git.samba.org - samba.git/log

smbd: dfree - ignore quota if not enforced

When calculating free disk space, do not take user quota
into account if quota is globally not enforced on the file
system.

This is meant to fix a specific problem with XFS. One might
say "why don't you fix the XFS-specific code instead?". The
reason for that is that getting and setting quota must not
be affected by whether quota is actually enforced. NTFS has
the same notion of separating quota accounting (and being
able to configure / retrieve configured quota), from quota
enforcement.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11937

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat May 28 00:09:05 CEST 2016 on sn-devel-144

(cherry picked from commit 42151f6fa25fefc8a6ae7388ca85379c07c93e1e)

Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Wed Jun 1 16:23:59 CEST 2016 on sn-devel-144

selftest: add disk-free quota tests

Add a test for situation where quota accounting is enabled
but quota enforcement is disabled (disk-free should not take
quota into account)

Add a test for situation where overall quota status reporting
(whether or not it's enforcing) is not supported - as with NFS.
In that case it must be assumed that if quota is configured, then
it is also enforced (as with NFS).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11937

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit de2d624d071c338b356824d3b30ab2c9075c8528)

vfs_fake_dfq: add more mocking options

Add support for mocking FS user/group quotas (default quota and
quota flags).

Make the default block size 4096 instead of 0. This
turns the default into "no quota" instead of "punt to
lower VFS module" (that is, if the mock module is asked
to retrieve quota of a user/group/default for which there
is no config).

Add support for ENOSYS error

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11937

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit b5ac30e96ede7a68bc191b983b068b62cbc160ec)

s3:selftest add a test for rpcclient --pw-nt-hash option

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit d0cdf02dc9733dae960021ff1ca07587d8155e58)

Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Tue May 31 16:49:03 CEST 2016 on sn-devel-144

s3:rpcclient make --pw-nt-hash option work

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10796

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 4fe59879cc2a608194578e33e27e0dc1e2f0fc58)

s3-smbd: Support systemd 230

systemd 230 version finally deprecated libsystemd-daemon/libsystemd-journal split
and put everything in libsystemd library.

Make sure HAVE_LIBSYSTEMD define is supported in the code (we already
have it defined by the waf).

Patch is based on the code proposed by Zbigniew Jędrzejewski-Szmek
from systemd project.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11936

Signed-off-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed May 25 20:25:44 CEST 2016 on sn-devel-144

(cherry picked from commit 92b4b6b3c58e6c8bc39e5693ad30ba6f8442ca99)

Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Tue May 31 12:35:41 CEST 2016 on sn-devel-144

s3-smbspool: Log to stderr

This way we will be able to see the log in the cups logs and are able to
debug issues.

https://bugzilla.samba.org/show_bug.cgi?id=11935

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
(cherry picked from commit e59e0a5481196b1ddda0393306c514b8c32d6ea0)

Fix memory leak in share mode locking.

Not freeing up(and reparenting to NULL context) ndr buffer
used for TDB updates resulting in huge memory leak when there
in high volume of opens and closes happening on same object.

Free the buffer before reparenting its parent to NULL context.

https://bugzilla.samba.org/show_bug.cgi?id=11934

Signed-off-by: Hemanth Thummala <hemanth.thummala@nutanix.com>
Signed-off-by: Saji VR <saji.vr@nutanix.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri May 27 18:43:31 CEST 2016 on sn-devel-144

(cherry picked from commit 7a725eea25f905fc5f611e8f3d7cfe414d5cf913)

s3-quotas: fix sysquotas_4B quota fetching for BSD

Correctly copy block hard/soft limits from the OS-specific structure
to samba structure.

BUG:https://bugzilla.samba.org/show_bug.cgi?id=11931

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 59133295bbfd3b51953d9c86e3b533ff1d4861e3)

notifyd: prevent NULL deref segfault in notifyd_peer_destructor

It seems it could happen that p->db == NULL in the list
from notifyd_clean_peers_next(). This has been seen in
a ctdb cluster when an node-internal ctdb interface is
brought down.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11930

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri May 20 17:32:55 CEST 2016 on sn-devel-144

(cherry picked from commit 1c76746b637bc1867f85ba94786b89f22d1b0c32)

s3-net: Convert the key_name to UTF8 during migration

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11922

Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 858e1eaa64858790888b42d97ae4d6962a09756b)

packaging: Set default limit for core file size in service files

This change adds the missing LimitCORE variable setting in nmb and
winbind service files to have no limit for coredumps by default.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11907

Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed May 18 19:26:49 CEST 2016 on sn-devel-144

(cherry picked from commit f15b23f8358d7b2f60b1df0f81bb93a2c8789af4)

packaging: Set default limit for core file size in init scripts

SysV init scripts used for initiating smb and winbind services
determines the value for default limit of coredump from variable
named DAEMON_COREFILE_LIMIT within a bash env. Therefore this
patch explicitly sets this variable to 'unlimited' so as to have
no limit for core file size by default.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11907

Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit ba9ccc6be48e8541748afbf31d5e5dba7d1baf8e)

packaging: Remove ulimit usage for setting core file size limit

Recent commit ebd139c4db7e51a2d7843a773991f15cadf504dd modified smb.init
to set core file size to 'unlimited' by default using the ulimit command.
But when smb and winbind services are initiated via sysv init scripts,
another variable named DAEMON_COREFILE_LIMIT takes higher priority in
deciding the core file size. Therefore setting default value using ulimit
command is useless.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11907

Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 46524b4543acc9d104d85136c0a4a9e006fc099c)

s3: auth: Move the declaration of struct dom_sid tmp_sid to function level scope.

It's referred to outside of the {} brace scope it was defined in by
the following code:

uid_to_unix_users_sid(*uid, &tmp_sid);
user_sid = &tmp_sid;

As tmp_sid was going out of scope, user_sid was
being incorrectly set in the token sid list.

I think this *may* be the root cause of:

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10618

But even if not this is an obvious error that must
be fixed.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri May 27 11:28:18 CEST 2016 on sn-devel-144

(cherry picked from commit 1b3b89345480d16222da00753f973e36e2e0f92d)

s3:rpcclient: make use of SMB_SIGNING_IPC_DEFAULT

This means we'll use the "client ipc min protocol", "client ipc max protocol"
and "client ipc signing" options. But "--signing=no" or "--signing=required"
still overwrite "client ipc signing".

The following can be used to alter the max protocol

rpcclient --option="client ipc max protocol=SMB2_10" 172.31.9.163 -Uadministrator%A1b2C3d4 -c "getusername"
Account Name: Administrator, Authority Name: W4EDOM-L4

rpcclient --option="client ipc max protocol=NT1" 172.31.9.163 -Uadministrator%A1b2C3d4 -c "getusername"
Account Name: Administrator, Authority Name: W4EDOM-L4

rpcclient 172.31.9.163 -Uadministrator%A1b2C3d4 -c "getusername"
Account Name: Administrator, Authority Name: W4EDOM-L4

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11927

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat May 21 05:01:15 CEST 2016 on sn-devel-144

(cherry picked from commit 2eb824fbaf61dfc5e9c735589c80c41379dabe86)

smbd:close: only remove kernel share modes if they had been taken at open

This avoids errors due to 'not implemented' for SMB_VFS_KERNEL_FLOCK
on some file systems like glusterfs (with the vfs module). The only
other code path where SMB_VFS_KERNEL_FLOCK is called, is already protected.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11919

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Thu May 19 02:34:36 CEST 2016 on sn-devel-144

(cherry picked from commit 6b232b2720a3d71bc0b4b5603215b3f9d3de5ca6)

s3:vfs: add 'kernel_share_modes_taken' to files_struct

This will allow to track whether kernel share modes have been
taken at open and correclty remove them again on close.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11919

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
(cherry picked from commit 356487345724ce5dffdddf9c60735b2c965f30bc)

s3:client:smbspool_krb5_wrapper: fix the non clearenv build.

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Apr 29 19:52:23 CEST 2016 on sn-devel-144

(cherry picked from commit e0d8c6b6b428819206fb6e96c47e952845af0874)

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11864

Provide fallback code for non-portable clearenv(3)

clearenv(3) is a GNU extension that was rejected twice by POSIX,
without an easy, portable alternative.

As the dovecot project notes,
"""
environ = NULL crashes on OSX - and OpenBSD < 6.0
*environ = NULL doesn't work on FreeBSD 7.0
environ = emptyenv doesn't work on Haiku OS
environ = calloc should work everywhere
"""
(source: http://hg.dovecot.org/dovecot-2.0/file/48f90e7e92dc/src/lib/env-util.c)

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11864
Signed-off-by: Jérémie Courrèges-Anglas <jca@wxcvbn.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Apr 29 00:12:02 CEST 2016 on sn-devel-144

(cherry picked from commit f198abcbb3f6e8b26c697d3ded2caa1076ae018b)

smbd: Fix an assert

This might stumble over stale entries

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11844
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit a5d49b7ce1cfbf8491bc3d29c1ae5b0960b5fe01)

s3:ntlm_auth: make ntlm_auth_generate_session_info() more complete

The generate_session_info() function maybe called more than once
per session.

Some may try to look/dereference session_info->security_token,
so we provide simplified token.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11914

Signed-off-by: Stefan Metzmacher <metze@samba.org>

s3:smbd: fix anonymous authentication if signing is mandatory

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11910

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

libcli/auth: let msrpc_parse() return talloc'ed empty strings

This make it more predictable for the callers.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11912
BUG: https://bugzilla.redhat.com/show_bug.cgi?id=1334356
BUG: https://launchpad.net/bugs/1578576

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon May 9 22:27:21 CEST 2016 on sn-devel-144

(cherry picked from commit 58a83236294117d32d9883ac3024f81fa1730a87)

Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Tue May 17 14:42:22 CEST 2016 on sn-devel-144

s3:libsmb/clifile use correct value for MaxParameterCount for setting EAs

Windows servers will refuse trans2 requests which use excessive
request parameters. From [MS-CIFS|:
<239> Section 3.3.5.2.5: Windows NT servers fail a transaction request with
STATUS_INSUFF_SERVER_RESOURCES, if (SetupCount + MaxSetupCount +
TotalParameterCount + MaxParameterCount + TotalDataCount + MaxDataCount)
is greater than 65*1024.

When attempting to set a large list of EAs for a file, this limit can be
hit when using CLI_BUFFER_SIZE as MaxDataCount
while the TRANS2_SET_PATH_INFORMATION response has no data reply,
only parameters (section 2.2.6.7.2).

Be as minimal as possible here to allow a maximum number of EAs to
be written.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11354
Reviewed-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Christian Ambach <ambi@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May 11 18:35:59 CEST 2016 on sn-devel-144

(cherry picked from commit 7efbe1139796bb708176cd8dddb206a0f271ec1b)

Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Thu May 12 17:46:10 CEST 2016 on sn-devel-144

pdb: Fix segfault in pdb_ldap for missing gecos

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11530
Signed-off-by: Luca Olivetti <luca@wetron.es>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Feb 5 16:47:00 CET 2016 on sn-devel-144

(cherry picked from commit 5d759bd0d4bf7cae8b54b69af5ecacb7987c2a0f)

Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Thu May 12 11:48:24 CEST 2016 on sn-devel-144

s3-kerberos: avoid entering a password change dialogue also when using MIT.

Without this fix, for accounts with an expired password, a password change
process is initiated and - due to the prompter - this fails with a confusing
error message:

"kerberos_kinit_password Administrator@W2K12DOM.BER.REDHAT.COM failed: Password
mismatch
Failed to join domain: failed to connect to AD: Password mismatch"

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11906

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Wed May 11 17:23:03 CEST 2016 on sn-devel-144

s3:libnet:libnet_join: add netbios aliases as SPNs

Add all listed smb.conf netbios aliases as SPNs to the machine account:

  HOST/NETBIOS_ALIAS@REALM

and

  HOST/netbios_alias.dnsdomain.name@REALM

Bug: https://bugzilla.samba.org/show_bug.cgi?id=1703

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed May  4 17:58:05 CEST 2016 on sn-devel-144

Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Mon May  9 14:08:44 CEST 2016 on sn-devel-144

init: set core file size to unlimited by default

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11907

Signed-off-by: Raghavendra Talur <rtalur@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri May 6 19:15:17 CEST 2016 on sn-devel-144

(cherry picked from commit ebd139c4db7e51a2d7843a773991f15cadf504dd)

source3: Honor the core soft limit of the OS.

We should honor the soft limits set by the operating system.

In any case, 16M doesn't make a useful coredump for modern
Samba.

Signed-off-by: Ira Cooper <ira@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Mar 5 00:39:48 CET 2016 on sn-devel-144

(cherry picked from commit 58d3462bc58290d8eb5e554c6c59cf6b73ccf58a)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11907

heimdal: encode/decode kvno as signed integer

This patch changes the encoding/decoding of kvno (key version number)
in blobs and packets to signed integer, for compatibility with Windows.
Reportedly, MIT Kerberos does the same.

This patch effectively reverts commit 1124c4872dfb81bec9c4b527b8927ca35e39a599
in the heimdal tree.

According to the Kerberos spec (RFC 4120 5.2.9), the kvno field
in encrypted data object is an unsigned integer that fits in
32 bits. The Heimdal Kerberos component bundled with Samba
conforms to this. However, Windows deviates from the standard
and encodes kvno as a signed integer, and this creates
interoperability issues.

ASN.1 DER has no special encoding for unsigned integer. A 32-bit
unsigned integer is encoded as a signed integer, so while a signed
32-bit integer (covering the range of -0x80000000..0x7fffffff) is
encoded using up to 4 bytes, an unsigned integer (covering
0..0xffffffff) could require 5 bytes.

Normally, kvno for a given account starts at 1 and increments on
password changes. Kerberos defined this as unsigned because there's
no meaning for negative version numbers, so the standard writers figured
4 billion versions is better than 2 billion. It was not
expected for a kvno to really go past 0x7fffffff and the disctinction
usually does not matter. However, RODCs use kvnos which
have the most-significant bit set.

In Active Directory, RODCs have a private secret for the krbtgt,
because the assumption is that the RODC is less secure, and
recovering the domain krbtgt secret from the RODC would compromise
the security of the entire domain. The kvno field is being used
to identify the private krbtgt account that owns the key - the
upper 16 bits are the RODC id, and the lower 16 bits identify
the key version number for this specific RODC. It's common to
have an RODC id greater than 0x8000, and therefore to have a
kvno larger than 0x7fffffff, which would be DER-encoded using
5 bytes.

Windows encodes kvno as signed integer - basically taking the
32 bits and treating them as a signed integer rather than an
unsigned integer. This means that in Windows a kvno can
always be encoded using 4 bytes, and Windows DCs reject a kvno
encoded using more than 4 bytes without even generating an error
response (the DC assumes it's an attack).

Heimdal re-encodes the TGT when it creates a TGS request. Obviously
it cannot decode and encode the encrypted parts but it does re-encode
the plain parts, which include the kvno. That leads to a 5-byte
kvno in the TGS request, which is rejected without an error
response.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11900

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat May 7 21:14:21 CEST 2016 on sn-devel-144

(cherry picked from commit 6379737b7ddc6ccb752238c5820cc62e76a8da17)

torture:smb2: Add test replay6 to verify Error Codes for DurableHandleReqV2 replay

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Pair-Programmed-With: Michael Adam <obnox@samba.org>

Signed-off-by: Anubhav Rakshit <anubhav.rakshit@gmail.com>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit e095a61c4b36e71b03d8afc724da09c91603a29b)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11809

lib/torture: add torture_assert_u64_not_equal_goto macro

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit c5c3f91c6fd1ac3282d2fa27e262af097f0adfca)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11809

torture:smb2: add test for checking sequence number wrap around.

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 2b799880b91f2ee44531644c62916f9a50531d04)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11809

libcli:smb:smbXcli_base: add smb2cli_session_current_channel_sequence() call.

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit ccda60ed9b33bb22ec2e162401a949aeaa631c8d)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11809

smbd:smb2: add some asserts before decrementing the counters

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit f81f3a2d78832258b09bcc63d5cce2b4594cbbc8)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11809

smbd:smb2: update outstanding request counters before sending a reply

This is part of the channel sequence number treatment of multi-channel.

Pair-Programmed-With: Guenther Deschner <gd@samba.org>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 7dbb1707d96e39bed8898db08339d3b2d768c87c)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11809

smbd:smb2: implement channel sequence checks and request counters in dispatch

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Pair-Programmed-With: Guenther Deschner <gd@samba.org>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 71d2b190646bdf5fce65a776dfe6873da8d82479)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11809

smbd:smb2: add request_counters_updated to the smbd_smb2_request struct

This will be used to keep track of whether the outstanding request
counters have been updated in the dispatch, so that the reply
code can act accordingly.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit ae6967ea3e39a1a5401be4a4c969b467dd22dce4)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11809

smbd:smb2: add a modify flag to dispatch table

This indicates that an operation is a modifying operation.
Some parts of the upcoming channel sequence number logic
only applies to modify operations.

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 088468195b7f7f04eab0ce6fb928bda1c703e2fa)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11809

s3:smbXsrv.idl: add 8 byte channel_sequence number and request counters to IDL.

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 31f33a3f3996a5fff9833540c8227600f4aa2a55)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11809

ldb-samba/ldb_matching_rules: Fix CID 1349424 - Uninitialized pointer read

Fix unitialized 'visited' value (pointer to pointer) in
ldb_eval_transitive_filter() which passes 'visited' value later to
ldb_eval_transitive_filter_helper().

Signed-off-by: Robin Hack <hack.robin@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 27 02:12:39 CEST 2016 on sn-devel-144

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11890

(cherry picked from commit f4181f25b4ae3db684e43837449617e75183ecc8)

dbwrap_ctdb: Fix ENOENT->NT_STATUS_NOT_FOUND

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11844
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Apr 26 14:34:14 CEST 2016 on sn-devel-144

(cherry picked from commit cce6b677ff90ef361c45a7b8ad3d482908c3c4a7)

vfs_fruit: add an option that allows disabling POSIX rename behaviour

https://bugzilla.samba.org/show_bug.cgi?id=11721

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 5 00:04:50 CEST 2016 on sn-devel-144

(cherry picked from commit 625dcef765adc75c34ee5955a08c6cb77b87f41b)

s3:smbd/filename remove smelly code

not sure how this chunk ended up there, but I agree with
the statement in the comment that behavior should not depend
on developer mode

make test does not seem to depend on it anymore.

This piece had some bad influence on the tests I wrote
for case insensitivite behavior of SMB2/3, so let us
remove this technical debt.

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
The last 3 patches address
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11438

s3:smbd/service apply some code formatting

reduce indentation in switch statement, obey 80 char line limit, use C99 bool

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s3:smbd/service disable case-sensitivity for SMB2/3 connections

in SMB2, there is no flag to let us know if the client wants to have case-sensitive behavior,
so in Auto mode, disable case-sensitivity

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11438
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Correctly set cli->raw_status for libsmbclient in SMB2 code

The SMB2 file handling code wasn't correctly setting raw_status, which
is used by libsmbclient to report file open errors etc.

https://bugzilla.samba.org/show_bug.cgi?id=11276

Signed-off-by: Robin McCorkell <robin@mccorkell.me.uk>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 2a872e2b66f373b3c96b315b13c9f06a15522e13)

VERSION: Bump version up to 4.4.4...

and re-enable git snapshots.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

VERSION: Disable git snapshots for the 4.4.3 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

WHATSNEW: Add date.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

WHATSNEW: Udpate release notes.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Sat Apr 30 16:35:06 CEST 2016 on sn-devel-144

s3:selftest: add smbclient_ntlm tests

We test all combinations of NT1 with and without spnego and SMB3
for user, anonymous and guest authentication.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11849

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Apr 28 20:16:45 CEST 2016 on sn-devel-144

(cherry picked from commit eee88e07b3e68efb467b390536eea4155b5ced7e)

Autobuild-User(v4-4-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-4-test): Fri Apr 29 13:12:46 CEST 2016 on sn-devel-144

selftest:Samba4: let fl2000dc use Windows2000 style SPNEGO/NTLMSSP

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11849

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 4de43387235cb17a185fdd1afd658972e8c174ef)

selftest:Samba4: let fl2000dc use Windows2000 supported_enctypes

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11849

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 587b5db7979c1ca1055f5bfd81ab79606cd3c2dd)

s3:test_smbclient_auth.sh: this script reqiures 5 arguments

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11849

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 70910334caa176bf98fece7d638ed599979dc173)

selftest:Samba4: provide DC_* variables for fl2000dc and fl2008r2dc

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11849

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit b8055cb42cadf48367867213a35635f3391c9b8d)

auth/ntlmssp: add ntlmssp_{client,server}:force_old_spnego option for testing

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11849

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 7a2cb2c97611171613fc677a534277839348c56f)

auth/spnego: add spnego:simulate_w2k option for testing

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11849

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit db9c01a51975a0a3ec2564357617958c2f466091)

auth/ntlmssp: do map to guest checking after the authentication

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit d667520568996471b55007a42b503edbabb1eee0)

s3:smbd: only mark real guest sessions with the GUEST flag

Real anonymous sessions don't get it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 79a71545bfc87525c6ba6c8fe9fa7d8a9da33441)

s3:smbd: make use SMB_SETUP_GUEST constant

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 25ce97892ad3ce5028e4dbbbdd844ef6619ac396)

libcli/security: implement SECURITY_GUEST

SECURITY_GUEST is not exactly the same as SECURITY_ANONYMOUS.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 837e6176329330893d5a1e4ce4ac67dbac758e56)

s3:auth_builtin: anonymous authentication doesn't allow a password

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit ead483b0c0ec746c0869162024c97f2e08df7f4b)

s4:auth_anonymous: anonymous authentication doesn't allow a password

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit d247dceaaab24b568425f2360e40f5e91be452cc)

auth/spnego: only try to verify the mechListMic if signing was negotiated.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11847

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 65462958522baee6eedcedd4193cfcc8cf0f510e)

s3:libsmb: use anonymous authentication via spnego if possible

This makes the authentication consistent between
SMB1 with CAP_EXTENDED_SECURITY (introduced in Windows 2000)
and SNB2.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit e72ad193a53e20b769f798d02c0610f91859bd38)

s3:libsmb: don't finish the gensec handshake for guest logins

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit fa5799207e55ee8e329f36f784d027845eaf0e34)

s3:libsmb: record the session setup action flags

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 02c902103521e5a2b1d221db83e6c59d0ce31099)

libcli/smb: add smbXcli_session_is_guest() helper function

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 8f4a4bec089b46bbeb0e0f37bb682acb88702bf2)

libcli/smb: add SMB1 session setup action flags

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit cceaa61cf064926baca6db4b303d34ea90d40d52)

libcli/smb: add smb1cli_session_set_action() helper function

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit e6f9e176f2bb0e3e7451ac58e84ff55328219fcd)

libcli/smb: fix NULL pointer derreference in smbXcli_session_is_authenticated().

Guenther

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11841

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 8e016ffeb01167bb8dec66cf9e4bc8605461c15a)

s3:libsmb: use password = NULL for anonymous connections

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11858

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 53be47410236ef7c90fe895f49f300e3fe47a8bf)

auth/ntlmssp: don't require NTLMSSP_SIGN for smb connections

Enforcement of SMB signing is done at the SMB layer.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11850

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit d97b347d041f9b5c0aa71f35526cbefd56f3500b)

auth/ntlmssp: don't require any flags in the ccache_resume code

ntlmssp_client_challenge() already checks for required flags
before asking winbindd.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11850

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 5041adb6657596399049a33e6a739a040b4df0db)

auth/spnego: handle broken mechListMIC response from Windows 2000

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11870

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 032c2733dea834e2c95178cdd0deb73e7bb13621)

auth/spnego: change log level for 'Failed to setup SPNEGO negTokenInit request: NT_STATUS_INTERNAL_ERROR'

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11872

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 9930bd17f2d39e4be1e125f83f7de489a94ea1d1)

s3:librpc:crypto:gse: increase debug level for gse_init_client().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11872

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit b6595037f3fcaafb957d9c08edfb89c72cded987)

lib:krb5_wrap:krb5_samba: increase debug level for smb_krb5_get_default_realm_from_ccache().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11872

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 95b8b020626ba58a77a21e3da804bac2f0cf90b1)

s3:libads/sasl: allow wrapped messages up to a size of 0xfffffff

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11872

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 795e796658e6da0149c9c00ece7cca4ccc457717)

s4:gensec_tstream: allow wrapped messages up to a size of 0xfffffff

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11872

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 8704958fb3b212b401a8e7d94fdd9c627adbde0d)

Mask general purpose signals for notifyd.

Currently there is no signal handling available for notify daemon.
Signals like SIGHUP and SIGUSR1 can lead to terminate the notify
daemon. Masking these signals for notifyd as we are not handling them.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11840

Signed-off-by: Hemanth Thummala <hemanth.thummala@nutanix.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Apr 15 15:31:19 CEST 2016 on sn-devel-144

(cherry picked from commit cade673f5fff8a578b8620149688ecc93e981205)

WHATSNEW: Start release notes for Samba 4.4.3.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Fri Apr 29 01:48:35 CEST 2016 on sn-devel-144

configure: Don't check for inotify on illumos

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11816
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 94f31295b12b20a68d596929ea428eb36f8c0d82)

nwrap: Fix the build on Solaris

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11816

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Apr 5 08:57:06 CEST 2016 on sn-devel-144

(cherry picked from commit ff6b49beeb5df30f4e243a97d2e6218ec497e9ad)

smbd: Avoid large reads beyond EOF

With unix extensions and oplocks=no mount.cifs from jessie reads beyond the
file end forever, and we are happy to return zeros....

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11878

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 27 23:57:56 CEST 2016 on sn-devel-144

(cherry picked from commit 10b0a8baa25fab70df8e6c5f0048ce0963211517)

Fix the smb2_setinfo to handle FS info types and FSQUOTA infolevel

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11819

Signed-off-by: Partha Sarathi <partha@exablox.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Wed Apr 27 05:39:01 CEST 2016 on sn-devel-144

(cherry picked from commit 07e2f4731e5819a893c4675d93fede5ea261bed7)

cleanupd: restart as needed

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11855

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Apr 19 20:35:33 CEST 2016 on sn-devel-144

(cherry picked from commit 052b8555510bf1f72c7ea777c44294264bbb67d4)

Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Wed Apr 27 13:42:24 CEST 2016 on sn-devel-144

nss_wins: Fix the hostent setup

This can never have been tested....

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11875

Signed-off-by: Tom Mortensen <tomm@lime-technology.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 0b1f4db325bb0ed9171619c874908ee25327bba9)

nss_wins: ip_pton expects the raw IP address

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11875

Signed-off-by: Tom Mortensen <tomm@lime-technology.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit d3569ca2711d21ac87ff539662333ad315a2a618)

libads: record session expiry for spnego sasl binds

With the move to gensec-based spnego, record the session expiry
in tgs_expire, so that libads users such as winbindd can use this info
to determine how long to keep the connection.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11852

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Tue Apr 19 16:53:57 CEST 2016 on sn-devel-144

(cherry picked from commit 34482eb7cc3d74c8de510309332e8ab176d0f3c0)

vfs_catia: Fix bug 11827, memleak

add_srt should add the mappings to the linked list even if
mappings==NULL (the default)

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11827
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Apr 11 14:25:59 CEST 2016 on sn-devel-144

(cherry picked from commit 3e2af1568d150de1cb12fef40580f4880ac787ff)

Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Mon Apr 18 16:33:23 CEST 2016 on sn-devel-144

s3: libsmb: Fix error where short name length was read as 2 bytes, should be 1.

Reported by Thomas Dvorachek <tdvorachek@yahoo.com> from a Windows 10 server.
Confirmed in MS-CIFS 2.2.8.1.7.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11822

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 6 03:46:55 CEST 2016 on sn-devel-144

(cherry picked from commit f63b9a73b03971f41947c694e6952cd1e49b67c3)

smbcquotas: print "NO LIMIT" only if returned quota value is 0.

If the user being queried has no quota, the server returns 0 as
its quota. This is the observed smbd and Windows behavior, which
is also documented in [MS-FSA] 2.5.1.20.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11815

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 9d6d62010be2a54b6828cc4cc9c13b5657c8b4a0)

vfs_acl_common: avoid setting POSIX ACLs if "ignore system acls" is set

When "ignore system acls" is set, do not mess at all with POSIX ACLS,
do not even calculate the would-be POSIX-ACL-based security descriptor
(for performance reasons).
Instead, just store a V3 blob with zero hash. This means that if we
later read the ACL without ignoring system ACLs, the NT ACL shall be
reset to the info derivable from the POSIX ACL.

File ownership is still modified as it has bearing on disk quotas.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11806

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 765e5f1f2670d3d5d8d62a04b4ccf38a680bcb37)