git.samba.org - janger/samba-autobuild-v4-19-test/.git/log

gp: Skip site GP list if no site is found

[MS-GPOL] 3.2.5.1.4 Site Search says if the site
search returns ERROR_NO_SITENAME, the GP site
search should be skipped.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15548

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jan 23 11:20:35 UTC 2024 on atb-devel-224

(cherry picked from commit f05b61b4991e7f51bd184d76a79f8b50114a0ff3)

s3:passdb: smbpasswd reset permissions only if not 0600

Browsing files or download files from samba server, smbd would check user's
id to decide whether this user could access these files, by lookup user's
information from the password file (e.g. /usr/local/samba/private/smbpasswd).
smbd might goes through startsmbfilepwent(), this api calls [f]chmod() to
make sure the password file has valid permissions 0600.

Consider a scenario: we are doing a read performance benchmark about
downloading a bunch of files (e.g. a thousand files) from a samba server,
monitoring file system i/o activities counters, and expecting that should
be only read operations on file system because this is just downloading, no
uploading is involved. But actually found that still write operations on file
system, because smbd lookup user and always reset 0600 permissions on password
file while access each file, it makes dirty pages (inode modification) in ram,
later triggered a kernel journal daemon to sync dirty pages into back storage
(e.g. ext3 kjournald, or ext4 jbd2).
This looks like not friendly for read performance benchmark if it happened on
an entry-level systems with much less memory and limited computation power,
because dirty pages syncing in the meantime slows down read performance.

This patch adds fstat() before [f]chmod(), it would check whether password
file has valid permissions 0600 or not. If 0600 smbd would bypass [f]chmod()
to avoid making dirty pages on file systems. If not 0600 smbd would warn and
go through [f]chmod() to set valid permissions 0600 to password file as
earlier days.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15555

Signed-off-by: Jones Syue <jonessyue@qnap.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Jan 18 10:28:19 UTC 2024 on atb-devel-224

(cherry picked from commit c82a267b2a1b7617e818548aa486b7cfbda74657)

Autobuild-User(v4-19-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-19-test): Mon Jan 22 10:53:03 UTC 2024 on atb-devel-224

system.c: fix fake directory create times

This was broken by c9c3d4312d7281904fc back in 2009 already.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12421

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 56c3dbc2ff8531772bf79eb9da3497767a20ce6f)

time.c: fix ctime which was feeded with the mtime seconds

This bug was introduced with 53a1d034f3e47ed3c in 2020.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15550

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 2df2e34c3c1ccf76bbcc78586cbbb6433b6d30d5)

python:gp: Print a nice message if cepces-submit can't be found

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15552

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
(cherry picked from commit 8eb42425a8eb1b30ca0e94dfc01d8175ae5cde4b)

Autobuild-User(v4-19-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-19-test): Mon Jan 15 11:11:31 UTC 2024 on atb-devel-224

gp: Send list of keys instead of dict to remove

`cache_get_all_attribute_values` returns a dict whereas we need to pass
a list of keys to `remove`. These will be interpolated in the gpdb search.

Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Aug 28 03:01:22 UTC 2023 on atb-devel-224

(cherry picked from commit 7dc181757c76b881ceaf1915ebb0bfbcf5aca83a)

gp: Test disabled enrollment unapplies policy

For this we need to stage a Registry.pol file with certificate
autoenrollment enabled, but with checkboxes unticked.

Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@samba.org>
(cherry picked from commit ee814f7707a8ddef2657212cd6d31799501b7bb3)

gp: Template changes should invalidate cache

If certificate templates are added or removed, the autoenroll extension
should react to this and reapply the policy. Previously this wasn't
taken into account.

Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@samba.org>
(cherry picked from commit 2a6ae997f2464b12b72b5314fa80d9784fb0f6c1)

gp: Test adding new cert templates enforces changes

Ensure that cepces-submit reporting additional templates and re-applying
will enforce the updated policy.

Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@samba.org>
(cherry picked from commit 2d6943a864405f324c467e8c3464c31ac08457b0)

gp: Convert CA certificates to base64

I don't know whether this applies universally, but in our case the
contents of `es['cACertificate'][0]` are binary, so cleanly converting
to a string fails with the following:

'utf-8' codec can't decode byte 0x82 in position 1: invalid start byte

We found a fix to be encoding the certificate to base64 when
constructing the CA list.

Section 4.4.5.2 of MS-CAESO also suggests that the content of
`cACertificate` is binary (OCTET string).

Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@samba.org>
(cherry picked from commit 157335ee93eb866f9b6a47486a5668d6e76aced5)

gp: Test with binary content for certificate data

This fails all GPO-related tests that call `gpupdate --rsop`.

Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@samba.org>
(cherry picked from commit 1ef722cf66f9ec99f52939f1cfca031c5fe1ad70)

gp: Change root cert extension suffix

On Ubuntu, certificates must end in '.crt' in order to be considered by
the `update-ca-certificates` helper.

Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@samba.org>
(cherry picked from commit bce3a89204545dcab5fb39a712590f6e166f997b)

gp: Support update-ca-trust helper

This is used on RHEL/Fedora instead of update-ca-certificates. They
behave similarly so it's enough to change the command name.

Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@samba.org>
(cherry picked from commit fa80d1d86439749c44e60cf9075e84dc9ed3c268)

gp: Support more global trust directories

In addition to the SUSE global trust directory, add support for RHEL and
Debian-based distributions (including Ubuntu).

To determine the correct directory to use, we iterate over the variants
and stop at the first which is a directory.

In case none is found, fallback to the first option which will produce a
warning as it did previously.

Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: David Mulder <dmulder@samba.org>
(cherry picked from commit a1b285e485c0b5a8747499bdbbb9f3f4fc025b2f)

smbd: move access override for previous versions to the SMB layer

Doing the previous version access checks and semantics at the SMB
layer means we can simplify the shadow_copy2 and remove the kludge.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Jan 8 16:58:26 UTC 2024 on atb-devel-224

(backported from commit f14a7065690b00e3c6af2c1f0b0aec51c1e0b372)
[slow@samba.org: vfs_shadow_copy2.c: no TALLOC_FREE() in context]
[slow@samba.org: open.c: assign result from calculate_open_access_flags()]

Autobuild-User(v4-19-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-19-test): Tue Jan 9 13:17:12 UTC 2024 on atb-devel-224

smbd: check for previous versions in check_any_access_fsp()

Now that check_any_access_fsp() is broadly used consistently to
restrict access for all modifying operations, we can add a check for
previous versions to check_any_access_fsp() and it gets enforced
consistently.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit fd4e41144a819b4403340e4a28664ac586722b41)

smbd: use check_any_access_fsp() for all access checks

Replaces the direct access to fsp->access_mask with a call to
check_any_access_fsp() which allows doing additional checks if needed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 02ed99343d19fd0845531ad99a46b1dd5b8a7a4f)

smbd: replace CHECK_WRITE() macro with calls to check_any_access_fsp()

The additional check if fd underlying fd is valid and not -1 should not be done
at this place. I actually would prefer an write to fail with EBADF if this
happens, as it's likely easier to debug why this happened. These days we should
always have a valid fd.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 995a31c8d4c1789c16bae6b8196f2565d4b1dfdb)

smbd: set fsp->fsp_flags.can_write to false for access to previous-versions

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit ee3035218df4cfd68b6aab6825c78f2b85234c6c)

smbd: return correct error when trying to create a hardlink to a VSS file

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit a0ae45be770a13373c148a689b9761f14c4f942c)

smbd: fix check_any_access_fsp() for non-fsa fsps

smbd_check_access_rights_fsp() requires *all* rights in access_mask to
be granted by the underlying ACL, but the semantics of this function
is supposed to grant access if any one of the rights in
access_requested is allowed.

Fix this by looping over the requested access mask. If
smbd_check_access_rights_fsp() returns sucess, mask will be non-null
and when assigned to access_granted, the subsequent check will pass,
fail otherwise.

I'm not doing an early exit on purpose because a subsequent commit
adds additional security checks that are done in the subsequent code
path common for fsa and non-fsa fsps.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit bf497819e61131cfa6469971596af3aa9bd4bb49)

smbd: rename check_access_fsp() to check_any_access_fsp()

The semantics of the access check in check_access_fsp() itself is to
allow access if *at least* one or more rights of the rights in
access_mask are allowed. The name check_any_access_fsp() better
reflects this.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 96b577c380fa914eb1ffa95849c82bdb88aa1ec6)

smbd: set fsp_flags.is_fsa to true on printer file handles

Printer file handles went through SMB_VFS_CREATE_FILE() and are network
callable, so it makes sense to set this on them.

This ensures that check_access_fsp() doesn't take the codepath calling
smbd_check_access_rights_fsp(), but just checks the request rights from
fsp->access_mask.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 76c8fe16bff36a29fa326355256b50737d04bd85)

smbd: return the correct error in can_rename()

This is what Windows returns for this case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 276c5bd851ab6ab818a49d9c47f6b96de8024778)

smbtorture: expand smb2.twrp.write test

Test more modifying operations are blocked and access masks are correct.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 537eedfe2a79fba2e1f062f14ba7a0c5f8f70a88)

s4/libcli/raw: implemement RAW_SFILEINFO_LINK_INFORMATION

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit c62484bc2c60ebac42635793d94cb8e62629acbf)

selftest: remove error_inject from shadow_write share

Frankly, I can't remember why I added this as part of bug 13688. The
goal of the corresponding test is to verify a write on a read-only
file handle fails. As the file is opened O_RDONLY, the write will fail
anyway and there's no need to inject the error.

To make things worse, having the error injected meant we didn't notice
when the underlying logic of forcing the open to be done with O_RDONLY
was done as O_RDWR, resulting in the write on the handle to succeed.

This happened when we introduced reopen_from_fsp(): the initial
pathref open of a path with a twrp value was correctly detected and
handled by shadow_copy2_openat(). However, when converting the pathref
open to a real one via reopen_from_fsp(), shadow_copy2_openat() only
sees the magic /proc/fd path and has no way of inferring that this was
originating from a prevous version open with a twrp value.

Tl;dr: we can just remove this error injection, it is not needed, the
correct fix is to implement this in the SMB layer which is done in the
subsequent commits.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13688

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 78119edba013583555069271bb61134c12c2c135)

VERSION: Bump version up to Samba 4.19.5...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Jule Anger <janger@samba.org>

VERSION: Disable GIT_SNAPSHOT for the 4.19.4 release.

Signed-off-by: Jule Anger <janger@samba.org>

WHATSNEW: Add release notes for Samba 4.19.4.

Signed-off-by: Jule Anger <janger@samba.org>

docs-xml: use XML_CATALOG_FILES env var if defined

Thanks to Thierry LARONDE for the fix.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15540

Signed-off-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit b9f32b32e0e1463b8ca3e696d682ecf86503464b)

Autobuild-User(v4-19-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-19-test): Mon Jan 8 14:02:25 UTC 2024 on atb-devel-224

winbind_nss_netbsd: fix missing semicolon

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15541

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit b41f95f891ab5b1d1878735a513be5d9a13f63c6)

s3:utils: Fix the auth function to print correct values to the user

In order to show correct values in the password prompt displayed by
cli_credentials_get_password*(). We need to set the domain and username
in the credentials system.

The credentials supplied via the SMB URL have a higher priority than the
command line options.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15538

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 1134c4f3a63c9618c3fb79abefb40a798c7c1701)

s3:utils: Handle the domain before username and password

The cli_credentials_get_password*() function will interactively ask the
user for a password if none has been supplied via another ways. To show
the correct domain and username in the prompt, we need handle domain
and user first.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15538

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 25021b836f74d3d247bce44c6c02a2d8b2cc39ea)

doc-xml: fix name of vfs_linux_xfs man page

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15542

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 2073bbf9dcab5fabe5e683c12e16c195239fcba1)

smbd: Fix traversing snapshot dirs that vanished in current fileset

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15544

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jan 2 20:37:01 UTC 2024 on atb-devel-224

(cherry picked from commit 2cfbf43f706d5d29a5b1a5b13aac0661e42da0b1)

shadow_copy: Add test for missing directory in "current" fileset

Right now we can't traverse a subdirectory in a snapshot which was
deleted in the current set of files.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15544

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit a0bfadb32b83ab1e58290f84c298d345e21866d9)

s3:smbd multichannel: always refresh the network information

To maintain SMB Multichannel, windows client might periodically query with
FSCTL_QUERY_NETWORK_INTERFACE_INFO to get SMB server's network information,
in my case windows server 2022 would do this every 10 minutes (600 seconds).

Consider a scenario: the network information might have changed between
these queries, some become link down, new interface is link up, network
speed is changed, and etc. So far smbd might not aware of these changes and
still report out-of-date network information to windows client, until we
manually send a SIGHUP to smbd in order to trigger load_interfaces():
smbd_sig_hup_handler() > reload_services () > load_interfaces()
This might be a bit inconvenient because it is hard to decide when should
we manually send a SIGHUP to smbd for refreshing network information.

This patch adds load_interfaces() at fsctl_network_iface_info(), while smbd
received FSCTL_QUERY_NETWORK_INTERFACE_INFO would go through this and refresh
local_interfaces, then respond to client with up-to-date network information;
also refresh num_ifaces to make sure interfaces count is consistent.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15547

Signed-off-by: Jones Syue <jonessyue@qnap.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
(cherry picked from commit 318fd95d5ea63724798592eb6b4eebaecfa0cbfb)

Autobuild-User(v4-19-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-19-test): Fri Jan 5 13:47:03 UTC 2024 on atb-devel-224

s3:ctdbd_conn: fix ctdbd_public_ip_foreach() for ipv6 addresses

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15534

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Dec 21 11:09:30 UTC 2023 on atb-devel-224

(cherry picked from commit 828f3c99122fb033ecb79e24ed24821b8510f0f8)

Autobuild-User(v4-19-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-19-test): Thu Dec 28 17:15:55 UTC 2023 on atb-devel-224

VERSION: move COPYRIGHT_STARTUP_MESSAGE as SAMBA_COPYRIGHT_STRING into version.h

We also prodive a samba_copyright_string() helper similar to
samba_version_string().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Dec 15 10:44:42 UTC 2023 on atb-devel-224

(cherry picked from commit d23d6145bf08c4765479951237e697c4b2b11aa2)

Autobuild-User(v4-19-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-19-test): Tue Dec 19 10:43:21 UTC 2023 on atb-devel-224

lib/util: convert DBG_STARTUP_NOTICE() to use debug_set_forced_log_priority(DBGLVL_NOTICE)

Using -1 as log level is not compatible without our infrastructure.

As all backends are initialized with .log_level = -1, which means
they don't log the message, but now they all try to handle the
startup message even if they are not configured.

E.g. is means that systemd's journalctl get the message twice
now, first via the syslog and also the systemd backend.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit cd8dcff9e9cbfffab8c502c8701c00b0c8e3512b)

lib/util: add debug_set_forced_log_priority()

By default the priority for syslog/systemd is derived from
the log level of the debug message.

But for things like startup messages we want to
change the priority temporary, like this:

debug_set_forced_log_priority(DBGLVL_NOTICE);
D_ERR("Startup...\n");
debug_set_forced_log_priority(-1);

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit bd21a0cdefb30ef5522f81d865c03d11a182a63c)

source3/nmbd/nmbd.c: use DBG_STARTUP_NOTICE

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 72f20311acc4ab8851f18ac2b87f7ecc7803afad)

lib/util/become_daemon.c: use DBG_STARTUP_NOTICE

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 50337acaa566b6696e035e38f6408f65805182a0)

logging: use DBG_STARTUP_NOTICE for startup message

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 159cfde446c95c387ef212be103b109ea0dca93d)

debug.h: introduce DEBUG_STARTUP_NOTICE

this is log level -1 and lowest syslog priority. This is used for start up
messages and copyright notices, which should always be printed but which are no
errors or warnings.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit ccfe345fece0a5a44d766fb9426d43c2e046d040)

lib/util: move copyright define to copyright.h

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit b7631bf603fbce9b80b19410f0680ce8c4170a1b)

s4/server.c: move some log messages from ERR to NOTICE

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit baa67024bca391f2e212b91131f544cc911c6895)

profile: issues info message with lower log level

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15377

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 55d895dc42248ad524a10812b9975ac05a722fdc)

s3:rpc_server: call reopen_logs before we print the copyright notice

This matches what we do in smbd, winbindd and nmbd.

For the workers it's important to call it at all, otherwise
things like 'debug pid = yes' or 'debug class = yes' have no effect
in the workers.

We could argue if we want the copyright notice on the start
of each worker at all, but that's a different discussion...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 94723b6732a67482eb7792e82b01e26a807e8265)

ctdb-server: Drop unnecessary copy of destination address

Modernise debug while touching the code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Dec 15 12:09:21 UTC 2023 on atb-devel-224

(cherry picked from commit 4b7329f15820f1b4d9a7b7f0947719c4217b312a)

Autobuild-User(v4-19-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-19-test): Sat Dec 16 16:08:41 UTC 2023 on atb-devel-224

ctdb-daemon: Use ctdb_connection_to_buf() to simplify

The one case that is no longer handled specially is when the
destination address is IPv4 loopback. This may previously have been
used to avoid flooding the logs when testing. However, that seems
unnecessary - if testing with 127.0.0.1 then make it a public address.

Modernise debug while touching the code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 8fc3872557f715dc38f9898754a785fd073ace96)

smbd: Remove callback for release_ip when "state" is free'ed

If a client connects to a non-public address first followed by a connect
to public address with the same client_guid and a connection to
the non-public address gets disconnected first, we hit by a use-after-free
talloc_get_type_abort() called from release_ip() as
"xconn" is already gone, taking smbd_release_ip_state with it.

We need to decide between calling ctdbd_unregister_ips() by default, as
it means the tcp connection is really gone and ctdb needs to remove the
'tickle' information. But when a connection was passed to a different
smbd process, we need to use ctdbd_passed_ips() as the tcp connection is
still alive and the 'tickle' information should not be removed within
ctdb.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit ddf47e7fe314e0f5bf71ff53e35350e0ba530d08)

s3:selftest: add samba3.blackbox.smbXsrv_client_ctdb_registered_ips

This demonstrates the crash that happens if a client connects to a
non-public address first followed by a connect
to public address with the same client_guid and a connection to
the non-public address gets disconnected first, we hit by a
use-after-free talloc_get_type_abort() called from release_ip() as
"xconn" is already gone, taking smbd_release_ip_state with it.

Note that we also need to mark some subtests as flapping
as there's a 2nd problem that happens in the interaction
between smbd processes and ctdb when passing a multichannel
connection to an existing process, it means we sometimes
loose the 'tickle' information within ctdb to that tcp connection.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit 082c7df4d04c2a94c5413c1d6b7eae7be610f950)

selftest: export/use CTDB related envvars in order to run the ctdb command

This makes it easier to test things...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit 38b74d4ca9a59e7f12850c20c410f9df26cbad0a)

ctdbd_conn: add ctdbd_passed_ips()

This is similar to ctdbd_unregister_ips(), but with the
difference that ctdb keeps the 'tickle' information for
the tcp connection alive, because another smbd process
took care of that tcp connection in a multichannel scenario.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit 2e784789d78d09dfbc599085e5eb1c70c5b866b8)

ctdbd_conn: add ctdbd_unregister_ips()

This reverts the effect of ctdbd_register_ips().
We'll use this in order to disconnect individual
multichannel connections.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit f3a03f3f774f0795fc1a163f12cccb9cedeebec1)

ctdbd_conn: Add deregister_from_ctdbd()

This is to remove a callback during rundown of smbds.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit 75aa6693940201a928b46f6880b43820c0e1c555)

ctdbd_conn: let register_with_ctdbd() call CTDB_CONTROL_REGISTER_SRVID just once

We do the dispatching to multiple handlers in ctdbd_msg_call_back()
and we don't need more than one message from ctdb.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit 77a559432ffde2d435e29bed126d20a09d33f48e)

ctdbd_conn: don't use uninitialized memory in ctdbd_register_ips()

We dump the structure into the socket, so we need to zero the content
including possible padding.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit 240139370aa19f53dd3de0ff468afd994d3bd973)

ctdb: add/implement CTDB_CONTROL_TCP_CLIENT_PASSED

With multichannel a tcp connection is registered first with
a temporary smbd process, that calls CTDB_CONTROL_TCP_CLIENT
first and then passes the tcp connection to the longterm smbd
that already handles all connections belonging to the specific
client_guid. That smbd process calls CTDB_CONTROL_TCP_CLIENT
again, but the 'tickle' information is already there.
When the temporary smbd process exists/disconnects from ctdb
or calls CTDB_CONTROL_TCP_CLIENT_DISCONNECTED, the 'tickle'
information is removed, while the longterm smbd process
still serves the tcp connection.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit 037e8e449deb136ad5ed5e4de05439411b545b6d)

ctdb: add/implement CTDB_CONTROL_TCP_CLIENT_DISCONNECTED

With multichannel a ctdb connection from smbd may hold multiple
tcp connections, which can be disconnected before the smbd
process terminates the whole ctdb connection, so we a
way to remove undo 'CTDB_CONTROL_TCP_CLIENT' again.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit c6602b686b4e50d93272667ef86d3904181fb1ab)

ctdb: add ctdb_connection_same() helper

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit 8395fd369d3c9d216817e922423727748581f133)

ctdb: make use of ctdb_canonicalize_ip_inplace() in ctdb_control_tcp_client()

We could also remove the src_addr and dest_addr helper variables
completely, but that would be too much for this commit.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit 5f52d140f7b676ed68b5ce49d4445357bcbcb1a6)

ctdb: add ctdb_canonicalize_ip_inplace() helper

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit f2d9c012fc803b48564c3203ed640c02f99bcbaa)

ctdb: remove unused ctdb->client_ip_list and print debug on ctdb_tcp_list instead

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15523

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit 92badd3bdd82d1fa79727efcf81b6f479016811f)

s3:utils: Fix auth callback with smburl

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit f2f7ed419e03e5ae8cc85f42af5b2bcf91abefe2)

Autobuild-User(v4-19-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-19-test): Tue Dec 12 10:01:36 UTC 2023 on atb-devel-224

s3:tests: Add interactive smbget test for password entry

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 5b38f3be8cb986aa2db3aab5c3c3d2e8739893ce)

auth:creds: Add cli_credentials_get_domain_and_obtained()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit a7622bc7db093558c6f6e3da4d2a899a764dec09)

auth:creds: Fix cli_credentials_get_password_and_obtained() with callback

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 1041dae03f0f7e9e2b6b4a649eb1d298a34ce699)

auth:creds:tests: Add test for password callback

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit ab4b25964a43a1ef550f10580ad395e178fe647e)

s3:tests: Fix smbget test

Time to fix the smget share to not have `guest ok = yes` set. A new
[smbget_guest] will be used for guest only tests. This way we can
correctly test different authentication mechanisms.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit c46769f3f10d21ed802e17aa79ae17e345168e63)

s3:tests: Remove the non-working test_kerberos_upn_denied of smbget

See TODO code comment for details.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 1a04fd255c2c94e01bda9840bfd6b372007bb3c7)

s3:tests: Fix the test_kerberos_trust in smbget testsuite

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 468fb05d6357779228e411076e286abcdb70cf96)

s3:tests: Fix test_kerberos in smbget tests

We switched to a temporary directory, so $PREFIX doesn't exist.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 62b0b79ce065246417996dec61afa6a10f6ab99b)

s3:tests: Pass down a normal domain user for test_smbget.sh

It is better to test with a normal user than administrator.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 337034e675aaeb366d360a791ec0d003426230af)

selftest: Add DOMAIN_ADMIN and DOMAIN_USER variables

We should start using those in future. So we can distinguish which
privileges we want. Currently DC_USERNAME is the Administrator. Whatever
possible should use DOMIAN_USER instead.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 56d0c3a0263ed166452c129219e7a391ba4d014c)

selftest: Remove trailing tabs/white spaces in Samba4.pm

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit a2af6946f5e53b7d954aa54d3d115dbe4975b1c4)

s3:tests: Fix authentication with smbget_user in smbget tests

Currently the smget share is broken. We set `guest ok = yes` so if you
specify invalid names, the authentication will still succeed as we
are mapped to guest.

The smbget_user is a local ad_member user. We need to set the
workstation as the "domain" for the user.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15532

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit c14c5dec09fe1c86b29b3091ad521e73a2e1c3e9)

s3:utils: Fix setting the debug level

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15525

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 763b2efe69dc74e1c0cd954607031012f832486d)

s3:tests: Add smbget test for smb://DOAMIN;user%password@server/share/file

This is supported according to the smbget manpage!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15525

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit e5fe856e76eba26e3b85a391bcea02dfe045c26e)

smbd: Fix read_symlink_reparse()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15505

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 27 21:19:35 UTC 2023 on atb-devel-224

(cherry picked from commit 952d6c2cf48b19807e96a49b95c19c224bd6e732)

Autobuild-User(v4-19-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-19-test): Mon Dec 11 09:45:32 UTC 2023 on atb-devel-224

vfs_ceph: call 'ceph_fgetxattr' only if valid fd

Align getxattr logic with the rest of xattr hooks: call ceph_fgetxattr
with appropriate io-fd when 'is_pathref' is false; otherwise, call
ceph_getxattr.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15440

Signed-off-by: Shachar Sharon <ssharon@redhat.com>
Reviewed-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Nov 30 12:32:29 UTC 2023 on atb-devel-224

(cherry picked from commit 83edfcff5ccd8c4c710576b6d5612e0578d168c8)

s3:auth: Allow 'Unix Users' and 'Unix Groups' to create a local token

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15469

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 00034d022896f879bf91bb78eb9e2972162c99ce)

Autobuild-User(v4-19-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-19-test): Tue Dec 5 11:04:17 UTC 2023 on atb-devel-224

s3:auth: Remove trailing white spaces from auth_util.c

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 8f496161463f110e494201303b96dd14ab3774cd)

selftest: Show that 'allow trusted domains = no' firewalls Unix User|Group

UNEXPECTED(failure): samba3.blackbox.smbclient_auth.plain.local_creds.smbclient //LOCALSHARE4/forceuser_unixonly as user(simpleserver)
REASON: Exception: Exception: tree connect failed: NT_STATUS_AUTHENTICATION_FIREWALL_FAILED

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15469

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit ad0c0dd071401d98f0b7f595efbdf5312a165ab4)

testprogs: Add net offlinejoin composeodj tests

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Sep 5 22:11:46 UTC 2023 on atb-devel-224

(cherry picked from commit f3c632e74ba100b455eeac66e8914b11d1d9b0a0)

Autobuild-User(v4-19-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-19-test): Wed Nov 29 15:59:17 UTC 2023 on atb-devel-224

testprogs: Cleanup machine account in net offlinejoin tests

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit e92e4b9544231c15eaf0bdbba4505345cd0f6ab5)

s3:net: Allow to load ODJ blob from stdin

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit c14a4f51443f67bc46a670a342eed8cb9e81f37d)

s3:net: Load ODJ blob from file only if "loadfile" parameter is present

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit b2399b6994c89404f245e1a97ba1c1cf13d7fc86)

s3:net: Add "net offlinejoin composeodj" command

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 4a1f2071a6028a761bbe7efee20e9654851b51f0)

s3:libnetapi: Implement NetComposeOfflineDomainJoin_l()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit a8bd8f22aac2c223e85e318dba7af8b64052b053)

s3:libnetapi: Add NetComposeOfflineDomainJoin() to API.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 7cabbec2eaf5aefd3751c635c12556eca590f506)

s3:libnetapi: Add NetComposeOfflineDomainJoin() boilerplate

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 532701e3cce9d15e95166ee7c24cd1e4af51fcc4)

s3:libnetapi: Add NetComposeOfflineDomainJoin() to IDL

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 740e704bd68a6b618b62336ba1583c0edeb82d6f)

s3:libnetapi: Add some comments to document ODJ blob charset conversions

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit bdab834dfad55776155915f7ec410b5a192406fa)

s3:libnetapi: Return error from RequestOfflineJoin

The error code must be returned to caller even if the error string is not set.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13577

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit e4afb211fe32f2aa92cc903df948874046f60305)

VERSION: Bump version up to Samba 4.19.4...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Jule Anger <janger@samba.org>

VERSION: Disable GIT_SNAPSHOT for the 4.19.3 release.

Signed-off-by: Jule Anger <janger@samba.org>

WHATSNEW: Add release notes for Samba 4.19.3.

Signed-off-by: Jule Anger <janger@samba.org>