[Pkg-samba-maint] [Git][samba-team/samba][experimental] 3015 commits: VERSION: Bump version up to 4.11.0pre1

Mathieu Parent gitlab at salsa.debian.org
Wed Sep 25 06:41:24 BST 2019



Mathieu Parent pushed to branch experimental at Debian Samba Team / samba


Commits:
de516b95 by Karolin Seeger at 2019-01-15T10:37:30Z
VERSION: Bump version up to 4.11.0pre1

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger <kseeger at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>

- - - - -
d40ad902 by Karolin Seeger at 2019-01-15T10:40:06Z
WHATSNEW: Start release notes for Samba 4.11.0pre1.

Signed-off-by: Karolin Seeger <kseeger at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>

- - - - -
09effcb5 by Günther Deschner at 2019-01-15T20:27:20Z
s3-smbd: use fruit:model string for mDNS registration

With this change we now allow to modify the icon to represent Samba in
Finder. Possible values are at least:

fruit:model = iMac
fruit:model = MacBook
fruit:model = MacPro
fruit:model = Xserve
fruit:model = RackMac

Prior to this change we only displayed the correct icon when a mac
client negotiated the apple create context over SMB.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13746

Based on proposed patch from Rouven WEILER <Rouven_Weiler at gmx.net>

Guenther

Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Tue Jan 15 21:27:20 CET 2019 on sn-devel-144

- - - - -
dd231a16 by Jeremy Allison at 2019-01-15T21:27:09Z
python: dns_hub: Fix indentation of 'raise' on error.

Remove second socket.sendto().

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
0b996afe by Dylan Stephano-Shachter at 2019-01-16T01:01:55Z
profiling: stop smbprofile from growing unnecessarily

Signed-off-by: Dylan Stephano-Shachter <dshachter at nasuni.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Jan 16 02:01:55 CET 2019 on sn-devel-144

- - - - -
193a0d6f by Volker Lendecke at 2019-01-16T04:34:17Z
ctdb: Print locks latency in machinereadable stats

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13742
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>

Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Jan 16 05:34:17 CET 2019 on sn-devel-144

- - - - -
c324f84a by Justin Stephenson at 2019-01-16T07:54:23Z
s3:libsmb: Honor disable_netbios option in smbsock_connect_send

If disable_netbios is set, return before the tevent timer is triggered
to prevent outgoing netbios connections.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13727

Signed-off-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Jan 16 08:54:23 CET 2019 on sn-devel-144

- - - - -
e68dd420 by Philipp Gesang at 2019-01-16T17:51:27Z
libcli: remove declaration of nt_errstr_const

nt_errstr_const was renamed nt_errstr in 2011, rendering the
declaration useless.

Signed-off-by: Philipp Gesang <philipp.gesang at intra2net.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
3bb78089 by Tim Beale at 2019-01-16T17:51:27Z
join: Fix TypeError when handling exception

When we can't resolve a domain name, we were inadvertently throwing a
TypeError whilst trying to output a helpful message. E.g.

ERROR(<class 'TypeError'>): uncaught exception - 'NTSTATUSError' object
does not support indexing

Instead of indexing the object, we want to index the Exception.args so
that we just display the string portion of the exception error.

The same problem is also present for the domain trust commands.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13747

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Rowland Penny <rpenny at samba.org>
Reviewed-by: Jeremy Allison <rpenny at samba.org>

- - - - -
9e4b08f4 by Tim Beale at 2019-01-16T21:11:04Z
join: Throw CommandError instead of Exception for simple errors

Throwing an exception here still dumps out the Python stack trace, which
can be a little disconcerting for users.

In this case, the stack trace isn't going to really help at all (the
problem is pretty obvious), and it obscures the useful message
explaining what went wrong.

Throw a CommandError instead, which samba-tool will catch and display
more nicely.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13747

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Rowland Penny <rpenny at samba.org>
Reviewed-by: Jeremy Allison <rpenny at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Jan 16 22:11:04 CET 2019 on sn-devel-144

- - - - -
2723d900 by Ralph Wuerthner at 2019-01-17T00:36:54Z
vfs_fileid: fix fsname_norootdir algorithm

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13744

Signed-off-by: Ralph Wuerthner <ralph.wuerthner at de.ibm.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Jan 17 01:36:54 CET 2019 on sn-devel-144

- - - - -
3b2e86bb by Tim Beale at 2019-01-17T00:40:29Z
python/gpclass: Convert gpclass to use s3 SMB Python bindings

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
b982811b by Tim Beale at 2019-01-17T00:40:30Z
s3:pylibsmb: Add .set_acl API to SMB py bindings

This is pretty similar code to py_smb_getacl(), except it's calling
cli_set_security_descriptor() instead of cli_query_security_descriptor()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
345746ea by Tim Beale at 2019-01-17T00:40:30Z
netcmd: Change SMB flags from s4 Py bindings to s3

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
0304b08d by Tim Beale at 2019-01-17T00:40:30Z
s3:pylibsmb: Add FILE_READ_ATTRIBUTES access to .loadfile() API

Add FILE_READ_ATTRIBUTES when opening the file handle, as we need to
read the file's size.

The .loadfile() API can end up calling cli_qfileinfo_basic() to get the
file size. This can end up doing a 'FILE_ALL_INFORMATION' SMBv2 request
underneath, which the MS-SMB2 spec (section 3.3.5.20.1 Handling
SMB2_0_INFO_FILE) says the file handle must have FILE_READ_ATTRIBUTES
access granted.

I noticed this problem when running .loadfile() against the NTVFS
server.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
08f1627c by Tim Beale at 2019-01-17T00:40:30Z
netcmd: Change GPO commands to use s3 SMB Py bindings

This means we can now use GPO commands on a DC that has SMBv1 disabled.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
6a29e63f by Tim Beale at 2019-01-17T00:40:30Z
s4:pysmb: Add error log that the s4 bindings are deprecated

We plan to delete the s4 SMB Python bindings in the next Samba release
after v4.10, but first give external consumers a heads-up, just in case
they are currently using the s4 bindings.

Note the auth_log tests still use the s4 bindings, but all user-facing
tools should now be updated to use the s3 bindings.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
2a7372da by Tim Beale at 2019-01-17T00:40:30Z
tests: Run samba_tool.gpo tests against backup testenvs

Run the GPO tests against the backup/restore testenvs.

Because the backup/restore preserves the NTACLs of the sysvol files,
running the GPO tests against the backup testenvs is a good sanity-
check. If fact it highlights that there is currently a problem with
restoring the GPO files - this shows up in 'samba-tool gpo aclcheck',
but we never noticed it until now.

NTACL backup works slightly different for offline backups, and rename
backups end up with more sysvol files, so run the tests against both
these envs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
f3fe96fc by Tim Beale at 2019-01-17T00:40:30Z
ntacls: Pass correct use_ntvfs through to setntacl()

We were already checking the smb.conf to see if it uses the NTVFS file
server or the default smbd server. However, we weren't passing this
through to the setntacl() call.

This fixes the problem we noticed with 'samba-tool gpo aclcheck' failing
after a restore.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
da33c2c4 by Tim Beale at 2019-01-17T00:40:30Z
tests: Run GPO commands against testenv with SMBv1 disabled

Just to prove that they work across SMBv2.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
a310de2d by Tim Beale at 2019-01-17T00:40:31Z
selftest: Give the backup testenvs a 'test1' share

The ntacls_backup tests use the test1 share, and we want to run them
against the restoredc (which has SMBv1 disabled).

The xattr.tdb file is needed for the backend_obj.wrap_getxattr() call
(in ntacls.py) to work.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
7fb93eac by Tim Beale at 2019-01-17T00:40:31Z
tests: Run ntacls_backup tests against testenv with SMBv1 disabled

Just to prove that the NTACL backup works over SMBv2.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=1367

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
065faa6a by Tim Beale at 2019-01-17T00:40:31Z
tests: Relax auth_log SMB assertions to cover v1 *or* v2

The s4 Python bindings currently only support SMBv1 connections.
If we change the bindings to support *either* v1 or v2, they'll
end up negotiating v2. In which case the server is "SMB2", not "SMB",
and these assertions fail.

Long-term we want to get rid of SMBv1, so it makes sense to write the
tests so that they pass against either v1 or v2.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
e82e1b31 by Tim Beale at 2019-01-17T00:40:31Z
tests: Use MUST_USE_KERBEROS over AUTO_USE_KERBEROS in auth_log tests

The s3 SMB client bindings seem slightly different to s4, in that they
default to setting the CLI_FULL_CONNECTION_FALLBACK_AFTER_KERBEROS flag.
This seems to fallback to finding a valid KRB TGT (from a previous
successful test), which results in the connection succeeding rather than
failing.

Setting MUST_USE_KERBEROS explicitly avoids this behaviour.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
914e9d35 by Tim Beale at 2019-01-17T00:40:31Z
tests: Refactor auth_log SMB connection to be in a single place

This should not alter the behaviour of the tests at all. It just makes
it easier to switch over the underlying SMB client bindings.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
a67b711e by Tim Beale at 2019-01-17T03:47:56Z
tests: Switchover auth_log from s4 SMB client bindings to s4

The main changes required are:
- we need to use an s3 loadparm instead of the standard s4 lp.
- the s3 SMB bindings don't support the use_spnego/ntlmv2_auth params,
  however, we can set these in the loadparm instead, which will get the
  SMB client code to do what we want. Instead of passing in boolean
  parameters, we need to use yes/no strings that the lp will accept.
  (We always set these values because the underlying lp context is
  actually global, and setting a value is 'sticky' and will persist
  across test cases. These conf settings are only used by the SMB client
  code, and so will only affect the SMB test cases).
- For the no_spnego_no_ntlmv2 test cases, we now explicitly force it to
  an SMBv1 connection. The s4 bindings only ever supported SMBv1
  connections, so this is the same behaviour. The other test cases will
  now try to negotiate SMBv2 connections, however, the no_ntlmv2 test
  cases are explicitly checking for bare-NTLM (with the s3 bindings, it
  now ends up as NTLMSSP by default).

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Jan 17 04:47:56 CET 2019 on sn-devel-144

- - - - -
1937b0cb by Andreas Schneider at 2019-01-17T10:35:12Z
generate_param.py: Use C99 initializer for last element in param table

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
48285a9c by Andreas Schneider at 2019-01-17T10:35:12Z
s4:librpc: Use C99 initializer for PyGetSetDef in py_auth

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
b8c248e4 by Tim Beale at 2019-01-17T14:23:23Z
dns_hub: Rename variable to avoid naming collision in exception handler

In dns_hup.py, we are both importing the socket module and declaring a
variable called socket. When we try to catch a socket.error exception
(defined by the module), Python thinks we're referring to the variable.
As the variable has no attribute called 'error', Python throws an
exception, e.g.:

  File "./bin/python/samba/tests/dns_forwarder_helpers/dns_hub.py", line
123, in handle
    except socket.error as err:
AttributeError: 'socket' object has no attribute 'error'

We can avoid this problem by calling the variable 'sock' instead.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>

Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Jan 17 15:23:23 CET 2019 on sn-devel-144

- - - - -
528d3396 by Christof Schmitt at 2019-01-18T11:58:16Z
wscript: Make non_posix_acls a subsystem

This fixes build error when building vfs_gpfs as static module:

ERROR: circular library dependency between smbd_base and non_posix_acls

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

- - - - -
fd789b2c by Christof Schmitt at 2019-01-18T11:58:16Z
third_party: Add gpfs.h header file

This is the only requirement for building the vfs_gpfs module; the
corresponding library is opened through dlopen at runtime. The intent
here is to always build the vfs_gpfs module to easily detect breakage
e.g. due to vfs interface changes.

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

- - - - -
c41ec2a9 by Christof Schmitt at 2019-01-18T16:21:02Z
lib: Use gpfs.h from third_party on Linux

Update the logic for finding the gpfs.h header file: Look for the header
file in the default location under /usr/lpp/mmfs/include. If it is not
available there, default to the file in third_party/gpfs/ on Linux (AIX
could be added if there is demand).

The configure option --with-gpfs=GPFS_HEADERS_DIR can always be used to
overwrite the default behavior with a specific location.

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Jan 18 17:21:02 CET 2019 on sn-devel-144

- - - - -
c5a69c9f by Puran Chand at 2019-01-18T19:11:22Z
s3:libsmb: parse_finfo_id_both_directory_info capture FileID in SMB2_FIND_ID_BOTH_DIRECTORY_INFO response

This captures the FileID in struct file_info while parsing SMB2_FIND_ID_BOTH_DIRECTORY_INFO
response

Refered MS doc for spec:- https://msdn.microsoft.com/en-us/library/cc246290.aspx

Signed-off-by: Puran Chand <pchand at vmware.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
2c113522 by Jeremy Allison at 2019-01-18T19:11:22Z
s3:libsmb: Store file allocation size in struct file_info.

We get this already, from SMB2_FIND_ID_BOTH_DIRECTORY_INFO
so return it.

For SMB1 leave this as zero so callers know it hasn't
been initialized.

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
4b26ccff by Martin Krämer at 2019-01-18T22:19:13Z
python: dsal: Fix possibility of identical ACE's being added.

Currently it is possible to add the same ace multiple times if
the case sensitivity does not match the existing one using "--sddl" parameter.
As an example while an ace

"OA;CIIO;RPWP;3e978925-8c01-11d0-afda-00c04fd930c9;bf967a86-0de6-11d0-a285-00aa003049e2;PS"

already exists a sddl

"OA;CIIO;RPWP;3E978925-8C01-11D0-AFDA-00C04FD930C9;BF967A86-0DE6-11D0-A285-00AA003049E2;PS"

can be added without detection (and can be added multiple times). As an end result
after a high number of addings (in my tests it was about 1600-1800 aces for one
object) no further changes on that object are possible.

Signed-off-by: Martin Krämer <mk.maddin at gmail.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Rowland Penny <rpenny at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Jan 18 23:19:13 CET 2019 on sn-devel-144

- - - - -
5822449a by Andreas Schneider at 2019-01-19T11:24:18Z
s3:lib: Fix the debug message for adding cache entries.

To get correct values, we need to cast 'timeout' to 'long int' first in
order to do calculation in that integer space! Calculations are don in
the space of the lvalue!

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

- - - - -
f3c30b2f by Andreas Schneider at 2019-01-19T11:24:18Z
lib:mscat: Fix may be used uninitialized warnings

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>

- - - - -
56bbfd90 by Andreas Schneider at 2019-01-19T11:24:18Z
lib:mscat: Use size_t for len value to fix build issue

asn1_read_value_type() only uses it as an unsigned it, a negative value
isn't assinged.

Signed-off-by: Andreas Schneider <asn at samba.org>

- - - - -
9ac30e77 by Andreas Schneider at 2019-01-19T11:24:18Z
s4:dsdb: Fix size types in audit_log

audit_log.c:878:7: error: assuming signed overflow does not occur when
simplifying conditional to constant [-Werror=strict-overflow]

Signed-off-by: Andreas Schneider <asn at samba.org>

- - - - -
c195134e by Andreas Schneider at 2019-01-19T11:24:18Z
s4:dsdb: Fix size type for num_of_attrs in acl_read

This fixes a compile error on sn-devel184.

Signed-off-by: Andreas Schneider <asn at samba.org>

- - - - -
448d67ba by Andreas Schneider at 2019-01-19T14:36:51Z
s4:kdc: Fix size type for num_bind in kdc-heimdal

This fixes a compile error on sn-devel184.

Signed-off-by: Andreas Schneider <asn at samba.org>

Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Sat Jan 19 15:36:51 CET 2019 on sn-devel-144

- - - - -
fb049827 by Douglas Bagnall at 2019-01-19T18:21:19Z
python: dns_hub: do not crash if a socket fails

We print the error and keep going.

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
011ee271 by Douglas Bagnall at 2019-01-19T18:21:19Z
python/uptodateness: cope with unknown invocation ID

This can happen if a server has been replaced

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
7fc60ea5 by Douglas Bagnall at 2019-01-19T18:21:20Z
python/kcc lib: cope with differently formed repsToFrom

samba-tool visualise reuses these libraries to parse reps from other DCs, and Windows sometimes sends
more data than we are expecting

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
f4b3229f by Douglas Bagnall at 2019-01-19T18:21:20Z
s4/py_dsdb: catch/handle alloc failures in py_dsdb_normalise_attributes()

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
942567af by Gary Lockyer at 2019-01-19T18:21:20Z
group_audit: Tests for error handling in group change

Add tests to exercise the error handling in
log_group_membership_changes.

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
60aa7b36 by Gary Lockyer at 2019-01-19T21:32:05Z
group_audit: error handling in group change

Generate an appropriate log message in the event of an error
log_group_membership_changes.  As the changes have not been applied to
the database, there is no easy way to determine the intended changes.
This information is available in the "dsdbChange" audit messages, to
avoid replicating this logic for what should be a very rare occurrence
we simply log it as a "Failure"

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Sat Jan 19 22:32:05 CET 2019 on sn-devel-144

- - - - -
08ba013a by Anoop C S at 2019-01-19T23:31:25Z
s4/messaging: Fix undefined reference in linking libMESSAGING-samba4.so

Early check for DEVELOPER or ENABLE_SELFTEST configure options inside
messaging_handlers.c leaves us with the following undefined reference
linkage error:

[1315/3712] Linking bin/default/source4/lib/messaging/libMESSAGING-samba4.so
/usr/bin/ld: source4/lib/messaging/messaging.c.4.o: in function
						`imessaging_init_internal':
/root/samba.git/bin/default/../../source4/lib/messaging/messaging.c:472:
		undefined reference to `imessaging_register_extra_handlers'
collect2: error: ld returned 1 exit status

This happened due to failure in including "includes.h" before checking
the above mentioned configure options.

Signed-off-by: Anoop C S <anoopcs at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
0628ca2a by Lukas Slebodnik at 2019-01-20T02:49:59Z
tdb: Fix compatibility of wscript with older python

Traceback (most recent call last):
  File "tdb-1.3.17/third_party/waf/waflib/Scripting.py", line 158, in waf_entry_point
    run_commands()
  File "tdb-1.3.17/third_party/waf/waflib/Scripting.py", line 251, in run_commands
    ctx = run_command(cmd_name)
  File "tdb-1.3.17/third_party/waf/waflib/Scripting.py", line 235, in run_command
    ctx.execute()
  File "tdb-1.3.17/third_party/waf/waflib/Context.py", line 204, in execute
    self.recurse([os.path.dirname(g_module.root_path)])
  File "tdb-1.3.17/third_party/waf/waflib/Context.py", line 286, in recurse
    user_function(self)
  File "tdb-1.3.17/wscript", line 225, in testonly
    cmd = "BINDIR={} {}".format(blddir, sh_test)
ValueError: zero length field name in format

Signed-off-by: Lukas Slebodnik <lslebodn at fedoraproject.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Sun Jan 20 03:49:59 CET 2019 on sn-devel-144

- - - - -
10e54a09 by Tim Beale at 2019-01-21T15:34:06Z
netcmd: Try to improve domain backup error message

I ran this command as non-root by mistake and didn't find the error
message particularly helpful. Tweak the error message so it reminds the
user that they should be root. Also display the path we're looking for
the sam.ldb file in, to give them more clues.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>

Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Mon Jan 21 16:34:06 CET 2019 on sn-devel-144

- - - - -
adffe0dc by Günther Deschner at 2019-01-22T17:37:56Z
s3-vfs: add glusterfs_fuse vfs module.

This module only implements the get_real_filename function by accessing
a distinct extended attribute that is available over a glusterfs fuse
mount.

By implementing this vfs function users of a glusterfs fuse mount
achieve a much better performance in create based workloads where samba
then can avoid trying multiple case folding options to detect the real
filename.

Patch is based on an initial patch provided by
Poornima G <pgurusid at redhat.com>

Guenther

Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Tue Jan 22 18:37:56 CET 2019 on sn-devel-144

- - - - -
36c42e6d by Jeremy Allison at 2019-01-22T22:37:16Z
libcli: dns: Change internal DNS_REQUEST_TIMEOUT from 2 to 10 seconds.

Should make us more robust when dealing with slow DNS servers.

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Jan 22 23:37:16 CET 2019 on sn-devel-144

- - - - -
4729c90f by Joe Guo at 2019-01-23T02:09:41Z
traffic: rm --scale-traffic default value

-S, --scale--traffic defaults to 1.0
when we switch to new option -T, both -T and -S are set, which raise an error:

script/traffic_replay #234: --scale-traffic and --packets-per-second are incompatible. Use one or the other.

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Tim Beale <timbeale at catalyst.net.nz>

Autobuild-User(master): Tim Beale <timbeale at samba.org>
Autobuild-Date(master): Wed Jan 23 03:09:41 CET 2019 on sn-devel-144

- - - - -
574fdfae by Ralph Boehme at 2019-01-23T11:41:32Z
CI: run "samba-nt4" as part of the free runners

Looks like this got lost in the py2/py3 reshuffling around
d01d85ccb255cbdfd3d379dfe0cd7ac58af7f284.

Signed-off-by: Ralph Boehme <slow at samba.org>

Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Jan 23 12:41:32 CET 2019 on sn-devel-144

- - - - -
9f666969 by SATOH Fumiyasu at 2019-01-23T17:49:17Z
docs-xml: Fix a typo in manpage for idmap_ad

Signed-off-by: SATOH Fumiyasu <fumiyas at osstech.co.jp>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Volker Lendecke <vl at samba.org>

- - - - -
c9940272 by Anoop C S at 2019-01-23T20:59:10Z
s3-vfs: Use ENOATTR in errno comparison for getxattr

* ENODATA is not defined in FreeBSD
* ENOATTR is defined to be a synonym for ENODATA in Linux
* In its absence Samba already defines ENOATTR to either
  ENODATA or ENOENT

Thus it is safe and correct to compare with ENOATTR rather
than ENODATA.

Signed-off-by: Anoop C S <anoopcs at redhat.com>
Reviewed-by: Uri Simchoni <uri at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Jan 23 21:59:10 CET 2019 on sn-devel-144

- - - - -
67fc683a by Ralph Boehme at 2019-01-24T01:45:09Z
CI: move target "build_nt4" to private gitlab runners

Fixes the mistake of 574fdfae59c6d7c97be48ca52ac9aefac82feccd that added
"build_nt4" to the public runners.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13761

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Tim Beale <timbeale at catalyst.net.nz>

Autobuild-User(master): Tim Beale <timbeale at samba.org>
Autobuild-Date(master): Thu Jan 24 02:45:09 CET 2019 on sn-devel-144

- - - - -
e903d37e by Tim Beale at 2019-01-25T12:20:23Z
s3:rpclient: rpclient help is not very helpful

The help was not telling me that there was a mandatory 'server' argument
that I needed to specify. After trying several different combinations
of parameters, I eventually had to run the tool in gdb to work out why
it was complaining.

This is the output I was getting:

bin/rpcclient -U$USERNAME%$PASSWORD -I $SERVER_IP
Usage: rpcclient [OPTION...]
  -c, --command=COMMANDS                 Execute semicolon separated
cmds
  -I, --dest-ip=IP                       Specify destination IP address
  -p, --port=PORT                        Specify port number
...

New help output is:

Usage: rpcclient [OPTION...] <server>
Options:
  -c, --command=COMMANDS                 Execute semicolon separated
cmds
...

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow at samba.org>

- - - - -
7b21b4c1 by Jeremy Allison at 2019-01-25T12:20:23Z
s3: tests: Add regression test for smbd crash on share force group change with existing connection.

Mark as known fail for now.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13690

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

- - - - -
e37f9956 by Jeremy Allison at 2019-01-25T15:31:27Z
smbd: uid: Don't crash if 'force group' is added to an existing share connection.

smbd could crash if "force group" is added to a
share definition whilst an existing connection
to that share exists. In that case, don't change
the existing credentials for force group, only
do so for new connections.

Remove knownfail from regression test.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13690

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Jan 25 16:31:27 CET 2019 on sn-devel-144

- - - - -
d93f901e by Isaac Boukris at 2019-01-25T20:57:57Z
Fix tests when building with selftest but without developer

Signed-off-by: Isaac Boukris <iboukris at gmail.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Fri Jan 25 21:57:57 CET 2019 on sn-devel-144

- - - - -
8c097b4a by Tim Beale at 2019-01-25T23:53:10Z
s3:pylibsmb: Initialize pointers to NULL in new API code

Fix a few uninitialized pointers that managed to sneak through review.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
80685fd8 by Tim Beale at 2019-01-26T03:05:25Z
s4:libcli: Remove (now unused) pysmb.c bindings

The s4 SMB client bindings don't support SMBv2, so we've made the
decision to use the s3 SMB client bindings/library code instead.
Everything in the Samba codebase now uses the s3 bindings, and we'll
add a warning message to Samba v4.10 that the s4 bindings are
deprecated. This patch removes the unused s4 bindings completely for
the next (i.e. v4.11) release.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Jan 26 04:05:25 CET 2019 on sn-devel-144

- - - - -
8989916b by Andreas Schneider at 2019-01-26T18:08:12Z
gitlab-ci: Move the image definition to the template

And in addition use variables for defining project and build env.

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
5aee11c2 by Andreas Schneider at 2019-01-26T18:08:12Z
gitlab-ci: Move before and after script to shared template

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
b9924839 by Andreas Schneider at 2019-01-26T21:16:38Z
gitlab-ci: Use artifacts instead of after_script

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Sat Jan 26 22:16:38 CET 2019 on sn-devel-144

- - - - -
db6992c2 by Andreas Schneider at 2019-01-28T09:29:12Z
ctdb: Use C99 initializer for poptOption in ctdb tool

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
23709cc3 by Andreas Schneider at 2019-01-28T09:29:12Z
ctdb: Use C99 initializer for poptOption in test_options

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
d304d3c6 by Andreas Schneider at 2019-01-28T09:29:12Z
examples: Reformat testacl libsmbclient example

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
007898bf by Andreas Schneider at 2019-01-28T09:29:12Z
examples: Use C99 initializer for poptOption in testacl

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
cbf8917b by Andreas Schneider at 2019-01-28T09:29:12Z
lib:texpect: Use C99 initializer for poptOption in texpect

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
cdf03f92 by Andreas Schneider at 2019-01-28T09:29:12Z
libcli:nbt: Use C99 initializer for poptOption in nmblookup

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
53e2e8c3 by Andreas Schneider at 2019-01-28T09:29:12Z
nsswitch: Use C99 initializer for poptOption in wbinfo

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
b0dbc7d1 by Andreas Schneider at 2019-01-28T09:29:13Z
s3:client: Use C99 initializer for poptOption in smbclient

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
3834ea86 by Andreas Schneider at 2019-01-28T09:29:13Z
s3:rpcclient: Use C99 initializer for poptOption in cmd_witness

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
9a15d458 by Andreas Schneider at 2019-01-28T09:29:13Z
s3:smbd: Use C99 initializer for poptOption in smbd server

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
a3aca2f7 by Andreas Schneider at 2019-01-28T09:29:13Z
s3:torture: Use C99 initializer for poptOption in vfstest

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
83d25ca9 by Andreas Schneider at 2019-01-28T09:29:13Z
s3:utils: Use C99 initializer for poptOption in smbstatus

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
5990980c by Andreas Schneider at 2019-01-28T09:29:13Z
s3:utils: Use C99 initializer for poptOption in smbcacls

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
19d44958 by Andreas Schneider at 2019-01-28T09:29:13Z
s3:utils: Use C99 initializer for poptOption in nmblookup

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
aa944d50 by Andreas Schneider at 2019-01-28T09:29:13Z
s3:utils: Use C99 initializer for poptOption in profiles

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
0fde49ac by Andreas Schneider at 2019-01-28T09:29:14Z
s3:utils: Use C99 initializer for poptOption in sharesec

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
a2bb5654 by Andreas Schneider at 2019-01-28T09:29:14Z
s3:utils: Use C99 initializer for poptOption in ntlm_auth

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
f5f084e9 by Andreas Schneider at 2019-01-28T09:29:14Z
s3:utils: Use C99 initializer for poptOption in smbcquotas

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
7c8d4f21 by Andreas Schneider at 2019-01-28T09:29:14Z
s3:utils: Use C99 initializer for poptOption in testparm

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
5961286f by Andreas Schneider at 2019-01-28T09:29:14Z
s3:utils: Use C99 initializer for poptOption in log2pcaphex

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
90103d1d by Andreas Schneider at 2019-01-28T09:29:14Z
s3:utils: Use C99 initializer for poptOption in net

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
0de35fd3 by Andreas Schneider at 2019-01-28T09:29:14Z
s3:utils: Use C99 initializer for poptOption in smbtree

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
f699cec7 by Andreas Schneider at 2019-01-28T09:29:15Z
s3:utils: Use C99 initializer for poptOption in smbget

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
4c3ada25 by Andreas Schneider at 2019-01-28T09:29:15Z
s3:param: Use C99 initializer for poptOption in test_lp_load

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
650af8bf by Andreas Schneider at 2019-01-28T09:29:15Z
s3:winbind: Use C99 initializer for poptOption in winbindd

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
54c1ab6d by Andreas Schneider at 2019-01-28T09:29:15Z
s3:lib: Use POPT_TABLEEND for last element of poptOption

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
d34edc6b by Andreas Schneider at 2019-01-28T09:29:15Z
s3:lib: Use C99 initializer for poptOption in netapi common test

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
f68d6aa3 by Andreas Schneider at 2019-01-28T09:29:15Z
s3:lib: Use C99 initializer for poptOption in netapi nltest

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
fd499b7f by Andreas Schneider at 2019-01-28T09:29:15Z
s3:lib: Use C99 initializer for poptOption in popt_common

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
1cde483c by Andreas Schneider at 2019-01-28T09:29:16Z
s3:lib: Use C99 initializer for poptOption in popt_common_cmdline

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
025b32e5 by Andreas Schneider at 2019-01-28T09:29:16Z
s3:netapi: Use C99 initializer for poptOption in netapi example

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
e9ef830f by Andreas Schneider at 2019-01-28T09:29:16Z
s3:nmbd: Use C99 initializer for poptOption in nmbd

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
3a5cd0a3 by Andreas Schneider at 2019-01-28T09:29:16Z
s3:utils: Use C99 initializer for poptOption in mvxattr

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
ee8f0986 by Andreas Schneider at 2019-01-28T09:29:16Z
s4:smbd: Use C99 initializer for poptOption in server

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
ad13bd56 by Andreas Schneider at 2019-01-28T09:29:16Z
s4:client: Use C99 initializer for poptOption in client

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
f66ead39 by Andreas Schneider at 2019-01-28T09:29:16Z
s4:client: Use C99 initializer for poptOption in cifsdd

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
ded66cf3 by Andreas Schneider at 2019-01-28T09:29:16Z
s4:lib: Use C99 initializer for poptOption in popt_common

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
2b6706fb by Andreas Schneider at 2019-01-28T09:29:17Z
s4:lib: Use C99 initializer for poptOption in popt_credentials

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
34ae8dc3 by Andreas Schneider at 2019-01-28T09:29:17Z
s3:torture: Use C99 initializer for cmd_set in cmd_vfs

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
78b45a47 by Andreas Schneider at 2019-01-28T09:29:17Z
s3:torture: Use C99 initializer for cmd_set in vfstest

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
65729e37 by Andreas Schneider at 2019-01-28T09:29:17Z
s3:rpcclient: Use C99 initializer for cmd_set in cmd_spoolss

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
5b298d30 by Andreas Schneider at 2019-01-28T09:29:17Z
s3:rpcclient: Use C99 initializer for cmd_set in cmd_dfs

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
281c5107 by Andreas Schneider at 2019-01-28T09:29:17Z
s3:rpcclient: Use C99 initializer for cmd_set in cmd_netlogon

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
6087decf by Andreas Schneider at 2019-01-28T09:29:17Z
s3:rpcclient: Use C99 initializer for cmd_set in cmd_srvsvc

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
d1695761 by Andreas Schneider at 2019-01-28T09:29:18Z
s3:rpcclient: Use C99 initializer for cmd_set in cmd_echo

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
17d166e6 by Andreas Schneider at 2019-01-28T09:29:18Z
s3:rpcclient: Use C99 initializer for cmd_set in cmd_drsuapi

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
8cb851ff by Andreas Schneider at 2019-01-28T09:29:18Z
s3:rpcclient: Use C99 initializer for cmd_set in cmd_dssetup

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
2bec9593 by Andreas Schneider at 2019-01-28T09:29:18Z
s3:rpcclient: Use C99 initializer for cmd_set in cmd_wkssvc

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
711cb035 by Andreas Schneider at 2019-01-28T09:29:18Z
s3:rpcclient: Use C99 initializer for cmd_set in cmd_fss

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
a1765267 by Andreas Schneider at 2019-01-28T09:29:18Z
s3:rpcclient: Use C99 initializer for cmd_set in cmd_winreg

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
2069372e by Andreas Schneider at 2019-01-28T09:29:18Z
s3:rpcclient: Use C99 initializer for cmd_set in cmd_iremotewinspool

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
b7b78134 by Andreas Schneider at 2019-01-28T09:29:19Z
s3:rpcclient: Use C99 initializer for cmd_set in cmd_ntsvcvs

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
d69fbf41 by Andreas Schneider at 2019-01-28T09:29:19Z
s3:rpcclient: Use C99 initializer for cmd_set in cmd_clusapi

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
90b338e8 by Andreas Schneider at 2019-01-28T09:29:19Z
s3:rpcclient: Use C99 initializer for cmd_set in cmd_samr

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
bbc4d8c5 by Andreas Schneider at 2019-01-28T09:29:19Z
s3:rpcclient: Use C99 initializer for cmd_set in cmd_lsarpc

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
05afe962 by Andreas Schneider at 2019-01-28T09:29:19Z
s3:rpcclient: Use C99 initializer for cmd_set in rpcclient

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
f70dbe9f by Andreas Schneider at 2019-01-28T09:29:19Z
s3:rpcclient: Use C99 initializer for cmd_set in cmd_witness

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
eee66741 by Andreas Schneider at 2019-01-28T09:29:19Z
s3:rpcclient: Use C99 initializer for cmd_set in cmd_eventlog

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
328cb7aa by Andreas Schneider at 2019-01-28T09:29:19Z
s3:rpcclient: Use C99 initializer for cmd_set in cmd_test

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
5701586d by Andreas Schneider at 2019-01-28T09:29:20Z
s3:rpcclient: Use C99 initializer for cmd_set in cmd_epmapper

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
0a6f78d7 by Andreas Schneider at 2019-01-28T09:29:20Z
s3:rpcclient: Use C99 initializer for cmd_set in cmd_shutdown

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
651ee7f2 by Andreas Schneider at 2019-01-28T09:29:20Z
lib:tdb: Use C99 initializer for PyGetSetDef in pytdb

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
85a5dc56 by Andreas Schneider at 2019-01-28T09:29:20Z
lib:ldb: Use C99 initializer for PyGetSetDef in pyldb

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
2baa2c0f by Andreas Schneider at 2019-01-28T09:29:20Z
s3:passdb: Use C99 initializer for PyGetSetDef in py_passdb

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
7017f245 by Andreas Schneider at 2019-01-28T09:29:20Z
s4:librpc: Use C99 initializer for PyGetSetDef in pyrpc

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
ee4795b9 by Andreas Schneider at 2019-01-28T09:29:20Z
s4:lib: Use C99 initializer for PyGetSetDef in pymessaging

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
d538319e by Andreas Schneider at 2019-01-28T09:29:21Z
s4:pyparam: Use C99 initializer for PyGetSetDef

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
246f7dd7 by Andreas Schneider at 2019-01-28T09:29:21Z
auth:creds: Use C99 initializer for PyMethodDef

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
14c7d19b by Andreas Schneider at 2019-01-28T09:29:21Z
auth:gensec: Use C99 initializer in schannel

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
611b6c7e by Andreas Schneider at 2019-01-28T09:29:21Z
ctdb: Use C99 initializer for last element of tunables

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
6c520978 by Andreas Schneider at 2019-01-28T09:29:21Z
ctdb:common: Use C99 initializer for 'struct ifreq'

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
fb57c97c by Andreas Schneider at 2019-01-28T09:29:21Z
ctdb:tools: Use correct C99 initializer for ltdb_header

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
3cd5d4b3 by Andreas Schneider at 2019-01-28T09:29:21Z
lib:ldb: Use C99 initializer for tdb_logging_context

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
146ed089 by Andreas Schneider at 2019-01-28T09:29:21Z
lib:ldb: Use correct C99 initializer for 'struct tm'

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
a1ce666d by Andreas Schneider at 2019-01-28T09:29:22Z
lib:tdb: Use C99 initializer for tdb_header

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
47b57a2f by Andreas Schneider at 2019-01-28T09:29:22Z
lib:tdb: Use C99 initializer for tdb_logging_context

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
0da2e9c2 by Andreas Schneider at 2019-01-28T09:29:22Z
lib:tevent: Use correct C99 initializer for tevent_req

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
014a72c7 by Andreas Schneider at 2019-01-28T09:29:22Z
lib:util: Use C99 initializer for builtin_functions in iconv

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
fe78ebcb by Andreas Schneider at 2019-01-28T09:29:22Z
lib:util: Use C99 initializer for weird_table in charset

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
7983b03a by Andreas Schneider at 2019-01-28T09:29:22Z
lib:util: Use C99 initializer in tfork test

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
bbc4d728 by Andreas Schneider at 2019-01-28T09:29:22Z
libgpo: Use C99 initializer for gp_extension_reg_table

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
292dbbf1 by Andreas Schneider at 2019-01-28T09:29:23Z
librpc:rpc: Use C99 initializer for last element in dcerpc_faults

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
99c2a24e by Andreas Schneider at 2019-01-28T09:29:23Z
sddl: Use C99 initializer for sid_codes

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
5e0923d8 by Andreas Schneider at 2019-01-28T09:29:23Z
s3:registry: Use C99 initializer for BOM

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
58b4f48c by Andreas Schneider at 2019-01-28T09:29:23Z
s3:lib: Use C99 initializer for audit_category_tab

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
4bb10422 by Andreas Schneider at 2019-01-28T09:29:23Z
s3:smbd: Use C99 initializer for RAP api_commands

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
e73ff643 by Andreas Schneider at 2019-01-28T09:29:23Z
s3:torture: Use C99 initializer for torture_ops

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
4ad94b60 by Andreas Schneider at 2019-01-28T09:29:23Z
s3:utils: Use C99 initializer for msg_types in smbcontrol

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
2eab064a by Andreas Schneider at 2019-01-28T09:29:23Z
s3:utils: Use C99 initializer in functable in net_lookup

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
0e28116e by Andreas Schneider at 2019-01-28T09:29:24Z
s3:utils: Use C99 initializer in functable in net

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
8e1f9675 by Andreas Schneider at 2019-01-28T09:29:24Z
s4:dsdb: Use C99 initializer in util

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
4d1ae190 by Andreas Schneider at 2019-01-28T09:29:24Z
s4:samdb: Use C99 initializer for last element of ldb_map_objectclass

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
6395a9a8 by Andreas Schneider at 2019-01-28T09:29:24Z
s4:torture: Use C99 initializers for dirs in oplock test

Yes, this was already valid C99 but the compiler on Ubuntu 14.04 simply
sucks. This doesn't happen with this gcc version on other Linux systems.

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
8647ae63 by Andreas Schneider at 2019-01-28T09:29:24Z
s4:torture: Use C99 initializers for levels in qfsinfo test

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
2df8e808 by Andreas Schneider at 2019-01-28T09:29:24Z
s4:torture: Use C99 initializers for dirs in smb2 notify test

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
1474de31 by Andreas Schneider at 2019-01-28T09:29:24Z
s4:torture: Use C99 initializers for levels in raw search test

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
d731ddf8 by Andreas Schneider at 2019-01-28T09:29:25Z
s4:torture: Use C99 initializers for levels in raw notify test

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
7ceffb31 by Andreas Schneider at 2019-01-28T09:29:25Z
s4:torture: Use C99 initializers for dirs in smb2 oplock test

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
a5362457 by Andreas Schneider at 2019-01-28T09:29:25Z
s4:torture: Use C99 initializers for hold_sharemode_table in smb2 sharemode test

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
660428a2 by Andreas Schneider at 2019-01-28T09:29:25Z
s4:torture: Use C99 initializers for level in smb2 dir test

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
0bcbec40 by Andreas Schneider at 2019-01-28T09:29:25Z
s4:torture: Use C99 initializers for file_levels in smb2 getinfo test

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
6b0963f6 by Andreas Schneider at 2019-01-28T09:29:25Z
s4:torture: Complete C99 initializers for levels in raw qfileinfo test

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
7c9abe78 by Andreas Schneider at 2019-01-28T09:29:25Z
s4:torture: Use C99 initializer for last element in get_and_set_info

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
c0a6f69e by Andreas Schneider at 2019-01-28T09:29:25Z
s4:torture: Use C99 initializer in test_SecurityDescriptorsSecInfo

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
3e3e3a92 by Andreas Schneider at 2019-01-28T09:29:26Z
s4:torture: Add missing C99 initializer for torture_rpc_samlogon

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
bb5b1c80 by Andreas Schneider at 2019-01-28T09:29:26Z
s4:torture: Use C99 initializers in gentest

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
4609e6fb by Andreas Schneider at 2019-01-28T09:29:26Z
s4:torture: Fix C99 initializers for vfs fruit tests

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
8c774f5a by Andreas Schneider at 2019-01-28T09:29:26Z
s4:cifsdd: Use C99 initializers for cifsdd argdef

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
6a332618 by Andreas Schneider at 2019-01-28T09:29:26Z
libcli:smb: Use C99 initializer for derivation in smbXcli_base

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
1c4ba8e9 by Douglas Bagnall at 2019-01-28T09:29:26Z
pyrpc: typo in transfer syntax docstring

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
1f37ac3b by Douglas Bagnall at 2019-01-28T09:29:26Z
libgpo: remove duplicate entry in value table

previously added a few lines up.

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
9e4ddff2 by Douglas Bagnall at 2019-01-28T09:29:26Z
libgpo: remove 404 link in comment

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
ed209cfe by Douglas Bagnall at 2019-01-28T13:28:29Z
s3:nmbd: small improvements in --help strings

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>

Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Jan 28 14:28:29 CET 2019 on sn-devel-144

- - - - -
e2eadf9a by Justin Stephenson at 2019-01-28T14:44:18Z
s4:torture: Share test iremotewinspool functions

Create iremotewinspool_common.c and iremotewinspool_common.h to make
test functions available for additional tests

Signed-off-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>

- - - - -
8f240b12 by Justin Stephenson at 2019-01-28T14:44:18Z
s4:torture: Seperate out function calls inside params

Minor change to allow for easier debugging

Signed-off-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>

- - - - -
5c1514e6 by Justin Stephenson at 2019-01-28T14:44:18Z
librpc:idl: Fix pszDestInfPath winspool parameter type

The in/out type of pszDestInfPath needs to be a string type for
RPC call UploadPrinterDriverPackage.

Per the Spec:

[in, out, unique, size_is(*pcchDestInfPath)] wchar_t* pszDestInfPath,

 pszDestInfPath: A pointer to a buffer that receives a string that
 specifies the full path of the directory to which the driver
 installation control file was copied.

Signed-off-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>

- - - - -
a9c50a71 by Justin Stephenson at 2019-01-28T14:44:18Z
s4:torture: Add iremotewinspool driver torture template

Add the template with setup and teardown functions
for the iremotewinspool_driver torture suite, and
add this to the list of torture tests

Signed-off-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>

- - - - -
5e97d3cd by Justin Stephenson at 2019-01-28T14:44:18Z
s4:torture: Use test client user and machine name defaults

Use "testclient_machine" and "testclient_user" in open printer calls.

Signed-off-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>

- - - - -
7abf1d03 by Andreas Schneider at 2019-01-28T14:44:18Z
util: Add file tree walk interface

Add tftw() utility to emulate nftw() behavior with a userdata pointer.
This is repurposed from the csync project custom file tree walker.

Signed-off-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>

- - - - -
7d42029f by Günther Deschner at 2019-01-28T14:44:18Z
utils:libgpo: re-add libgpo as library, it should not be part of gpext

It was initially removed in 78fd02cf31dfe72d596030f342aebefba1e72263 but
is needed by the inf file parsing.

Guenther

Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>

- - - - -
b6712ab9 by Guenther Deschner at 2019-01-28T14:44:18Z
lib:printer_driver: Add printer_driver library to parse printer driver inf files

Pair-Programmed-With: Justin Stephenson <jstephen at redhat.com>
Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>

- - - - -
04d92b00 by Justin Stephenson at 2019-01-28T14:44:18Z
lib:printer_driver: Handle PrintProcessor string

This fixes an issue parsing the section of a certain HP
driver inf file:

PrintProcessor=%PRINT_PROCESSOR%

where %PRINT_PROCESSOR% is a [Strings] substituted value,
gp_inifile_getstring_ext() performs the substitution correctly.

Signed-off-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>

- - - - -
16638011 by Justin Stephenson at 2019-01-28T14:44:18Z
lib:printer_driver: Parse SourceDisksNames section

This allows a driver inf with a [SourceDisksNames] section
excluding the system architecture to be parsed.

https://docs.microsoft.com/en-us/windows-hardware/drivers/install/inf-sourcedisksnames-section?f=255&MSPPError=-2147217396

Signed-off-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>

- - - - -
5442355c by Justin Stephenson at 2019-01-28T14:44:18Z
lib:printer_driver: Don't overwrite printprocessor

If the printprocessor is parsed from the inf file in the codepath:

setup_driver_name
  find_driver_files
    process_driver_section_printprocessor

Don't overwrite the value later on in setup_driver_name with the default "winprint"

Signed-off-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>

- - - - -
7783c62b by Justin Stephenson at 2019-01-28T14:44:18Z
lib:printer_driver: Retrieve Class value

Retrieve the Class value from the inf file [Version] section.

Signed-off-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>

- - - - -
1ac1b3e1 by Justin Stephenson at 2019-01-28T14:44:19Z
s4:torture: Add driver parsing wrapper

Add wrapper function to parse inf driver file and get
validated driver information.

Signed-off-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>

- - - - -
01f1bd3f by Justin Stephenson at 2019-01-28T14:44:19Z
s4:torture: Add test_init_driver_info function

Validate torture options, obtain and retrieve driver information, and
call driver parsing function to retrieve driver info needed for
performing the test.

Signed-off-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>

- - - - -
a9619abb by Justin Stephenson at 2019-01-28T14:44:19Z
s4:torture: Add test_CopyDriverFiles

Add test to copy driver files from a torture option provided local driver_path
to the print$ share of //server/.

Signed-off-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>

- - - - -
a9f283c8 by Justin Stephenson at 2019-01-28T14:44:19Z
s4:torture: Add test_UploadPrinterDriverPackage

Add test to Upload Print Driver, a prerequisite RPC call before
installing the print driver. The inf driver file to use in this test
will be provided using torture option:inf_file

Signed-off-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>

- - - - -
c627b4e3 by Justin Stephenson at 2019-01-28T14:44:19Z
s4:torture: Add test_InstallPrinterDriverFromPackage

Install a previous uploaded driver package.

Signed-off-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>

- - - - -
38967fd9 by Justin Stephenson at 2019-01-28T14:44:19Z
s4:torture: Add test_ValidatePrinterDriverInstalled

Perform checks against the print driver registry information
to ensure the driver was installed as expected.

Signed-off-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>

- - - - -
669b135b by Justin Stephenson at 2019-01-28T14:44:19Z
s4:torture: Uninstall driver and cleanup

Uninstall and remove the print driver packages to cleanup
after the install. Cleanup and remove smb directory created
inside print$.

Signed-off-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>

- - - - -
232273bf by Justin Stephenson at 2019-01-28T18:34:41Z
s4:torture: Enforce Printer Class

Ensure that the provided inf defines Class=Printer for driver installation
to succeed.

Some driver packages(HP Universal Print Driver) include inf files with
other device types such as Class=USB. Attempting to install these will fail
when tested against Windows Server 2016 Print server using
iremotewinspool RPC calls.

Signed-off-by: Justin Stephenson <jstephen at redhat.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>

Autobuild-User(master): Björn Jacke <bjacke at samba.org>
Autobuild-Date(master): Mon Jan 28 19:34:41 CET 2019 on sn-devel-144

- - - - -
45a202a1 by David Disseldorp at 2019-01-28T23:29:17Z
s3/lib: don't rely on implicit int return type

C99 removed this behaviour.

Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
f1b43dfe by David Disseldorp at 2019-01-28T23:29:17Z
s3/lib: clean up have_syscall() formatting

Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
e1324580 by David Disseldorp at 2019-01-29T02:47:27Z
tests: don't rely on implicit int return type

Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

Autobuild-User(master): David Disseldorp <ddiss at samba.org>
Autobuild-Date(master): Tue Jan 29 03:47:27 CET 2019 on sn-devel-144

- - - - -
1f07c478 by Douglas Bagnall at 2019-01-29T12:45:32Z
python/modules: maintain correct refcount for path items

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>

- - - - -
3584fe46 by Douglas Bagnall at 2019-01-29T12:45:32Z
s3/py_passdb: maintain correct refcount on allocation failure

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>

- - - - -
e23b9f88 by Douglas Bagnall at 2019-01-29T12:45:32Z
s4/pyrpc_util: appropriately decrement refcounts on failure

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>

- - - - -
a3aa5af3 by Douglas Bagnall at 2019-01-29T12:45:32Z
s4/pyrpc_util: catch alloc failure in py_dcerpc_interface_init_helper()

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>

- - - - -
ca93b1e1 by Douglas Bagnall at 2019-01-29T15:54:48Z
s4/param/provision py_dom_sid_FromSid: avoid python memleak

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>

Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Tue Jan 29 16:54:48 CET 2019 on sn-devel-144

- - - - -
60b062d6 by Volker Lendecke at 2019-01-29T21:06:59Z
vfs_gpfs: Fix the 32-bit build

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

Autobuild-User(master): Christof Schmitt <cs at samba.org>
Autobuild-Date(master): Tue Jan 29 22:06:59 CET 2019 on sn-devel-144

- - - - -
8061983d by Stefan Metzmacher at 2019-01-29T21:09:07Z
wscript: separate embedded_heimdal from system_heimdal

This allows to default (embedded_heimdal) to build even with a
broken krb5-config file from Heimdal.

In the system_heimdal case we parse the content of krb5-config
instead of just executing it. This fails on FreeBSD 12 as
krb5-config contains iso-8859-1 characters, which can't be parsed
as unicode python buffers when using python3.

Fixing the system_heimdal case is a task for another day,
I guess it will only work once we imported a current heimdal version
and actually tested the system_heimdal case.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
e49df24e by Stefan Metzmacher at 2019-01-29T21:09:07Z
replace: only include <sys/capability.h> with HAVE_POSIX_CAPABILITIES

On FreeBSD <sys/capability.h> is a legacy wrapper to <sys/capsicum.h>,
which implements something different. With FreeBSD 12 including
<sys/capability.h> generates a compiler warning/error.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
b2050db6 by Stefan Metzmacher at 2019-01-29T21:09:07Z
wafsamba/replace: move __STDC_WANT_LIB_EXT1__ to CFLAGS

This fixes the build of python bindings, which use memset_s()
(via ZERO_STRUCT).

In python bindings Python.h needs to be the first header, which means
is already includes string.h. Defining __STDC_WANT_LIB_EXT1__ in
replace.h is too late in that case.

This fixes the --check-c-compiler=gcc --picky-developer on FreeBSD 12.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
c0ed5bd0 by Stefan Metzmacher at 2019-01-29T21:09:07Z
third_party/resolv_wrapper: fix HAVE_RESOLV_IPV6_NSADDRS for struct __res_state

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
8e7b63a1 by David Mulder at 2019-01-29T21:09:07Z
'articles' variable causes a dependency loop

This 'articles' variable contains
'smbdotconf/parameters.all.xml' and causes a
dependency loop when creating parameters.all.xml

Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Reviewed-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
0b66cf93 by Stefan Metzmacher at 2019-01-29T21:09:07Z
python/tests/dns*: make use of dns.DNS_RCODE/dns.DNS_OPCODE

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
29f9618e by Stefan Metzmacher at 2019-01-29T21:09:07Z
dns.idl: fix DNS_RCODE from 0xF to 0x1F

commit 74206984daa9c707a38675df88d6bbe660d876bc introduced
TSIG related error codes up to DNS_RCODE_BADALG   = 0x15

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
7a7a5ccf by Lukas Slebodnik at 2019-01-29T21:09:07Z
ldb: The test api.py should not rely on order of entries in dict

Test failed on s390x but there is a simple reproducer for any
architecture.

The built-in function repr returns the canonical string representation
of the object. We needn't care about order attributes in string
representation. Therefore test should pass for any order.

    for i in {1..30}; do
        PYTHONHASHSEED=random \
        python2 -c 'import ldb; msg = ldb.Message(); msg.dn = ldb.Dn(ldb.Ldb(), "dc=foo29"); msg["dc"] = b"foo"; print(repr(msg)) '
    done

  ======================================================================
  FAIL: test_repr (__main__.LdbMsgTests)
  ----------------------------------------------------------------------
  Traceback (most recent call last):
    File "tests/python/api.py", line 2322, in test_repr
      "Message({'dn': Dn('dc=foo29'), 'dc': MessageElement(['foo'])})")
  AssertionError: "Message({'dc': MessageElement(['foo']), 'dn': Dn('dc=foo29')})" != "Message({'dn': Dn('dc=foo29'), 'dc': MessageElement(['foo'])})"
  ----------------------------------------------------------------------
  Ran 1025 tests in 29.146s
  FAILED (failures=1)

Signed-off-by: Lukas Slebodnik <lslebodn at fedoraproject.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
12b9adec by Stefan Metzmacher at 2019-01-29T21:09:07Z
manpages/samba.7.xml: smbcontrol can also work with 'samba'

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Björn Baumbach <bbaumbach at samba.org>

- - - - -
3a0c1da4 by Stefan Metzmacher at 2019-01-29T21:09:08Z
s4:messaging: add support 'smbcontrol <pid> debug/debuglevel'

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Björn Baumbach <bbaumbach at samba.org>

- - - - -
5bd7a8e5 by Stefan Metzmacher at 2019-01-29T21:09:08Z
s4:server: avoid using pid=0 for the parent 'samba' process

It confuses the 'samba-tool processes' output and log messages.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Björn Baumbach <bbaumbach at samba.org>

- - - - -
832776c0 by Stefan Metzmacher at 2019-01-29T21:09:08Z
s4:server: add support for 'smbcontrol samba shutdown'

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Björn Baumbach <bbaumbach at samba.org>

- - - - -
d03991f5 by Stefan Metzmacher at 2019-01-30T00:51:48Z
selftest:Samba4: use 'smbcontrol samba shutdown'

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Björn Baumbach <bbaumbach at samba.org>

Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Jan 30 01:51:48 CET 2019 on sn-devel-144

- - - - -
dc9a2c05 by Jeremy Allison at 2019-01-30T20:21:10Z
s3: smbd: smb2-posix: Add IO_REPARSE_TAG_NFS.

https://msdn.microsoft.com/en-us/library/dn617178.aspx

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

- - - - -
abbaa629 by Jeremy Allison at 2019-01-30T23:50:10Z
s3: smbd: smb2-posix: Add NFS_SPECFILE_XXX defines.

Sub-types for NFS reparse point.

https://msdn.microsoft.com/en-us/library/dn617178.aspx

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Jan 31 00:50:10 CET 2019 on sn-devel-144

- - - - -
4ecdcc4b by Gary Lockyer at 2019-01-31T03:25:13Z
man pages: document prefork process model

Document the process model options -M

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13765

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

Autobuild-User(master): Tim Beale <timbeale at samba.org>
Autobuild-Date(master): Thu Jan 31 04:25:14 CET 2019 on sn-devel-144

- - - - -
5d5a790b by Tim Beale at 2019-02-01T02:36:15Z
dns_hub: Fix flake8 warnings

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
a094e16f by Tim Beale at 2019-02-01T02:36:15Z
selftest: Move dns_hub.py into selftest directory

As dns_hub.py is now integral to the selftest environments, it seems to
make sense for it to live under the selftest/ directory.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
b4211f69 by Tim Beale at 2019-02-01T02:36:15Z
selftest: Add dns_hub to selftest/target/README

Add a description explaining what dns_hub does and why we need it.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
9a893f96 by Tim Beale at 2019-02-01T02:36:15Z
ldb: Avoid inefficient one-level searches

Commit 88ae60ed186c9 introduced a problem that made one-level
searches inefficient if there were a lot of child objects in the same
level, and the requested object didn't exist. Basically, it ignored the
case where ldb_kv_index_dn() returned LDB_ERR_NO_SUCH_OBJECT, i.e. the
indexed lookup was successful, but didn't find a match. At which point,
there was no more processing we needed to do.

The behaviour after 88ae60ed186c9 was to fall-through and run the
ldb_kv_index_filter() function over *all* the children. This still
returned the correct result, but could be costly if there were a lot of
children.

The case 88ae60ed186c9 was trying to fix was where we could not do
an indexed search (e.g. trying to match on a 'attribute=*' filter). In
which case we want to ignore the LDB_ERR_OPERATIONS_ERROR and just run
ldb_kv_index_filter() over all the children. This is still more
efficient than the fallback of doing a full database scan.

This patch adds in a short-circuit for the NO_SUCH_OBJECT case, so we
can skip the unnecessary ldb_kv_index_filter() work.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
72928444 by Tim Beale at 2019-02-01T02:36:15Z
ldb: Remove comment that no longer makes sense

This comment was written before the GUID_index_attribute block of code
existed. So we now *do* load the index values and *do* check for a
strict intersect, so the comment is redundant.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
13260068 by Tim Beale at 2019-02-01T02:36:15Z
ldb: Elaborate on ldb_kv_search_indexed() comments

Disclaimer: this is based on my limited understanding of what the code
is doing.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
57a565b2 by Tim Beale at 2019-02-01T02:36:15Z
ldb: Rename variable

The old name confused me because it's not really related to the
one-level index at all. It's the result from evaluating the indexed
search specified in the ac->tree.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
e7f524fd by Andrew Bartlett at 2019-02-01T02:36:15Z
ldb: Add even more comments on what strict does to the list intersections

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>

- - - - -
5e716c02 by Andrew Bartlett at 2019-02-01T02:36:15Z
ldb: Release ldb 1.5.3

* Avoid inefficient one-level searches (bug 13762)
* The test api.py should not rely on order of entries in dict (bug 13772)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13772

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>

- - - - -
3f8d83b7 by Tim Beale at 2019-02-01T02:36:16Z
samba: Change default process model to prefork

Prefork is the more sensible default option now, as it better
handles a large number of client connections.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
46033515 by Tim Beale at 2019-02-01T02:36:16Z
selftest: Make process_model argument optional in check_or_start()

It's more realistic to *not* always specify a process-model, and rely on
the samba code to use the correct default. This patch changes selftest
so we only use the -M process-model option if a particular process_model
was specified. Otherwise the testenv will use whatever the default is.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
d29853ab by Tim Beale at 2019-02-01T02:36:16Z
selftest: Convert backup/restore testenvs to use default

These testenvs shouldn't be dependent on the process model at all, so we
should be able to convert them to the new default without any
repercussions.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
c649aece by Tim Beale at 2019-02-01T02:36:16Z
man pages: Add note about standard process model

Calling this model the 'standard' model made a lot more sense when it
was the default. Add a small note explaining that it has this name for
historical reasons.

(The term 'standard' may have originally been chosen for some other
reason. However, it's hard to find the rationale behind the term from
back in 2005)

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
40271520 by Tim Beale at 2019-02-01T02:36:16Z
selftest: Fix running proclimit tests locally

The dns_hub changes missed a dependency. Fortunately, during an
autobuild, the dns_hub is always up and running by the time the
proclimitdc tests are run. However, the tests were failing if run
locally just on their own.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
6cee31b0 by Tim Beale at 2019-02-01T02:36:16Z
selftest: Reorder ENV_DEPS so similar testenvs are together

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
b2126cd6 by Tim Beale at 2019-02-01T02:36:16Z
selftest: Add comment elaborating on what ENV_DEPS actually does

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
1e0db972 by Tim Beale at 2019-02-01T02:36:17Z
selftest: Remove unnecessary tests.py options from proclimit tests

It seems like these extra options were just copy-n-pasted from another
test. The process_limits test doesn't actually try to use these env
variables at all. All the test is doing is creating LDAP connections to
the DC. The SOCKET_WRAPPER_DEFAULT_IFACE may have perhaps been needed,
but we can avoid this by dropping ':local' from the testenv and running
the test as a "client" instead.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
5bfad1b2 by Tim Beale at 2019-02-01T02:36:17Z
netcmd: Improve error handling of gpo aclcheck as non-admin

Reading the nTSecurityDescriptor attribute over LDAP requires admin
creds. However, if you don't specify admin creds, then you get an error
like this:

bin/samba-tool gpo aclcheck
ERROR(<class 'KeyError'>): uncaught exception - 'No such element'
  File "bin/python/samba/netcmd/__init__.py", line 184, in _run
    return self.run(*args, **kwargs)
  File "bin/python/samba/netcmd/gpo.py", line 1536, in run
    ds_sd_ndr = m['nTSecurityDescriptor'][0]

This patch adds an explicit check/error message to make the problem
clearer.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
f00362fb by Garming Sam at 2019-02-01T02:36:17Z
cracknames: Change search filter to use the smaller index

In large domains with many users, '(objectClass=User)' may as well not
be specified because it's iterating over the entire database.

Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
e0c05383 by Douglas Bagnall at 2019-02-01T02:36:17Z
Tests for segfaults in python bindings

These tests run in a child process and are regarded as succeeding if they
don't die by signal.

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
bdb41326 by Douglas Bagnall at 2019-02-01T02:36:17Z
pynbt: catch type errors in PyObject_AsNBTName()

This fixes some known segfaults.

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
ec1e5698 by Douglas Bagnall at 2019-02-01T02:36:17Z
pygensec: insist on proper AuthContext in start_server

Fixes another segfault.

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
a7e07413 by Douglas Bagnall at 2019-02-01T02:36:17Z
s4/pyauth: check ldb argument in py_user_session()

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
f17e36c3 by Douglas Bagnall at 2019-02-01T02:36:17Z
s4/pyauth: insist on proper ldb in context_new()

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
1f9ac913 by Douglas Bagnall at 2019-02-01T02:36:17Z
s4/pyauth: fix memory leak when context_new() has bad arguments

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
b313a6aa by Douglas Bagnall at 2019-02-01T02:36:17Z
s4/param/provision: check samdb argument in provision_bare()

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
3da801ae by Douglas Bagnall at 2019-02-01T02:36:17Z
py_net: fix != None check

Py_None is not false in C, so this branch was always taken.

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
0e419a21 by Douglas Bagnall at 2019-02-01T02:36:18Z
pyldb: make ldb.connect() url mandatory

The call fails without it, so we might as well fail sooner

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
545c3e6b by Andrew Bartlett at 2019-02-01T06:02:56Z
ldb: Release ldb 1.6.0

* pyldb: make ldb.connect() url mandatory
* New version number for master (Samba 4.11 eventually)

The 1.5.x series will be maintained in the v4-10-test branch

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Feb  1 07:02:56 CET 2019 on sn-devel-144

- - - - -
bdb90ec9 by David Disseldorp via samba-technical at 2019-02-01T15:08:25Z
build: replace SAMBA3_ADD_OPTION with samba_add_onoff_option

The former is just an alias for the latter. samba_add_onoff_option()
better describes what the function actually does, so use that and
remove the alias.

Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Noel Power <npower at samba.org>

- - - - -
0ae7c314 by David Disseldorp at 2019-02-01T15:08:25Z
printing: drop pcap_cache_loaded() guard around load_printers()

Add the pcap_cache_loaded() check to load_printers() and return early
if it returns false. This simplifies callers in preparation for checking
lp_load_printers() in the printcap cache update code-path.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13766

Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Noel Power <npower at samba.org>

- - - - -
6a77237c by David Disseldorp at 2019-02-01T18:25:03Z
printing: check lp_load_printers() prior to pcap cache update

Avoid explicit and housekeeping timer triggered printcap cache updates
if lp_load_printers() is disabled.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13766

Signed-off-by: David Disseldorp <ddiss at samba.org>

Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Fri Feb  1 19:25:03 CET 2019 on sn-devel-144

- - - - -
63f4fb61 by Douglas Bagnall at 2019-02-02T19:19:05Z
abi_gen.sh: ignore gdb customisations when comparing signatures

If a .gdbinit file says "set print pretty on", the signatures are printed over
several lines, and the abi_check fails. So let's ignore .gdbinit files.

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Sat Feb  2 20:19:05 CET 2019 on sn-devel-144

- - - - -
9df23fe4 by Björn Jacke at 2019-02-03T08:54:56Z
sysquota_linux: fix querying of group quotas

for gids we need to get/set the effective gids, same like for the uids already

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13768

Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Uri Simchoni <uri at samba.org>

Autobuild-User(master): Uri Simchoni <uri at samba.org>
Autobuild-Date(master): Sun Feb  3 09:54:56 CET 2019 on sn-devel-144

- - - - -
64e05bc8 by Volker Lendecke at 2019-02-03T12:52:29Z
librpc: Solaris cc does not like unnamed struct members

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
858a25ab by Volker Lendecke at 2019-02-03T12:52:29Z
libcli: Solaris cc can't return void values

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
0e3eda5b by Anoop C S at 2019-02-03T16:00:33Z
vfs_glusterfs: Adapt to changes in libgfapi signatures

VFS module for GlusterFS fails to compile due to recent changes done to
some API signatures. Therefore adding missing arguments to those APIs
adapting to new signatures.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13330

Signed-off-by: Anoop C S <anoopcs at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sun Feb  3 17:00:33 CET 2019 on sn-devel-144

- - - - -
cca48c1a by Andreas Schneider at 2019-02-04T01:03:56Z
docs: Document DCEPRC binding string for rpcclient

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Feb  4 02:03:56 CET 2019 on sn-devel-144

- - - - -
95b2c9d7 by Tim Beale at 2019-02-05T11:23:31Z
autobuild: Split backup/restore testenvs out into separate job

The samba-ad-dc-2 job was reaching its limits with the number of
testenvs and what the resource-limited CI machines can handle.
Samba processes were getting swapped out of memory, causing CI runs
to fail.

This patch splits the backup/restore testenv targets into a separate
autobuild job: samba-ad-dc-backup.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>

Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Feb  5 12:23:31 CET 2019 on sn-devel-144

- - - - -
9465292d by Ralph Boehme at 2019-02-06T06:11:30Z
tldap: avoid a use after free crash

I saw the following crash in tldap in the winbindd idmap child on a
member server after messing with the LDAP server on the DC:

0  0x00007f77ea9a307a in __GI___waitpid (pid=9815, stat_loc=stat_loc at entry=0x7ffe77569eb0, options=options at entry=0) at ../sysdeps/unix/sysv/linux/waitpid.c:29
1  0x00007f77ea91bfbb in do_system (line=<optimized out>) at ../sysdeps/posix/system.c:148
2  0x00007f77edd8c24b in smb_panic_s3 (why=0x7f77f08e6e88 "Bad talloc magic value - access after free") at ../source3/lib/util.c:828
3  0x00007f77f15afe85 in smb_panic (why=0x7f77f08e6e88 "Bad talloc magic value - access after free") at ../lib/util/fault.c:170
4  0x00007f77f08e2678 in talloc_abort (reason=0x7f77f08e6e88 "Bad talloc magic value - access after free") at ../lib/talloc/talloc.c:472
5  0x00007f77f08e268b in talloc_abort_access_after_free () at ../lib/talloc/talloc.c:477
6  0x00007f77f08e2710 in talloc_chunk_from_ptr (ptr=0x55da7605a020) at ../lib/talloc/talloc.c:494
7  0x00007f77f08e4a19 in _talloc_free (ptr=0x55da7605a020, location=0x7f77e181474d "../source3/lib/tldap.c:1918") at ../lib/talloc/talloc.c:1716
8  0x00007f77e180b65c in tldap_search_all_done (subreq=0x55da7605a020) at ../source3/lib/tldap.c:1918
9  0x00007f77f0af0fd0 in _tevent_req_notify_callback (req=0x55da7605a020, location=0x7f77e1813e50 "../source3/lib/tldap.c:47") at ../lib/tevent/tevent_req.c:125
10 0x00007f77f0af10a5 in tevent_req_finish (req=0x55da7605a020, state=TEVENT_REQ_USER_ERROR, location=0x7f77e1813e50 "../source3/lib/tldap.c:47") at ../lib/tevent/tevent_req.c:162
11 0x00007f77f0af1113 in _tevent_req_error (req=0x55da7605a020, error=9780923860630110289, location=0x7f77e1813e50 "../source3/lib/tldap.c:47") at ../lib/tevent/tevent_req.c:180
12 0x00007f77e180781a in tevent_req_ldap_error (req=0x55da7605a020, rc=...) at ../source3/lib/tldap.c:47
13 0x00007f77e180b2c4 in tldap_search_done (subreq=0x55da76058280) at ../source3/lib/tldap.c:1813
14 0x00007f77f0af0fd0 in _tevent_req_notify_callback (req=0x55da76058280, location=0x7f77e1813e50 "../source3/lib/tldap.c:47") at ../lib/tevent/tevent_req.c:125
15 0x00007f77f0af10a5 in tevent_req_finish (req=0x55da76058280, state=TEVENT_REQ_USER_ERROR, location=0x7f77e1813e50 "../source3/lib/tldap.c:47") at ../lib/tevent/tevent_req.c:162
16 0x00007f77f0af11cd in tevent_req_trigger (ev=0x55da760526c0, im=0x55da76058360, private_data=0x55da76058280) at ../lib/tevent/tevent_req.c:219
17 0x00007f77f0af0378 in tevent_common_loop_immediate (ev=0x55da760526c0) at ../lib/tevent/tevent_immediate.c:135
18 0x00007f77f0af8b8f in epoll_event_loop_once (ev=0x55da760526c0, location=0x7f77f0af92b0 "../lib/tevent/tevent_req.c:269") at ../lib/tevent/tevent_epoll.c:911
19 0x00007f77f0af5925 in std_event_loop_once (ev=0x55da760526c0, location=0x7f77f0af92b0 "../lib/tevent/tevent_req.c:269") at ../lib/tevent/tevent_standard.c:114
20 0x00007f77f0aef201 in _tevent_loop_once (ev=0x55da760526c0, location=0x7f77f0af92b0 "../lib/tevent/tevent_req.c:269") at ../lib/tevent/tevent.c:725
21 0x00007f77f0af1361 in tevent_req_poll (req=0x55da7605eed0, ev=0x55da760526c0) at ../lib/tevent/tevent_req.c:269
22 0x00007f77e180fec9 in tldap_gensec_bind (ctx=0x55da76051ec0, creds=0x55da76052250, target_service=0x7f77e18164b3 "ldap", target_hostname=0x55da7605d182 "dc1.sdom1.site", target_principal=0x0, lp_ctx=0x55da76052180, gensec_features=6) at ../source3/lib/tldap_gensec_bind.c:358
23 0x00007f77e1810d21 in idmap_ad_get_tldap_ctx (mem_ctx=0x55da76050510, domname=0x55da76051d50 "sdom1", pld=0x55da76050518) at ../source3/winbindd/idmap_ad.c:326
24 0x00007f77e1811056 in idmap_ad_context_create (mem_ctx=0x55da76059c00, dom=0x55da76059c00, domname=0x55da76051d50 "sdom1", pctx=0x7ffe7756a5f8) at ../source3/winbindd/idmap_ad.c:374
25 0x00007f77e18119c0 in idmap_ad_get_context (dom=0x55da76059c00, pctx=0x7ffe7756a640) at ../source3/winbindd/idmap_ad.c:554
26 0x00007f77e181275b in idmap_ad_sids_to_unixids (dom=0x55da76059c00, ids=0x55da760518a0) at ../source3/winbindd/idmap_ad.c:784
27 0x00007f77e1813217 in idmap_ad_sids_to_unixids_retry (dom=0x55da76059c00, ids=0x55da760518a0) at ../source3/winbindd/idmap_ad.c:947
28 0x000055da7459ce05 in _wbint_Sids2UnixIDs (p=0x7ffe7756a870, r=0x55da76050860) at ../source3/winbindd/winbindd_dual_srv.c:202
29 0x000055da7460aa5e in api_wbint_Sids2UnixIDs (p=0x7ffe7756a870) at default/librpc/gen_ndr/srv_winbind.c:391
30 0x000055da7459c7f4 in winbindd_dual_ndrcmd (domain=0x0, state=0x7ffe7756abb8) at ../source3/winbindd/winbindd_dual_ndr.c:369
31 0x000055da7459828c in child_process_request (child=0x55da74874bc0 <static_idmap_child>, state=0x7ffe7756abb8) at ../source3/winbindd/winbindd_dual.c:666
32 0x000055da7459ae58 in child_handler (ev=0x55da7602c2b0, fde=0x55da7603f8a0, flags=1, private_data=0x7ffe7756abb0) at ../source3/winbindd/winbindd_dual.c:1567
33 0x00007f77f0af85f1 in epoll_event_loop (epoll_ev=0x55da76048b00, tvalp=0x7ffe7756aab0) at ../lib/tevent/tevent_epoll.c:728
34 0x00007f77f0af8c29 in epoll_event_loop_once (ev=0x55da7602c2b0, location=0x55da74628b08 "../source3/winbindd/winbindd_dual.c:1766") at ../lib/tevent/tevent_epoll.c:930
35 0x00007f77f0af5925 in std_event_loop_once (ev=0x55da7602c2b0, location=0x55da74628b08 "../source3/winbindd/winbindd_dual.c:1766") at ../lib/tevent/tevent_standard.c:114
36 0x00007f77f0aef201 in _tevent_loop_once (ev=0x55da7602c2b0, location=0x55da74628b08 "../source3/winbindd/winbindd_dual.c:1766") at ../lib/tevent/tevent.c:725
37 0x000055da7459b9e9 in fork_domain_child (child=0x55da74874bc0 <static_idmap_child>) at ../source3/winbindd/winbindd_dual.c:1766
38 0x000055da74596e96 in wb_child_request_waited (subreq=0x0) at ../source3/winbindd/winbindd_dual.c:188
39 0x00007f77f0af0fd0 in _tevent_req_notify_callback (req=0x55da7604f820, location=0x7f77f0af90f8 "../lib/tevent/tevent_queue.c:355") at ../lib/tevent/tevent_req.c:125
40 0x00007f77f0af10a5 in tevent_req_finish (req=0x55da7604f820, state=TEVENT_REQ_DONE, location=0x7f77f0af90f8 "../lib/tevent/tevent_queue.c:355") at ../lib/tevent/tevent_req.c:162
41 0x00007f77f0af10cd in _tevent_req_done (req=0x55da7604f820, location=0x7f77f0af90f8 "../lib/tevent/tevent_queue.c:355") at ../lib/tevent/tevent_req.c:168
42 0x00007f77f0af0cc1 in tevent_queue_wait_trigger (req=0x55da7604f820, private_data=0x0) at ../lib/tevent/tevent_queue.c:355
43 0x00007f77f0af06f2 in tevent_queue_immediate_trigger (ev=0x55da7602c2b0, im=0x55da760466a0, private_data=0x55da76046580) at ../lib/tevent/tevent_queue.c:149
44 0x00007f77f0af0378 in tevent_common_loop_immediate (ev=0x55da7602c2b0) at ../lib/tevent/tevent_immediate.c:135
45 0x00007f77f0af8b8f in epoll_event_loop_once (ev=0x55da7602c2b0, location=0x55da74612630 "../source3/winbindd/winbindd.c:1803") at ../lib/tevent/tevent_epoll.c:911
46 0x00007f77f0af5925 in std_event_loop_once (ev=0x55da7602c2b0, location=0x55da74612630 "../source3/winbindd/winbindd.c:1803") at ../lib/tevent/tevent_standard.c:114
47 0x00007f77f0aef201 in _tevent_loop_once (ev=0x55da7602c2b0, location=0x55da74612630 "../source3/winbindd/winbindd.c:1803") at ../lib/tevent/tevent.c:725
48 0x000055da74561431 in main (argc=2, argv=0x7ffe7756c968) at ../source3/winbindd/winbindd.c:1803

subreq is a child of the state of req which will already be free by the
callback of req.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13776

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

- - - - -
bf91ee0a by Ralph Boehme at 2019-02-06T09:19:12Z
tldap: avoid more use after free errors

See the previous commit for an explanation. :)

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13776

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Feb  6 10:19:12 CET 2019 on sn-devel-144

- - - - -
a8e10a12 by Noel Power at 2019-02-07T12:44:30Z
Decrement references to python objects passed to Py_BuildValue

Py_BuildValue when processing format 'O' will
  'Pass a Python object untouched (except for its reference count,
   which is incremented by one'

Basically this means if you are using a new reference to a PyObject
to pass to BuildValue (to be used with the 'O' format) the reference
*isn't* stolen so you really do need to DECREF it in order to ensure
it gets cleaned up.

Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
1be9b0cf by Noel Power at 2019-02-07T12:44:30Z
Examine result of SetList (and prevent sending NULL to PyList_SetItem)

Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
53d973f5 by Noel Power at 2019-02-07T12:44:30Z
Cleanup references to module objects returned from PyImport_ImportModule

Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
85b7574b by Noel Power at 2019-02-07T12:44:30Z
pidl: Fix Generated ndr python code to DECREF imported modules

Generated code calls Py_ImportModule but in all error returns
and also successful exit the code fails to decrement reference to
loaded modules in MODULE_INIT_FUNC function.

Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
e29c3494 by Noel Power at 2019-02-07T12:44:30Z
decref results of PyStr_FromString

Where we create temporary objects (which are added to containers)
these objects already get there ref count incremented. In this case
we need to decref those objects to ensure they are released.

Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
2814690d by Noel Power at 2019-02-07T12:44:30Z
Cleanup (decref) some objects added to list.

PyList_Append doesn't steal references, so if the item created is
a temp object, created just to be added to the list we need to
 decref the item appended in order for it to be released.

Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
61670169 by Noel Power at 2019-02-07T16:17:46Z
Clean up reference used with PyDict_Setxxx

PyDictSetxxx methods don't steal reference so if the items added
to the dictionary were created just for the purpose of inserting
into the dict then we need to decref them.

Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Thu Feb  7 17:17:46 CET 2019 on sn-devel-144

- - - - -
c824240c by David Disseldorp at 2019-02-07T16:23:18Z
lib/debug: retain full string in state.prog_name global

setup_logging() retains a global pointer to the provided const string in
state.prog_name, which is later used in the debug_backend->reload()
callback.
Some setup_logging() callers, such as popt_common_callback(),
incorrectly assume that a dynamic buffer is safe to provide as a
prog_name parameter. Fix this by copying the entire string in
setup_logging().

Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
901ca24e by David Disseldorp at 2019-02-07T16:23:18Z
s3/lib/popt_common: don't assume stackframe presence

popt_common_callback() should be leak-safe if a talloc stackframe isn't
available, as it's invoked early on.

Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
f132c376 by David Disseldorp at 2019-02-07T16:23:18Z
s3/lib/popt_common: use stack buffer in set_logfile()

Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
3e25d4d5 by Andreas Schneider at 2019-02-07T16:23:18Z
docs-xml: Update documentation for 'restrict anonymous' option

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Rowland Penny <rpenny at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>

- - - - -
eaf63f0b by David Disseldorp at 2019-02-07T20:33:15Z
docs-xml: "cluster addresses" dns registration

Bug 7871 added functionality to register smb.conf "cluster addresses"
when net ads dns register is called with clustering=yes, but the man
page was not updated. Add documentation for this behaviour.

Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

Autobuild-User(master): David Disseldorp <ddiss at samba.org>
Autobuild-Date(master): Thu Feb  7 21:33:15 CET 2019 on sn-devel-144

- - - - -
10114238 by Stefan Metzmacher at 2019-02-07T21:47:22Z
lib/util: add samba_runcmd_export_stdin() helper function

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

- - - - -
65e52c24 by Stefan Metzmacher at 2019-02-07T21:47:22Z
s4:dsdb:util: make use of samba_runcmd_export_stdin()

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

- - - - -
531b713c by Stefan Metzmacher at 2019-02-08T01:54:20Z
lib/util: inline lib/util/util_runcmd.h again

samba_runcmd_state should not be exposed!

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Fri Feb  8 02:54:20 CET 2019 on sn-devel-144

- - - - -
87149445 by Joe Guo at 2019-02-08T05:34:47Z
s4/scripting/bin: open unicode files with utf8 encoding and write unicode string

In files like `libcli/util/werror_err_table.txt` and `libcli/util/ntstatus_err_table.txt`,
there were unicode quote symbols at line 6:

    ...(“this documentation”)...

In `libcli/util/wscript_build`, it will run `gen_werror.py` and `gen_ntstatus.py`
to `open` above files, read content from them and write to other files.

When encoding not specified, `open` in both python 2/3 will guess encoding from locale.

When locale is not set, it defaults to POSIX or C, and then python will use
encoding `ANSI_X3.4-1968`.

So, on a system locale is not set, `make` will fail with encoding error
for both python 2 and 3:

    File "/home/ubuntu/samba/source4/scripting/bin/gen_werror.py", line 139, in main
        errors = parseErrorDescriptions(input_file, True, transformErrorName)
      File "/home/ubuntu/samba/source4/scripting/bin/gen_error_common.py", line 52, in parseErrorDescriptions
        for line in file_contents:
      File "/usr/lib/python3.5/encodings/ascii.py", line 26, in decode
        return codecs.ascii_decode(input, self.errors)[0]
    UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 318: ordinal not in range(128)

In this case, we have to use `io.open` with `encoding='utf8'`.
However, then we got unicode strs and try to write them with other strs
into new file, which means the new file must also open with utf-8 and
all other strs have to be unicode, too.

Instead of prefix `u` to all strs, a more easier/elegant way is to enable
unicode literals for the python scripts, which we normally didn't do in samba.

Since both `gen_werror.py` and `gen_ntstatus.py` are bin scripts and no
other modules import them, it should be ok for this case.

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>

Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Fri Feb  8 06:34:47 CET 2019 on sn-devel-144

- - - - -
51bc92d8 by Aliaksei Karaliou at 2019-02-08T07:51:19Z
build: Get rid of hardcoded 'bin/default' in includes

Removed occurrences of bin/default used in #include directive for
auto-generated headers residing in build directory.
Build system is capable of resolving path to such headers by itself
without extra hardcoded path to build directory.

Signed-off-by: Aliaksei Karaliou <akaraliou at panasas.com>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
74cf2a1b by Aliaksei Karaliou at 2019-02-08T07:51:19Z
build:docs: Get rid of hardcoded 'bin/default'

Build scripts for documentation still contain hardcoded path to build
destination rather than use proper final build path variables.

Signed-off-by: Aliaksei Karaliou <akaraliou at panasas.com>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
e4ae59bb by Volker Lendecke at 2019-02-08T07:51:19Z
torture4: Solaris cc can't deal with empty initializers

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
65c05357 by Volker Lendecke at 2019-02-08T07:51:19Z
winbind: Enhance xids2sids debugging

Print what was requested and returned

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
c516394e by Volker Lendecke at 2019-02-08T07:51:19Z
smbd: Avoid sending S-1-22- to winbind

Sending S-1-22-x to a typeless sids2xids call will make winbind prime
the reverse xids2sids cache, which is very likely the wrong mapping. Add
a check that avoids bothering the winbind pipe when it's clear this
can't work anyway.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
076f30b0 by Volker Lendecke at 2019-02-08T12:30:32Z
winbindd: Enhance xids2sids debugging

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>

Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Feb  8 13:30:32 CET 2019 on sn-devel-144

- - - - -
8294e68a by Douglas Bagnall at 2019-02-08T12:31:38Z
py_tevent: add_timer takes float argument

We were already using it that way.

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>

- - - - -
96cdacae by Douglas Bagnall at 2019-02-08T12:31:38Z
s3/libsmb/py: match input argument types with C types

If PyArg_ParseTupleAndKeywords() is given, say, an "H" format (meaning
unsigned short int) but the referenced variable is a plain unsigned
int, the top 16 bits of the variable will be left undefined. In that
case we should use an "I" format (and/or initialize the variable).

In many cases the change is fairly innocuous, such as when "i" and "I"
are mixed (for signed and unsigned ints respectively), but the
resulting write is the same size and probably gives the same result in
practice.

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>

- - - - -
1e8d0d80 by Douglas Bagnall at 2019-02-08T12:31:39Z
s4/librpc/py_misc: ParseTuple format should match actual types

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>

- - - - -
7b9d4580 by Douglas Bagnall at 2019-02-08T12:31:39Z
s4/messaging/py: use better format strings for variable types

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>

- - - - -
8a828684 by Douglas Bagnall at 2019-02-08T16:09:51Z
s4/registry/py: use unsigned ParseTuple format for unsigned value

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>

Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Fri Feb  8 17:09:51 CET 2019 on sn-devel-144

- - - - -
3204dc66 by Jeremy Allison at 2019-02-08T18:54:17Z
s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility code.

This exhibited itself as a problem with OFD locks reported
as:

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13770

However, due to underlying bugs in the vfs_fruit
code the file locks were not being properly applied.

There are two problems in fruit_check_access().

Problem #1:

Inside fruit_check_access() we have:

flags = fcntl(fsp->fh->fd, F_GETFL);
..
if (flags & (O_RDONLY|O_RDWR)) {

We shouldn't be calling fcntl(fsp->fh->fd, ..) directly.
fsp->fh->fd may be a made up number from an underlying
VFS module that has no meaning to a system call.

Secondly, in all POSIX systems - O_RDONLY is defined as
*zero*. O_RDWR = 2.

Which means flags & (O_RDONLY|O_RDWR) becomes (flags & 2),
not what we actually thought.

Problem #2:

deny_mode is *not* a bitmask, it's a set of discrete values.

Inside fruit_check_access() we have:

if (deny_mode & DENY_READ) and also (deny_mode & DENY_WRITE)

However, deny modes are defined as:

/* deny modes */
define DENY_DOS 0
define DENY_ALL 1
define DENY_WRITE 2
define DENY_READ 3
define DENY_NONE 4
define DENY_FCB 7

so if deny_mode = DENY_WRITE, or if deny_mode = DENY_READ
then it's going to trigger both the if (deny_mode & DENY_READ)
*and* the (deny_mode & DENY_WRITE) conditions.

These problems allowed the original test test_netatalk_lock code to
pass (which was added for BUG: https://bugzilla.samba.org/show_bug.cgi?id=13584
to demonstrate the lock order violation).

This patch refactors the fruit_check_access()
code to be much simpler (IMHO) to understand.

Firstly, pass in the SMB1/2 share mode, not old
DOS deny modes.

Secondly, read all the possible NetAtalk locks
into local variables:

netatalk_already_open_for_reading
netatalk_already_open_with_deny_read
netatalk_already_open_for_writing
netatalk_already_open_with_deny_write

Then do the share mode/access mode checks
with the requested values against any stored
netatalk modes/access modes.

Finally add in NetATalk compatible locks
that represent our share modes/access modes
into the file, with an early return if we don't
have FILE_READ_DATA (in which case we can't
write locks anyway).

The patch is easier to understand by looking
at the completed patched fruit_check_access()
function, rather than trying to look at the
diff.

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>

- - - - -
28990e4b by Jeremy Allison at 2019-02-08T22:26:46Z
s4: torture: vfs_fruit. Change test_fruit_locking_conflict() to match the vfs_fruit working server code.

Originally added for BUG: https://bugzilla.samba.org/show_bug.cgi?id=13584
to demonstrate a lock order violation, this test
exposed problems in the mapping of SMB1/2 share modes
and open modes to NetATalk modes once we moved to OFD locks.

Change the test slightly (and add comments)
so it demonstrates working NetATalk share modes
on an open file.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13770

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Feb  8 23:26:46 CET 2019 on sn-devel-144

- - - - -
2ff2594b by Andreas Schneider at 2019-02-08T22:32:10Z
s3:vfs: Initialize pid to 0 in test_netatalk_lock()

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
7ff94b18 by Andreas Schneider at 2019-02-09T02:43:50Z
s3:vfs: Correctly check if OFD locks should be enabled or not

Also the smb.conf options should only be checked once and a reload of
the config should not switch to a different locking mode.

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Feb  9 03:43:50 CET 2019 on sn-devel-144

- - - - -
67825c96 by Aurelien Aptel at 2019-02-09T17:30:14Z
libcli: add getters for smb2 {signing,encryption,decryption} keys

Adds:
- smb2cli_session_signing_key()
- smb2cli_session_encryption_key()
- smb2cli_session_decryption_key()

Signed-off-by: Aurelien Aptel <aaptel at suse.com>
Reviewed-by: Noel Power <npower at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>

- - - - -
0732499f by Aurelien Aptel at 2019-02-09T17:30:14Z
docs-xml: add "debug encryption" global parm

Add debug option to dump in the log the session id & keys in smbd and
libsmb-based code for offline decryption.

Wireshark can make use of this to decrypt encrypted traffic.

Signed-off-by: Aurelien Aptel <aaptel at suse.com>
Reviewed-by: Noel Power <npower at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>

- - - - -
584dfc15 by Aurelien Aptel at 2019-02-09T20:43:25Z
libsmb,s3/smbd: dump SMB3+ session keys if debug parm is set

Use of previously added smb.conf global param.

Sample usage:

$ smbclient //localhost/scratch --option='debugencryption=yes' \
                                 -e -mSMB3 -U aaptel%aaptel -c quit
debug encryption: dumping generated session keys
Session Id    [0000] 26 48 BF FD 00 00 00 00                             &H......
Session Key   [0000] 63 D6 CA BC 08 C8 4A D2   45 F6 AE 35 AB 4A B3 3B   c.....J. E..5.J.;
Signing Key   [0000] 4E FE 35 92 AC 13 14 FC   C9 17 62 B1 82 20 A4 12   N.5..... ..b.. ..
App Key       [0000] A5 0F F4 8B 2F FB 0D FF   F2 BF EE 39 E6 6D F5 0A   ..../... ...9.m..
ServerIn Key  [0000] 2A 02 7E E1 D3 58 D8 12   4C 63 76 AE 59 17 5A E4   *.~..X.. Lcv.Y.Z.
ServerOut Key [0000] 59 F2 5B 7F 66 8F 31 A0   A5 E4 A8 D8 2F BA 00 38   Y.[.f.1. ..../..8

We can now simply pass -ouat:smb2_seskey_list:<sesid>,<seskey> to
wireshark or tshark:

$ tshark -ouat:smb2_seskey_list:2648BFFD00000000,63D6CABC08C84AD245F6AE35AB4AB33B \
          -Y smb2 -r capture.pcap -Tfields -e _ws.col.Info
Negotiate Protocol Response
Negotiate Protocol Request
Negotiate Protocol Response
Session Setup Request, NTLMSSP_NEGOTIATE
Session Setup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE
Session Setup Request, NTLMSSP_AUTH, User: WORKGROUP\aaptel
Session Setup Response
Tree Connect Request Tree: \\localhost\IPC$
Tree Connect Response
Decrypted SMB3;Ioctl Request FSCTL_DFS_GET_REFERRALS, File: \localhost\scratch
Decrypted SMB3;Ioctl Response, Error: STATUS_NOT_FOUND
Decrypted SMB3;Tree Disconnect Request
Decrypted SMB3;Tree Disconnect Response
Decrypted SMB3;Tree Connect Request Tree: \\localhost\scratch
Decrypted SMB3;Tree Connect Response
Decrypted SMB3;Tree Disconnect Request
Decrypted SMB3;Tree Disconnect Response

For more info on Wireshark decryption support see
https://wiki.samba.org/index.php/Wireshark_Decryption

Signed-off-by: Aurelien Aptel <aaptel at suse.com>
Reviewed-by: Noel Power <npower at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>

Autobuild-User(master): David Disseldorp <ddiss at samba.org>
Autobuild-Date(master): Sat Feb  9 21:43:25 CET 2019 on sn-devel-144

- - - - -
244e2a02 by Noel Power at 2019-02-11T06:43:31Z
buildtools/wafsamba: Avoid decode when using python2

To avoid problematic type checking for 'str' types which fail
when result from str.decode is used.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13777

Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
835e1564 by Garming Sam at 2019-02-11T06:43:31Z
dnsserver: Return access denied to the caller if the user was not a DNS admin

This is not a proper fix to match Windows, but at the very least, it
should be more obvious to users (using samba-tool for instance), that
the user needs to be given more access or that they should use the
administrator.

Windows seems to deny access altogether by returning a fault after they
have bound to the pipe and actually sent an operation.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13771

Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
b50f8390 by Aliaksei Karaliou at 2019-02-11T06:43:31Z
build: Fixed usage of non-default path to WAFLOCK

If WAFLOCK environment variable is set, use it to override path
to WAF lock file in Samba build scripts.

Signed-off-by: Aliaksei Karaliou <akaraliou at panasas.com>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
724c07fe by Aliaksei Karaliou at 2019-02-11T06:43:31Z
build: Don't generate kerberos_implementation.py if building without python

It is unnecessary to generate kerberos_implementation.py when python is
disabled.

Signed-off-by: Aliaksei Karaliou <akaraliou at panasas.com>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
65ea3f2a by Aliaksei Karaliou at 2019-02-11T06:43:31Z
s3:util: Move popen wrappers to lib/util

When linked into Samba3 libraries, sys_popen()/sys_pclose()
cannot be used in lower level libraries because of circular
dependencies.

This patch moves them into common samba-util library.

Signed-off-by: Aliaksei Karaliou <akaraliou at panasas.com>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
d21fc7d8 by Aliaksei Karaliou at 2019-02-11T06:43:31Z
s3:util: Move static file_pload() function to lib/util

file_pload() is static private function in Samba3 library, however it
does not have any special dependencies and might be widely used as
common function, so moving it into common samba-util library.

Signed-off-by: Aliaksei Karaliou <akaraliou at panasas.com>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
193bb824 by Aliaksei Karaliou at 2019-02-11T06:43:31Z
s3:modules: Fix compilation of nfs41acl_xdr.c when building outside src

If the Samba build directory is outside its source directory, generation
of nfs41acl_xdr.c by rpcgen leads to improper include paths to nfs41acl.h.

This happens because rpcgen is designed to produce its generated file in the
same directory as the input template. If the build directory is not located
under the source directory, this relative path will be invalid and the header
will not be found.

Example:
 src dir is ~/samba-src
 bld dir is ~/samba-bld

rpcgen will use path ../../samba-src/source3/modules/nfs41acl.x
running from ~/samba-bld/default and nfs41acl_xdr.c will contain:
 #include "../../samba-src/source3/modules/nfs41acl.h"

This behaviour is fixed through an intermediate copy of the input file to
the build directory so that rpcgen receives the path as if located in src.

Also now we avoid generation of nfs41acl_xdr.c when HAVE_RPC_XDR_H is
not defined because it will not be used as part of the vfs_nfs4acl_xattr
module.

Signed-off-by: Aliaksei Karaliou <akaraliou at panasas.com>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
39c1aa28 by Stefan Metzmacher at 2019-02-11T06:43:31Z
selftest: make check password script more portable

We should not rely on Linux specific sed options.

grep -q also works on FreeBSD (tested on FreeBSD 12).

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
77bddbb7 by Stefan Metzmacher at 2019-02-11T06:43:32Z
tests/user_check_password_script: add a test do disallow the username as password

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
9f6ade21 by Stefan Metzmacher at 2019-02-11T06:43:32Z
s4:dsdb:util: export SAMBA_CPS_{ACCOUNT,USER_PRINCIPAL,FULL}_NAME for check password script

This allows the check password script to reject the username and other
things.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
c4131b61 by Stefan Metzmacher at 2019-02-11T06:43:32Z
selftest: require SAMBA_CPS_ACCOUNT_NAME in checkpassword_arg1.sh

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
cef1d2ab by Stefan Metzmacher at 2019-02-11T06:43:32Z
s3:srv_samr_chgpasswd: export SAMBA_CPS_{ACCOUNT,USER_PRINCIPAL,FULL}_NAME for check password script

This is keep compatibility with the AD DC usage.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
2e8daeb2 by Stefan Metzmacher at 2019-02-11T10:03:58Z
docs-xml/smbdotconf: document export of SAMBA_CPS_{ACCOUNT,USER_PRINCIPAL,FULL}_NAME for check password script

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Feb 11 11:03:58 CET 2019 on sn-devel-144

- - - - -
55cce815 by Tim Beale at 2019-02-11T10:41:21Z
selftest: Make dns_hub socket timeout match DNS_REQUEST_TIMEOUT

I was hitting the recv_packet = s.recv(2048, 0) exception because
the socket timeout was reached. We've seen it before, but it seemed more
common after changing the default process-model to prefork. This patch
makes the socket timeout used by the python code consistent with the C
code.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
80d293ca by Stefan Metzmacher at 2019-02-11T10:41:21Z
selftest: improve debugging in dns_hub.py

We only print debug messages when the response is delayed by more than 2
seconds.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
162219de by Stefan Metzmacher at 2019-02-11T10:41:21Z
blackbox/dbcheck.sh: fix dbcheck_fix_one_way_links cleanup

Commit 35bfc62a31c9ad73449594ddd48f76f50e0abade changed
dbcheck to not regard old one-way-links as errors.

At that time the relavant trigger changed from
fix_all_string_dn_component_mismatch to
fix_all_old_dn_string_component_mismatch.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
09c4e78f by Stefan Metzmacher at 2019-02-11T10:41:21Z
dsdb/tests/vlv: use only one toplevel dn that is correctly cleaned up

Before "OU=vlvtestou2,%s" % (self.base_dn) was left behind after the
test.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
b1740f3b by Ralph Boehme at 2019-02-11T13:10:12Z
CI: split out "samba-ad-dc-ntvfs[-py2]" test targets

Many AD tests currently use the "samba" target. Split out a new target
"samba-ad-dc-ntvfs" and have all tests that use the "ad_dc_ntvfs" env
use the new target. This should greatly speed up the runtime for the "samba"
target and avoid swapping.

This reduces the total CI time by ~ 55%, I got an autobuild and a gitlab
pipeline finished in just ~ 100 mins!

Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>

Signed-off-by: Ralph Boehme <slow at samba.org>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Feb 11 14:10:12 CET 2019 on sn-devel-144

- - - - -
77dbe6b9 by Andreas Schneider at 2019-02-12T22:02:07Z
s3:locking: Add missing NULL check

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
f8a85ed5 by Andreas Schneider at 2019-02-12T23:52:25Z
s3:utils: Add missing NULL check in rpc_fetch_domain_aliases()

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Feb 13 00:52:25 CET 2019 on sn-devel-144

- - - - -
d0e26ea6 by Douglas Bagnall at 2019-02-13T03:15:14Z
spelling of associated

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
5b0a9818 by Douglas Bagnall at 2019-02-13T03:15:14Z
dsdb: make get_parsed_dns_trusted() a common helper function

We are already using it in two places, and are about to add a third.

The version in repl_meta_data.c did more work in the case that the
parsed_dns can't really be trusted to conform to the expected format;
this is now a wrapper called get_parsed_dns_trusted_fallback().

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
a086a645 by Douglas Bagnall at 2019-02-13T03:15:14Z
dsdb: linked attrs: check a talloc_new()

Also we can defer it past a thing that doesn't need or check for it.

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
c874b625 by Douglas Bagnall at 2019-02-13T03:15:14Z
dsdb: check NULL guid strings in la_fix_links

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
cb502997 by Douglas Bagnall at 2019-02-13T03:15:14Z
replmd: move a if (ret) closer to ret source

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
d4ebe006 by Douglas Bagnall at 2019-02-13T03:15:14Z
ldb_dn: remove unreachable code in dn_explode

Every time I look at this file, I spend a few minutes wondering how
these bits of code are ever run. Never again.

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
d21801b8 by Douglas Bagnall at 2019-02-13T03:15:15Z
ldb_dn: don't free a known NULL pointer

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
85a7b4bf by Tim Beale at 2019-02-13T03:15:15Z
selftest: Use default 'prefork children' smb.conf setting

The default setting should be 4, so there should be no need to specify
this in the testenv smb.conf.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
22c016b1 by Tim Beale at 2019-02-13T03:15:15Z
selftest: Change backup/restore testenvs to use 1 prefork child

Recently the gitlab CI jobs were hitting memory resource limits and
using swap, which then caused test failures. The process model used in
the testenvs seemed to be contributing to this problem.

We can reduce the memory overhead of the restore/backup testenvs by
using 1 prefork child process instead of the default of 4 (kudos to
Garming for the idea). The tests run against these testenvs are basic
sanity-checks, rather than heavy-duty stress tests, so the number of
prefork workers shouldn't matter.

This is a bit of a tradeoff between testing the defaults that will
actually be used in production vs using limited resources efficiently on
shared CI runner machines.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
c9fa0a05 by Joe Guo at 2019-02-13T03:15:15Z
wafsamba/samba_utils.py: override symlink to allow force link

if bin is not empty and I have been sharing the samba tree into
a Vagrant environment and we run make, we get annoying linking error like this:

     File "~/samba/lib/tevent/wscript", line 130, in build
        installdir='python')
      File "./buildtools/wafsamba/wafsamba.py", line 745, in SAMBA_SCRIPT
        os.symlink(link_src, link_dst)
    FileExistsError: [Errno 17] File exists: '~/samba/lib/tevent/tevent.py' -> '~/samba/bin/default/../python/tevent.py'
    Makefile:7: recipe for target 'all' failed

Override the symlink method to allow force linking.

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
30d505e9 by Andrew Bartlett at 2019-02-13T04:49:43Z
selftest: Only set clockskew to 5 seconds for MIT Kerberos

This was added in ac5427c6eba09134411f76a5e6f7e2643fa74eed as part of the MIT KDC
effort, but makes some tests much less reliable under high load.

As the Heimdal build does not need this, only specify for the MIT build.

Tested with an MIT AD DC build with:
 make test TESTS="samba3.raw.session samba3.smb2.session"

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Feb 13 05:49:43 CET 2019 on sn-devel-144

- - - - -
5dad03b8 by Noel Power at 2019-02-13T10:42:08Z
Fix mem leak with PyBytes_FromStringAndSize
Reviewed-by: Andrew Bartlett abartlet at samba.org

- - - - -
8d3f736b by Noel Power at 2019-02-13T10:42:09Z
Fix instances of PyDict_SetItem to decref the value

Although it would be better to use the BuildValue approach to
create the dictionares here, unfortunately the dictionaries created
here have key/values that are created dynamically (based on input params).

Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett abartlet at samba.org

- - - - -
0c15c4b1 by Noel Power at 2019-02-13T13:51:12Z
Make sure results from GetAttrString are decref'ed where needed

Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett abartlet at samba.org

Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Wed Feb 13 14:51:12 CET 2019 on sn-devel-144

- - - - -
3a793497 by Christof Schmitt at 2019-02-13T16:58:33Z
waf: Check for libnscd

The check was in the old autoconf, but not in waf. As the code is still
in source3/lib/util_nscd.c, add the check for libnscd to allow building
and using the code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13787

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>

Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Wed Feb 13 17:58:33 CET 2019 on sn-devel-144

- - - - -
c27afc09 by Volker Lendecke at 2019-02-14T01:18:28Z
messages_dgm: Use saved errno value

In this case this is just a cleanup, the value has just been set by
messaging_dgm_sendmsg. But as that already saves errno into a local
variable, use that.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13786

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
8d8f62c4 by Volker Lendecke at 2019-02-14T01:18:28Z
torture3: Extend read3 for the "messaging target re-inits" failure

Do ping_pong a hundred times, re-initializing the msg_ctx every time.

https://bugzilla.samba.org/show_bug.cgi?id=13786

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
2543bba0 by Volker Lendecke at 2019-02-14T01:18:28Z
messages_dgm: Properly handle receiver re-initialization

This only properly covers the small-message nonblocking case. Covering
the large-message and the blocking case is a much larger effort assuming
we want to re-send the failed message if parts of the message has gone
through properly. Don't do that for now.

This was found by sanba_dnsupdate constantly recreating its irpc handle to
winbindd in the RODC case.

The messaging_dgm code cached connected datagram sockets based on the
destination pid for 1 second. Which means the IRPC responses from
winbindd are never delivered to samba_dnsupdate,
which will then hit a timeout.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13786

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
dd3a536b by Stefan Metzmacher at 2019-02-14T01:18:28Z
s4:setup: register ${NTDSGUID}._msdcs.${DNSFOREST} first in dns_update_list

After the A and AAAA records for the ${HOSTNAME} this is the most
important name.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
2f2da096 by Stefan Metzmacher at 2019-02-14T01:18:28Z
winbindd_irpc: remove unused winbind_DsrUpdateReadOnlyServerDnsRecords from wb_irpc_forward_state

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
767e60d9 by Stefan Metzmacher at 2019-02-14T01:18:28Z
samba_dnsupdate: make it clear that opts.use_file is active and we're not using nsupdate

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
19f34b21 by Stefan Metzmacher at 2019-02-14T01:18:29Z
samba_dnsupdate: make rodc_dns_update() more robust against timing problems

Without this we had an interesting race!

The messaging_dgm code caches connected datagram sockets based on the
destination pid for 1 second.

The fact that samba_dnsupdate constantly recreates its messaging
context (and the underlying datagram socket) means that we the winbindd
messaging context may get a stale connection. As a result sending any
message from winbindd back to samba_dnsupdate will result in
ECONNREFUSED.

That means the IRPC response from winbindd never reaches
samba_dnsupdate, which will then hit a timeout.

In turn samba_dnsupdate on the RODC times out.

This was a workaround for the problem, by having just one global
IRPC handle and thus just one messaging_dgm context.
The actual problem is solved a few commits before
("messages_dgm: Properly handle receiver re-initialization").
But we keep this as an performance optimization, which hopefully
means that the overall samba_dnsupdate is less likely to
timeout after the hardcoded 20 seconds.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
b988695e by Stefan Metzmacher at 2019-02-14T01:18:29Z
selftest:Samba4: report when samba is started and ready

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
8c0853b8 by Stefan Metzmacher at 2019-02-14T01:18:29Z
selftest:Samba4: wait for DNS names being registered

We can't reliable start tests without registered dns names.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
35d66610 by Stefan Metzmacher at 2019-02-14T01:18:29Z
script/autobuild.py: add 'lsb_release -a' and 'mount' to system-info.txt

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
670413f0 by Stefan Metzmacher at 2019-02-14T01:18:29Z
.gitlab-ci.yml: print out more information in the before_script section

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
305db94c by Stefan Metzmacher at 2019-02-14T01:18:29Z
.gitlab-ci*.yml: remove build_ prefixes

It's useless to see 'builf_samba_ad...' 7 times in the gitlab pipeline summary.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
a61e121e by Stefan Metzmacher at 2019-02-14T01:18:29Z
.gitlab-ci*.yml: use 'extends: ' instead of YAML Anchors

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
7dcf5128 by Stefan Metzmacher at 2019-02-14T01:18:30Z
.gitlab-ci.yml: add retries on runner_system_failure/stuck_or_timeout_failure

This hopefully avoids pipeline failures due too docker/runner
errors.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
da566447 by Andrew Bartlett at 2019-02-14T01:18:30Z
.gitlab-ci.yml: Fix the registry as "registry.gitlab.com"

This is important as our team docker images are only in this registry, but
the .gitlab-ci.yml file is also run on other private GitLab hosts.

This partially undoes 8989916b5af6fed9c4c63035d4488583396b8c5a

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Tim Beale <timbeale at catalyst.net.nz>

- - - - -
20017b57 by Andrew Bartlett at 2019-02-14T01:18:30Z
.gitlab-ci.yml: Use .extends to avoid duplication of autobuild command

This should make our .gitlab-ci.yml file much less overwealming.

The downside is that $CI_JOB_NAME is printed rather than the job name
in the log, but the upside is that the names must now strictly match.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Tim Beale <timbeale at catalyst.net.nz>

- - - - -
2381febc by Andrew Bartlett at 2019-02-14T01:18:30Z
.gitlab-ci.yml: Re-indent comments on test times

(some of these need to be updated, but for now improve the formatting)

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Tim Beale <timbeale at catalyst.net.nz>

- - - - -
7c1ae35b by Tim Beale at 2019-02-14T01:18:30Z
.gitlab-ci.yml: Include the actual command used by gitlab

Someone who finds gitlab mysterious will have no idea what $CI_JOB_NAME
should be, if they wanted to reproduce the autobuild job manually. It
should be trivial to include the actual command being run in the logs.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
2346cef9 by Tim Beale at 2019-02-14T02:51:21Z
.gitlab-ci.yml: Make docker image name more explicit

The 'image' YAML tag implies a docker image, but for people who find
gitlab mysterious, let's make it blatantly obvious what we're doing
here.

+ added a comment
+ added 'DOCKER' to the variable names
+ removed 'BUILD', as we've now dropped this from all the job-names
+ tried to make the variable names consistent, both within the file and
WRT docker terminology

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Feb 14 03:51:21 CET 2019 on sn-devel-144

- - - - -
f3fd2d94 by Gary Lockyer at 2019-02-14T04:03:23Z
s2 decrpc samr: Add tests for QueryDomainInfo

Add tests for the number of domain users, groups and aliases returned by
QueryDomainInfo.

These tests revealed that the existing code was not checking the
returned elements to ensure they were part of the domain.

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
12fcab11 by Gary Lockyer at 2019-02-14T04:03:23Z
s4 dsdb util: add dsdb_domain_count

This counts the number of objects that are in the domain,
provided a domain SID was supplied (otherwise it just
counts all the objects).

This routine avoids allocating memory for the full
result set by using a callback.

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
7fc379ce by Gary Lockyer at 2019-02-14T04:03:23Z
s4 rpc_server_samr: DomGeneralInformation use dsdb_domain_count

Use dsdb_domain_count instead of samdb_search_count to determine the
number of users, groups and aliases.  This gives a performance gain of
around 10%, reduces the total memory allocated and fixes the incorrect
count returned for aliases.

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
2546f260 by Gary Lockyer at 2019-02-14T04:03:24Z
s4 dsdb util: samdb_client_site_name use dsdb_domain_count

Replace the call to samdb_search_count with dsdb_domain_count. As this
is the only remaining caller of samdb_search_count, replacing it will
allow the removal of samdb_search_count.

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
f0e96d21 by Gary Lockyer at 2019-02-14T04:03:24Z
s4 dsdb util: remove samdb_search_count

All the uses have been replaced with calls to dsdb_domain_count, so it
is no longer needed.

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
ea2de21d by Gary Lockyer at 2019-02-14T05:53:14Z
s4 dsdb util: samdb_client_site_name clean up

* Initialise pointers to NULL
* replace talloc_free with TALLOC_FREE
* add goto exit to ensure memory deallocated correctly

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Feb 14 06:53:14 CET 2019 on sn-devel-144

- - - - -
4985d73c by Andreas Schneider at 2019-02-14T14:59:25Z
lib:util: Add missing "replace.h" header in tftw

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13778

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>

- - - - -
eeabe171 by Andreas Schneider at 2019-02-14T14:59:25Z
lib:util: Add GPL header to tftw.c

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13778

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>

- - - - -
2a7086f1 by Andreas Schneider at 2019-02-14T14:59:25Z
librpc:ndr: Implement ndr_zero_memory()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13778

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>

- - - - -
666802a3 by Andreas Schneider at 2019-02-14T14:59:26Z
librpc:ndr: Add NDR_ZERO_STRUCT(P) macros

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13778

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>

- - - - -
532ce0d2 by Andreas Schneider at 2019-02-14T14:59:26Z
pidl: Use NDR_ZERO_STRUCT(P) macros

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13778

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>

- - - - -
96df6878 by Andreas Schneider at 2019-02-14T14:59:26Z
lib:util: Move discard_const(_p) to own header for libndr.h

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13778

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>

- - - - -
6d232f3f by Andreas Schneider at 2019-02-14T14:59:26Z
waf: Do not install internal header

We should not install header files without an public API:

- memory.h
- safe_strings.h
- talloc_stack.h

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13778

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>

- - - - -
08b91f5e by Andreas Schneider at 2019-02-14T16:32:38Z
gitlab-ci: Rename DOCKER to CONTAINER

This is just a runc container, not tied to docker. See podman.io

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Björn Jacke <bj at sernet.de>

Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Feb 14 17:32:38 CET 2019 on sn-devel-144

- - - - -
5f3beb6e by Tim Beale at 2019-02-15T03:35:22Z
autobuild: Drop py2 autobuild jobs

Samba v4.11 will no longer support python2, so let's drop the autobuild
jobs. This will save some gitlab/sn-devel time and money, as it's less
work for CI to do.

Note that this highlights some previous inconsistencies:
- samba-none-env-py2 was being built for gitlab but not sn-devel.
- samba-nt4-py2 was being built for sn-devel but not gitlab

I've left samba-buildpy2-only for now, which will be addressed in a
subsequent patch.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
6ba99c36 by Tim Beale at 2019-02-15T03:35:22Z
autobuild: Update variable name to make more sense

When we switched from python2 being the default to python3, we didn't
update this variable name. It's now handling the python2 case, but it's
a boolean flag named 'py3', which is rather confusing.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
8c5a5a58 by Tim Beale at 2019-02-15T03:35:22Z
autobuild: Remove the PY3_ONLY variable

This variable is no longer needed as all the tests run using python3
now.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
9124e44d by Tim Beale at 2019-02-15T03:35:23Z
autobuild: Tidy up unnecessary line-breaks in 'TESTS='

Now that we've dropped the {PY3_ONLY} variable, there's no need for
line-breaks in some of the 'TESTS=' values. We can tidy this up a bit.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
e11969de by Tim Beale at 2019-02-15T03:35:23Z
autobuild: Remove ${EXTRA_PYTHON} variable

We no longer build the python2 bindings, only python3. So we can get rid
of this variable now.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
689a1ee7 by Tim Beale at 2019-02-15T03:35:23Z
autobuild: Replace samba-buildpy2-only with samba-nopython-py2

For Samba 4.11, the minimum python2 functionality we will support (for
now, at least - we may change our minds) is for the --disable-python
target, i.e. if you're excluding all the python functionality from
samba, then WAF should still support being built with python2.

The use case here is old unix platforms that want to use smbd, but don't
have python3 support.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
63ea8680 by Tim Beale at 2019-02-15T03:35:23Z
autobuild: Drop 'py2' flag

This isn't used any more. It was only being set, never referenced.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
8eac5a6b by Joe Guo at 2019-02-15T05:07:07Z
.gitignore: add ignore rules for a few dev tools

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Feb 15 06:07:07 CET 2019 on sn-devel-144

- - - - -
cd1ac366 by Björn Jacke at 2019-02-17T12:33:12Z
sambaundoguididx: use the right escaped oder unescaped sam ldb files

the correct filename is taken from the partition database before, we should not
unescape that because this can result in a new unescaped ldb file being created
and the script not to work at all.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13759

Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
2888bee4 by Björn Jacke at 2019-02-17T12:33:12Z
replace: remove needless vxfs header file check

Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Uri Simchoni <uri at samba.org>

- - - - -
bc2cc687 by Björn Jacke at 2019-02-17T12:33:12Z
ntquotas: do not set inode limits when setting space quota

we are supposed to set a space quota limit, we should not calculate an
additional artifical inode limit out of that.

Signed-off-by: Bjoern Jacke <bjacke at samba.org>

- - - - -
99742c86 by Björn Jacke at 2019-02-17T12:33:12Z
sysquotas_linux: fix inode limit setting, which is not depeding on blocksize

Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Uri Simchoni <uri at samba.org>

- - - - -
28da0723 by Björn Jacke at 2019-02-17T12:33:12Z
sysquotas_xfs: fix inode limit setting, which is not depeding on blocksize

Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Uri Simchoni <uri at samba.org>

- - - - -
e4abe870 by Björn Jacke at 2019-02-17T12:33:13Z
sysquotas_nfs: also honor reported inode/file limits

Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Uri Simchoni <uri at samba.org>

- - - - -
56c198c0 by Bjoern Jacke at 2019-02-17T12:33:13Z
tests/quota: tidy up includes of sysquotas 4B

Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Uri Simchoni <uri at samba.org>

- - - - -
2eca1a66 by Bjoern Jacke at 2019-02-17T12:33:13Z
sysquotas.h: collect more platform quotablock sizes

Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Uri Simchoni <uri at samba.org>

- - - - -
21e930ad by Bjoern Jacke at 2019-02-17T12:33:13Z
waf: check for jfs/quota.h

Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Uri Simchoni <uri at samba.org>

- - - - -
0d815dbb by Bjoern Jacke at 2019-02-17T12:33:13Z
sysquotas_4B: make quota block calculation adopt to platform quota block size

the correct QUOTABLOCK_SIZE for platform is taken from sysquotas.h

Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Uri Simchoni <uri at samba.org>

- - - - -
c143de9a by Bjoern Jacke at 2019-02-17T12:33:13Z
sysquotas_4B: enable for jfs/quota.h on AIX

Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Uri Simchoni <uri at samba.org>

- - - - -
204a03e0 by Bjoern Jacke at 2019-02-17T12:33:13Z
add sysquotas_jfs2.c

Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Uri Simchoni <uri at samba.org>

- - - - -
0c9c51fa by Bjoern Jacke at 2019-02-17T12:33:13Z
tests/sysquotas.c: include jfs/quota.h for 4B test on AIX

Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Uri Simchoni <uri at samba.org>

- - - - -
7859ebc5 by Bjoern Jacke at 2019-02-17T12:33:14Z
quotas: remove legacy AIX quota code that is covered by sysquotas now

Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Uri Simchoni <uri at samba.org>

- - - - -
e2cc29da by Björn Jacke at 2019-02-17T12:33:14Z
waf/quotas: fail configure when quotas were requested but not found

Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Uri Simchoni <uri at samba.org>

- - - - -
e8d1e04b by Björn Jacke at 2019-02-17T12:33:14Z
sysquotas_4B: raise log level of a sometimes too noisy message

Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Uri Simchoni <uri at samba.org>

- - - - -
6e72fe84 by Björn Jacke at 2019-02-17T12:33:14Z
waf: fix some missing newline compiler warnings

without a trailing newline the studio compiler issues:

warning: newline not last character in file

Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
decba07b by Björn Jacke at 2019-02-17T12:33:14Z
waf: fix WERROR_CFLAGS check

if we found the right WERROR flags of the compiler then the compiler is right
to fail because we explicitly give it an empty file to compile. We
should not do that because that makes the almost successful test fail.
This fixed the studio compiler test.

Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
2ba972e9 by Björn Jacke at 2019-02-17T12:33:14Z
waf: fix compiler warnings in configure checks

the studio compiler issued here:

warning: statement not reached

Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
c1715406 by Björn Jacke at 2019-02-17T12:33:14Z
waf: remove duplicate WERROR cflags

WERROR flags are already added by the strict=True switch.

Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
99dd2ae8 by Björn Jacke at 2019-02-17T12:33:14Z
waf: remove redundant WERROR flag

CHECK_CFLAGS always uses WERROR flags

Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
918bf89d by Björn Jacke at 2019-02-17T12:33:15Z
waf: use the correct WERROR_CFLAGS in CHECK_CODE

all the non gcc version were incorrectly set here till now

Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
7058a88c by Björn Jacke at 2019-02-17T12:33:15Z
waf: print the library name in which we search for a function

Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
f2c3d2b2 by Björn Jacke at 2019-02-17T12:33:15Z
wafsamba: we should also remove stale symlinks here

Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
c9bcde01 by Björn Jacke at 2019-02-17T12:33:15Z
waf: fix setting of RPATH_ST variable

Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
44ccba40 by Björn Jacke at 2019-02-17T12:33:15Z
third_party/nss_wrapper/wscript: fix check for gethostbyname

Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
b8bf7ef8 by Björn Jacke at 2019-02-17T12:33:15Z
waf: add library dependency for sendfile on Solaris

Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
a87660b3 by Björn Jacke at 2019-02-17T14:05:20Z
third_party/nss_wrapper/wscript: check for libnsl and libsocket

this is needed as there are HAVE_LIBNSL and HAVE_LIBSOCKET in the code and
Samba fails to build in a terrible obscure way on Solaris if this is not
working inside nss_wrapper here.

Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

Autobuild-User(master): Björn Jacke <bjacke at samba.org>
Autobuild-Date(master): Sun Feb 17 15:05:20 CET 2019 on sn-devel-144

- - - - -
8f9bb790 by Tim Beale at 2019-02-18T04:42:09Z
selftest: Add common function to return cmd environment variables

We prefix samba-tool commands with a bunch of WRAPPER/CONF environment
variables, in order for the command to work properly. These variables
are duplicated all over the place in the selftest code. This patch adds
a helper function to return the variables, so we can reduce the required
code down to a single line in a lot of places.

A couple of exceptions I've left alone:
- drs replicate, which omits the RESOLV_WRAPPER_CONF/_HOSTS variables
  (I'm not sure whether that's deliberate or not).
- create_backup(), which uses the backupfromdc's krb5.conf rather than
  the new testenv.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
aeadf75c by Tim Beale at 2019-02-18T04:42:09Z
selftest: Export DC conf path for special cases

In a few rare cases, a test needs to assert aspects both client-side and
server-side aspects. A typical example would be the audit logging, which
is exercising client-side behaviour, but also asserting the server-side
logging.

Usually this has involved a kludge in tests.py to either use
socket-wrapper explicitly, or hardcode in the server smb.conf path.

This patch exposes the existing SERVERCONFFILE env variable to the
tests. DC_SERVERCONFFILE has been added for 2 DC testenvs, where we need
the PDC's smb.conf.

The benefit of doing this way is the filepath/testenv-dependency logic
is all self-contained with the Perl code, and it doesn't bleed out into
tests.py as well.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
ab374462 by Tim Beale at 2019-02-18T04:42:09Z
tests: Tweak DRS tests to avoid unnecessary env variables

Each DC used in a DRS test has its own '<testenv>_SERVER' environment
variable, e.g. VAMPIRE_DC_SERVER. These variables are only used by
test.py for DRS, but they're not actually needed.

The $SERVER environment variable holds the same information, so we can
just use this in test.py instead.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
b3480459 by Tim Beale at 2019-02-18T04:42:09Z
selftest: Remove unused environment variables

We only really want generic environment variables. For 2+ DC
environments, we have the $SERVER and $DC_SERVER (aka PDC) variables.
However, lots of testenvs also export really specific environment
variables, e.g. VAMPIRE_2000_DC_SERVER_IP (despite that testenv being
only used for a single test case).

Previously the <testenv>_SERVER variable was used for DRS tests, but we
can avoid the need to do this now. The other variables are not used at
all.

The RODC and TRUST environment variables are still used by a few tests.
SUBDOM_DC_SERVER is only used within Samba4.pm and not exported.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
bc4c0438 by Tim Beale at 2019-02-18T04:42:09Z
selftest: Remove need for $RODC_DC_SERVER env variable

Same deal as earlier patch - we can use the $SERVER env variable instead
and avoid the need for this extra variable.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
31c5d4c9 by Tim Beale at 2019-02-18T04:42:10Z
selftest: Add helper function to avoid repeated {DC_SERVER}=x

For every 2-DC testenv we setup, we copy the $DC_SERVER value of the
dependent testenv (i.e. the PDC) into the env variables for the new
testenv. This means DC_SERVER always points to the PDC (or first DC).

This adds a helper function to avoid repeating this code for every 2-DC
environment we setup.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
8fc04d2c by Tim Beale at 2019-02-18T06:24:05Z
selftest: Initialize DC_SERVER/etc variables in one place

It's simpler to do setup DC_SERVER/etc in the same place we set
SERVER/etc. (Rather than initializing them for every single testenv,
like we were doing).

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Feb 18 07:24:05 CET 2019 on sn-devel-144

- - - - -
4843a27b by Joe Guo at 2019-02-18T08:25:21Z
wafsamba/symbols: always split Popen output by bytes

In py3, `wafsamba.duplicate_symbols` test may fail:

    ...
    elfpipe = subprocess.Popen(['readelf', '--dynamic', binname], stdout=subprocess.PIPE).stdout
    ...

    File "./buildtools/wafsamba/symbols.py", line 153, in get_libs
        rpath.extend(m.group(1).split(":"))
    TypeError: a bytes-like object is required, not 'str'

Because Popen will always return bytestr even in py3, and ":" is a
unicode str in py3.  Change ":" to b":" to fix.

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
9fa698b0 by Joe Guo at 2019-02-18T08:25:21Z
wafsamba/symbols: change regex to match both rpath and runpath for different readelf output

In `wafsamba.dumplicate_symbols` test, it will use Popen to call:

    readelf --dynamic bin/default/source3/lib/netapi/examples/netlogon/netlogon_control2

then try to find rpath lib lines from output with regex:

    re_rpath     = re.compile(b'Library rpath: \[(.*)\]')

In ubuntu 14.04 docker image, which current CI is using, the actual output
from `readelf` is `runpath` instead of 'rpath':

    ...
    Library runpath: [/home/gitlab-runner/samba/bin/shared:/home/gitlab-runner/samba/bin/shared/private]\n'
    ...

So the regex never matched, and hide a bug.

In Ubuntu 1604 docker image, the output changes to `rpath` and matched the
regex, which expose the error in previous commit.

Improve the regex to match both `rpath` and `runpath`.

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
6b4ae52f by Joe Guo at 2019-02-18T09:54:19Z
.gitlab-ci.yml: merge .gitlab-ci-private.yml

`.gitlab-ci.yml` support conditional jobs with `only` and `except`.
And variables can be read from repo CI/CD settings as condition:

    build_samba:
      script: ...
      only:
        variables:
          - $SUPPORT_PRIVATE_TEST == 'yes'

Instead of having 2 copies of yml file, we can use this feature to
trigger private jobs only when a var like `SUPPORT_PRIVATE_TEST` is defined.

I've already added above var to our repos.
Once merged, we can remove custom CI config file in
gitlab repo settings, and remove .gitlab-ci-private.yml file from code.

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Feb 18 10:54:19 CET 2019 on sn-devel-144

- - - - -
03357bc8 by Andreas Schneider at 2019-02-18T12:01:12Z
nssswitch: Log user access to kerberos

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Noel Power <npower at samba.org>

Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Feb 18 13:01:12 CET 2019 on sn-devel-144

- - - - -
ec51bfca by Tim Beale at 2019-02-19T23:37:14Z
s3:tests: Set/return $failed in test_smbclient_auth.sh

Update the test so the shell script returns pass/fail as the exit code.

Note that subunit is just looking for 'failure:' in the test output for
whether the test passed or failed, so setting $failed isn't strictly
required.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
bcd00753 by Tim Beale at 2019-02-19T23:37:14Z
selftest: Abort if we fail to startup testenv with '--one' option

The --one selftest.pl option means abort when the first test fails.
However, when 'make test' fails to startup a testenv, it'll try to
continue and run other tests by default. When '--one' is used,
selftest.pl can just die() at that point.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
96472306 by Tim Beale at 2019-02-20T01:10:00Z
selftest: Add basic sanity-check tests for nopython target

Previously we were only checking samba compiled OK with
--disable-python, not that it actually ran.

The main problem is all the make test framework is based around
subunit/smbtorture, neither of which we seem to build with
disable-python. However, for just a simple sanity-check, we can just
bypass all the subunit-filter work and just call the Perl code directly.
This works OK as long as it's just simple shell script tests that we're
running, as we can check the script's exit code directly.

The main thing that we really want to test is that we can start up the
smbd testenv and connect to it (i.e. a simple smbclient test).

This patch adds a new 'make test-nopython' target. This disables the
subunit filtering, and runs a small test-list that was generated manually.

Note that currently this has the limitation that it doesn't support known
failures or flapping tests. However, just checking that smd starts up OK
is probably OK for now.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Feb 20 02:10:00 CET 2019 on sn-devel-144

- - - - -
853ad870 by Gary Lockyer at 2019-02-20T05:03:08Z
auth_log tests: Allow the remote address to be None

Allow self.remoteAddress to be None, remote address filtering is not
required for the winbind auth logging tests.

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
e3693bc2 by Gary Lockyer at 2019-02-20T05:03:08Z
wbinfo: fix --ntlmv1 option

Currently using the --ntlmv1 option fails with an unknown option error.
This patch ensures that the option is correctly supported.

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
47cebbe2 by Gary Lockyer at 2019-02-20T05:03:08Z
s3 winbind auth_log: Tests for logon id logging.

Tests to validate that winbind generates a random logon_id and passes it
in the netlogon call.

This will allow the linking of the windbind authentication requests and
the SamLogon request on the DC.

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
826d930a by Gary Lockyer at 2019-02-20T05:03:08Z
s3 auth: Create messaging and lp contexts.

If 'auth event notifications' are enabled create an imessaging_context
and a loadparm_context that can be passed to log_authentication_event.

This will allow the generated authentication messages to be tested.

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
87e63a86 by Gary Lockyer at 2019-02-20T05:03:08Z
lib util: Add function to generate random uint64_t

Generate a random uint64_t , which will be used for the netlogon
logon_id.

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
96e6aded by Gary Lockyer at 2019-02-20T05:03:09Z
librpc idl: netlogon netr_identity_info logon_id to 64 bit

Fold the two 32 bit values logon_id_high and logon_id_low into a single
64 bit logon_id in netr_identity_info.  This will be used to tie
together winbind and SamLogon requests in audit logging.

Summary of the of the Query and Response from Microsoft on it's usage.

[REG:119013019612095] [MS-NRPC]: NETLOGON_LOGON_IDENTITY_INFO: Does
the Reserved field have LogonId meaning?

Questions:
  In NetrLogonSamLogonEx does the Reserved field
  (of NETLOGON_LOGON_IDENTITY_INFO) have LogonId meaning?

  What is a valid LogonID, and does have any audit usage?

  Samba is sending a constant "deadbeef" in hex and would like to
  understand any usage of this field.

Response:
  The NRPC spec is accurate in defining the field as Reserved, and without
  protocol significance. In the header file in our source code, it is
  defined as LogonId and commented as such, but it’s effectively not used.
  This is probably why the API structure has that field name. It may have
  been intended as such but it’s not used.

Samba will send a random value in this field.

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
d486a199 by Gary Lockyer at 2019-02-20T05:03:09Z
auth log: Log the netlogon logon id.

Add code to log the logonId in the JSON Authentication messages.

The version number for Authentication messages changes from 1.1 to 1.2
to reflect this.

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
62e4f8f3 by Gary Lockyer at 2019-02-20T05:03:09Z
s4 rpc netlogon: Pass logon_id to auth logging

Pass the logon_id passed in the netlogon identity information to
auth_logging.

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
e8e4f35b by Gary Lockyer at 2019-02-20T05:03:09Z
kdc hdb: Generate and pass logon ID

Generate and pass the logon_id in SamLogon calls

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
0e2acf6c by Gary Lockyer at 2019-02-20T05:03:09Z
winbind: Generate and pass logon ID

Generate a random logon_id and pass it in the SamLogon calls.

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
c8b7b791 by Gary Lockyer at 2019-02-20T05:03:09Z
winbind: Log PAM and NTLM authentications.

Generate JSON authentication messages for winbind PAM_AUTH and
PAM_AUTH_CRAP requests.  The logon_id in these messages can be used to
link them to the SamLogon messages.

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
d4baed45 by Gary Lockyer at 2019-02-20T06:43:10Z
WHATSNEW: winbind authentication logging

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Feb 20 07:43:10 CET 2019 on sn-devel-144

- - - - -
9c2d15c2 by David Disseldorp at 2019-02-20T11:11:20Z
vfs_glusterfs: check for VFS_ADD_FSP_EXTENSION() failure

Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>

- - - - -
8c92702d by David Disseldorp at 2019-02-20T12:56:09Z
vfs_ceph: refactor if-error-return-else logic

vfs_ceph has quite a few occurrences of:
	if (result < 0) {
		WRAP_RETURN(result);	/* calls return */
	} else {
		...
	}

This change drops the superfluous else {} encapsulation and also removes
duplication of ceph statx debug messages.

Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>

Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Wed Feb 20 13:56:09 CET 2019 on sn-devel-144

- - - - -
5f9a5ef2 by Noel Power at 2019-02-21T03:09:19Z
s4/param: Fix provision_get_schema leaking python object

provision_get_schema returns a ldb_context object which is stored
in a python object. As a result the parent python object is never
decrefed and probably not released ever.

Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
fa8a8483 by Joe Guo at 2019-02-21T03:09:19Z
dbcheck: skip reverse member link checks when cli option specified

currently dbcheck cmd tooks about 1 day to finish on a 100k user database.
We can skip member reverse link checks to speed it up dramatically.
A new cli option is added to enable the skipping.

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
e051d787 by Joe Guo at 2019-02-21T03:09:19Z
selftest/tests: add helper method to simplify plantestsuite

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
8216a619 by Joe Guo at 2019-02-21T03:09:19Z
selftest/tests: add smoketests for dbcheck --quick-membership-checks

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
3803f87f by Joe Guo at 2019-02-21T03:09:20Z
bootstrap/config.py: define package lists and templates

Define default pkg list, and allow to override for each dist.
Also define bootstrap/Dockerfile/Vagrantfile templates.

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
3737518a by Joe Guo at 2019-02-21T03:09:20Z
bootstrap/template.py: add cli to render templates

- bootstrap for each dist
- Dockerfile for each dist
- Vagrantfile all in one

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
26d2f74c by Joe Guo at 2019-02-21T03:09:20Z
bootstrap/docker.py: add cli to build/tag/push docker images

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
50a1109c by Joe Guo at 2019-02-21T03:09:20Z
bootstrap/dists: add rendered files for dists

Add these into repo, then we can link it to samba wiki,
for people to get a latest and precise pkg list

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
d6f6eb4f by Joe Guo at 2019-02-21T03:09:20Z
bootstrap/README.md: add README.md

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
cf8ff6b8 by Martin Krämer at 2019-02-21T03:09:20Z
Update dsacl.py - add_ace to handle/verify sddl parameter correct

Test for samba-tool dsacl set --sddl parmeter

Update tests.py - add dsacl (dsacl.py / samba-tool dsacl set) test

Signed-off-by: <Martin Krämer mk.maddin at gmail.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
fb7a8064 by Martin Krämer at 2019-02-21T03:09:20Z
Add command "samba-tool dsacl get" This code is very equal to "samba-tool dsacl set", except it only prints out the current sddl of an object.

Signed-off-by: Martin Krämer <mk.maddin at gmail.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
8431cd40 by Andrew Bartlett at 2019-02-21T03:09:20Z
samba-tool dsacl: Mark old and new descriptor output correctly

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
8e201529 by Andrew Bartlett at 2019-02-21T03:09:21Z
selftest: Add test for samba-tool dsacl get, cross-checked with samba-tool dsacl set

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
cbf23f2b by Andrew Bartlett at 2019-02-21T04:37:31Z
selftest: Confirm new and old SDDL strings differ after a samba-tool dsacl set

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Feb 21 05:37:31 CET 2019 on sn-devel-144

- - - - -
fa8e69ac by Swen Schillig at 2019-02-22T01:08:07Z
ctdb: buffer write beyond limits

In order to calculate the number of bytes correctly which
are to be read into the buffer, the buffer.offset must be taken
into account.

This patch fixes a regression introduced by 382705f495dd.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13791

Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>

- - - - -
92a90524 by Christof Schmitt at 2019-02-22T02:51:37Z
ctdb-tests: Add test for ctdb_io.c

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13791

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>

Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Fri Feb 22 03:51:37 CET 2019 on sn-devel-144

- - - - -
b33fad77 by Jiří Šašek at 2019-02-22T11:30:10Z
notifyd: Fix SIGBUS on sparc

Problem is the structure "struct notify_instance" can lay in message buffer on
address not dividable by 8 but this structure begins by uint_64 (secs in
time-stamp). Structure should be re-packed to standalone buffer before the use.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13704
Signed-off-by: jiri.sasek at oracle.com
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>

Autobuild-User(master): Björn Jacke <bjacke at samba.org>
Autobuild-Date(master): Fri Feb 22 12:30:11 CET 2019 on sn-devel-144

- - - - -
02c9bee8 by Mark Niggemann at 2019-02-22T14:04:54Z
set caller allocation units in statvfs f_bavail

Signed-off-by: Mark Niggemann <mark.niggemann at ge.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Bjoern Jacke <bjacke at samba.org>

Autobuild-User(master): Björn Jacke <bjacke at samba.org>
Autobuild-Date(master): Fri Feb 22 15:04:55 CET 2019 on sn-devel-144

- - - - -
64176f00 by Volker Lendecke at 2019-02-22T20:48:11Z
libsmb: Convert cli_posix_open to normal tevent_req pattern

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
529c61d0 by Volker Lendecke at 2019-02-22T20:48:11Z
libsmb: Pull up wire_flags calculation from open_internal

This avoids passing down a boolean

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
5dd67797 by Volker Lendecke at 2019-02-22T20:48:11Z
libsmb: Fix a resource leak in cli_posix_mkdir

smbd does posix_mkdir if the wire flags are exactly

	if (wire_open_mode == (SMB_O_CREAT|SMB_O_DIRECTORY))

open_flags_to_wire however adds a SMB_O_RDONLY, so that we enter the
normal open routine which happens to create a directory as well. The
main difference is that posix_mkdir does *NOT* return an open
handle. As we did not enter this code path due to the SMB_O_RDONLY we
leak a SMB1 fd per cli_posix_mkdir call.

Pretty hard to test automatically, this would be an interaction with
smbstatus.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
121af4c3 by Andreas Schneider at 2019-02-22T20:48:11Z
s4:dns_crypto: Remove unused include of hmac_md5.h

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
3d95c1f6 by Andreas Schneider at 2019-02-22T20:48:11Z
s3:auth: Remove unused arcfour.h header from server_info.c

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
6b4bb232 by Andreas Schneider at 2019-02-22T20:48:11Z
s3:auth: Remove unused arcfour.h from auth_util.c

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
e5031537 by Andreas Schneider at 2019-02-22T20:48:11Z
s3:rpc_server: Remove unused arcfour.h from netlogon

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
0a1d1a57 by Andreas Schneider at 2019-02-22T22:16:40Z
s3:winbindd: Remove unused arcfour.h from PAM handling

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Feb 22 23:16:40 CET 2019 on sn-devel-144

- - - - -
f5a8bc2f by Ralph Boehme at 2019-02-23T06:54:09Z
winbindd: make a copy of xid's in wb_xids2sids_send()

This is in preparation of setting the result of the mapping in the top-
level callback wb_xids2sids_done(), not in the per-idmap-domain callback
wb_xids2sids_dom_done().

When caching the mapping we need the id-type from the backend, so we
need a way to pass up that information from wb_xids2sids_dom_done() up
to wb_xids2sids_done()

The xids array copy gets passed from wb_xids2sids_send() to
wb_xids2sids_dom_send(), so wb_xids2sids_dom_done() can then directly
update the top-level copy.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

- - - - -
5d277ea7 by Ralph Boehme at 2019-02-23T06:54:09Z
winbindd: make xids a const argument to wb_xids2sids_send()

The previous commit made an internal copy of xids, this commit makes it
more obvious that we must not mess with the xids argument but treat it as
an in-parameter and don't write to it.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

- - - - -
f8bf4fc6 by Ralph Boehme at 2019-02-23T06:54:09Z
winbindd: convert id to a pointer in wb_xids2sids_dom_done()

No change in behaviour.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

- - - - -
7f23ef7b by Ralph Boehme at 2019-02-23T06:54:09Z
winbindd: update xid in wb_xids2sids_state->xids with what we got

In preparation of priming the idmap cache in the top-level
wb_xids2sids_done(), not in the per-idmap-domain callback
wb_xids2sids_dom_done().

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

- - - - -
8e9c2a1f by Ralph Boehme at 2019-02-23T06:54:09Z
winbindd: switch send-next/done order

In preparation of adding more logic to the done step. No change in
behaviour.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

- - - - -
62f54229 by Ralph Boehme at 2019-02-23T06:54:10Z
winbindd: track whether a result from xid2sid was coming from the cache

This is needed in preparation of moving the step to update the idmap
cache from the per-idmap-domain callback wb_xids2sids_dom_done() to the
top-level callback wb_xids2sids_done().

Currently the sequence of action is:

* check cache, if not found:
  * ask backends
  * cache result from backend
* return results

Iow, if we got something from the cache, we don't write the cache.

The next commit defers updating the cache to the top-level callback, so
the sequence becomes

* check cache, if not found:
  * ask backends
* cache results
* return results

This has two problems:

* it needlessly writes to the cache what we just got from it

* it possibly overwrites the ID_TYPE_BOTH for a SID-to-xid mapping in
  the following case:

  - existing ID_TYPE_BOTH mapping in the cache, eg:

    IDMAP/SID2XID/S-1-5-21-2180672342-2513613279-2566592647-512 -> Value: 3000000:B

  - someone calls wb_xids2sids_send() with xid.id=3000000,xid.type=ID_TYPE_GID

  - cache lookup with idmap_cache_find_gid2sid() succeeds

  - when caching results we'd call idmap_cache_set_sid2unixid() with the
    callers xid.type=ID_TYPE_GID, so idmap_cache_set_sid2unixid() will
    overwrite the SID-to-xid mapping with ID_TYPE_GID

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

- - - - -
9b9565c3 by Ralph Boehme at 2019-02-23T08:23:21Z
winbindd: set idmap cache entries as the last step in async wb_xids2sids

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13802

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Sat Feb 23 09:23:22 CET 2019 on sn-devel-144

- - - - -
f0decb31 by Jeremy Allison at 2019-02-24T11:21:10Z
s3: smbtorture3: Add POSIX-MKDIR test for posix_mkdir case sensitive bug.

Test does:

mkdir POSIX_foo
mkdir POSIX_Foo
mkdir POSIX_foo/Foo
mkdir POSIX_foo/foo
mkdir POSIX_Foo/Foo
mkdir POSIX_Foo/foo

Which should pass a SMB1 POSIX extensions server
as posix mkdir should always be case sensitive
no matter what the share is set to.

Mark as knownfail for now.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13803

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

- - - - -
980db8de by Jeremy Allison at 2019-02-24T11:21:10Z
smbd: SMB1-POSIX: Add missing info-level SMB_POSIX_PATH_OPEN for UCF_UNIX_NAME_LOOKUP flag.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13803

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

- - - - -
12da33e2 by Jeremy Allison at 2019-02-24T13:04:14Z
smbd: unix_convert: Ensure we don't call get_real_filename on POSIX paths.

For posix_pathnames don't blunder into the name_has_wildcard OR
get_real_filename() codepaths as they may be doing case insensitive lookups.
So when creating a new POSIX directory 'Foo' they might
match on name 'foo'.

Remove POSIX-MKDIR from knownfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13803

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Sun Feb 24 14:04:14 CET 2019 on sn-devel-144

- - - - -
82e7f382 by Martin Schwenke at 2019-02-25T01:12:16Z
ctdb-config: Change example recovery lock setting to one that fails

ctdbd will start without a recovery lock configured.  It will log a
message saying that this is not optimal.  However, a careless user may
overlook both this message and the importance of setting a recovery
lock.  If the existing example configuration is uncommented then the
directory containing it will be created (by 01.reclock.script) and the
failure (i.e. multiple nodes able to take the lock) will be confusing.

Instead, change the example setting to one that will result in banned
nodes, encouraging users to consciously configure (or deconfigure) the
recovery lock.  Tweak the corresponding comment.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13790

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>

- - - - -
621658cb by Martin Schwenke at 2019-02-25T01:12:16Z
ctdb-recoverd: Free cluster mutex handler on failure to take lock

If nested events occur while the file descriptor handler is still
active then chaos can ensue.  For example, if a node is banned and the
lock is explicitly cancelled (e.g. due to election loss) then
double-talloc-free()s abound.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>

- - - - -
7e4aae69 by Martin Schwenke at 2019-02-25T01:12:16Z
ctdb-recoverd: Clean up logging on failure to take recovery lock

Add an explicit case for a timeout and clean up the other messages.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>

- - - - -
c0fb62ed by Martin Schwenke at 2019-02-25T01:12:16Z
ctdb-recoverd: Make recoverd context available in recovery lock handle

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>

- - - - -
45a77d65 by Martin Schwenke at 2019-02-25T01:12:17Z
ctdb-recoverd: Ban node on unknown error when taking recovery lock

We really shouldn't see unknown errors.  They probably represent a
misconfigured recovery lock or similar.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>

- - - - -
13a1a480 by Martin Schwenke at 2019-02-25T01:12:17Z
ctdb-recoverd: Time out attempt to take recovery lock after 120s

Currently this will wait forever.  It really needs a timeout in case
the cluster filesystem (or other lock mechanism) is completely wedged.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>

- - - - -
ce09d9c3 by Martin Schwenke at 2019-02-25T01:12:17Z
ctdb-tests: Force test failure if local daemon setup fails

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>

- - - - -
e74f5243 by Martin Schwenke at 2019-02-25T01:12:17Z
ctdb-tests: Add -R option for local daemons to use recovery lock command

Under the covers, a command is always used.  However, there is no way
of testing of the code path where a command is explicitly configured.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>

- - - - -
ebc08212 by Martin Schwenke at 2019-02-25T01:12:17Z
ctdb-tests: Add a test for configuring the recovery lock as a command

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>

- - - - -
c93430fe by Martin Schwenke at 2019-02-25T02:40:16Z
ctdb-cluster-mutex: Separate out command and file handling

This code is difficult to read and there really is no common code
between the 2 cases.  For example, there is no need to split a
filename into words.  Separating each of the 2 cases into its own
function makes the logic much easier to understand.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Mon Feb 25 03:40:16 CET 2019 on sn-devel-144

- - - - -
632d0db8 by Jeremy Allison at 2019-02-25T07:05:16Z
s3: torture: Add additional POSIX mkdir tests.

Ensure that if POSIX_foo exists as a file
we return the correct error code NT_STATUS_OBJECT_PATH_NOT_FOUND
if we try and traverse it as a directory.

Also ensure creation/deletion of POSIX_foo/foo fails
for directories and files with NT_STATUS_OBJECT_PATH_NOT_FOUND
if the directory POSIX_foo/ doesn't exist.

knownfail is back :-).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13803

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

- - - - -
3f1a13a9 by Jeremy Allison at 2019-02-25T08:33:27Z
s3: smbd: filenames - ensure we replace the missing '/' if we error in an intermediate POSIX path.

Previous regression test ensures we still return the correct
error code for POSIX pathname operations.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13803

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Mon Feb 25 09:33:27 CET 2019 on sn-devel-144

- - - - -
d9f9a73d by Volker Lendecke at 2019-02-25T18:36:19Z
torture: Use GUID_zero()

10 lines less...

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
2bd6f57c by Volker Lendecke at 2019-02-25T18:36:19Z
smbd: Align integer types

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
26f18b9b by Volker Lendecke at 2019-02-25T18:36:20Z
libsmb: Resolve special _recv handling in cli_ntcreate

cli_smb2_create_fnum_recv will gain output create blobs soon and thus
differ from the NT1 function.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
e8e96771 by Volker Lendecke at 2019-02-25T20:07:22Z
libcli: Pass buf/len to smb2_negotiate_context_add

Every caller did a data_blob_const() right before calling
smb2_negotiate_context_add(). Avoid that.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Feb 25 21:07:22 CET 2019 on sn-devel-144

- - - - -
3674b089 by Lukas Slebodnik at 2019-02-25T20:26:11Z
CVE-2019-3824 ldb: Out of bound read in ldb_wildcard_compare

There is valgrind error in few tests tests/test-generic.sh
 91 echo "Test wildcard match"
 92 $VALGRIND ldbadd $LDBDIR/tests/test-wildcard.ldif  || exit 1
 93 $VALGRIND ldbsearch '(cn=test*multi)'  || exit 1
 95 $VALGRIND ldbsearch '(cn=*test_multi)'  || exit 1
 97 $VALGRIND ldbsearch '(cn=test*multi*test*multi)'  || exit 1

e.g.
  ==3098== Memcheck, a memory error detector
  ==3098== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
  ==3098== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright info
  ==3098== Command: ./bin/ldbsearch (cn=test*multi)
  ==3098==
  ==3098== Invalid read of size 1
  ==3098==    at 0x483CEE7: memchr (vg_replace_strmem.c:890)
  ==3098==    by 0x49A9073: memmem (in /usr/lib64/libc-2.28.9000.so)
  ==3098==    by 0x485DFE9: ldb_wildcard_compare (ldb_match.c:313)
  ==3098==    by 0x485DFE9: ldb_match_substring (ldb_match.c:360)
  ==3098==    by 0x485DFE9: ldb_match_message (ldb_match.c:572)
  ==3098==    by 0x558F8FA: search_func (ldb_kv_search.c:549)
  ==3098==    by 0x48C78CA: ??? (in /usr/lib64/libtdb.so.1.3.17)
  ==3098==    by 0x48C7A60: tdb_traverse_read (in /usr/lib64/libtdb.so.1.3.17)
  ==3098==    by 0x557B7C4: ltdb_traverse_fn (ldb_tdb.c:274)
  ==3098==    by 0x558FBFA: ldb_kv_search_full (ldb_kv_search.c:594)
  ==3098==    by 0x558FBFA: ldb_kv_search (ldb_kv_search.c:854)
  ==3098==    by 0x558E497: ldb_kv_callback (ldb_kv.c:1713)
  ==3098==    by 0x48FCD58: tevent_common_invoke_timer_handler (in /usr/lib64/libtevent.so.0.9.38)
  ==3098==    by 0x48FCEFD: tevent_common_loop_timer_delay (in /usr/lib64/libtevent.so.0.9.38)
  ==3098==    by 0x48FE14A: ??? (in /usr/lib64/libtevent.so.0.9.38)
  ==3098==  Address 0x4b4ab81 is 0 bytes after a block of size 129 alloc'd
  ==3098==    at 0x483880B: malloc (vg_replace_malloc.c:309)
  ==3098==    by 0x491048B: talloc_strndup (in /usr/lib64/libtalloc.so.2.1.15)
  ==3098==    by 0x48593CA: ldb_casefold_default (ldb_utf8.c:59)
  ==3098==    by 0x485F68D: ldb_handler_fold (attrib_handlers.c:64)
  ==3098==    by 0x485DB88: ldb_wildcard_compare (ldb_match.c:257)
  ==3098==    by 0x485DB88: ldb_match_substring (ldb_match.c:360)
  ==3098==    by 0x485DB88: ldb_match_message (ldb_match.c:572)
  ==3098==    by 0x558F8FA: search_func (ldb_kv_search.c:549)
  ==3098==    by 0x48C78CA: ??? (in /usr/lib64/libtdb.so.1.3.17)
  ==3098==    by 0x48C7A60: tdb_traverse_read (in /usr/lib64/libtdb.so.1.3.17)
  ==3098==    by 0x557B7C4: ltdb_traverse_fn (ldb_tdb.c:274)
  ==3098==    by 0x558FBFA: ldb_kv_search_full (ldb_kv_search.c:594)
  ==3098==    by 0x558FBFA: ldb_kv_search (ldb_kv_search.c:854)
  ==3098==    by 0x558E497: ldb_kv_callback (ldb_kv.c:1713)
  ==3098==    by 0x48FCD58: tevent_common_invoke_timer_handler (in /usr/lib64/libtevent.so.0.9.38)
  ==3098==
  # record 1
  dn: cn=test_multi_test_multi_test_multi,o=University of Michigan,c=TEST
  cn: test_multi_test_multi_test_multi
  description: test multi wildcards matching
  objectclass: person
  sn: multi_test
  name: test_multi_test_multi_test_multi
  distinguishedName: cn=test_multi_test_multi_test_multi,o=University of Michiga
   n,c=TEST

  # returned 1 records
  # 1 entries
  # 0 referrals

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773

Signed-off-by: Lukas Slebodnik <lslebodn at fedoraproject.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
745b99fc by Andrew Bartlett at 2019-02-25T20:26:11Z
CVE-2019-3824 ldb: Extra comments to clarify no pointer wrap in wildcard processing

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
9427806f by Andrew Bartlett at 2019-02-25T20:26:11Z
CVE-2019-3824 ldb: Improve code style and layout in wildcard processing

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
8d34d172 by Gary Lockyer at 2019-02-25T20:26:11Z
CVE-2019-3824 ldb: ldb_parse_tree use talloc_zero

Initialise the created ldb_parse_tree with talloc_zero, this ensures
that it is correctly initialised if inadvertently passed to a function
expecting a different operation type.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
34383981 by Gary Lockyer at 2019-02-25T20:26:11Z
CVE-2019-3824 ldb: wildcard_match check tree operation

Check the operation type of the passed parse tree, and return
LDB_INAPPROPRIATE_MATCH if the operation is not LDB_OP_SUBSTRING.

A query of "attribute=*" gets parsed as LDB_OP_PRESENT, checking the
operation and failing ldb_wildcard_match should help prevent confusion
writing tests.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
42f0f57e by Gary Lockyer at 2019-02-25T20:26:12Z
CVE-2019-3824 ldb: wildcard_match end of data check

ldb_handler_copy and ldb_val_dup over allocate by one and add a trailing '\0'
to the data, to make them safe to use the C string functions on.

However testing for the trailing '\0' is not the correct way to test for
the end of a value, the length should be checked instead.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
45b75db5 by Gary Lockyer at 2019-02-25T20:26:12Z
CVE-2019-3824 ldb: Add tests for ldb_wildcard_match

Add cmocka tests for ldb_wildcard_match.

Running test_wildcard_match under valgrind reproduces
 CVE-2019-3824 out of bounds read in wildcard compare (bug 13773)

 valgrind --suppressions=lib/ldb/tests/ldb_match_test.valgrind\
          bin/ldb_match_test

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
de3bb5cd by Gary Lockyer at 2019-02-25T21:54:13Z
CVE-2019-3824 ldb: Release ldb 1.6.1

* CVE-2019-3824 out of bounds read in wildcard compare (bug 13773)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

Autobuild-User(master): Gary Lockyer <gary at samba.org>
Autobuild-Date(master): Mon Feb 25 22:54:13 CET 2019 on sn-devel-144

- - - - -
5ed5c337 by David Mulder at 2019-02-26T09:39:24Z
Search for location of waf script

When calling make from the ldb, talloc, tdb, and
tevent bundles, we need to first find the
location of the waf script. Currently the build
fails since it can't find waf.

Fixes regression caused by a660b7f.

Signed-off-by: David Mulder <dmulder at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
f0d26dd1 by Stefan Metzmacher at 2019-02-26T09:39:24Z
tdb: version 1.3.18

* Fix build problems with older python versions.
* C99 build fixes.
* Fix standalone build of tdb.

Signed-off-by: Stefan Metzmacher <metze at samba.org>

- - - - -
3fe1551b by Stefan Metzmacher at 2019-02-26T09:39:24Z
talloc: version 2.1.16

* Fix standalone build of talloc.

Signed-off-by: Stefan Metzmacher <metze at samba.org>

- - - - -
db58a502 by Stefan Metzmacher at 2019-02-26T09:39:24Z
tevent: version 0.9.39

* py_tevent: add_timer takes float argument
* C99 build fixes.
* Fix standalone build of tevent.

Signed-off-by: Stefan Metzmacher <metze at samba.org>

- - - - -
09d281d6 by Stefan Metzmacher at 2019-02-26T11:10:40Z
ldb: version 1.6.2

* Fix standalone build of ldb.

Signed-off-by: Stefan Metzmacher <metze at samba.org>

Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Tue Feb 26 12:10:40 CET 2019 on sn-devel-144

- - - - -
e3902283 by Volker Lendecke at 2019-02-27T00:35:18Z
addns: Remove some unused defines

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
8284ed9c by Volker Lendecke at 2019-02-27T00:35:18Z
pdbtest: Use dom_sid_str_buf

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
258d7d1c by Volker Lendecke at 2019-02-27T00:35:18Z
libads: Use dom_sid_str_buf

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
f5cd535b by Volker Lendecke at 2019-02-27T00:35:18Z
libads: Align integer types

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
d8374109 by Volker Lendecke at 2019-02-27T00:35:18Z
winbindd: Fix typos

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
d48aa9a5 by Volker Lendecke at 2019-02-27T00:35:18Z
winbind: Align integer types

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
e8efe16b by Volker Lendecke at 2019-02-27T00:35:18Z
winbind: Fix an error path memleak

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
7d9b7604 by Volker Lendecke at 2019-02-27T00:35:19Z
winbind: Avoid a "==False"

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
071af60d by Volker Lendecke at 2019-02-27T00:35:19Z
audit_log: Use dom_sid_str_buf

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
54d2e88f by Volker Lendecke at 2019-02-27T00:35:19Z
dsdb: Align integer types

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
908ef165 by Volker Lendecke at 2019-02-27T00:35:19Z
libnet: Use dom_sid_str_buf

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
a89b0f3f by Volker Lendecke at 2019-02-27T00:35:19Z
rpc_server: Use dom_sid_str_buf

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
e9ee003b by Andreas Schneider at 2019-02-27T00:35:19Z
libcli:smb: Zero sensitive memory after use

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
b451168d by Andreas Schneider at 2019-02-27T00:35:19Z
auth:gensec: Make sure we zero the checksum after use

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
0045a919 by Andreas Schneider at 2019-02-27T02:22:50Z
libcli:auth: Avoid explicit ZERO_STRUCT

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Feb 27 03:22:50 CET 2019 on sn-devel-144

- - - - -
0ee398e8 by Andreas Schneider at 2019-02-27T07:59:26Z
lib:crypto: Include only the required header files

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

- - - - -
b09f6468 by Andreas Schneider at 2019-02-27T07:59:27Z
krb5_wrap: Only use the required md4 header

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

- - - - -
75a5db9c by Andreas Schneider at 2019-02-27T07:59:27Z
libcli:auth: Only use the required md4 header

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

- - - - -
a1a005cb by Andreas Schneider at 2019-02-27T07:59:27Z
libcli:auth: Only use the required md4 header

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

- - - - -
195322b8 by Andreas Schneider at 2019-02-27T07:59:27Z
s4:dsdb: Only use the required md4 header file

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

- - - - -
5890eb77 by Andreas Schneider at 2019-02-27T07:59:27Z
s4:dsdb: Only use the required md4 and md5 header files

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

- - - - -
79207884 by Andreas Schneider at 2019-02-27T07:59:27Z
libcli:samsync: Remove unused header file

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

- - - - -
5854fcdb by Andreas Schneider at 2019-02-27T07:59:27Z
s4:dsdb: Remove unused header file

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

- - - - -
53fbd4b9 by Andreas Schneider at 2019-02-27T07:59:27Z
s4:torture: Remove unused header file

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

- - - - -
eb13f70e by Andreas Schneider at 2019-02-27T10:00:32Z
libcli:auth: Remove unused header file

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Wed Feb 27 10:00:32 UTC 2019 on sn-devel-144

- - - - -
ec115b90 by Stefan Metzmacher at 2019-02-27T10:16:10Z
s4:selftest: move very slow tests on ad_dc_ntvfs into one location in tests.py

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
62eeab8f by Stefan Metzmacher at 2019-02-27T10:16:10Z
selftest:Samba4: add fl2008dc as alias to ad_dc_ntvfs

Using aliases it will be possible to split the large amount
of tests which use ad_dc_ntvfs into multiple autobuild/ci
tasks/jobs later.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
07b662e2 by Stefan Metzmacher at 2019-02-27T10:16:10Z
s4:selftest: use the fl2008dc alias when looping over all functional levels

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
c82b60c8 by Stefan Metzmacher at 2019-02-27T10:16:10Z
selftest:Samba4: add ad_dc_slowtests alias to ad_dc_ntvfs

This will allow us to run really slow tests in an isolated
autobuild/ci task later.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
3385b33c by Stefan Metzmacher at 2019-02-27T10:16:10Z
s4:selftest: make use of ad_dc_slowtests

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
c217a15a by Stefan Metzmacher at 2019-02-27T10:16:10Z
selftest:Samba4: add ad_dc_default alias to ad_dc_ntvfs

This will allow us to run really most tests in an isolated
autobuild/ci task later.

This will apply to tests, which may not rely on the ntvfs backend, so
the ad_dc_default alias can point to another environment in future.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
780cceae by Stefan Metzmacher at 2019-02-27T10:16:10Z
s4:selftest: make use of ad_dc_default

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
13fe139f by Stefan Metzmacher at 2019-02-27T10:16:10Z
selftest:Samba4: add ad_dc_backup alias to ad_dc

This will allow us to run really most tests in an isolated
autobuild/ci task later.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
cd42d70d by Stefan Metzmacher at 2019-02-27T10:16:10Z
s4:selftest: make use of ad_dc_backup

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
3cf317c9 by Stefan Metzmacher at 2019-02-27T10:16:10Z
autobuild: move nt4_dc_schannel out of 'samba'

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
1bc2456b by Stefan Metzmacher at 2019-02-27T10:16:10Z
autobuild: move maptoguest and simpleserver to 'samba-fileserver'

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
2d576c3a by Stefan Metzmacher at 2019-02-27T10:16:10Z
autobuild: run ad_dc_backup tests in samba-ad-dc-backup

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
54278049 by Stefan Metzmacher at 2019-02-27T10:16:11Z
autobuild: add samba-ad-member task

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
e0bd12e0 by Stefan Metzmacher at 2019-02-27T10:16:11Z
autobuild: spread ad-dc tests over 6 autobuild/ci separate tasks/jobs

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
253acdaf by Stefan Metzmacher at 2019-02-27T10:16:11Z
.gitlab-ci.yml: use .shared_template for samba

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
be6cf83c by Stefan Metzmacher at 2019-02-27T10:16:11Z
autobuild: try to distribute the tasks a bit more

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
4f307f23 by Stefan Metzmacher at 2019-02-27T11:24:59Z
selftest: force running with TZ=UTC

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Feb 27 11:24:59 UTC 2019 on sn-devel-144

- - - - -
5a7e7280 by David Disseldorp at 2019-02-27T14:53:18Z
vfs_ceph: add missing fallocate hook

SMB_VFS_FALLOCATE() calls atop a vfs_ceph share currently fall through
to vfs_default, which results in a local filesystem I/O attempt using a
libcephfs file-descriptor. Add the missing fallocate hook to vfs_ceph.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13807

Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>

- - - - -
70329c36 by David Disseldorp at 2019-02-27T14:53:18Z
vfs_ceph: fix strict_allocate_ftruncate()

The vfs_ceph "strict allocate = yes" ftruncate wrapper may attempt
*local* filesystem ftruncate(). Fix this.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13807

Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>

- - - - -
155f1289 by David Disseldorp at 2019-02-27T14:53:19Z
vfs_ceph: remove ceph_fallocate/ceph_ftruncate fallback

Both libcephfs functions are supported and capable of extending files,
so fallback can be dropped.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13807

Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>

- - - - -
f43cc62f by David Disseldorp at 2019-02-27T14:53:19Z
vfs_ceph: drop ifdef HAVE_FCHOWN/_FCHMOD

The cephwrap_fchown() and cephwrap_fchmod() wrappers call the
corresponding libcephfs functions. It doesn't make sense to make this
logic dependent on regular fchown()/fchmod() function presence, so remove
the ifdefs.

Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>

- - - - -
eb62dc39 by David Disseldorp at 2019-02-27T16:22:27Z
docs: fix minor typo in smb.conf "log level" section

Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>

Autobuild-User(master): David Disseldorp <ddiss at samba.org>
Autobuild-Date(master): Wed Feb 27 16:22:27 UTC 2019 on sn-devel-144

- - - - -
d8a7caa5 by Volker Lendecke at 2019-02-28T12:57:23Z
libwbclient: Protect wbcCtxUnixIdsToSids against integer-wrap

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
d9303e8e by Volker Lendecke at 2019-02-28T12:57:23Z
lib: Make idmap_cache return negative mappings

Without this we'd query non-existent mappings over and over
again.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813

- - - - -
4faf3e9f by Volker Lendecke at 2019-02-28T12:57:23Z
idmap_cache: Only touch "sid" on success in find_xid_to_sid

Why? This makes the negative mapping condition (is_null_sid) more
explicit in the code.

The callers in lookup_sid initialized "psid" anyway before, and the ones
in wb_xids2sids now do as well. This is more in line with other APIs we
have: Only touch output parameters if you have something to say.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813

- - - - -
8c28c127 by Volker Lendecke at 2019-02-28T12:57:23Z
winbind: Initialize "expired" parameter to idmap_cache_xid2sid

The code in idmap_cache only touches its output parameters upon success

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813

- - - - -
95d33ca7 by Volker Lendecke at 2019-02-28T12:57:23Z
winbind: Now we explicitly track if we got ids from cache

This now properly makes us use negative cache entries

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813

- - - - -
bb8122dd by Volker Lendecke at 2019-02-28T12:57:24Z
idmap_cache: Introduce idmap_cache_find_xid2sid

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813

- - - - -
e5a903ba by Volker Lendecke at 2019-02-28T12:57:24Z
torture: Add tests for idmap cache

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813

- - - - -
bc9824bd by Volker Lendecke at 2019-02-28T12:57:24Z
winbind: Use idmap_cache_find_xid2sid

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813

- - - - -
ef706a3e by Volker Lendecke at 2019-02-28T12:57:24Z
lib: Introduce winbind_xid_to_sid

This does not merge a winbind communication error into
"global_sid_NULL" (S-1-0-0), which by the way non-intuitively does not
go along with is_null_sid(). Instead, this just touches the output sid
when winbind returned success. This success might well be a negative
mapping indicated by S-0-0, which *is* is_null_sid()...

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813

- - - - -
92f27ebb by Volker Lendecke at 2019-02-28T12:57:24Z
passdb: Introduce xid_to_sid

This explicitly avoids the legacy_[ug]id_to_sid calls, which create
long-term cache entries to S-1-22-x-y if anthing fails. We can't do
this, because this will turn temporary winbind communication failures
into long-term problems: A short hickup in winbind_uid_to_sid will
create a mapping to S-1-22-1-uid for a week. It should be up to the
lower layers to do the caching.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813

- - - - -
40de67f1 by Volker Lendecke at 2019-02-28T12:57:24Z
passdb: Make [ug]id_to_sid use xid_to_sid

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813

- - - - -
c906153c by Volker Lendecke at 2019-02-28T13:53:40Z
lib: Remove some unused code

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

Autobuild-User(master): Volker Lendecke <vl at samba.org>
Autobuild-Date(master): Thu Feb 28 13:53:41 UTC 2019 on sn-devel-144

- - - - -
9f4ee052 by Ralph Boehme at 2019-02-28T18:21:11Z
s4:libcli: remember return code from maximum access

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13812

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>

- - - - -
3ca38d2c by Ralph Boehme at 2019-02-28T18:21:12Z
s4:torture: add a Maximum Access check with an Owner Rights ACE

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13812

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>

- - - - -
5cf0764b by Ralph Boehme at 2019-02-28T19:18:16Z
libcli/security: add "Owner Rights" calculation to access_check_max_allowed()

This was missing in 44590c1b70c0a24f853c02d5fcdb3c609401e2ca.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13812

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>

Autobuild-User(master): David Disseldorp <ddiss at samba.org>
Autobuild-Date(master): Thu Feb 28 19:18:16 UTC 2019 on sn-devel-144

- - - - -
cef18c2d by Swen Schillig at 2019-03-01T00:32:09Z
util: Add two wrapper for string to int conversion

Adding wrapper strtoull_err and strtoul_err to handle
error conditions of the conversion process.

Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Ralph Böhme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
c9f4b92a by Swen Schillig at 2019-03-01T00:32:10Z
lib: Use wrapper for string to integer conversion

In order to detect an value overflow error during
the string to integer conversion with strtoul/strtoull,
the errno variable must be set to zero before the execution and
checked after the conversion is performed. This is achieved by
using the wrapper function strtoul_err and strtoull_err.

Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Ralph Böhme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
fef2a7ca by Swen Schillig at 2019-03-01T00:32:10Z
groupdb: Use wrapper for string to integer conversion

In order to detect an value overflow error during
the string to integer conversion with strtoul/strtoull,
the errno variable must be set to zero before the execution and
checked after the conversion is performed. This is achieved by
using the wrapper function strtoul_err and strtoull_err.

Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Ralph Böhme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
e82228f2 by Swen Schillig at 2019-03-01T00:32:10Z
utils: Use wrapper for string to integer conversion

In order to detect an value overflow error during
the string to integer conversion with strtoul/strtoull,
the errno variable must be set to zero before the execution and
checked after the conversion is performed. This is achieved by
using the wrapper function strtoul_err and strtoull_err.

Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Ralph Böhme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
c957f6cc by Swen Schillig at 2019-03-01T00:32:10Z
passdb: Use wrapper for string to integer conversion

In order to detect an value overflow error during
the string to integer conversion with strtoul/strtoull,
the errno variable must be set to zero before the execution and
checked after the conversion is performed. This is achieved by
using the wrapper function strtoul_err and strtoull_err.

Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Ralph Böhme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
fdd52979 by Swen Schillig at 2019-03-01T00:32:10Z
winbindd: Use wrapper for string to integer conversion

In order to detect an value overflow error during
the string to integer conversion with strtoul/strtoull,
the errno variable must be set to zero before the execution and
checked after the conversion is performed. This is achieved by
using the wrapper function strtoul_err and strtoull_err.

Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Ralph Böhme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
c067429c by Swen Schillig at 2019-03-01T00:32:10Z
modules: Use wrapper for string to integer conversion

In order to detect an value overflow error during
the string to integer conversion with strtoul/strtoull,
the errno variable must be set to zero before the execution and
checked after the conversion is performed. This is achieved by
using the wrapper function strtoul_err and strtoull_err.

Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Ralph Böhme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
414bc374 by Swen Schillig at 2019-03-01T00:32:10Z
rpcclient: Use wrapper for string to integer conversion

In order to detect an value overflow error during
the string to integer conversion with strtoul/strtoull,
the errno variable must be set to zero before the execution and
checked after the conversion is performed. This is achieved by
using the wrapper function strtoul_err and strtoull_err.

Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Ralph Böhme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
e96bccc8 by Swen Schillig at 2019-03-01T00:32:10Z
ctdb-protocol: Use wrapper for string to integer conversion

In order to detect an value overflow error during
the string to integer conversion with strtoul/strtoull,
the errno variable must be set to zero before the execution and
checked after the conversion is performed. This is achieved by
using the wrapper function strtoul_err and strtoull_err.

Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Ralph Böhme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
55acae77 by Swen Schillig at 2019-03-01T00:32:11Z
ctdb-server: Use wrapper for string to integer conversion

In order to detect an value overflow error during
the string to integer conversion with strtoul/strtoull,
the errno variable must be set to zero before the execution and
checked after the conversion is performed. This is achieved by
using the wrapper function strtoul_err and strtoull_err.

Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Ralph Böhme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
81cc7a35 by Swen Schillig at 2019-03-01T00:32:11Z
ctdb-tools: Use wrapper for string to integer conversion

In order to detect an value overflow error during
the string to integer conversion with strtoul/strtoull,
the errno variable must be set to zero before the execution and
checked after the conversion is performed. This is achieved by
using the wrapper function strtoul_err and strtoull_err.

Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Ralph Böhme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
ea7231dc by Swen Schillig at 2019-03-01T00:32:11Z
libwbclient: Use wrapper for string to integer conversion

In order to detect an value overflow error during
the string to integer conversion with strtoul/strtoull,
the errno variable must be set to zero before the execution and
checked after the conversion is performed. This is achieved by
using the wrapper function strtoul_err and strtoull_err.

Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Ralph Böhme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
ebeae5dc by Swen Schillig at 2019-03-01T00:32:11Z
wbinfo: Use wrapper for string to integer conversion

In order to detect an value overflow error during
the string to integer conversion with strtoul/strtoull,
the errno variable must be set to zero before the execution and
checked after the conversion is performed. This is achieved by
using the wrapper function strtoul_err and strtoull_err.

Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Ralph Böhme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
e7b7c634 by Swen Schillig at 2019-03-01T00:32:11Z
common-lib: Use wrapper for string to integer conversion

In order to detect an value overflow error during
the string to integer conversion with strtoul/strtoull,
the errno variable must be set to zero before the execution and
checked after the conversion is performed. This is achieved by
using the wrapper function strtoul_err and strtoull_err.

Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Ralph Böhme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
58e2c153 by Swen Schillig at 2019-03-01T00:32:11Z
libcli: Use wrapper for string to integer conversion

In order to detect an value overflow error during
the string to integer conversion with strtoul/strtoull,
the errno variable must be set to zero before the execution and
checked after the conversion is performed. This is achieved by
using the wrapper function strtoul_err and strtoull_err.

Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Ralph Böhme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
2b2ff12e by Swen Schillig at 2019-03-01T00:32:11Z
source4: Use wrapper for string to integer conversion

In order to detect an value overflow error during
the string to integer conversion with strtoul/strtoull,
the errno variable must be set to zero before the execution and
checked after the conversion is performed. This is achieved by
using the wrapper function strtoul_err and strtoull_err.

Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Ralph Böhme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
fa2c919e by Swen Schillig at 2019-03-01T00:32:11Z
ctdb-utils: Use wrapper for string to integer conversion

In order to detect an value overflow error during
the string to integer conversion with strtoul/strtoull,
the errno variable must be set to zero before the execution and
checked after the conversion is performed. This is achieved by
using the wrapper function strtoul_err and strtoull_err.

Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Ralph Böhme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
f3392f0f by Swen Schillig at 2019-03-01T00:32:12Z
lib: modify string conversion wrapper to handle signed input

The standard string conversion routines convert a "signed string"
into the positive representation of the resulting value.
This is not wanted and therefore now detected and flag'ed as an error.

Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Ralph Böhme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
a787c319 by Volker Lendecke at 2019-03-01T00:32:12Z
libsmb: Reformat the cli_smb2_create_fnum_send args

We'll add parameters in the next commit, make that commit a bit more obvious

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
56e08d39 by Volker Lendecke at 2019-03-01T00:32:12Z
libsmb: Avoid a separate "cblobs" var sending smb2 create

Less lines of code, and we will add custom cblobs soon. This change
makes that logic easier.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
02f40802 by Volker Lendecke at 2019-03-01T00:32:12Z
libsmb: add in/out cblobs to cli_smb2_create_fnum

This is driven by the imminent smb2 unix extensions, we'll want to make use of
it from source3/libsmb.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
99ef0ba0 by Volker Lendecke at 2019-03-01T01:30:34Z
libsmb: Make cli_smb2_rmdir asynchronous

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Mar  1 01:30:35 UTC 2019 on sn-devel-144

- - - - -
42e96696 by Björn Jacke at 2019-03-01T17:05:19Z
wafbuild: create missing private library symlinks on platforms without soname support for shared libs

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9557

Signed-off-by: Bjoern Jacke <bjacke at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>

Autobuild-User(master): Björn Jacke <bjacke at samba.org>
Autobuild-Date(master): Fri Mar  1 17:05:19 UTC 2019 on sn-devel-144

- - - - -
278eb236 by Amitay Isaacs at 2019-03-01T17:21:15Z
ctdb-daemon: Fix maybe-uninitialized error with picky developer

263/386] Compiling ctdb/server/ctdb_recovery_helper.c
In file included from ../../server/ctdb_recovery_helper.c:24:0:
../../server/ctdb_recovery_helper.c: In function ‘main’:
../../../lib/talloc/talloc.h:911:34: error: ‘mem_ctx’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
 #define TALLOC_FREE(ctx) do { if (ctx != NULL) { talloc_free(ctx); ctx=NULL; } } while(0)

Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
e7351603 by David Disseldorp at 2019-03-01T18:34:18Z
ctdb_mutex_ceph_rados_helper: revert strtoull_err() usage

Compilation currently fails, as ctdb_mutex_ceph_rados_helper doesn't
include or link against the samba-util library. Revert back to the
previous strtoull() behaviour, which works fine.

Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Mar  1 18:34:18 UTC 2019 on sn-devel-144

- - - - -
743b922a by Volker Lendecke at 2019-03-01T23:58:11Z
libsmb: Use tevent_req_simple_finish_ntstatus()

Less lines... Just rediscovered this function :-)

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
65c269d5 by Volker Lendecke at 2019-03-01T23:58:11Z
libsmb: Use tevent_req_simple_finish_ntstatus()

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
d1c2fe89 by Volker Lendecke at 2019-03-02T00:55:56Z
libsmb: Make cli_posix_unlink/rmdir proper tevent_req/subreq pairs

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Mar  2 00:55:56 UTC 2019 on sn-devel-144

- - - - -
7798bc14 by Ralph Boehme at 2019-03-04T13:59:42Z
CI: don't use swap

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Mar  4 13:59:42 UTC 2019 on sn-devel-144

- - - - -
9fc1a09b by David Disseldorp at 2019-03-04T18:11:15Z
vfs: drop lseek stat-open checks

b9e91d2a8e41a43d7ebb7d7eed807a7d8de9b329 added fd==-1 checks to the
lseek() path to handle "stat opens". Current reply.c and
smb2_ioctl_filesys.c callers do not invoke SMB_VFS_LSEEK() with
stat-open fsp structs, so the fd==-1 checks can be removed from the
VFS.

Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
2e181e34 by Jeremy Allison at 2019-03-04T18:11:16Z
s4:torture: Fix the test_owner_rights() test to show permissions are additive.

Tested against Windows.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

- - - - -
fadc4c1b by Jeremy Allison at 2019-03-04T18:11:16Z
s4:torture: Add test_owner_rights_deny().

Shows that owner and SID_OWNER_RIGHTS ACE
entries interact in max permissions requests.

Tested against Windows.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

- - - - -
9722f757 by Ralph Boehme at 2019-03-04T18:11:16Z
libcli/security: correct access check and maximum access calculation for Owner Rights ACEs

We basically must process the Owner Rights ACEs as any other ACE wrt to the
order of adding granted permissions and checking denied permissions. According
to MS-DTYP 2.5.3.2 Owner Rights ACEs must be evaluated in the main loop over
the ACEs in an ACL and the corresponding access_mask must be directly applied
to bits_remaining. We currently defer this to after the loop over the ACEs in
ACL, this is wrong.

We just have to do some initial magic to determine if an ACL contains and
Owner Rights ACEs, and in case it doesn't we grant SEC_STD_WRITE_DAC |
SEC_STD_READ_CONTROL at the *beginning*. MS-DTYP:

-- the owner of an object is always granted READ_CONTROL and WRITE_DAC.
CALL SidInToken(Token, SecurityDescriptor.Owner, PrincipalSelfSubst)
IF SidInToken returns True THEN
   IF DACL does not contain ACEs from object owner THEN
       Remove READ_CONTROL and WRITE_DAC from RemainingAccess
       Set GrantedAccess to GrantedAccess or READ_CONTROL or WRITE_OWNER
   END IF
END IF

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
0ebd8c99 by Jeremy Allison at 2019-03-04T18:11:16Z
s4:torture: Add test_owner_rights_deny1().

Creates a 3-element ALLOW + ALLOW + DENY ACE showing that when
calculating maximum access already seen allow bits are not removed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

- - - - -
b205d695 by Ralph Boehme at 2019-03-04T18:11:16Z
s4:torture: Add test_deny1().

Creates a 2-element ALLOW + DENY ACE showing that when calculating
effective permissions and maximum access already seen allow bits are not
removed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
8d355dd9 by Ralph Boehme at 2019-03-04T18:11:16Z
libcli/security: fix handling of deny type ACEs in access_check_max_allowed()

Deny ACEs must always be evaluated against explicitly granted rights
from previous ACEs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13812

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
128e195e by Ralph Boehme at 2019-03-04T18:11:16Z
s4:torture: add a test with additional bits in SEC_FLAG_MAXIMUM_ALLOWED

When access_mask contains SEC_FLAG_MAXIMUM_ALLOWED, the server must still
proces other bits from access_mask. Eg if access_mask contains a right that
the requester doesn't have, the function must validate that against the
effective permissions.

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
c8c6da2c by Ralph Boehme at 2019-03-04T18:11:16Z
s3:libsmb: add cli_smb2_query_mxac()

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
52e1171e by Ralph Boehme at 2019-03-04T18:11:17Z
s3:libsmb: add cli_query_mxac()

Works only for SMB2.

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
ec8984f8 by Ralph Boehme at 2019-03-04T18:11:17Z
smbcacls: add -x argument, prints maximum access

Signed-off-by: Ralph Boehme <slow at samba.org>

- - - - -
4a9f7d24 by Ralph Boehme at 2019-03-04T19:11:06Z
tests: add a simple test for smbcacls -x

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Mar  4 19:11:06 UTC 2019 on sn-devel-144

- - - - -
3ce28f91 by Tim Beale at 2019-03-04T21:41:16Z
tests: Remove redundant credentials from auth_log tests

The LDB connection in these tests is to the direct sam.ldb file on disk,
so the credentials are not actually needed (and in fact, weren't event
initialized correctly). These tests always need to run on the DC itself
(i.e. :local testenv) because they use ncalrpc connections.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
25544e10 by Tim Beale at 2019-03-04T21:41:16Z
s4:tests: Avoid passing unnecessary env variables to auth_log tests

These tests all use the ncalrpc connection, so they're always testing a
connection that's local to the server-side. Therefore passing in the
CLIENT_IP and SOCKET_WRAPPER_DEFAULT_IFACE variables (in order to try to
simulate a client connecting) is unnecessary.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
15dda1a8 by Tim Beale at 2019-03-04T21:41:16Z
s4:tests: Move duplicated test cases into loop

This is more consistent with how we run tests elsewhere.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
3dab6563 by Tim Beale at 2019-03-04T21:41:16Z
s4:tests: Remove unused DC_ENV variable

I believe this was a leftover remnant from an earlier patch revision -
it's now been replaced by the DC_SERVERCONFFILE variable.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
4f21f1ca by Tim Beale at 2019-03-04T21:41:16Z
tests: Remove explicit SOCKET_WRAPPER usage from auth_log tests

The auth-logging tests are an odd combination of server and client
behaviour. On the one hand we want a IRPC connection to see the auth
events being logged on the server. On the other hand, we want the auth
events to appear to be happening on a client. Currently we hardcode in
the use of a SOCKET_WRAPPER interface to make this happen.

We can avoid this explicit socket wrapper usage by using the server
smb.conf instead in the one place we actually want to act like the
server (creating the IRPC connection). Then we can switch from using
the 'ad_dc*:local' testenvs to use 'ad_dc*', in order to act like a
client by default. The SERVERCONFFILE environment variable has already
been added for the few cases where a test needs explicit access to the
server's smb.conf.

However, for samba.tests.auth_log, the samlogon test cases are still
reliant on being run on the :local testenv, and so we can't switch them
over just yet. This is because the samlogon is using the DC's machine
creds underneath, which will fail on the non-local testenv. We could
create separate machine creds for the client and use those, but this is
a non-trivial rework of the test code.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
c185bf1d by Tim Beale at 2019-03-04T21:41:16Z
tests: Work audit_log CLIENT_IP out from config instead of env var

Instead of passing the CLIENT_IP to the audit_log tests, we can just
work out the source-IP that the client will use from its smb.conf file.
Because the audit_log tests are all run on the non-local testenv,
they'll already use the client.conf and the 127.0.0.11 address.

The main advantage of this change is it avoids having hardcoded IP
addresses in the selftest framework.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
a7d09580 by Tim Beale at 2019-03-04T21:41:17Z
tests: Work auth_log CLIENT_IP out from config instead of env var

Instead of passing the CLIENT_IP to the auth_log tests, we can just
work out the source-IP that the client will use from its smb.conf file.

This only works for auth_log_pass_change, but not auth_log.py - the
latter still needs to be run on the :local testenv for other reasons, so
it doesn't use the client.conf. However, we can still update the base
code to use the client.conf IP, as auth_log.py overrides
self.remoteAddress anyway.

The main advantage of this change is it avoids having hardcoded IP
addresses in the selftest framework.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
c1b6fe62 by Andreas Schneider at 2019-03-04T21:41:17Z
s4:torture: Make sure we do not create a shadow 'struct params'

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
4d8aa4a1 by Douglas Bagnall at 2019-03-04T21:41:17Z
s4/auth/krb: fix spelling of entries

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
4ddfe8fc by Douglas Bagnall at 2019-03-04T21:41:17Z
dns_hub: use python 3 shebang

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
edfd33ab by Douglas Bagnall at 2019-03-04T21:41:17Z
tests/rodc_rwdc: p.communicate() gives bytes, not str

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
16f4c694 by Douglas Bagnall at 2019-03-04T21:41:17Z
dsdb:util_links: count el->values with unsigned int

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
1f973220 by Douglas Bagnall at 2019-03-04T21:41:17Z
dsdb/group_audit: use common get_parsed_dns_trusted()

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
0673ad09 by Douglas Bagnall at 2019-03-04T21:41:17Z
replmd/la: disambiguate error messages a bit

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
7d8cfe02 by Douglas Bagnall at 2019-03-04T21:41:18Z
dsdb/pytests: sanity checks for links under subtree renames

These tests will ensure that linked attributes continue to be handled
correctly under forthcoming changes. The la_move_ou_tree_big() test
will show that the changes make this much faster, after which it can
perhaps be removed.

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
bf50324f by Douglas Bagnall at 2019-03-04T21:41:18Z
dsdb:replmd: add compatible feature helper function

repl_meta_data.c uses the compatible features attribute of the
"@SAMBA_DSDB" special object to record that linked attributes are
being stored in the database in a sorted order. Soon the
linked_attributes module is going to want to know the same thing, and
in time other modules will want to know about other compatible
features, so we introduce a helper function.

Error checking is slightly improved.

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
518320ae by Douglas Bagnall at 2019-03-04T21:41:18Z
dsdb: linked_attributes module knows about sorted links

Until now the linked attrbutes module has allocated its private data
on a per transaction basis, but we prefer to check the sorted links
feature less often than that. So the private data struct is given
module life time and a transaction member to carry out the old role.

In coming patches, the sorted links flag will be used.

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
8765ed2f by Douglas Bagnall at 2019-03-04T21:41:18Z
dsdb linked attributes: fix forward links faster

Rename operations can be very slow in large database with many group
memberships, because the linked attributes need to be found and
rewritten for each moved object and the way we did that was naive.

For a while now Samba has kept forward links in sorted order, so
finding group memberships can be an O(log n) rather than O(n)
operation. This patch makes use of that.

The backlinks are not sorted, nor are forward links in old databases,
so we have to use a linear search in those cases.

There is a little bit of extra work to handle the few kinds of forward
links (e.g. msDS-RevealedUsers) that have DN+Binary values.

Tim and Garming came up with the basic idea and a prototype.

Pair-programmed-with: Tim Beale <timbeale at catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming at catalyst.net.nz>
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
6d01cb51 by Douglas Bagnall at 2019-03-04T21:41:18Z
dsdb/linked_attributes: initialise more pointers to NULL

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
4f812c1f by Douglas Bagnall at 2019-03-04T21:41:18Z
dsdb/linked_attributes: improve formatting in some places

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
e4ac7fb9 by Douglas Bagnall at 2019-03-04T21:41:18Z
dsdb/linked_attributes: shortcut exit for backlink fix

In most cases there can only be one link for each GUID. If we assume
that is true, we can skip half the search, on average.

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
c942614e by Douglas Bagnall at 2019-03-04T21:41:18Z
dsdb pytsts: reduce scale of subtree rename speed test

The speed test, when it was introduced a few patches ago, was
deliberately slow so that we could see how much better the changes
were. It used 500 users, 50 groups, and 27 computers.

Before the changes, it took this long:

rename ou took 64.373s
rename group took 0.160s
rename user took 0.004s
rename computer took 0.123s

After using the sorted links, it took this long:

rename ou took 12.984s
rename group took 0.161s
rename user took 0.004s
rename computer took 0.122s

And with the final patch to stop the linear search early on success:

rename ou took 11.680s
rename group took 0.089s
rename user took 0.004s
rename computer took 0.128s

"rename ou" is the one we were aiming at. Now that we have done that,
we reduce the size of the test so as not to slow down everyone's
autobuilds.

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
f0ecfd38 by Douglas Bagnall at 2019-03-04T22:41:01Z
pidl/Python: initialise a datablob

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Mar  4 22:41:01 UTC 2019 on sn-devel-144

- - - - -
6a7dd7ab by Aaron Haslett at 2019-03-05T13:10:43Z
tests: Reduce likelihood of auth_log test locking up during CI

We would sometimes see the auth_log test hang during a CI run. The CI
job would eventually fail after consuming a costly 10 hours of CI
runtime.

We believe the problem is around the test creating multiple instances of
the Messaging() context. This is a similar race condition to what was
seen in 19f34b2161dee26.

Currently a new Messaging() context is created for every test case. By
using classmethods instead, the Messaging context is only created once
per python test file execution (i.e. creation of the python class,
rather than initialization of the python object, which happens for every
test-case).

This means the test will only create one Messaging() context, which
should avoid any race conditions.

Changes:
+ removed msg_ctxs - this wasn't actually used for anything.
+ use classmethods to setup and tear-down the Messaging() context (and
tweak lp initialization accordingly).
+ fix discardMessages() - the loop wasn't actually discarding any
messages previously (this may also have been the cause of the test
hanging).

Signed-off-by: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>

Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Tue Mar  5 13:10:43 UTC 2019 on sn-devel-144

- - - - -
5e09d392 by Tim Beale at 2019-03-05T23:27:30Z
selftest: Add helper functions to get IP addresses

Let's centralize these assumptions in one place.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
572f83d6 by Tim Beale at 2019-03-05T23:27:30Z
selftest: dns_hub doesn't need to store $swiface

dns_hub doesn't need to store $ctx->{swiface}. Other testenvs store this
and export it as SOCKET_WRAPPER_DEFAULT_IFACE (i.e. for the tests to
use), but dns_hub doesn't need to do this.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
2b60936d by Tim Beale at 2019-03-05T23:27:30Z
selftest: Avoid hard-coding client IP address

We implicitly assume the client IP used by selftest is always
127.0.0.11. Add an iface entry for the client to make this a little more
explicit.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
d1e145d6 by Tim Beale at 2019-03-05T23:27:30Z
selftest: Cleanup Samba.pm iface mapping

It looks a bit cleaner if we declare the hash-map in one go, rather than
adding each entry one at a time. Also added a comment explaining what
the hash-map is for, and fixed up tab vs spaces inconsistencies.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
90ea8c2a by Tim Beale at 2019-03-05T23:27:30Z
selftest: Try to tie dns_hub IP mapping to Samba.pm better

dns_hub.py maps the testenv realm to an IP and Samba.pm maps the testenv
NetBIOS name to an IP. We need to keep the two places consistent, as we
add or remove testenvs.

This patch changes dns_hub.py so that it uses a similar hashmap to
Samba.pm. We now have a hashmap with the same name in 2 different
places, so hopefully that's easier to tie them together and keep them in
sync.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
d6d8ecb5 by Tim Beale at 2019-03-05T23:27:31Z
selftest: Split out dns_hub's testenv realm-to-IP logic

Add a separate helper function, as the realm-to-IPv4-addr logic is
fairly self-contained.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
cbcd4f8f by Tim Beale at 2019-03-05T23:27:31Z
selftest: Pass realm-to-IP mapping to dns_hub as an argument

Instead of storing hashmaps in 2 different files, we can just convert a
perl hashmap into a string, pass it to dns_hub, and convert it back into
a python dictionary.

The main reason for doing this is the IP-to-testenv mapping now all
lives in a single file (Samba.pm). All this logic is right next to each
other rather than being split across multiple files. Hopefully this will
make it easier to keep it up to date as we add new testenvs.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
327ed975 by Tim Beale at 2019-03-05T23:27:31Z
selftest: Map realm to IP address (instead of iface)

The code is more readable if the hashmap translates between realm and
DC-name, rather than realm-to-iface. We already have a function to map
between DC-name and iface (and since we're doing this, we might as well
map straight to IP address).

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
2cd65a7a by Tim Beale at 2019-03-05T23:27:31Z
dns_hub: Minor variable rename

We've dropped the iface logic now - this dictionary maps from
realm-to-IP.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
1d5583c9 by Tim Beale at 2019-03-06T00:48:43Z
dns_hub: Add some debug as to what DNS proxying is happening

This should make it clear at run-time how dns_hub is actually proxying
DNS requests, which will hopefully aid in debugging problems (i.e.
forgetting to add a mapping when adding a new DNS realm).

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Mar  6 00:48:43 UTC 2019 on sn-devel-144

- - - - -
4b1e4c22 by Christof Schmitt at 2019-03-06T00:50:14Z
lib/winbind_util: Move include out of ifdef

This fixes compile errors about missing prototypes with
--picky-developer and --without-winbind

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
73bac6f9 by Christof Schmitt at 2019-03-06T00:50:15Z
lib/winbind_util: Remove winbind_[gu]id_to_sid

Commit c906153cc7 removed these functions, now also remove them for the
--without-winbind case.

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
4125ff89 by Christof Schmitt at 2019-03-06T01:53:16Z
lib/winbind_util: Add winbind_xid_to_sid for --without-winbind

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13813

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Mar  6 01:53:16 UTC 2019 on sn-devel-144

- - - - -
c059b8cb by Mathieu Parent at 2019-03-06T03:16:14Z
Enable make test even without lmdb

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13630

Signed-off-by: Mathieu Parent <math.parent at gmail.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>

- - - - -
6da3664f by Stefan Metzmacher at 2019-03-06T03:16:14Z
ndr_spoolss_buf: fix out of scope use of stack variable in NDR_SPOOLSS_PUSH_ENUM_OUT()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13818

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>

- - - - -
ce83b21b by Isaac Boukris at 2019-03-06T03:16:15Z
sam.c: fix incorrect check of talloc_new() allocation

Signed-off-by: Isaac Boukris <iboukris at gmail.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>

- - - - -
d94c8992 by Isaac Boukris at 2019-03-06T04:30:22Z
sam.c: allocate account_sid on tmp_ctx

Signed-off-by: Isaac Boukris <iboukris at gmail.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Mar  6 04:30:22 UTC 2019 on sn-devel-144

- - - - -
72c79e30 by Garming Sam at 2019-03-07T00:33:16Z
web_server: Remove the unused Python WSGI web server

SWAT was removed in Samba 4.1 and there isn't any reason to keep a web
server in our codebase. The web server was not turned on by default.

The web server plainly does not hold up to modern web server standards
and allows for resource exhaustion (and probably generally has bugs).
Credit goes to Michael Hanselmann for prompting us to remove this
service entirely.

Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
4d2260d8 by Garming Sam at 2019-03-07T00:33:16Z
web_server: Remove the web port smb.conf parameter

With the removal of the web server, there are not any users of this
parameter and so should just be removed.

Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
ccb64532 by Christof Schmitt at 2019-03-07T01:30:49Z
passdb: Increase ABI version to 0.28.0

The change from c906153cc lib: Remove some unused code
removed functions, but only updated the minor version
of the ABI. Update the passdb version to 0.28.0
to reflect this change.
file.

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Mar  7 01:30:49 UTC 2019 on sn-devel-144

- - - - -
4a9a77f4 by Garming Sam at 2019-03-07T02:14:15Z
paged_results: Remove C++ commment and unneeded TODO

Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Tim Beale <timbeale at catalyst.net.nz>

- - - - -
ff58f458 by Garming Sam at 2019-03-07T03:17:52Z
WHATSNEW: Add the removal of the web server

Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Garming Sam <garming at samba.org>
Autobuild-Date(master): Thu Mar  7 03:17:52 UTC 2019 on sn-devel-144

- - - - -
0c52a6be by Andrew Bartlett at 2019-03-07T03:50:20Z
dsdb: Unify samdb_{get,set}_ntds_{objectGUID,invocation_id}

The new unified versions have better debugging and ensure
that both functions continue to have the same control flow.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
30f93bc7 by Andrew Bartlett at 2019-03-07T03:50:20Z
kcc: Give a better error message when samdb_ntds_objectGUID fails

Signed-off-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
6f2558ca by Andrew Bartlett at 2019-03-07T03:50:20Z
dsdb: Provide better error strings in rootdse GUID attribute handling

Signed-off-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
8b18da27 by Andrew Bartlett at 2019-03-07T04:58:42Z
s4-server: Open and close a transaction on sam.ldb at startup

This fixes upgrading from 4.7 and earlier releases, and makes the DB
reindexing more transparent. It should also make it easier to handle
future normalisation rule changes, e.g. if we change the pack-format
of integer indexes in a future release.

Without this change, the  should have still handled reindexing the
database. We don't know why exactly this wasn't happening correctly,
but opening a transaction early in the samba process startup should
now guarantee that the DB is correctly reindexed by the time the main
samba code runs.

An alternative fix would have been to open a transaction in the the
DSDB module stack every time we connect to the database. However, this
would add an extra write lock every time we open the DB, whereas
starting samba happens much more infrequently.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13760

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Mar  7 04:58:42 UTC 2019 on sn-devel-144

- - - - -
02c7b8c0 by Joe Guo at 2019-03-07T12:01:25Z
subunit/run.py: make iso8601 UTC usage python 2/3 compatible

In `iso8601/iso8601.py`:

    if sys.version_info >= (3, 2, 0):
        UTC = datetime.timezone.utc
        ...
    else:
        class Utc(datetime.tzinfo):
            ...

        UTC = Utc()

The class `Utc` is only available for python < 3.2.0.
Use `UTC` instance instead, which is python 2/3 compatible.

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Noel Power <npower at samba.org>

- - - - -
10109f62 by Joe Guo at 2019-03-07T12:01:25Z
tests/auto_log_pass_change.py: only care about the last expected message other than exact messages count

The messages count could be different because of racing condition.
And we should only care about the last expected one.

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andrew Bartlett abartlet at samba.org
Reviewed-by: Noel Power npower at samba.org

- - - - -
80cf852d by Joe Guo at 2019-03-07T13:03:56Z
subunit/run.py: change shebang to python3

always use explicit python version at current stage.

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Noel Power <npower at samba.org>

Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Thu Mar  7 13:03:56 UTC 2019 on sn-devel-144

- - - - -
36adf08f by Kristján Valur at 2019-03-07T14:08:21Z
pygpo: Replace the use of SystemError with RuntimeError.

SystemError is reserved for internal errors in the interpreter.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13822
Signed-off-by: Kristján Valur Jónsson <kristjan at rvx.is>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Noel Power <npower at samba.org>

- - - - -
08b5b11b by Kristján Valur at 2019-03-07T14:08:21Z
pygpo: Proper exception exit in py_ads_connect().

connect() now succeeds or raises an exception.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13822
Signed-off-by: Kristján Valur Jónsson <kristjan at rvx.is>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Noel Power <npower at samba.org>

- - - - -
a8b316d1 by Kristján Valur at 2019-03-07T14:08:21Z
pygpo: Fix error handing when getting gpo unix path.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13822
Signed-off-by: Kristján Valur Jónsson <kristjan at rvx.is>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Noel Power <npower at samba.org>

- - - - -
1ff252e3 by Kristján Valur at 2019-03-07T14:08:22Z
pygpo: More python exception cleanup.

* Don't override existing exceptions.

* Careful with talloc contexts.

* Return NULL on error.

* Add more information to exception messages from internal functions.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13822
Signed-off-by: Kristján Valur Jónsson <kristjan at rvx.is>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Noel Power <npower at samba.org>

- - - - -
d2a75489 by Kristján Valur at 2019-03-07T14:08:22Z
pygpo: keep a reference to python credentials in the ADS struct to keep the internal pointer valid.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13822
Signed-off-by: Kristján Valur Jónsson <kristjan at rvx.is>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Noel Power <npower at samba.org>

- - - - -
18638535 by Kristján Valur at 2019-03-07T14:08:22Z
pygpo: Fix module initialization.

* Add reference count to type.

* Add error checking.

* Remove unnecessary tp_new method.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13822
Signed-off-by: Kristján Valur Jónsson <kristjan at rvx.is>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Noel Power <npower at samba.org>

- - - - -
5b4618ca by Kristján Valur at 2019-03-07T14:08:22Z
pygpo: Safer handling of memory for ads_ptr.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13822
Signed-off-by: Kristján Valur Jónsson <kristjan at rvx.is>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Noel Power <npower at samba.org>

- - - - -
c25e7953 by Kristján Valur at 2019-03-07T15:08:19Z
pygpo: take ownership of password pointer

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13822
Signed-off-by: Kristján Valur Jónsson <kristjan at rvx.is>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Noel Power <npower at samba.org>

Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Thu Mar  7 15:08:19 UTC 2019 on sn-devel-144

- - - - -
3ddb5429 by Joe Guo at 2019-03-08T00:42:18Z
samba-o3: fix -Werror=strict-overflow error in lib/ldb-samba/ldb_ildap module

samba-o3 test failed in ubuntu:16.04 docker container:

    ==> /home/samba/samba/samba-o3.stderr <==
    ../../lib/ldb-samba/ldb_ildap.c: In function ‘ildb_handle_request’:
    ../../lib/ldb-samba/ldb_ildap.c:535:2: error: assuming signed overflow does not occur when simplifying conditional to constant [-Werror=strict-overflow]
      for (i = 0; i < n; i++) {
      ^
    ../../lib/ldb-samba/ldb_ildap.c:579:2: error: assuming signed overflow does not occur when simplifying conditional to constant [-Werror=strict-overflow]
      for (i = 0; i < n; i++) {
      ^
    cc1: all warnings being treated as errors

Change type to mute errors.

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
16d40ffc by Joe Guo at 2019-03-08T00:42:19Z
samba-o3: fix -Werror=strict-overflow error in s4/torture/raw/eas module

samba-o3 test failed in ubuntu:16.04 docker container:

    ==> /home/samba/samba/samba-o3.stderr <==
    ../../source4/torture/raw/eas.c: In function ‘test_max_eas’:
    ../../source4/torture/raw/eas.c:286:12: error: assuming signed overflow does not occur when simplifying conditional to constant [-Werror=strict-overflow]
     static bool test_max_eas(struct smbcli_state *cli, struct torture_context *tctx)
                ^
    cc1: all warnings being treated as errors

`total += j` may overflow. Change total type to `size_t` to mute error.

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
5bc215f7 by Joe Guo at 2019-03-08T00:42:19Z
samba-o3: fix -Werror=maybe-uninitialized in lib/mscat/mscat_pks7.c

samba-o3 test failed in ubuntu:1804 image with:

    ../../lib/mscat/mscat_pkcs7.c: In function ‘mscat_pkcs7_import_catfile’:
    ../../lib/mscat/mscat_pkcs7.c:143:18: error: ‘blob.length’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
      mscat_data.size = blob.length;
      ~~~~~~~~~~~~~~~~^~~~~~~~~~~~~
    ../../lib/mscat/mscat_pkcs7.c:142:18: error: ‘blob.data’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
      mscat_data.data = blob.data;
      ~~~~~~~~~~~~~~~~^~~~~~~~~~~
    ../../lib/mscat/mscat_pkcs7.c: In function ‘mscat_pkcs7_verify’:
    ../../lib/mscat/mscat_pkcs7.c:225:16: error: ‘blob.length’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
       ca_data.size = blob.length;
       ~~~~~~~~~~~~~^~~~~~~~~~~~~
    ../../lib/mscat/mscat_pkcs7.c:224:16: error: ‘blob.data’ may be used uninitialized in this function [-Werror=maybe-uninitialized]
       ca_data.data = blob.data;
       ~~~~~~~~~~~~~^~~~~~~~~~~
    cc1: all warnings being treated as errors

Since in `mscat_read_file`, it may still return rc = 0 while goto error,
ends up with blob uninitialized.

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
c71334ec by Andreas Schneider at 2019-03-08T01:41:27Z
lib:util: Move debug message for mkdir failing to log level 1

If you connnect to a host with smbclient this gets always printed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13823

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Mar  8 01:41:27 UTC 2019 on sn-devel-144

- - - - -
3873437e by Volker Lendecke at 2019-03-08T18:20:10Z
libsmb: Simplify cli_smb2_mxac

smb2_create_blob_find() can search for a create blob for us

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
20ebd176 by Volker Lendecke at 2019-03-08T18:20:10Z
libsmb: Make cli_smb2_unlink async

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
7fc3b2b2 by Volker Lendecke at 2019-03-08T18:20:10Z
libsmb: Add "in_cblobs" to cli_smb2_rmdir

This reveals the fact that rmdir is an open/close in smb2 through the
API. This is not nice, but it's an internal API with currently only
one user. And it enables posix semantics for the open easily.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
9a38dc0c by Volker Lendecke at 2019-03-08T18:20:10Z
libsmb: Add "in_cblobs" to cli_smb2_unlink

This reveals the fact that unlink is an open/close in smb2 through the
API. This is not nice, but it's an internal API with currently only
one user. And it enables posix semantics for the open easily.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
7caf2cbd by Volker Lendecke at 2019-03-08T19:16:18Z
libsmb: Use tevent_req_simple_finish_ntstatus

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Mar  8 19:16:18 UTC 2019 on sn-devel-144

- - - - -
3e6b84f8 by Karolin Seeger at 2019-03-11T19:40:58Z
VERSION: Bump version up to 4.9.6...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
abf2e7c4 by Douglas Bagnall at 2019-03-12T00:42:18Z
pidl/s4/python: call export "export" in py exceptions

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
ed562c04 by Douglas Bagnall at 2019-03-12T00:42:18Z
selftest/format-subunit-json: remove useless py2 print

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
4a231855 by Douglas Bagnall at 2019-03-12T00:42:18Z
selftest/filter-subunit: use py3 print

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
561b654b by Douglas Bagnall at 2019-03-12T00:42:18Z
s4/scripting: MORE py3 compatible print functions

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
287abca7 by Douglas Bagnall at 2019-03-12T00:42:18Z
test/blackbox: py3 compatible print in documentation.

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
0a804d38 by Douglas Bagnall at 2019-03-12T00:42:18Z
s4/scripting/autoidl: p3 exception syntax

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
a27c39c2 by Michael Hanselmann at 2019-03-12T00:42:19Z
Avoid NULL pointer dereference in SMBsendend handler

The "reply_sendend" function wouldn't check whether the connection had
any pending message state. A client sending an out-of-order SMBsendend
message would trigger a NULL pointer dereference.

Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Signed-off-by: Michael Hanselmann <public at hansmi.ch>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
e18610a1 by Volker Lendecke at 2019-03-12T00:42:19Z
lib: Make sid_parse return the parsed length

Use a temporary struct as a return value to make the compiler catch all
callers. If we just changed bool->ssize_t, this would just generate a
warning. struct sid_parse_ret will go away in the next commit

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
d7de2f77 by Volker Lendecke at 2019-03-12T00:42:19Z
lib: Remove "struct sid_parse_ret" again

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
afd5d34f by Volker Lendecke at 2019-03-12T00:42:19Z
libsmb: Use sid_parse()

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
d959bea2 by Andrew Bartlett at 2019-03-12T00:42:19Z
modules: Add dependency on tirpc to vfs_nfs4acl_xattr

This is done as a new subsystem (either filled or empty) rather than via string
manipulation.

This will fix compile error on fedora.

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>

- - - - -
5514b98f by Garming Sam at 2019-03-12T00:42:19Z
gpo: Ensure that gplink works when empty

It appears that RSAT can leave a space in the gPLink field, which we need to handle.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13564

Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
bcb0270c by Garming Sam at 2019-03-12T00:42:19Z
gpo: Add tests to make sure that an empty gplink works

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13564

Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
2e231541 by Garming Sam at 2019-03-12T00:42:20Z
py3: io.open takes a numeric buffering argument at index 2

It's unsure why this doesn't fail generically, but it fails on my machine sometimes...

Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
f301b20e by Garming Sam at 2019-03-12T00:42:20Z
gpo: Restore gPCMachineExtensionNames and gPCUserExtensionNames

After creating a backup and calling 'gpo restore', this makes it so that
restoring a GPO will instantly enable it for use.

There might be some cases where we might not want to do this, but for now just do it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13627

Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
70681d41 by Garming Sam at 2019-03-12T00:42:20Z
gpo: Add test for saving gPCXXXExtensionNames in backup

The test only checks that the LDAP values are equal before and after.
The format and specifics should be up to the implementation -- and be
amenable to changes later. As long as the extension doesn't match
.SAMBABACKUP or .xml, it won't be detected by the tools.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13627

Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
75cf7283 by Garming Sam at 2019-03-12T00:42:20Z
gpo: Parse GPT.INI with Latin-1

For some reason the French version of RSAT turns accents into ISO-8859-1.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13806

Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
52e01601 by Garming Sam at 2019-03-12T00:42:20Z
gpo: During restore clobber GPT.INI with a blank version

Generally speaking, there is not much value to keeping this file. The
display name does not ever seem to be used and the version only applies
to the original domain or DC it was on. The command line option to
revert this behaviour is mostly for the tests or for having a straight
1:1 backup-restore for pure restoration.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13806

Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
1364ae3a by Garming Sam at 2019-03-12T01:41:32Z
gpo: Backup a policy folder containing GPE.INI

The GPE.INI file does not appear to be documented anywhere in the
protocol specifications and seems to be due to legacy code. It appears
that it used to be how the gPCUserExtensionNames and
gPCMachineExtensionNames were maintained without the requirement for
LDAP.

All we do is ignore the parsing of this file and copy it over as binary.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13825

Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Mar 12 01:41:32 UTC 2019 on sn-devel-144

- - - - -
31aecee1 by Andrew Bartlett at 2019-03-12T01:53:26Z
samba-tool domain provision: Fix --interactive module in python3

The prompts were not being printed to the screen because the stream
was not being flushed.

As reported on the samba mailing list by Adam Xu:
https://lists.samba.org/archive/samba/2019-March/221753.html

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13828

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Tim Beale <timbeale at catalyst.net.nz>

- - - - -
3bee2443 by Tim Beale at 2019-03-12T01:53:26Z
selftest: Remove unused SELFTEST_INTERFACES

This doesn't appear to be used anywhere and dates back to 2008.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
0dbb9238 by Tim Beale at 2019-03-12T01:53:26Z
selftest: Move @exported_envvars into Samba.pm

This brings it closer to the code that actually sets these variables
(i.e. Samba3/4.pm).

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
d192ba4e by Tim Beale at 2019-03-12T01:53:26Z
selftest: Add helper function to create exports file for a testenv

This writes out the environment variables that are normally setup in the
testenv xterm to a file. This allows them to be sourced later.

This function is currently unused. However, it provides an alternative
replacement for the selftest-vars.sh script (which is really out of
date). I do plan to make use of this function in a subsequent patch-set.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
a64c2e3b by Tim Beale at 2019-03-12T01:53:26Z
s4/scripting: Remove legacy selftest-vars.sh script

This script was added in 2010 and has only been sporadically kept
up-to-date since. It doesn't appear to work (I think that selftest
and the testenvs have perhaps grown in complexity since 2010 and it's no
longer possible to try to access a testenv from a different
process-space, due to how we use the cwrap libraries).

There's now an alternative (export_envvars_to_file()) in the selftest
code to regenerate a similar file, if anyone actually needs it.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
345c33d1 by Tim Beale at 2019-03-12T01:53:26Z
selftest: Remove RUN_FROM_BUILD_FARM env variable

The build farm is no longer used, so we can remove checks for this
environment variable in the selftest code.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
a68e8af2 by Tim Beale at 2019-03-12T02:56:05Z
testsuite: Remove build_farm testsuites

This test code is not run (and has not been run for about a decade).
Let's remove it - it's there in the git history if we ever want to try
to repurpose it again.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Mar 12 02:56:05 UTC 2019 on sn-devel-144

- - - - -
00baebb8 by Volker Lendecke at 2019-03-12T12:47:29Z
lib: Make idmap_cache return negative mappings

Without this we'd query non-existent mappings over and over
again.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit d9303e8eb90d48f09f2e2e8bdf01f4a7c3c21d11)

- - - - -
d9b762a3 by Volker Lendecke at 2019-03-12T12:47:29Z
idmap_cache: Only touch "sid" on success in find_xid_to_sid

Why? This makes the negative mapping condition (is_null_sid) more
explicit in the code.

The callers in lookup_sid initialized "psid" anyway before, and the ones
in wb_xids2sids now do as well. This is more in line with other APIs we
have: Only touch output parameters if you have something to say.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit 4faf3e9f6da7515fc263d79f77226d105c2f8524)

- - - - -
bdeacbab by Volker Lendecke at 2019-03-12T12:47:29Z
winbind: Initialize "expired" parameter to idmap_cache_xid2sid

The code in idmap_cache only touches its output parameters upon success

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit 8c28c12702c0935a852c7fed6565987623f09fee)

- - - - -
527ecdbe by Volker Lendecke at 2019-03-12T12:47:30Z
winbind: Now we explicitly track if we got ids from cache

This now properly makes us use negative cache entries

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit 95d33ca79cc315f1a2e41cd60859ef01d6548c77)

- - - - -
71f7738c by Volker Lendecke at 2019-03-12T12:47:30Z
idmap_cache: Introduce idmap_cache_find_xid2sid

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit bb8122dd8c53bb307819a79b7888cc0940a7c13b)

- - - - -
d74b8a1c by Volker Lendecke at 2019-03-12T12:47:30Z
torture: Add tests for idmap cache

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit e5a903bab6eda8f7ff2a7c8149d51022d9d8aede)

- - - - -
5bf41f42 by Volker Lendecke at 2019-03-12T12:47:30Z
winbind: Use idmap_cache_find_xid2sid

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit bc9824bd42d9370279819ea0d927e236f6041324)

- - - - -
713c48eb by Volker Lendecke at 2019-03-12T12:47:30Z
lib: Introduce winbind_xid_to_sid

This does not merge a winbind communication error into
"global_sid_NULL" (S-1-0-0), which by the way non-intuitively does not
go along with is_null_sid(). Instead, this just touches the output sid
when winbind returned success. This success might well be a negative
mapping indicated by S-0-0, which *is* is_null_sid()...

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit ef706a3e63b3e25edd27e0f99c3e2d8ff7209cb6)

- - - - -
522b8501 by Volker Lendecke at 2019-03-12T12:47:30Z
lib: Add dom_sid_str_buf

This is modeled after server_id_str_buf, which as an API to me is easier to
use: I can rely on the compiler to get the buffer size right.

It is designed to violate README.Coding's "Make use of helper variables", but
as this API is simple enough and the output should never be a surprise at all,
I think that's worth it.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Nov  2 20:11:11 CET 2018 on sn-devel-144

(cherry picked from commit 8b9d36221930a487ca5c51bf2e38ed04de9d50f7)

- - - - -
f175abcc by Volker Lendecke at 2019-03-12T12:47:30Z
passdb: Introduce xid_to_sid

This explicitly avoids the legacy_[ug]id_to_sid calls, which create
long-term cache entries to S-1-22-x-y if anthing fails. We can't do
this, because this will turn temporary winbind communication failures
into long-term problems: A short hickup in winbind_uid_to_sid will
create a mapping to S-1-22-1-uid for a week. It should be up to the
lower layers to do the caching.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit 92f27ebb14c0c18b1d0fd49544ad851aeb14781c)

- - - - -
1f915119 by Volker Lendecke at 2019-03-12T12:47:30Z
passdb: Make [ug]id_to_sid use xid_to_sid

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13813
(cherry picked from commit 40de67f1fcc46b7a64a7364c91dcedb474826d51)

- - - - -
f506180c by Christof Schmitt at 2019-03-12T12:47:30Z
passdb: Update ABI to 0.27.2

This change is for the backport only. The change in master increased the
ABI version to 0.28.0 and removed some functions; this should not happen
in a backport.

Signed-off-by: Christof Schmitt <cs at samba.org>

- - - - -
7f74413a by Christof Schmitt at 2019-03-12T12:47:30Z
lib/winbind_util: Move include out of ifdef

This fixes compile errors about missing prototypes with
--picky-developer and --without-winbind

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 4b1e4c22128bdefe549a58b181e9b755854f4c3e)

- - - - -
65c85aee by Christof Schmitt at 2019-03-12T12:47:30Z
lib/winbind_util: Add winbind_xid_to_sid for --without-winbind

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13813

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Mar  6 01:53:16 UTC 2019 on sn-devel-144

(cherry picked from commit 4125ff89e44a3e98882cfc38c06e559a6e1e56a5)

- - - - -
f232cd76 by Ralph Boehme at 2019-03-12T12:47:31Z
CI: don't use swap

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Mon Mar  4 13:59:42 UTC 2019 on sn-devel-144

(adapted from from commit 7798bc14fbdae3461eb30421923d53978b3f781d
by Andrew Bartlett)

- - - - -
aaefa8ea by Günther Deschner at 2019-03-12T12:47:31Z
WHATSNEW: mention new vfs_glusterfs_fuse module

Guenther

Signed-off-by: Guenther Deschner <gd at samba.org>

- - - - -
fc40f87e by Andreas Schneider at 2019-03-12T16:13:29Z
lib:util: Move debug message for mkdir failing to log level 1

If you connnect to a host with smbclient this gets always printed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13823

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

(cherry picked from commit c71334ec0c92e791022a9b7c900aa0dd649226c2)

Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Tue Mar 12 16:13:29 UTC 2019 on sn-devel-144

- - - - -
c69092e9 by Douglas Bagnall at 2019-03-14T02:12:18Z
s4/scripting: remove obsolete w32err_code.py

This has been replaced by gen_werror.py which shares common code with other scripts
(e.g. gen_ntstatus) and is more likely to work with conteporary microsoft HTML.

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
a3da2f63 by Tim Beale at 2019-03-14T02:12:18Z
selftest: Remove secondary client interfaces

I can't see anything in the tests that ever tries to use these other IP
addresses. While it makes sense that we might want the tests to simulate
multiple different clients (with different IPs), we don't appear to do
this currently.

Removing the spare client addresses minimizes the number of hard-coded
IP addresses in selftest.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
e9c01fdb by Tim Beale at 2019-03-14T02:12:18Z
selftest: Add helper function to get interfaces config

Add a helper function to return the IPv4/IPv6 addresses for the
smb.conf. This keeps the netmask assumptions in the same places as
the IP subnet assumptions.

This refactor means we no longer need to store $ctx->{interfaces}, as it
was only used in one place.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
1fb01c5b by Tim Beale at 2019-03-14T02:12:19Z
tests: Make IPv4 assumption explicit

This test is asserting the expected number of *IPv4* addresses, not any
interface address (including IPv6). It works currently because the
selftest client doesn't have an IPv6 address in its smb.conf.

This patch makes the IPv4 assumption explicit by importing
interface_ips_v4() from the provision code. We need to tweak this to
pass through an 'all_interfaces' flag, otherwise it filters out the
loopback IP addresses that the testenv is using.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
18ebdc31 by Tim Beale at 2019-03-14T02:12:19Z
selftest: Use new helper function for client's smb.conf IP

This has the side-effect of giving the client an IPv6 address, which it
hasn't had up until now. But it at least makes the client and server
interfaces settings consistent, and gets rid of a hard-coded IP address.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
50abab31 by Tim Beale at 2019-03-14T02:12:19Z
selftest: Use consistent env variables for dns_hub

Setting up a testenv involves populating 2 different hashmaps - an
intermediary one (usually called 'ctx') and one that is used to populate
the testenv environment variables (usually called 'env_vars' or
'dcvars').
Because the dns_hub setup is very simple, it doesn't need two different
hashmaps. However, the variable names are still a mix of the two
hashmaps.

This patch updates dns_hub to use the second, more finalized hashmap
variable-names.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
3075b85c by Tim Beale at 2019-03-14T02:12:19Z
selftest: Remove unnecessary dns_hub hashmap entries

These are only used within the function, and there's already a local
variable that stores the same info.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
8ba6f1c8 by Stefan Metzmacher at 2019-03-14T02:12:19Z
blackbox/*.sh: pass -u to 'diff'

This is what we work with every day...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
5357f591 by Stefan Metzmacher at 2019-03-14T02:12:19Z
blackbox/dbcheck-links.sh: reproduce lost deleted object problem

When a parent object is removed during the tombstone garbage collection
before a child object and samba-tool dbcheck runs at the same time, the
following can happen:

- If the object child had DISALLOW_MOVE_ON_DELETE in systemFlags,
  samba-tool dbcheck moves the object under the LostAndFound[Config]
  object (as an originating update!)
- The lastKnownParent attribute is removed (as an originating update!)

These originating updates cause the object to have an extended time
as tombstone. And these changes are replicated to other DCs,
which very likely already removed the object completely!

This means the destination DC of replication has no chance to handle
the object it gets from the source DC with just 2 attributes (name, lastKnownParent).

The destination logs something like:

  No objectClass found in replPropertyMetaData

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
3e8a435d by Stefan Metzmacher at 2019-03-14T02:12:19Z
dsdb:repl_meta_data: allow CONTROL_DBCHECK_FIX_LINK_DN_NAME to by pass rename

We need a way to rename an object without updating the replication meta
data.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
07a83267 by Stefan Metzmacher at 2019-03-14T02:12:19Z
dbcheck: use DSDB_CONTROL_DBCHECK_FIX_LINK_DN_NAME when renaming deleted objects

We should never do originating updates on deleted objects.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
9afcd533 by Stefan Metzmacher at 2019-03-14T02:12:20Z
dbcheck: do isDeleted, systemFlags and replPropertyMetaData detection first

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
6d50ee74 by Stefan Metzmacher at 2019-03-14T02:12:20Z
dbcheck: don't move already deleted objects to LostAndFound

This would typically happen when the garbage collection
removed a parent object before a child object (both with
the DISALLOW_MOVE_ON_DELETE bit set in systemFlags),
while dbcheck is running at the same time as the garbage collection.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
e388e599 by Stefan Metzmacher at 2019-03-14T02:12:20Z
dbcheck: don't remove dangling one-way links on already deleted objects

This would typically happen when the garbage collection
removed a parent object before a child object (both with
the DISALLOW_MOVE_ON_DELETE bit set in systemFlags),
while dbcheck is running at the same time as the garbage collection.
In this case the lastKnownParent attributes points a non existing
object.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
598e38d2 by Stefan Metzmacher at 2019-03-14T02:12:20Z
dbcheck: add find_repl_attid() helper function

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
1ccc21a3 by Stefan Metzmacher at 2019-03-14T02:12:20Z
blackbox/dbcheck-links.sh: add regression test for lost deleted object repair

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
a1658b30 by Stefan Metzmacher at 2019-03-14T02:12:20Z
dbcheck: detect the change after deletion bug

Old versions of 'samba-tool dbcheck' could reanimate
deleted objects, when running at the same time as the
tombstone garbage collection.

When the (deleted) parent of a deleted object
(with the DISALLOW_MOVE_ON_DELETE bit in systemFlags),
is removed before the object itself, dbcheck moved
it in the LostAndFound[Config] subtree of the partition
as an originating change. That means that the object
will be in tombstone state again for 180 days on the local
DC. And other DCs fail to replicate the object as
it's already removed completely there and the replication
only gives the name and lastKnownParent attributes, because
all other attributes should already be known to the other DC.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
b61d580f by Stefan Metzmacher at 2019-03-14T02:12:20Z
python/samba/netcmd: provide SUPPRESS_HELP via Option class

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
6f9c5ed8 by Stefan Metzmacher at 2019-03-14T02:12:20Z
dbcheck: add --selftest-check-expired-tombstones cmdline option

This will be used by dbcheck tests which operate on static/old provision
dumps in the following commits.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
5fccc4e9 by Stefan Metzmacher at 2019-03-14T02:12:21Z
blackbox/dbcheck*.sh: pass --selftest-check-expired-tombstones to dbcheck

These tests operate on provision dumps created long ago, they still
want to run tests on deleted objects, when the next commits remove
processing expired tombstone objects in dbcheck.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
b096a311 by Stefan Metzmacher at 2019-03-14T02:12:21Z
blackbox/dbcheck-links.sh: prepare regression test for skipping expired tombstones

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
a2c5f8cf by Stefan Metzmacher at 2019-03-14T03:12:27Z
dbcheck: don't check expired tombstone objects by default anymore

These will be removed anyway and any change on them risks to
be an originating update that causes replication problems.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Mar 14 03:12:27 UTC 2019 on sn-devel-144

- - - - -
a215d201 by Martin Schwenke at 2019-03-15T05:17:13Z
ctdb-tests: Build cluster mutex path manually

CTDB_CLUSTER_MUTEX_HELPER can't be depended on because it is only set
when the tests are not installed and setting it unconditionally for
this particular use would be wrong.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13800

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>

- - - - -
539b5ff3 by Zhu Shangzhong at 2019-03-15T05:17:13Z
ctdb: Initialize addr struct to zero before reparsing as IPV4

Failed to kill the tcp connection that using IPv4-mapped IPv6 address
(e.g. ctdb_killtcp eth0 ::ffff:192.168.200.44:2049
::ffff:192.168.200.45:863).

When the ctdb_killtcp is used to kill the tcp connection, the IPs and
ports in the connection will be parsed to conn.client and conn.server
(call stack: main->ctdb_sock_addr_from_string->ip_from_string). In
the ip_from_string, as we are using IPv4-mapped IPv6 addresses, the
ipv6_from_string will be used to parse ip to addr.ip6 first. The next
step the ipv4_from_string will be used to reparse ip to addr.ip.

As a result, the data that dump from conn.server is "2 0 8 1 192 168
200 44 0 0 0 0 0 0 0 0 0 0 255 255 192 168 200 44 0 0 0 0", the data
from conn.client is "2 0 3 95 192 168 200 45 0 0 0 0 0 0 0 0 0 0 255 255
192 168 200 45 0 0 0 0". The connection will be add to conn_list by
ctdb_connection_list_add. Then the reset_connections_send uses conn_list
as parameter to start to reset connections in the conn_list.

In the reset_connections_send, the database "connections" will be
created. The connections from conn_list will be written to the
database(call db_hash_add), and use the data that dump from conn_client
and conn_server as key.

In the reset_connections_capture_tcp_handler, the
ctdb_sys_read_tcp_packet will receive data on the raw socket. And
extract the IPs and ports from the tcp packet. when extracting IP and
port, the tcp4_extract OR tcp6_extract will be used. Then we got the
new conn.client and conn.server. the data that dump from the
conn.server is "2 0 8 1 192 168 200 44 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0", the data from conn.client is "2 0 3 95 192 168 200 45 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0". Finally, we use the data as key to check
if this connection is one being reset(call db_hash_delete). The
db_hash_delete will return ENOENT. Because the two key that being used
by db_hash_delete and db_hash_add are different.

So, the TCP RST will be NOT sent for the connection forever. We should
initialize addr struct to zero before reparsing as IPV4 in the
ip_from_string.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13839

Signed-off-by: Zhu Shangzhong <zhu.shangzhong at zte.com.cn>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>

- - - - -
d9286701 by Martin Schwenke at 2019-03-15T05:17:13Z
ctdb-tests: Add some testing for IPv4-mapped IPv6 address parsing

ctdb_sock_addr values are hashed in some contexts.  This means that
all of the memory used for the ctdb_sock_addr should be consistent
regardless of how parsing is done.  The first 2 cases are just sanity
checks but the 3rd case involving an IPv4-mapped IPv6 address is the
real target of this test addition.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13839

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>

- - - - -
b2b8dce4 by Martin Schwenke at 2019-03-15T05:17:14Z
ctdb-packaging: ctdb package should not own system library directory

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13838

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>

- - - - -
957c38b6 by Martin Schwenke at 2019-03-15T05:17:14Z
ctdb-packaging: Test package requires tcpdump

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13838

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>

- - - - -
2fce893b by Martin Schwenke at 2019-03-15T05:17:14Z
ctdb-tests: export CTDB_SCRIPTS_TOOLS_BIN_DIR

This isn't used anywhere that requires it to be exported, but the lack
of consistency will cause problems and confusion at some later stage.

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>

- - - - -
6555fbce by Martin Schwenke at 2019-03-15T05:17:14Z
ctdb-tests: Shell cleanups in wait_until() function

This file is included by local_daemons.sh, which is not a bash script
and wait_until() uses the "local" keyword.  Prefixing variable names
with '_' to indicate that they are local changes a lot of lines in
this function.  So, fix indentation, potential quoting problems and
other ShellCheck hits while touching this function.

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>

- - - - -
627a5cf1 by Martin Schwenke at 2019-03-15T05:17:14Z
ctdb-tests: Fix remaining common.sh ShellCheck hits

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>

- - - - -
8c2ff3f2 by Martin Schwenke at 2019-03-15T05:17:14Z
ctdb-daemon: Add an environment variable to set version

This can be used to test the version checking logic.  Cache the
version to avoid re-checking the environment variable each time.

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>

- - - - -
2c3df581 by Martin Schwenke at 2019-03-15T05:17:14Z
ctdb-tests: Add a test for version consistency checking

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>

- - - - -
05c28fee by Stefan Metzmacher at 2019-03-15T05:17:14Z
ctdb-build: use a fixed ctdb_version.h using SAMBA_VERSION_STRING

This way we don't get constant rebuild as SAMBA_VERSION_STRING
is "4.7.0pre1.DEVELOPERBUILD" for the binaries under bin/
instead of "4.7.0pre1.GIT.59e51f6".

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13789

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>

- - - - -
14830667 by Martin Schwenke at 2019-03-15T05:17:14Z
ctdb-build: Drop creation of .distversion in tarball

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13789

Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>

- - - - -
edd4a23d by Amitay Isaacs at 2019-03-15T06:31:50Z
ctdb-version: Simplify version string usage

There is no need to write SAMBA_VERSION_STRING as CTDB_VERSION_STRING.
Wherever required use SAMBA_VERSION_STRING directly.

Avoids the confusion with two version.h files.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13789

Signed-off-by: Amitay Isaacs <amitay at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>

Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Fri Mar 15 06:31:50 UTC 2019 on sn-devel-144

- - - - -
1375e085 by David Disseldorp at 2019-03-15T11:32:04Z
smbd: fix check_parent_access() talloc stackframe leaks

check_parent_access() currently leaks a number of allocations onto the
talloc_tos() context in both success and error paths.

Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

Autobuild-User(master): David Disseldorp <ddiss at samba.org>
Autobuild-Date(master): Fri Mar 15 11:32:04 UTC 2019 on sn-devel-144

- - - - -
fad5e4ea by Andreas Schneider at 2019-03-18T15:30:13Z
s3:script: Fix jobid check in test_smbspool.sh

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13832

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Bryan Mason <bmason at redhat.com>
Signed-off-by: Guenther Deschner <gd at samba.org>

- - - - -
43160184 by Andreas Schneider at 2019-03-18T15:30:13Z
s3:client: Pass DEVICE_URI and AUTH_INFO_REQUIRED env to smbspool

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13832

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Bryan Mason <bmason at redhat.com>
Signed-off-by: Guenther Deschner <gd at samba.org>

- - - - -
5274b09f by Andreas Schneider at 2019-03-18T15:30:14Z
s3:client: Evaluate the AUTH_INFO_REQUIRED variable set by cups

This should not switch to username,password if cups has been configured
to use negotiate (Kerberos authentication).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13832

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Bryan Mason <bmason at redhat.com>
Signed-off-by: Guenther Deschner <gd at samba.org>

- - - - -
129ae279 by Andreas Schneider at 2019-03-18T15:30:14Z
s3:client: Make sure we work on a copy of the title

We can't be sure we can write to the input buffer.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13832

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Bryan Mason <bmason at redhat.com>
Signed-off-by: Guenther Deschner <gd at samba.org>

- - - - -
69d7a496 by Andreas Schneider at 2019-03-18T16:47:55Z
s3:client: Fix smbspool device uri handling

If we are executed as a CUPS backend, argv[0] is set to the device uri.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13832

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Bryan Mason <bmason at redhat.com>
Signed-off-by: Guenther Deschner <gd at samba.org>

Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Mar 18 16:47:55 UTC 2019 on sn-devel-144

- - - - -
38f780ae by Volker Lendecke at 2019-03-18T19:21:22Z
rpc_server: Give epmd its header file

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
2f47163a by Volker Lendecke at 2019-03-18T19:21:22Z
rpc_server: Give lsasd its header file

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
311d8681 by Volker Lendecke at 2019-03-18T19:21:22Z
rpc_server: Give fssd its header file

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
10c70e23 by Volker Lendecke at 2019-03-18T19:21:22Z
rpc_server: Give mdssd its header file

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
6625d356 by Volker Lendecke at 2019-03-18T19:21:22Z
idl: Fix a typo

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
636c09c8 by Volker Lendecke at 2019-03-18T19:21:23Z
libcli: Add a comment explaining lack of overflow checks

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
d5877ec4 by Volker Lendecke at 2019-03-18T19:21:23Z
idl: Remove a trailing empty line

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
2f3e251d by Volker Lendecke at 2019-03-18T19:21:23Z
libcli: Align integer types

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
068f42be by Volker Lendecke at 2019-03-18T19:21:23Z
libsmb: Use a direct struct initializer

There's a few ways to initialize a DATA_BLOB to NULL. There's the
variable data_blob_null, there's ZERO_STRUCTP, and the explicit
initializer. And there's the data_blob() macro which calls into
data_blob_talloc_named. You have to look at that routine to see that
this is nothing more than a ZERO_STRUCT() and not calling into
talloc. Choose the more direct way.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
769b51da by Volker Lendecke at 2019-03-18T19:21:23Z
torture3: Fix an error message

We tried to open "dname", not "fname"

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
855b785a by Volker Lendecke at 2019-03-18T19:21:23Z
smbd: Remove two unnecessary return; statements

return; is unnecessary at the end of a void function

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
2040196e by Volker Lendecke at 2019-03-18T19:21:23Z
libsmb: Use tevent_req_simple_finish_ntstatus

Less lines of code

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
cfc3f320 by Volker Lendecke at 2019-03-18T19:21:23Z
libsmb: Make cli_posix_[sym|hard]link proper tevent_req functions

Simplify adding SMB2 to those functions

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
7e699156 by Volker Lendecke at 2019-03-18T19:21:24Z
libsmb: Change cli_posix_stat_send to take a pointer to sbuf

This moves the parsing work from the _recv function into the _done
function. This makes writing the SMB2 call easier later on: We can
have a smb2-specific done function doing the smb2-specific work and we
don't have to fork on protocol in the _recv function.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
5909709e by Volker Lendecke at 2019-03-18T19:21:24Z
libsmb: Add cli_smb2_query_info_fnum

This wraps getting the file handle from the fnum

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
4e6f32ad by Volker Lendecke at 2019-03-18T19:21:24Z
libsmb: Use cli_smb2_query_info_fnum

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
d0dc4033 by Volker Lendecke at 2019-03-18T19:21:24Z
heimdal: Fix "assuming signed overflow doesnt occur" error

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
7da54f6f by Volker Lendecke at 2019-03-18T19:21:24Z
libsmb: Align integer types

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
e872227b by Volker Lendecke at 2019-03-18T19:21:24Z
libsmb: Fix a "assuming signed overflow does not occur" error

Eventually we need to convert internal_resolve_name to "size_t" for
"return_count". But that's a patch for another day :-)

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
6fa6ab1c by Ralph Boehme at 2019-03-18T19:21:24Z
nfs4acl_xattr: identifiers are XDR encoded as integers

The structs nfsacl41 and nfsace4 are not RFC 3530 compliant, let's
rename them adding a trailing "i" that indicates that the structs store
identifiers as integers.

  struct nfsace4  -> struct nfsace4i
  struct nfsacl41 -> struct nfsacl41i

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
10a230b9 by Ralph Boehme at 2019-03-18T19:21:25Z
nfs4acl_xattr: append 'i' to nfs4acl functions

This reflects the new struct names the functions use.

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
3490a6e2 by Ralph Boehme at 2019-03-18T19:21:25Z
nfs4acl_xattr: move some functions to a seperate file

These functions will be called from another translation unit in a
subsequent commit.

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
ba1fe6d1 by Ralph Boehme at 2019-03-18T19:21:25Z
nfs4acl_xattr: move a define to a common header file

In preperation of a adding real NFS backend.

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
068721f4 by Ralph Boehme at 2019-03-18T19:21:25Z
nfs4acl_xattr: add RFC compliant NFS 4.0 and 4.1 ACL defintions

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
ebf98261 by Ralph Boehme at 2019-03-18T19:21:25Z
nfs4acl_xattr: reformat enum nfs4acl_encoding to one per line

In preperation of adding another enum value.

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
c6ab2e6b by Ralph Boehme at 2019-03-18T19:21:25Z
vfs_nfs4acl_xattr: support for NFS 4.0 and 4.1 ACLs from NFS4 mount

This adds a new main switch "nfs" to "nfs4acl_xattr:encoding" which
enables to use NFS4 ACLs from an NFS4 mount on a Linux box. Tested with
a FreeBSD NFS4 server.

Supports both NFS 4.0 and 4.1 ACLs.

By default NFS4 servers send user and group identifiers in ACLs as
strings in the format "[USER|GROUP]@DNSDOMAIN". Some NFS4 servers
support sending identifiers as numeric strings. This module does support
this as well, the config knob "nfs4acl_xattr:nfs4_id_numeric = yes|no"
controls behaviour.

When "nfs4acl_xattr:encoding" is set to "nfs", the new option
"nfs4acl_xattr:validate_mode", which defauts to "yes" is set to "no" to
avoid checking and munging the mode on files.

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
6a1e5fbf by Ralph Boehme at 2019-03-18T19:21:25Z
selftest: test vfs_nfs4acl_xattr in nfs mode

The same tests as for the other modes xdr and ndr are marked as
knownfail.

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
7d486561 by Ralph Boehme at 2019-03-18T20:19:30Z
vfs_nfs4acl_xattr: check status for NT_STATUS_ACCESS_DENIED in take ownership override

This was missing in commit 8b1b1cd8cc561378058b915e03996ff567355d81.

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Mar 18 20:19:30 UTC 2019 on sn-devel-144

- - - - -
b2c2c4c3 by Andreas Schneider at 2019-03-19T12:38:50Z
talloc: Fix alignment issues for casting pointers

warning: cast from 'char *' to 'struct talloc_chunk *' increases required
alignment from 1 to 8

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Mar 19 12:38:50 UTC 2019 on sn-devel-144

- - - - -
74ca95f8 by Volker Lendecke at 2019-03-19T17:48:28Z
smbd: Enhance debugging for setting hard links

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
7e77f1fe by Volker Lendecke at 2019-03-19T18:46:28Z
smbd: Focus smb_file_link_information on correct posix'ness

In the SMB1 unix extensions, posix'ness is a property of the SMB
request, because it's tied to the connection. In the upcoming SMB3
extensions, this will become a property of the file name, it's being
set at SMB2_CREATE time. To correctly transfer posix'ness of the
filename to the destination name, we can't look at the
req->posix_pathnames here, the SMB2_SETINFO call has not set
that. This is still correct for SMB1, as the per-connection posix'ness
has spilled into the filename there too.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Mar 19 18:46:28 UTC 2019 on sn-devel-144

- - - - -
944c577a by Jeremy Allison at 2019-03-19T22:55:11Z
s3: smbd: Clarify POSIX name handling in SMB2 get/setinfo calls.

We should never be looking at the info level here, the create
call will have set the correct POSIX flag on the smb_filename
struct.

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Mar 19 22:55:11 UTC 2019 on sn-devel-144

- - - - -
a40b0f45 by Andrew Bartlett at 2019-03-20T05:25:48Z
build: Allow build when --disable-gnutls is set

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13844

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Wed Mar 20 05:25:48 UTC 2019 on sn-devel-144

- - - - -
305346d3 by Michael Hanselmann at 2019-03-20T05:26:17Z
Fix typos in "valid"

s/vald/valid/

Signed-off-by: Michael Hanselmann <public at hansmi.ch>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
aa6b3558 by Michael Hanselmann at 2019-03-20T05:26:17Z
regfio: Use correct function names in debug information

Signed-off-by: Michael Hanselmann <public at hansmi.ch>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
9b2cb845 by Michael Hanselmann at 2019-03-20T05:26:18Z
regfio: Add trivial unit test

An upcoming commit will resolve two cases of insufficient handling of
mangled registry hive files and will include unit tests.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13840

Signed-off-by: Michael Hanselmann <public at hansmi.ch>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
601afd69 by Michael Hanselmann at 2019-03-20T05:26:18Z
regfio: Improve handling of malformed registry hive files

* next_record: A malformed file can lead to an endless loop.
* regfio_rootkey: Supplying a malformed registry hive file to the
  registry hive I/O code can lead to out-of-bounds reads.

Test cases are included. Both issues resolved have been identified using
AddressSanitizer.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13840

Signed-off-by: Michael Hanselmann <public at hansmi.ch>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
acbf103f by Andrew Bartlett at 2019-03-20T05:26:18Z
regfio: Update code near recent changes to match README.Coding

This file long predates our current code conventions.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13840

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
68c0fc43 by Andrew Bartlett at 2019-03-20T05:26:18Z
regfio tests: Update comment style to match README.Coding

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13840

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
c0aca17a by Douglas Bagnall at 2019-03-20T06:36:05Z
py/graph: use 2.6 compatible check for set membership

It is better this way anyway.

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Mar 20 06:36:05 UTC 2019 on sn-devel-144

- - - - -
bf469343 by Andreas Schneider at 2019-03-20T13:11:28Z
s4:librpc: Fix installation of Samba

This breaks installation of Samba 4.10 on Fedora.

https://bugzilla.samba.org/show_bug.cgi?id=13847

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>

Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Mar 20 13:11:28 UTC 2019 on sn-devel-144

- - - - -
4f5b9e50 by Volker Lendecke at 2019-03-20T22:07:45Z
libsmb: Add cli_smb2_set_info_fnum

This wraps getting the file handle from the fnum

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
32c5b6c1 by Volker Lendecke at 2019-03-20T22:07:45Z
libsmb: Simplify cli_smb2_delete_on_close

Use cli_smb2_set_info_fnum, remove "state" variables

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
c013aad7 by Volker Lendecke at 2019-03-20T22:07:45Z
libsmb: Simplify cli_smb2_ftruncate

We don't need to talloc 8 bytes, they can live on the stack. When we
go async, this can go into the state struct.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
b4c87b09 by Volker Lendecke at 2019-03-20T22:07:45Z
libsmb: Use cli_smb2_set_info_fnum()

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
b5af004b by Volker Lendecke at 2019-03-20T22:07:45Z
libsmb: Introduce protocol-agnostic cli_hardlink

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
8c12a705 by Volker Lendecke at 2019-03-20T22:07:46Z
utils: Use cli_hardlink instead of cli_nt_hardlink

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
2a430625 by Volker Lendecke at 2019-03-20T23:32:31Z
libsmb: Make SMB1-only cli_nt_hardlink calls static

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Mar 20 23:32:31 UTC 2019 on sn-devel-144

- - - - -
fa980eb6 by Andrew Bartlett at 2019-03-21T04:06:14Z
pytalloc: Remove deprecated pytalloc_CObject_FromTallocPtr()

This function makes it harder to remove the --extra-python handlers and is only
provided for Python 2.x, support for which Samba is removing.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
270d04e4 by Andrew Bartlett at 2019-03-21T04:06:14Z
build: Remove --extra-python

This option is quite invasive in waf and was mainly for the python3 transition.

Testing with multiple python versions can be done by testing a full compile against
multiple versions, likewise multiple different binding versions can be created
the same way.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
fdb6305c by Andrew Bartlett at 2019-03-21T04:06:14Z
build: Remove bld.gen_python_environments()

This was part of --extra-python support.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>

- - - - -
beda359b by Andrew Bartlett at 2019-03-21T04:06:15Z
selftest: Remove support for running multiple tests against python versions in a single run

The extra_python support was added to aid the python3 transition

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
6a6a178b by Andrew Bartlett at 2019-03-21T04:06:15Z
selftest: Remove obsolete py3_compatible=True markers

All our tests now run in python3.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
709ac663 by Andrew Bartlett at 2019-03-21T04:06:15Z
selftest: Remove mention of --extra-python from comment

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
ad3ba599 by Andrew Bartlett at 2019-03-21T04:06:15Z
build: Remove distinct .py3 ABI files

The only difference between the two built libraries is pytalloc_CObject_FromTallocPtr()
which is deprecated.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
24127aca by Andrew Bartlett at 2019-03-21T04:06:15Z
ABI: Remove unused .py3*.sigs files

These are no longer used by the build system so avoid
confusion by removing them from the tree.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
760b176d by Andrew Bartlett at 2019-03-21T04:06:15Z
build: Do not make python mandatory to build

Clearly we have python or else we would not be running, so this is about if
we have a new enough version.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
63d20d78 by Andrew Bartlett at 2019-03-21T04:06:15Z
build: Set default minimum python version to 3.4.0

This is the current minimum, but this may change before the 4.11 release.

Python 2.x support is no longer available except to build using --disable-python.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
a4596500 by Andrew Bartlett at 2019-03-21T04:06:16Z
build: Remove manual specification of minimum python version

We now used the default of 3.4 from conf.SAMBA_CHECK_PYTHON()

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
a574e8f5 by Andrew Bartlett at 2019-03-21T04:06:16Z
build: Standardise on calling conf.SAMBA_CHECK_PYTHON() in libraries

We do this by removing the confusing mandatory option to
conf.SAMBA_CHECK_PYTHON{,_HEADERS}(), instead just use the value of
--disable-python internally

This follows the default minimum of Python 3.4 and keeps things consistent
with the main Samba build where --disable-python is required to skip building
python bindings.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
b80140ba by Andrew Bartlett at 2019-03-21T04:06:16Z
talloc: Release talloc 2.2.0

 * Remove pytalloc_CObject_FromTallocPtr()
 * Remove --extra-python (a build time mode to produce Python2 and Python3
   bindings at the same time)
 * New minor version to allow Samba 4.10 to release a talloc if
   required from that branch

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
fe69d807 by Andrew Bartlett at 2019-03-21T04:06:16Z
tdb: Release tdb 1.4.0

 * Remove Python 2.x support except to build just the bare C library
 * Remove --extra-python (a build time mode to produce Python2 and Python3
   bindings at the same time)
 * New minor version to allow Samba 4.10 to release a tdb if
   required from that branch

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
6f227801 by Andrew Bartlett at 2019-03-21T04:06:16Z
tevent: Release tevent 0.10.0

* Remove Python 2.x support except to build just the bare C library
* Remove --extra-python (a build time mode to produce Python2 and Python3
  bindings at the same time)
* New minor version to allow Samba 4.10 to release a tevent if
  required from that branch

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
81648d57 by Andrew Bartlett at 2019-03-21T05:08:49Z
ldb: Release ldb 1.6.3

* Remove Python 2.x support except to build just the bare C library
* Remove --extra-python (a build time mode to produce Python2 and Python3
  bindings at the same time)

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Mar 21 05:08:49 UTC 2019 on sn-devel-144

- - - - -
312e408c by Andreas Schneider at 2019-03-21T15:10:29Z
s3:lib: Increase debug level for messaging_send_buf message

This is spamming the console when running 'make test' and we set the log
level to 1 by default in selftest.

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

- - - - -
88343683 by Andreas Schneider at 2019-03-21T15:10:29Z
s3:script: Fix running rsync in fake_snap.pl

We need to unset BASH_ENV or we get:
    Insecure $ENV{BASH_ENV} while running setgid

This probably only happens on recent perl versions.

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>

- - - - -
52bf5c25 by Andreas Schneider at 2019-03-21T16:41:33Z
s3:script: Fix running cp in modprinter.pl

We need to unset BASH_ENV or we get:
    Insecure $ENV{BASH_ENV} while running setgid

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>

Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Mar 21 16:41:33 UTC 2019 on sn-devel-144

- - - - -
dd6f0dad by Stefan Metzmacher at 2019-03-21T16:42:19Z
dbcheck: use the str() value of the "name" attribute

We do the same with the rdn attribute value
and we need the same logic on both in order to
check they are the same.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Noel Power <npower at samba.org>

- - - - -
261ef9d5 by Stefan Metzmacher at 2019-03-21T18:15:20Z
dbcheck: fix the err_empty_attribute() check

ldb.bytes('') == '' is never True in python3,
we nee ldb.bytes('') == b'' in order to
check that on attribute has an empty value,
that seems to work for python2 and python3.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13843

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Noel Power <npower at samba.org>

Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Mar 21 18:15:20 UTC 2019 on sn-devel-144

- - - - -
3eee4394 by Andreas Schneider at 2019-03-21T20:38:32Z
libcli: Use a define for the SMB_SUICIDE_PACKET

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
16331870 by Andreas Schneider at 2019-03-21T20:38:32Z
s3:smbd: Make clear that we got a suicide packet

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
9b1d79a5 by Andreas Schneider at 2019-03-21T20:38:32Z
s3:torture: Move the init of the locking out of the loop

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
e1ba84a5 by Andreas Schneider at 2019-03-21T20:38:33Z
s3:torture: Improve the debug message output

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
eace58b5 by Andreas Schneider at 2019-03-21T21:40:20Z
s3:waf: Fix the detection of makdev() macro on Linux

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13853

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Mar 21 21:40:20 UTC 2019 on sn-devel-144

- - - - -
1e408871 by Marcos Mello at 2019-03-22T09:55:33Z
Send status to systemd on daemon start

systemd service files run in no-forking mode (--foreground) since
8b6f58194da7e849cdb9d20712dff49b17a93a77.

Rearrange sd_notify() call in become_daemon() to only send status to systemd
in this mode (Type=notify is not designed to monitor forking). Drop READY=0
(it does nothing) and MAINPID= (unnecessary because the process spawned by
systemd is already the main PID).

Also remove STATUS= prefix from debug messages.

Signed-off-by: Marcos Mello <marcosfrm at gmail.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 440ddf8470b11a46066d282bf8945201d547c192)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11568

- - - - -
166dd92d by Stefan Metzmacher at 2019-03-22T09:55:33Z
ndr_spoolss_buf: fix out of scope use of stack variable in NDR_SPOOLSS_PUSH_ENUM_OUT()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13818

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Björn Jacke <bjacke at samba.org>
Reviewed-by: Günther Deschner <gd at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
(cherry picked from commit 6da3664f8a11397fd3fb38e89c2432b8bf321e59)

- - - - -
6c2d5bca by Andreas Schneider at 2019-03-22T09:55:34Z
s3:script: Fix jobid check in test_smbspool.sh

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13832

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Bryan Mason <bmason at redhat.com>
Signed-off-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit fad5e4eaeb9202c1b63c42ea09254c17c473e33a)

- - - - -
d311eff5 by Andreas Schneider at 2019-03-22T09:55:34Z
s3:client: Pass DEVICE_URI and AUTH_INFO_REQUIRED env to smbspool

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13832

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Bryan Mason <bmason at redhat.com>
Signed-off-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 43160184d254a57f87bb2adeba47f48d8539533a)

- - - - -
590fd475 by Andreas Schneider at 2019-03-22T09:55:34Z
s3:client: Evaluate the AUTH_INFO_REQUIRED variable set by cups

This should not switch to username,password if cups has been configured
to use negotiate (Kerberos authentication).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13832

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Bryan Mason <bmason at redhat.com>
Signed-off-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 5274b09fbaa5e45cc58f3301818d4e9f6a402845)

- - - - -
e07b8444 by Andreas Schneider at 2019-03-22T09:55:35Z
s3:client: Make sure we work on a copy of the title

We can't be sure we can write to the input buffer.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13832

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Bryan Mason <bmason at redhat.com>
Signed-off-by: Guenther Deschner <gd at samba.org>
(cherry picked from commit 129ae27946318a075e99c9e6d1bacf8963f72282)

- - - - -
7f4492c7 by Andreas Schneider at 2019-03-22T09:55:35Z
s3:client: Fix smbspool device uri handling

If we are executed as a CUPS backend, argv[0] is set to the device uri.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13832

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Bryan Mason <bmason at redhat.com>
Signed-off-by: Guenther Deschner <gd at samba.org>

(cherry picked from commit 69d7a496d3bf52eaa10e81132bb61430863fdd8a)

- - - - -
6e76e884 by Martin Schwenke at 2019-03-22T09:55:35Z
ctdb-packaging: ctdb package should not own system library directory

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13838

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>
(cherry picked from commit b2b8dce4fc56c27ef0131104b316346565369dd7)

- - - - -
9e4b17aa by Martin Schwenke at 2019-03-22T09:55:36Z
ctdb-packaging: Test package requires tcpdump

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13838

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>
(cherry picked from commit 957c38b65ca060eabe1e676f8dfb54839d706155)

- - - - -
eb4e66cd by Zhu Shangzhong at 2019-03-22T09:55:36Z
ctdb: Initialize addr struct to zero before reparsing as IPV4

Failed to kill the tcp connection that using IPv4-mapped IPv6 address
(e.g. ctdb_killtcp eth0 ::ffff:192.168.200.44:2049
::ffff:192.168.200.45:863).

When the ctdb_killtcp is used to kill the tcp connection, the IPs and
ports in the connection will be parsed to conn.client and conn.server
(call stack: main->ctdb_sock_addr_from_string->ip_from_string). In
the ip_from_string, as we are using IPv4-mapped IPv6 addresses, the
ipv6_from_string will be used to parse ip to addr.ip6 first. The next
step the ipv4_from_string will be used to reparse ip to addr.ip.

As a result, the data that dump from conn.server is "2 0 8 1 192 168
200 44 0 0 0 0 0 0 0 0 0 0 255 255 192 168 200 44 0 0 0 0", the data
from conn.client is "2 0 3 95 192 168 200 45 0 0 0 0 0 0 0 0 0 0 255 255
192 168 200 45 0 0 0 0". The connection will be add to conn_list by
ctdb_connection_list_add. Then the reset_connections_send uses conn_list
as parameter to start to reset connections in the conn_list.

In the reset_connections_send, the database "connections" will be
created. The connections from conn_list will be written to the
database(call db_hash_add), and use the data that dump from conn_client
and conn_server as key.

In the reset_connections_capture_tcp_handler, the
ctdb_sys_read_tcp_packet will receive data on the raw socket. And
extract the IPs and ports from the tcp packet. when extracting IP and
port, the tcp4_extract OR tcp6_extract will be used. Then we got the
new conn.client and conn.server. the data that dump from the
conn.server is "2 0 8 1 192 168 200 44 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0", the data from conn.client is "2 0 3 95 192 168 200 45 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0". Finally, we use the data as key to check
if this connection is one being reset(call db_hash_delete). The
db_hash_delete will return ENOENT. Because the two key that being used
by db_hash_delete and db_hash_add are different.

So, the TCP RST will be NOT sent for the connection forever. We should
initialize addr struct to zero before reparsing as IPV4 in the
ip_from_string.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13839

Signed-off-by: Zhu Shangzhong <zhu.shangzhong at zte.com.cn>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>
(cherry picked from commit 539b5ff32b32b7c75dfaaa119e41f5af6ff1e6fc)

- - - - -
5f94bc51 by Martin Schwenke at 2019-03-22T09:55:36Z
ctdb-tests: Add some testing for IPv4-mapped IPv6 address parsing

ctdb_sock_addr values are hashed in some contexts.  This means that
all of the memory used for the ctdb_sock_addr should be consistent
regardless of how parsing is done.  The first 2 cases are just sanity
checks but the 3rd case involving an IPv4-mapped IPv6 address is the
real target of this test addition.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13839

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>
(cherry picked from commit d9286701cd9253bf3b42cac3d850ae8c23743e6d)

- - - - -
b861e5e9 by Andreas Schneider at 2019-03-22T13:39:46Z
s4:librpc: Fix installation of Samba

This breaks installation of Samba 4.10 on Fedora.

https://bugzilla.samba.org/show_bug.cgi?id=13847

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>

(cherry picked from commit bf469343f577e2d78df0e38d80e7976b351eaf0d)

Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Fri Mar 22 13:39:46 UTC 2019 on sn-devel-144

- - - - -
55b21728 by Andreas Schneider at 2019-03-22T14:03:19Z
third_party: Update socket_wrapper to version 1.2.3

* Added environment variable to disable deep binding
* Fixed installation of socket_wrapper
* Fixed several small bugs
* Fixed missing NULL check for socket_wrapper_dir()
* Fixes building in Samba source tree

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

- - - - -
4a526ec4 by Andreas Schneider at 2019-03-22T14:03:19Z
selftest: Increase nss_wrapper max host entries handling

The logs are spammed with:
nwrap_ed_inventarize_add_new: Hash table is full (Cannot allocate memory)!

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

- - - - -
88804bc2 by Samuel Cabrero at 2019-03-22T14:03:19Z
s4:torture: Initialize tm struct

The samba3.blackbox.shadow_copy_torture tests call to strptime passing
an uninitalized tm structure as an argument, but the strptime function
does not write the tm.tm_isdst field.

These tm structures are passed later as the mktime argument, which
produces different values depending on whether the arbitrary value
of the tm.tm_isdst field is lower or equal to zero or greather than
zero.

Signed-off-by: Samuel Cabrero <scabrero at suse.de>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

- - - - -
fc25fe80 by Samuel Cabrero at 2019-03-22T14:03:19Z
selftest: Woraround uid wrapper issues when using bash shell

UID_WRAPPER_ROOT=1 is not working properly when tests run in bash shell
instead of dash. After some debugging the reason may be dash spawns a
subshell to run commands, but bash calls execve instead. Traces attached
as reference:

/bin/sh -> dash:

[2(2)/2 at 17s, 1 errors] samba.blackbox.pdbtest(nt4_dc)(nt4_dc:local)
UWRAP_DEBUG(3145) - uwrap_init: Initialize uid_wrapper
UWRAP_DEBUG(3145) - uwrap_init_env: uwrap_init_env
UWRAP_DEBUG(3145) - uwrap_init: Enabled uid_wrapper as root (real uid=1000)
UWRAP_DEBUG(3145) - uwrap_init: Successfully initialized uid_wrapper
UWRAP_DEBUG(3144) - uwrap_init: Initialize uid_wrapper
UWRAP_DEBUG(3144) - uwrap_init_env: uwrap_init_env
UWRAP_DEBUG(3144) - uwrap_init: Enabled uid_wrapper as root (real uid=1000)
UWRAP_DEBUG(3144) - uwrap_init: Successfully initialized uid_wrapper

/bin/sh -> bash:

[2(2)/2 at 17s, 1 errors] samba.blackbox.pdbtest(nt4_dc)(nt4_dc:local)
UWRAP_DEBUG(3352) - uwrap_export_ids: uwrap_export_ids
UWRAP_DEBUG(3354) - uwrap_export_ids: uwrap_export_ids
UWRAP_DEBUG(3354) - uwrap_init: Initialize uid_wrapper
UWRAP_DEBUG(3354) - uwrap_init_env: uwrap_init_env
UWRAP_DEBUG(3354) - uwrap_init_env: Initialize ruid with 1000
UWRAP_DEBUG(3354) - uwrap_init_env: Initalize euid with 1000
UWRAP_DEBUG(3354) - uwrap_init_env: Initalize suid with 1000
UWRAP_DEBUG(3354) - uwrap_init_env: Initialize ruid with 1000
UWRAP_DEBUG(3354) - uwrap_init_env: Initalize egid with 1000
UWRAP_DEBUG(3354) - uwrap_init_env: Initalize sgid with 1000
UWRAP_DEBUG(3354) - uwrap_init_env: Initalize groups with 4,24,27,30,46,108,1000
UWRAP_DEBUG(3354) - uwrap_init: Enabled uid_wrapper as user (real uid=1000)
UWRAP_DEBUG(3354) - uwrap_init: Successfully initialized uid_wrapper
UWRAP_DEBUG(3353) - uwrap_export_ids: uwrap_export_ids
UWRAP_DEBUG(3353) - uwrap_init: Initialize uid_wrapper
UWRAP_DEBUG(3353) - uwrap_init_env: uwrap_init_env
UWRAP_DEBUG(3353) - uwrap_init_env: Initialize ruid with 1000
UWRAP_DEBUG(3353) - uwrap_init_env: Initalize euid with 1000
UWRAP_DEBUG(3353) - uwrap_init_env: Initalize suid with 1000
UWRAP_DEBUG(3353) - uwrap_init_env: Initialize ruid with 1000
UWRAP_DEBUG(3353) - uwrap_init_env: Initalize egid with 1000
UWRAP_DEBUG(3353) - uwrap_init_env: Initalize sgid with 1000
UWRAP_DEBUG(3353) - uwrap_init_env: Initalize groups with 4,24,27,30,46,108,1000
UWRAP_DEBUG(3353) - uwrap_init: Enabled uid_wrapper as user (real uid=1000)
UWRAP_DEBUG(3353) - uwrap_init: Successfully initialized uid_wrapper

Signed-off-by: Samuel Cabrero <scabrero at suse.de>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

- - - - -
e23425a0 by Samuel Cabrero at 2019-03-22T14:03:19Z
s4:dsdb: Check errno to determine if crypt or crypt_r succeeded

The behavior of these functions upon errors depends on the implementation.
The GNU libc implementation seems to return a null hash, but others like
libxcrypt returns a invalid hash string '*0'.

Signed-off-by: Samuel Cabrero <scabrero at suse.de>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

- - - - -
0063aacb by Samuel Cabrero at 2019-03-22T14:03:19Z
selftests:password_hash: Raise SHA256 rounds to 5000

Some crypt_r implementations like libxcrypt require a higher value.

Signed-off-by: Samuel Cabrero <scabrero at suse.de>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

- - - - -
5826b31f by Samuel Cabrero at 2019-03-22T14:03:19Z
selftest: Do not include system krb5.conf in s4 test environments

If built with system MIT krb5 and dns_lookup_kdc is set to false in
system krb5.conf tests fail because KDC is not found.

Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Signed-off-by: Samuel Cabrero <scabrero at suse.de>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

- - - - -
63084375 by Andreas Schneider at 2019-03-22T15:03:43Z
docs: Update smbclient manpage for --max-protocol

We default to SMB3 now.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13857

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Mar 22 15:03:43 UTC 2019 on sn-devel-144

- - - - -
1220f69c by Volker Lendecke at 2019-03-22T18:02:16Z
rpc_server: Simplify make_server_pipes_struct

Do an early return on error

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
a6c653a9 by Volker Lendecke at 2019-03-22T18:02:16Z
rpc_server: Fix an error path memleak in make_server_pipes_struct

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
9bebe5c7 by Volker Lendecke at 2019-03-22T18:02:16Z
rpc_server: Make make_server_pipes_struct API safer

Make it clear that we talloc_steal by NULLing out the caller's
session_info

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
46a34367 by Volker Lendecke at 2019-03-22T18:02:16Z
rpc_server: Favor talloc_move over talloc_steal

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
02d884ed by Volker Lendecke at 2019-03-22T18:02:17Z
rpc_server: Simplify named_pipe_accept_function

Make use of named_pipe_client_init

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
bd51c7d3 by Volker Lendecke at 2019-03-22T18:02:17Z
rpc_server: Avoid casts in DBG statements

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
7bea3541 by Volker Lendecke at 2019-03-22T18:02:17Z
tstream_npa: Avoid an unnecessary ZERO_STRUCTP

tevent_req_create already zeros out "state"

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
9d4bf6bb by Volker Lendecke at 2019-03-22T18:02:17Z
tsocket: Simplify tsocket.h

tevent.h already includes talloc.h

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
13b66508 by Volker Lendecke at 2019-03-22T18:02:17Z
librpc: Add a required #include

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
7841c62a by Volker Lendecke at 2019-03-22T19:02:32Z
rpc_server3: Add a \n to a DEBUG message

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Mar 22 19:02:32 UTC 2019 on sn-devel-144

- - - - -
6c62e054 by Garming Sam at 2019-03-26T03:03:23Z
dlz: Add test to ensure there are writable zones

This is currently broken since 28e2a518ff32

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13841

Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
526c6d0b by Michael Saxl at 2019-03-26T03:03:23Z
s4:dlz make b9_has_soa check dc=@ node

the zone node does not hold the dnsRecord values, so for the zone level
the node dc=@,dc=zonename has to be queried

regression introduced with 28e2a518ff32, BUG: https://bugzilla.samba.org/show_bug.cgi?id=13466

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13841

Signed-off-by: Michael Saxl <mike at mwsys.mine.bz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
af325301 by Mathieu Parent at 2019-03-26T03:03:23Z
Fix tests whithout lmdb

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13630

Signed-off-by: Mathieu Parent <math.parent at gmail.com>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
0c7c44a2 by Michael Hanselmann at 2019-03-26T03:03:23Z
Split oLschema2ldif into library and binary

The oLschema2ldif program was contained in a single file, making reuse
of its parsing logic elsewhere impossible. With this change the majority
of the code is moved to a new file, "lib.c", while the CLI interface is
now in a "main.c" file.

End-of-line whitespace is also removed.

Signed-off-by: Michael Hanselmann <public at hansmi.ch>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
1e9b74e8 by Michael Hanselmann at 2019-03-26T03:03:23Z
Remove ad2oLschema man page

ad2oLschema itself was removed in commit 17aac8cad2b in March 2009. Also
remove the last reference to the program.

Signed-off-by: Michael Hanselmann <public at hansmi.ch>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
9ac45960 by Kristján Valur at 2019-03-26T03:03:23Z
pytalloc: Refactor the pytalloc_reference and pytalloc_steal to use a common method.

Signed-off-by: Kristján Valur <kristjan at rvx.is>
Reviewed-by: Noel Power <npower at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
417a359b by Kristján Valur at 2019-03-26T03:03:23Z
pytalloc: Further refactoring to eliminate duplicate code.

Signed-off-by: Kristján Valur <kristjan at rvx.is>
Reviewed-by: Noel Power <npower at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
b272d161 by Kristján Valur at 2019-03-26T03:03:23Z
pytalloc: Handle memory errors when creating pytalloc objects.

Don't create superfluous exceptions.

Signed-off-by: Kristján Valur <kristjan at rvx.is>
Reviewed-by: Noel Power <npower at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
0fa5a77f by Kristján Valur at 2019-03-26T03:03:23Z
pytalloc: Check for errors during module initialization.

Signed-off-by: Kristján Valur <kristjan at rvx.is>
Reviewed-by: Noel Power <npower at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
5c6fdb5d by Volker Lendecke at 2019-03-26T03:03:23Z
libsmb: Fix cli_smb2_get_reparse_point_fnum_send

Use the correct state variable type

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
ac487bf4 by Volker Lendecke at 2019-03-26T04:43:40Z
lib: Make fd_load work for non-regular files

Follow-up to

https://lists.samba.org/archive/samba/2018-September/217992.html

and following. This also fixes a small and very theoretical race: Between the
fstat and the read call the file size might change. This would make us fail on
potentially legitimate files.

This is more complex and probably slower, but looking at the use cases I don't
think the speed matters.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13859

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Mar 26 04:43:40 UTC 2019 on sn-devel-144

- - - - -
f9a6992e by Volker Lendecke at 2019-03-27T11:20:23Z
libsmb: Fix valgrind errors in cli_smb2_get_reparse_point

Both tevent_req_nterror and tevent_req_is_nterror invalidate
"state". Pull the variables out of "state" before calling those two
functions.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
c7fae52f by Volker Lendecke at 2019-03-27T11:20:23Z
libsmb: Rename "readlink_state" to "cli_posix_readlink_state"

This is more in line with most other users of tevent_req: The state is
called fully after the routines it acts as a state repository for.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
3478e9d1 by Volker Lendecke at 2019-03-27T11:20:23Z
libsmb: Don't pass "cli" to cli_posix_readlink_recv

>From my point of view the option to change "cli" between
cli_posix_readlink_send and _recv is not necessary.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
3e1d8ab1 by Volker Lendecke at 2019-03-27T12:31:37Z
libsmb: Change cli_posix_readlink to return talloc'ed target

This is a deviation from the Posix readlink function that from my
point of view makes this function easier to use. In Posix, probably
the assumption is that readlink is cheap, so someone under memory
constraints could just start with a small buffer and incrementally
increase the buffer size. For us, it's a network round-trip, and we
have the luxury of [mt]alloc, which the syscall kernel interface does
not have.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Mar 27 12:31:37 UTC 2019 on sn-devel-144

- - - - -
a4d433ae by Tim Beale at 2019-03-27T13:31:27Z
selftest: Restore IPs 12-16 for selftest client

The assumption that tests only used the .11 IP was wrong. The
winsreplication test tries to use multiple different IPs - CI doesn't
fail when we remove the additional IPs, but it starts to skip test
cases.

+ Update get_interfaces_config() and get_ipv4_addr() so we can add
multiple different IPs for the same host.
+ Update selftest.pl so the client gets 6 IP addresses.
+ Update comments to better reflect this dependency.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
991d32a1 by Tim Beale at 2019-03-27T13:31:27Z
s4/torture: Update winsreplication to only use IPv4 addresses

This test was failing now that the client had an IPv6 address, however,
the test was marked as flapping so this failure wasn't obvious.

Use iface_list_n_is_v4() to filter out only the IPv4 addresses, as
that's all the test cares about.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
ffad76ae by Andreas Schneider at 2019-03-27T13:31:27Z
s3:utils: Add 'smbstatus -L --resolve-uids' to show usernames

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13793

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
6106b8a0 by Andreas Schneider at 2019-03-27T13:31:27Z
selftest: Add smbstatus to testhelper

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13793

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
2e7f4b1d by Andreas Schneider at 2019-03-27T14:33:35Z
s3:tests: Add test for smbstatus and smbstatus --resolve_uids

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13793

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Mar 27 14:33:35 UTC 2019 on sn-devel-144

- - - - -
c68d9c9e by David Disseldorp at 2019-03-27T18:21:38Z
vfs_snapper: drop unneeded fstat handler

fstat is handle based, and unlike vfs_shadow_copy2, we don't need to
make any changes to the returned sbuf, so remove the existing handler
which does nothing.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13858

Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Mar 27 18:21:38 UTC 2019 on sn-devel-144

- - - - -
139da67c by Noel Power at 2019-03-28T08:35:20Z
python/samba: PY3 port for ridalloc_exop test to work

Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit fc13a1268a4a9de94efd312a8309aa55d331ae19)

- - - - -
5602db1b by Noel Power at 2019-03-28T08:35:20Z
python/samba: extra ndr_unpack needs bytes function

(cherry picked from commit 8db43696e70d7c4cb21172b7e7461cf6a72914a2)

- - - - -
7bcb0729 by Stefan Metzmacher at 2019-03-28T08:35:20Z
selftest: force running with TZ=UTC

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Feb 27 11:24:59 UTC 2019 on sn-devel-144

(cherry picked from commit 4f307f2302b0fe8fd0fc6379eb8e6491faf8520c)

- - - - -
9339b096 by Stefan Metzmacher at 2019-03-28T08:35:20Z
blackbox/dbcheck-links.sh: reproduce lost deleted object problem

When a parent object is removed during the tombstone garbage collection
before a child object and samba-tool dbcheck runs at the same time, the
following can happen:

- If the object child had DISALLOW_MOVE_ON_DELETE in systemFlags,
  samba-tool dbcheck moves the object under the LostAndFound[Config]
  object (as an originating update!)
- The lastKnownParent attribute is removed (as an originating update!)

These originating updates cause the object to have an extended time
as tombstone. And these changes are replicated to other DCs,
which very likely already removed the object completely!

This means the destination DC of replication has no chance to handle
the object it gets from the source DC with just 2 attributes (name, lastKnownParent).

The destination logs something like:

  No objectClass found in replPropertyMetaData

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 5357f591accffbf8c62335c308b985811b66f0b5)

- - - - -
44c83b09 by Stefan Metzmacher at 2019-03-28T08:35:20Z
dsdb:repl_meta_data: allow CONTROL_DBCHECK_FIX_LINK_DN_NAME to by pass rename

We need a way to rename an object without updating the replication meta
data.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 3e8a435d27da899d0e3dab7cbc0a1c738067eba3)

- - - - -
0aaf7c98 by Stefan Metzmacher at 2019-03-28T08:35:21Z
dbcheck: use DSDB_CONTROL_DBCHECK_FIX_LINK_DN_NAME when renaming deleted objects

We should never do originating updates on deleted objects.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 07a8326746f0c444eedf3860b178fc29d84e8d16)

- - - - -
76de43f0 by Stefan Metzmacher at 2019-03-28T08:35:21Z
dbcheck: do isDeleted, systemFlags and replPropertyMetaData detection first

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 9afcd5331ce567bd80d35175f8e4e21c506e9347)

- - - - -
07ebd654 by Stefan Metzmacher at 2019-03-28T08:35:21Z
dbcheck: don't move already deleted objects to LostAndFound

This would typically happen when the garbage collection
removed a parent object before a child object (both with
the DISALLOW_MOVE_ON_DELETE bit set in systemFlags),
while dbcheck is running at the same time as the garbage collection.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 6d50ee74920c39cdb18b427bfaaf200775bf2d73)

- - - - -
7402d9cf by Stefan Metzmacher at 2019-03-28T08:35:21Z
dbcheck: don't remove dangling one-way links on already deleted objects

This would typically happen when the garbage collection
removed a parent object before a child object (both with
the DISALLOW_MOVE_ON_DELETE bit set in systemFlags),
while dbcheck is running at the same time as the garbage collection.
In this case the lastKnownParent attributes points a non existing
object.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit e388e599495b6d7c38b8b6966332e27f8b958783)

- - - - -
45850169 by Stefan Metzmacher at 2019-03-28T08:35:21Z
dbcheck: add find_repl_attid() helper function

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 598e38d2a5e0832429ba65b4e55bf7127618f894)

- - - - -
860b04aa by Stefan Metzmacher at 2019-03-28T08:35:21Z
blackbox/dbcheck-links.sh: add regression test for lost deleted object repair

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 1ccc21a34d295be3bb2ab481a5918003eae88bf4)

- - - - -
107883df by Stefan Metzmacher at 2019-03-28T08:35:21Z
dbcheck: detect the change after deletion bug

Old versions of 'samba-tool dbcheck' could reanimate
deleted objects, when running at the same time as the
tombstone garbage collection.

When the (deleted) parent of a deleted object
(with the DISALLOW_MOVE_ON_DELETE bit in systemFlags),
is removed before the object itself, dbcheck moved
it in the LostAndFound[Config] subtree of the partition
as an originating change. That means that the object
will be in tombstone state again for 180 days on the local
DC. And other DCs fail to replicate the object as
it's already removed completely there and the replication
only gives the name and lastKnownParent attributes, because
all other attributes should already be known to the other DC.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit a1658b306d85452407388b91a745078c9c1f7dc7)

- - - - -
aebf46d9 by Stefan Metzmacher at 2019-03-28T08:35:21Z
python/samba/netcmd: provide SUPPRESS_HELP via Option class

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit b61d580fb7dba8ff94e9e98c958e324865cd2f1d)

- - - - -
02f3d0a1 by Stefan Metzmacher at 2019-03-28T08:35:21Z
dbcheck: add --selftest-check-expired-tombstones cmdline option

This will be used by dbcheck tests which operate on static/old provision
dumps in the following commits.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 6f9c5ed8de47bb98e21e8064d8e90f963f2f71ca)

- - - - -
543fc3e9 by Stefan Metzmacher at 2019-03-28T08:35:22Z
blackbox/dbcheck*.sh: pass --selftest-check-expired-tombstones to dbcheck

These tests operate on provision dumps created long ago, they still
want to run tests on deleted objects, when the next commits remove
processing expired tombstone objects in dbcheck.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 5fccc4e9044d2e57be33471f5e6b9be7cc37ac3a)

- - - - -
3fca3dcc by Stefan Metzmacher at 2019-03-28T08:35:22Z
blackbox/dbcheck-links.sh: prepare regression test for skipping expired tombstones

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit b096a3117ed9249fd6f65f3221a26c88efbba3b8)

- - - - -
693c3498 by Stefan Metzmacher at 2019-03-28T08:35:22Z
dbcheck: don't check expired tombstone objects by default anymore

These will be removed anyway and any change on them risks to
be an originating update that causes replication problems.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Mar 14 03:12:27 UTC 2019 on sn-devel-144

(cherry picked from commit a2c5f8cf41c2dfdc4f122e8427d1dfeabb6ba311)

- - - - -
42b62465 by Stefan Metzmacher at 2019-03-28T08:35:22Z
dbcheck: use the str() value of the "name" attribute

We do the same with the rdn attribute value
and we need the same logic on both in order to
check they are the same.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13816

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Noel Power <npower at samba.org>
(cherry picked from commit dd6f0dad218ec1d5aa38ea8aa6848ec81035cb3f)

- - - - -
d44f2157 by Douglas Bagnall at 2019-03-28T08:35:22Z
py/graph: use 2.6 compatible check for set membership

It is better this way anyway.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13837
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Mar 20 06:36:05 UTC 2019 on sn-devel-144

(cherry picked from commit c0aca17a4c9ec06f0127d5c972f3fa979a87a77f)

- - - - -
87ffad41 by Douglas Bagnall at 2019-03-28T08:35:22Z
py/kcc_utils: py2.6 compatibility

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13837
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>

- - - - -
4644b23b by Michael Hanselmann at 2019-03-28T08:35:22Z
Fix typos in "valid"

s/vald/valid/

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13840

Signed-off-by: Michael Hanselmann <public at hansmi.ch>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 305346d360d3c13fd315c1af27b037f46fd10650)

- - - - -
223352ee by Michael Hanselmann at 2019-03-28T08:35:22Z
regfio: Use correct function names in debug information

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13840

Signed-off-by: Michael Hanselmann <public at hansmi.ch>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit aa6b355858a0d8b77bf49384e5329642add1a5ff)

- - - - -
b5ae06cc by Michael Hanselmann at 2019-03-28T08:35:22Z
regfio: Add trivial unit test

An upcoming commit will resolve two cases of insufficient handling of
mangled registry hive files and will include unit tests.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13840

Signed-off-by: Michael Hanselmann <public at hansmi.ch>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 9b2cb845b23cd1c91ab3b5ea8ad791b18b3ab733)

- - - - -
f3552ad5 by Michael Hanselmann at 2019-03-28T08:35:23Z
regfio: Improve handling of malformed registry hive files

* next_record: A malformed file can lead to an endless loop.
* regfio_rootkey: Supplying a malformed registry hive file to the
  registry hive I/O code can lead to out-of-bounds reads.

Test cases are included. Both issues resolved have been identified using
AddressSanitizer.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13840

Signed-off-by: Michael Hanselmann <public at hansmi.ch>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 601afd690346087fbd53819dba9b1afa81560064)

- - - - -
0cc35082 by Andrew Bartlett at 2019-03-28T08:35:23Z
regfio: Update code near recent changes to match README.Coding

This file long predates our current code conventions.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13840

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit acbf103fcaa4150a57bfbab2450e36b5b39e399b)

- - - - -
055b971a by Andrew Bartlett at 2019-03-28T08:35:23Z
regfio tests: Update comment style to match README.Coding

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13840

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
(cherry picked from commit 68c0fc4335d0c3c526a38481538a33290be6d58a)

- - - - -
5b716115 by Andreas Schneider at 2019-03-28T13:46:27Z
s3:waf: Fix the detection of makdev() macro on Linux

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13853

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit eace58b539a382c61edd7c2be6fdfab31114719f)

Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Thu Mar 28 13:46:27 UTC 2019 on sn-devel-144

- - - - -
c2761b00 by Stefan Metzmacher at 2019-03-28T23:09:32Z
s4:libcli/raw: don't schedule idle handlers on a dead connection

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
8dea0718 by Stefan Metzmacher at 2019-03-28T23:09:33Z
s4:libcli/smb2: don't schedule idle handlers on a dead connection

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
7a091aa9 by Stefan Metzmacher at 2019-03-28T23:09:33Z
s4:torture/raw: test_notify_tcp_dis trigger idle event every 0.25s

This is 1000 times longer than before and is less likely to
change the timing behavior when running under valgrind.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
6171a7ff by Stefan Metzmacher at 2019-03-28T23:09:33Z
s4:torture/smb2: test_notify_tcp_dis trigger idle event every 0.25s

This is 1000 times longer than before and is less likely to
change the timing behavior when running under valgrind.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

- - - - -
7dbd8e44 by Stefan Metzmacher at 2019-03-28T23:09:33Z
s3:smb2_write: add missing initialization of state->in_offset

This is just used in DEBUG messages, but still confusing.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

- - - - -
4c6156ed by Stefan Metzmacher at 2019-03-28T23:09:33Z
s3:smbd: fix SAFE_FREE() vs. TALLOC_FREE() in list_sessions()

It's very unlikely that sessionid_traverse_read() fails,
but we should not segfault.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
1d934857 by Stefan Metzmacher at 2019-03-28T23:09:34Z
s3:smbd: handle IO_REPARSE_TAG_DFS in SMB_FIND_FILE_FULL_DIRECTORY_INFO

This completes commit 74829fecd7a4e806ee441cd75141bede2eefef1a,
which missed SMB_FIND_FILE_FULL_DIRECTORY_INFO

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10097

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
827dd014 by Stefan Metzmacher at 2019-03-28T23:09:34Z
smb2_ioctl_network_fs: remove unused fsctl_srv_copychunk_state->aapl_copyfile

This is not used since commit 74e018f476608429caa1c3594102485ccc17afce.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
4760b852 by Stefan Metzmacher at 2019-03-28T23:09:34Z
smb2_server: allow smbd_smb2_request_pending_queue(0) to avoid STATUS_PENDING

This has the same meaning as smb2_request_set_async_internal(),
but this will simplifies callers.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13698
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13796

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
23792449 by Stefan Metzmacher at 2019-03-28T23:09:34Z
smb2_sesssetup: avoid STATUS_PENDING responses for session setup

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12845
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13698
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13796

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
8a11da42 by Stefan Metzmacher at 2019-03-28T23:09:35Z
smb2_tcon: avoid STATUS_PENDING responses for tree connect

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12844
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13698

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
d6403842 by Stefan Metzmacher at 2019-03-28T23:09:35Z
smb2_sesssetup: avoid STATUS_PENDING completely on session logoff

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10344
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13698

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
1dc00254 by Stefan Metzmacher at 2019-03-28T23:09:35Z
smb2_tcon: avoid STATUS_PENDING completely on tdis

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10344
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13698

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
2abf9e9a by Stefan Metzmacher at 2019-03-28T23:09:35Z
vfs_default: fix DEBUG messages in vfswrap_offload_write_*_done()

SMB_VFS_{PREAD,PWRITE}_RECV() don't set errno, so we need to
use strerror(aio_state.error) in the debug messages.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13862

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
4d6cd932 by Stefan Metzmacher at 2019-03-28T23:09:35Z
vfs_default: fix vfswrap_offload_write_send() NT_STATUS_INVALID_VIEW_SIZE check

This fixes a regression introduced in commit
60e45a2d25401eaf9a15a86d19114670ccfde259, where the 'num' variable
was renamed to 'to_copy', but a new 'num' variable was introduced.

Note that off_t is signed!
In future we need to watch out for filesystems supporting
FMODE_UNSIGNED_OFFSET on Linux. Which means they use it unsigned.

This is more or less a theoretical problem, The
NT_STATUS_INVALID_PARAMETER cases are catched before by
SMB_VFS_PREAD_SEND/RECV.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13862

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
829f692f by Stefan Metzmacher at 2019-03-28T23:09:36Z
smb2_server: grant all 8192 credits to clients

This seems to match Windows Server 2016.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13863

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
ee2574ae by Stefan Metzmacher at 2019-03-28T23:09:36Z
s4:libcli/smb2: fix smb2_getinfo_send() marshalling

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13863

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
c88c2bf3 by Stefan Metzmacher at 2019-03-28T23:09:36Z
s4:libcli/smb2: calculate the correct credit charge in smb2_getinfo_send()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13863

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
97b4e6e2 by Stefan Metzmacher at 2019-03-28T23:09:36Z
s4:libcli/smb2: align struct smb_ioctl.smb2 to [MS-SMB2] names

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13863

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
5a07c294 by Stefan Metzmacher at 2019-03-28T23:09:36Z
s4:libcli/smb2: calculate the correct credit charge in smb2_ioctl_send()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13863

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
e6fa76b6 by Stefan Metzmacher at 2019-03-28T23:09:37Z
s4:libcli/smb2: calculate the correct credit charge in smb2_notify_send()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13863

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
4ffb517f by Stefan Metzmacher at 2019-03-28T23:09:37Z
s4:torture/smb2: add smb2_create_simple_file() and torture_setup_simple_file()

Instead of the *_complex_file() versions these don't use EA's nor
complex timestamps.

A lot of tests currently using *_complex_file() only fail because
smbd doesn't implement the correct 'change_time' update behavior.
That should not be the reason why all smb2 related tests fail.

Timestamps should be tested in dedicated tests.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13864

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
d6fce7c0 by Stefan Metzmacher at 2019-03-28T23:09:37Z
s4:torture/smb2/notify: make use of torture_setup_simple_file() in test_valid_request()

There's no reason to use torture_setup_complex_file(), when we want to
test notify code. The test pass fine against Samba this way and don't
fail because of unrelated timestamp behavior.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13864

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
12fb3ec1 by Stefan Metzmacher at 2019-03-28T23:09:37Z
s4:torture/smb2: replace torture:cn_max_buffer_size option with the negotiated max trans size

Both:

 smbtorture //w2012r2-188/torture -Ua%b smb2.notify.valid-req --smb-ports=139

and:

 smbtorture //w2012r2-188/torture -Ua%b smb2.notify.valid-req --smb-ports=445

work against Windows 2008R2, 2012R2 and 2016 now and it reflects what
we have implemented in Samba.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13864

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
11f25834 by Stefan Metzmacher at 2019-03-29T00:35:39Z
s3:smbd: fix max_buffer handling of initial notify requests

The max_buffer value is only evaluated on the first notify
request on a directory handle.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13864

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Mar 29 00:35:39 UTC 2019 on sn-devel-144

- - - - -
7f1b6455 by Aaron Haslett at 2019-03-29T17:29:31Z
paged_search: perf testing paged search

Adding medley performance run with paged search module.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13836

Signed-off-by: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
24efa3ca by Aaron Haslett at 2019-03-29T17:29:31Z
ldb: cmocka test for empty attributes bug

Cmocka test exposing LDB bug where a request with an empty attributes
list returns a response containing all attributes.  The bug is in the
ACL module and will be fixed in the next commit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13836

Signed-off-by: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
a2b1970a by Garming Sam at 2019-03-29T18:37:29Z
acl_read: Fix regression caused by db15fcfa899e1fe4d6994f68ceb299921b8aa6f1 for empty lists

The original code never dereferenced attrs and only added "*" if attrs
was NULL (not if attrs[0] was NULL).

This causes significant performance issues with the new paged_results
module introduced for 4.10 as the initial GUID search requests no
attributes. This GUID search turns into a search for "*" and ends up
allocating memory for the entire database.

This never appears to cause changes in the final result set, only
intermediate processing.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13836

Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Mar 29 18:37:29 UTC 2019 on sn-devel-144

- - - - -
30ce81d2 by Mathieu Parent at 2019-03-30T18:42:52Z
Upload 2:4.9.5+dfsg-2 to unstable

- - - - -
ed0060d3 by Douglas Bagnall at 2019-03-30T22:21:26Z
selftest: use test smb.conf in provision

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Tim Beale <timbeale at catalyst.net.nz>

- - - - -
53afa138 by Björn Baumbach at 2019-03-30T22:21:27Z
samba-tool: fix some typos

All command descriptions have a dot '.' at the end.
The ou and visualize command need this too.

  ...
  group       - Group management.
  ldapcmp     - Compare two ldap databases.
  ntacl       - NT ACLs manipulation.
  ou          - Organizational Units (OU) management
  ...
  user        - User management.
  visualize   - Produces graphical representations of Samba network state

Signed-off-by: Björn Baumbach <bb at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
5131fc5c by Björn Baumbach at 2019-03-30T22:21:27Z
doc: add missing samba-tool user edit documentation

Signed-off-by: Björn Baumbach <bbaumbach at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
f8d3180d by Björn Baumbach at 2019-03-30T22:21:27Z
doc: fix typos in samba-tool documentation

Signed-off-by: Björn Baumbach <bbaumbach at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
14070f8d by Björn Baumbach at 2019-03-30T22:21:27Z
doc: add missing "samba-tool computer" entry

Signed-off-by: Björn Baumbach <bbaumbach at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
f9ee6b67 by Björn Baumbach at 2019-03-30T23:33:39Z
doc: add missing "samba-tool ou" entry

Signed-off-by: Björn Baumbach <bbaumbach at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Sat Mar 30 23:33:39 UTC 2019 on sn-devel-144

- - - - -
865b7b0c by Philipp Gesang at 2019-03-31T01:11:09Z
libcli: permit larger values of DataLength in SMB2_ENCRYPTION_CAPABILITIES of negotiate response

Certain Netapp versions are sending SMB2_ENCRYPTION_CAPABILITIES
structures containing DataLength field that includes the padding
[0]. Microsoft has since clarified that only values smaller than
the size are considered invalid [1].

While parsing the NegotiateContext it is ensured that DataLength
does not exceed the message bounds. Also, the value is not
actually used anywhere outside the validation. Thus values
greater than the actual data size are safe to use. This patch
makes Samba fail only on values that are too small for the (fixed
size) payload.

[0] https://lists.samba.org/archive/samba/2019-February/221139.html
[1] https://lists.samba.org/archive/cifs-protocol/2019-March/003210.html

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13869

Signed-off-by: Philipp Gesang <philipp.gesang at intra2net.com>
Reviewed-by: Ralph Böhme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sun Mar 31 01:11:09 UTC 2019 on sn-devel-144

- - - - -
d7e187c1 by Martin Schwenke at 2019-03-31T10:45:20Z
ctdb-scripts: Reindent some functions prior to making changes

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>

- - - - -
9981353a by Martin Schwenke at 2019-03-31T10:45:20Z
ctdb-scripts: Rename variable nfslock_service to nfs_lock_service

There will be more of these variable for other services so, for
readability, it makes sense for them to start with "nfs_".

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>

- - - - -
e72c3c80 by Martin Schwenke at 2019-03-31T10:45:20Z
ctdb-scripts: Add test variable CTDB_NFS_DISTRO_STYLE

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>

- - - - -
8de0a339 by Martin Schwenke at 2019-03-31T10:45:20Z
ctdb-scripts: Factor out nfs_load_config()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>

- - - - -
42103b56 by Martin Schwenke at 2019-03-31T10:45:20Z
ctdb-scripts: Stop/start mount/rquotad/status via NFS call-out

When an NFS check restarts a failed service by hand then systemd will
be unable to stop or start this service again because (at least) the
PID file will be wrong.  Do this via the NFS Linux kernel call-out
instead.  Allow the call-out to use the services instead of doing
manual restarts.  Add variables for mount, status and rquotad services
to support this.

Adding systemd NFS services to the call-out will follow.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>

- - - - -
708c0407 by Martin Schwenke at 2019-03-31T10:45:20Z
ctdb-scripts: Start NFS quota service if defined

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>

- - - - -
a8fafd37 by Martin Schwenke at 2019-03-31T10:45:20Z
ctdb-scripts: Add systemd services to NFS call-out

At least Red Hat and Debian appear to use (a variant of?) the upstream
systemd units for NFS, so adding support for these services is
relatively easy.  Distributions using Sys-V init can patch the
call-out to use the relevant Sys-V init services.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>

- - - - -
2833ddcf by Martin Schwenke at 2019-03-31T10:45:20Z
ctdb-tests: Update NFS test infrastructure to support systemd services

The tests are written around the default of sysvinit-redhat.  Add
support for systemd-redhat.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>

- - - - -
95283bdf by Martin Schwenke at 2019-03-31T10:45:20Z
ctdb-scripts: Default to using systemd services in NFS call-out

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>

- - - - -
0d67ea5f by Martin Schwenke at 2019-03-31T10:45:20Z
ctdb-scripts: Allow load_system_config() to take multiple alternatives

The situation for NFS config has got more complicated and is probably
broken in statd-callout on Debian-like systems at the moment.  Allow
several alternative configuration names to be tried.  Stop after the
first that is found and loaded.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>

- - - - -
a2bd4085 by Martin Schwenke at 2019-03-31T10:45:20Z
ctdb-scripts: Update statd-callout to try several configuration files

The alternative seems to be to try something via CTDB_NFS_CALLOUT.
That would be complicated and seems like overkill for something this
simple.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>

- - - - -
f1a1c300 by Martin Schwenke at 2019-03-31T11:47:44Z
ctdb-scripts: Do not "correct" number of nfsd threads when it is 0

While 0 may indicate that all threads have exited after being stuck,
it may also indicate that nfsd should not be running due to being shut
down.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>

Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Sun Mar 31 11:47:44 UTC 2019 on sn-devel-144

- - - - -
aac20390 by Volker Lendecke at 2019-04-01T17:58:16Z
libsmb: Rename InfoType from [MS-SMB2] according to the spec

This makes it easier to find this via internet search

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
c05ff617 by Volker Lendecke at 2019-04-01T17:58:17Z
libsmb: Make "struct smb2_lock_element" generally usable

This struct will be of interest when we add locking capabilities to
libcli/smb/smb2cli*

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
0876712c by Volker Lendecke at 2019-04-01T19:00:11Z
libsmb: Make cli_posix_chown/chmod proper tevent_req functions

This prepares for making them smb2-aware

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Apr  1 19:00:11 UTC 2019 on sn-devel-144

- - - - -
40669e37 by Andreas Schneider at 2019-04-02T01:12:09Z
s3:libads: Print more information when LDAP fails

Currently we just get an error but don't know what exactly we tried to
do in 'net ads join -d10'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
011a47f0 by Andreas Schneider at 2019-04-02T01:12:09Z
s3:libsmb: Add some useful debug output to cliconnect

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
3a33c360 by Guenther Deschner at 2019-04-02T01:12:10Z
s3:libnet: Fix debug message in libnet_DomainJoin()

A newline is missing but also use DBG_INFO macro and cleanup spelling.

Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
9e926548 by Guenther Deschner at 2019-04-02T01:12:10Z
auth:ntlmssp: Add back CRAP ndr debug output

This got lost somehow during refactoring. This is still viable
information when trying to figure out what is going wrong when
authenticating a user over NTLMSSP.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
5c7f0a69 by Andreas Schneider at 2019-04-02T01:12:10Z
auth:creds: Prefer the principal over DOMAIN/username when using NTLM

If we want to authenticate using -Wadmin at otherdomain the DC should do
take care of the authentication with the right DC for us.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Pair-Programmed-With: Guenther Deschner <gd at samba.org>
Signed-off-by: Guenther Deschner <gd at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
b7f0c645 by Andreas Schneider at 2019-04-02T01:12:10Z
s3:libnet: Use more secure name for the JOIN krb5.conf

Currently we create krb5.conf..JOIN, use krb5.conf._JOIN_ instead.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
c016afc8 by Andreas Schneider at 2019-04-02T01:12:10Z
s3:libads: Make sure we can lookup KDCs which are not configured

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Pair-Programmed-With: Guenther Deschner <gd at samba.org>
Signed-off-by: Guenther Deschner <gd at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
2044ca0e by Guenther Deschner at 2019-04-02T01:12:10Z
s3:ldap: Leave add machine code early for pre-existing accounts

This avoids numerous LDAP constraint violation errors when we try to
re-precreate an already existing machine account.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Signed-off-by: Guenther Deschner <gd at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
720396f0 by Mathieu Parent at 2019-04-02T01:12:10Z
Spelling fix s/informations/information/

Signed-off-by: Mathieu Parent <math.parent at gmail.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>

- - - - -
6064543d by Mathieu Parent at 2019-04-02T01:12:11Z
Spelling fixes s/overrided/overridden/

Signed-off-by: Mathieu Parent <math.parent at gmail.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>

- - - - -
882d8a5b by Mathieu Parent at 2019-04-02T01:12:11Z
Spelling fixes s/conficts/conflicts/

Signed-off-by: Mathieu Parent <math.parent at gmail.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>

- - - - -
959a4837 by Mathieu Parent at 2019-04-02T01:12:11Z
Spelling fixes s/verson/version/

Signed-off-by: Mathieu Parent <math.parent at gmail.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>

- - - - -
92c726dc by Kristján Valur at 2019-04-02T02:12:48Z
make some auth functions return an NTSTATUS like other similar functions for better diagnostics.

Signed-off-by: Kristján Valur <kristjan at rvx.is>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Apr  2 02:12:48 UTC 2019 on sn-devel-144

- - - - -
9c52fdc1 by Andreas Schneider at 2019-04-02T09:11:45Z
s3:lib: Fix the debug message for adding cache entries.

To get correct values, we need to cast 'timeout' to 'long int' first in
order to do calculation in that integer space! Calculations are don in
the space of the lvalue!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13848

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 5822449a7340f53987ce4c04851652427f5b49e8)

- - - - -
d59cefc8 by Philipp Gesang at 2019-04-02T13:44:38Z
libcli: permit larger values of DataLength in SMB2_ENCRYPTION_CAPABILITIES of negotiate response

Certain Netapp versions are sending SMB2_ENCRYPTION_CAPABILITIES
structures containing DataLength field that includes the padding
[0]. Microsoft has since clarified that only values smaller than
the size are considered invalid [1].

While parsing the NegotiateContext it is ensured that DataLength
does not exceed the message bounds. Also, the value is not
actually used anywhere outside the validation. Thus values
greater than the actual data size are safe to use. This patch
makes Samba fail only on values that are too small for the (fixed
size) payload.

[0] https://lists.samba.org/archive/samba/2019-February/221139.html
[1] https://lists.samba.org/archive/cifs-protocol/2019-March/003210.html

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13869

Signed-off-by: Philipp Gesang <philipp.gesang at intra2net.com>
Reviewed-by: Ralph Böhme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sun Mar 31 01:11:09 UTC 2019 on sn-devel-144

(cherry picked from commit 865b7b0c7d2ba7fa0a045586d1e83a72028a0864)

Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Tue Apr  2 13:44:38 UTC 2019 on sn-devel-144

- - - - -
9314bd0b by Joe Guo at 2019-04-02T16:09:25Z
samba_dnsupdate: small tweaks to make code more pythonic

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Noel Power <npower at samba.org>

- - - - -
47278bfa by Michael Hanselmann at 2019-04-02T17:28:40Z
waf: Simplify condition for undefined symbol detection

There's no need to check for OpenBSD twice.

Signed-off-by: Michael Hanselmann <public at hansmi.ch>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Noel Power <npower at samba.org>

Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Tue Apr  2 17:28:40 UTC 2019 on sn-devel-144

- - - - -
3378a561 by Björn Baumbach at 2019-04-03T00:13:10Z
s4:rpc_server: add missing newline to error debug message

Signed-off-by: Björn Baumbach <bb at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Apr  3 00:13:10 UTC 2019 on sn-devel-144

- - - - -
ea3b4d6a by Gary Lockyer at 2019-04-03T01:40:22Z
prefork tests: disable restart tests MIT

The prefork restart tests use the kdc to test restart back off.  These
tests need to use a process that has not been restarted to ensure that
the process restart counters are sitting at 0 when the tests start.

As MIT kerberos is experimental the heimdal builds will still ensure
that this functionality is tested.

At some stage the echo server should be converted to run in pre-fork and
this process can then be used to test the restart backoff.

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
4ae2fb2e by Mathieu Parent at 2019-04-03T01:40:22Z
Relax GPGME version check

The current method require at least the same version as during the build. This is not needed.

Used symbols indicate the minimum is 1.2.0

Bug-Debian: http://bugs.debian.org/886333

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13880

Signed-off-by: Mathieu Parent <math.parent at gmail.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
29d7c80e by Michael Hanselmann at 2019-04-03T02:43:07Z
oLschema2ldif: Resolve multiple parsing bugs

The "oLschema2ldif" program contained multiple bugs triggered by
malformed inputs:

* Iteration beyond list of recognized dsdb syntax OIDs when value wasn't
  found (bug 9567)
* NULL pointer dereference when input didn't define a name
* Heap buffer overflows for unterminated token values

Tests are added to reproduce all identified bugs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9567

Signed-off-by: Michael Hanselmann <public at hansmi.ch>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

Then adapted to use ARRAY_SIZE() consistently as suggested by
metze.

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Apr  3 02:43:07 UTC 2019 on sn-devel-144

- - - - -
b7f7e5a3 by Andreas Schneider at 2019-04-03T06:48:21Z
lib:util: Add support to keep talloc chunks secret

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>

- - - - -
c4baf2f6 by Andreas Schneider at 2019-04-03T06:48:21Z
lib:util: Add test for talloc_keep_secret()

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>

- - - - -
c7f403d3 by Andreas Schneider at 2019-04-03T07:50:03Z
lib:util: Include talloc_keep_secret.h in samba_util.h

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>

Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Apr  3 07:50:03 UTC 2019 on sn-devel-144

- - - - -
d01c5bc9 by Philipp Gesang at 2019-04-03T10:11:49Z
provision: use ASCII quotes

Remove some Unicode quotes that cause problems under the C
locale.

Signed-off-by: Philipp Gesang <philipp.gesang at intra2net.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
7a413a6d by Philipp Gesang at 2019-04-03T11:33:38Z
python/samba: ignore encoding errors while reading files

Provisioning fails on C locale due to the Unicode quotes in ldif
data. Patch read_and_sub_file() to read the files as UTF-8.

Signed-off-by: Philipp Gesang <philipp.gesang at intra2net.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Wed Apr  3 11:33:38 UTC 2019 on sn-devel-144

- - - - -
2a926231 by Volker Lendecke at 2019-04-03T16:55:27Z
rpc: Don't crash if npa_accept fails

We can only rely on session_info_transport to be filled correctly upon
success of the accept_existing_recv function

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
a0f03be7 by Volker Lendecke at 2019-04-03T16:55:27Z
auth: Add necessary decoration to auth/auth_util.h

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
a80ea6bf by Volker Lendecke at 2019-04-03T17:53:30Z
rpc: Fix a typo

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Apr  3 17:53:30 UTC 2019 on sn-devel-144

- - - - -
ea29aa27 by Günther Deschner at 2019-04-03T17:54:25Z
s3-libnet_join: always pass down admin domain to ads layer

Otherwise we could loose the information that a non-default domain name
has been used for admin creds.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Guenther

Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
68121f46 by Günther Deschner at 2019-04-03T17:54:25Z
s3-libnet_join: setup libnet join error string when AD connect fails

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Guenther

Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
377d2735 by Günther Deschner at 2019-04-03T18:57:31Z
s3-libnet_join: allow fallback to NTLMSSP auth in libnet_join

When a non-DNS and non-default admin domain is provided during the join
sometimes we might not be able to kinit with 'user at SHORTDOMAINNAME'
(e.g. when the winbind krb5 locator is not installed). In that case lets
fallback to NTLMSSP, like we do in winbind.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Guenther

Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Apr  3 18:57:31 UTC 2019 on sn-devel-144

- - - - -
5ba049b5 by Gary Lockyer at 2019-04-04T06:40:16Z
flapping tests: Add samba3.smb2.notify

Add samba3.smb2.notify until Metze gets time to follow it up.

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
267cc71f by Gary Lockyer at 2019-04-04T06:40:16Z
lib ldb key_value: Remove index cache lazy initialisation

Remove the lazy initialisation of the index cache. This make setting
the size of the cache for re-indexing easier, which will be done in
later commits.

Performance testing shows that the removal of lazy initialisation makes
no appreciable difference to performance.

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
8f7bf13b by Gary Lockyer at 2019-04-04T06:40:16Z
lib ldb key_value: Pass index cache size

Pass the index cache size to ldb_kv_index_transaction_start.  This will
allow it to be set for reindex and join operations, where the current
defaults result in a significant performance penalty on large databases.

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
6129a05c by Gary Lockyer at 2019-04-04T06:40:17Z
lib ldb key_value: Add get_size method

Add the get_size method to the ldb_key_value layer, this will allow the
reindexing code to get an estimate of the number of records in the
database.

The lmdb backend returns an accurate count of the number of records in
the database withe the mdb_env_stat call.

The tdb backend does not provide a low cost method to determine the
number of records on the database.  It does provide a tdb_summary call
however this this walks the entire database.

So for tdb we use the map size divided by 500, this over estimates the counts
for small domains, but the extra memory allocated for the cache should
not be significant.

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
0952f98e by Gary Lockyer at 2019-04-04T06:40:17Z
lib ldb key_value: set the cache size for re-indexing

Set the index cache size to the number of records in the databse when
reindexing.

This significantly improves reindex performance.  For a domain with
100,000 users the reindex times are reduced from 17 minutes to 45
seconds.

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
69408654 by Gary Lockyer at 2019-04-04T06:40:17Z
lib ldb key_value: Set index cache size on open

Set the default index cache from the passed option
"transaction_index_cache_size" on open.  This allows the default cache
size to be overridden when processing large transactions i.e. joining a
large domain.

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
00874b61 by Gary Lockyer at 2019-04-04T07:45:03Z
python join: Set index transaction cache size.

The default value is too small for joining a large domain.  So we specify a
size of 200,000 which is suitable for domains with up to 100,000 users.

At a later date this could be added as a parameter to the join, but
200,000 should be suitable for now.

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Apr  4 07:45:03 UTC 2019 on sn-devel-144

- - - - -
b4d4778d by Ralph Wuerthner at 2019-04-04T22:39:31Z
s3-messages: modify msg_pool_usage() to allow enhanced memory reports

Signed-off-by: Ralph Wuerthner <ralph.wuerthner at de.ibm.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
15afc4fb by Ralph Wuerthner at 2019-04-04T23:39:25Z
s3-messages: add mallinfo() information to pool-usage report

Signed-off-by: Ralph Wuerthner <ralph.wuerthner at de.ibm.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

Autobuild-User(master): Christof Schmitt <cs at samba.org>
Autobuild-Date(master): Thu Apr  4 23:39:25 UTC 2019 on sn-devel-144

- - - - -
05c35875 by Volker Lendecke at 2019-04-05T00:00:10Z
rpc: Add tstream_u32_read

In npa_tstream.c we have two next_vector functions reading a big
endian uin32_t length and then the blob described by the length. This
factors that next_vector out into a central routine.

Why? I'll add another NPA protocol in the future, and this would add
yet another two copies of that next_vector code

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
60e31c55 by Volker Lendecke at 2019-04-05T01:00:48Z
rpc: Convert npa_tstream.c to use tstream_u32_read_send

This avoids a bit of code duplication. Overall the last two commits
add a few lines, but that also contains the header file and another GPL
header for tstream_u32_read.c.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Apr  5 01:00:48 UTC 2019 on sn-devel-144

- - - - -
7545eff1 by Douglas Bagnall at 2019-04-05T04:41:25Z
perf-tests: rename paged search test for regex disambiguation

We like to use "TESTS=medley" for the old ad_dc_medley.

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
c078ea78 by Douglas Bagnall at 2019-04-05T04:41:25Z
spell "recursive"

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
927a5e3c by Douglas Bagnall at 2019-04-05T04:41:25Z
dsdb mods/extended_dn_store: used the ldb we already have

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
c5f7b07a by Douglas Bagnall at 2019-04-05T04:41:25Z
dsdb/modules: minor comment typos in samba_dsdb

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
dad98d03 by Douglas Bagnall at 2019-04-05T04:41:25Z
autobuild: attempt authenticated email if environment suggests it

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
2da9d7d1 by Douglas Bagnall at 2019-04-05T05:46:55Z
ldb_kv_search: avoid handling uninitialised dn

If ldb_kv_filter_attrs() fails, we don't know that the dn of filtered_msg
is OK.

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Apr  5 05:46:55 UTC 2019 on sn-devel-144

- - - - -
d247a600 by Tim Beale at 2019-04-05T07:01:15Z
tests: Add test for setting min/maxPwdAge

Currently setting maxPwdAge doesn't work at all.

While we're adding a test, we might as well assert that minPwdAge
can't be greater than maxPwdAge as well.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13873

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
b43f997f by Tim Beale at 2019-04-05T07:01:15Z
netcmd: Use python constant for -0x8000000000000000

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13873

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
940306a2 by Tim Beale at 2019-04-05T07:01:15Z
netcmd: Add some timestamp conversion helper functions

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13873

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
49231313 by Karolin Seeger at 2019-04-05T07:26:54Z
VERSION: Bump version up to 4.9.6...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger <kseeger at samba.org>
(cherry picked from commit 3e6b84f8b43f769b823c13852237f47ebfad6d77)

- - - - -
b708ce3f by Tim Beale at 2019-04-05T07:48:18Z
CVE-2019-3870 tests: Extend smbd tests to check for umask being overwritten

The smbd changes the umask - if the code fails to restore the umask to
what it was, then this is very bad. Add an extra check to every
smbd-related test that the umask at the end of the test is the same as
what it was at the beginning (i.e. if the smbd code changed the umask
then it correctly restored the value afterwards).

As the selftest sets the umask for all tests to zero, it makes it hard
to detect this problem, so the test setUp() needs to set it to something
else first.

This extra checking is added to the setUp()/tearDown() so that it
applies to all test-cases. However, any failure that occur with this
approach will not be able to be known-failed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

(This backport to Samba 4.9 by Andrew Bartlett was not a pure
cherry-pick due to merge conflicts)

- - - - -
83cc536a by Tim Beale at 2019-04-05T07:48:18Z
CVE-2019-3870 tests: Add test to check file-permissions are correct after provision

This provisions a new DC and checks there are no world-writable
files in the new DC's private directory.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
65a175aa by Andrew Bartlett at 2019-04-05T07:48:18Z
CVE-2019-3870 pysmbd: Include tests to show the outside umask has no impact

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
30db4865 by Andrew Bartlett at 2019-04-05T07:48:18Z
CVE-2019-3870 pysmbd: Move umask manipuations as close as possible to users

Umask manipulation was added to pysmbd with e146fe5ef96c1522175a8e81db15d1e8879e5652 in 2012
and init_files_struct was split out in 747c3f1fb379bb68cc7479501b85741493c05812 in 2018 for
Samba 4.9. (It was added to assist the smbd.create_file() routine used in the backup and
restore tools, which needed to write files with full metadata).

This in turn avoids leaving init_files_struct() without resetting the umask to
the original, saved, value.

Per umask(2) this is required before open() and mkdir() system calls (along
side other file-like things such as those for Unix domain socks and FIFOs etc).

Therefore for safety and clarify the additional 'belt and braces' umask
manipuations elsewhere are removed.

mkdir() will be protected by a umask() bracket, for correctness, in the next patch.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834

Signed-off-by: Andrew Bartlett <abartlet at samba.org>

(This backport to Samba 4.9 by Andrew Bartlett is not a pure
cherry-pick due to merge conflicts)

- - - - -
c92ac5ad by Andrew Bartlett at 2019-04-05T07:48:18Z
CVE-2019-3870 pysmbd: Ensure a zero umask is set for smbd.mkdir()

mkdir() is the other call that requires a umask of 0 in Samba.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
d53121af by Jeremy Allison at 2019-04-05T07:48:18Z
CVE-2019-3880 s3: rpc: winreg: Remove implementations of SaveKey/RestoreKey.

The were not using VFS backend calls and could only work
locally, and were unsafe against symlink races and other
security issues.

If the incoming handle is valid, return WERR_BAD_PATHNAME.

[MS-RRP] states "The format of the file name is implementation-specific"
so ensure we don't allow this.

As reported by Michael Hanselmann.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13851

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
424563db by Karolin Seeger at 2019-04-05T07:48:18Z
WHATSNEW: Add release notes for Samba 4.9.6.

CVE-2019-3870 (World writable files in Samba AD DC private/ dir)
CVE-2019-3880 (Save registry file outside share as unprivileged user)

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
dd7b68d1 by Karolin Seeger at 2019-04-05T07:48:18Z
VERSION: Disable GIT_SNAPSHOT for the 4.9.6 release.

CVE-2019-3870 (World writable files in Samba AD DC private/ dir)
CVE-2019-3880 (Save registry file outside share as unprivileged user)

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
7a410ccb by Tim Beale at 2019-04-05T08:03:08Z
netcmd: Fix passwordsettings --max-pwd-age command

The min_pwd_age and max_pwd_age parameters are both optional and default
to None. However, if we just set the max-pwd-age, then the check
'min_pwd_age >= max_pwd_age' will throw a Python exception because it's
trying to compare an int to NoneType (min_pwd_age). This works on Python 2
but is a problem on Python 3.

We could just add a check that min_pwd_age is not None, but that defeats
the point of having the check if you're only setting either the min or
max age indepedently.

This patch gets the current min/max password age from the DB (in ticks).
If either setting is changed, the ticks will be updated. Then at the end
we check the min is still less than the max (to do this, we convert the
ticks back to days in the interests of readability).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13873

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Apr  5 08:03:08 UTC 2019 on sn-devel-144

- - - - -
d5ca39f6 by Mathieu Parent at 2019-04-05T14:44:43Z
samba-libs: Fix Breaks+Replaces: libndr-standard0 (<< 2:4.0.9) (Closes: #910242)

- - - - -
ecdb31ca by Jeremy Allison at 2019-04-05T14:47:18Z
CVE-2019-3880 s3: rpc: winreg: Remove implementations of SaveKey/RestoreKey.

The were not using VFS backend calls and could only work
locally, and were unsafe against symlink races and other
security issues.

If the incoming handle is valid, return WERR_BAD_PATHNAME.

[MS-RRP] states "The format of the file name is implementation-specific"
so ensure we don't allow this.

As reported by Michael Hanselmann.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13851

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
4c1b4d9e by Mathieu Parent at 2019-04-05T14:47:18Z
Add patch for CVE-2019-3880 Save registry file outside share as unprivileged user in Samba 4.x

- - - - -
40af26fa by Tim Beale at 2019-04-05T14:48:05Z
CVE-2019-3870 tests: Extend smbd tests to check for umask being overwritten

The smbd changes the umask - if the code fails to restore the umask to
what it was, then this is very bad. Add an extra check to every
smbd-related test that the umask at the end of the test is the same as
what it was at the beginning (i.e. if the smbd code changed the umask
then it correctly restored the value afterwards).

As the selftest sets the umask for all tests to zero, it makes it hard
to detect this problem, so the test setUp() needs to set it to something
else first.

This extra checking is added to the setUp()/tearDown() so that it
applies to all test-cases. However, any failure that occur with this
approach will not be able to be known-failed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

(This backport to Samba 4.9 by Andrew Bartlett was not a pure
cherry-pick due to merge conflicts)

- - - - -
84f97107 by Tim Beale at 2019-04-05T14:48:05Z
CVE-2019-3870 tests: Add test to check file-permissions are correct after provision

This provisions a new DC and checks there are no world-writable
files in the new DC's private directory.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
0761b15b by Andrew Bartlett at 2019-04-05T14:48:05Z
CVE-2019-3870 pysmbd: Include tests to show the outside umask has no impact

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
e9b33016 by Andrew Bartlett at 2019-04-05T14:48:05Z
CVE-2019-3870 pysmbd: Move umask manipuations as close as possible to users

Umask manipulation was added to pysmbd with e146fe5ef96c1522175a8e81db15d1e8879e5652 in 2012
and init_files_struct was split out in 747c3f1fb379bb68cc7479501b85741493c05812 in 2018 for
Samba 4.9. (It was added to assist the smbd.create_file() routine used in the backup and
restore tools, which needed to write files with full metadata).

This in turn avoids leaving init_files_struct() without resetting the umask to
the original, saved, value.

Per umask(2) this is required before open() and mkdir() system calls (along
side other file-like things such as those for Unix domain socks and FIFOs etc).

Therefore for safety and clarify the additional 'belt and braces' umask
manipuations elsewhere are removed.

mkdir() will be protected by a umask() bracket, for correctness, in the next patch.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834

Signed-off-by: Andrew Bartlett <abartlet at samba.org>

(This backport to Samba 4.9 by Andrew Bartlett is not a pure
cherry-pick due to merge conflicts)

- - - - -
f891f41e by Andrew Bartlett at 2019-04-05T14:48:06Z
CVE-2019-3870 pysmbd: Ensure a zero umask is set for smbd.mkdir()

mkdir() is the other call that requires a umask of 0 in Samba.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
b8a241f7 by Mathieu Parent at 2019-04-05T14:48:47Z
Add patch for CVE-2019-3870 pysmbd: missing restoration of original umask after umask(0)

- - - - -
391829bb by Mathieu Parent at 2019-04-05T14:51:20Z
Release 2:4.9.5+dfsg-3

- - - - -
7c44f2f7 by Christof Schmitt at 2019-04-06T05:12:21Z
memcache: Introduce struct for storing talloc pointer

This allows extending the additional data stored for talloced objects
later.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13865

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
a04ca6f3 by Christof Schmitt at 2019-04-06T05:12:21Z
memcache: Properly track the size of talloc objects

With memcache_add_talloc, the talloc object becomes part of the pool and
the memcache_element stores a pointer to the talloc object. The
size of the the talloc object was not used when tracking the used space,
allowing the cache to grow larger than defined in the memcache_init
call.

Fix this by adding the size of the talloc object to the used space.

Also record the initial size of the talloc object for proper adjustment
of the used space in the cache later. This is in case the size of the
talloc object is modified while being owned by the cache (e.g.
allocating talloc child objects). This should never happen, but better
be safe than ending up with a broken cache usage counter.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13865

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
9ff5c0ba by Christof Schmitt at 2019-04-06T05:12:21Z
memcache: Increase size of default memcache to 512k

With the fixed accounting of talloc objects, the default cache size
needs to increase. The exact increase required depends on the workloads,
going form 256k to 512k seems like a reasonable guess.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13865

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
b7028c42 by Christof Schmitt at 2019-04-06T06:08:42Z
torture: Add test for talloc size accounting in memcache

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13865

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Apr  6 06:08:42 UTC 2019 on sn-devel-144

- - - - -
bb1e3229 by Volker Lendecke at 2019-04-06T10:47:13Z
ctdb: Slightly simplify ctdb_ltdb_lock_fetch_requeue

Reduce indentation with an early return

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>

- - - - -
43cacaad by Volker Lendecke at 2019-04-06T11:51:55Z
ctdb: Fix a typo

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>

Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Sat Apr  6 11:51:55 UTC 2019 on sn-devel-144

- - - - -
fc2e521a by Garming Sam at 2019-04-08T02:07:22Z
libnet vampire: NULL access bug fix

NULL pointer access bug fix

Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Signed-off-by: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
e4ea408f by Garming Sam at 2019-04-08T02:07:22Z
lmdb: iterate_range implementation

Adding iterate_range to LDB API and implementing in LMDB.  This
operation takes a start_key and end_key and returns all records between
the two, inclusive of both.  This will be used to implementing indexing
for <= and >= expressions.

Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Signed-off-by: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
1b5df443 by Aaron Haslett at 2019-04-08T02:07:22Z
lmdb: iterate_range cmocka testing

Cmocka testing for LMDB iterate_range operation added in previous commit.

Signed-off-by: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>

- - - - -
9b3021b8 by Aaron Haslett at 2019-04-08T02:07:22Z
ldb: <= and >= indexed searching

Full implementation of <= and >= indexed searching using iterate_range
backend operation.  Adds index_format_fn to ldb_schema_syntax so
requires an ABI version bump.  The function must be provided for any
type for which <= and >= indexing is required, and must return a
lexicographically ordered canonicalization of a value.  This causes
index entries to be written in correct order to the database, so
iterate_range on the index DNs can be used.

ldb_kv_index_key is modified to return an index DN with attribute name
but without value if an empty value is provided.  This is needed for
constructing keys that match the beginning or end of an index DN range.

Pair-programmed-with: Garming Sam <garming at catalyst.net.nz>

Signed-off-by: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
a8945152 by Garming Sam at 2019-04-08T02:07:22Z
ldb_kv_index: Make the edge keys slightly cleaner and generic

It makes no difference in our standard case because \0 will always go
before any value for our index_format_fn, but this is better for
correctness (in case we do mess up our NUL terminations elsewhere).

Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
f7756065 by Garming Sam at 2019-04-08T02:07:22Z
ldb_kv_index: Add a giant comment in regards to index_format_fn

The reason we needed it in the first place was that the original
canonicalize is being used for non-index functions and it never produced
the right order originally (at least for integers).

Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
c9b2a372 by Aaron Haslett at 2019-04-08T02:07:23Z
ldb: activating <= and >= indexing for integers

Activating <= and >= mdb indexing in samba for int32 and int64 attributes by:
1. Adding index_format_fn to LDB_SYNTAX_SAMBA_INT32 in ldb_samba
2. Cloning the 64bit LDB_SYNTAX_INTEGER type as LDB_SYNTAX_ORDERED_INTEGER
3. Adding index_format_fn to the new type
4. Modifying LargeInteger use the new type in samba schema
5. Bumping the index version to trigger reindexing

Pair-programmed-with: Garming Sam <garming at catalyst.net.nz>

Signed-off-by: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
db584d50 by Garming Sam at 2019-04-08T02:07:23Z
schema_syntax: Add comments for our index format functions

We had to devise our own scheme for writing integers in a human readable
format which also sorted correctly numerically. This might look a bit
confusing to outsiders, so here's a large comment as a peace offering.

Pair-programmed-with: Tim Beale <timbeale at catalyst.net.nz>

Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
6062d724 by Garming Sam at 2019-04-08T02:07:23Z
ldb: Add ORDERED_INTEGER to the proto-schema handling

Adding ordered integer proto schema handling in kv index cache.  This
allows ordered 64 bit integers to be used in cached fields like
@ATTRIBUTES

Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
18438c8a by Aaron Haslett at 2019-04-08T02:07:23Z
ldb: tests for <= and >= integer indexing

Testing max, min and negative values for indexed 32 and 64 bit types.
This has to be done in two different files because the 64 bit type is
LDB_SYNTAX_INTEGER which is implemented at the ldb level, while the 32
bit is added in the ldb-samba module.  Schema syntax binding added for
ldb-samba.

We also need to make sure that full scans are not invoked for LMDB.

Pair-programmed-with: Garming Sam <garming at catalyst.net.nz>

Signed-off-by: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
2e05fd78 by Garming Sam at 2019-04-08T02:07:23Z
ldb: tests for <= and >= integer indexing with duplicates

We need to make sure that duplicates are correctly returned (uSNChanged
for instance is UNIQUE but, we should be able to index on attributes
which are not unique).

Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
9d0b0036 by Garming Sam at 2019-04-08T02:07:23Z
ldb_mdb: Add some warnings about poorly constructed callbacks

Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
15d1ecdc by Aaron Haslett at 2019-04-08T02:07:23Z
ldb: version 2.0.0

* Version bump for adding index_format_fn to the schema syntax structure.
* Range index support added, allowing <= and >= operations to be indexed
* Improved reindex performance by setting the in-memory TDB hash size correctly

Signed-off-by: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>

- - - - -
21d501bf by Andrew Bartlett at 2019-04-08T03:09:42Z
selftest: Correct name of flapping smb2.notify test

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon Apr  8 03:09:42 UTC 2019 on sn-devel-144

- - - - -
60481037 by Tim Beale at 2019-04-08T10:27:34Z
CVE-2019-3870 tests: Extend smbd tests to check for umask being overwritten

The smbd changes the umask - if the code fails to restore the umask to
what it was, then this is very bad. Add an extra check to every
smbd-related test that the umask at the end of the test is the same as
what it was at the beginning (i.e. if the smbd code changed the umask
then it correctly restored the value afterwards).

As the selftest sets the umask for all tests to zero, it makes it hard
to detect this problem, so the test setUp() needs to set it to something
else first.

This extra checking is added to the setUp()/tearDown() so that it
applies to all test-cases. However, any failure that occur with this
approach will not be able to be known-failed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
0c8ad9c9 by Tim Beale at 2019-04-08T10:27:34Z
CVE-2019-3870 tests: Add test to check file-permissions are correct after provision

This provisions a new DC and checks there are no world-writable
files in the new DC's private directory.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
d7580706 by Andrew Bartlett at 2019-04-08T10:27:34Z
CVE-2019-3870 pysmbd: Include tests to show the outside umask has no impact

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
1899e16e by Andrew Bartlett at 2019-04-08T10:27:34Z
CVE-2019-3870 pysmbd: Move umask manipuations as close as possible to users

Umask manipulation was added to pysmbd with e146fe5ef96c1522175a8e81db15d1e8879e5652 in 2012
and init_files_struct was split out in 747c3f1fb379bb68cc7479501b85741493c05812 in 2018 for
Samba 4.9. (It was added to assist the smbd.create_file() routine used in the backup and
restore tools, which needed to write files with full metadata).

This in turn avoids leaving init_files_struct() without resetting the umask to
the original, saved, value.

Per umask(2) this is required before open() and mkdir() system calls (along
side other file-like things such as those for Unix domain socks and FIFOs etc).

Therefore for safety and clarify the additional 'belt and braces' umask
manipuations elsewhere are removed.

mkdir() will be protected by a umask() bracket, for correctness, in the next patch.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
17b3d2eb by Andrew Bartlett at 2019-04-08T10:27:34Z
CVE-2019-3870 pysmbd: Ensure a zero umask is set for smbd.mkdir()

mkdir() is the other call that requires a umask of 0 in Samba.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13834

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
c79f719a by Jeremy Allison at 2019-04-08T10:27:34Z
CVE-2019-3880 s3: rpc: winreg: Remove implementations of SaveKey/RestoreKey.

The were not using VFS backend calls and could only work
locally, and were unsafe against symlink races and other
security issues.

If the incoming handle is valid, return WERR_BAD_PATHNAME.

[MS-RRP] states "The format of the file name is implementation-specific"
so ensure we don't allow this.

As reported by Michael Hanselmann.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13851

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
8ee79597 by Karolin Seeger at 2019-04-08T10:29:09Z
Merge tag 'samba-4.9.6' into v4-9-test

samba: tag release samba-4.9.6

- - - - -
d162726a by Karolin Seeger at 2019-04-08T10:29:27Z
VERSION: Bump version up to 4.9.7.

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
b1582a4d by Jeremy Allison at 2019-04-08T11:43:31Z
CVE-2019-3880 s3: rpc: winreg: Remove implementations of SaveKey/RestoreKey.

Remove the now unused code implementations of
registry file io.

As reported by Michael Hanselmann.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13851

Signed-off-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(master): Mon Apr  8 11:43:31 UTC 2019 on sn-devel-144

- - - - -
b1d1f5f5 by Andreas Schneider at 2019-04-09T09:49:51Z
docs: Update smbclient manpage for --max-protocol

We default to SMB3 now.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13857

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 63084375e3c536f22f65e7b7796d114fa8c804c9)

- - - - -
be37e77b by Andreas Schneider at 2019-04-09T09:49:51Z
s3:libads: Print more information when LDAP fails

Currently we just get an error but don't know what exactly we tried to
do in 'net ads join -d10'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 40669e3739eb5cde135c371e2c8134d3f11a16a5)

- - - - -
0acb2e42 by Andreas Schneider at 2019-04-09T09:49:52Z
s3:libsmb: Add some useful debug output to cliconnect

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 011a47f04dabe22095a30d284662d8ca50463ee8)

- - - - -
7dce8031 by Guenther Deschner at 2019-04-09T09:49:52Z
s3:libnet: Fix debug message in libnet_DomainJoin()

A newline is missing but also use DBG_INFO macro and cleanup spelling.

Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 3a33c360071bb7cada58f1f71ccd8949fda70662)

- - - - -
1a239fa0 by Guenther Deschner at 2019-04-09T09:49:52Z
auth:ntlmssp: Add back CRAP ndr debug output

This got lost somehow during refactoring. This is still viable
information when trying to figure out what is going wrong when
authenticating a user over NTLMSSP.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 9e92654899db3c951bee0203415a15737402e7b7)

- - - - -
33ec6f82 by Andreas Schneider at 2019-04-09T09:49:52Z
auth:creds: Prefer the principal over DOMAIN/username when using NTLM

If we want to authenticate using -Wadmin at otherdomain the DC should do
take care of the authentication with the right DC for us.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Pair-Programmed-With: Guenther Deschner <gd at samba.org>
Signed-off-by: Guenther Deschner <gd at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 5c7f0a6902cfdd698e5f4159d37537bb4c9c1cc3)

- - - - -
cf210317 by Andreas Schneider at 2019-04-09T09:49:52Z
s3:libnet: Use more secure name for the JOIN krb5.conf

Currently we create krb5.conf..JOIN, use krb5.conf._JOIN_ instead.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit b7f0c64514a28cfb5d2cdee683c18943b97ea753)

- - - - -
55da00ce by Andreas Schneider at 2019-04-09T09:49:52Z
s3:libads: Make sure we can lookup KDCs which are not configured

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Pair-Programmed-With: Guenther Deschner <gd at samba.org>
Signed-off-by: Guenther Deschner <gd at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit c016afc832543514ebf7ecda1fbe6b272ea533d6)

- - - - -
e933ddb7 by Guenther Deschner at 2019-04-09T09:49:52Z
s3:ldap: Leave add machine code early for pre-existing accounts

This avoids numerous LDAP constraint violation errors when we try to
re-precreate an already existing machine account.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Signed-off-by: Guenther Deschner <gd at samba.org>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
(cherry picked from commit 2044ca0e20bd3180720a82506b3af041d14b5c68)

- - - - -
4147349c by Günther Deschner at 2019-04-09T09:49:52Z
s3-libnet_join: always pass down admin domain to ads layer

Otherwise we could loose the information that a non-default domain name
has been used for admin creds.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Guenther

Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit ea29aa27cbac4253ee1701fed99a3e0811f7475d)

- - - - -
d101da49 by Günther Deschner at 2019-04-09T09:49:53Z
s3-libnet_join: setup libnet join error string when AD connect fails

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Guenther

Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 68121f46c74df9cef7a377040d01ba75cdcf5a26)

- - - - -
7f1811ee by Günther Deschner at 2019-04-09T09:49:53Z
s3-libnet_join: allow fallback to NTLMSSP auth in libnet_join

When a non-DNS and non-default admin domain is provided during the join
sometimes we might not be able to kinit with 'user at SHORTDOMAINNAME'
(e.g. when the winbind krb5 locator is not installed). In that case lets
fallback to NTLMSSP, like we do in winbind.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13861

Guenther

Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Apr  3 18:57:31 UTC 2019 on sn-devel-144

(cherry picked from commit 377d27359ccdb8f2680fda36ca388f44456590e5)

- - - - -
d78118d0 by Douglas Bagnall at 2019-04-09T13:52:03Z
py/provision: fix for Python 2.6

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13882
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Tue Apr  9 13:52:03 UTC 2019 on sn-devel-144

- - - - -
c0b2272a by Volker Lendecke at 2019-04-09T18:29:13Z
lib: Initialize getline() arguments

Keep "len" valid across the loop iterations for getline to consume

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13892

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>

- - - - -
bcb27521 by Volker Lendecke at 2019-04-09T18:29:14Z
lib: Initialize variables in parse_resolvconf_fp

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>

- - - - -
cc4513dd by Volker Lendecke at 2019-04-09T18:29:14Z
smbd: Factor out map_lease_type_to_oplock

grant_fsp_oplock_type has enough complex logic, make this a bit shorter

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
ee53763a by Volker Lendecke at 2019-04-09T18:29:14Z
leases_db: Make leases_db_rename atomic

Do the rename under one lock to protect against potential races while
we don't hold it.

Factor out the NDR marshalling into leases_db_do_locked(), leaving the
rename function pretty simple.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
885d433b by Volker Lendecke at 2019-04-09T18:29:14Z
leases_db: Make leases_db_add use leases_db_do_locked

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
bfbe24d8 by Volker Lendecke at 2019-04-09T19:31:09Z
leases_db: Make leases_db_del use leases_db_do_locked

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Apr  9 19:31:09 UTC 2019 on sn-devel-144

- - - - -
5c1009b3 by Swen Schillig at 2019-04-09T23:14:19Z
ctdb-test: Modify ctdb_io_test test_setup to provide queue reference

Some test scenarios require access to the created queue.
Prepare the test_setup function to provide it as additional parameter.

Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
1f193174 by Swen Schillig at 2019-04-09T23:14:19Z
ctdb-test: Adding test case verifying data in buffer move

Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
9ee32f3a by Swen Schillig at 2019-04-10T00:17:37Z
ctdb-test: Adding test case to verify queue resizeing

If a data packet arrives which exceeds the queue's current buffer size,
the buffer needs to be increased to hold the full packet. Once the packet
is processed the buffer size should be decreased to its standard size again.
This test case verifies this process.

Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Christof Schmitt <cs at samba.org>

Autobuild-User(master): Christof Schmitt <cs at samba.org>
Autobuild-Date(master): Wed Apr 10 00:17:37 UTC 2019 on sn-devel-144

- - - - -
56f933fa by Christof Schmitt at 2019-04-10T01:17:28Z
vfs_full_audit: Fix logging of get_real_filename output

result == 0 indicated success. In that case log the available
found_name.

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Apr 10 01:17:28 UTC 2019 on sn-devel-144

- - - - -
49b77d8d by Andrew Bartlett at 2019-04-10T06:23:39Z
ldb_kv: Skip @ records early in a search full scan

@ records like @IDXLIST are only available via a base search on the specific name
but the method by which they were excluded was expensive, after the unpack the
DN is exploded and ldb_match_msg_error() would reject it for failing to match the
scope.

This uses the fact that @ records have the DN=@ prefix on their TDB/LMDB key
to quickly exclude them from consideration.

Based on analysis by Garming Sam.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13893

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Apr 10 06:23:39 UTC 2019 on sn-devel-144

- - - - -
140a6733 by Stefan Metzmacher at 2019-04-11T04:17:09Z
drsuapi.idl: add DRSUAPI_ATTID_schemaInfo

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13799

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>

- - - - -
e34abefb by Aaron Haslett at 2019-04-11T04:17:09Z
samdb: test for schemainfo update with relax control

Currently schema info's revision field isn't incremented if relax
control is present.  This is so that no increment is done during
provision, but we need the relax control in other situations where the
increment is desired.  This patch adds a failing test to expose the
problem.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13799

Signed-off-by: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>

- - - - -
b5b572d5 by Stefan Metzmacher at 2019-04-11T04:17:10Z
ldapcmp: ignore 'schemaInfo' if two domains are compared

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13799

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>

- - - - -
5ea84af2 by Stefan Metzmacher at 2019-04-11T04:17:10Z
s4:provision: split out provision_self_join_modify_schema.ldif

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13799

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>

- - - - -
7652439f by Stefan Metzmacher at 2019-04-11T04:17:10Z
python/provision: use provision and relax controls for schema provision

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13799

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>

- - - - -
b7c17527 by Aaron Haslett at 2019-04-11T04:17:10Z
dsdb:samdb: schemainfo update with relax control

Currently schema info's revision field isn't incremented if relax
control is present.  This is so that no increment is done during
provision, but we need the relax control in other situations where
the increment is desired, so we should use the provision control instead
to disable schema info update.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13799

Signed-off-by: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>

- - - - -
661dc457 by Stefan Metzmacher at 2019-04-11T04:17:10Z
dsdb/repl: we need to replicate the whole schema before we can apply it

Otherwise we may not be able to construct a working schema that's
required to apply the changes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12204

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>

- - - - -
4336c058 by Tim Beale at 2019-04-11T04:17:10Z
selftest: Add new 2-DC testenv for live schema upgrade

This adds a new 2-DC testenv that:
1. Provisions an AD DC with 2008R2 schema
2. Joins another AD DC with 2008R2 schema
3. Starts Samba
4. Performs a live schema upgrade on the PDC
Testenv targetting in tests.py files for this testenv required that we
extend the environment dependencies system to include optional post-startup
dependencies specified in ENV_DEPS_POST maps.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Signed-off-by: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>

- - - - -
350fc49e by Aaron Haslett at 2019-04-11T04:17:11Z
selftest: tagging tests for new schemaupgrade_dc target

Tagging schema tests against schemaupgrade_dc test target and fixing
some DN assertions to be more generic.

Signed-off-by: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>

- - - - -
5d8895f3 by Aaron Haslett at 2019-04-11T04:17:11Z
repl: test for schema object and LA repl across chunks

During replication, transmission of objects and linked attributes are
split into chunks.  These two tests check behavioural consistency across
chunks for regular schema objects and linked attributes.

Signed-off-by: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>

- - - - -
59ee3c86 by Aaron Haslett at 2019-04-11T04:17:11Z
selftest: split schemaupgrade testenv out

Schemaupgrade tests are particularly resource intensive and are causing
runners to hit their memory and CPU limits, so we need to split them
out.

Signed-off-by: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>

- - - - -
65303bf5 by Garming Sam at 2019-04-11T04:17:11Z
ldb_kv: Remove unnecessary space

Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
d6b1d556 by Garming Sam at 2019-04-11T04:17:11Z
ldb_mdb: Change function declaration as per README.coding

Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
a76d2865 by Garming Sam at 2019-04-11T04:17:11Z
ldb_kv: Avoid memdup of database records in the case of base searches

This makes LDAP bind significantly faster in the case of having many
members, due to large size of these records (with tens of thousands of
member links). During the nested group calculation, you are only
interested in memberOf not the member links.

(We add a bit-field to determine whether or not the backend actually
supports pointing into database memory. For some reason TDB pointers
aren't stable, so for now we set this option just on LMDB backends.)

Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
74091115 by Garming Sam at 2019-04-11T05:25:02Z
tests/ldb_kv: Add another case for completeness

Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Apr 11 05:25:02 UTC 2019 on sn-devel-144

- - - - -
da80b6d2 by Swen Schillig at 2019-04-11T22:29:25Z
lib: modify string conversion wrapper to handle invalid strings

The standard string conversion routines convert a "non-number string"
to zero and do not flag an error.
This is changed now by returning EINVAL if no conversion occured.

Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
7adaebe5 by Swen Schillig at 2019-04-11T22:29:26Z
lib: Update error check for new string conversion wrapper

The new string conversion wrappers detect and flag errors
which occured during the string to integer conversion.
Those modifications required an update of the callees
error checks.

Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
8ca4b1f6 by Swen Schillig at 2019-04-11T22:29:26Z
utils: Update error check for new string conversion wrapper

The new string conversion wrappers detect and flag errors
which occured during the string to integer conversion.
Those modifications required an update of the callees
error checks.

Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
1bdec2ce by Swen Schillig at 2019-04-11T22:29:26Z
modules: Update error check for new string conversion wrapper

The new string conversion wrappers detect and flag errors
which occured during the string to integer conversion.
Those modifications required an update of the callees
error checks.

Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
c0c1004c by Swen Schillig at 2019-04-11T22:29:26Z
ctdb-protocol: Update error check for new string conversion wrapper

The new string conversion wrappers detect and flag errors
which occured during the string to integer conversion.
Those modifications required an update of the callees
error checks.

Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
6c1068ac by Swen Schillig at 2019-04-11T22:29:27Z
ctdb-tools: Update error check for new string conversion wrapper

The new string conversion wrappers detect and flag errors
which occured during the string to integer conversion.
Those modifications required an update of the callees
error checks.

Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
6461a992 by Swen Schillig at 2019-04-11T22:29:27Z
common-lib: Update error check for new string conversion wrapper

The new string conversion wrappers detect and flag errors
which occured during the string to integer conversion.
Those modifications required an update of the callees
error checks.

Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
beb3012e by Swen Schillig at 2019-04-11T22:29:27Z
libcli: Update error check for new string conversion wrapper

The new string conversion wrappers detect and flag errors
which occured during the string to integer conversion.
Those modifications required an update of the callees
error checks.

Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
5ff48f64 by Swen Schillig at 2019-04-11T22:29:27Z
source4: Update error check for new string conversion wrapper

The new string conversion wrappers detect and flag errors
which occured during the string to integer conversion.
Those modifications required an update of the callees
error checks.

Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
2029fe72 by Swen Schillig at 2019-04-11T23:34:51Z
lib: remove duplicate check

This check was supposed to be removed by c9f4b92a613.

Signed-off-by: Swen Schillig <swen at linux.ibm.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

Autobuild-User(master): Christof Schmitt <cs at samba.org>
Autobuild-Date(master): Thu Apr 11 23:34:51 UTC 2019 on sn-devel-144

- - - - -
d970e843 by Volker Lendecke at 2019-04-11T23:35:15Z
build: Move smbstatus definition to source3/utils/wscript_build

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
e8ce1c64 by Volker Lendecke at 2019-04-11T23:35:15Z
smbd: Remove some unused includes

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
fccd9c8c by Volker Lendecke at 2019-04-12T00:37:05Z
utils: Move conn_tdb.c to utils/

That's a wrapper that only smbstatus and net status use by now.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Apr 12 00:37:05 UTC 2019 on sn-devel-144

- - - - -
075a078d by Andrew Bartlett at 2019-04-12T04:38:14Z
ldb: Avoid calling talloc_get_type() in ldb_kv_parse_data_unpack()

We have the ldb_kv in the caller, just fill it into the context and
so avoid the cost of the talloc_get_type().

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>

- - - - -
10dd1501 by Michael Hanselmann at 2019-04-12T04:38:14Z
ndrdump: Remove local variables for pipes

There's no need for the local variables as the NDR call structure
pointer is kept around anyway.

Signed-off-by: Michael Hanselmann <public at hansmi.ch>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
c9e6331a by Andrew Bartlett at 2019-04-12T04:38:14Z
ndrdump: change behaviour of flags to operate as flags

These are called flags because that is what they become to the ndr_pull function,
but to avoid total confusion treat them as flags generally even if the values are
always exclusive (at the moment).

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
bfd762b5 by Garming Sam at 2019-04-12T05:41:36Z
selftest: rename schemaupgrade_dc (+pair) to schema_dc

This is needed because the name of the autobuild job and
the name of the selftest env end up in the socket path
for ncalrpc sockets.

The challenge is that (for example)
/memdisk/autobuild/fl/b2424063/samba-schemaupgrade/bin/ab/schemaupgrade_pair_dc/ncalrpc/np/protected_storage
does not fit in a struct sockaddr_un.

Signed-off-by: Garming Sam <garming at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Apr 12 05:41:36 UTC 2019 on sn-devel-144

- - - - -
10291d91 by Martin Schwenke at 2019-04-12T07:11:30Z
Revert "ctdb-scripts: Do not "correct" number of nfsd threads when it is 0"

I thought this was being triggered during automated testing.
However, it appears that a poor choice of fixed ports for NFS RPC
services was the real problem.  Revert, since the original behaviour
may be useful.

This reverts commit f1a1c300e192d43f5c9faf9450ffbf16341a2661.

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>

- - - - -
38dc6d11 by Martin Schwenke at 2019-04-12T07:11:30Z
ctdb-daemon: Revert "We can not assume that just because we could complete a TCP handshake"

We also can not assume that nodes can be marked as connected via only
the keepalive mechanism.  Keepalives are not sent to disconnected
nodes so, in the absence of other packets (e.g. broadcasts), 2 nodes
may never become marked as connected to each other.

Revert to marking nodes as connected in the TCP transport code.  If a
connection is to a non(-operational) ctdbd then it will revert to
disconnected after a short while and may actually flap.  This should
be rare.

This reverts commit 66919db3d7ab1e091223faf515b183af8bfddc83.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13888

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>

- - - - -
d415458f by Martin Schwenke at 2019-04-12T07:57:10Z
ctdb-scripts: Reindent some functions prior to making changes

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>
(cherry picked from commit d7e187c1a7046196ec96637bdc14cc6b042eafcc)

- - - - -
11758628 by Martin Schwenke at 2019-04-12T07:57:10Z
ctdb-scripts: Rename variable nfslock_service to nfs_lock_service

There will be more of these variable for other services so, for
readability, it makes sense for them to start with "nfs_".

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>
(cherry picked from commit 9981353ab79dce81b698c535977be4a681119d1e)

- - - - -
022b9a6c by Martin Schwenke at 2019-04-12T07:57:10Z
ctdb-scripts: Add test variable CTDB_NFS_DISTRO_STYLE

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>
(cherry picked from commit e72c3c800a50fe746164e319e21180c44d041619)

- - - - -
f0082767 by Martin Schwenke at 2019-04-12T07:57:10Z
ctdb-scripts: Factor out nfs_load_config()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>
(cherry picked from commit 8de0a339b550e7363d265af04ad69f2179af75c6)

- - - - -
5a97b7f0 by Martin Schwenke at 2019-04-12T07:57:11Z
ctdb-scripts: Stop/start mount/rquotad/status via NFS call-out

When an NFS check restarts a failed service by hand then systemd will
be unable to stop or start this service again because (at least) the
PID file will be wrong.  Do this via the NFS Linux kernel call-out
instead.  Allow the call-out to use the services instead of doing
manual restarts.  Add variables for mount, status and rquotad services
to support this.

Adding systemd NFS services to the call-out will follow.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>
(cherry picked from commit 42103b568698d8087d27f0848b402ccb7cfac86b)

- - - - -
7932032d by Martin Schwenke at 2019-04-12T07:57:11Z
ctdb-scripts: Start NFS quota service if defined

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>
(cherry picked from commit 708c04071af8d6ddc3bf2bddbde4d5847f440c0e)

- - - - -
aee71ea6 by Martin Schwenke at 2019-04-12T07:57:11Z
ctdb-scripts: Add systemd services to NFS call-out

At least Red Hat and Debian appear to use (a variant of?) the upstream
systemd units for NFS, so adding support for these services is
relatively easy.  Distributions using Sys-V init can patch the
call-out to use the relevant Sys-V init services.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>
(cherry picked from commit a8fafd377ff0cb07ab161e437c5fe024704345eb)

- - - - -
14069988 by Martin Schwenke at 2019-04-12T07:57:11Z
ctdb-tests: Update NFS test infrastructure to support systemd services

The tests are written around the default of sysvinit-redhat.  Add
support for systemd-redhat.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>
(cherry picked from commit 2833ddcfcb780497264e0f412a9ad6e26a9bc657)

- - - - -
dae0e8ec by Martin Schwenke at 2019-04-12T07:57:11Z
ctdb-scripts: Allow load_system_config() to take multiple alternatives

The situation for NFS config has got more complicated and is probably
broken in statd-callout on Debian-like systems at the moment.  Allow
several alternative configuration names to be tried.  Stop after the
first that is found and loaded.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>
(cherry picked from commit 0d67ea5fcca766734ecc73ad6b0139f7c13a15c5)

- - - - -
49fa0881 by Martin Schwenke at 2019-04-12T07:57:11Z
ctdb-scripts: Update statd-callout to try several configuration files

The alternative seems to be to try something via CTDB_NFS_CALLOUT.
That would be complicated and seems like overkill for something this
simple.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13860

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at samba.org>
(cherry picked from commit a2bd4085896804ee2da811e17f18c78a5bf4e658)

- - - - -
116c874f by Christof Schmitt at 2019-04-12T07:57:11Z
memcache: Introduce struct for storing talloc pointer

This allows extending the additional data stored for talloced objects
later.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13865

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 7c44f2f76eefb9156cb1d170c92b4ff07dd6a3d5)

- - - - -
a54038bf by Christof Schmitt at 2019-04-12T07:57:11Z
memcache: Properly track the size of talloc objects

With memcache_add_talloc, the talloc object becomes part of the pool and
the memcache_element stores a pointer to the talloc object. The
size of the the talloc object was not used when tracking the used space,
allowing the cache to grow larger than defined in the memcache_init
call.

Fix this by adding the size of the talloc object to the used space.

Also record the initial size of the talloc object for proper adjustment
of the used space in the cache later. This is in case the size of the
talloc object is modified while being owned by the cache (e.g.
allocating talloc child objects). This should never happen, but better
be safe than ending up with a broken cache usage counter.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13865

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit a04ca6f3438595ba7e1a110877f53d1cac0f0402)

- - - - -
e09262b7 by Christof Schmitt at 2019-04-12T07:57:11Z
memcache: Increase size of default memcache to 512k

With the fixed accounting of talloc objects, the default cache size
needs to increase. The exact increase required depends on the workloads,
going form 256k to 512k seems like a reasonable guess.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13865

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 9ff5c0bab76c5d3d7bea1fcb79861d0c9a3b9839)

- - - - -
28920127 by Amitay Isaacs at 2019-04-12T08:19:29Z
ctdb-common: Avoid race between fd and signal events

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13895

In run_proc, there was an implicit assumption that when a process exits,
fd event (pipe between parent and child) would be processed first and
signal event (SIGCHLD for the child) would be processed later.

However, that is not the case.  SIGCHLD can be received asynchronously
any time even when the pipe data has not fully been read.  This causes
run_proc to miss some of the output from child process in tests.

When SIGCHLD is being processed, if the pipe between parent and child is
still open, then do an explict read from the pipe to ensure we read any
data still in the pipe before closing the pipe.

Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>

Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Fri Apr 12 08:19:29 UTC 2019 on sn-devel-144

- - - - -
e974e440 by Christof Schmitt at 2019-04-12T11:29:26Z
torture: Add test for talloc size accounting in memcache

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13865

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Sat Apr  6 06:08:42 UTC 2019 on sn-devel-144

(cherry picked from commit b7028c42462c34cf86cb949bfdb16ebc7ed0a6c6)

Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Fri Apr 12 11:29:26 UTC 2019 on sn-devel-144

- - - - -
2b5dbb35 by David Disseldorp at 2019-04-12T18:38:20Z
build: add explicit cephfs include path for vfs_ceph builds

Needed if building with a custom --with-libcephfs path.

Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
4982e282 by David Disseldorp at 2019-04-12T18:38:20Z
vfs_ceph: explicitly enable libcephfs POSIX ACL support

libcephfs disables ACL support by default and returns -EOPNOTSUPP in the
POSIX ACL get/setxattr paths as a result. Enable support by setting the
following Ceph config parameters during mount:
        client acl type = posix_acl
        fuse default permissions = false

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13896

Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
58314d71 by David Disseldorp at 2019-04-12T19:40:25Z
docs/vfs_ceph: describe new ACL behaviour

vfs_ceph now explicitly enables libcephfs POSIX ACL support.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13896

Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Apr 12 19:40:25 UTC 2019 on sn-devel-144

- - - - -
24bc99e6 by Stefan Metzmacher at 2019-04-12T19:41:25Z
.gitlab-ci.yml: remove before_script section of .private_template

It's already inherited from .shared_template.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

- - - - -
a6428d5f by Stefan Metzmacher at 2019-04-12T19:41:25Z
.gitlab-ci.yml: print out /etc/os-release

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

- - - - -
664cd722 by Stefan Metzmacher at 2019-04-12T19:41:25Z
.gitlab-ci.yml: print out /proc/swaps

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

- - - - -
98521ce5 by Stefan Metzmacher at 2019-04-12T20:42:27Z
.gitlab-ci.yml: show the system state also as after_script

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Fri Apr 12 20:42:27 UTC 2019 on sn-devel-144

- - - - -
b3d0c7e3 by Volker Lendecke at 2019-04-14T04:01:30Z
smbd: Small optimization for break_to_none

We don't need to memzero the struct when we can struct-initialize it a
bit later, implicitly initializing the rest to zero.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
6e485441 by Volker Lendecke at 2019-04-14T04:01:30Z
smbd: Introduce a helper variable in delay_for_oplock()

Why? I am preparing a patchset that will remove
"share_mode_lease". This patch is a micro-step towards that, removing
a set of references to this struct.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
3eed19de by Volker Lendecke at 2019-04-14T04:01:30Z
smbd: Introduce a helper variable in delay_for_oplock()

This removes a few explicit share_mode_lease dereferences

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
a69db298 by Volker Lendecke at 2019-04-14T04:01:30Z
smbd: Pass lease parameters explicitly to find_fsp_lease

This avoids a use of "struct share_mode_lease"

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
f46023ed by Volker Lendecke at 2019-04-14T04:01:30Z
leases_db: Add share_mode_lease info to leases.tdb

This is the data stored in share_mode_lease inside the leases[] array in
locking.tdb. This and all the following patches move all leases array to
looking at the leases.tdb.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
5f850a80 by Volker Lendecke at 2019-04-14T04:01:30Z
leases_db: Add getter/setter for share_mode_lease metadata

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
6cd59da1 by Volker Lendecke at 2019-04-14T04:01:30Z
smbd: Use leases_db_set()

Whenever we update the share_mode_lease struct, also update the leases.tdb
entry.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
10a60df1 by Volker Lendecke at 2019-04-14T04:01:30Z
smbd: Add lease key to share_mode_entry

Instead of indexing into the leases[] array, put the lease_db reference into
the share_mode_entry. For simplicity, put in the client guid as well. We
*might* be able to retrieve that from somewhere else, but as other smbd
processes have to look at the lease values, put in the full leases_db index
data.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
70fd809d by Volker Lendecke at 2019-04-14T04:01:31Z
smbd: Use share_mode_entry's lease data in delay_for_oplock()

This was the last "share_mode_lease" reference in this function, remove
variable "l".

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
f33cb162 by Volker Lendecke at 2019-04-14T04:01:31Z
smbd: Use share_mode_entry's lease data in delay_rename_for_lease_break()

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
909147e8 by Volker Lendecke at 2019-04-14T04:01:31Z
smbd: Use share_mode_entry's lease data in is_same_lease()

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
1ae77361 by Volker Lendecke at 2019-04-14T04:01:31Z
smbd: Use share_mode_entry's lease data in remove_share_mode_lease()

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
9ca5b611 by Volker Lendecke at 2019-04-14T04:01:31Z
smbd: Use share_mode_entry's lease data in remove_share_mode_lease()

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
b9b35947 by Volker Lendecke at 2019-04-14T04:01:31Z
smbd: Use share_mode_entry's lease data in vfs_default_durable_reconnect()

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
c2ca8217 by Volker Lendecke at 2019-04-14T04:01:31Z
smbd: Use share_mode_entry's lease data in lease_match()

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
b2214873 by Volker Lendecke at 2019-04-14T04:01:31Z
smbd: Use leases_db in delay_for_oplock()

Remove a reference to share_mode_data->leases[]

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
b4b941f2 by Volker Lendecke at 2019-04-14T04:01:31Z
smbd: Use leases_db in get_lease_type()

Remove a reference to share_mode_data->leases[]

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
1269bfe4 by Volker Lendecke at 2019-04-14T04:01:31Z
smbd: Use leases_db in fsp_lease_update()

Remove a reference to "struct share_mode_lease"

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
c54d27b1 by Volker Lendecke at 2019-04-14T04:01:31Z
utils: Use leases_db in smbstatus

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
552faa91 by Volker Lendecke at 2019-04-14T04:01:32Z
smbd: Don't pass lease_idx down to set_share_mode()

Temporary patch to keep the code running. The new code in set_share_mode() will
leave again once the patchset to remove share_mode_lease and thus the lease_idx
in share_mode_entry goes away.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
2ea2605e by Volker Lendecke at 2019-04-14T04:01:32Z
smbd: Don't pass up lease_idx from grant_fsp_lease

The only reason for grant_fsp_lease to return the lease_idx was to pass it down
to set_share_mode. That does not need it anymore.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
fa2cea30 by Volker Lendecke at 2019-04-14T04:01:32Z
smbd: Add update_share_mode_lease_from_db()

This is an interim function supposed to be around for just a few patches as
long as we have both the leases.tdb entries and the leases[] in
share_mode_entries around. It makes it easier to transition to just use
leases.tdb while keeping the code running.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
7cc9b426 by Volker Lendecke at 2019-04-14T04:01:32Z
smbd: Split up grant_fsp_lease()

Simple refactoring into simpler routines. View best with "git show -b"

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
7fc76c47 by Volker Lendecke at 2019-04-14T04:01:32Z
smbd: Use leases_db in try_lease_upgrade()

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
274f5d95 by Volker Lendecke at 2019-04-14T04:01:32Z
smbd: Use leases_db in downgrade_lease()

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
8ff60fcc by Volker Lendecke at 2019-04-14T04:01:32Z
smbd: Use leases_db in vfs_default_durable_reconnect()

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
29ce005f by Volker Lendecke at 2019-04-14T04:01:32Z
smbd: Use leases_db in process_oplock_break_message()

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
b656ebf5 by Volker Lendecke at 2019-04-14T04:01:32Z
smbd: Make find_share_mode_lease() static

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
fbe6b3e9 by Volker Lendecke at 2019-04-14T04:01:32Z
smbd: Use leases_db in lease_match()

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
302bdd7f by Volker Lendecke at 2019-04-14T04:01:32Z
smbd: Add share_mode_forall_leases()

Function to walk all leases for a file exactly once. This used to be simpler
with the leases[] array, thus this function that encapsulates the complexity.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
c12641e8 by Volker Lendecke at 2019-04-14T04:01:33Z
smbd: Use share_mode_forall_leases in rename_share_filename()

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
310c85e7 by Volker Lendecke at 2019-04-14T04:01:33Z
smbd: Use share_mode_forall_leases in do_break_to_none()

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
ad413ce9 by Volker Lendecke at 2019-04-14T04:01:33Z
smbd: Use share_mode_forall_leases in share_mode_cleanup_disconnected()

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
a187b7ef by Volker Lendecke at 2019-04-14T05:18:14Z
smbd: Remove share_mode_lease and the leases array from share_mode_entry

This also removes the temporary functions introduced during the patchset.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

Autobuild-User(master): Christof Schmitt <cs at samba.org>
Autobuild-Date(master): Sun Apr 14 05:18:14 UTC 2019 on sn-devel-144

- - - - -
d9c47cb8 by Martin Schwenke at 2019-04-15T08:28:11Z
ctdb-daemon: Revert "We can not assume that just because we could complete a TCP handshake"

We also can not assume that nodes can be marked as connected via only
the keepalive mechanism.  Keepalives are not sent to disconnected
nodes so, in the absence of other packets (e.g. broadcasts), 2 nodes
may never become marked as connected to each other.

Revert to marking nodes as connected in the TCP transport code.  If a
connection is to a non(-operational) ctdbd then it will revert to
disconnected after a short while and may actually flap.  This should
be rare.

This reverts commit 66919db3d7ab1e091223faf515b183af8bfddc83.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13888

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>
(cherry picked from commit 38dc6d11a26c2e9a2cae7927321f2216ceb1c5ec)

- - - - -
945a41d3 by Amitay Isaacs at 2019-04-15T12:55:46Z
ctdb-common: Avoid race between fd and signal events

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13895

In run_proc, there was an implicit assumption that when a process exits,
fd event (pipe between parent and child) would be processed first and
signal event (SIGCHLD for the child) would be processed later.

However, that is not the case.  SIGCHLD can be received asynchronously
any time even when the pipe data has not fully been read.  This causes
run_proc to miss some of the output from child process in tests.

When SIGCHLD is being processed, if the pipe between parent and child is
still open, then do an explict read from the pipe to ensure we read any
data still in the pipe before closing the pipe.

Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>

Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Fri Apr 12 08:19:29 UTC 2019 on sn-devel-144

(cherry picked from commit 289201277cd983b27cdfd5376c607eab112b4082)

Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Mon Apr 15 12:55:46 UTC 2019 on sn-devel-144

- - - - -
e3c894fb by Günther Deschner at 2019-04-16T15:14:50Z
lib/replace: define NAME_MAX for platforms that don't have it

This allows the vfs_glusterfs_fuse build to complete on AIX.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13872

Guenther

Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Tue Apr 16 15:14:50 UTC 2019 on sn-devel-144

- - - - -
67b16058 by Stefan Metzmacher at 2019-04-16T16:15:24Z
.gitlab-ci.yml: run samba-schemaupgrade on the private runner

The related jobs often fail with timeouts
because the shared runners (4GB RAM + 2GB SWAP)
will use ~450MB of the swapfile.

The private runners use 8GB RAM without any swap.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

- - - - -
b369faba by Stefan Metzmacher at 2019-04-16T16:15:24Z
.gitlab-ci.yml: remove outdated comments

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

- - - - -
45fee29d by Stefan Metzmacher at 2019-04-16T17:45:35Z
.gitlab-ci.yml: require samba-ci-private tag for our private runners

This makes it more clear that we need our own private runners.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Tue Apr 16 17:45:35 UTC 2019 on sn-devel-144

- - - - -
9c33b193 by Joe Guo at 2019-04-18T12:09:32Z
bootstrap/config.py: mv locale setup from bootstrap.sh

In future, samba developers could run `bootstrap.sh` to update
dependencies on their workstation, this is very useful when new people
get on board or new dependencies introduced.

But currenly it will override locale, which is not expected for this case.

Remove locale setup cmds from bootstrap.sh, add a separate script for this.

Although this script is written in a generic way and has no variable so far,
still follow the same routine as `bootstrap.sh` to keep consistent.

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
50fde627 by Joe Guo at 2019-04-18T12:09:32Z
bootstrap/config.py: change UTF-8 to utf8 for locale name in Dockerfile ENV

While generating locales, glibc/localedef/locale-gen will normalize
`UTF-8` to `utf8`, use same name style to avoid string mismatch issues.

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
3e9af703 by Joe Guo at 2019-04-18T12:09:32Z
bootstrap/config.py: adjust package list to align current ci image

Adjust packages to make `dpkg -l` output align current ci image.
The ones not required are ignored, add a few missing python3 ones.

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
dd1d04e8 by Joe Guo at 2019-04-18T12:09:32Z
bootstrap/config.py: add missing dev packages

Add a few extra dev packages missing in current ci image but should be included.

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
932756e2 by Joe Guo at 2019-04-18T12:09:32Z
bootstrap/config.py: rm ENV for ccache since we didn't use it any more

When ccache is not installed, this will cause failure.

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
077f8eaf by Joe Guo at 2019-04-18T12:09:33Z
bootstrap/config.py: add ARG in Dockerfile to allow add sha1sum into docker image

Add ARG SHA1SUM, then we can pass it to docker build with --build-arg

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
47c826ed by Joe Guo at 2019-04-18T12:09:33Z
bootstrap/config.py: link ld to ld.gold when available

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
154a7b7d by Stefan Metzmacher at 2019-04-18T12:09:33Z
bootstrap/config.py: add patch, rsync and tar

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
1ca1cc2b by Ralph Boehme at 2019-04-18T12:09:33Z
bootstrap/config.py: add glib2-dev

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
6009e47d by Ralph Boehme at 2019-04-18T12:09:33Z
bootstrap/config.py: add libicu-dev/libicu-devel

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
f749f17f by Samuel Cabrero at 2019-04-18T12:09:33Z
bootstrap/config.py: Add gzip, which and hostname to base packages

The openSUSE Leap 15.0 container does not include gzip and which

Signed-off-by: Samuel Cabrero <scabrero at suse.de>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
aa29211b by Samuel Cabrero at 2019-04-18T12:09:33Z
bootstrap/config.py: Use generic lsb-release package name

Signed-off-by: Samuel Cabrero <scabrero at suse.de>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
3b431486 by Samuel Cabrero at 2019-04-18T12:09:33Z
bootstrap/config.py: Fix lmdb-utils package name for RPM family

Signed-off-by: Samuel Cabrero <scabrero at suse.de>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
27b61082 by Samuel Cabrero at 2019-04-18T12:09:33Z
bootstrap/config.py: Create the 'samba' group in containers

Signed-off-by: Samuel Cabrero <scabrero at suse.de>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
31f5b751 by Samuel Cabrero at 2019-04-18T12:09:33Z
bootstrap/config.py: Add openSUSE Leap 15.0

Signed-off-by: Samuel Cabrero <scabrero at suse.de>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
0b2bbeb5 by Stefan Metzmacher at 2019-04-18T12:09:33Z
bootstrap/config.py: add a hind how to rebuild generated files

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
033eca2d by Stefan Metzmacher at 2019-04-18T12:09:33Z
bootstrap/config.py: generate rendered files into bootstrap/generated-dists/

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
c15bbb0e by Joe Guo at 2019-04-18T12:09:33Z
bootstrap/template.py: render locale.sh for each dist and make shell scripts executable

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
da0567e0 by Stefan Metzmacher at 2019-04-18T12:09:34Z
bootstrap/template.py: generate Vagrantfile just once

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
37676409 by Joe Guo at 2019-04-18T12:09:34Z
bootstrap/template.py: add sha1sum support

1. calc sha1sum for files under bootstrap/ (except README.md
   and *.pyc files) after render and write to bootstrap/sha1sum.txt file.
2. add a new option to print sha1sum, so we can use it to compare in ci

Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
f1b1bba5 by Stefan Metzmacher at 2019-04-18T12:09:34Z
bootstrap: remove unused docker.py

We'll generate docker images during a gitlab-ci run.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
2300a38d by Joe Guo at 2019-04-18T12:09:34Z
bootstrap/.gitlab-ci.yml: add ci file to trigger image auto build

Depending on 'SAMBA_CI_REBUILD_IMAGES=yes' (and
'SAMBA_CI_REBUILD_BROKEN_IMAGES=yes') as environment
variables on a custom gitlab ci pipeline we'll generate und upload
container images.

bootstrap/README.md will get more details in the next commits.

Please note ci in this file did NOT add the `latest` tag,
since we want main ci to always use a fixed image based on the sha1sum of
everything under bootstrap/ from now on.
This also implies the new built image will not replace/break anything.

Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
c36c1022 by Stefan Metzmacher at 2019-04-18T12:09:34Z
bootstrap: add the result of bootstrap/template.py --render

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
09cd5178 by Stefan Metzmacher at 2019-04-18T12:09:34Z
bootstrap/READMD.md: update the instructions to reflect the current code

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
82e0986b by Joe Guo at 2019-04-18T12:09:34Z
.gitlab-ci.yml: make use of bootstrap/.gitlab-ci.yml and use the new defined image

See bootstrap/README.md for the instructions to create and upload the
images via a custom gitlab ci pipeline.

The key is that it's always possible to regenerate the image if
it's not present in the container registry, where we are free to
delete old images. But it should be possible to rebuild images
if someone has the need to run a pipeline based on an old
branch.

Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
ad2c23ee by Stefan Metzmacher at 2019-04-18T12:09:34Z
.gitlab-ci.yml: split AUTOBUILD_JOB_NAME from CI_JOB_NAME

This will make it easier extend the templates later.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
84f6fdce by Stefan Metzmacher at 2019-04-18T13:10:49Z
.gitlab-ci.yml: run the samba-o3 job on each working container image

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Thu Apr 18 13:10:49 UTC 2019 on sn-devel-144

- - - - -
d006c769 by Christof Schmitt at 2019-04-18T17:21:17Z
nsswitch: Add testcase for checking output of wbinfo --sid-to-name

The username should always be returned in the DOMAISHORTNAME/USERNAME
format.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

- - - - -
60b0e912 by Christof Schmitt at 2019-04-18T17:21:17Z
winbind: Query domain from msrpc name_to_sid

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

- - - - -
562551c0 by Christof Schmitt at 2019-04-18T17:21:17Z
winbind: Query domain from winbind rpc name_to_sid

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

- - - - -
32e3f066 by Christof Schmitt at 2019-04-18T17:21:18Z
winbind: Query domain from winbind sam_name_to_sid

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

- - - - -
640e0ef4 by Christof Schmitt at 2019-04-18T17:21:18Z
winbind: Return queried domain name from name_to_sid

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

- - - - -
aec9bda2 by Christof Schmitt at 2019-04-18T17:21:18Z
winbind: Use domain name from lsa query for sid_to_name cache entry

When winbindd is asked to map a name like realm.com\name to a SID ,that
is sucessfully resolved through the lsa lookup name call. The same call
also returns the short domain name (netbios name of the domain). Use
that short domain name for the sid_to_name cache entry, so that
subsequent sid_to_name queries return the expected netbiosname\name
result and not realm.com\name.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

- - - - -
f7082723 by Christof Schmitt at 2019-04-18T18:20:26Z
nsswitch: Fix usage information of test_wbinfo_name_lookup.sh

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>

Autobuild-User(master): Christof Schmitt <cs at samba.org>
Autobuild-Date(master): Thu Apr 18 18:20:26 UTC 2019 on sn-devel-144

- - - - -
b9e1b4ad by Ralph Wuerthner at 2019-04-18T20:38:23Z
s3:debug: use struct initializer

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13904

Signed-off-by: Ralph Wuerthner <ralph.wuerthner at de.ibm.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
a4567587 by Ralph Wuerthner at 2019-04-18T20:38:24Z
s3:debug: adjust indention

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13904

Signed-off-by: Ralph Wuerthner <ralph.wuerthner at de.ibm.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

- - - - -
9b30fcda by Ralph Wuerthner at 2019-04-18T22:21:15Z
s3:debug: enable logging for early startup failures

Commit c89a33a07a 'debug: Use backends instead of explicitly logging to
syslog or file' introduced a regression where early startup failures (e.g.
unable to connect to CTDB) are no longer logged because the debug subsystem
is not yet fully initialized. Enable logging again with reasonable defaults
when reopen_logs() is called and the parameter file is not yet parsed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13904

Signed-off-by: Ralph Wuerthner <ralph.wuerthner at de.ibm.com>
Reviewed-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>

Autobuild-User(master): Christof Schmitt <cs at samba.org>
Autobuild-Date(master): Thu Apr 18 22:21:15 UTC 2019 on sn-devel-144

- - - - -
14922438 by Günther Deschner at 2019-04-19T17:27:12Z
s4-torture: include torture/util.h in lease break handler

Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
8274303f by Günther Deschner at 2019-04-19T17:27:12Z
s4-torture: add new smb2 multichannel suite skeleton.

Also Skip MC tests for s4 ntvfs fileserver, it's not supported at all.
Use knownfail for s3 fileserver for the time being (until socketwrapper
supports fd-passing).

Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
7a73c569 by Günther Deschner at 2019-04-19T17:27:12Z
s4-torture: move oplock break handler out of the replay testsuite.

Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
aa28477b by Sachin Prabhu at 2019-04-19T17:27:12Z
s4-torture: move torture_wait_for_oplock_break() to central oplock handler.

Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
e1a96b1a by Sachin Prabhu at 2019-04-19T17:27:12Z
s4-torture: Add function declarations to lease_break_handler.h

Do not completely depend on proto.h.

Also move torture_reset_break_info() to lease_break_handler.h so that
the layout is similar to that of oplock_break_handler.*

Signed-off-by: Sachin Prabhu <sprabhu at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
4e685895 by Sachin Prabhu at 2019-04-19T17:27:13Z
s4-torture: Add handlers to ignore incoming oplock/lease break requests

For use in multichannel oplock break tests. These handers ignore
incoming oplock and lease break requests so that we can test the
oplock/lease break retries on the server.

This is meant for use with samba servers which rely on receiving a reply
from the client before timeout.
Windows servers rely on underlying tcp commands to decide if the oplock
break command was delivered successfully to the client and therefore
cannot be tested with this method.

Signed-off-by: Sachin Prabhu <sprabhu at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
f115b53c by Sachin Prabhu at 2019-04-19T17:27:13Z
s4-torture: Increase timeout for lease/oplock break handlers

0.1 seconds is not enough when running tests against a server over the
network and are causing timing related bugs. We increase this to 1
second.

Signed-off-by: Sachin Prabhu <sprabhu at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
1739468c by Günther Deschner at 2019-04-19T17:27:13Z
s4-torture: add test for interface information retrieval for multichannel.

Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
0d7d6070 by Günther Deschner at 2019-04-19T17:27:13Z
s4-torture: add torture_block/torture_unblock smb2 transport functions

Guenther

Signed-off-by: Guenther Deschner <gd at samba.org>
Signed-off-by: Sachin Prabhu <sprabhu at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
2a5b0d5b by Sachin Prabhu at 2019-04-19T17:27:13Z
s4-torture: Add #defines required by the new tests

New macros used by our tests.

Signed-off-by: Guenther Deschner <gd at samba.org>
Signed-off-by: Sachin Prabhu <sprabhu at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
018845d4 by Sachin Prabhu at 2019-04-19T17:27:13Z
s4-torture: Add helper functions to create channels.

Helper functions used by both oplock and lease break tests.

Signed-off-by: Guenther Deschner <gd at samba.org>
Signed-off-by: Sachin Prabhu <sprabhu at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
3dc532cb by Sachin Prabhu at 2019-04-19T17:27:13Z
s4-torture: Add handlers to block channels for testing

We use two methods to block channels

1) Simply ignore incoming oplock break requests and do not respond to
them.
This method doesn't work against Microsoft Windows based servers which
rely on the tcp stack for confirmation that the oplock break command was
sent to the client machine. This is meant to be used with samba servers
and is the default method.

2) Use iptables to block the channel.
The method requires the use of a privileged account and can only be used
on Linux systems with iptables installed. To use this blocking method,
pass the option
--option=torture:use_iptables=true

Signed-off-by: Guenther Deschner <gd at samba.org>
Signed-off-by: Sachin Prabhu <sprabhu at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
31c9b74d by Sachin Prabhu at 2019-04-19T17:27:14Z
s4-torture: Add oplock break retry tests - test1

Test to confirm that server sends oplock breaks as expected.

Signed-off-by: Guenther Deschner <gd at samba.org>
Signed-off-by: Sachin Prabhu <sprabhu at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
ee0a247a by Sachin Prabhu at 2019-04-19T17:27:14Z
s4-torture: Add oplock break retry tests - test2

Test to see if oplock break retries are sent by the server.
Also checks to see if new channels can be created and used
after an oplock break retry.

The test by default blocks channels by ignoring incoming lease break
requests on that channel. This does not work when testing against a
windows server.
Use --option=torture:use_iptables=true to use iptables to block ports
instead when testing against windows servers.

Signed-off-by: Guenther Deschner <gd at samba.org>
Signed-off-by: Sachin Prabhu <sprabhu at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
311c024b by Sachin Prabhu at 2019-04-19T17:27:14Z
s4-torture: Add lease break retry tests - test1

Test to check if lease breaks are sent by the server as expected.

Signed-off-by: Guenther Deschner <gd at samba.org>
Signed-off-by: Sachin Prabhu <sprabhu at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
63b4b4ce by Sachin Prabhu at 2019-04-19T17:27:14Z
s4-torture: Add lease break retry tests - test2

Test to check if lease breaks are sent by the server as expected.

The test by default blocks channels by ignoring incoming lease break
requests on that channel. This does not work when testing against a
windows server.
Use --option=torture:use_iptables=true to use iptables to block ports
instead when testing against windows servers.

Signed-off-by: Guenther Deschner <gd at samba.org>
Signed-off-by: Sachin Prabhu <sprabhu at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
befac485 by Sachin Prabhu at 2019-04-19T17:27:14Z
s4-torture: Add lease break retry tests - test3

Check to see how the server behaves if lease break response is sent
over a different channel to one over which the break is received.

The test by default blocks channels by ignoring incoming lease break
requests on that channel. This does not work when testing against a
windows server.
Use --option=torture:use_iptables=true to use iptables to block ports
instead when testing against windows servers.

Signed-off-by: Guenther Deschner <gd at samba.org>
Signed-off-by: Sachin Prabhu <sprabhu at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
7a4dad60 by Sachin Prabhu at 2019-04-19T17:27:14Z
s4-torture: Add lease break retry tests - test4

Test to see how the server behaves when the client flushes data back to
the server but doesn't send the lease break response over the channel.
Does it then retry the lease break?

This test is specifically expected to run against Samba and will not
work against a MS Windows servers because it uses the ignore method to
ignore oplock breaks sent by the server.

Signed-off-by: Guenther Deschner <gd at samba.org>
Signed-off-by: Sachin Prabhu <sprabhu at redhat.com>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
ef35d4d8 by Sachin Prabhu at 2019-04-19T18:26:18Z
s4-torture: add test to check for max. number of channels per session.

Signed-off-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Apr 19 18:26:18 UTC 2019 on sn-devel-144

- - - - -
0b203d94 by Christof Schmitt at 2019-04-22T23:00:41Z
vfs_gpfs: Remove usage of gpfs_prealloc

All supported versions of GPFS now support fallocate. Use the default
codepath instead of the API call. Keep the function stub as it will
be used for a check later.

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
066ec8d6 by Christof Schmitt at 2019-04-22T23:00:41Z
vfs_gpfs: Remove gpfs:prealloc from manpage

The option is no longer in the code, remove it from the manpage as well.

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
a0bc1f9d by Christof Schmitt at 2019-04-22T23:00:42Z
gpfswrap: Remove unused gpfs_prealloc wrapper

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
1c3731cc by Christof Schmitt at 2019-04-23T00:33:03Z
vfs_gpfs: Block punchhole calls for non-sparse files

The core smbd code implements ZERO_DATA for non-sparse files by punching
a hole and filling it again with a fallocate(FL_KEEP_SIZE) call. As GPFS
does not provide the fallocate(FL_KEEP_SIZE) call and non-sparse files
should not contain holes, block the punchhole; effectively only allowing
ZERO_DATA/punchhole calls for sparse files.

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Tue Apr 23 00:33:03 UTC 2019 on sn-devel-144

- - - - -
c36d743f by Andrew Bartlett at 2019-04-23T01:06:21Z
selftest: Move simple-dc-steps.sh to correct folder

This script helps re-create the environment for the dbcheck-oldrelease.sh links test.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
e24e344d by Lutz Justen at 2019-04-23T02:08:56Z
waf: install: Remove installation of PIDL and manpages.

It's not used outside of Samba other than wireshark
who have their own vendor fork.

Signed-off-by: Lutz Justen <ljusten at google.com>
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue Apr 23 02:08:56 UTC 2019 on sn-devel-144

- - - - -
1d7dee58 by Douglas Bagnall at 2019-04-23T18:00:13Z
pytest/segfault: segfault with nameless element

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>

- - - - -
76967b33 by Douglas Bagnall at 2019-04-23T19:03:35Z
pyldb: avoid segfault when adding an element with no name

We don't want to see this:

python3 -c "import sys
sys.path.insert(0, 'bin/python')
import ldb
m = ldb.Message()
e = ldb.MessageElement('q')
try:
    m.add(e)
except ldb.LdbError:
    pass
print(m)
"
Segmentation fault (core dumped)

instead we want this:

Traceback (most recent call last):
File "<string>", line 7, in <module>
ValueError: The element has no name

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Noel Power <npower at samba.org>

Autobuild-User(master): Noel Power <npower at samba.org>
Autobuild-Date(master): Tue Apr 23 19:03:35 UTC 2019 on sn-devel-144

- - - - -
1646baa3 by Stefan Metzmacher at 2019-04-24T01:01:57Z
.gitlab-ci.yml: use the ubuntu1804 image as default

This matches our move from sn-devel-144 to sn-devel-184
for the final autobuild.

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Apr 24 01:01:58 UTC 2019 on sn-devel-184

- - - - -
d7b5ad5e by Christof Schmitt at 2019-04-24T01:02:17Z
selftest: Add gid-to-sid lookup to idmap_ad test

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13903

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
8266bd1f by Christof Schmitt at 2019-04-24T01:02:17Z
selftest: Use fl2008r2dc for ad_member_idmap_ad

fl2008r2dc already has a trusted domain. That will be used to use
idmap_ad for querying idmap attributes from the trusted domain.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13903

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
281fb81a by Christof Schmitt at 2019-04-24T01:02:17Z
selftest: Make trusted domain information available for idmap_ad environment

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13903

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
65e1d783 by Christof Schmitt at 2019-04-24T01:02:17Z
selftest: Add idmap configuration for trusted domain for idmap_ad

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13903

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
ac0f8656 by Christof Schmitt at 2019-04-24T01:02:17Z
selftest: Pass trusted domain information to idmap_ad test

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13903

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
2577f43a by Christof Schmitt at 2019-04-24T01:02:17Z
selftest: Add trusted domain tests for idmap_ad

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13903

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
3020050b by Volker Lendecke at 2019-04-24T02:25:56Z
winbind: Fix overlapping id ranges

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Apr 24 02:25:56 UTC 2019 on sn-devel-184

- - - - -
7aa443a3 by Stefan Metzmacher at 2019-04-24T07:00:29Z
s3:smbd: handle IO_REPARSE_TAG_DFS in SMB_FIND_FILE_FULL_DIRECTORY_INFO

This completes commit 74829fecd7a4e806ee441cd75141bede2eefef1a,
which missed SMB_FIND_FILE_FULL_DIRECTORY_INFO

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10097

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 1d9348575914891dbb5638bc9b8d51eda98fe554)

- - - - -
8d6361b6 by Stefan Metzmacher at 2019-04-24T07:00:29Z
smb2_server: allow smbd_smb2_request_pending_queue(0) to avoid STATUS_PENDING

This has the same meaning as smb2_request_set_async_internal(),
but this will simplifies callers.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13698
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13796

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 4760b85243f335bb2094fc779802ce4b52db0ccb)

- - - - -
dc06b1b3 by Stefan Metzmacher at 2019-04-24T07:00:29Z
smb2_sesssetup: avoid STATUS_PENDING responses for session setup

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12845
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13698
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13796

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 23792449694b5221f6ea422166c96fac494e3e2c)

- - - - -
6122f423 by Stefan Metzmacher at 2019-04-24T07:00:29Z
smb2_tcon: avoid STATUS_PENDING responses for tree connect

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12844
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13698

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 8a11da429bd3c89766f43c2bff681837a769987c)

- - - - -
d8d3e689 by Stefan Metzmacher at 2019-04-24T07:00:29Z
smb2_sesssetup: avoid STATUS_PENDING completely on session logoff

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10344
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13698

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit d64038425f250e253dce707d69899c7a5d8cb32e)

- - - - -
c8bdbc39 by Stefan Metzmacher at 2019-04-24T07:00:30Z
smb2_tcon: avoid STATUS_PENDING completely on tdis

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10344
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13698

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 1dc002548336b969979c3bf85b531c059d87f015)

- - - - -
dedeaf37 by David Disseldorp at 2019-04-24T07:00:30Z
vfs_snapper: drop unneeded fstat handler

fstat is handle based, and unlike vfs_shadow_copy2, we don't need to
make any changes to the returned sbuf, so remove the existing handler
which does nothing.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13858

Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Mar 27 18:21:38 UTC 2019 on sn-devel-144

(cherry picked from commit c68d9c9ef367c1e85619ac2d027a0a425164ca8a)

- - - - -
a50c4d7a by Stefan Metzmacher at 2019-04-24T07:00:30Z
vfs_default: fix DEBUG messages in vfswrap_offload_write_*_done()

SMB_VFS_{PREAD,PWRITE}_RECV() don't set errno, so we need to
use strerror(aio_state.error) in the debug messages.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13862

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 2abf9e9a95cbdf76109b3501dee3e0c34ad09194)

- - - - -
74001095 by Stefan Metzmacher at 2019-04-24T07:00:30Z
vfs_default: fix vfswrap_offload_write_send() NT_STATUS_INVALID_VIEW_SIZE check

This fixes a regression introduced in commit
60e45a2d25401eaf9a15a86d19114670ccfde259, where the 'num' variable
was renamed to 'to_copy', but a new 'num' variable was introduced.

Note that off_t is signed!
In future we need to watch out for filesystems supporting
FMODE_UNSIGNED_OFFSET on Linux. Which means they use it unsigned.

This is more or less a theoretical problem, The
NT_STATUS_INVALID_PARAMETER cases are catched before by
SMB_VFS_PREAD_SEND/RECV.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13862

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 4d6cd932a955a99ca33cc4aedd7f612e56e0b1de)

- - - - -
7abc1442 by Stefan Metzmacher at 2019-04-24T07:00:30Z
smb2_server: grant all 8192 credits to clients

This seems to match Windows Server 2016.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13863

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 829f692fb1552e56c6a9726036a995b4328731dd)

- - - - -
c5089041 by David Disseldorp at 2019-04-24T07:00:30Z
vfs_ceph: explicitly enable libcephfs POSIX ACL support

libcephfs disables ACL support by default and returns -EOPNOTSUPP in the
POSIX ACL get/setxattr paths as a result. Enable support by setting the
following Ceph config parameters during mount:
        client acl type = posix_acl
        fuse default permissions = false

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13896

Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
(cherry picked from commit 4982e282f2f2246952854ccc10d4787ac6653a7f)

- - - - -
92f30f91 by Lutz Justen at 2019-04-24T07:32:31Z
waf: build: Respect --disable-python for third_party modules

Skips installation of samba/third_party stuff into the python directory if
--disable-python is set.

Added test after install that confirms no python modules installed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13905

Signed-off-by: Lutz Justen <ljusten at google.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed Apr 24 07:32:31 UTC 2019 on sn-devel-184

- - - - -
571f7034 by David Disseldorp at 2019-04-24T11:05:08Z
docs/vfs_ceph: describe new ACL behaviour

vfs_ceph now explicitly enables libcephfs POSIX ACL support.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13896

Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Apr 12 19:40:25 UTC 2019 on sn-devel-144

(cherry picked from commit 58314d71ea63e36d5f1bbd2c3e190b1edffee726)

Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Wed Apr 24 11:05:08 UTC 2019 on sn-devel-144

- - - - -
d5166089 by Ralph Boehme at 2019-04-24T18:32:14Z
bootstrap: move flex to common packages

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
adbb6e91 by Ralph Boehme at 2019-04-24T18:32:14Z
waf: fix array access out of bounds exception in the check for flex

If flex is not installed the following expection is triggered:

Checking for flex
Checking for program 'flex'                                                       : not found
Traceback (most recent call last):
  File "/home/slow/git/samba/scratch/third_party/waf/waflib/Scripting.py", line 158, in waf_entry_point
    run_commands()
  File "/home/slow/git/samba/scratch/third_party/waf/waflib/Scripting.py", line 251, in run_commands
    ctx = run_command(cmd_name)
  File "/home/slow/git/samba/scratch/third_party/waf/waflib/Scripting.py", line 235, in run_command
    ctx.execute()
  File "/home/slow/git/samba/scratch/third_party/waf/waflib/Configure.py", line 159, in execute
    super(ConfigurationContext, self).execute()
  File "/home/slow/git/samba/scratch/third_party/waf/waflib/Context.py", line 204, in execute
    self.recurse([os.path.dirname(g_module.root_path)])
  File "/home/slow/git/samba/scratch/third_party/waf/waflib/Context.py", line 286, in recurse
    user_function(self)
  File "/home/slow/git/samba/scratch/wscript", line 307, in configure
    conf.RECURSE('source3')
  File "./buildtools/wafsamba/samba_utils.py", line 66, in fun
    return f(*k, **kw)
  File "./buildtools/wafsamba/samba_utils.py", line 481, in RECURSE
    return ctx.recurse(relpath)
  File "/home/slow/git/samba/scratch/third_party/waf/waflib/Context.py", line 286, in recurse
    user_function(self)
  File "/home/slow/git/samba/scratch/source3/wscript", line 1660, in configure
    flex.configure(conf)
  File "/home/slow/git/samba/scratch/third_party/waf/waflib/Tools/flex.py", line 59, in configure
    if re.search (r"\\msys\\[0-9.]+\\bin\\flex.exe$", conf.env.FLEX[0]):
IndexError: list index out of range

This happens because when the detection of flex fails, an excpetion is
thrown in Configure.py:find_program by calling self.fatal(), but as
Configure.py:find_program() is called from
samba_waf18.py:find_program_samba() which sets the keyword argument
mandatory=False, Configure.py:conf:fun() catches the expection.

As a result in flex.py the call to conf.find_program('flex', var='FLEX')
does not abort and

  if re.search (r"\\msys\\[0-9.]+\\bin\\flex.exe$", conf.env.FLEX[0])

is executed even though conf.env.FLEX is None.

As this is a not a problem of upstream Samba, but triggered by our
samba_waf18.py:find_program_samba(), I don't pursue an upstream
fix. Instead, just use conf.find_program() directly instead of the
wrapper in flex.py.

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <npower at samba.org>

- - - - -
f79acc51 by Ralph Boehme at 2019-04-24T18:32:14Z
s3: build: seperate out check for Gnome Tracker from Spotlight

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <npower at samba.org>

- - - - -
f52e4020 by Ralph Boehme at 2019-04-24T18:32:14Z
s3:wscript: fix flex and bison detection message when not installed

If flex or bison are not installed, conf.env['BISON'] and
conf.env['FLEX'] respectively return an empty string, so
conf.CHECK_COMMAND() runs

 $ /bin/sh -c " --version  | head -n1"

and

 $ /bin/sh -c " --version"

which results in the following message

  /bin/sh: []: command not found

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <npower at samba.org>

- - - - -
2f87661c by Ralph Boehme at 2019-04-24T18:32:14Z
s3:wscript: fix flex and bison detection

conf.env['BISON'] and conf.env['FLEX'] return lists.

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <npower at samba.org>

- - - - -
fa39a7b2 by Ralph Boehme at 2019-04-24T18:32:14Z
s3/lib: new tevent_glib_glue subsystem

tevent_glib_glue_create() takes glib GMainContext and adds its event
sources to a tevent context. tevent will poll the sources and run
handlers for pending events as detailed in the glib documentation:

https://developer.gnome.org/glib/stable/glib-The-Main-Event-Loop.html

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <npower at samba.org>

- - - - -
1f836d4c by Ralph Boehme at 2019-04-24T18:32:14Z
s3/lib: add a tevent_glib_glue subsystem test

Tests adapted from glib2 glib/tests/mainloop.c.

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <npower at samba.org>

- - - - -
6592daf5 by Ralph Boehme at 2019-04-24T18:32:15Z
s3/lib: tevent-glib-glue test utiltity with Tracker

A small utilitly useful for tesing the tevent_glib_glue code. It runs a
tracker-sparql search query against your local tracker store that must
be setup and running.

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <npower at samba.org>

- - - - -
675902f8 by Ralph Boehme at 2019-04-24T18:32:15Z
s3-mdssvc: add tevent context arg to mds_init_ctx

This is needed later when adding tevent_glib_glue support, not used for now.

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <npower at samba.org>

- - - - -
bc053abd by Ralph Boehme at 2019-04-24T18:32:15Z
s3-mdssvc: call [un]become_authenticated_pipe_user()

This ensures we're running as the authenticated user int the tevent
callback which might be running in an arbitrary impersonation context.

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <npower at samba.org>

- - - - -
55b2cca1 by Ralph Boehme at 2019-04-24T18:32:15Z
s3-mdssvc: use tevent_glib_glue in mdssvc RPC service

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <npower at samba.org>

- - - - -
984c890c by Ralph Boehme at 2019-04-24T18:32:15Z
s3-mdssvc: use default g_main context

Way back when the module was developed it seemed to be necessary the use
a private context with push/pop as thread default. Maybe there was a bug
in libtracker-sparql dispatching callback in the wrong (global)
context. It's not necessary anymore with a recent libtracker-sparql
version.

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <npower at samba.org>

- - - - -
91c9c034 by Ralph Boehme at 2019-04-24T18:32:15Z
s3-mdssvc: add missing call to g_cancellable_new()

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <npower at samba.org>

- - - - -
003b5d3e by Ralph Boehme at 2019-04-24T18:32:15Z
s3-mdssvc: make mds_ctx_destructor_cb static

This is only used in this compilation unit.

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <npower at samba.org>

- - - - -
613acd3d by Ralph Boehme at 2019-04-24T19:32:12Z
s3-mdssvc: add a comment to mds_init()

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Noel Power <npower at samba.org>

Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Wed Apr 24 19:32:12 UTC 2019 on sn-devel-184

- - - - -
94f2ed3e by Christof Schmitt at 2019-04-25T00:54:16Z
wscript: Remove checks for shm_open and shmget

Commit 74a16a1094278 "s3:smbprofile: Replace sysv shmem with tdb"
removed the usage of the shared memory segment for profiling data. As
there are no other users of shared memory segments, remove the configure
check for these functions.

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu Apr 25 00:54:16 UTC 2019 on sn-devel-184

- - - - -
f1bf02c7 by Andreas Schneider at 2019-04-25T10:47:16Z
autobuild: Build also Samba AD with MIT Kerberos

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

- - - - -
bd5b4a16 by Andreas Schneider at 2019-04-25T10:47:16Z
s3:modules: Fix size types

error: assuming signed overflow does not occur when simplifying
conditional to constant [-Werror=strict-overflow]

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

- - - - -
fefb84b5 by Andreas Schneider at 2019-04-25T10:47:16Z
s4:heimdal: Disable format truncation warnings

We build that code and do not treat warnings as errors anyway,
so just disable format truncation.

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

- - - - -
a6aff733 by Andreas Schneider at 2019-04-25T10:47:16Z
bootstrap: Fix dnf commands

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

- - - - -
8b2fbd79 by Andreas Schneider at 2019-04-25T10:47:16Z
bootstrap: Add missing packages on RPM distributions

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

- - - - -
ae21dc71 by Andreas Schneider at 2019-04-25T10:47:16Z
bootstrap: Add missing packages for XFS quota support

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

- - - - -
dfa4d3cd by Andreas Schneider at 2019-04-25T10:47:16Z
bootstrap: Add glusterfs and cephfs packages

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

- - - - -
b1426d06 by Andreas Schneider at 2019-04-25T11:46:23Z
gitlab-ci: Enable fedora29 and update generated dists

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Apr 25 11:46:23 UTC 2019 on sn-devel-184

- - - - -
b50ca162 by Andreas Schneider at 2019-04-25T16:52:57Z
gitlab-ci: Remove Ubuntu 14.04

Ubuntu 14.04 a compiler which complains about valid C99 code and also it
doesn't offer GnuTLS >= 3.2 which we require to move to GnuTLS.

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu Apr 25 16:52:57 UTC 2019 on sn-devel-184

- - - - -
8e3a042e by Anoop C S at 2019-04-26T12:04:20Z
s3/vfs_glusterfs: Dynamically determine NAME_MAX

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13872

Signed-off-by: Anoop C S <anoopcs at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

- - - - -
e28d172b by Anoop C S at 2019-04-26T12:04:21Z
s3/vfs_glusterfs_fuse: Dynamically determine NAME_MAX

This allows the vfs_glusterfs_fuse build to complete on AIX.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13872

Signed-off-by: Anoop C S <anoopcs at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

- - - - -
633698c9 by Günther Deschner at 2019-04-26T13:03:05Z
Revert "lib/replace: define NAME_MAX for platforms that don't have it"

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13872

This reverts commit e3c894fb6b87df8aa56e29ef3b16ae1ef456a875.

Signed-off-by: Günther Deschner <gd at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

Autobuild-User(master): Günther Deschner <gd at samba.org>
Autobuild-Date(master): Fri Apr 26 13:03:05 UTC 2019 on sn-devel-184

- - - - -
d24c9d5f by Ralph Boehme at 2019-04-29T16:04:28Z
s3:utils: use struct initializer in async-tracker long_options

s3:utils: use struct initializer in async-tracker long_options

The previous initializer list was missing a NULL as last element. Using struct
initializers instead for correct initialisation.

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
e0b9281c by Andreas Schneider at 2019-04-29T16:04:28Z
lib:audit_logging: Use C99 initializer for server_id in audit_logging

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

- - - - -
2a1c19b8 by Andreas Schneider at 2019-04-29T16:04:28Z
s3:lib: Use correct C99 initializer for 'struct flock' in messages_dgm

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

- - - - -
bbef2686 by Andreas Schneider at 2019-04-29T16:04:28Z
s4:dsdb: Use C99 initializer in dsdb util_trusts

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

- - - - -
99eb7203 by Andreas Schneider at 2019-04-29T16:04:28Z
s3:libsmb: Fix C99 initializer in cli_smb2_fnum.c

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

- - - - -
cf79ee15 by Andreas Schneider at 2019-04-29T16:04:28Z
wafsamba: Enable warnings for missing field initializer

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

- - - - -
40f91924 by Andreas Schneider at 2019-04-29T16:04:28Z
gitlab-ci: Install missing krb5-kdc package on Ubuntu/Debian

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

- - - - -
cbee3037 by Ralph Boehme at 2019-04-29T17:07:02Z
waf: only set mandatory to False if not already set by the caller

There are a bunch of callers that call find_program with mandatory=True,
we should not overwrite this when explicity passed, eg:

  ctx.find_program('objcopy', var='OBJCOPY', mandatory=True)

  conf.SAMBA_CHECK_PERL(mandatory=True)
    -> conf.find_program('perl', var='PERL', mandatory=mandatory)

With this patch we only change the default from False to True, but allow
callers to choose specific behaviour.

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Mon Apr 29 17:07:02 UTC 2019 on sn-devel-184

- - - - -
c12914c6 by Samuel Cabrero at 2019-04-29T18:10:09Z
selftests: Place credential cache file inside environment directory

Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Signed-off-by: Samuel Cabrero <scabrero at suse.de>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
937ad9d2 by Samuel Cabrero at 2019-04-29T18:10:09Z
credentials: Initialize krb5 client to retrieve creds from ccache

MIT kerberos require krb5_creds.client to be initialized to match
krb5_creds.server with the cached credentials.

Signed-off-by: Samuel Cabrero <scabrero at suse.de>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
d88f1c82 by Samuel Cabrero at 2019-04-29T19:15:48Z
credentials: Workaround krb5_cc_remove_cred not implemented in MIT kerberos

Signed-off-by: Samuel Cabrero <scabrero at suse.de>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Mon Apr 29 19:15:48 UTC 2019 on sn-devel-184

- - - - -
f6907809 by Anoop C S at 2019-04-30T11:29:27Z
s3/vfs_glusterfs_fuse: Dynamically determine NAME_MAX

This allows the vfs_glusterfs_fuse build to complete on AIX.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13872

Signed-off-by: Anoop C S <anoopcs at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit e28d172b00cadf492c22bd892e2dda3bf2fe2d70)

- - - - -
16462634 by Anoop C S at 2019-04-30T16:05:51Z
s3/vfs_glusterfs: Dynamically determine NAME_MAX

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13872

Signed-off-by: Anoop C S <anoopcs at redhat.com>
Reviewed-by: Guenther Deschner <gd at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
(cherry picked from commit 8e3a042eb9e502821b147f1bbb2d98d59f17a095)

Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Tue Apr 30 16:05:51 UTC 2019 on sn-devel-144

- - - - -
09962c1b by Christof Schmitt at 2019-04-30T17:34:21Z
wafsamba: Add compiler check for missing field initializer check

The commit cf79ee15

    wafsamba: Enable warnings for missing field initializer

enabled a compiler check for warnings about missing initializers for all
developer builds. This fails with older compilers, e.g. gcc on RHEL7.
Add a waf check around adding the compiler option to avoid the failure
with older compilers.

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
9e29ddd4 by Andreas Schneider at 2019-04-30T17:34:21Z
bootstrap: Only install required packages on Fedora

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>

- - - - -
e48a6c84 by Andreas Schneider at 2019-04-30T17:34:21Z
bootstrap: Only install required packages on openSUSE

This should reduce the amount of packages installed. And make building
the image much faster!

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>

- - - - -
4dd8db32 by Andreas Schneider at 2019-04-30T18:48:18Z
gitlab-ci: Update for building new containers

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Stefan Metzmacher <metze at samba.org>

Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue Apr 30 18:48:18 UTC 2019 on sn-devel-184

- - - - -
4f2af93a by Samuel Cabrero at 2019-04-30T23:18:26Z
.gitlab-ci.yml: Allow overriding the default image using a variable

This way one can run all tests in a different container without having
to modify the gitlab ci file, just setting the SAMBA_CI_CONTAINER_IMAGE
variable in the gitlab's GUI.

Signed-off-by: Samuel Cabrero <scabrero at suse.de>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
9d1d44dc by Andreas Schneider at 2019-04-30T23:18:26Z
replace: Add ZERO_ARRAY_LEN() macro

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
8ad4c157 by Andreas Schneider at 2019-04-30T23:18:26Z
lib:util: Sync memory.h with replace.h

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
382d5908 by Andreas Schneider at 2019-04-30T23:18:26Z
waf: Add mandatory requirement for GnuTLS >= 3.2.0

We plan to move to GnuTLS for crypto in Samba, this is the first step to
make it mandatory and to require a version which is in LTS
distributions.

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
daa128f8 by Andreas Schneider at 2019-04-30T23:18:26Z
s3:tls: Remove #ifdef for GnuTLS

This is a requirement now.

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
b63bf295 by Andreas Schneider at 2019-04-30T23:18:27Z
s4:rpc_server: Remove obsolete gcrypt init

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
1fa3c9a3 by Andreas Schneider at 2019-04-30T23:18:27Z
waf: Remove configure steps from source4/lib/tls

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
324a2eec by Andreas Schneider at 2019-04-30T23:18:27Z
waf: Move gnutls_pkcs7_get_embedded_data_oid to main gnutls file

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
e35a8598 by Andreas Schneider at 2019-04-30T23:18:27Z
waf: Add check for gnutls_x509_crt_set_subject_unique_id()

This is used by the GnuTLS backupkey implementation.

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
155f697e by Andreas Schneider at 2019-04-30T23:18:27Z
waf: Move check for gnutls_aead_cipher_init to main gnutls wscript

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
712e464f by Andreas Schneider at 2019-04-30T23:18:27Z
waf: Remove unused GNUTLS defines

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
9bbb9f7b by Andreas Schneider at 2019-04-30T23:18:27Z
s3:modules: Use GnuTLS SHA256 in vfs_acl_common

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
6fb78373 by Andreas Schneider at 2019-04-30T23:18:27Z
s4:utils: Use gnutls SHA256 in oLschema2ldif

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
75d45f6d by Andreas Schneider at 2019-04-30T23:18:27Z
s4:libcli:smb2: Use GnuTLS SHA256 HMAC for signing

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
8bed91c9 by Andreas Schneider at 2019-04-30T23:18:27Z
libcli:auth: Use GnuTLS SHA256 HMAC for credentials

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
5d876109 by Andreas Schneider at 2019-04-30T23:18:27Z
libcli:auth: Add return code for netlogon_creds_init_hmac_sha256()

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
cda938cd by Andreas Schneider at 2019-04-30T23:18:27Z
libcli:smb: Use GnuTLS SHA256 HMAC in smb2_key_derivation()

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
eca425ef by Andreas Schneider at 2019-04-30T23:18:27Z
libcli:smb: Use GnuTLS SHA256 HMAC in smb2_signing_sign_pdu()

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
604c0b26 by Andreas Schneider at 2019-04-30T23:18:27Z
libcli:smb: Use GnuTLS SHA256 HMAC in smb2_signing_check_pdu()

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
11e3552c by Andreas Schneider at 2019-04-30T23:18:28Z
libcli:smb: Introduce a structure for the smb2_singing_key

This also adds a new function to validate the structure.

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
17e22e02 by Andreas Schneider at 2019-04-30T23:18:28Z
libcli:smb: Use 'struct smb2_signing_key' in smbXcli_base.c

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
d02f7907 by Andreas Schneider at 2019-04-30T23:18:28Z
s3:librpc: Rename the data blobs for keys in smbXsrv.idl

The original names will be used with a new structure to cache mac and
cipher handles for gnutls later.

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
f7929c66 by Andreas Schneider at 2019-04-30T23:18:28Z
s3:librpc: Add smb2_signing_key to smbXsrv.idl

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
9e16adff by Andreas Schneider at 2019-04-30T23:18:28Z
s3:smbd: Start to use the smb2_signing_key structure

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
3f252816 by Andreas Schneider at 2019-04-30T23:18:28Z
libcli:smb: Add smb2_signing_key_destructor()

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
dcf37228 by Andreas Schneider at 2019-04-30T23:18:28Z
libcli:smb: Use smb2_signing_key for smb2_signing_sign_pdu()

This caches the gnutls hmac handle in the struct so we only allocate it
once.

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
015e4d2d by Andreas Schneider at 2019-04-30T23:18:28Z
libcli:smb: Use smb2_signing_key for smb2_signing_check_pdu()

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
c04571d4 by Andreas Schneider at 2019-04-30T23:18:28Z
auth:gensec: Use GnuTLS SHA256 HMAC for schannel

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
83d228b6 by Andreas Schneider at 2019-04-30T23:18:28Z
auth:gensec: Add return code for netsec_do_sign()

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
826e3721 by Andreas Schneider at 2019-04-30T23:18:28Z
lib:crypto: Remove unused SHA256 and HMAC SHA256

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
641d74cb by Tim Beale at 2019-04-30T23:18:28Z
traffic_replay: Assign users to groups by default

The traffic_replay script has a myriad of options, but by default when
it creates user accounts it does not assign these users to any groups
(you have to specify extra options to do that). This isn't really a fair
test of samba performance, because it's unlikely that real world setups
will have users that are in no groups (other than the default ones).

This patch changes the default behaviour so that it will assign the new
users to groups automatically, if no other group options were
specified.

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
e387cf92 by Tim Beale at 2019-04-30T23:18:28Z
traffic_replay: Avoid Exception if no packet rate is specified

traffic_replay would throw an exception if you didn't specify some sort
of packet rate. We can avoid this by using --scale-traffic=1.0 as the
default if nothing else was specified.

 script/traffic_replay model.txt $SERVER.$REALM --duration=10
   --fixed-password=blahblah12# -U$USERNAME%$PASSWORD
INFO 2019-04-10 01:03:01,809 pid:47755 script/traffic_replay #280: Using
the specified model file to generate conversations
Traceback (most recent call last):
  File "script/traffic_replay", line 438, in <module>
    main()
  File "script/traffic_replay", line 293, in main
    opts.conversation_persistence)
  File "bin/python/samba/emulate/traffic.py", line 1295, in
generate_conversation_sequences
    target_packets = int(packet_rate * duration)
TypeError: unsupported operand type(s) for *: 'NoneType' and 'float'

Signed-off-by: Tim Beale <timbeale at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
e98340e3 by Joe Guo at 2019-04-30T23:18:28Z
traffic: make code more pythonic

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
35e52ebd by Joe Guo at 2019-04-30T23:18:29Z
traffic: define kerberos_state to simplify code

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
2ee72cc6 by Joe Guo at 2019-05-01T01:10:42Z
traffic: load dns query from file and write stats to file

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed May  1 01:10:42 UTC 2019 on sn-devel-184

- - - - -
5ac626e7 by Christof Schmitt at 2019-05-01T03:12:07Z
smbd: Move deadtime default to parameter definition and man page

The code has a default of one week (10080 minutes) if the parameter is
set to 0. Make this the public default of the parameter, instead of
hiding it in the code. This change also has the code match the
documentation that setting this parameter to 0 disables the check.

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
8488651b by Douglas Bagnall at 2019-05-01T03:12:07Z
s4/replmd: delete checks flag before laborious search

Most (perhaps all) attributes that are in the "must not remove" list also
have the PRESERVEONDELETE bit set, and checking bits is much cheaper
than a linear search involving strcasecmp. If we check the bit first
we save work.

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
c5e387d2 by Douglas Bagnall at 2019-05-01T03:12:07Z
s4/replmd delete: optimise attribute preservation with binary search

When we get here it is very likely that the attribute will not be
preserved, as the preserved ones should have had the flag set, but we
still end up loking through the whole list to confirm. With a binary
search, we end up looking at ~5 attributes to confirm.

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
62ba14a4 by Andreas Schneider at 2019-05-01T03:12:07Z
lib:torture: Fix size type in torture macro

Found by csbuild.
https://gitlab.com/samba-team/devel/samba/-/jobs/204481431

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
2a5bf72b by Andreas Schneider at 2019-05-01T05:02:22Z
s4:samdb: Make sure value is initialized with 0

Found by csbuild.

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed May  1 05:02:22 UTC 2019 on sn-devel-184

- - - - -
0a5c5e2f by Joe Guo at 2019-05-01T05:32:25Z
.gitlab-ci.yml: keep samba-ci-private tag only for private jobs

This will help us give the legacy 'private' tag, used in branches
under maintenance, more resources without those jobs running on the
normal production runners (therefore avoiding the additional cost for
the 90% of builds that are for master).

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
5a0df7ae by Douglas Bagnall at 2019-05-01T05:32:25Z
dsdb/pytest/ldap: revive commented out test for attr size range

The test was presumably commented out because we fail it, and
known-failing it would have hidden the attr-too-short tests that it
was bundled with. If we disentangle them we can knwn-fail it, which
serves as a TODO list.

(passes against WIN2012R2).

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
fd9859d4 by Douglas Bagnall at 2019-05-01T05:32:25Z
dsdb/pytest/ldap: use idiomatic 'e' for exceptions

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
865e464d by Douglas Bagnall at 2019-05-01T05:32:25Z
s4/tests.py: shorten lines with common path

A small step

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
c73888ff by Douglas Bagnall at 2019-05-01T05:32:25Z
dsdb pytests: test the effect of reordering modify requests

Do we interpret these the same way as Windows? In many cases, no.

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
e5a09948 by Douglas Bagnall at 2019-05-01T05:32:25Z
pytests: try ldap.modify_order with normal user

We run the tests again, trying to modify as a normal user rather than
Administrator.

It turns out that we do not always return the same error code as
Windows, but in all these tests both Windows and Samba always return
some kind of error (as you might hope).

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
a047e71b by Douglas Bagnall at 2019-05-01T05:32:25Z
pytests: slightly better errors in Testcase.insta_creds()

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
60620273 by Douglas Bagnall at 2019-05-01T05:32:25Z
dsdb/modules: a module to count attribute searches and results

The dsdb module stack can turn a simple search request into a
complicated tree of sub-queries that include attributes not originally
asked for and excluding those that were. The corresponding replies
might contain unrequested attributes or (for good reasons, according
to some module) hide requested ones. The entire stack is there to
meddle and that is what is does. Except *this* module. It just counts.
To understand dsdb performance it helps to have some idea what
requests and replies are flying too and fro. This module, when
inserted anywhere in the stack, counts the requests and replies
passing through and the attributes they contain. This data is stored
in on-disk tdbs in the private/debug directory.

The module is not loaded by default. To load it you need to patch the
source4/dsdb/samdb/ldb_modules/samba_dsdb.c and put "count_attrs"
somewhere in the module lists in the samba_dsdb_init() function. For
example, to examine the traffic between repl_meta_data and
group_audit_log, you would do something like this around line 316:

          "subtree_delete",
          "repl_meta_data",
  +       "count_attrs",
          "group_audit_log",
          "encrypted_secrets",

and recompile. Samba will then write to a number of tdb files in the
debug directory as requests and replies pass through. A simple script
is included to read these files. Doing this:

./script/attr_count_read st/ad_dc/private/debug/debug/attr_counts_not_found.tdb

will print a table showing how often various attritbutes were
requested but not found (from the point of view of the module).

A more sophisticated version of the script is coming in the next
commit, but this one is included first because in its simplicity it
documents the storage format reasonably well. The tdb keys are
attribute names, and the values are uint32_t in machine native order.

When the module is included in the stack there will be a very small
decrease in performance.

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
b9fac394 by Karolin Seeger at 2019-05-01T05:46:13Z
WHATSNEW: Add release notes for Samba 4.9.7.

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
c8e9b9fe by Karolin Seeger at 2019-05-01T05:46:13Z
VERSION: Disable GIT_SNAPSHOT for the 4.9.7 release.

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
86de3470 by Karolin Seeger at 2019-05-01T05:46:48Z
VERSION: Bump version up to 4.9.8...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
bd53819b by Douglas Bagnall at 2019-05-01T06:46:36Z
script/attr_count_read: load and correlate all data

This changes script/attr_count_read to take the samba private directory
as an argument and load all the databases at once, printing them as
one big table. It isn't extremely clear what it all means, but it
*tries* to tell you.

With --plot, it will attempt to load matplotlib and plot the number of
requested attributes against the number returned, with colour
of each point indicating its relative frequency. It is a scatterplot
that wants to be a heatmap.

With --no-casefold, you can get an extra confusing table where,
for instance, something repeatedly asks for "attributeId" which is not
accounted for, while in a completely different row an unrequested
"attributeID" is found many times over.

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed May  1 06:46:36 UTC 2019 on sn-devel-184

- - - - -
b5c4fdbf by Stefan Metzmacher at 2019-05-01T17:22:25Z
s4:torture/smb2: add smb2.stream.names3 test

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13919

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
2a69c091 by Stefan Metzmacher at 2019-05-01T17:22:26Z
smbd: allow case insensitive opens of named streams

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13919

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
0c602319 by Stefan Metzmacher at 2019-05-01T17:22:26Z
s4:libcli/raw: add RAW_FILEINFO_NORMALIZED_NAME_INFORMATION support

This is supported over the wire in SMB 3.1.1 on starting with
Windows 10 1803.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13919

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
8a5828de by Stefan Metzmacher at 2019-05-01T17:22:26Z
s4:torture/smb2: add smb2.getinfo.normalized test

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13919

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
b20fd15e by Stefan Metzmacher at 2019-05-01T18:33:00Z
smbd: implement SMB_FILE_NORMALIZED_NAME_INFORMATION handling

Windows 10 (1803 and higher) support and use
SMB_FILE_NORMALIZED_NAME_INFORMATION calls over the network. As a
fallback (in case the server don't support it) the client traverses all
path components, which is very expensive.

Implementing SMB_FILE_NORMALIZED_NAME_INFORMATION is very cheap for us
as the open already went through unix_convert() and we have the
information the client is asking for.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13919

Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed May  1 18:33:00 UTC 2019 on sn-devel-184

- - - - -
966fc0dc by Robert Sander at 2019-05-02T19:34:11Z
s3: modules: ceph: use current working directory instead of share path

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13918

Signed-off-by: Robert Sander <r.sander at heinlein-support.de>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Böhme <slow at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu May  2 19:34:11 UTC 2019 on sn-devel-184

- - - - -
d397d567 by Volker Lendecke at 2019-05-03T22:34:16Z
smbd: Use smbd_check_access_rights in reply_setatr()

That was the only caller of check_access outside of trans2.c, and it
passed an explicit NULL for fsp. Use the lower-level call, so we can
make check_access() static to trans2.c

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
a34d6a78 by Volker Lendecke at 2019-05-03T22:34:16Z
smbd: Make "check_access()" static to trans2.c

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
ef289136 by Volker Lendecke at 2019-05-03T22:34:16Z
smbd: Use a struct initializer

With -O3 this saves 32 bytes of .text

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
7738a538 by Volker Lendecke at 2019-05-03T22:34:16Z
libcli: Remove an unnecessary #include

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
26a0f0aa by Volker Lendecke at 2019-05-03T22:34:16Z
libcli: Align integer types

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
abf5d7d7 by Volker Lendecke at 2019-05-03T23:45:55Z
smbd: Use "ISDOT" in reply_setatr

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri May  3 23:45:55 UTC 2019 on sn-devel-184

- - - - -
051af002 by Joe Guo at 2019-05-05T22:07:19Z
bootstrap: add lcov to generate code coverage report

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
ee54661d by Joe Guo at 2019-05-05T22:07:19Z
.gitlab-ci.yml: rm abs path in artifacts

According to doc: https://docs.gitlab.com/ee/user/project/pipelines/job_artifacts.html#defining-artifacts-in-gitlab-ciyml
all paths in artifacts must be relative to the cloned repo, so this line
actually never worked.

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
f9800450 by Joe Guo at 2019-05-05T23:22:54Z
.gitlab-ci.yml: add docker tag back for private jobs

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Sun May  5 23:22:54 UTC 2019 on sn-devel-184

- - - - -
ad3af7cd by Gary Lockyer at 2019-05-06T01:18:21Z
lib util debug: Increase format buffer to 4KiB

Increase the debug line buffer to 4KiB, the existing size of 1KiB is too
small for dsdbChange JSON audit messages.  These messages were then
split across multipe lines causing issues in log ingestion tools
expecting single line messages.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13902

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

Autobuild-User(master): Gary Lockyer <gary at samba.org>
Autobuild-Date(master): Mon May  6 01:18:22 UTC 2019 on sn-devel-184

- - - - -
64bccb9b by Aaron Haslett at 2019-05-06T04:23:51Z
ldap: test for empty attributes list

Test for LDAP request with an empty attribute list.  LDB responds with
no attributes, but LDAP responds with all attributes.  Fix is attached
to the bug below but we can't push it upstream until we've found all
instances of incorrect empty attribute list usage in Samba.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13852

Signed-off-by: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
bc1583d3 by Aaron Haslett at 2019-05-06T05:45:55Z
selftest: correcting empty attribute usage in requests

Many parts of Samba use an empty attribute list in requests expecting
all attributes to be returned in the response, which is incorrect.  This
patch corrects the instances found by current CI tests.  Static analysis
and debugging will need to be done before changing ildap to the correct
semantics.

Signed-off-by: Aaron Haslett <aaronhaslett at catalyst.net.nz>

Reviewed-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Garming Sam <garming at samba.org>
Autobuild-Date(master): Mon May  6 05:45:55 UTC 2019 on sn-devel-184

- - - - -
16929089 by Andrew Bartlett at 2019-05-06T05:46:10Z
build: Remove build of replacetort

This is built close to the code it tests in lib/replace/wscript_build as
replace_testsuite.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
6cc68c1c by Andrew Bartlett at 2019-05-06T05:46:11Z
replace: Fix "make test" to actually test libreplace

Found by Joe Guo during preperation for automated code coverage output.

In order to allow the Makefile wrapper to work we need to rename the
test directory to tests.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
305617a1 by Andrew Bartlett at 2019-05-06T05:46:11Z
talloc: Follow pattern of ldb and tdb to ensure "make test" depends on a build

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
e9874a09 by Andrew Bartlett at 2019-05-06T05:46:11Z
pidl: No longer use Python3 compat define: PyInt_FromLong -> PyLong_FromLong

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
26d8d68c by Andrew Bartlett at 2019-05-06T05:46:11Z
pidl: Always call PyLong_FromLongLong() in ndr_PyLong_FromLongLong()

The C type is "long long" so use that always, as the Python type is now always the same.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
b0714c70 by Andrew Bartlett at 2019-05-06T05:46:11Z
pidl: Always call PyLong_FromUnsignedLongLong() in ndr_PyLong_FromUnsignedLongLong()

The C type is "unsigned long long" so use that always, as the Python type is now always the same.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
819ee849 by Andrew Bartlett at 2019-05-06T05:46:11Z
pidl: Call PyLong_FromLongLong() directly rather than via inline helper

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
4229c278 by Andrew Bartlett at 2019-05-06T05:46:11Z
pidl: Call PyLong_FromUnsignedLongLong directly rather than via inline helper

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
154370a2 by Andrew Bartlett at 2019-05-06T05:46:11Z
build: Remove ndr_PyLong_FromUnsignedLongLong wrapper from NT_STATUS and W_ERROR table generator

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
e995c9c1 by Andrew Bartlett at 2019-05-06T05:46:11Z
s4-winbindd: Removed unused wb_utils.c

Garming noticed this was untested code in the lcov report, and it turns out to be unused.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
eb15acdd by Andrew Bartlett at 2019-05-06T05:46:11Z
lib/tls: Remove unused source4/lib/tls/tls.c (tls socket wrapper)

The last caller was removed in 72c79e30f07bcc98610cca878f5de50e7db239a0
to remove the web server as all other callers use tls_tstream.

Found by callcatcher.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
65a24621 by Andrew Bartlett at 2019-05-06T05:46:11Z
torture: Remove unused torture_ldap_connection2()

The last caller was removed by 'r7626: a new ldap client library'
in 2005 with bab977dad76e9204278c7afe0bb905cda064f488.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
7ba65310 by Andrew Bartlett at 2019-05-06T05:46:11Z
torture: Remove unused torture_join_server_dn_str()

The last caller was removed in 2010 by
s4:torture Rework NET-API-BECOMEDC test to use libnet_vampire callbacks.
in ecf782da87b67b8d977aa1bbfce21f1b6ed8288a

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
e608a84f by Andrew Bartlett at 2019-05-06T05:46:11Z
torture: Remove unused dsdb_attribute_ldb_to_drsuapi()

The last caller was removed in s4-drs: GetNCChanges() to return correct (in AD-way) ATTIDs
(6a51afcfdbcbce7813fb59c0655e4178268ca70e) by Kamen Mazdrashki in 2010

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
7671eb2c by Andrew Bartlett at 2019-05-06T05:46:11Z
libnet: Remove unused source4/libnet/libnet_samsync_ldb.c

The last caller was removed in samba-tool: Remove C version of samba-tool
(e2af38415163f248e3dbd5a2abc156761e74b87c) by Amitay Isaacs in 2011

This was a prototype tool to sync a genine NT4 DC (never Samba) into ldb.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
71cc8983 by Andrew Bartlett at 2019-05-06T07:11:51Z
libnet: Remove unused source4/libnet/libnet_sam{dump,sync}:

The last caller was removed in samba-tool: Remove C version of samba-tool
(e2af38415163f248e3dbd5a2abc156761e74b87c) by Amitay Isaacs in 2011

This was a tool to dump a genine NT4 DC (never Samba) into smbpasswd file.

It did work against Windows AD, but DRS replication is much
more comprehensive.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

Autobuild-User(master): Gary Lockyer <gary at samba.org>
Autobuild-Date(master): Mon May  6 07:11:51 UTC 2019 on sn-devel-184

- - - - -
3e5a2749 by Noel Power at 2019-05-06T07:12:18Z
s4/scripting/bin Remove unecessary scripts

Apparently we get official schema from MS these days

Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
63ae5e5f by Gary Lockyer at 2019-05-06T07:12:18Z
s4 heimdal_build: disable leak checks for asn1 compiler

Disable Address Sanitizer leak checking for the heimdal asn1 compiler, this
allows a samba build with Address Sanitizer enabled.

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
e129d4ea by Gary Lockyer at 2019-05-06T07:12:18Z
selftest: Utils.cmd_output returns byte string

Convert the returned byte string into a string.

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
193b4446 by Gary Lockyer at 2019-05-06T08:55:22Z
nsswitch pam_winbind: Fix Asan use after free

Fix use after free condition detected by Address Sanitizer triggered by
wbcLogonUserInfoDestructor, wbcFreeMemory has code to detect and prevent a
double free.  This patch prevents the Address Sanitizer error, allowing
tests to be run with Address Sanitizer enabled.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13927

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Mon May  6 08:55:22 UTC 2019 on sn-devel-184

- - - - -
1b9cd2ac by Andreas Schneider at 2019-05-07T00:11:25Z
waf: Also check for gnutls_privkey_export_x509()

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
4607ed73 by Andreas Schneider at 2019-05-07T00:11:25Z
bootstrap: Fix yum commands

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
05791f40 by Andreas Schneider at 2019-05-07T00:11:25Z
bootstrap: Make sure that the python3 interpreter is installed

We need it for waf ;-)

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
3c47066e by Andreas Schneider at 2019-05-07T00:11:25Z
bootstrap: Move to python 3.6 on CentOS

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
86d48369 by Andreas Schneider at 2019-05-07T00:11:25Z
bootstrap: Install correct python modules on CentOS7

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
1d8c4c64 by Andreas Schneider at 2019-05-07T01:45:37Z
gitlab-ci: Enable building on CentOS7

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue May  7 01:45:37 UTC 2019 on sn-devel-184

- - - - -
d2a4088c by Andreas Schneider at 2019-05-07T03:04:28Z
libcli:smb: Use GnuTLS SHA512 in smbXcli_base

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
b99c04fc by Andreas Schneider at 2019-05-07T03:04:30Z
s3:smbd: Use GnuTLS SHA512 in smb2 server

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
812f5d60 by Andreas Schneider at 2019-05-07T03:04:30Z
s3:smbd: Use GnuTLS SHA512 in smb2 session setup

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
20099588 by Andreas Schneider at 2019-05-07T03:04:30Z
lib:crypto: Remove unused SHA512

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
3d42e257 by Gary Lockyer at 2019-05-07T05:03:26Z
s4 dns_server Bind9: Log opertion durations

Add duration debug logging to the samba bind9 dlz driver and the
dnsserver_common routines.  This should aid future diagnosis of
performance issues, and could be used to monitor DNS performance.

The logs are currently Human readable text only, i.e. no JSON formatted
output.

Log lines are of the form:

<function>: DNS timing: result: [<result>] \
duration: (<duration>) zone: [<zone>] name: [<name>] \
data: [<data>]

e.g.

dns_common_wildcard_lookup: DNS timing: result: [WERR_OK] \
duration: (111) zone: [] \
name: [DC=_ldap._tcp.Default-First-Site-Name._sites.ForestDnsZones,\
DC=chgdcpassword.samba.example.com,CN=MicrosoftDNS,DC=DomainDnsZones,\
DC=chgdcpassword,DC=samba,DC=example,DC=com] data: []

Enabled by setting log level to "dns:10"

durations are in microseconds.

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue May  7 05:03:26 UTC 2019 on sn-devel-184

- - - - -
87032cce by Martin Schwenke at 2019-05-07T05:45:34Z
ctdb-build: Add check for getrusage()

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>

- - - - -
95477e69 by Martin Schwenke at 2019-05-07T05:45:34Z
ctdb-daemon: Log when ctdbd CPU utilisation exceeds a threshold

This is to help us notice when ctdbd is using the full capacity of a
CPU, so is saturated.

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>

- - - - -
f78d9388 by Martin Schwenke at 2019-05-07T05:45:34Z
ctdb-tools: Fix ctdb dumpmemory to avoid printing trailing NUL

Fix ctdb rddumpmemory too.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13923

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>

- - - - -
8108b313 by Martin Schwenke at 2019-05-07T05:45:34Z
ctdb-tests: Extend test to cover ctdb rddumpmemory

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13923

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>

- - - - -
b80967f5 by Martin Schwenke at 2019-05-07T05:45:34Z
ctdb-scripts: Drop script configuration variable CTDB_MONITOR_SWAP_USAGE

CTDB's system memory monitoring in 05.system.script monitors both main
memory and swap.  The swap monitoring was originally based on
the (possibly incorrect, see below) idea that swap space stacks on top
of main memory, so that when a system starts filling swap space then
this is supposed to be a good sign that the system is running out of
memory.  Additionally, performance on a Linux system tends to be
destroyed by the I/O associated with a lot of swapping to spinning
disks.

However, some platforms default to creating only 4GB of swap space
even when there is 128GB of main memory.  With such a small swap to
main memory ratio, memory pressure can force swap to be nearly full
even when a significant amount of main memory is still available and
the system is performing well.  This suggests that checking swap
utilisation might be less than useful in many circumstances.

So, remove the separate swap space checking and change the memory
check to cover the total of main memory and swap space.

Test function set_mem_usage() still takes an argument for each of main
memory and swap space utilisation.  For simplicity, the same number is
now passed twice to make the intended results comprehensible.  This
could be changed later.

A couple of tests are cleaned up to no longer use hard-coded
/proc/meminfo and ps output.

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>

- - - - -
7c3819d1 by Martin Schwenke at 2019-05-07T05:45:34Z
ctdb-tests: Change sanity_check_output() to internally use $out

All callers are currently passed $out.  Global variable $out is used
in many other places so use it here to simplify the interface and make
future changes simpler.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13924

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>

- - - - -
9d02452a by Martin Schwenke at 2019-05-07T05:45:34Z
ctdb-tests: Make try_command_on_node less error-prone

This sometimes fails, apparently due to a cat process in onnode
getting EAGAIN.  The conclusion is that tests that process large
amounts of output should not depend on a sub-shell delivering that
output into a shell variable.

Change try_command_on_node() to leave all of the output in file
$outfile and just put the first 1KB into $out.  $outfile is removed
after each test completes.

Change the implementation of sanity_check_output() to use $outfile
instead of $out.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13924

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>

- - - - -
066cc5b0 by Martin Schwenke at 2019-05-07T05:45:35Z
ctdb-tests: Avoid bulk output in $out, prefer $outfile

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13924

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>

- - - - -
3cb53a7a by Martin Schwenke at 2019-05-07T05:45:35Z
ctdb-tests: Wait to allow database attach/detach to take effect

Sometimes the detach test fails:

  Check detaching single test database detach_test1.tdb
  BAD: database detach_test1.tdb is still attached
  Number of databases:4
  dbid:0x5ae995ee name:detach_test4.tdb path:tests/var/simple/node.0/db/volatile/detach_test4.tdb.0
  dbid:0xd84cc13c name:detach_test3.tdb path:tests/var/simple/node.0/db/volatile/detach_test3.tdb.0
  dbid:0x8e8e8cef name:detach_test2.tdb path:tests/var/simple/node.0/db/volatile/detach_test2.tdb.0
  dbid:0xc62491f4 name:detach_test1.tdb path:tests/var/simple/node.0/db/volatile/detach_test1.tdb.0
  Number of databases:3
  dbid:0x5ae995ee name:detach_test4.tdb path:tests/var/simple/node.1/db/volatile/detach_test4.tdb.1
  dbid:0xd84cc13c name:detach_test3.tdb path:tests/var/simple/node.1/db/volatile/detach_test3.tdb.1
  dbid:0x8e8e8cef name:detach_test2.tdb path:tests/var/simple/node.1/db/volatile/detach_test2.tdb.1
  Number of databases:4
  dbid:0x5ae995ee name:detach_test4.tdb path:tests/var/simple/node.2/db/volatile/detach_test4.tdb.2
  dbid:0xd84cc13c name:detach_test3.tdb path:tests/var/simple/node.2/db/volatile/detach_test3.tdb.2
  dbid:0x8e8e8cef name:detach_test2.tdb path:tests/var/simple/node.2/db/volatile/detach_test2.tdb.2
  dbid:0xc62491f4 name:detach_test1.tdb path:tests/var/simple/node.2/db/volatile/detach_test1.tdb.2
  *** TEST COMPLETED (RC=1) AT 2019-04-27 03:35:40, CLEANING UP...

When issued from a client, the detach control re-broadcasts itself
asynchronously to all nodes and then returns success.  The controls to
some nodes to do the actual detach may still be in flight when success
is returned to the client.  Therefore, the test should wait for a few
seconds to allow the asynchronous controls to complete.

The same is true for the attach control, so workaround the problem in
the attach test too.

An alternative is to make the attach and detach controls synchronous
by avoiding the broadcast and waiting for the results of the
individual controls sent to the nodes.  However, a simple
implementation would involve adding new nested event loops.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13924

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>

- - - - -
a2ab6485 by Martin Schwenke at 2019-05-07T05:45:35Z
ctdb-tests: Fix usage message

Since commit 0e9ead8f28fced3ebfa888786a1dc5bb59e734a3 daemons have
been shut down after each test, so this option no longer has anything
to do with killing daemons.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13924

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>

- - - - -
5a9e3383 by Martin Schwenke at 2019-05-07T06:56:01Z
ctdb-tests: Don't clean up test var directory in autotest target

If the directory is always cleaned up then it is not possible to look
at daemon logs to debug test failures.

This target is only really used by autobuild.py, which (optionally)
cleans up the parent directory anyway.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13924

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Tue May  7 06:56:01 UTC 2019 on sn-devel-184

- - - - -
bc1b0ade by Karolin Seeger at 2019-05-07T10:22:10Z
VERSION: Bump version up to 4.9.8...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger <kseeger at samba.org>
(cherry picked from commit 86de3470b4c342857d1c8408929ef4637fdf1937)

- - - - -
52200468 by Isaac Boukris at 2019-05-07T10:22:28Z
CVE-2018-16860 selftest: Add test for S4U2Self with unkeyed checksum

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13685

Signed-off-by: Isaac Boukris <iboukris at gmail.com>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
de3fa5d6 by Isaac Boukris at 2019-05-07T10:22:28Z
CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13685

Signed-off-by: Isaac Boukris <iboukris at gmail.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
ff8e3fba by Karolin Seeger at 2019-05-07T10:24:55Z
WHATSNEW: Add release notes for Samba 4.9.8.

CVE-2018-16860 (Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum)

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
9dfd4419 by Karolin Seeger at 2019-05-07T10:27:29Z
VERSION: Disable GIT_SNAPSHOT for the 4.9.8 release.

CVE-2018-16860 (Samba AD DC S4U2Self/S4U2Proxy unkeyed checksum)

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
d16e9dfc by Andreas Schneider at 2019-05-07T17:31:23Z
ctdb: Fix format in db_hash_test

error: ‘%04d’ directive writing between 4 and 11 bytes into a region of
size 5 [-Werror=format-overflow=]
   sprintf(key, "key%04d", i);

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

- - - - -
e6f84048 by Andreas Schneider at 2019-05-07T17:31:23Z
wafsamba: Enable warnings about format overflows

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

- - - - -
bead4fdb by Andreas Schneider at 2019-05-07T18:45:04Z
wafsamba: Enable warnings about zero-length formats

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Tue May  7 18:45:06 UTC 2019 on sn-devel-184

- - - - -
a4973270 by Garming Sam at 2019-05-07T23:22:22Z
CID 1363287: Resource leak using str_list_append

Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
93061fb8 by Garming Sam at 2019-05-08T00:36:14Z
CID 1363286: Resource leak by failing to free tmp_ctx

There are a few oddities in this function, including a duplicated NULL
check, a talloc_free of a context which is passed in and a number of
missing frees before a return.

Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

Autobuild-User(master): Gary Lockyer <gary at samba.org>
Autobuild-Date(master): Wed May  8 00:36:14 UTC 2019 on sn-devel-184

- - - - -
bd29f3fc by Andreas Schneider at 2019-05-08T16:33:24Z
s4:auth: Fix debug statement in gensec_gssapi

The 'role' is set to null, we should first set it to the correct value
before printing anything.

Found by GCC 9.

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
790d7e34 by Andreas Schneider at 2019-05-08T16:33:24Z
s3:rpc_server: Do not free the tdbname before we printed it

Found by GCC 9.

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
6da032df by Andreas Schneider at 2019-05-08T16:33:24Z
s4:ntvfs: Do not free eadb before we printed an error

Found by GCC 9.

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
be72dfbc by Andreas Schneider at 2019-05-08T16:33:24Z
s4:torture: Do not print NULL strings we just checked before

Found by GCC 9.

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
a8f773e3 by Andreas Schneider at 2019-05-08T16:33:24Z
lib:torture: Fix string comparison macros where we directly pass NULL

See e.g. lib/util/tests/strlist.c +177

Found by GCC 9.

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
46f036d3 by Andreas Schneider at 2019-05-08T16:33:24Z
s4:torture: Do not free full_name before we printed it

Found by GCC 9.

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
830cb7e6 by Andreas Schneider at 2019-05-08T16:33:24Z
ctdb:common: Do not print NULL if we don't get a sockpath

sock_socket_start_recv() might not fill sockpath if we return early.

Found by GCC 9.

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
e333425e by Andreas Schneider at 2019-05-08T16:33:24Z
s3:winbindd: Do not free db_path in idmap_tdb2 before we printed it

Found by GCC 9.

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
3653dc70 by Andreas Schneider at 2019-05-08T16:33:24Z
s3:utils: If share is NULL in smbcquotas, don't print it

Found by GCC 9.

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
2b957bde by Andreas Schneider at 2019-05-08T16:33:24Z
s3:utils: If share is NULL in smbcacls, don't print it

Found by GCC 9.

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
30abea88 by Volker Lendecke at 2019-05-08T16:33:25Z
dbwrap: Fix tdb_data_buf()

IIRC there are platforms that don't like memcpy() with len=0.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
08a31c90 by Volker Lendecke at 2019-05-08T16:33:25Z
dbwrap: Adapt tdb_data_buf's overflow handling to modern conventions

This is the way we do it right now, avoid confusion why "tmp" might be
needed

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
8992cf4a by Volker Lendecke at 2019-05-08T16:33:25Z
g_lock: Apply some const

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
b93ae77a by Volker Lendecke at 2019-05-08T17:47:39Z
g_lock: Fix a typo

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed May  8 17:47:39 UTC 2019 on sn-devel-184

- - - - -
9a309f24 by Isaac Boukris at 2019-05-08T19:52:09Z
CVE-2018-16860 selftest: Add test for S4U2Self with unkeyed checksum

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13685

Signed-off-by: Isaac Boukris <iboukris at gmail.com>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
8e695f93 by Isaac Boukris at 2019-05-08T19:52:09Z
CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13685

Signed-off-by: Isaac Boukris <iboukris at gmail.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
0e2bf254 by Mathieu Parent at 2019-05-08T19:52:59Z
Add patches for CVE-2018-16860 S4U2Self with unkeyed checksum

- - - - -
964bd6a6 by Mathieu Parent at 2019-05-08T19:55:59Z
Release 2:4.9.5+dfsg-4

- - - - -
ae9fb933 by Gary Lockyer at 2019-05-08T20:03:42Z
s4 lib socket: Ensure address string owned by parent struct

The local address string was not owned by it's parent structure, which
caused a use after free error in
continue_ip_open_socket source4/librpc/rpc/dcerpc_sock.c:267

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13929

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed May  8 20:03:42 UTC 2019 on sn-devel-184

- - - - -
04c0e521 by David Disseldorp at 2019-05-09T04:24:56Z
ctdb/build: fix ctdb_mutex_ceph_rados_helper builds

2b5dbb352553699afce62dca4964eb0bd64477f8 fixed builds with an explicit
--with-libcephfs but broke builds against system Ceph libraries. This
change handles both cases.

Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>

Autobuild-User(master): Martin Schwenke <martins at samba.org>
Autobuild-Date(master): Thu May  9 04:24:56 UTC 2019 on sn-devel-184

- - - - -
fd4b1f4f by Andreas Schneider at 2019-05-09T16:46:05Z
s3:smbspool: Fix regression printing with Kerberos credentials

This is a regression which has been introduced with Samba 4.8.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13939

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Guenther Deschner <gd at samba.org>

Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu May  9 16:46:05 UTC 2019 on sn-devel-184

- - - - -
219bc189 by Ralph Boehme at 2019-05-09T20:43:53Z
s3:smbd: don't use recvfile on streams

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13938

Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): Ralph Böhme <slow at samba.org>
Autobuild-Date(master): Thu May  9 20:43:53 UTC 2019 on sn-devel-184

- - - - -
ff2b0e24 by Douglas Bagnall at 2019-05-09T22:39:26Z
talloc torture: avoid NULL dereference

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
a9e6300a by Douglas Bagnall at 2019-05-09T22:39:27Z
rpc/dnsdata: do not crash if message attr missing (CID: 1414773)

This should be hard to trigger, but goto fail is always nicer than sig 11.

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
74cd11df by Douglas Bagnall at 2019-05-09T22:39:27Z
rpc/dnsdata: avoid crash on missing attr (CID: 1414757)

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
5389df9b by Douglas Bagnall at 2019-05-09T22:39:27Z
rpc/dns: leak less on memory failure (CID 1363191)

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
51e4a1e4 by Douglas Bagnall at 2019-05-09T22:39:27Z
rpc/dns: reduce the CID count on temporary variables

CID 1363189 and others.

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
01e2bdaf by Douglas Bagnall at 2019-05-09T22:39:27Z
s4/rpc/dns: check for IP address errors at startup

The silent failure might leave an indeterminate or zero address.

CID: 1272838

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
95d7e939 by Douglas Bagnall at 2019-05-09T22:39:27Z
s4/rpc/drsuapi/writespn: check the actual error code (CID 1034691)

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
353d50a8 by Douglas Bagnall at 2019-05-09T22:39:27Z
s4/rpc/dcerpc_roh_channel_out: check ndr_init (CID 1273065)

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
b289cc19 by Douglas Bagnall at 2019-05-09T22:39:27Z
s4/rpc/dcerpc_roh_channel_out: check ndr_init (CID 1273062)

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
9fd3939a by Douglas Bagnall at 2019-05-09T22:39:27Z
tdbtool: avoid theoretical NULL dereference (CID 1361462)

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
6c01ff46 by Douglas Bagnall at 2019-05-09T22:39:27Z
lib/texpect: avoid theoretical NULL dereference (CID 1273099)

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
05863957 by Douglas Bagnall at 2019-05-09T22:39:27Z
s4/auth/sam: silence CID 1435849

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
8ad8f9ba by Douglas Bagnall at 2019-05-09T22:39:27Z
dsdb/modules/acl: avoid deref of missing data (CID 1107200)

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
2852dce5 by Douglas Bagnall at 2019-05-09T22:39:27Z
dsdb/modules/dirsync: avoid possible NULL dereference (CID 1034800)

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
9a6c0a66 by Douglas Bagnall at 2019-05-09T22:39:27Z
dsdb/modules/dirsync: remove useless function call

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
23f72c4d by Douglas Bagnall at 2019-05-09T22:39:27Z
dsdb/modules/dirsync: ensure attrs exist (CID 1107212)

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
b18f0dce by Douglas Bagnall at 2019-05-09T22:39:27Z
dsdb/modules/linked_attrs: remove pointless check (CID 240768)

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
2bd79a0c by Douglas Bagnall at 2019-05-09T22:39:27Z
auth/creds/guess: avoid segfault with NULL lp (CID 241187)

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
4954a96e by Douglas Bagnall at 2019-05-09T22:39:27Z
auth/creds/torture: add a test showing segfault

This file isn't actually run...

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
06068603 by Douglas Bagnall at 2019-05-09T22:39:27Z
pyrpc: ndr PY_CHECK_TYPE checks for NULL as well as type

Addresses CID 1361477 and others.

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
eb873af9 by Douglas Bagnall at 2019-05-09T22:39:27Z
pyrpc: remove crutch for python <= 2.5

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
aa18f62a by Douglas Bagnall at 2019-05-09T22:39:27Z
ldb: avoid NULL deref in ldb_dn_from_ldb_val (CID 1034730)

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
5dc86038 by Douglas Bagnall at 2019-05-09T22:39:27Z
ldb_ldif: avoid NULL dereference with unexpected arguments (CID 1107195)

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
3de7f430 by Douglas Bagnall at 2019-05-09T22:39:27Z
ldb_map: check a return value (CID 241354)

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
bfcfae72 by Douglas Bagnall at 2019-05-09T22:39:27Z
ldb_mdb: check fcntl return values (CID 1435851)

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
47f2264c by Douglas Bagnall at 2019-05-09T22:39:27Z
ldb modules: paged_search checks control is not NULL (CID 241355)

It is unlikely to be NULL, since we're in the callback.

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
c737b61c by Douglas Bagnall at 2019-05-09T22:39:27Z
librpc/ndr: make push_charset_to_null UTF-16 safe (CID 1399648)

The length is in test units, not bytes, and includes terminating
nulls. For 16-bit character sets, the terminating null must be two
bytes.

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
e79c839a by Douglas Bagnall at 2019-05-09T22:39:27Z
s4/dnsserver: handle broken zone values in sort (CID 1414763, 1414769)

We sort NULL values to the end of the list. What happens to the after
that is another question.

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
cb9fe036 by Douglas Bagnall at 2019-05-09T22:39:27Z
s4/dnsserver: delay return when trying to log (CID 1444976)

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
215eef5b by Douglas Bagnall at 2019-05-09T22:39:27Z
s4/dsdb/util_samr: check some return codes (CID 1444977)

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
79111dd0 by Douglas Bagnall at 2019-05-09T23:54:35Z
dsdb/mod/count_attrs: set ldb var before using it (CID 1444979)

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

Autobuild-User(master): Douglas Bagnall <dbagnall at samba.org>
Autobuild-Date(master): Thu May  9 23:54:35 UTC 2019 on sn-devel-184

- - - - -
667db8e8 by Jeremy Allison at 2019-05-10T01:14:02Z
s3: SMB1: Don't allow recvfile on stream fsp's.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13938

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri May 10 01:14:02 UTC 2019 on sn-devel-184

- - - - -
2f0c49e6 by Andreas Schneider at 2019-05-10T01:15:16Z
gitlab-ci: Install libtasn1-tools on Fedora based distributions

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
858e9eee by Michael Hanselmann at 2019-05-10T01:15:16Z
read_smb_length: Use correct function name in debug message

Signed-off-by: Michael Hanselmann <public at hansmi.ch>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
a82f9241 by Douglas Bagnall at 2019-05-10T01:15:16Z
s4/ldap_bind: notice backend init failure

This should silence CID 1418508 and CID 1418512

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
597709aa by Douglas Bagnall at 2019-05-10T01:15:17Z
s4/messaging: do not deref NULL state (CID 1437973)

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
79629b42 by Douglas Bagnall at 2019-05-10T01:15:17Z
s4/policy/gp_filesys: avoid SIZE_MAX smbcli write (CID 1034779)

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
c2e882b2 by Douglas Bagnall at 2019-05-10T01:15:17Z
ldb.h: improve comment for LDB_ATTR_FLAG_INDEXED

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
985a4b78 by Douglas Bagnall at 2019-05-10T01:15:17Z
ldb.h: spelling of 'means'

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
49048b24 by Douglas Bagnall at 2019-05-10T01:15:17Z
dsdb/util: spell "equivalence"!

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
18966b6e by Douglas Bagnall at 2019-05-10T01:15:17Z
kdb_kv_search: spell 'linearized'

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
8f081b7f by Douglas Bagnall at 2019-05-10T01:15:17Z
ldb: use ldb_msg_new(), not talloc/talloc_zero

ldb_msg_new() is currently the same as talloc_zero(), but it might
not always be.

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
4624957d by Douglas Bagnall at 2019-05-10T01:15:17Z
s4: use ldb_msg_new(), not talloc/talloc_zero

ldb_msg_new() is currently the same as talloc_zero(), but it might
not always be.

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
1e61b171 by Douglas Bagnall at 2019-05-10T01:15:17Z
dsdb/mod/extended_dn_out: zero whole fake_msg struct

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
14db3072 by Douglas Bagnall at 2019-05-10T01:15:17Z
dsdb mods/extended_dn_out: remove element using ldb_msg api

The bare memmove is not strictly safe at the end of the list.

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
4e47d5df by Douglas Bagnall at 2019-05-10T01:15:18Z
dsdb/replmd: use ldb_msg_remove_element()

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
2a144ea7 by Douglas Bagnall at 2019-05-10T01:15:18Z
ldb_ldap: trust db_msg_new() to return empty message

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
ce2bf5c7 by Douglas Bagnall at 2019-05-10T01:15:18Z
ldb_ldap: use ldb_msg API to add elements

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
85b6674a by Douglas Bagnall at 2019-05-10T01:15:18Z
ldb/tools/ldbtest: initialise msg object

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
652a4015 by Douglas Bagnall at 2019-05-10T01:15:18Z
ldb_kv: use ldb_msg_remove_element()

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
06a02cb8 by Douglas Bagnall at 2019-05-10T01:15:18Z
ldb_msg: remove_element() checks element array bounds

Previously we half-heartedly checked one end.

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
9c254572 by Douglas Bagnall at 2019-05-10T01:15:18Z
dsdb/mod/extended_dn_out: use faster removal filters

When filtering out multiple elements, we end up memmove()ing the same
elements many times over. It is simpler to not do that by keeping track
of how many elements we are keeping.

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
93d63071 by Douglas Bagnall at 2019-05-10T01:15:18Z
dsdb mod/linked_attributes: fix_link_slow(): clarify a comment.

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
3d0f9491 by Douglas Bagnall at 2019-05-10T01:15:18Z
s4/lib/policy/gp_ldap: use ldb API to find messages

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
658128e2 by Noel Power at 2019-05-10T01:15:18Z
s3/registry: Fix func cast error (diff in params size_t vs uint32)

reg_parse_callback_key_t alread has size_t for number of elemens in key
but
reg_parse_callback_val_t uses uint32_t for length of value data.

Many internal function seem to take size_t as data len (see reg_format_value
etc.) It seems changing the signature of the callback aligns it more closely
with the existing api.

../../source3/registry/reg_format.c:438:10: error: cast between incompatible function types from ‘int (*)(reg_format *, const char *, uint32_t,  const uint8_t *, size_t)’ {aka ‘int (*)(struct reg_format *, const char *, unsigned int,  const unsigned char *, long unsigned int)’} to ‘int (*)(void *, const char *, uint32_t,  const uint8_t *, uint32_t)’ {aka ‘int (*)(void *, const char *, unsigned int,  const unsigned char *, unsigned int)’} [-Werror=cast-function-type]
   .val = (reg_parse_callback_val_t)&reg_format_value,

Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
61dd7d6f by Noel Power at 2019-05-10T01:15:18Z
s3/registry: Fix incompatible func casts

[3425/3524] Compiling source3/registry/reg_parse.c
../../source3/registry/reg_parse.c: In function ‘reg_parse_new’:
../../source3/registry/reg_parse.c:223:12: error: cast between incompatible function types from ‘int (*)(void *)’ to ‘int (*)(void *, const char **, size_t,  _Bool)’ {aka ‘int (*)(void *, const char **, long unsigned int,  _Bool)’} [-Werror=cast-function-type]
   cb.key = (reg_parse_callback_key_t)&nop;
            ^
../../source3/registry/reg_parse.c:226:12: error: cast between incompatible function types from ‘int (*)(void *)’ to ‘int (*)(void *, const char *, uint32_t,  const uint8_t *, uint32_t)’ {aka ‘int (*)(void *, const char *, unsigned int,  const unsigned char *, unsigned int)’} [-Werror=cast-function-type]
   cb.val = (reg_parse_callback_val_t)&nop;
            ^
../../source3/registry/reg_parse.c:229:16: error: cast between incompatible function types from ‘int (*)(void *)’ to ‘int (*)(void *, const char *)’ [-Werror=cast-function-type]
   cb.val_del = (reg_parse_callback_val_del_t)&nop;
                ^
../../source3/registry/reg_parse.c:232:16: error: cast between incompatible function types from ‘int (*)(void *)’ to ‘int (*)(void *, const char *)’ [-Werror=cast-function-type]
   cb.comment = (reg_parse_callback_comment_t)&nop;

Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
09c4611b by Noel Power at 2019-05-10T01:15:19Z
s3/registry: fix various 'cast between incompatible function' warnings

[3395/3524] Compiling source3/registry/reg_import.c
../../source3/registry/reg_import.c: In function ‘reg_import_adapter’:
../../source3/registry/reg_import.c:237:16: error: cast between incompatible function types from ‘int (*)(void *)’ to ‘WERROR (*)(void *, void *, const char *, void **)’ {aka ‘struct <anonymous> (*)(void *, void *, const char *, void **)’} [-Werror=cast-function-type]
   cb.openkey = (reg_import_callback_openkey_t)&nop;
                ^
../../source3/registry/reg_import.c:240:17: error: cast between incompatible function types from ‘int (*)(void *)’ to ‘WERROR (*)(void *, void *)’ {aka ‘struct <anonymous> (*)(void *, void *)’} [-Werror=cast-function-type]
   cb.closekey = (reg_import_callback_closekey_t)&nop;
                 ^
../../source3/registry/reg_import.c:243:18: error: cast between incompatible function types from ‘int (*)(void *)’ to ‘WERROR (*)(void *, void *, const char *, void **, _Bool *)’ {aka ‘struct <anonymous> (*)(void *, void *, const char *, void **, _Bool *)’} [-Werror=cast-function-type]
   cb.createkey = (reg_import_callback_createkey_t)&nop;
                  ^
../../source3/registry/reg_import.c:246:18: error: cast between incompatible function types from ‘int (*)(void *)’ to ‘WERROR (*)(void *, void *, const char *)’ {aka ‘struct <anonymous> (*)(void *, void *, const char *)’} [-Werror=cast-function-type]
   cb.deletekey = (reg_import_callback_deletekey_t)&nop;
                  ^
../../source3/registry/reg_import.c:249:18: error: cast between incompatible function types from ‘int (*)(void *)’ to ‘WERROR (*)(void *, void *, const char *)’ {aka ‘struct <anonymous> (*)(void *, void *, const char *)’} [-Werror=cast-function-type]
   cb.deleteval = (reg_import_callback_deleteval_t)&nop;

Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
5733f678 by Noel Power at 2019-05-10T02:26:02Z
s3/rpcclient: Fix bad (and illegal) func cast

../../source3/rpcclient/cmd_samr.c: In function ‘cmd_samr_get_usrdom_pwinfo’:
../../librpc/ndr/libndr.h:219:76: error: cast between incompatible function types from ‘void (*)(struct ndr_print *, const char *, uint32_t)’ {aka ‘void (*)(struct ndr_print *, const char *, unsigned int)’} to ‘void (*)(struct ndr_print *, const char *, const void *)’ [-Werror=cast-function-type]
 #define NDR_PRINT_STRUCT_STRING(ctx, type, p) ndr_print_struct_string(ctx, (ndr_print_fn_t)ndr_print_ ##type, #p, p)
                                                                            ^
../../source3/rpcclient/cmd_samr.c:2646:4: note: in expansion of macro ‘NDR_PRINT_STRUCT_STRING’
    NDR_PRINT_STRUCT_STRING(mem_ctx,

Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri May 10 02:26:02 UTC 2019 on sn-devel-184

- - - - -
165025a5 by Joe Guo at 2019-05-10T08:19:16Z
samba_dnsupdate: flush dns update cache file after write

While running samba python tests with `coverage.py`, `make test` failed
to start ad_dc env since dns_update_cache stays empty.
Flush the file after write fix the issue.

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
d65b7641 by Gary Lockyer at 2019-05-10T08:19:16Z
s4 librpc rpc pyrpc: Ensure tevent_context deleted last

Ensure that the tevent_context is deleted after the connection, to
prevent a use after free.

Note: Py_DECREF calls dcerpc_interface_dealloc so the
TALLOC_FREE(ret->mem_ctx) calls in the error paths of
py_dcerpc_interface_init_helper needed removal.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13932

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
b7804852 by Joe Guo at 2019-05-10T08:19:16Z
selftest/target/Samba4.pm: increase max_wait from 60s to 120s to avoid timeout failure in samba-ad-dc-backup

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
21475e95 by Joe Guo at 2019-05-10T08:19:16Z
wscript: mv --enable-coverage option to global

We want to enable gcov for all tasks, move it to global wscript.

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
af0e0c54 by Joe Guo at 2019-05-10T08:19:16Z
script/autobuild.py: rename sdir to test_source_dir

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
9ea81c0e by Joe Guo at 2019-05-10T08:19:16Z
script/autobuild.py: mv find_git_root and gitroot to top

so the reset of the code can use gitroot directly.

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
332f19c7 by Joe Guo at 2019-05-10T08:19:17Z
script/autobuild.py: mv optionparse to top

so the rest of the code can use the option values directly.

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
87ea55e4 by Joe Guo at 2019-05-10T08:19:17Z
script/autobuild.py: add --enable-coverage option

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
0cdd8bd6 by Joe Guo at 2019-05-10T08:19:17Z
script/autobuild.py: replace more placeholders in cmds for coverage

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
c5ae200b by Joe Guo at 2019-05-10T08:19:17Z
script/autobuild.py: add ENABLE_COVERAGE placeholder in configure cmd option

The value will be "--enable-coverage" or "".

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
1b48d8a9 by Joe Guo at 2019-05-10T08:19:17Z
script/autobuild.py: define LCOV_CMD and run it after each make test

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
5b2a1a39 by Joe Guo at 2019-05-10T08:19:17Z
.gitlab-ci.yml: add var SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE

keep this var empty by default, since gcov will slow down the build process.
set to `--enable-coverage` to enable coverage on demand.

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
be005e53 by Joe Guo at 2019-05-10T08:19:17Z
.gitlab-ci.yml: add pages job to generate coverage report and publish to gitlab pages

- add new stage "report"
- add pages job in "report" stage to collect .info files, generate html report and publish to gitlab pages.
- only trigger when SAMBA_CI_AUTOBUILD_ENABLE_COVERAGE == '--enable-coverage'

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
71595201 by Joe Guo at 2019-05-10T08:19:17Z
script/.gitlab-ci.yml: do not run o3 jobs if coverage enabled

Signed-off-by: Joe Guo <joeg at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
a5d1df4a by Gary Lockyer at 2019-05-10T10:02:20Z
s3 rpc_client: Fix Asan stack use after scope

Fixes Asan error:

==1924==ERROR: AddressSanitizer: stack-use-after-scope on address
    0x7ffe63f873d0 at pc 0x7fb99dae1733 bp 0x7ffe63f86a00 sp 0x7ffe63f861a8
READ of size 24 at 0x7ffe63f873d0 thread T0
    #0 0x7fb99dae1732  (/usr/lib/x86_64-linux-gnu/libasan.so.4+0x79732)
    #1 0x7fb99cfe5549 in memcpy
        /usr/include/x86_64-linux-gnu/bits/string_fortified.h:34
    #2 0x7fb99cfe5549 in ndr_push_bytes
        ../../librpc/ndr/ndr_basic.c:729
    #3 0x7fb99cfe5646 in ndr_push_array_uint8
        ../../librpc/ndr/ndr_basic.c:754
    #4 0x7fb99a69dd1b in ndr_push_netr_ChallengeResponse
        librpc/gen_ndr/ndr_netlogon.c:462
    #5 0x7fb99a6c5fab in ndr_push_netr_NetworkInfo
        librpc/gen_ndr/ndr_netlogon.c:556
    #6 0x7fb99a6c749d in ndr_push_netr_LogonLevel
         librpc/gen_ndr/ndr_netlogon.c:783
    #7 0x7fb99a7222de in ndr_push_netr_LogonSamLogonEx
         librpc/gen_ndr/ndr_netlogon.c:16547
    #8 0x7fb99c982c97 in dcerpc_binding_handle_call_send
         ../../librpc/rpc/binding_handle.c:416

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13936

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri May 10 10:02:21 UTC 2019 on sn-devel-184

- - - - -
21dc6f8e by David Disseldorp at 2019-05-10T12:59:05Z
vfs_ceph: fix cephwrap_flistxattr() debug message

The @list buffer may be uninitialised prior to ceph_flistxattr()
invocation, so only log the address.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13940

Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

Autobuild-User(master): David Disseldorp <ddiss at samba.org>
Autobuild-Date(master): Fri May 10 12:59:05 UTC 2019 on sn-devel-184

- - - - -
8663e0a6 by Martin Schwenke at 2019-05-13T07:27:24Z
ctdb-daemon: Never use 0 as a client ID

ctdb_control_db_attach() and ctdb_control_db_detach() assume that any
control with client ID 0 comes from another daemon and treat it
specially.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13930

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>

- - - - -
a0a82f1b by Amitay Isaacs at 2019-05-13T07:27:24Z
ctdb-tests: Add reqid wrapping test

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13930

Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>

- - - - -
a60e7715 by Martin Schwenke at 2019-05-13T07:27:24Z
ctdb-tests: Add dump-logs command for local daemons

Dump a single merged log to stdout.

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>

- - - - -
97ad353a by Martin Schwenke at 2019-05-13T07:27:24Z
ctdb-tests: Actually restart if cluster doesn't become healthy

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13924

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>

- - - - -
c75fbeaa by Martin Schwenke at 2019-05-13T08:42:44Z
ctdb-tests: Remove old socket wrapper state directory during setup

Otherwise, when looping tests for a long time, nodes are unable to
connect to each other.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13924

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>

Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Mon May 13 08:42:44 UTC 2019 on sn-devel-184

- - - - -
b0cc6d21 by Gary Lockyer at 2019-05-14T06:07:25Z
s4 dsdb: fix use after free in samldb_rename_search_base_callback

Fix use after free detected by AddressSanitizer

AddressSanitizer: heap-use-after-free on address 0x60f0002b2738
                  at pc 0x7f89b1a213b5 bp 0x7ffce9528810 sp 0x7ffce9528800
                  READ of size 8 at 0x60f0002b2738 thread T0
    #0 0x7f89b1a213b4 in samldb_rename_search_base_callback
        ../../source4/dsdb/samdb/ldb_modules/samldb.c:4203
    #1 0x7f89d3a0db4a in ldb_module_send_entry
        ../../lib/ldb/common/ldb_modules.c:793
    #2 0x7f89b6f27356 in es_callback
        ../../source4/dsdb/samdb/ldb_modules/encrypted_secrets.c:1418

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13942

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
d1c15c26 by Karolin Seeger at 2019-05-14T06:22:26Z
Merge tag 'samba-4.9.8' into v4-9-test

samba: tag release samba-4.9.8

- - - - -
a9f7f1f7 by Karolin Seeger at 2019-05-14T06:23:03Z
VERSION: Bump version up to 4.9.9.

Signed-off-by: Karolin Seeger <kseeger at samba.org>

- - - - -
b1a32dd7 by Gary Lockyer at 2019-05-14T07:20:28Z
selftest: enable undefined behaviour sanitizer

Add a --undefined-sanitizer option to configure, this causes the tests
to be run with the undefined behaviout sanitizer enabled.

Errors can be suppressed by adding entries to selftest/ubsan.supp

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Tue May 14 07:20:28 UTC 2019 on sn-devel-184

- - - - -
cf00db40 by Martin Schwenke at 2019-05-14T07:25:37Z
ctdb-tests: Capture output in $out on failure as well

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13924

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>

- - - - -
8be4ee1a by Martin Schwenke at 2019-05-14T07:25:37Z
ctdb-tests: Make ctdb reloadips tests more reliable

ctdb reloadips will fail if it can't disable takover runs.  The most
likely reason for this is that there is already a takeover run in
progress.  We can't predict when this will happen, so retry if this
occurs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13924

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>

- - - - -
dc89db8c by Martin Schwenke at 2019-05-14T07:25:37Z
ctdb-tests: Fix logic error in simple ctdb reloadips test

There is a chance that restoring IP addresses to the test node will
result in different IP addresses being assigned to that node.
Removing a single IP address may then fail (or be a no-op) if it is
done after the restore.

So, swap the single IP address removal to happen first, then restore,
then remove all IP addresses.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13924

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>

- - - - -
6a2941e2 by Martin Schwenke at 2019-05-14T07:25:37Z
ctdb-recoverd: Fix memory leak

state is always freed before exiting this function, so allocate fde
off it instead of long-lived ctdb context.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13943

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>

- - - - -
30bc6e25 by Martin Schwenke at 2019-05-14T07:25:37Z
ctdb-common: Fix memory leak

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13943

Signed-off-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Amitay Isaacs <amitay at gmail.com>

- - - - -
b1f4c86e by Amitay Isaacs at 2019-05-14T08:59:03Z
ctdb-common: Fix memory leak in run_proc

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13943

Signed-off-by: Amitay Isaacs <amitay at gmail.com>
Reviewed-by: Martin Schwenke <martin at meltin.net>

Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
Autobuild-Date(master): Tue May 14 08:59:03 UTC 2019 on sn-devel-184

- - - - -
5639e973 by Isaac Boukris at 2019-05-14T10:23:33Z
CVE-2018-16860 selftest: Add test for S4U2Self with unkeyed checksum

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13685

Signed-off-by: Isaac Boukris <iboukris at gmail.com>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
43958af1 by Isaac Boukris at 2019-05-14T11:45:13Z
CVE-2018-16860 Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13685

Signed-off-by: Isaac Boukris <iboukris at gmail.com>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(master): Tue May 14 11:45:13 UTC 2019 on sn-devel-184

- - - - -
76d7d05b by David Disseldorp at 2019-05-14T22:17:32Z
vfs_ceph: drop fdopendir handler

libcephfs doesn't currently offer an fdopendir equivalent, so the
existing implementation peeks at fsp->fsp_name->base_name, which can
break if vfs_ceph is used under a separate path-munging VFS module.

Return ENOSYS instead and rely on existing OpenDir_fsp() fallback.

Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
76f3b194 by David Disseldorp at 2019-05-14T22:17:32Z
vfs: add ceph_snapshots module

vfs_ceph_snapshots is a module for accessing CephFS snapshots as
Previous Versions. The module is separate from vfs_ceph, so that it can
also be used atop a CephFS kernel backed share with vfs_default.

Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
9345d11c by David Disseldorp at 2019-05-14T23:31:26Z
docs: add vfs_ceph_snapshots manpage

Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>

Autobuild-User(master): David Disseldorp <ddiss at samba.org>
Autobuild-Date(master): Tue May 14 23:31:27 UTC 2019 on sn-devel-184

- - - - -
28518c57 by Andreas Schneider at 2019-05-15T00:45:58Z
s3:libsmb: Add missing OOM check in fill_quota_buffer()

Found by covscan (csbuild).

Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Noel Power <nopower at suse.com>

Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed May 15 00:45:58 UTC 2019 on sn-devel-184

- - - - -
94989e4e by Andrew Bartlett at 2019-05-15T04:03:36Z
ldb_kv: Remove incorrect reference to LDB_UNPACK_DATA_FLAG_NO_DN

The DN is now exploded so as to improve other aspects of the search handling.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
73bf2949 by Andrew Bartlett at 2019-05-15T04:03:36Z
ldb_kv: Use ldb_msg_add_steal_value() in msg_add_distinguished_name()

This more modern routine allocates a nice talloc tree.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
ea7fd52a by Aaron Haslett at 2019-05-15T04:03:36Z
ldb: removing alloc from unpack_data

Making unpack flag LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC required
behaviour, since allocating data during unpack is slow and unnecessary
in all current usages. In any future unpack usage, if editing of
returned memory is required, some function that duplicates the message
should be used, such as one of the filter_attrs functions, or msg_copy.

Signed-off-by: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
a36e20c4 by Aaron Haslett at 2019-05-15T04:03:36Z
ldb: perf test for pack format

Performance test for pack function and unpack function run with flag
LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC. Run this test before and after
forthcoming pack format changes to test throughput improvement. On my
machine, the unpack improvement is around 50%.
The test doesn't really belong in LDB torture but it's the only place
where all the required functions are available.

Signed-off-by: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
9f9bbb5a by Aaron Haslett at 2019-05-15T04:03:36Z
ldb: removing msg and dn copying from filter attrs

Optimising filter_attrs by removing msg and dn allocation/copying. The
caller can construct the msg and possibly steal the dn.
Also giving the function an ldb for future use.

NOTE: Configure with --abi-check-disable to build this commit. This
patch is part of a set of LDB ABI changes, and the version update is
done on the last commit.

Signed-off-by: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
9310d908 by Andrew Bartlett at 2019-05-15T04:03:37Z
ldb: move ldb_kv's filter into pack code

This patch moves ldb_kv's filter code into the pack code to replace
'only attr list' functionality which will be removed in forthcoming
commit. Unpacking data then filtering the result is not any slower
than the removed 'only attr list' approach.
'only attr list' test repurposed to test unpack -> filter flow.

NOTE: Configure with --abi-check-disable to build this commit. This
patch is part of a set of LDB ABI changes, and the version update is
done on the last commit.

Signed-off-by: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
15f0c496 by Aaron Haslett at 2019-05-15T04:03:37Z
ldb: remove unpack only attr list functionality

Unpack functions currently take an attribute list to restrict the set of
attributes to be returned in the constructed message. This
functionality is never used and complicates implementation of
forthcoming new pack format. This patch removes that functionality.
Using the unpack function then filtering the result turns
out not to be any slower.

NOTE: Configure with --abi-check-disable to build this commit. This
patch is part of a set of LDB ABI changes, and the version update is
done on the last commit.

Signed-off-by: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
85b6f71c by Andrew Bartlett at 2019-05-15T04:03:37Z
ldb: Release ldb 2.0.1

* Rework pack routines to remove unused features:
  - ldb_unpack_data_only_attr_list_flags() is removed
  - LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC is now always implied

  This improves the unpack performace significantly.

* Improve search performance via new internal flag
  LDB_UNPACK_DATA_FLAG_READ_LOCKED which removes a memdup

* Improve search performance during full scan by ignoring
  index records early.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>

- - - - -
d1447aa8 by Fabrice Fontaine at 2019-05-15T04:03:37Z
test_regfio.c: include stdint.h before cmoka.h

This fix the following build failure on mips64el:
/usr/lfs/v0/rc-buildroot-test/scripts/instance-2/output/host/mips64el-buildroot-linux-uclibc/sysroot/usr/include/stdint.h:122:27: error: conflicting types for 'uintptr_t'
 typedef unsigned long int uintptr_t;
                           ^
In file included from ../source3/registry/tests/test_regfio.c:23:0:
../third_party/cmocka/cmocka.h:126:28: note: previous declaration of 'uintptr_t' was here
       typedef unsigned int uintptr_t;

Fixes:
 - http://autobuild.buildroot.org/results/bae0508e84c905dc23ad7cf1153cd1e9d8e4d734

Signed-off-by: Fabrice Fontaine <fontaine.fabrice at gmail.com>
Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
09355b78 by Douglas Bagnall at 2019-05-15T04:03:37Z
util/charset/convert_string: always set length

In failure cases the destination string pointer is set to NULL, but
the size is not changed. Some callers have not been checking the
return value and passing the destination pointer and uninitialised
length onto other functions. We can curse and blame those callers, but
let's also keep them safe.

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
265b3b0c by Douglas Bagnall at 2019-05-15T04:03:37Z
util/charset/convert: do not overflow dest len

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
02507ebf by Douglas Bagnall at 2019-05-15T04:03:37Z
util/charset/convert: do not overflow dest len in corner case

Now, if destlen were SIZE_MAX - 1, destlen * 2 would wrap to SIZE_MAX - 3,
which makes (destlen * 2 + 2) == SIZE_MAX - 1, the same number again.
So we need the <= comparison in this case.

As things stand, it is not actually possible for destlen to be
SIZE_MAX (because it is always an even number after the first round,
and the first round is constrained to be < SIZE_MAX / 2, but *if*
destlen was SIZE_MAX, destlen * 2 + 2 would be 0, so that case is OK.
Similarly the SIZE_MAX - 2 and smaller cases were covered by the
original formula.

We add the comment for people who are wondering WTF is going on with
all this destlen manipulation.

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
a6f47b4f by Douglas Bagnall at 2019-05-15T04:03:37Z
util/charset/convert: when retrying, retry from the start

iconv() advances the inbuf pointer; if we decide to realloc and re-iconv,
we need to reset inbuf to the source string

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
103d248b by Douglas Bagnall at 2019-05-15T04:03:37Z
util/charset/convert: do not pretend to realloc

It seems very likely that our clever attempts to dynamically realloc
the output buffer were never triggered. Two lines of reasoning lead to
this conclusion:

1. We allocate 3 * srclen to start with, but no conversion we use will
   more than that. To be precise, from 8-bit charsets we will only deal
   with codepoints in the Unicode basic multilingual plane (up to 0xFFFF).

   These can all be expressed as 3 or fewer utf-8 bytes. In UTF16 they
   are naturally 2 bytes, while in the DOS codes they are 1 byte.

   We have checked the code tables, and can not find a plausible
   (e.g. not EBCDIC) DOS code page or unix charset that is outside
   this range.  Clients cannot chose the code page, the only code
   pages we will use come from 'unix charset' and 'dos charset'
   smb.conf parameters.

   Therefore the worst that can possibly happen is we expand 1 byte into 3
   (specifically, when converting some e.g. CP850 codepoints to UTF-8).

2. If the reallocation was ever used, the results would have been
   catastrophically wrong, as the input pointer was not reset.

Therefore we skip the complication of the goto loop and let E2BIG be
just another impossible error to report.

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
ac9333cb by Douglas Bagnall at 2019-05-15T04:03:37Z
util/charset/torture: ensure each cp850 high bytes is 3 utf8 bytes

Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
5841b164 by Garming Sam at 2019-05-15T04:03:37Z
ldap: Add a database open after fork to speed-up prefork binds

Removing this (system) database open from the later auth stack results
in a 15-30% improvement in different types of binds and on different
hardware (presumably better with slower disk speeds).

Signed-off-by: Garming Sam <garming at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
4aa99243 by Andrew Bartlett at 2019-05-15T04:03:37Z
s4 dsdb/repl_meta_data: allocate new extended DNs during ADD on a better context

Lower down in this function new_values is assigned over el->values and is
filled in with the values of all the parsed DNs.  Therefore it is the natural
talloc parent.

This will allow el->values to be allocated on tmp_ctx in the next commit for
a working area during the function call.

Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

- - - - -
0daa0ff9 by Gary Lockyer at 2019-05-15T05:35:47Z
s4 dsdb/repl_meta_data: fix use after free in dsdb_audit_add_ldb_value

Fix use after free detected by AddressSanitizer

AddressSanitizer: heap-use-after-free on address 0x61400026a4a0
                  at pc 0x7fd555c52f12 bp 0x7ffed7231180 sp 0x7ffed7231170
                  READ of size 1 at 0x61400026a4a0 thread T0
    #0 0x7fd555c52f11 in ldb_should_b64_encode
       ../../lib/ldb/common/ldb_ldif.c:197
    #1 0x7fd539dc9417 in dsdb_audit_add_ldb_value
       ../../source4/dsdb/samdb/ldb_modules/audit_util.c:491
    #2 0x7fd539dc9417 in dsdb_audit_attributes_json
       ../../source4/dsdb/samdb/ldb_modules/audit_util.c:651
    #3 0x7fd539dc6a7e in operation_json
       ../../source4/dsdb/samdb/ldb_modules/audit_log.c:305

The problem is that at the successful end of these functions
el->values is overwritten with new_values.  However get_parsed_dns()
points p->v at the supplied el and it effectively gets used
as a working area by replmd_build_la_val().  So we must duplicate it
because our caller only called ldb_msg_copy_shallow().

The reason this matters is that the audit_log module is
above repl_meta_data in the stack, and tries to log the
ldb_message it saw after the reply (to include the error code).
If that ldb_message is changed it is not only misleading,
it can point to memory that has since gone away.

In this case the memory for the full extended DN in the
member attribute ended up on 'ac', a context lost by
the time repl_meta_data has finished processing.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13941

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed May 15 05:35:47 UTC 2019 on sn-devel-184

- - - - -
d012a7e8 by Christof Schmitt at 2019-05-15T11:20:28Z
nsswitch: Add testcase for checking output of wbinfo --sid-to-name

The username should always be returned in the DOMAISHORTNAME/USERNAME
format.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit d006c769a9cad275339b18b08e13d48acb29d7fc)

- - - - -
cc3ca17a by Christof Schmitt at 2019-05-15T11:20:28Z
winbind: Query domain from msrpc name_to_sid

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 60b0e91237179b8782c4bd83b9579f51d5af2928)

- - - - -
ef63526b by Christof Schmitt at 2019-05-15T11:20:28Z
winbind: Query domain from winbind rpc name_to_sid

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 562551c0886bdef1f97059e16d375c2e97452b45)

- - - - -
b5c442b7 by Christof Schmitt at 2019-05-15T11:20:28Z
winbind: Query domain from winbind sam_name_to_sid

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 32e3f0663be39cf4a81639c818fc88e959791673)

- - - - -
b3876c30 by Christof Schmitt at 2019-05-15T11:20:28Z
winbind: Return queried domain name from name_to_sid

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit 640e0ef4fd338ddf03b813a8d45cce67c7ec7a01)

- - - - -
03a91bf0 by Christof Schmitt at 2019-05-15T14:18:45Z
winbind: Use domain name from lsa query for sid_to_name cache entry

When winbindd is asked to map a name like realm.com\name to a SID ,that
is sucessfully resolved through the lsa lookup name call. The same call
also returns the short domain name (netbios name of the domain). Use
that short domain name for the sid_to_name cache entry, so that
subsequent sid_to_name queries return the expected netbiosname\name
result and not realm.com\name.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13831

Signed-off-by: Christof Schmitt <cs at samba.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
(cherry picked from commit aec9bda25f10ca2710d91fb680cca7904e92f9de)

Autobuild-User(v4-9-test): Karolin Seeger <kseeger at samba.org>
Autobuild-Date(v4-9-test): Wed May 15 14:18:45 UTC 2019 on sn-devel-144

- - - - -
226544f6 by Jeremy Allison at 2019-05-15T21:26:12Z
s3: net: Harden guess_charset() against overflow errors.

Found by Michael Hanselmann using fuzzing tools

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13842

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
b3bfad39 by Jeremy Allison at 2019-05-15T21:26:12Z
s3: net: Harden act_val_hex() act_val_sz() against errors.

Found by Michael Hanselmann using fuzzing tools

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13842

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
70025b4a by Jeremy Allison at 2019-05-15T21:26:12Z
s3: net: Harden srprs_str() against memcmp overread.

Found by Michael Hanselmann using fuzzing tools

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13842

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
11c35c8f by Jeremy Allison at 2019-05-15T21:26:12Z
s3: net: Rewrite of reg_parse_fd() to harden against buffer overwrites.

Remove unused handle_iconv_errno(). Fix leaks of iconv handles.

Found by Michael Hanselmann using fuzzing tools

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13842

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

- - - - -
f0ea0800 by Jeremy Allison at 2019-05-15T23:08:58Z
s3: net: Test of fuzzer problems with net rpc registry import.

Found by Michael Hanselmann using fuzzing tools

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13842

Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Wed May 15 23:08:58 UTC 2019 on sn-devel-184

- - - - -
93131652 by Gary Lockyer at 2019-05-16T06:46:18Z
samba_autoconf: fix undefined behaviour sanitizer compile flags

Added the -g option, -fsaniize=null and -fsanitize=alignment, removed
the -fno-omit-frame-pointer option.

Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
076402cb by Volker Lendecke at 2019-05-16T06:46:18Z
smbd: Use a direct struct assignment in reply_setatr()

Saves .text bytes with -O3

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
546394a9 by Volker Lendecke at 2019-05-16T06:46:18Z
smbd: Fix a typo

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
82a40271 by Volker Lendecke at 2019-05-16T07:59:52Z
smbd: Slightly simplify delay_for_oplock()

We don't have to look at the leases.tdb record if it's our own lease.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu May 16 07:59:52 UTC 2019 on sn-devel-184

- - - - -
d6b1c33d by Noel Power at 2019-05-16T17:55:16Z
python: Create macro to hide ugly function signature cast

-Wcast-function-type triggers various warnings related to bad api
decisions in python source. To avoid these warnings we hide them
by casting to void first. Macro here is to hide the uglyness and
provide an easy place to either/or
  + fix better in a single place in the future
  + identify the places involved should python api change in a way
    this can be handled better

Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
3326bba4 by Noel Power at 2019-05-16T17:55:16Z
pidl: Call PY_DISCARD_FUNC_SIG in generated code to avoid ugly warning

Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
8c8fe323 by Noel Power at 2019-05-16T17:55:17Z
s3/smbd: squash 'cast between incompatible function types' warning

Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
0830485d by Noel Power at 2019-05-16T17:55:17Z
s3/ntvfs: squash 'cast between incompatible function types' warning

Fix various PyCFunction definitions to avoid
'cast between incompatible function types' warnings when compiled
with -Wcast-function-type

Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
cc608669 by Noel Power at 2019-05-16T17:55:17Z
s4/librpc: squash 'cast between incompatible function types' warning

Where possible make PyCFunction definition signature match. Sometimes
this is not possible (e.g. when the c-function is associated with a
python method definition with 'METH_VARARGS|METH_KEYWORDS' in this
case we use the PY_DISCARD_FUNC_SIG macro.

Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
cea41645 by Noel Power at 2019-05-16T17:55:17Z
s3: squash 'cast between incompatible function types' warning

Some functions (e.g. py_smb_savefile) have an extra unecessary
*kwargs param in their signatures, these definitions are
causing 'cast between incompatible function types' warnings when
compiled with -Wcast-function-type. Some other functions have
the *kwargs which causes "cast between incompatible function types'
warnings which need to be squashed with use of the
PY_DISCARD_FUNC_SIG macro.

Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
a7d75a1c by Noel Power at 2019-05-16T17:55:17Z
s4: squash 'cast between incompatible function types' warning

To avoid warning above produced by using
 -Wcast-function-type we;

  + ensure PyCFunctions of type METH_NOARGS defined dummy arg
  + ensure PyCFunctions of type METH_KEYWORDS use PY_DISCARD_FUNC_SIG
    macro
  + ensure PyCFunctions of type METH_KEYWORDS really actually use the
    problematic kargs param, if not remove it

Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
cbdd3d0c by Noel Power at 2019-05-16T17:55:17Z
squash 'cast between incompatible function types' warning

To avoid warning above produced by using
-Wcast-function-type we;

  + ensure PyCFunctions of type METH_NOARGS defined dummy arg
  + ensure PyCFunctions of type METH_KEYWORDS use PY_DISCARD_FUNC_SIG
    macro

Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
5720f20a by Noel Power at 2019-05-16T17:55:17Z
lib/tdb: squash 'cast between incompatible function types' warning

squash 'cast between incompatible function types' warning

To avoid warning above produced by using
-Wcast-function-type we;

  + ensure PyCFunctions of type METH_NOARGS defined dummy arg
  + ensure PyCFunctions of type METH_KEYWORDS use PY_DISCARD_FUNC_SIG
    macro

Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
d93ec544 by Noel Power at 2019-05-16T17:55:17Z
lib/tevent: squash 'cast between incompatible function types' warning

squash 'cast between incompatible function types' warning

To avoid warning above produced by using
-Wcast-function-type we;

  + ensure PyCFunctions of type METH_NOARGS defined dummy arg
  + ensure PyCFunctions of type METH_KEYWORDS use PY_DISCARD_FUNC_SIG
    macro

Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
995e23f1 by Noel Power at 2019-05-16T17:55:17Z
lib/talloc: squash 'cast between incompatible function types' warning

To avoid warning above produced by using
-Wcast-function-type we;

  + ensure PyCFunctions of type METH_NOARGS defined dummy arg

Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
51f146de by Noel Power at 2019-05-16T17:55:17Z
lib/ldb: squash 'cast between incompatible function types' warning

To avoid warning above produced by using
-Wcast-function-type we;

  + ensure PyCFunctions of type METH_NOARGS defined dummy arg
  + ensure PyCFunctions of type METH_KEYWORDS use PY_DISCARD_FUNC_SIG
    macro

Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
27d99eef by Noel Power at 2019-05-16T17:55:17Z
lib/ldb: Fix incorrect return type for (setter) func type

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13948

Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
70a14064 by Noel Power at 2019-05-16T17:55:17Z
lib/ldb-samba: squash 'cast between incompatible function types' warning

To avoid warning above produced by using
-Wcast-function-type we;

  + ensure PyCFunctions of type METH_NOARGS defined dummy arg

Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
16cf1d1a by Noel Power at 2019-05-16T17:55:17Z
lib/crypto: squash 'cast between incompatible function types' warning

To avoid warning above produced by using
-Wcast-function-type we;

      + ensure PyCFunctions of type METH_VARARGS do not declare
        unused and problematic kargs param.

Signed-off-by: Noel Power <noel.power at suse.com>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
0fa490e8 by Shyamsunder Rathi at 2019-05-16T17:55:18Z
s3:loadparm: Ensure to truncate FS Volume Label at multibyte boundary

For FS_VOLUME_INFO/FS_INFO operation, a maximum of 32 characters are
sent back. However, since Samba chops off any share name with >32
bytes at 32, it is possible that a multi-byte share name can get chopped
off between a full character. This causes the string decoding for unicode
failure which sends back NT_STATUS_ILLEGAL_CHARACTER (EILSEQ) to the client
applications.

On Windows, Notepad doesn't like it, and refuses to open a file in this
case and fails with the following error:

  Invalid character. For multibyte character sets, only the leading byte is
  included without the trailing byte. For Unicode character sets, include
  the characters 0xFFFF and 0xFFFE.

Proposed fix:
- Find the last starting point of a multibyte codepoint if the character
  at 32nd byte is a subsequent byte of a MB codepoint.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13947

Signed-off-by: Shyamsunder Rathi <shyam.rathi at nutanix.com>
Reviewed-by: Hemanth Thummala <hemanth.thummala at nutanix.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

- - - - -
749f1290 by Rikard Falkeborn at 2019-05-16T19:08:29Z
lib:util: Fix tfork return value if sigprocmask fails

Returning a non-zero value from a function with bool as return value is
the same as returning true. Change the return value to false if
sigprocmask or pthread_sigmask fails to indicate failure.

Detected with the help of cppcheck.

Signed-off-by: Rikard Falkeborn <rikard.falkeborn at gmail.com>
Reviewed-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>

Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Thu May 16 19:08:29 UTC 2019 on sn-devel-184

- - - - -
1078b273 by Richard Sharpe at 2019-05-16T22:33:21Z
s3: smbd: Don't log at WARNING level when exiting the server on error.

Signed-off-by: Richard Sharpe <realrichardsharpe at gmail.com>
Reviewed-by: Jeremy Allison <jra at samba.org>

- - - - -
8c6fd8bb by Volker Lendecke at 2019-05-16T22:33:21Z
smbd: Remove an obsolete comment from share_conflict()

delay_for_batch_oplocks() is no more. Also, open_mode_check (which
calls into this routine) is called before delay_for_oplock.

Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-