VERSION: Disable git snapshot for the 4.3.1 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

WHATSNEW: Add release notes for Samba 4.3.1.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

s3:smbstatus: add stream name to share_entry_forall()

Add stream name argument to share_entry_forall machinery so smbstatus
can print the stream name of a file.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11550

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit cd0c2a5eca43cea76491ae0d820414287c234c1a)

Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Tue Oct 20 11:51:16 CEST 2015 on sn-devel-104

s3: lsa: lookup_name() logic for unqualified (no DOMAIN\ component) names is incorrect.

Change so we only use unqualified name lookup logic if
domain component = "" and LOOKUP_NAME_ISOLATED flag is
passed in.

Remember to search for "NT Authority" *before* going
into unqualified name lookup logic.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11555

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 2f6dc260ada6cd178a650ca003c2ad22e12697c1)

s3:lib: validate domain name in lookup_wellknown_name()

If domain argument is not an empty string, only search the matching
wellknown domain name.

As the only wellknown domain with a name is "NT Authority", passing ""
to lookup_wellknown_name() will search all domains inlcuding "NT
Authority".

Passing "NT Authority" otoh will obviously only search that domain.

This change makes lookup_wellknown_name() behave like this:

in domain         | in name       | ok | out sid | out domain
========================================================
                    Dialup          +    S-1-5-1   NT Authority
NT Authority        Dialup          +    S-1-5-1   NT Authority
Creator Authority   Dialup          -    -         -
                    Creator Owner   +    S-1-3-0   ""
Creator Authority   Creator Owner   -    -         -
NT Authority        Creator Owner   -    -         -

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11555

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 23f674488a1f62fcc58bb94bed0abed98078b96d)

s3:locking: initialize lease pointer in share_mode_traverse_fn()

Initialize lease pointer to point to the share_mode_data leases array
entry at index lease_idx.

This fixes a bug in smbstatus where the lease info is not printed.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11549

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 13 01:14:09 CEST 2015 on sn-devel-104

(cherry picked from commit 0ef9c67b56a0b493ed06f9a64ac2bc2233041aee)

s4: torture: Add SMB2 access-based enumeration test. Passes against Win2k12R2.

https://bugzilla.samba.org/show_bug.cgi?id=10252

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Oct 14 19:00:03 CEST 2015 on sn-devel-104

(cherry picked from commit 808f29cb2f9de47dcf78b380cc8767e9546e1954)

lib: cli: Add accessor function smb2cli_tcon_flags() to get tcon flags.

We need this to see if a share supports access-based enumeration.

https://bugzilla.samba.org/show_bug.cgi?id=10252

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit b1bd84e9c9867092055f29fe39279e1c767f570a)

s3: smbd: Fix our access-based enumeration on "hide unreadable" to match Windows.

Torture test to follow.

https://bugzilla.samba.org/show_bug.cgi?id=10252

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit cc05f73872c36cd307da3d6fed200beb16d5c2a8)

smbd: Fix file name buflen and padding in notify repsonse

The array is uint16, doubling the file name length consumes twice the space
required.

As we're hand assembling this as a series of concatinated individual data_blobs,
we must take care to ensure the correct 4 byte alignment that was
being masked by the previous doubling of the filename length.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10634

Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Oct 18 01:56:41 CEST 2015 on sn-devel-104

(cherry picked from commit 7c483690ac6ed007798aeeb7b8549c9d55877e56)

vfs_fruit: return value of ad_pack in vfs_fruit.c

ad_pack() in vfs_fruit.c returns false on failure and 0 on success -
i.e. return value is interpreted as success even when it fails.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11543

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Tue Oct  6 16:14:42 CEST 2015 on sn-devel-104

(cherry picked from commit 5d7eaf959a0f11be878f698305fcb8908d7ba047)

Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Tue Oct 13 12:29:33 CEST 2015 on sn-devel-104

lib: We can do ACCRIGHTS style fdpassing

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11053

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Oct  1 05:55:42 CEST 2015 on sn-devel-104

(cherry picked from commit 00954a975b45cdb0dcf08c25850d2be26efabe48)

lib: Support fd passing using the 4.3BSD way

This is required on Solaris

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11053

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
(cherry picked from commit 0499cee90307d9644271869c86fac2b5401df0e0)

lib: Move some routines around in msghdr.c

This way we only need one #ifdef for ACCRIGHTS

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11053

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
(cherry picked from commit f4e06a9bce42d60f6c96a21307266a99d2785ae9)

lib: We only need the fd-passing check once

unix_dgram_send will tell us as well

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11053

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
(cherry picked from commit 2c675aad40e3e0bb412f9fb8558de349ad62860a)

vfs_commit: set the fd on open before calling SMB_VFS_FSTAT

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11547

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct  8 02:56:41 CEST 2015 on sn-devel-104

(cherry picked from commit 5709dece4860f205e31309e31ec4e3e938d9f6a5)

s3:ctdbd_conn: make sure we destroy tevent_fd before closing the socket

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11316

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 70dbba96e311449575f571db68710584fc991234)

s4: tests: Fix nss_tests build on Solaris.

Too many arguments for Solaris getpwent_r() and getgrent_r().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11508

Signed-off-by: Tom Schulz <schulz@adi.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <rb@sernet.de>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Sep 17 05:01:07 CEST 2015 on sn-devel-104

(cherry picked from commit 5866fcc1645366a56e68fc3d8065618131364337)

kerberos: make sure we only use prompter type when available.

We also verified that we cannot simply remove the prompter as several older
versions of Heimdal would crash.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11038

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Oct  2 07:29:43 CEST 2015 on sn-devel-104

(cherry picked from commit 6755376cedaf0c88230b47e04c584c7d9fce13e3)

Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Mon Oct  5 12:44:42 CEST 2015 on sn-devel-104

winbind: Fix 100% loop

Thanks to "L.P.H. van Belle" <belle@bazuin.nl>
for help in reproducing the issue.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11038

From the bug report:

"With e551cdb37d3e re-applied the problem is gone with
and without kerberos. Moreover, if correctly configured,
sshd requests you to change your password at logon time,
which then succeeds.

The problem why I had this reverted was because I had not
gone through the pain to correctly configure all the PAM
services (in particular the "account" section), leading
to sshd letting the user in when the password had to be
changed."

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit e551cdb37d3e8cfb155bc33f9b162761c8d60889)

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct  2 00:16:29 CEST 2015 on sn-devel-104

(cherry picked from commit e524ab9f7ee9f4aff50dd5bc42312f9000bf1c6e)

s3: smbd: Fix NULL pointer bug introduced by previous 'raw' stream fix (bug #11522).

Ensure dirpath can never be NULL.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11535

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Oct  1 08:58:36 CEST 2015 on sn-devel-104

(cherry picked from commit f9ceaf443991e0bb5db23eeced2841436f47359e)

s3: smbd: fix a crash in unix_convert()

Some error code paths may result in dirpath being NULL.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11535

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit bec685fb13e7cbe3bb98e5647183720d31f1c522)

net: fix a crash with net ads keytab create

Fix a crash that happens when executing "net ads keytab create"
and the machine account in AD does not have setvice principal names
attached to it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11528

Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit e224e622971853bddbe24df717ea5dcddef71b89)

s3: tests: smbclient test to ensure we can create and see a :foobar stream on the top level directory in a share.

Regression test for:

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11522

Remember to remove the ARCHIVE attribute from the toplevel
share when done (can only be done over SMB2+).

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Sep 18 11:00:44 CEST 2015 on sn-devel-104

(cherry picked from commit 6ce3643e45bac6660ae69123738c4b39d7bc1864)

s3: smbd: Fix opening/creating :stream files on the root share directory.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11522

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 74fd4f93efe92516fc507edf71a588660782879e)

s3: smbd: Remove unused parameter from build_stream_path().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 94e7e707783036b57babc73d320d2a3d8c0648d6)

s3: smbclient: Move cmd_setmode out of clitar.c and back into client.c

setmode <file> attribute is a valid smbclient command even if libarchive
isn't on the system and tarmode isn't compiled in.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit a47012d5429044c9a3616718bac21360f281aa81)

pam_winbind: Fix a segfault if initialization fails

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11502

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Sep  8 21:39:21 CEST 2015 on sn-devel-104

(cherry picked from commit 7d84cd6e40024fd361ea21635f7befed40f0e41f)

s4: torture: Test mkdir race condition.

Found by Max of LoadDynamix <adx.forum@gmail.com>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11486

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Sep 24 06:13:22 CEST 2015 on sn-devel-104

(cherry picked from commit 969d043596c0a382325d54d16dbd5e049f884fa9)

s3: smbd: Fix mkdir race condition.

Found by Max of LoadDynamix <adx.forum@gmail.com>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11486

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit b1c823dc8c2824ec89921601d8e5e95f6d18fca8)

lib/param: fix hiding of FLAG_SYNONYM values

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11526

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
(cherry picked from commit 25dcdc92709a46d87125bc454faae7cad43d6b71)

s4:lib/messaging: use 'msg.lock' and 'msg.sock' for messaging related subdirs

In Samba 4.2, we used lock_path("msg") (with 0700) for the socket directory,
while we use lock_path("msg") (with 0755) for the lock file directory.

This generates a conflict that prevents samba, smbd, nmbd and winbindd
from starting after an upgrade.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11515

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Sep 17 09:04:59 CEST 2015 on sn-devel-104

(cherry picked from commit 1d2a1a685ebdf479c511e01764e5148dbcbb37c9)

s3:lib/messages: use 'msg.lock' and 'msg.sock' for messaging related subdirs

In Samba 4.2, we used lock_path("msg") (with 0700) for the socket directory,
while we use lock_path("msg") (with 0755) for the lock file directory.

This generates a conflict that prevents samba, smbd, nmbd and winbindd
from starting after an upgrade.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11515

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 1aabd9298d59d4f57d321ecaee59e99d966089ff)

s3:lib/messages: add missing allocation check for priv_path

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11515

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit b0fa8316beefc7808b059f514448d41224d1c1fb)

s3: dfs: Fix a crash when the dfs targets are disabled.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11509

Signed-off-by: Har Gagan Sahai <SHarGagan@novell.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ira Cooper <ira@wakeful.net>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep 11 06:39:19 CEST 2015 on sn-devel-104

nss_winbind: fix hang on Solaris on big groups

The problem with large groups on Solaris in the the NSS winbind module is
Solaris wants the return value to be NSS_UNAVAIL if the buffer given is too
small for getgrnam_r.  The current code return NSS_TRYAGAIN which causes
Solaris/Illumos to loop without trying to resize the buffer.

Thanks to  Nathan Huff <nhuff@acm.org> for finding this out.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10365

Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Ralph Böhme <rb@sernet.de>
(cherry picked from commit d3e51b9cfe3d56530253571e020af72da1877044)

Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Wed Sep 16 12:43:30 CEST 2015 on sn-devel-104

build: use as-needed linker flag also on OpenBSD

OpenBSD is unusable with binaries with many superfluous libs linked in.
samba-tool start times of 250 seconds without as-needed vs. 1.4 seconds with
as-needed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11355

Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Ralph Böhme <rb@sernet.de>
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Fri Sep 11 03:37:17 CEST 2015 on sn-devel-104

(cherry picked from commit b0f41c07ffe8600433c20a038b1612c04ed29e89)

VERSION: Bump version up to 4.3.1...

...and re-enable git snapshots.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Karolin Seeger <kseeger@samba.org>

VERSION: Release Samba 4.3.0

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Karolin Seeger <kseeger@samba.org>

WHATSNEW: Add release notes for Samba 4.3.0.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Karolin Seeger <kseeger@samba.org>

s4:torture:vfs_fruit: created empty resourceforks

Check for opens and creates, created empty resourceforks result in
ENOENT in subsequent opens.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11467

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep  2 06:50:16 CEST 2015 on sn-devel-104

Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Fri Sep  4 15:45:15 CEST 2015 on sn-devel-104

s4:torture:vfs_fruit: add a resource fork truncation test

Truncating a resource fork to 0 bytes should make it inaccessible for
subsequent creates and return NT_STATUS_OBJECT_NAME_NOT_FOUND.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11467

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs_fruit: delete ._ file when deleting the basefile

0 byte resource fork streams are not listed by vfs_streaminfo, as a
result stream cleanup/deletion of file deletion doesn't remove the
resourcefork stream.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11467

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs_fruit: split and simplify fruit_ftruncate

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11467

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs_fruit: handling of empty resource fork

Opening the resource fork stream with O_CREAT mustn't create a visible
node in the filesystem, only create a file handle. As long as the
creator didn't write into the stream, other openers withour O_CREAT
MUST get an ENOENT error. This is way OS X SMB server implements it.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11467

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

samr4: Use <SID=%s> in GetGroupsForUser

This way we avoid quoting problems in user's DNs

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Sep  1 23:49:14 CEST 2015 on sn-devel-104

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11488
(cherry picked from commit 841845dea35089a187fd1626c9752d708989ac7b)

Autobuild-User(v4-3-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-3-test): Thu Sep  3 12:14:12 CEST 2015 on sn-devel-104

python/tests: Add more assertions that we get back the value we expect

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11429

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Sep  1 17:00:53 CEST 2015 on sn-devel-104

(cherry picked from commit 5aefea842528d053b86b50ff2ed9047db1ca4594)

python/tests: Add tests for 64 bit signed integers

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11429

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 1f50e194517b84ccc8d0208d563e83dabfb2327a)

pidl/python: also add a ndr_PyLong_FromLongLong() for symnetric reasons

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11429

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit e6fbeb860638ad1113914b9460a618025d950d08)

pidl/python: Provide static inline helper function ndr_PyLong_FromUnsignedLongLong

This should isolate any coverity warnings on 64-bit platforms
(where LONG_MAX is larger than any possible 32 bit value) to
a single spot, or possibly eliminate it.

This is needed for the unsigned 64 bit case, and on 32 bit
systems, as PyInt_FromLong is limited to a signed "long" int.

The compiler should be able to eliminate many of these calls
with the embedded type knowlege.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11429

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit d1416d65a3cc61e4e56d1a43bb634d12f418ba0e)

pidl/python: Calculate maximum integer values using a lookup table

This avoids a << of 64 bits in the unused end of the conditional expression.

This was flagged by Coverity and the fix was suggested by metze.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11429

Andrew Bartlett

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit c2f4e324d9c1ced2e1da859594ef67ae9f645919)

selftest: Add assertion that we actually fix the replPropertyMetaData sort order

This ensures that the dbcheck rule fixes the sort order (and only fixes the sort order).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10973

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Aug 25 02:45:58 CEST 2015 on sn-devel-104

(cherry picked from commit dcc657a2219498beac8bde6cbf999ee7cf6acae8)

selftest: Add in steps to re-create this database

This may assist if this needs to be changed again

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10973

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 5504502aa68f4901f52dc2e8f7ee8b3a9c74546e)

Update release-4-1-0rc3 to include data using schema modifications

This allows us to know that the previous patches are correct.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10973

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit a6957ba5da3130994d2f35328aea6f4cd604147a)

ldb: create a cache of known wellknown objects instead of continously searching in the db

Profiling on dbcheck have shown that we spend 10% of the time looking
for wellknown objects.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10973

Change-Id: I13ed58e8062d1b7b6179d17b0e7e56f943572c6c
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 6122acad0f1a7bc23b6f58862c16968e13da979d)

dbcheck: Use set() operations to make dbcheck more efficient

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10973

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit c049106bf8267b30a9242d2d574661291cced780)

dbcheck: Try to avoid duplicate searches

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10973

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit fb88f9cbd969267aaffa021724cf34087c653ba8)

dbcheck: Add additional tests for the attributeID list

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10973

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 2ff9b171378922e68205d5f0eefd2231607b5b89)

dbcheck: Add explict tests for unknown and unsorted attributeID values

Unknown attributeID values would cause an exception previously, and
unsorted attributes cause a failure to replicate with Samba 4.2.

In commit 61b978872fe86906611f64430b2608f5e7ea7ad8 we started
to sort these values correctly, but previous versions of Samba
did not sort them correctly (we sorted high-bit-set values as
negative), and then after 9c9df40220234cba973e84b4985d90da1334a1d1
we stoped accepting these.

To ensure we are allowed to make this unusual change to the
replPropertyMetaData, a new OID is allocated and checked
for in repl_meta_data.c

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10973

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 2766bad5ef1e1949746c059c29f179ddae476239)

pidl: Assert that python arrays will not overflow the C array

We do not write network services in Python, so this is not a security issue, but would cause
a crash or other odd behaviour if the length was changed

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11430

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit e3cf25bdc04795f884fe2a4ce0605d5175b45e93)

pydsdb: Allow the full range of uint32_t values for attributeID

The high bit may be set in these integers, so we need an unsigned int to store it in

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11429

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit bed29f3c92861fb2b83ad03a5c759061e1c31eba)

python/tests: Add tests for integer overflow handling

This also documents an issue with our python bindings and lists, as changes to integers in a list
of integers are not preserved

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11429

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 336d41155e94303d0e1fa0530874539339439fed)

pidl: Change PIDL to correctly use and validate python integer types

In particular, it is critical that we use unsigned integers of
sufficient size in python for unsigned C integers, and it is
critical that we check for overflow at both the python and C
level.

Otherwise, we may both represent and sort these incorrectly,
in particular when sorting attributeID values from DRSUAPI
which are represented as an signed enum in C and a uint32_t in IDL,
but which often has the high bit set (in schema extensions).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11429

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 5206ccd002b015a16952d21bd2fa441ff2e39eab)

python: Use an unsigned integer for buf_size, not -1

This will fail once our python bindings correctly check value ranges

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11429

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 3faa7dc5a7d39cfdfc908a51e38772fda801c1a3)

WHATSNEW: Prepare release notes for Samba 4.3.0rc5

Signed-off-by: Stefan Metzmacher <metze@samba.org>

VERSION: Bump version up to 4.3.0rc5...

...and re-enable git snapshots.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

VERSION: Release Samba 4.3.0rc4

Signed-off-by: Stefan Metzmacher <metze@samba.org>

WHATSNEW: Update release notes for Samba 4.3.0rc3

Signed-off-by: Stefan Metzmacher <metze@samba.org>

WHATSNEW: mention improved sparse file support

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

ldb:wscript: make it possible to build samba with a system ldb again

This fixes a regression in commit fcf4a891945b22dc6eccdc71fd441f1a879f556a.

If we check for 'ldb' later the 'pyldb-util' can't depend on the 'ldb' check.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11458

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Aug 31 18:53:16 CEST 2015 on sn-devel-104

(cherry picked from commit 2947a7041ba22b52a8a4ce0ad5ebc6095ea09ea0)

Autobuild-User(v4-3-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-3-test): Tue Sep  1 12:36:48 CEST 2015 on sn-devel-104

selftest: add a check for disabled change notify

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11444

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Aug 31 15:50:49 CEST 2015 on sn-devel-104

(cherry picked from commit 770fb8cd07bd047b5206a2a7fe01eb14d9077eea)

Autobuild-User(v4-3-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-3-test): Tue Sep  1 01:38:43 CEST 2015 on sn-devel-104

selftest: add change notify = no to simpleserver env

A subsequent patch will use this env in a torture test.

The aren't any existing tests that make use of change notify, so
disabling change notify in this test environment doesn't impact existing
tests.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11444

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit b9c561273b60ea8fe1ff047238013e5cc5411c04)

notify: check for valid notify_ctx in notify_remove

notify_ctx will be NULL when "change notify = no" is set in smb.conf.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11444

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 098b8a5110b4e1b873196032098807b7922e232c)

winbind: Remove "have_idmap_config" from winbindd_domain

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Aug 24 19:19:31 CEST 2015 on sn-devel-104

(cherry picked from commit 617bc3fe611266b8d3d0fd47b839d4ac8ad73f8f)

Autobuild-User(v4-3-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-3-test): Mon Aug 31 13:23:48 CEST 2015 on sn-devel-104

winbind: Do not look for the domain in wb_gid2sid

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464
(cherry picked from commit b62c7e26b4783cdff11e406e4d75bc2e0fba7933)

winbind: Do not look for the domain in wb_uid2sid

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464
(cherry picked from commit 2387d03b8ae9a471694503677667e623dff8ef88)

idmap: Remove dom_name from wbint_Gid2Sid

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464
(cherry picked from commit 8856555af43848830b7c1e47765d26ce59dfa62b)

idmap: Remove dom_name from wbint_Uid2Sid

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464
(cherry picked from commit d4730474da30c707339e21746c27eed5871cfdfe)

idmap: Remove "domname" from idmap_gid_to_sid

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464
(cherry picked from commit 2f4dad52c77c7d0aaad2a4ccc0cb7dff0d129612)

idmap: Remove "domname" from idmap_uid_to_sid

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464
(cherry picked from commit 0f8c9b8d7f9a3ca288e42d857d253137e048d4bc)

idmap: Remove "domname" from idmap_backends_unixid_to_sid

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464
(cherry picked from commit ac4cc243771fc3273872547087679db21c9bb1cb)

idmap: Use a range search in idmap_backends_unixid_to_sid

This obsoletes the domain name in the xid2sid calls

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464
(cherry picked from commit ad626b9e6b3c200c70b0d840c956f7b6fff20660)

idmap: Initialize all idmap domains at startup

So far we have initialized idmap domains on demand indexed by name.
For sid2xid this works okay, because we could do lookupsids before
and thus get the name. For xid2sid this is more problematic. We
have to rely on enumtrustdoms to work completely, and we have to
look at the list of winbind domains in the parent to get the domain
name. Relying on domain->have_idmap_config is not particularly nice.

This patch re-works initialization of idmap domains by scanning all
parametric parameters, scanning for :backend configuration settings.
This way we get a complete list of :range definitions. This means
we can rely on the idmap domain array to be complete. This in turn
means we can live without the domain name to find a domain, we can
do a range search by uid or gid.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464
(cherry picked from commit ef0c91195533d95ba4fb7947ff5f69c20aa677b8)

idmap: Move idmap_init() under the static vars

Just moving code, idmap_init will need to reference the variables

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464
(cherry picked from commit d36de86639b7782e1e959d61917d8f19fdfc902c)

loadparm3: Add lp_wi_scan_global_parametrics()

This routine takes a regex and goes through all parametric parameters
in [global], matching the regex. It can easily be extended to also
look at shares, but right now it will only be used to list all idmap
config domain names.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11464
(cherry picked from commit 443dd9bbbc641ede10a2a3708465f61ea3dfbde3)

lib/crypto: make it possible to use only parts of aes.[ch]

This can be used in order to optimize some parts later.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 27 23:23:54 CEST 2015 on sn-devel-104

(cherry picked from commit d9166eb2d7880d0717dbf231b02d50c2a331827e)

lib/crypto: sync AES_cfb8_encrypt() from heimdal

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit aaad9e9618686066ed24fef43cb3872fb9861678)

lib/crypto: make use of aes_test.h in aes_gcm_128_test.c

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit e9d3379d72f5698d579842d2f1aafa4fd0dde56f)

lib/crypto: optimize aes_gcm_128

- We avoid variables in order to do a lazy cleanup
  in aes_ccm_128_digest() via ZERO_STRUCTP(ctx)
- We use the optimized aes_block_{xor,rshift}() functions
- Align AES_BLOCK_SIZE arrays to 8 bytes

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 965f04d5e6c34cc56809ab42abe506ae1a7530ce)

lib/crypto: optimize aes_ccm_128

- We avoid variables in order to do a lazy cleanup
  in aes_ccm_128_digest() via ZERO_STRUCTP(ctx)
- We use the optimized aes_block_xor() function
- We reuse A_i instead of rebuilding it everything completely.
- Align AES_BLOCK_SIZE arrays to 8 bytes

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 7e8333dac3922104849da0fde9528e2c2c36b6c9)

lib/crypto: optimize aes_cmac_128

- We avoid variables in order to do a lazy cleanup
  in aes_cmac_128_final() via ZERO_STRUCTP(ctx)
- We avoid unused memcpy() calls
- We use the optimized aes_block_{xor,lshift}() functions
- Align AES_BLOCK_SIZE arrays to 8 bytes

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 8795ad2030ade771145264be7c64d960dcfdbed7)

lib/crypto: add optimized helper functions aes_block_{xor,lshift,rshift}()

These are typical operations on an AES_BLOCK used by different modes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 0824221b4ae18e7ccba3f8057090abc925a02b99)

lib/crypto: add aes_ccm_128 tests

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 77c3d504b218c451c091a3d3cb4797a9d0c65d2a)

lib/crypto: verify 0 updates in aes_gcm_128 tests

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 80c8a1ca9577075d5917fb63ae820105cffebd57)

lib/crypto: run all aes_gcm_128 testcases

We should not skip the first one.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 683eda2f92cd296e36c57d96d6f0b22dde1819f4)

lib/crypto: add aes_cmac_128 chunked tests

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11451

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 7c4117f5dadab8c52e15cb121f3c112a20b1646c)

s3:vfs_smb_traffic_analyzer: remove samba_ prefix from AES_* function calls

This should be an implementation detail in lib/crypto/aes.h.

In future we may add support for other implementations.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 64c6cc34d7cdc48443a9427d2448ede9727aad47)

vfs: fix build warning in smb traffic analyzer.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 3d0b23dbd443381be1f265305ddda5434c0580aa)

s3-util: Compare the maximum allowed length of a NetBIOS name

This fixes a problem where is_myname() returns true if one of our names
is a substring of the specified name.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11427

Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 4e178ed498c594ffcd5592d0b792d47b064b9586)

s3-auth: Fix a memory leak in make_server_info_info3()

We call make_server_info(NULL) and it is possible that we do not free
it, because server_info is not allocated on the memory context we pass
to the function.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9862

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 6363c0232c2238e1a782e9c22ef762e3ff9b7563)