzmacher at 2019-04-24T07:00:29Z
s3:smbd: handle IO_REPARSE_TAG_DFS in SMB_FIND_FILE_FULL_DIRECTORY_INFO

This completes commit 74829fecd7a4e806ee441cd75141bede2eefef1a,
which missed SMB_FIND_FILE_FULL_DIRECTORY_INFO

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10097

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 1d9348575914891dbb5638bc9b8d51eda98fe554)

- - - - -
8d6361b6 by Stefan Metzmacher at 2019-04-24T07:00:29Z
smb2_server: allow smbd_smb2_request_pending_queue(0) to avoid STATUS_PENDING

This has the same meaning as smb2_request_set_async_internal(),
but this will simplifies callers.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13698
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13796

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 4760b85243f335bb2094fc779802ce4b52db0ccb)

- - - - -
dc06b1b3 by Stefan Metzmacher at 2019-04-24T07:00:29Z
smb2_sesssetup: avoid STATUS_PENDING responses for session setup

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12845
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13698
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13796

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 23792449694b5221f6ea422166c96fac494e3e2c)

- - - - -
6122f423 by Stefan Metzmacher at 2019-04-24T07:00:29Z
smb2_tcon: avoid STATUS_PENDING responses for tree connect

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12844
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13698

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 8a11da429bd3c89766f43c2bff681837a769987c)

- - - - -
d8d3e689 by Stefan Metzmacher at 2019-04-24T07:00:29Z
smb2_sesssetup: avoid STATUS_PENDING completely on session logoff

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10344
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13698

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit d64038425f250e253dce707d69899c7a5d8cb32e)

- - - - -
c8bdbc39 by Stefan Metzmacher at 2019-04-24T07:00:30Z
smb2_tcon: avoid STATUS_PENDING completely on tdis

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10344
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13698

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 1dc002548336b969979c3bf85b531c059d87f015)

- - - - -
dedeaf37 by David Disseldorp at 2019-04-24T07:00:30Z
vfs_snapper: drop unneeded fstat handler

fstat is handle based, and unlike vfs_shadow_copy2, we don't need to
make any changes to the returned sbuf, so remove the existing handler
which does nothing.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13858

Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Mar 27 18:21:38 UTC 2019 on sn-devel-144

(cherry picked from commit c68d9c9ef367c1e85619ac2d027a0a425164ca8a)

- - - - -
a50c4d7a by Stefan Metzmacher at 2019-04-24T07:00:30Z
vfs_default: fix DEBUG messages in vfswrap_offload_write_*_done()

SMB_VFS_{PREAD,PWRITE}_RECV() don't set errno, so we need to
use strerror(aio_state.error) in the debug messages.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13862

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 2abf9e9a95cbdf76109b3501dee3e0c34ad09194)

- - - - -
74001095 by Stefan Metzmacher at 2019-04-24T07:00:30Z
vfs_default: fix vfswrap_offload_write_send() NT_STATUS_INVALID_VIEW_SIZE check

This fixes a regression introduced in commit
60e45a2d25401eaf9a15a86d19114670ccfde259, where the 'num' variable
was renamed to 'to_copy', but a new 'num' variable was introduced.

Note that off_t is signed!
In future we need to watch out for filesystems supporting
FMODE_UNSIGNED_OFFSET on Linux. Which means they use it unsigned.

This is more or less a theoretical problem, The
NT_STATUS_INVALID_PARAMETER cases are catched before by
SMB_VFS_PREAD_SEND/RECV.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13862

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 4d6cd932a955a99ca33cc4aedd7f612e56e0b1de)

- - - - -
7abc1442 by Stefan Metzmacher at 2019-04-24T07:00:30Z
smb2_server: grant all 8192 credits to clients

This seems to match Windows Server 2016.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13863

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 829f692fb1552e56c6a9726036a995b4328731dd)

- - - - -
c5089041 by David Disseldorp at 2019-04-24T07:00:30Z
vfs_ceph: explicitly enable libcephfs POSIX ACL support

libcephfs disables ACL support by default and returns -EOPNOTSUPP in the
POSIX ACL get/setxattr paths as a result. Enable support by setting the
following Ceph config parameters during mount:
        client acl type = posix_acl
        fuse default permissions = false

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13896

Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 4982e282f2f2246952854ccc10d4787ac6653a7f)

- - - - -
571f7034 by David Disseldorp at 2019-04-24T11:05:08Z
docs/vfs_ceph: describe new ACL behaviour

vfs_ceph now explicitly enables libcephfs POSIX ACL support.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13896

Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Apr 12 19:40:25 UTC 2019 on sn-devel-144

(cherry picked from commit 58314d71ea63e36d5f1bbd2c3e190b1edffee726)

Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Wed Apr 24 11:05:08 UTC 2019 on sn-devel-144

- - - - -
f6907809 by Anoop C S at 2019-04-30T11:29:27Z
s3/vfs_glusterfs_fuse: Dynamically determine NAME_MAX

This allows the vfs_glusterfs_fuse build to complete on AIX.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13872

Signed-off-by: Anoop C S <anoopcs at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit e28d172b00cadf492c22bd892e2dda3bf2fe2d70)

- - - - -
16462634 by Anoop C S at 2019-04-30T16:05:51Z
s3/vfs_glusterfs: Dynamically determine NAME_MAX

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13872

Signed-off-by: Anoop C S <anoopcs at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 8e3a042eb9e502821b147f1bbb2d98d59f17a095)

Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Tue Apr 30 16:05:51 UTC 2019 on sn-devel-144

- - - - -
b9fac394 by Karolin Seeger at 2019-05-01T05:46:13Z
WHATSNEW: Add release notes for Samba 4.9.7.

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
c8e9b9fe by Karolin Seeger at 2019-05-01T05:46:13Z
VERSION: Disable GIT_SNAPSHOT for the 4.9.7 release.

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
86de3470 by Karolin Seeger at 2019-05-01T05:46:48Z
VERSION: Bump version up to 4.9.8...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
bc1b0ade by Karolin Seeger at 2019-05-07T10:22:10Z
VERSION: Bump version up to 4.9.8...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger <kseeger at samba.org>
(cherry picked from commit 86de3470b4c342857d1c8408929ef4637fdf1937)

- - - - -
52200468 by Isaac Boukris at 2019-05-07T10:22:28Z
CVE-2018-16860 selftest: Add test for S4U2Self with unkeyed checksum

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13685

Signed-off-by: Isaac Boukris <iboukris at gmail.com>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
de3fa5d6 by Isaac Boukris at 2019-05-07T10:22:28Z
CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13685

Signed-off-by: Isaac Boukris <iboukris at gmail.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
ff8e3fba by Karolin Seeger at 2019-05-07T10:24:55Z
WHATSNEW: Add release notes for Samba 4.9.8.

CVE-2018-16860 (Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum)

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
9dfd4419 by Karolin Seeger at 2019-05-07T10:27:29Z
VERSION: Disable GIT_SNAPSHOT for the 4.9.8 release.

CVE-2018-16860 (Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum)

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
d1c15c26 by Karolin Seeger at 2019-05-14T06:22:26Z
Merge tag 'samba-4.9.8' into v4-9-test

samba: tag release samba-4.9.8

- - - - -
a9f7f1f7 by Karolin Seeger at 2019-05-14T06:23:03Z
VERSION: Bump version up to 4.9.9.

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
d012a7e8 by Christof Schmitt at 2019-05-15T11:20:28Z
nsswitch: Add testcase for checking output of wbinfo --sid-to-name

The username should always be returned in the DOMAISHORTNAME/USERNAME
format.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit d006c769a9cad275339b18b08e13d48acb29d7fc)

- - - - -
cc3ca17a by Christof Schmitt at 2019-05-15T11:20:28Z
winbind: Query domain from msrpc name_to_sid

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 60b0e91237179b8782c4bd83b9579f51d5af2928)

- - - - -
ef63526b by Christof Schmitt at 2019-05-15T11:20:28Z
winbind: Query domain from winbind rpc name_to_sid

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 562551c0886bdef1f97059e16d375c2e97452b45)

- - - - -
b5c442b7 by Christof Schmitt at 2019-05-15T11:20:28Z
winbind: Query domain from winbind sam_name_to_sid

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 32e3f0663be39cf4a81639c818fc88e959791673)

- - - - -
b3876c30 by Christof Schmitt at 2019-05-15T11:20:28Z
winbind: Return queried domain name from name_to_sid

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 640e0ef4fd338ddf03b813a8d45cce67c7ec7a01)

- - - - -
03a91bf0 by Christof Schmitt at 2019-05-15T14:18:45Z
winbind: Use domain name from lsa query for sid_to_name cache entry

When winbindd is asked to map a name like realm.com\name to a SID ,that
is sucessfully resolved through the lsa lookup name call. The same call
also returns the short domain name (netbios name of the domain). Use
that short domain name for the sid_to_name cache entry, so that
subsequent sid_to_name queries return the expected netbiosname\name
result and not realm.com\name.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit aec9bda25f10ca2710d91fb680cca7904e92f9de)

Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Wed May 15 14:18:45 UTC 2019 on sn-devel-144

- - - - -
bba9f065 by Douglas Bagnall at 2019-05-17T07:18:27Z
pytests/dns: use 2.6 compatible syntax

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13886
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
d4d41f0d by Gary Lockyer at 2019-05-17T07:18:27Z
lib util debug: Increase format buffer to 4KiB

Increase the debug line buffer to 4KiB, the existing size of 1KiB is too
small for dsdbChange JSON audit messages.  These messages were then
split across multipe lines causing issues in log ingestion tools
expecting single line messages.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13902

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

Autobuild-User(master): Gary Lockyer <gary at samba.org>
Autobuild-Date(master): Mon May  6 01:18:22 UTC 2019 on sn-devel-184

(cherry picked from commit ad3af7cdffb98b7998857db609548fc96f60c669)

- - - - -
0861417b by Christof Schmitt at 2019-05-17T07:18:27Z
selftest: Add gid-to-sid lookup to idmap_ad test

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13903

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit d7b5ad5e6159c224f70bea782bbdc46059e67978)

- - - - -
dcbffbb3 by Christof Schmitt at 2019-05-17T07:18:27Z
selftest: Use fl2008r2dc for ad_member_idmap_ad

fl2008r2dc already has a trusted domain. That will be used to use
idmap_ad for querying idmap attributes from the trusted domain.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13903

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 8266bd1f45d1b5b2a61d84006ab8e8e1ed0e52a9)

- - - - -
f807c76d by Christof Schmitt at 2019-05-17T07:18:28Z
selftest: Make trusted domain information available for idmap_ad environment

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13903

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 281fb81ab1c72831c752be44fd1bfdcfd10bd798)

- - - - -
4cf06197 by Christof Schmitt at 2019-05-17T07:18:28Z
selftest: Add idmap configuration for trusted domain for idmap_ad

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13903

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 65e1d783cb17904cd117d896569e7cbe79a3131b)

- - - - -
c1b0fb91 by Christof Schmitt at 2019-05-17T07:18:28Z
selftest: Pass trusted domain information to idmap_ad test

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13903

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit ac0f8656eed39a4527a5336cf93aa1508666f79b)

- - - - -
ac678f27 by Christof Schmitt at 2019-05-17T07:18:28Z
selftest: Add trusted domain tests for idmap_ad

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13903

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 2577f43a133f8b8eb997b9529a38e21c77b5da22)

- - - - -
e7b1794c by Volker Lendecke at 2019-05-17T07:18:28Z
winbind: Fix overlapping id ranges

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13903

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Apr 24 02:25:56 UTC 2019 on sn-devel-184

(cherry picked from commit 3020050bdf9df077ec9a0e962a689557187174ac)

- - - - -
cd5fbcc9 by Ralph Boehme at 2019-05-17T07:18:28Z
debug: add an empty line

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 2bc7e254a62cfc6a60ecff425fc71173c6d21a10)

- - - - -
2e2b539d by Ralph Boehme at 2019-05-17T07:18:28Z
debug: add a call to debug_parse_levels() to reopen_logs()

This allows correct refresh of the "log level" setting when reloading config.

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 4341f24069f991dc7119093e418aac392e0a1b50)

- - - - -
dea9042b by Ralph Wuerthner at 2019-05-17T07:18:28Z
s3:debug: use struct initializer

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13904

Signed-off-by: Ralph Wuerthner <ralph.wuerthner at de.ibm.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
(cherry picked from commit b9e1b4ad0033c211710da285c30d603ccb8b8d40)

- - - - -
adc1277e by Ralph Wuerthner at 2019-05-17T07:18:28Z
s3:debug: adjust indention

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13904

Signed-off-by: Ralph Wuerthner <ralph.wuerthner at de.ibm.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
(cherry picked from commit a45675879ddcb43ab274d28496eedd6833466ae4)

- - - - -
9348090b by Ralph Wuerthner at 2019-05-17T07:18:28Z
s3:debug: enable logging for early startup failures

Commit c89a33a07a 'debug: Use backends instead of explicitly logging to
syslog or file' introduced a regression where early startup failures (e.g.
unable to connect to CTDB) are no longer logged because the debug subsystem
is not yet fully initialized. Enable logging again with reasonable defaults
when reopen_logs() is called and the parameter file is not yet parsed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13904

Signed-off-by: Ralph Wuerthner <ralph.wuerthner at de.ibm.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

Autobuild-User(master): Christof Schmitt <cs at samba.org>
Autobuild-Date(master): Thu Apr 18 22:21:15 UTC 2019 on sn-devel-144

(cherry picked from commit 9b30fcda64080592d20de64b384fd6d3d0775cbf)

- - - - -
9f4cc1ff by Robert Sander at 2019-05-17T07:18:29Z
s3: modules: ceph: use current working directory instead of share path

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13918

Signed-off-by: Robert Sander <r.sander at heinlein-support.de>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu May  2 19:34:11 UTC 2019 on sn-devel-184

(cherry picked from commit 966fc0dc604299a87e40e7170d80911475317db5)

- - - - -
b23a436e by Stefan Metzmacher at 2019-05-17T07:18:29Z
s4:torture/smb2: add smb2.stream.names3 test

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13919

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit b5c4fdbf99caa3a9e7c6446cfbc4f1b23b84b3c8)

- - - - -
e8a1f4c2 by Stefan Metzmacher at 2019-05-17T07:18:29Z
smbd: allow case insensitive opens of named streams

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13919

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 2a69c0915586fb9fb2148239965d06bf9f93c803)

- - - - -
d2c87ba6 by Stefan Metzmacher at 2019-05-17T07:18:29Z
s4:libcli/raw: add RAW_FILEINFO_NORMALIZED_NAME_INFORMATION support

This is supported over the wire in SMB 3.1.1 on starting with
Windows 10 1803.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13919

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 0c602319194bda6b2a0efdd7c186078583f79264)

- - - - -
ffb6fb90 by Stefan Metzmacher at 2019-05-17T07:18:29Z
s4:torture/smb2: add smb2.getinfo.normalized test

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13919

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 8a5828de2bdd95223e5f30996d0490fef53742dd)

- - - - -
7db0d1a7 by Stefan Metzmacher at 2019-05-17T07:18:29Z
smbd: implement SMB_FILE_NORMALIZED_NAME_INFORMATION handling

Windows 10 (1803 and higher) support and use
SMB_FILE_NORMALIZED_NAME_INFORMATION calls over the network. As a
fallback (in case the server don't support it) the client traverses all
path components, which is very expensive.

Implementing SMB_FILE_NORMALIZED_NAME_INFORMATION is very cheap for us
as the open already went through unix_convert() and we have the
information the client is asking for.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13919

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed May  1 18:33:00 UTC 2019 on sn-devel-184

(cherry picked from commit b20fd15e04ce9292f90a7f70f4184e43034b4b9d)

- - - - -
08e229df by Martin Schwenke at 2019-05-17T07:18:29Z
ctdb-tools: Fix ctdb dumpmemory to avoid printing trailing NUL

Fix ctdb rddumpmemory too.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13923

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit f78d9388fb459dc83fafb4da6e683e3137ad40e1)

- - - - -
30b5d837 by Martin Schwenke at 2019-05-17T07:18:29Z
ctdb-tests: Extend test to cover ctdb rddumpmemory

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13923

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit 8108b3134c017c22d245fc5b2207a88d44ab0dd2)

- - - - -
7c97bc83 by Martin Schwenke at 2019-05-17T07:18:29Z
ctdb-tests: Change sanity_check_output() to internally use $out

All callers are currently passed $out.  Global variable $out is used
in many other places so use it here to simplify the interface and make
future changes simpler.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13924

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit 7c3819d1ac264acf998f426e0cef7f6211e0ddee)

- - - - -
b594f516 by Martin Schwenke at 2019-05-17T07:18:29Z
ctdb-tests: Make try_command_on_node less error-prone

This sometimes fails, apparently due to a cat process in onnode
getting EAGAIN.  The conclusion is that tests that process large
amounts of output should not depend on a sub-shell delivering that
output into a shell variable.

Change try_command_on_node() to leave all of the output in file
$outfile and just put the first 1KB into $out.  $outfile is removed
after each test completes.

Change the implementation of sanity_check_output() to use $outfile
instead of $out.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13924

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit 9d02452a24625df5f62fd6d45a16effe2fa45fbe)

- - - - -
3f104bd0 by Martin Schwenke at 2019-05-17T07:18:30Z
ctdb-tests: Avoid bulk output in $out, prefer $outfile

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13924

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit 066cc5b0c561464ed08890d9aa1a1a55b545e9cc)

- - - - -
814471f4 by Martin Schwenke at 2019-05-17T07:18:30Z
ctdb-tests: Wait to allow database attach/detach to take effect

Sometimes the detach test fails:

  Check detaching single test database detach_test1.tdb
  BAD: database detach_test1.tdb is still attached
  Number of databases:4
  dbid:0x5ae995ee name:detach_test4.tdb path:tests/var/simple/node.0/db/volatile/detach_test4.tdb.0
  dbid:0xd84cc13c name:detach_test3.tdb path:tests/var/simple/node.0/db/volatile/detach_test3.tdb.0
  dbid:0x8e8e8cef name:detach_test2.tdb path:tests/var/simple/node.0/db/volatile/detach_test2.tdb.0
  dbid:0xc62491f4 name:detach_test1.tdb path:tests/var/simple/node.0/db/volatile/detach_test1.tdb.0
  Number of databases:3
  dbid:0x5ae995ee name:detach_test4.tdb path:tests/var/simple/node.1/db/volatile/detach_test4.tdb.1
  dbid:0xd84cc13c name:detach_test3.tdb path:tests/var/simple/node.1/db/volatile/detach_test3.tdb.1
  dbid:0x8e8e8cef name:detach_test2.tdb path:tests/var/simple/node.1/db/volatile/detach_test2.tdb.1
  Number of databases:4
  dbid:0x5ae995ee name:detach_test4.tdb path:tests/var/simple/node.2/db/volatile/detach_test4.tdb.2
  dbid:0xd84cc13c name:detach_test3.tdb path:tests/var/simple/node.2/db/volatile/detach_test3.tdb.2
  dbid:0x8e8e8cef name:detach_test2.tdb path:tests/var/simple/node.2/db/volatile/detach_test2.tdb.2
  dbid:0xc62491f4 name:detach_test1.tdb path:tests/var/simple/node.2/db/volatile/detach_test1.tdb.2
  *** TEST COMPLETED (RC=1) AT 2019-04-27 03:35:40, CLEANING UP...

When issued from a client, the detach control re-broadcasts itself
asynchronously to all nodes and then returns success.  The controls to
some nodes to do the actual detach may still be in flight when success
is returned to the client.  Therefore, the test should wait for a few
seconds to allow the asynchronous controls to complete.

The same is true for the attach control, so workaround the problem in
the attach test too.

An alternative is to make the attach and detach controls synchronous
by avoiding the broadcast and waiting for the results of the
individual controls sent to the nodes.  However, a simple
implementation would involve adding new nested event loops.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13924

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit 3cb53a7a05409925024d6a67bcfaeb962d896e0b)

- - - - -
15e5d62b by Martin Schwenke at 2019-05-17T07:18:30Z
ctdb-tests: Fix usage message

Since commit 0e9ead8f28fced3ebfa888786a1dc5bb59e734a3 daemons have
been shut down after each test, so this option no longer has anything
to do with killing daemons.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13924

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit a2ab6485e027ebb13871c7d83b7626ac5c9b98c0)

- - - - -
1eb5d2e4 by Martin Schwenke at 2019-05-17T07:18:30Z
ctdb-tests: Don't clean up test var directory in autotest target

If the directory is always cleaned up then it is not possible to look
at daemon logs to debug test failures.

This target is only really used by autobuild.py, which (optionally)
cleans up the parent directory anyway.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13924

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Tue May  7 06:56:01 UTC 2019 on sn-devel-184

(cherry picked from commit 5a9e338330fe136908a3a17a5df81c054c5cc5b0)

- - - - -
0ffba514 by Martin Schwenke at 2019-05-17T07:18:30Z
ctdb-tests: Capture output in $out on failure as well

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13924

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit cf00db40355b49443263187f9d97934f91287e51)

- - - - -
9f679ba1 by Martin Schwenke at 2019-05-17T07:18:30Z
ctdb-tests: Make ctdb reloadips tests more reliable

ctdb reloadips will fail if it can't disable takover runs.  The most
likely reason for this is that there is already a takeover run in
progress.  We can't predict when this will happen, so retry if this
occurs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13924

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit 8be4ee1a28d5c037955832b6f827d40f28f02796)

- - - - -
24d70220 by Martin Schwenke at 2019-05-17T07:18:30Z
ctdb-tests: Fix logic error in simple ctdb reloadips test

There is a chance that restoring IP addresses to the test node will
result in different IP addresses being assigned to that node.
Removing a single IP address may then fail (or be a no-op) if it is
done after the restore.

So, swap the single IP address removal to happen first, then restore,
then remove all IP addresses.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13924

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit dc89db8ca6aadd4a9f7e8a85843c53709d04587c)

- - - - -
1c2c081f by Martin Schwenke at 2019-05-17T07:18:30Z
ctdb-daemon: Never use 0 as a client ID

ctdb_control_db_attach() and ctdb_control_db_detach() assume that any
control with client ID 0 comes from another daemon and treat it
specially.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13930

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit 8663e0a64fbdb9ea16babbfe87d6f5d7a7b72bbd)

- - - - -
2ec15697 by Andreas Schneider at 2019-05-17T07:18:30Z
s4:auth: Fix debug statement in gensec_gssapi

The 'role' is set to null, we should first set it to the correct value
before printing anything.

Found by GCC 9.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13937

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit bd29f3fcc023d00afde8e9cc2f9db22dcae49877)

- - - - -
541a98bc by Andreas Schneider at 2019-05-17T07:18:30Z
s3:rpc_server: Do not free the tdbname before we printed it

Found by GCC 9.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13937

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 790d7e34cbe4e190d6acdd24696efe53944cd4a6)

- - - - -
9fda18d7 by Andreas Schneider at 2019-05-17T07:18:31Z
s4:ntvfs: Do not free eadb before we printed an error

Found by GCC 9.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13937

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 6da032df5450ef72f8608a19b3b5cc6e9185cd6e)

- - - - -
1f14d55f by Andreas Schneider at 2019-05-17T07:18:31Z
s4:torture: Do not print NULL strings we just checked before

Found by GCC 9.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13937

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit be72dfbc8edc53ed191dc01668a53cafb5cd785d)

- - - - -
637b3b1a by Andreas Schneider at 2019-05-17T07:18:31Z
lib:torture: Fix string comparison macros where we directly pass NULL

See e.g. lib/util/tests/strlist.c +177

Found by GCC 9.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13937

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit a8f773e326d6bdfc1c9eb87a74c00108f6620c56)

- - - - -
f00cb3c1 by Andreas Schneider at 2019-05-17T07:18:31Z
s4:torture: Do not free full_name before we printed it

Found by GCC 9.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13937

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 46f036d3231bc99cf37c7cabf82757d3c28c5cff)

- - - - -
925871f5 by Andreas Schneider at 2019-05-17T07:18:31Z
ctdb:common: Do not print NULL if we don't get a sockpath

sock_socket_start_recv() might not fill sockpath if we return early.

Found by GCC 9.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13937

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 830cb7e67568de5f3ce359cb6af3be8ab545c824)

- - - - -
ca9e386a by Andreas Schneider at 2019-05-17T07:18:31Z
s3:winbindd: Do not free db_path in idmap_tdb2 before we printed it

Found by GCC 9.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13937

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit e333425e0ff6be5691b74a920610b508e7d26892)

- - - - -
c98a190f by Andreas Schneider at 2019-05-17T07:18:31Z
s3:utils: If share is NULL in smbcquotas, don't print it

Found by GCC 9.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13937

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 3653dc7013518d90e6deb08a1f21d7472dc86675)

- - - - -
f8eb314b by Andreas Schneider at 2019-05-17T07:18:31Z
s3:utils: If share is NULL in smbcacls, don't print it

Found by GCC 9.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13937

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 2b957bde5a2f0f670ee0c8acde6edae1f4aaf253)

- - - - -
1e9e531a by Ralph Boehme at 2019-05-17T07:18:31Z
s3:smbd: don't use recvfile on streams

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13938

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu May  9 20:43:53 UTC 2019 on sn-devel-184

(cherry picked from commit 219bc189472acff24410009ee16a409e0aaf8eef)

- - - - -
e3dd029d by Jeremy Allison at 2019-05-17T07:18:32Z
s3: SMB1: Don't allow recvfile on stream fsp's.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13938

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri May 10 01:14:02 UTC 2019 on sn-devel-184

(cherry picked from commit 667db8e8c7836c750085729f5062807669cbb204)

- - - - -
e1522725 by Andreas Schneider at 2019-05-17T07:18:32Z
s3:smbspool: Fix regression printing with Kerberos credentials

This is a regression which has been introduced with Samba 4.8.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13939

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit fd4b1f4f16aee3e3c9a2cb449655edfed171963a)

- - - - -
f81a971c by David Disseldorp at 2019-05-17T07:18:32Z
vfs_ceph: fix cephwrap_flistxattr() debug message

The @list buffer may be uninitialised prior to ceph_flistxattr()
invocation, so only log the address.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13940

Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

Autobuild-User(master): David Disseldorp <ddiss at samba.org>
Autobuild-Date(master): Fri May 10 12:59:05 UTC 2019 on sn-devel-184

(cherry picked from commit 21dc6f8e8d82f84e4afda355a48fbbd39c7fe800)

- - - - -
76c73021 by Martin Schwenke at 2019-05-17T07:18:32Z
ctdb-recoverd: Fix memory leak

state is always freed before exiting this function, so allocate fde
off it instead of long-lived ctdb context.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13943

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit 6a2941e2a9fd6ab2d5b8dbac042b61a7b1b0b914)

- - - - -
54199785 by Martin Schwenke at 2019-05-17T07:18:32Z
ctdb-common: Fix memory leak

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13943

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit 30bc6e2529cdd444d4ec7902844c3a6fb0858090)

- - - - -
8b523259 by Amitay Isaacs at 2019-05-17T10:56:19Z
ctdb-common: Fix memory leak in run_proc

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13943

Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>

Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Tue May 14 08:59:03 UTC 2019 on sn-devel-184

(cherry picked from commit b1f4c86eea022999d5439e4a6ef3494fe41479b6)

Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Fri May 17 10:56:19 UTC 2019 on sn-devel-144

- - - - -
a402c1e1 by Karolin Seeger at 2019-06-13T09:14:56Z
VERSION: Bump version up to 4.9.9.

Signed-off-by: Karolin Seeger <kseeger at samba.org>
(cherry picked from commit a9f7f1f7433b1f1c18ebf0d88fc57ae270f2711f)

- - - - -
a26bed6d by Karolin Seeger at 2019-06-13T09:16:26Z
VERSION: Re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
09818693 by Douglas Bagnall at 2019-06-13T09:26:43Z
CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation

We still want to return DOES_NOT_EXIST when request_filter is not 0.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13922

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
c2423655 by Douglas Bagnall at 2019-06-13T09:26:43Z
CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation2

We still want to return DOES_NOT_EXIST when request_filter is not 0.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13922

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
c0712976 by Karolin Seeger at 2019-06-13T09:57:35Z
WHATSNEW: Add release notes for Samba 4.9.9

CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation2
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13922

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
e6e7c8ca by Karolin Seeger at 2019-06-13T09:59:07Z
VERSION: Disable GIT_SNAPSHOT for the 4.9.9 release

CVE-2019-12435 rpc/dns: avoid NULL deference if zone not found in DnssrvOperation2
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13922

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
57923ced by Stefan Metzmacher at 2019-06-13T10:21:57Z
drsuapi.idl: add DRSUAPI_ATTID_schemaInfo

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13799

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
(cherry picked from commit 140a6733a458d0afa20237a09ef4ee2546a83a8f)

- - - - -
54d9a475 by Stefan Metzmacher at 2019-06-13T10:21:57Z
ldapcmp: ignore 'schemaInfo' if two domains are compared

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13799

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
(cherry picked from commit b5b572d5f71e2b9783ddb25c21ac32904fbfd661)

- - - - -
cea29740 by Stefan Metzmacher at 2019-06-13T10:21:58Z
s4:provision: split out provision_self_join_modify_schema.ldif

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13799

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
(cherry picked from commit 5ea84af2d69e0b3a2a801ea0cc3f4ffc66bf1764)

- - - - -
2434353a by Stefan Metzmacher at 2019-06-13T10:21:58Z
python/provision: use provision and relax controls for schema provision

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13799

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
(cherry picked from commit 7652439fa1aab92945f5540a43fc49568d446917)

- - - - -
5a96c91d by Aaron Haslett at 2019-06-13T10:21:59Z
dsdb:samdb: schemainfo update with relax control

Currently schema info's revision field isn't incremented if relax
control is present.  This is so that no increment is done during
provision, but we need the relax control in other situations where
the increment is desired, so we should use the provision control instead
to disable schema info update.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13799

Signed-off-by: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
(cherry picked from commit b7c1752754da1e8a83a53670cf4a410ec6e9d7b7)

- - - - -
77de9567 by Stefan Metzmacher at 2019-06-13T10:21:59Z
python/ntacls: we only need security.SEC_STD_READ_CONTROL in order to get the ACL

We should avoid security.SEC_FLAG_MAXIMUM_ALLOWED otherwise
we may get NT_STATUS_SHARING_VIOLATION when we run
'samba-tool domain backup online' against a Windows DC.
Windows DCs have hidden folders for the NtFrs or Dfsr services,
which are locked by the running service.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13917

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 15032ec6df1abbb53f1b1d5377aab369f83ae707)

- - - - -
72e89a5d by Andrew Bartlett at 2019-06-13T10:21:59Z
s4 dsdb/repl_meta_data: allocate new extended DNs during ADD on a better context

Lower down in this function new_values is assigned over el->values and is
filled in with the values of all the parsed DNs.  Therefore it is the natural
talloc parent.

This will allow el->values to be allocated on tmp_ctx in the next commit for
a working area during the function call.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 4aa9924310287ff3b36618496fa6c707c615ad4c)

- - - - -
429a0c69 by Gary Lockyer at 2019-06-13T10:22:00Z
s4 dsdb/repl_meta_data: fix use after free in dsdb_audit_add_ldb_value

Fix use after free detected by AddressSanitizer

AddressSanitizer: heap-use-after-free on address 0x61400026a4a0
                  at pc 0x7fd555c52f12 bp 0x7ffed7231180 sp 0x7ffed7231170
                  READ of size 1 at 0x61400026a4a0 thread T0
    #0 0x7fd555c52f11 in ldb_should_b64_encode
       ../../lib/ldb/common/ldb_ldif.c:197
    #1 0x7fd539dc9417 in dsdb_audit_add_ldb_value
       ../../source4/dsdb/samdb/ldb_modules/audit_util.c:491
    #2 0x7fd539dc9417 in dsdb_audit_attributes_json
       ../../source4/dsdb/samdb/ldb_modules/audit_util.c:651
    #3 0x7fd539dc6a7e in operation_json
       ../../source4/dsdb/samdb/ldb_modules/audit_log.c:305

The problem is that at the successful end of these functions
el->values is overwritten with new_values.  However get_parsed_dns()
points p->v at the supplied el and it effectively gets used
as a working area by replmd_build_la_val().  So we must duplicate it
because our caller only called ldb_msg_copy_shallow().

The reason this matters is that the audit_log module is
above repl_meta_data in the stack, and tries to log the
ldb_message it saw after the reply (to include the error code).
If that ldb_message is changed it is not only misleading,
it can point to memory that has since gone away.

In this case the memory for the full extended DN in the
member attribute ended up on 'ac', a context lost by
the time repl_meta_data has finished processing.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13941

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed May 15 05:35:47 UTC 2019 on sn-devel-184

(cherry picked from commit 0daa0ff921b270df9b794f02acbaa391c95cd89b)

- - - - -
fcf4e66b by Shyamsunder Rathi at 2019-06-13T10:22:00Z
s3:loadparm: Ensure to truncate FS Volume Label at multibyte boundary

For FS_VOLUME_INFO/FS_INFO operation, a maximum of 32 characters are
sent back. However, since Samba chops off any share name with >32
bytes at 32, it is possible that a multi-byte share name can get chopped
off between a full character. This causes the string decoding for unicode
failure which sends back NT_STATUS_ILLEGAL_CHARACTER (EILSEQ) to the client
applications.

On Windows, Notepad doesn't like it, and refuses to open a file in this
case and fails with the following error:

  Invalid character. For multibyte character sets, only the leading byte is
  included without the trailing byte. For Unicode character sets, include
  the characters 0xFFFF and 0xFFFE.

Proposed fix:
- Find the last starting point of a multibyte codepoint if the character
  at 32nd byte is a subsequent byte of a MB codepoint.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13947

Signed-off-by: Shyamsunder Rathi <shyam.rathi at nutanix.com>
Reviewed-by: Hemanth Thummala <hemanth.thummala at nutanix.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 0fa490e8476a2a5020ff2c253167b8a9454e8b97)

- - - - -
bb00dd66 by Jeremy Allison at 2019-06-13T10:22:01Z
s3: winbind: Fix crash when invoking winbind idmap scripts.

Previously the private context was caching a pointer to
a string returned from lp_XXX(). This string can change
on config file reload. Ensure the string is talloc_strup'ed
onto the owning context instead.

Reported by Heinrich Mislik <Heinrich.Mislik at univie.ac.at>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13956

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit a1f95ba5db6fc017fad35377fbf76c048f2dd8ab)

- - - - -
2b04a3c3 by Volker Lendecke at 2019-06-13T10:22:01Z
smbd: Enable "smbd:suicide mode" for smb2

The next commit needs an smbd to just exit and leave data behind in the
locking.tdb file. Don't make it harder to eventually phase out SMB1: Do
the test in SMB2.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13957
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

- - - - -
42f881dd by Volker Lendecke at 2019-06-13T10:22:02Z
smbtorture: Add a test to make smbd panic

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13957
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

- - - - -
bd511655 by Volker Lendecke at 2019-06-13T10:22:02Z
smbd: Fix a panic

Opening a file with a stale (smbd died) LEVEL_II oplock makes

vfs_set_filelen-> ... ->contend_level2_oplocks_begin_default

trigger the immediate leading to do_break_to_none. This goes through
because fsp->oplock_type is not initialized yet, thus 0. Also,
file_has_read_oplocks is still valid, because the smbd that has died
could not clean up the brlock.tdb entry.

Later in the code the exclusive oplock is granted, which is then found
by do_break_to_none, making it panic.

This patch just runs the direct FTRUNCATE instead of vfs_set_filelen.
This means the contend_level2_oplock code is skipped.

The relevant break (LEVEL_II to NONE) is now done in delay_for_oplock()
with the nice effect of removing a comment that was very confusing to
me.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13957
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed May 22 20:09:29 UTC 2019 on sn-devel-184

- - - - -
fefd2496 by Aliaksei Karaliou at 2019-06-13T10:22:03Z
s3:util: Move popen wrappers to lib/util

When linked into Samba3 libraries, sys_popen()/sys_pclose()
cannot be used in lower level libraries because of circular
dependencies.

This patch moves them into common samba-util library.

Extra fix needed to enable easy back-port of code for:

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964

Signed-off-by: Aliaksei Karaliou <akaraliou at panasas.com>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 65ea3f2a461c0eeca7d14c4258eea52e19f0ed06)

- - - - -
ecd28164 by Aliaksei Karaliou at 2019-06-13T10:22:03Z
s3:util: Move static file_pload() function to lib/util

file_pload() is static private function in Samba3 library, however it
does not have any special dependencies and might be widely used as
common function, so moving it into common samba-util library.

Extra fix needed to enable easy back-port of code for:

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964

Signed-off-by: Aliaksei Karaliou <akaraliou at panasas.com>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit d21fc7d8b86b0cddc619ffe528d9cd93eeedbb0b)

- - - - -
1ea4976a by Jeremy Allison at 2019-06-13T10:22:04Z
lib: popen: Prepare to remove sys_popen().

Add sys_popenv(char * const argl[]) that uses a NULL
terminated vector array of args. Change sys_popen() to
split up its command string and call sys_popenv().

Once all callers are converted to sys_popenv() we
can remove sys_popen().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit f20538de041eed1cadbabe2149b2b7cfcb779cb5)

- - - - -
ce85a7b6 by Jeremy Allison at 2019-06-13T10:22:04Z
lib: util: Add file_ploadv().

Not yet used.

Duplicate code to file_pload() except uses vectored
argument list. file_pload() will be removed once all
callers are converted.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 5c34fa0b85e4d9a3c5fd4fa0b39af4772ec023db)

- - - - -
f8655271 by Jeremy Allison at 2019-06-13T10:22:05Z
s3: lib: util: Add file_lines_ploadv().

Not yet used.

Duplicate code to file_lines_pload() except uses vectored
argument list. file_lines_pload() will be removed once all
callers are converted.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 3b19412baedfffb7adc2a79471f5b17990259c31)

- - - - -
0fc087b8 by Jeremy Allison at 2019-06-13T10:22:05Z
s3: smbd: Convert dfree code to use file_lines_ploadv().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit d6453e1ffd92c7754862389a933a9fd9089ce518)

- - - - -
7115964b by Jeremy Allison at 2019-06-13T10:22:06Z
s3: smbd: Convert print_svid code to use file_lines_ploadv().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit f9ccf1cc3df13138a1a4b645c8190238ce011f04)

- - - - -
e6e29b35 by Jeremy Allison at 2019-06-13T10:22:06Z
s3: smbd: Convert sysquotas.c code to use file_lines_ploadv().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 4a63e3b9659c8715d436c66dee8bf420e2ea89fb)

- - - - -
cda1eaa2 by Jeremy Allison at 2019-06-13T10:22:07Z
s3: lib: Remove file_lines_pload().

No longer used.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 02bc0ce9d22117b464bae47c5d09c45b4f7c2272)

- - - - -
54085531 by Jeremy Allison at 2019-06-13T10:22:07Z
lib: util: Remove file_pload()

No longer used.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit c5729ae44219ec81008040d4d50f0f5fdf254201)

- - - - -
19583f44 by Jeremy Allison at 2019-06-13T10:22:08Z
s3: lib: Add file_ploadv_send().

Not yet used. Preparing to remove file_pload_send()
with this safer alternative.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 61054e53f53e5884902b566b1f9b454a3ff4741f)

- - - - -
0dfd513f by Jeremy Allison at 2019-06-13T10:22:08Z
s3: winbind: Convert idmap to use file_ploadv_send().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 449d49946b295f574e1fed83b5a5ffbf1c1b1e30)

- - - - -
5887de47 by Jeremy Allison at 2019-06-13T10:22:09Z
s3: lib: Remove file_pload_send().

No longer used.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit d5c363d65d771c792523f2f3e526c90514212fc2)

- - - - -
eb7091a2 by Ralph Boehme at 2019-06-13T10:22:09Z
s3: lib: Rename all uses of file_pload_XXX -> file_ploadv_XXX.

Keep naming consistent across all usage.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit dbfa3cd186428c02589aa9093e868554b4c695d5)

- - - - -
fce8502f by Jeremy Allison at 2019-06-13T10:22:10Z
lib: util: Finally remove possibilities of using sys_popen() unsafely.

All code now uses sys_popenv() which is much
harder to use incorrectly.

Remove the extract_args() function that was the
cause of possible issues.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 9fa95d5b45369acfdd38923e8618e94e5d04b07e)

- - - - -
dada63cc by Jeremy Allison at 2019-06-13T10:22:11Z
docs: dfree command. Correct usage of dfree scripts.

Add quotes to the sample scripts to prevent incorrect
parameter usage.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri May 24 20:12:02 UTC 2019 on sn-devel-184

(cherry picked from commit 77eabd74e9a28b1e6decf0890a9ef4c83fa002d4)

- - - - -
341fcacf by Ralph Boehme at 2019-06-13T10:22:11Z
registry: add a missing include

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13840

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Karolin Seeger <kseeger at samba.org>

Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon May 27 14:29:36 UTC 2019 on sn-devel-184

(cherry picked from commit e09053faf457f69ad9b5e6a34be43c947503575f)

- - - - -
22170e79 by Ralph Boehme at 2019-06-13T10:22:12Z
s4:torture/vfs/fruit: ensure test_adouble_conversion() uses a non-emtpy resourcefork

This ensures the resource fork is not deleted as part of the AppleDouble file
conversion for the option fruit:wipe_intentionally_left_blank_rfork=yes.

This is currently not a problem in selftest, as we don't enable the option, but
a subsequent commit will run all vfs.fruit tests against a share with this
option enabled.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13958

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit c3d28d49be3c7536d1ccfe8d00553ce72843f369)

- - - - -
45de537d by Ralph Boehme at 2019-06-13T10:22:12Z
s4:torture/vfs/fruit: ensure test_adouble_conversion_wo_xattr() uses a non-emtpy resourcefork

This ensures the resource fork is not deleted as part of the AppleDouble file
conversion for the option fruit:wipe_intentionally_left_blank_rfork=yes.

This is currently not a problem in selftest, as we don't enable the option, but
a subsequent commit will run all vfs.fruit tests against a share with this
option enabled.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13958

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit bb5a457f2872a383b58d62981dade322fca9b283)

- - - - -
77655c65 by Ralph Boehme at 2019-06-13T10:22:13Z
selftest: run vfs.fruit test against a share that deletes empty resource forks

This reveals a bug in the AppleDouble conversion code: the conversion code that
unlinks an empty resource fork AppleDouble sidecar file ("._file") gets
triggered as part of open_file_ntcreate(..., "file:AFP_AfpResource", ...):

after SMB_VFS_OPEN() has been called with O_CREAT, what created the file, we
call SMB_VFS_FSTAT() on the just created filehandle. This ends up in
ad_convert(), finds the resource fork empty and thus deletes the file.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13958

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 8ed9b6b457923d2353d1d18838f4a278db48c6b9)

- - - - -
267e70cb by Ralph Boehme at 2019-06-13T10:22:13Z
vfs_fruit: add a forward declaration for ad_get()

Will be needed in the next commit.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13958

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 4777d1163a7c18c89ce9be955903427a18134415)

- - - - -
8b1dfd9b by Ralph Boehme at 2019-06-13T14:25:17Z
vfs_fruit: change trigger points of AppleDouble conversion

This moves the trigger points where AppleDouble file conversion is run by
ad_convert() from deep down the callchain in ad_read_rsrc_adouble() to high
level VFS entry points.

Currently ad_convert() will be triggered as part of open_file_ntcreate(...,
"file:AFP_AfpResource", ...): after SMB_VFS_OPEN() has been called with O_CREAT,
what created the file, we call SMB_VFS_FSTAT() on the just created
filehandle. This ends up in ad_convert(), finds the resource fork empty and thus
deletes the file.

This commit moves calling of the conversion funtion to the high level VFS entry
points where the converted metadata is needed:

o for directory enumerations SMB_VFS_READDIR_ATTR() is called to fill in the
  repurposed fields in the directory entry metadata

o obviously for SMB_VFS_CREATE_FILE() on an macOS stream

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13958

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 78a4639b2d06cc69788861618d2e91945e142d2b)

Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Thu Jun 13 14:25:17 UTC 2019 on sn-devel-144

- - - - -
01f22365 by Karolin Seeger at 2019-06-19T07:07:05Z
Merge tag 'samba-4.9.9' into v4-9-test

samba: tag release samba-4.9.9

- - - - -
414261f3 by Karolin Seeger at 2019-06-19T07:07:50Z
VERSION: Bump version up to 4.9.10.

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
2a7e6eb8 by Stefan Metzmacher at 2019-06-21T07:56:16Z
dsdb/repl: we need to replicate the whole schema before we can apply it

Otherwise we may not be able to construct a working schema that's
required to apply the changes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12204
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13713

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
(cherry picked from commit 661dc4574110b0f13c127c8aa6ed0c385292b77c)

- - - - -
3b1ccbfc by Günther Deschner at 2019-06-21T07:56:16Z
Revert "s3/vfs_glusterfs: Dynamically determine NAME_MAX"

This reverts commit 8e3a042eb9e502821b147f1bbb2d98d59f17a095.

Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

- - - - -
dba38ed3 by Günther Deschner at 2019-06-21T07:56:16Z
Revert "s3/vfs_glusterfs_fuse: Dynamically determine NAME_MAX"

This reverts commit e28d172b00cadf492c22bd892e2dda3bf2fe2d70.

Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

- - - - -
3136b31e by Günther Deschner at 2019-06-21T07:56:16Z
s3/vfs_glusterfs: Avoid using NAME_MAX directly

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13872

Guenther

Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

- - - - -
936a71bf by Günther Deschner at 2019-06-21T07:56:16Z
s3/vfs_glusterfs_fuse: Avoid using NAME_MAX directly

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13872

Guenther

Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Tue Jun 11 00:29:19 UTC 2019 on sn-devel-184

- - - - -
2cde1306 by Gary Lockyer at 2019-06-21T07:56:17Z
s4 dsdb: fix use after free in samldb_rename_search_base_callback

Fix use after free detected by AddressSanitizer

AddressSanitizer: heap-use-after-free on address 0x60f0002b2738
                  at pc 0x7f89b1a213b5 bp 0x7ffce9528810 sp 0x7ffce9528800
                  READ of size 8 at 0x60f0002b2738 thread T0
    #0 0x7f89b1a213b4 in samldb_rename_search_base_callback
        ../../source4/dsdb/samdb/ldb_modules/samldb.c:4203
    #1 0x7f89d3a0db4a in ldb_module_send_entry
        ../../lib/ldb/common/ldb_modules.c:793
    #2 0x7f89b6f27356 in es_callback
        ../../source4/dsdb/samdb/ldb_modules/encrypted_secrets.c:1418

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13942

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit b0cc6d217485c317b2138347216fac5d74684328)

- - - - -
670b864e by Gary Lockyer at 2019-06-21T07:56:17Z
ldap tests: test scheme for referrals

Ensure that the referrals returned in a search request use the same
scheme as the request, i.e. referrals recieved via ldap are prefixed
with "ldap://" and those over ldaps are prefixed with "ldaps://"

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12478

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 6ccf74cf878c295903673e3a1d1ed924a5e87547)

- - - - -
11b1f405 by Gary Lockyer at 2019-06-21T07:56:17Z
ldap server: generate correct referral schemes

Ensure that the referrals returned in a search request use the same
scheme as the request, i.e. referrals recieved via ldap are prefixed
with "ldap://" and those over ldaps are prefixed with "ldaps://"

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12478

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri May 24 05:12:14 UTC 2019 on sn-devel-184

(cherry picked from commit 1958cd8a7fb81ec51b81944ecf4dd0fb5c4208fa)

- - - - -
29e402f5 by Stefan Metzmacher at 2019-06-21T07:56:17Z
dsdb:audit_log: avoid printing "... remote host [Unknown] SID [(NULL SID)] ..."

We better print "... remote host [Unknown] SID [S-1-5-18] ..."
in 'dsdb_audit' message, this matches what we print for
'dsdb_json_audit'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13916

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 706aba5bf62e674ae12786f6ab275752b8714464)

- - - - -
71c33811 by Ralph Boehme at 2019-06-21T07:56:17Z
s3:auth: add reinit_guest_session_info()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13944

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 8096cc7eb2b36b074ff17a52dc3540be4ecff6bb)

- - - - -
1cc8068e by Ralph Boehme at 2019-06-21T07:56:17Z
s3:smbd: call reinit_guest_session_info() in the conf updated handler

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13944

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit f4e340a48b6f059a1daa66deb9c26da9e8fcd5e7)

- - - - -
36641f70 by Ralph Boehme at 2019-06-21T07:56:17Z
selftest: allow guest login in the ad_member_idmap_rid env

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13944

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(backported from commit ac2167eb2349dc1c453e14a65692f16c8ba6532e)

- - - - -
15fa6919 by Ralph Boehme at 2019-06-21T07:56:17Z
tests: add a test for guest authentication

This verifies that smbd always adds BUILTIN\Guests to the guest token which is
required for guest authentication.

Currently the guest token depends on the on-disk configured group mappings. If
there's an existing group mapping for BUILTIN\Guests, but LOCALSAM\Guest is not
a member, the final guest token won't contain BUILTIN\Guests.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13944

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 0e88f98855e24cfddb55bef65c5910b8e662c630)

- - - - -
79beb172 by Ralph Boehme at 2019-06-21T07:56:17Z
s3:auth: explicitly add BUILTIN\Guests to the guest token

This changes ensures that smbd always adds BUILTIN\Guests to the guest token
which is required for guest authentication.

Currently the guest token depends on the on-disk configured group mappings. If
there's an existing group mapping for BUILTIN\Guests, but LOCALSAM\Guest is not
a member, the final guest token won't contain BUILTIN\Guests.

For SMB2 the flag SMB2_SESSION_FLAG_IS_GUEST will not be set in the final SMB2
SESSION_SETUP response, because smbd sets it based on the token containing the
BUILTIN\Guests SID S-1-5-32-546.

At the same time, the packet is not signed which causes Windows clients and
smbclient to reject the unsigned SMB2 SESSION_SETUP response.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13944

Pair-programmed-with: Stefan Metzmacher <metze at samba.org>
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Jun  5 16:55:26 UTC 2019 on sn-devel-184

(cherry picked from commit a66af4c96accba4ee64eeb1958458b69f3ccec1d)

- - - - -
f94d0095 by Ralph Boehme at 2019-06-21T07:56:17Z
vfs_fruit: pass handle to ad_fset()

On the course of removing ad_handle from struct adouble, step 1.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 585d4d49770b4ddc3f7d9dcbb3e322f072767781)

- - - - -
7ece2664 by Ralph Boehme at 2019-06-21T07:56:18Z
vfs_fruit: pass handle to ad_set()

On the course of removing ad_handle from struct adouble, step 2.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit c78ba30ac4534b7037b979ac96b77b834b2eb2fe)

- - - - -
c99c7f2a by Ralph Boehme at 2019-06-21T07:56:18Z
vfs_fruit: pass handle to ad_read()

On the course of removing ad_handle from struct adouble, step 3.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit d0abf945e683766029d28915541a4baf9f3879ab)

- - - - -
b4c6efa3 by Ralph Boehme at 2019-06-21T07:56:18Z
vfs_fruit: pass handle to ad_read_meta()

On the course of removing ad_handle from struct adouble, step 4.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit f8df09157f31b53dbe73eaf4349fc071bfcc1b90)

- - - - -
9ae195e4 by Ralph Boehme at 2019-06-21T07:56:18Z
vfs_fruit: indentation fix

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 47721d8d359ef78b8dd4f77f92c30c2caf2c4a80)

- - - - -
5975a4a8 by Ralph Boehme at 2019-06-21T07:56:18Z
vfs_fruit: use proper VFS function in ad_read_meta()

Continuing to ignore a possible error for now, this is in an error codepath
anyway.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 30ca328c698c2e035e240359bda7c9dcbeb646df)

- - - - -
f3021917 by Ralph Boehme at 2019-06-21T07:56:18Z
vfs_fruit: pass handle to ad_read_rsrc() and all the way down

On the course of removing ad_handle from struct adouble, step 5.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 661dfa4a19673fdb30d5bf36279cdf867454b947)

- - - - -
b5275f40 by Ralph Boehme at 2019-06-21T07:56:18Z
vfs_fruit: indentation fix

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 400b3c2f8c82b1defe1e321e0cdae486b930344f)

- - - - -
1efc046c by Ralph Boehme at 2019-06-21T07:56:18Z
vfs_fruit: pass handle to ad_convert_xattr()

On the course of removing ad_handle from struct adouble, step 7.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit fd2f4cf828ee4c31e3b5a27a79d3a0ee12a5877a)

- - - - -
b50f2ad9 by Ralph Boehme at 2019-06-21T07:56:18Z
vfs_fruit: pass handle to ad_convert_blank_rfork()

On the course of removing ad_handle from struct adouble, step 8.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit adc7ac38b849b4dce4a85fd6442c8d4b9da57686)

- - - - -
fbc0501b by Ralph Boehme at 2019-06-21T07:56:18Z
vfs_fruit: pass handle to ad_convert_finderinfo()

On the course of removing ad_handle from struct adouble, step 9.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 50874c1548d62ab0ddaaa6dd4124279ee5029fcf)

- - - - -
20e66673 by Ralph Boehme at 2019-06-21T07:56:19Z
vfs_fruit: pass handle to ad_convert_delete_adfile()

On the course of removing ad_handle from struct adouble, step 10.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 5f4d16b40e07acf8d27fee62f1a56de175663a1d)

- - - - -
c3676d8d by Ralph Boehme at 2019-06-21T07:56:19Z
vfs_fruit: finally, remove ad_handle from struct adouble

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit e266daaed149561b746dbb8d5e9523862f0057b5)

- - - - -
18c45bb3 by Ralph Boehme at 2019-06-21T07:56:19Z
vfs_fruit: add and use is_adouble_file()

This adds a helper function that checks whether the last component of a path is
an AppleDouble sidecar file with "._" name prefix.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit ad70c947c759aa0965ee57f973fb8dc1909e0e39)

- - - - -
1542bb05 by Ralph Boehme at 2019-06-21T07:56:19Z
vfs_fruit: add a missing else

Luckily the missing else has the same control flow due to the previous if and
else blocks calling return.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 44d8568001c87d28962dfc4e3fde6d0f7f409997)

- - - - -
c2c6377e by Ralph Boehme at 2019-06-21T07:56:19Z
vfs_fruit: ignore AppleDouble files in fruit_unlink()

Otherwise, if SMB_VFS_UNLINK() is called for an AppleDouble path "._file", we
try to delete "._._file" which doesn't make sense. AppleDouble files don't have
AppleDouble themselves.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 797dc649456f39add4af8b54b60db0268ad4e90e)

- - - - -
561d52f8 by Ralph Boehme at 2019-06-21T07:56:19Z
vfs_fruit: use correct case FRUIT_RSRC_STREAM in readdir_attr_rfork_size()

This is a genuine bug, but luckily this would only impact configs which nobody
uses:

  fruit:metadata = netatalk
  fruit:resource = stream

With the above configuration the switch in readdir_attr_rfork_size() would hit
the default case and so always report resource forks as 0 bytes in size.

All deployment that I've seen that use fruit:resource=stream also use
fruit:metadata=stream, so the switch takes FRUIT_META_STREAM case which runs the
correct code readdir_attr_rfork_size_stream().

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 83179a74119de84d20f796c241aae6bccb83a68b)

- - - - -
b24bac64 by Ralph Boehme at 2019-06-21T07:56:19Z
vfs_fruit: use stream code for resource fork size calculation in readdir_attr_rfork_size()

This works as well, using an fstat() on the filehandle to get the size. This is
tested by the torture test "vfs.fruit.SMB2/CREATE context AAPL".

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit a23bcc1916a49bf3e0edece190e5434e39862d2c)

- - - - -
76074dde by Ralph Boehme at 2019-06-21T07:56:19Z
vfs_fruit: remove now unused AppleDouble code for resource fork in xattr

This was only needed to get the resourcefork size via the ad_* AppleDouble
function. This is now done with a fstat on the low level xattr fd (remember,
this is Solaris only code...), so we can remove the xattr special casing from
the AppleDouble functions.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit cb9dffa1c66294b6eed85e7576aa99c642d0b541)

- - - - -
e8cecc86 by Ralph Boehme at 2019-06-21T07:56:19Z
vfs_fruit: remove xattr code from the AppleDouble subsystem

The subsystem consumers have been reworked in the previous commits, so this is
not used anymore. ad_init() doesn't need a handle argument anymore due to this,
remove it as well.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit e3cb1cb24f2a31d7fd03f3bdf417f4704fb4ac7c)

- - - - -
06bd7891 by Ralph Boehme at 2019-06-21T07:56:19Z
vfs_fruit: pass VFS handle to ad_convert_move_reso()

Not used for now, that comes next.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 3919ea048fe3b763657e14cdfb5920184a900d27)

- - - - -
645836ff by Ralph Boehme at 2019-06-21T07:56:20Z
vfs_fruit: remove a layer of indirection

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 97d485ff2cda85edeba163ea01b6abfa705db20f)

- - - - -
b10eabed by Ralph Boehme at 2019-06-21T07:56:20Z
vfs_fruit: only do cross protocol locking on non-internal opens

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit f5f7d1e9bf7e39933ccf7c874e682f9df80a6fec)

- - - - -
e21d8806 by Ralph Boehme at 2019-06-21T07:56:20Z
vfs_fruit: convert ad_open_rsrc() to open a proper fsp with SMB_VFS_CREATE_FILE()

A first step in converting all raw syscalls to use proper VFS functions. All
existing users of the raw system filedescriptor continue to use the fd from
fsp->fh for now.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 29418c726be74feb1d8c3ac9f7b8c983901a2aab)

- - - - -
42e6d4d4 by Ralph Boehme at 2019-06-21T07:56:20Z
vfs_fruit: remove use of mmap() from ad_convert_move_reso()

We now have an fsp that we can use, so we can get rid of mmap() and
sys_pread()/sys_pwrite().

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 0041855af0b05d6c47558880d6eebd1970179272)

- - - - -
015586a4 by Ralph Boehme at 2019-06-21T07:56:20Z
vfs_fruit: use fsp and remove mmap in ad_convert_xattr()

No need to mmap() anyway, the xattr data is already available in ad->ad_data.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 4ff7ea0e0312c737aefd350f7b8fbed4c8602325)

- - - - -
14048aaf by Ralph Boehme at 2019-06-21T07:56:20Z
vfs_fruit: add VFS handle to ad_convert_truncate()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 4e44b1da9357120f0ad74e24c650bc6386085c47)

- - - - -
afc88153 by Ralph Boehme at 2019-06-21T07:56:20Z
vfs_fruit: use VFS function in ad_convert_truncate()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 3739ad90cf2bbaa2094a34197c894363d2e24a5a)

- - - - -
1a8dffce by Ralph Boehme at 2019-06-21T07:56:20Z
vfs_fruit: use fsp and remove syscalls from ad_convert_blank_rfork()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 70c4a8f0ac307009c26e857523192c95b42a92f5)

- - - - -
7ae1667b by Ralph Boehme at 2019-06-21T07:56:20Z
vfs_fruit: use VFS functions in ad_read_rsrc_adouble()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 9fe84a6345bf5d9fdb1df87a853db3380e6fb0f7)

- - - - -
684d772e by Ralph Boehme at 2019-06-21T07:56:20Z
vfs_fruit: remove a now unnecessary include

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13968

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu May 30 22:12:50 UTC 2019 on sn-devel-184

(cherry picked from commit 9a2c9834cb1b77547b8b932c35870301afb9fc25)

- - - - -
575739df by Andrew Bartlett at 2019-06-21T07:56:21Z
docs: Improve documentation of "lanman auth" and "ntlm auth" connection

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13981

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit dbf3e81f7f0b28c69dca004b32ea3a7344b0cad3)

- - - - -
44b51688 by Rafael David Tinoco via samba-technical at 2019-06-21T07:56:21Z
ctdb-scripts: Fix tcp_tw_recycle existence check

net.ipv4.tcp_tw_recycle has been removed from Linux 4.12 but, still,
makes sense to check its existence. Unfortunately, current check does
not test for the procfs file existence. This commit fixes the issue.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13984

Signed-off-by: Rafael David Tinoco <rafaeldtinoco at ubuntu.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>

Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Jun  4 23:31:24 UTC 2019 on sn-devel-184

(cherry picked from commit 843fbb1207ee7ac84f3282974b66b9290d8da0ac)

- - - - -
3cd46420 by Ralph Boehme at 2019-06-21T11:49:59Z
s3:mdssvc: fix flex compilation error

[4440/4495] Compiling bin/default/source3/rpc_server/mdssvc/sparql_lexer.lex.c
../../source3/rpc_server/mdssvc/sparql_lexer.l:26: error: "yyalloc" redefined [-Werror]
26 | #define yyalloc SMB_MALLOC

Looks like the dirty redefine trick doesn't work anymore with newer flex
versions. According to the flex manual the right thing to do is to provide own
functions for yyalloc and yyrealloc when passing the options "noyyalloc
noyyrealloc".

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13987

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>

Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue May 28 11:49:06 UTC 2019 on sn-devel-184

(cherry picked from commit 9053391f86a529e0a7dbcd23fa3a555d85c2207c)

Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Fri Jun 21 11:49:59 UTC 2019 on sn-devel-144

- - - - -
da0d67b2 by Andreas Schneider at 2019-06-26T07:35:20Z
docs: Document DCEPRC binding string for rpcclient

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Feb  4 02:03:56 CET 2019 on sn-devel-144

(cherry picked from commit cca48c1a1029685672e1c25e39e8be2be947238f)

- - - - -
38d6dd6a by Björn Baumbach at 2019-06-26T11:40:27Z
python/ntacls: use correct "state directory" smb.conf option instead of "state dir"

samba-tool ntacl get testfile --xattr-backend=tdb --use-ntvfs
Fixes: Unknown parameter encountered: "state dir"

Signed-off-by: Björn Baumbach <bb at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
(cherry picked from commit 670a12df52df63a067b638d37bec71341bf18bdd)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14002

Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Wed Jun 26 11:40:27 UTC 2019 on sn-devel-144

- - - - -
75872ddd by Karolin Seeger at 2019-07-02T07:51:39Z
WHATSNEW: Add release notes for Samba 4.9.10.

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
4cea44ba by Karolin Seeger at 2019-07-02T07:52:09Z
VERSION: Disable GIT_SNAPSHOT for the 4.9.10 release.

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
98cef2ad by Karolin Seeger at 2019-07-02T07:52:46Z
VERSION: Bump version up to 4.9.11...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
78b72857 by Stefan Metzmacher at 2019-07-03T10:22:13Z
ldb: Release ldb 1.4.7

Compared to 1.4.6:

 * LDAP_REFERRAL_SCHEME_OPAQUE was added
   to ldb_module.h in order to fix bug #12478.
   It means that Samba >= 4.9.11 is no longer able to
   build with ldb 1.4.6.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12478

Signed-off-by: Stefan Metzmacher <metze at samba.org>

- - - - -
09aecc7e by Karolin Seeger at 2019-07-03T11:42:02Z
WHATSNEW: Add release notes for Samba 4.9.11.

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
f9055cbf by Karolin Seeger at 2019-07-03T11:42:54Z
VERSION: Disable GIT_SNAPSHOT for the 4.9.11 release.

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
8bad427e by Mathieu Parent at 2019-07-07T06:22:19Z
New upstream version 4.9.11+dfsg
- - - - -


30 changed files:

- .gitlab-ci.yml
- VERSION
- WHATSNEW.txt
- auth/credentials/credentials.c
- auth/ntlmssp/ntlmssp_client.c
- ctdb/common/event_script.c
- ctdb/common/run_proc.c
- ctdb/common/sock_daemon.c
- ctdb/config/functions
- ctdb/config/nfs-checks.d/10.status.check
- ctdb/config/nfs-checks.d/40.mountd.check
- ctdb/config/nfs-checks.d/50.rquotad.check
- ctdb/config/nfs-linux-kernel-callout
- ctdb/config/statd-callout
- ctdb/doc/ctdb-etcd.7
- ctdb/doc/ctdb-script.options.5
- ctdb/doc/ctdb-statistics.7
- ctdb/doc/ctdb-tunables.7
- ctdb/doc/ctdb.1
- ctdb/doc/ctdb.7
- ctdb/doc/ctdb.conf.5
- ctdb/doc/ctdb.sysconfig.5
- ctdb/doc/ctdb_diagnostics.1
- ctdb/doc/ctdb_mutex_ceph_rados_helper.7
- ctdb/doc/ctdbd.1
- ctdb/doc/ctdbd_wrapper.1
- ctdb/doc/ltdbtool.1
- ctdb/doc/onnode.1
- ctdb/doc/ping_pong.1
- ctdb/packaging/RPM/ctdb.spec.in


The diff was not included because it is too large.


View it on GitLab: https://salsa.debian.org/samba-team/samba/compare/97f6bd897267307324357e785200de3f289215d2...8bad427e91365049b12a676286299c4871f3460f

-- 
View it on GitLab: https://salsa.debian.org/samba-team/samba/compare/97f6bd897267307324357e785200de3f289215d2...8bad427e91365049b12a676286299c4871f3460f
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-samba-maint/attachments/20190707/26bf6041/attachment-0001.html>


More information about the Pkg-samba-maint mailing list