git.samba.org - ddiss/samba.git/log

VERSION: Disable git snapshots for the 4.3.12 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

WHATSNEW: Add release notes for Samba 4.3.12.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

s3:libads: don't use MEMORY:ads_sasl_spnego_bind nor set "KRB5CCNAME"

Most callers just set "KRB5CCNAME", but leave ads->auth.ccache_name = NULL.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12369

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 13 00:35:21 CEST 2016 on sn-devel-144

(cherry picked from commit a5f895a53016af71db53967062728fec5bc307ca)

Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Thu Oct 20 14:06:17 CEST 2016 on sn-devel-104

s3:libads: don't use MEMORY:ads_sasl_gssapi_do_bind nor set "KRB5CCNAME"

Most callers just set "KRB5CCNAME", but leave ads->auth.ccache_name = NULL.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12369

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 890b1bbdb8e965c4ff6e35214acc96ffbbff5dfd)

HEIMDAL:lib/krb5: destroy a memory ccache on reinit

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12369

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 2abc3710a8a63327a769ba0482c553ed274b2113)

autobuild: Use cp --recursive --link --archive

This works on waf based builds as source files are not modified during the build

TODO: In order to make sure build doesn't influence each other,
we need to add something like:

         try:
             if options.rebase is not None:
                 rebase_tree(options.rebase, rebase_branch=options.branch)
+            run_cmd("find -type f | xargs chmod -w", show=True, dir=test_master)
         except Exception:

But that means we need to change the way 'make distcheck' works for the
standalone libraries.

For now this will help to reduce the (mem)disk usage of an autobuild a lot.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit cce16123feedfbf0e325182c6e301377d8a60749)

s3-printing: fix migrate printer code (bug 8618)

Removed path from driver files.
We only need the basenames.
(cherry picked from commit d61993043fcb7676a58658476421f5f4ff1a3fea)
(cherry picked from commit 9f07ef2249dc21eab37cd5888623e6edc84b2b59)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=8618

Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 5 19:19:39 CEST 2016 on sn-devel-144

(cherry picked from commit eb7555397fd4e9f66e041179aadff59f2a39d14f)

spoolss: Fix caching of printername->sharename

time_mono() gives seconds since boot, gencache expects seconds since epoch.
With time_mono(), the values are always expired immediately.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12374

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Oct 13 13:48:52 CEST 2016 on sn-devel-144

glusterfs: Avoid tevent_internal.h

Günther confirmed it still compiles :-)

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sat Sep 24 23:41:56 CEST 2016 on sn-devel-144

(cherry picked from commit c60ea2c17814f9f7b55514e0d0a553accaa54b15)

s3: events. Move events.c to util_event.c

Remove all tevent internal code.

Everything is now stock tevent.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(similar to commit 4ed790ebbf474c4e4ef9b4f0f3aeca65118796df)

s3: server: s3_tevent_context_init() -> samba_tevent_context_init()

We can now remove source3/lib/events.c

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit fbfea52e1ce8f22d8d020a2bf3aebd1bc69faceb)

s3: winbind: Remove dump_event_list() calls.

If needed we can add this into actual tevent.

Preparing to remove source3/lib/events.c

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 72785309aa2d1bed7abc6dd7c6475ff0f78411da)

s3: nmbd: Final changeover to stock tevent for nmbd.

Removes unused references to fds array used for (removed)
poll call. Renames create_listen_pollfds() to
create_listen_array().

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 6e8bd13660d7795df429dbf852345124db38ea96)

s3: nmbd: Change over to using tevent functions from direct poll.

This will allow us to eventually remove source3/lib/events.c
dependency and make nmbd purely tevent based.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit b857bf9b3fa3a836647edc40ead92db7b782d367)

s3: nmbd: Add a talloc_stackframe().

We will use this to create real tevent timer and fd
events.

This will allow us to eventually remove source3/lib/events.c
dependency and make nmbd purely tevent based.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 36b67729a6fc8518da71944db3fac6d9236b9348)

s3: nmbd: Add (currently unused) timeout and fd handlers.

This will allow us to eventually remove source3/lib/events.c
dependency and make nmbd purely tevent based.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit cca25c8f75147873280464eaf2699ff449f609ad)

s3: nmbd: Now attrs array mirrors fd's array use it in preference.

This will allow us to eventually remove source3/lib/events.c
dependency and make nmbd purely tevent based.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 376e04656b6755d1a182430b39273a93495d00b2)

s3: nmbd: Ensure attrs array mirrors fd's array for dns.

This will allow us to eventually remove source3/lib/events.c
dependency and make nmbd purely tevent based.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 7f0717e751930cd5da029c1852ff9f61f95e40b7)

s3: nmbd: Add fd, triggered elements to struct socket_attributes.

Zero the attrs array on allocation, and mirror the fd's.

This will allow us to eventually remove source3/lib/events.c
dependency and make nmbd purely tevent based.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit d8ade0730797df22bfe28847e034eb6d116b0e00)

s3:nmbd: fix talloc_zero_array() check in nmbd_packets.c

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Sep 23 18:08:21 CEST 2016 on sn-devel-144

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12283

(cherry picked from commit 4470f01605a2f09b054550ee5a8f8d3b4ebc2098)

s3-spoolss: fix winreg_printer_ver_to_qword

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12285

We were reporting the OS minor number as the driver version number in all
GetDriver/EnumDriver calls.

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit a9a1a16cc8b87a84cdfa049ebd26bf4eac1b3618)

Autobuild-User(v4-3-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-3-test): Thu Oct 13 20:12:54 CEST 2016 on sn-devel-104

gencache: Bail out of stabilize if we can not get the allrecord lock

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12045

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Sep 20 04:09:33 CEST 2016 on sn-devel-144

(cherry picked from commit b208499960eefef02d305a3bd59b03a7c2aafcac)

lib: poll_funcs : poll_funcs_context_slot_find can select the wrong slot to replace.

Look for an exact match first, before a free slot.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12272

Back-port from 085542fc93b3c603e8cda6e481e94d5fe2dfc669

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Tue Sep 20 13:38:44 CEST 2016 on sn-devel-104

lib/poll_funcs: free contexts in poll_funcs_state_destructor()

This ensures the destructors get called in the proper order.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12272

Back-port from c132b78c484c14d255a98567e90b934b73ebf8c2

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs_acl_xattr|tdb: enforced settings when ignore system acls=yes

When "ignore system acls" is set to "yes, we need to ensure filesystem
permission always grant access so that when doing our own access checks
we don't run into situations where we grant access but the filesystem
doesn't.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12181

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Aug 31 18:41:20 CEST 2016 on sn-devel-144

(cherry picked from commit b72287514cc78c9019db7385af4c9b9d94f60894)

docs: document vfs_acl_xattr|tdb enforced settings

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12181

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit cbe8f0d63b90e4380da35e9f9f5a05d8ccc2058b)

vfs_shadow_copy: handle non-existant files and wildcards

During path checking, the vfs connectpath_fn is called to
determine the share's root, relative to the file being
queried (for example, in snapshot file this may be other
than the share's "usual" root directory). connectpath_fn
must be able to answer this question even if the path does
not exist and its parent does exist. The convention in this
case is that this refers to a yet-uncreated file under the parent
and all queries are relative to the parent.

This also serves as a workaround for the case where connectpath_fn
has to handle wildcards, as with the case of SMB1 trans2 findfirst.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12172

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 25 05:35:29 CEST 2016 on sn-devel-144
(cherry picked from commit f41f439335efb352d03a842c370212a0af77262a)

selftest: test listing directories inside snapshots

Verify that directories are also listable.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12172

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 22c3982100a1d6bf67979a0659604942ef6f11f0)

selftest: check file readability in shadow_copy2 test

Add tests which verify that a snapshot file is readable
if and only if it its metadata can be retrieved. Also
verify (in most tests) that file is retrieved from the
correct snapshot.

Together with the existing test for number of previous
versions we can stat, this test checks that we can read
those files, and also that we cannot break out of a snapshot
if wide links are not allowed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12172

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 495b8177363bf1930f3afb373ad73caac022f353)

selftest: add content to files created during shadow_copy2 test

This will allow reading them and verifying we got the right version

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12172

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 523046080dd65607eacb901d58ee3b6e54de865e)

smbd: Reset O_NONBLOCK on open files

See the comment inline :-)

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12268
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Simo <simo@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Sep 15 20:21:41 CEST 2016 on sn-devel-144

(cherry picked from commit e69b17d603e5f09ac1e7ee05fc1f5ad67288c484)

Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Mon Sep 19 15:17:06 CEST 2016 on sn-devel-104

vfs_acl_common: use DBG_LEVEL and remove function prefixes in DEBUG statements

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit 11dddd59aa01195152199443bc26e3141f162c8f)

Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Fri Sep 16 15:33:31 CEST 2016 on sn-devel-104

s4/torture: tests for vfs_acl_xattr default ACL styles

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit 946b93d0e3f6f23fa2325d7aaba4dc6f4cc17cb6)

vfs_acl_common: Windows style default ACL

Reintroduce Windows style default ACL, but this time as an optional
feature, not changing default behaviour.

Original bugreport that got reverted because it changed the default
behaviour: https://bugzilla.samba.org/show_bug.cgi?id=12028

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 0730cb7e1ce33dbc5fc48a7363204c1220400c68)

vfs_acl_xattr|tdb: add option to control default ACL style

Existing behaviour is "posix" style. Next commit will (re)add the
"windows" style. This commit doesn't change behaviour in any way.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit 26a9867ae1a9c69659252ce03c280c7c18a6c58f)

vfs_acl_common: check for ignore_system_acls before fetching filesystem ACL

If ignore_system_acls is set and we're synthesizing a default ACL, we
were fetching the filesystem ACL just to free it again. This change
avoids this.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit f46179ef7310959af095b0ea6234df7523d15457)

vfs_acl_common: move stat stuff to a helper function

Will be reused in the next commit when moving the
make_default_filesystem_acl() stuff to a different place.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit 10959698e20de381beec7ab532c8bdc32fa6401c)

vfs_acl_tdb|xattr: use a config handle

Better for performance and a subsequent commit will add one more option
where this will pay off.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit 61c3d2124fb1a180fae4c8c0b5ab5b32bd56c8ad)

vfs_acl_common: move the ACL blob validation to a helper function

No change in behaviour.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit 0de5a128cee90694979d074c2590ddbca0071e82)

vfs_acl_common: simplify ACL logic, cleanup and talloc hierarchy

No change in behaviour (hopefully! :-). This paves the way for moving
the ACL blob validation to a helper function in the next commit.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit 335527c647331148927feea2a7ae2f2c88986bc6)

vfs_acl_common: remove redundant NULL assignment

The variables are already set to NULL by TALLOC_FREE.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit e6f1254a00a6bf85b8d95bfbafef7d3e39ce1dde)

vfs_acl_common: rename pdesc_next to psd_fs

In most realistic cases the "next" VFS op will return the permissions
from the filesystem. This rename makes it explicit where the SD is
originating from. No change in behaviour.

This just paves the way for a later change that will simplify the whole
logic and talloc hierarchy.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit 9f79084f166208820f586c8e43e1e315d32cd5ce)

vfs_acl_common: rename psd to psd_blob in get_nt_acl_internal()

This makes it explicit where the SD is originating from. No change in
behaviour.

This just paves the way for a later change that will simplify the whole
logic and talloc hierarchy, therefor this also strictly renames the
occurences after the out label.

Logically, behind the out label, we're dealing with a variable that
points to what we're going to return, so the name psd_blob is
misleading, but I'm desperately trying to avoid logic changes in this
commit and therefor I'm just strictly renaming.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit 2367eea928593f12f8914f7e7ba613b1b15516de)

Revert "vfs_acl_xattr: objects without NT ACL xattr"

This reverts commit 961c4b591bb102751079d9cc92d7aa1c37f1958c.

Subsequent commits will add the same functionality as an optional
feature.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 590b80490c00587b5a4035856891e10defb654f6)

smbd: allow reading files based on FILE_EXECUTE access right

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Aug 18 18:58:22 CEST 2016 on sn-devel-144

(backported from commit a6073e6130d39dac58f1e6ea9f41ec4ab34c3e29)

smbd: look only at handle readability for COPYCHUNK dest

This commits sets the stage for a change of behavior
in a later commit.

When checking FILE_READ_DATA on the COPYCHUNK dest handle,
only check the handle readability and not the extra right
that may have been added due to the FILE_EXECUTE right.

The check for FILE_READ_DATA always seemed strange for the
dest handle, which is not read. It turns out that in Windows,
this check is not done at the SMB layer, but at a lower layer
that processes the IOCTL request - the IOCTL code has bits
that specify what type of access check needs to be done.

Therefore, this lower layer is unaware of the SMB layer's
practice of granting READ access based on the FILE_EXECUTE
right, and it only checks the handle's readability.

This subtle difference has observable behavior - the
COPYCHUNK source handle can have FILE_EXECUTE right instead
of FILE_READ_DATA, but the dest handle cannot.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Tue Aug 16 15:21:03 CEST 2016 on sn-devel-144

(cherry picked from commit 3e42b69d5e1216b6af570a09d58040d281bbbf17)

s4-smbtorture: pin copychunk exec right behavior

Add tests that show copychunk behavior when the
source and dest handles have execute right instead
of read-data right.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit 5bf11f6f5b4dab4cba4b00674bcb76138fb55974)

seltest: allow opening files with arbitrary rights in smb2.ioctl tests

Separate file creation (which requires write access) from the
opening of the file for the test (which might be without write
access).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit 6ce0304eda4b464972defcecd591fab03428bd03)

seltest: implicit FILE_READ_DATA non-reporting

This test (passes against Windows Server 2012R2) shows
that the implicit FILE_READ_DATA that is added whenever
FILE_EXECUTE is granted, is not reported back when querying
the handle.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit 7dc9f582066d500bf57000891560610e8d2e208c)

s4-selftest: add test for read access check

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(backported from commit 55a9d35cabaea6e98211fc058b788cedf9b7b22a)

s4-selftest: add functions which create with desired access

Add functions which create a file or a directory with
specific desired access.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit 1b06acafa4e9ea91a50e5ed85da881187057da6e)

s4-smbtorture: use standard macros in smb2.read test

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit 20b9a5bd74fafbca4b7cc7952c27033edcf0eeb8)

s3: oplock: Fix race condition when closing an oplocked file.

We must send the 'oplock released' message whilst the lock
is held in the close path. Otherwise the messaged smbd can
race with the share mode delete.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12139

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit df83b17c60a08a27a7ddd1d88dc125e15b3ee06d)

smbd: oplock: Factor out internals of remove_oplock() into new remove_oplock_under_lock().

Allows this to be called elsewhere.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12139

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit cb394abe5206dd8ad8a68f157427991b259129a7)

smbd: oplock: Fixup debug messages inside remove_oplock().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12139

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit de7180151fc99893c4763882fecd9d2a623cd061)

gensec/spnego: work around missing server mechListMIC in SMB servers

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11994

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Fri Sep 2 18:10:44 CEST 2016 on sn-devel-144

(cherry picked from commit 9b45ba5cd53bd513eb777590815a0b8408af64e2)

dbcheck: Abandon dbcheck if we get an error during a transaction

Otherwise, anything that the transaction has already done to the DB will be left in the DB
even despite the failure. For example, if a fix wrote to the DB, but then failed a post-write
check, then the fix will not be unrolled.

This is because we do not have nested transactions in TDB.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12178

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Aug 29 12:46:21 CEST 2016 on sn-devel-144

(cherry picked from commit db32a0e5ea8f652857e45480cc31ecb1ef884c1a)

dsdb: Allow missing a mandatory attribute from a dbcheck fix

dbcheck of the rid pool (CN=RID Set) for another server will otherwise fail because
rIDNextRid is not replicated, and so it not present

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12178

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 9d0c869e36ba2f43fd2ed4cd090b48102d499bc8)

libgpo: Correctly use the 'server' parameter after parsing it out of the GPO path.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12135

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 2a8ccc0841184c2df9fc19f8452009b92071c115)

s3: libsmb: Protect cli_connect_nb_send() from being passed a NULL hostname and dest_ss.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12135

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 27ebf64b347a770e0d1ad4f1db645cb1b8dd5861)

script/release.sh: use 8 byte gpg key ids

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep 2 22:05:33 CEST 2016 on sn-devel-144

(cherry picked from commit e0ef054fa94b0dd56ec7bf92ffea0a6d7609da56)

Autobuild-User(v4-3-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-3-test): Mon Sep 5 22:58:16 CEST 2016 on sn-devel-104

ldb-samba: Add "secret" as a value to hide in LDIF files

This is not secret or encrypted in LDAP, but is sensitive in secrets.ldb

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Wed May 11 07:17:38 CEST 2016 on sn-devel-144

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12154

(cherry picked from commit 15f191a2329d08b92111f71e22f8a28c8a39c193)

Autobuild-User(v4-3-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-3-test): Tue Aug 16 13:18:45 CEST 2016 on sn-devel-104

samba-tool/ldapcmp: ignore differences of whenChanged

This is implicitly replicated, but may diverge on updates of non-replicated
attributes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12129

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Aug 8 17:34:24 CEST 2016 on sn-devel-144

(cherry picked from commit a0e60e96aa38407ded8d63650dcf8f39304c958a)

script/autobuild.py: include the branch name in the output

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Aug 11 08:38:47 CEST 2016 on sn-devel-144

(cherry picked from commit 98d289d2e5162a23d15562b009d0edf20a55a56b)

autobuild: fix typo in autobuild success subject line

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Thu May 5 04:15:16 CEST 2016 on sn-devel-144

(cherry picked from commit 2fe2e662dba080536a0f6c5485514097dd74a65a)

autobuild: Return the last 50 log lines

This means that you don't have to deal with tars for quickly determining
the cause of a failure.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 3751ffbbe75524984a822d65f623a040ca79c8f7)

autobuild: Give a clearer failure message

This helps when autobuild.py is used in --tail mode and
where there is neither e-mail nor access to the logs.tar.gz

Working back to find where the error happened is typically
quite difficult, as many failures are actually due to the
cleanup.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 9a91fce2deccfe0445363b2a35f2cfb72fdff766)

dbwrap_ctdb: treat empty records in ltdb as non-existing

When fetching records from remote ctdb nodes via ctdbd_parse() or in
db_ctdb_traverse(), we already check for tombstone records and skip
them. This was originally also done for the ltdb checks.

See also bug: https://bugzilla.samba.org/show_bug.cgi?id=10008
(commit 1cae59ce112ccb51b45357a52b902f80fce1eef1).

Commit 925625b52886d40b50fc631bad8bdc81970f7598 reverted part of the
patch of bug 10008 due to a deadlock it introduced.

This patch re-introduces the consistent treatment of empty records in
the ltdb but avoids the deadlock by correctly signalling
NT_STATUS_NOT_FOUND if an empty record is found authoritatively in
the ltdb and not calling ctdb in this case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12005

Pair-Programmed-With: Michael Adam <obnox@samba.org>

Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Aug 9 04:38:44 CEST 2016 on sn-devel-144

(backported from commit 25df582739918b7afd4e5497eaffe279e2d92cd1)

Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Wed Aug 10 14:58:12 CEST 2016 on sn-devel-104

s4/torture: add a test for ctdb-tombstrone-record deadlock

This tests for a possible deadlock between smbd and ctdb dealing with
ctdb tombstone records.

Commit 925625b52886d40b50fc631bad8bdc81970f7598 explains the deadlock in
more details and contains the fix. It's a fix for a regression
introduced by the patch for bug 10008 (1cae59ce112c).

If you ever want to use this test against that specific commit:

$ git checkout 925625b52886d40b50fc631bad8bdc81970f7598
$ git cherry-pick THIS_COMMIT

This should not deadlock on a ctdb cluster.

$ git revert 925625b52886d40b50fc631bad8bdc81970f7598

This will deadlock.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12005

Pair-Programmed-With: Michael Adam <obnox@samba.org>

Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
(cherry picked from commit b17e2f5c740fb081c007ed2e1c23138ffcba1469)

smbd: ignore ctdb tombstone records in fetch_share_mode_unlocked_parser()

dbwrap_parse_record() can return ctdb tombstone records from the lctdb,
ignore them.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12005

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 7147859c7afc1344e76485e2cbc286679110d96e)

ctdb-daemon: Fix CID 1125627 Resource leak (RESOURCE_LEAK)

Also fixes CID 1125628.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12110

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 940272d215049f5f5079aa926e69eae1985a4bfa)

ctdb-common: Fix CID 1125585 Dereference after null check (FORWARD_NULL)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12110

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit b4f23a7e95cd9c8fc4a6324d4ec5a2881eaec207)

ctdb-common: Fix CID 1125583 Dereference after null check (FORWARD_NULL)

This also fixes CID 1125584.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12110

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit bbf0b907cb04184515d0f5f09f14824df1c2e59f)

ctdb-common: Fix CID 1125581 Dereference after null check (FORWARD_NULL)

This also fixes CID 1125582.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12110

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 7ae3699831427725f12e0a26a0681e59f2fbb2d9)

ctdb-daemon: Fix CID 1363067 Resource leak (RESOURCE_LEAK)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12110

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit c6a7f680ce74d4a630fa9305d0a926cc1a4b3d2c)

ctdb-daemon: Fix CID 1363233 Resource leak (RESOURCE_LEAK)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12110

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 74aca5f4c671d9f15ae6c3a901978a1cf247dd6f)

ctdb-utils: Fix CID 1297451 Explicit null dereferenced (FORWARD_NULL)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12110

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit d46960f20e795cd4abc1c727705f77b2f0e0e564)

ctdb-common: Consistently use strlcpy() on interface names

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12110

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit aff33a59479cafcb1f24a07ff76383d47bb196b3)

ctdb-common: Fix CID 1125553 Buffer not null terminated (BUFFER_SIZE_WARNING)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12110

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 763f9c13f2998a8858e8a3ec013d166a3d429835)

ctdb-daemon: Fix CID 1364527/8/9: Null pointer dereferences (NULL_RETURNS)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12110

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit ed81e51cc1633cecfef05b84c0595418db8a384b)

ctdb-scripts: Fix regression in updateip code

Regression introduced in commit
6471541d6d2bc9f2af0ff92b280abbd1d933cf88.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Michael Adam <obnox@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12106

(cherry picked from commit d8e4c5a468286ecc1c38ecd66a3606e84db02373)

Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Fri Aug 5 13:17:21 CEST 2016 on sn-devel-104

async_req: make async_connect_send() "reentrant"

Allow callers to pass in socket fds that where already passed to an
earlier call of async_connect_send(). Callers expect this behaviour and
it was working until 05d4dbda8357712cb81008e0d611fdb0e7239587 broke it.

The proper fix would be to change callers to close the fd and start from
scratch with a fresh socket.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12105

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Aug 4 05:03:21 CEST 2016 on sn-devel-144

(cherry picked from commit 9c6a4ea2788808bdcc7bfea798d838ea56c3b5ec)

vfs_acl_xattr: objects without NT ACL xattr

Even with "ignore system acls" set to "yes", for objects without NT ACL
xattr we use the underlying filesystem permissions to construct an NT
ACL. This can result in *very* unexpected permissions, eg:

- a directory with the following ACL:

$ ./bin/smbcacls -Uslow%pass //localhost/normal ""
REVISION:1
CONTROL:SR|DP
OWNER:SLOW\slow
GROUP:Unix Group\root
ACL:SLOW\slow:ALLOWED/0x0/FULL

So only one non-inheritable(!) ACE.

- creating a subdirectory:

$ ./bin/smbclient -Uslow%pass //localhost/normal -c "mkdir dir1"

- checking whether there's an ACL xattr:

$ getfattr -m "" /Volumes/normal/dir1
getfattr: Removing leading '/' from absolute path names
system.posix_acl_access
system.posix_acl_default
user.DOSATTRIB

So there isn't an ACL xattr, because there where no inheritable ACEs on
the parent folder.

- reading the new subdirectories ACL:

$ ./bin/smbcacls -Uslow%pass //localhost/normal "dir1"
REVISION:1
CONTROL:SR|DP
OWNER:SLOW\slow
GROUP:Unix Group\slow
ACL:SLOW\slow:ALLOWED/0x0/FULL
ACL:Unix Group\slow:ALLOWED/0x0/READ
ACL:Everyone:ALLOWED/0x0/READ
ACL:NT Authority\SYSTEM:ALLOWED/0x0/FULL

The ACES for "SLOW\slow", "Unix Group\slow" and "Everyone" are coming
from the underlying filesystem. This is the problem.

- Windows assigns the following ACL in this situation:

$ ./bin/smbcacls -UAdministrator%Passw0rd //10.10.10.14/data "dir"
REVISION:1
CONTROL:SR|PD|DI|DP
OWNER:VORDEFINIERT\Administratoren
GROUP:WIN2008R2\Domänen-Benutzer
ACL:WIN2008R2\Administrator:ALLOWED/0x0/FULL

$ ./bin/smbclient -UAdministrator%Passw0rd //10.10.10.14/data -c "mkdir dir\dir1"

$ ./bin/smbcacls -UAdministrator%Passw0rd //10.10.10.14/data "dir\dir1"
REVISION:1
CONTROL:SR|DI|DP
OWNER:VORDEFINIERT\Administratoren
GROUP:WIN2008R2\Domänen-Benutzer
ACL:VORDEFINIERT\Administratoren:ALLOWED/0x0/FULL
ACL:NT-AUTORITÄT\SYSTEM:ALLOWED/0x0/FULL

By changing make_default_filesystem_acl() to only adds user and system
ACE to the ACL of objects that lack an ACL xattr, we match Windows
behaviour:

$ ./bin/smbclient -Uslow%pass //localhost/normal -c "mkdir dir2"

$ ./bin/smbcacls -Uslow%pass //localhost/normal "dir2"
REVISION:1
CONTROL:SR|DP
OWNER:SLOW\slow
GROUP:Unix Group\slow
ACL:SLOW\slow:ALLOWED/0x0/FULL
ACL:NT Authority\SYSTEM:ALLOWED/0x0/FULL

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12028

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Jul 19 10:22:05 CEST 2016 on sn-devel-144

(cherry picked from commit 961c4b591bb102751079d9cc92d7aa1c37f1958c)

Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Wed Aug 3 14:42:05 CEST 2016 on sn-devel-104

s3/smbd: move make_default_filesystem_acl() to vfs_acl_common.c

This function is only used in vfs_acl_common.c and will be modified in
the next commit.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12028

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit afc2417b107af572081974ff9d013ddec890d31f)

smbd/notifyd: use smbd_reinit_after_fork()

Using smbd_reinit_after_fork() rather then reinit_after_fork() ensures
am_parent is reset to NULL. Otherwise, when exiting for some reason, the
inherited atexit handler killkids() calls kill(0,SIGTERM) terminating
our whole process group including the main smbd.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12016

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(backported from commit bb90a8484a734b76ddd4d270f31fcdb4ae6cc48d)

s3-rpc_server/mdssd: use smbd_reinit_after_fork()

Using smbd_reinit_after_fork() rather then reinit_after_fork() ensures
am_parent is reset to NULL. Otherwise, when exiting for some reason, the
inherited atexit handler killkids() calls kill(0,SIGTERM) terminating
our whole process group including the main smbd.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12016

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Jul 11 02:02:33 CEST 2016 on sn-devel-144

(backported from commit 6efd0af5e8d8ee81b5f53afb126d87950088b7cd)

selftest: test idmap backend id allocation for unknown SIDS

If an SID is is not found becaues the RID doesn't exist in a domain and
the domain is configured to use a non-allocating idmap backend like
idmap_ad or idmap_rfc2307, winbindd must not return a mapping for the
SID.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11961

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 2a322a7671c9ffd0dd600142dd76b5b51a67e185)

selftest: make autorid the default idmap backend in admember_rfc2307

This is needed for a new test in the next commit. Exisiting tests aren't
affected by this, at least a private autobuild passed with this
change.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11961

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit aa54fa4e88cc80bc7841beba3a5561ad2c83dc80)

winbindd: in wb_lookupsids return domain name if we have it

When doing a SID to xid mapping for an unknown SID, the idmap child gets
passed a lsa_RefDomainList with an empty domain name (ie ""). This is
coming from LsaLookupSids() and causes the mapping request to end up in
the default idmap domain.

Example request with domain name "":

  wbint_Sids2UnixIDs: struct wbint_Sids2UnixIDs
     in: struct wbint_Sids2UnixIDs
         domains                  : *
             domains: struct lsa_RefDomainList
                 count                    : 0x00000001 (1)
                 domains                  : *
                     domains: ARRAY(1)
                         domains: struct lsa_DomainInfo
                             name: struct lsa_StringLarge
                                 length                   : 0x0000 (0)
                                 size                     : 0x0002 (2)
                                 string                   : *
                                     string                   : ''
                             sid                      : *
                                 sid                      : S-1-5-21-3152989960-574718769-2188965058
                 max_size                 : 0x00000020 (32)
         ids                      : *
             ids: struct wbint_TransIDArray
                 num_ids                  : 0x00000001 (1)
                 ids: ARRAY(1)
                     ids: struct wbint_TransID
                         type                     : ID_TYPE_NOT_SPECIFIED (0)
                         domain_index             : 0x00000000 (0)
                         rid                      : 0x000029aa (66666)
                         xid: struct unixid
                             id                       : 0xffffffff (4294967295)
                             type                     : ID_TYPE_NOT_SPECIFIED (0)

In _wbint_Sids2UnixIDs() we call idmap_find_domain_with_sid() with the
domain name "" and this triggers use of the default idmap domain which
in case of idmap_autorid will allocate an id from a idmap_autorid range.

If we know the domain, ensure we return it for SIDs were the SID was not
found but the domain of the SID was found. Callers like sids2xids depend
on the domain name and returning an empty string "" for valid domain can
trigger unwanted idmap range allocations.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11961

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 9be918116e356c358ef77cc2933e471090088293)

winbindd/idmap_rfc2307: fix a crash

map->map is NULL if lookupsid failed.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11961

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 5e346af078847512e86755a4634583a8a5178c0e)

s3:mdssvc: older glib2 versions require g_type_init()

Older glib2 versions will crash if g_type_init is not called:

(process:6712): GLib-GObject-CRITICAL **: ... ./gobject/gtype.c:2722:
You forgot to call g_type_init()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11801

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 18 03:52:55 CET 2016 on sn-devel-144

(cherry picked from commit 3563d79a8cb625ae78523cb32330c9f61c6c3a2f)

ctdb-common: For AF_PACKET socket types, protocol is in network order

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11770

From man page of packet(7):

                                             protocol is the  IEEE  802.3
   protocol  number  in  network  byte  order.  See the <linux/if_ether.h>
   include file for a list of allowed protocols.  When protocol is set  to
   htons(ETH_P_ALL),  then all protocols are received.

Protocol argument was changed from network order to host order wrongly
in commit 9f8395cb7d49b63a82f75bf504f5f83920102b29.

Specifying "protocol" field to socket(AF_PACKET, ...) call only affects
the packets that are recevied.  So use protocol = 0 when sending raw
packets.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Mar  4 12:58:50 CET 2016 on sn-devel-144

(cherry picked from commit f5b6a5b13406c245ab9cc8c1699483af9eb21f88)

s3: smbd: Fix delete operations enumerating streams inside a file. This must always be done as a Windows operation.

When using UNIX extensions to delete a file containing streams,
the open for delete and close operations need to enumerate the
contained streams and do CREATE and UNLINK operations on the
stream names. These must always be done as Windows operations
(use lp_set_posix_pathnames(false) to flip the processing) as
the stream names are Windows paths.

Without this the create operation under the unlink will
recurse and cause the client to time out (or a server crash).

This (hack) is only needed for 4.4.x and below, it is fixed
correctly in 4.5.x.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12021

Signed-off-by: Jeremy Allison <jra@samba.org>

s3: smbd: Change lp_set_posix_pathnames() to take a newval parameter and return the old one.

Currently only used in one place, but we'll need to use it to
temporarily change pathname processing to fix bug 12021.

This (hack) is only needed for 4.4.x and below, it is fixed
correctly in 4.5.x.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12021

Signed-off-by: Jeremy Allison <jra@samba.org>

s4: ldb: Ignore case of "range" in sscanf as we've already checked for its presence.

https://bugzilla.samba.org/show_bug.cgi?id=11838

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 1d4b20d4f3829eb3778006397990cd9fee4966a5)

param: Correct the defaults for "dcerpc endpoint services"

We must not list any services that we skip building, as otherwise all RPC services fail to start.

We now build without the source4 spoolss server in non-developer builds

This fixes commit 0b4c741b9c03d147ee5f56d027bacda75c1b5282

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12025
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 748384992b96c3936d82bc09f39459fb4bd489bd)

build: Always build eventlog6. This is not a duplicate of eventlog

The eventlog6 pipe is not a duplicate with the source3 code, so should be built even
for the default build with smbd for file serving

This fixes commit 0b4c741b9c03d147ee5f56d027bacda75c1b5282

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12026
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit d183261e6844724394d618912403cd0217401741)

libads: ensure the right ccache is used during spnego bind

When doing spnego sasl bind:
1. Try working without kinit only if a password is not
   provided
2. When using kinit, ensure the KRB5CCNAME env var is set
   to a private memory ccache, so that the bind is on behalf
   of the requested user.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12007

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jul 12 03:23:33 CEST 2016 on sn-devel-144

(cherry picked from commit a1743de74f09d5bf695f077f5127d02352a014e2)

libads: ensure the right ccache is used during gssapi bind

When doing gssapi sasl bind:
1. Try working without kinit only if a password is not
   provided
2. When using kinit, ensure the KRB5CCNAME env var is set
   to a private memory ccache, so that the bind is on behalf
   of the requested user.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12007

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 2672968851966e5c01e4fc4d906b45b5c047e655)

auth: fix a memory leak in gssapi_get_session_key()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12006

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Richard Sharpe <sharpe@samba.org>
Autobuild-Date(master): Wed Jul 6 00:40:15 CEST 2016 on sn-devel-144

(cherry picked from commit 77f3730295735dc9465c8e3d07fc761c83761b6e)

Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Fri Jul 8 14:11:21 CEST 2016 on sn-devel-104