VERSION: Disable git snapshots for the 4.3.4 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

WHATSNEW: Add release notes for Samba 4.3.4.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

s3:torture: add traverse testing to LOCAL-RBTREE

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11375
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11394

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Nov 27 13:16:59 CET 2015 on sn-devel-104

(cherry picked from commit bb9f13ab4165f150e01a88ddcc51605a7c176f5d)

dbwrap_rbt: fix modifying the db during traverse

We delete and add of records rebalace the tree, but our
traverse code doesn't handle that and skips records
randomly.

We maintain records in a linked list for now
in addition to the rbtree and use that list during
traverse.

This add a bit overhead, but at least it works reliable.
If someone finds a way to do reliable traverse with the
rebalanced tree, we can replace this commit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11375
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11394

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 0f46da08e160e6712e5282af14e1ec4012614fc7)

dbwrap_rbt: add nested traverse protection

Multiple dbwrap_traverse_read() calls are possible.

store() and delete() on a fetch locked record
are rejected during dbwrap_traverse_read().

A dbwrap_traverse() within a dbwrap_traverse_read()
behaves like a dbwrap_traverse_read().

Nested dbwrap_traverse() calls are not possible.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11375
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11394

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 590507951fc514a679f44b8bfdd03c721189c3fa)

dbwrap_rbt: use talloc_zero_size() instead of a partial ZERO_STRUCT()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11375
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11394

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit f3d1fc1d06822a951a2a3eeb5aa53748b9b5b299)

Revert "Fix bug #11394 -  Crash: Bad talloc magic value - access after free"

This reverts commit 569ce95de57511d6082196ca4cc0938d78700351.

This has been committed by accident. Right patchset, but wrong authorship.
Patchset with correct authorship to follow.

password_lockout: test creds.get_kerberos_state()

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Tue Dec 15 03:17:52 CET 2015 on sn-devel-104

(cherry picked from commit ab1ebb1d1c650396841e4ba4a18b3c08689d4f52)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11659
lastLogon and lastLogonTimestamp are not updated

Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Wed Jan  6 13:14:21 CET 2016 on sn-devel-104

auth: keep track of lastLogon and lastLogonTimestamp

lastLogon is supposed to be updated for every interactive or kerberos
login, and (according to testing against Windows2012r2) when the bad
password count is non-zero but the lockout time is zero. It is not
replicated.

lastLogonTimestamp is updated if the old value is more than 14 -
random.choice([0, 1, 2, 3, 4, 5]) days old, and it is replicated. The
14 in this calculation is the default, stored as
"msDS-LogonTimeSyncInterval", which we offer no interface for
changing.

The authsam_zero_bad_pwd_count() function is a convenient place to
update these values, as it is called upon a successful logon however
that logon is performed. That makes the function's name inaccurate, so
we rename it authsam_logon_success_accounting(). It also needs to be
told whet5her the login is interactive.

The password_lockout tests are extended to test lastLogon and
lasLogonTimestamp.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 795f4729ca94029fcee750fbebbe9bc3ea43a214)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11659
lastLogon and lastLogonTimestamp are not updated

password_lockout tests: add assertLoginFailure()

In a few places where a login should fail in a particular way, an
actual login success would not have triggered a test failure -- only
the wrong kind of login failure was caught.

This makes a helper function to deal with them all.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 909ebe0191a409c107904df658dc9111dd5de669)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11659
lastLogon and lastLogonTimestamp are not updated

auth: increase resolution for password grace period calculation

This changes the resolution of "now" from 1s to 100ns.

It should have little effect in practice, unless users are in the
habit of playing chicken with the grace period.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit d097e813fff3aaed261a18d8066e6bd11f12abad)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11659
lastLogon and lastLogonTimestamp are not updated

pycredentials: add get_kerberos_state() method

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 8b26559aeb6d1c2c12e2ea374c30e4082ece7ec3)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11659
lastLogon and lastLogonTimestamp are not updated

smbd: do not disable "store dos attributes" on-the-fly

Smbd would disable "store dos attributes" on-the-fly if the
attempt to set/get user.DOSATTRIB fails with ENOTSUP or ENOSYS.
The rationale behind it was that the file system does not support
extended attributes, so there's no need to fill up the log with
failure messages.

However, a "wide symlink" could point to a spot that doesn't support
extended attributes. Even with the default banned wide links, we
currenly allow stat'ing those files and follow the symlink, and this
in turn would disable "store dos attributes" for the whole share.
The user.DOSATTRIB attribute also stores file creation time,
so that is also affected.

Another case where this behavior would turn storage of DOS attributes
off is that of the ".." entry at the root of the share, if the parent
folder for the share's root path does not support extended attributes.

On the other hand, the information on the file system and its support
of extended attributes is readily available, so the fix for explosion
of the log should be not to configure "store dos attributes" on
such a share.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11649

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Dec 25 13:20:58 CET 2015 on sn-devel-144

(cherry picked from commit d4c2395e6428312854b8570064bddab3a7f188ff)

s3:smbd: fix a corner case of the symlink verification

Commit 7606c0db257b3f9d84da5b2bf5fbb4034cc8d77d fixes the
path checks in check_reduced_name[_with_privilege]() to
prevent unintended access via wide links.

The fix fails to correctly treat a corner case where the share
path is "/". This case is important for some real world
scenarios, notably the use of the glusterfs VFS module:

For the share path "/", the newly introduced checks deny all
operations in the share.

This change fixes the checks for the corner case.
The point is that the assumptions on which the original
checks are based are not true for the rootdir "/" case.
This is the case where the rootdir starts _and ends_ with
a slash. Hence a subdirectory does not continue with a
slash after the rootdir, since the candidate path has
been normalized.

This fix just omits the string comparison and the
next character checks in the case of rootdir "/",
which is correct because we know that the candidate
path is normalized and hence starts with a '/'.

The patch is fairly minimal, but changes indentation,
hence best viewed with 'git show -w'.

A side effect is that the rootdir="/" case needs
one strncmp less.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11647

Pair-Programmed-With: Jose A. Rivera <jarrpa@samba.org>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Jose A. Rivera <jarrpa@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Dec 24 00:57:31 CET 2015 on sn-devel-144

(cherry picked from commit ada59ec7b3a5ed0478d11da2fe0c90991d137288)

s3: libsmb: Correctly initialize the list head when keeping a list of primary followed by DFS connections.

Greatly helped by <shargagan@novell.com> to
track down this issue.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11624

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Dec 18 01:02:55 CET 2015 on sn-devel-144

(cherry picked from commit d7feb1879ee711598540049c2c5eccc80fd6f1e5)

vfs_streams_xattr: fix and simplify streams_xattr_get_name()

streams_xattr_get_name() fails to chop off the stream type in case
config->store_stream_type is false and the passed stream name contains a
stream type.

Eg when the passed in stream name is ":mystream:$DATA", but
config->store_stream_type is false, we must generate a xattr name of
"mystream" or "user.mystream".

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11466

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 16 23:27:01 CEST 2015 on sn-devel-104

(cherry picked from commit 2881679e3ecbaf07cdd82ba65af8d55e5e3be800)

vfs_fruit: hide the Netatalk metadata xattr in streaminfo

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11466

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit fedd09662c889fb796135d86836c160171fac68d)

vfs_fruit: add and use define for the Netatalk metadata xattr

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11466

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit c8ee1a059b4484575b03ac76b469df85cdabdd9a)

s4:torture:vfs_fruit: add test test_read_afpinfo

This works against any SMB server and test basic IO on the AFP_AfpInfo
stream.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit b165d520374cc2ae77acfd813b528e55acfc2f7e)

s4:torture:vfs_fruit: add tests for AFP_Resource delete-on-close and eof

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 21d4b5cea8e4dec729912915d60922edaea0f418)

vfs_fruit: ignore delete on the AFP_Resource stream

OS X ignores deletes on the AFP_Resource stream. This was discovered by
torture tests against OS X SMB server.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit ee431fc5254dc735662d152dd19a81d439ca5e44)

s4:torture:vfs_fruit: update AFP_AfpInfo IO tests

When reading from the AFP_AfpInfo stream, OS X ignores the offset from
the request and always reads from offset=0.

The offset bounds check has a off-by-1 bug in OS X, so a request
offset=60 (AFP_AfpInfo stream has a ficed size of 60 bytes), len=1
returns 1 byte from offset 0 insteaf of returning 0.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit decde0b4812eba5f80b717fd2ae868558a022753)

vfs_fruit: fix offset and len handling for AFP_AfpInfo stream

When reading from the AFP_AfpInfo stream, OS X ignores the offset from
the request and always reads from offset=0.

The offset bounds check has a off-by-1 bug in OS X, so a request
offset=60 (AFP_AfpInfo stream has a ficed size of 60 bytes), len=1
returns 1 byte from offset 0 insteaf of returning 0.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit f569fd5e44300ab41aa7298b3efdcac99cd330f2)

s4:torture:vfs_fruit: test nulling out AFP_AfpInfo stream

This must delete the stream.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 666a55b7060542ef78ff5f22d368f2ebc4c3318f)

vfs_fruit: writing all 0 to AFP_AfpInfo stream

When writing all 0 to AFP_AfpInfo stream we can remove the underlying
storage object. This beaviour of OS X SMB server was found with a
torture test.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit e94b17715ea8049df8819b472178170b8e987946)

s4:torture:vfs_fruit: add tests for AFP_AfpInfo delete-on-close and eof

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit e5588b463ee77aac3b396774e68c10b13a9f6f04)

vfs_fruit: handling of ftruncate() on AFP_AfpInfo stream

With help of some torture tests I verified the following behaviour of OS
X SMB server:

* ftruncate AFP_AfpInfo stream > 60 bytes results in an error
  NT_STATUS_ALLOTTED_SPACE_EXCEEDED

* ftruncate AFP_AfpInfo stream <=60 returns success but has no effect

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 4024153894a07b7b1115dbe1699cba94fee13f23)

s4:torture:vfs_fruit: file without AFP_AfpInfo

Opening the AFP_AfpInfo on a file that doesn't have that stream must
return ENOENT.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 6f8c188dfc81a6d22bd54f248327b787e0b48f09)

vfs_fruit: stat AFP_AfpInfo must fail when it doesn't exist

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 0af7bf4249419ff7c88c5beece915db0a3697b72)

vfs_fruit: fix some debug messages

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 748adea77f95d7d6114f96b7850f384b77d6f7d2)

s3:lib/errmap_unix: map EOVERFLOW to NT_STATUS_ALLOTTED_SPACE_EXCEEDED

vfs_fruit returns the correct error NT_STATUS_ALLOTTED_SPACE_EXCEEDED
when an attempt is made to extend the AFP_AfpInfo stream beyond 60
bytes.

This will be used in a subsequent commit in vfs_fruit.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 1650e793edb42b07501d7467aa64c80eacf33eb6)

s4:torture:vfs_fruit: fix flakey test_write_atalk_rfork_io with OS X

Adjust desired_access to prevent flaky test with OS X SMB server.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit ba00884e8a67420cf8d6c2530a778b9cee6e86b8)

s4:torture:vfs_fruit: fix test_rename_dir_openfile() to work with OS X

OS X allows renaming of directories with open files regardless of AAPL
negotiation. Samba will only allow this after negotiating AAPL.

The first check in this test is that renaming fails without AAPL, so
skip this test if the server is OS X.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 363260983f7ec85ecd3a2b35e6b07eeb5416bdc5)

s4:torture:vfs_fruit: fix test_aapl() to work with OS X

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 0fc2ed8f01f2e510ee58ad2ea9209d2fec10fd3f)

s4:torture:vfs_fruit: skip test_stream_names() without "localdir"

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 56bf27667cc8f2fad0cad96d796bdd2f172326a8)

s4:torture:vfs_fruit: skip test_adouble_conversion() without "localdir"

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 987e12b7a7518e498c47dd8dfee32aed148f8cd7)

s4:torture:vfs_fruit: skip test test_read_atalk_metadata() without "localdir" and rename it

The test is Netatalk specific. Skip the test if "localdir" is not
specified.

Use torture_assert() to check the result from check_stream().

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 0a9a7c21073227c539fc1ced331e837c1c1f4bc4)

s4:torture:vfs_fruit: add explicit cleanup of testfiles

smb2_deltree() doesn't work with OS X (looks like OS X doesn't handle
FILE_NON_DIRECTORY_FILE correctly). As a workaround, use explicit
cleanup of all testfiles and directories.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 155397e83173e13baebfc507ad9659d0ed213b5b)

s4:torture:vfs_fruit: add --option=torture:osx for enable_aapl()

Check if the server is OS X and don't check the AAPL context size if it
is.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 3c0ac9b3899aa06315e592253c858f31d4bd2ae3)

s4:torture:vfs_fruit: enhance check_stream

Don't sleep when create fails and use torture_ macros.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit fdf937e77da29ec47002855db69d9e3f95005479)

s4:torture:vfs_fruit: use AFPINFO_STREAM_NAME

I got erratic results from OS X SMB server with AFPINFO_STREAM
(":AFP_AfpInfo:$DATA") in some tests. Using AFPINFO_STREAM_NAME
(just the ":AFP_AfpInfo" part) instead fixed this.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 8694da43442abe3ae6ac3b6a16c524e455ae1a65)

s4:torture:vfs_fruit: tweak check_stream_list()

Modify check_stream_list() to open the basefile (or directory) itself
insteaf of having the callers pass in a filehandle. Removes some code
duplication in the callers.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 8e0cf77ee230c0eaef01a2dc2316fc65aabd5a59)

s4:torture:vfs_fruit: rename tree1 -> tree

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 1d13744547474592285eacab84d1217af46e0086)

s4:torture:vfs_fruit: remove unused tree2

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11347

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 9d28f82484e8b34c8d8f35f596fdb63614b103d2)

docs: Fix typos in man vfs_gpfs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11641
Duplicate "acl map full control" entry in man vfs_gpfs

Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 79df4caed3b819cc1cd67c4033f3ac700086ab99)

Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Fri Dec 18 13:30:04 CET 2015 on sn-devel-104

smbd: make "hide dot files" option work with "store dos attributes = yes"

When using "store dos attributes = yes", the function that reads the
attributes from the xattr get_ea_dos_attribute() will overwrite the
attribute previously set for "hide dot files".

According to smb.conf, "store dos attributes = yes" should only
overwrite the "map XXX" options, but not "hide dot files".

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11645

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Dec 16 07:21:10 CET 2015 on sn-devel-104

(cherry picked from commit 2058ce246ea5008202e737f64fbdd9b586b2d7d4)

Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Thu Dec 17 14:08:21 CET 2015 on sn-devel-104

lib/async_req: do not install async_connect_send_test.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11639

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 632114584d3be0d4660e97a6c9e69e577a7bc1e2)

lib/param: add a fixed unified lpcfg_string_{free,set,set_upper}() infrastructure

This reduces the memory footprint of empty string options.

smbd -d1 -i with 1400 shares in smb.conf under x64 valgrind massif before this
patch has 7,703,392 bytes peak memory consumption and after this patch
3,321,200 bytes.

This fixes a regression introduced by commit
2dd7c890792cf12049ec13b88aa4e9de23035f9d.

BUG:

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11625

Back-port of commit a84eed532549c1dbad43f963838bc5f13c4fe68d
from master.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

samba-tool: fsmo.py throws an uncaught exception if no

fSMORoleOwner attribute

This will fix bug 11613 where a user got the uncaught exception when trying
to seize an FSMO role that didn't have the required attribute.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11613

Signed-off-by: Rowland Penny <repenny241155@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Sun Dec  6 00:33:10 CET 2015 on sn-devel-104

(cherry picked from commit 4735e5f5e35bdff88bf59d56ecf1980cdabc3c83)

s4:torture:vfs_fruit: add a test for POSIX rename

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11065

Signed-off-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 0f0693d0fa5fa991bb573525f332eba5ceb6ece6)

vfs_fruit: enable POSIX directory rename semantics

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11065

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 1d7bef5a75403f5baec13aa6264dfe763a4b278a)

vfs_fruit: add a flag that tracks whether use of AAPL was negotiated

Add a flag that tracks whether use of AAPL was negotiated, ensuring we
don't enable AAPL features for clients that didn't negotiate it.

Torture test that need AAPL must call the new function enable_aapl().

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11065

Signed-off-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 89a7394d679b383920d73fef0d178b8f84bc393f)

s3:smbd: file_struct: seperate POSIX directory rename cap from POSIX open

We need more fine grained control over which POSIX semantics we'd like
to enable per file handle. Currently POSIX_FLAGS_OPEN is a kitchensink
for all kinds of stuff like:

- POSIX unlink
- POSIX byte-range locks
- POSIX rename
- delayed writetime update
- more...

For CIFS UNIX extensions we use POSIX_FLAGS_ALL so semantics are
preserved. OS X clients will enable POSIX rename via AAPL.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11065

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit bf1957584e341473edcd5025b7f77766440d408b)

s3:smbd: convert file_struct.posix_open to a bitmap with flags

This is in preperation of a more fine grained control of POSIX behaviour
in the SMB and VFS layers.

Inititally we use an uint8_t for the flags bitmap and add a define
posix_flags as posix_open in order to avoid breaking the VFS ABI.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11065

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit d698cec1c7e700e57cab46d33df0dde13303b318)

VERSION: Bump version up to 4.3.4...

and re-enable git snapshots.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

Merge tag 'samba-4.3.3' into v4-3-test

samba: tag release samba-4.3.3

Fix bug #11394 -  Crash: Bad talloc magic value - access after free

VERSION: Disable git snapshots for the 4.3.3 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

WHATSNEW: Add release notes for Samba 4.3.3.

This is a security to address CVE-2015-3223, CVE-2015-5252,
CVE-2015-5299, CVE-2015-5296, CVE-2015-8467, CVE-2015-5330.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

CVE-2015-8467: samdb: Match MS15-096 behaviour for userAccountControl

Swapping between account types is now restricted

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11552

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

CVE-2015-5296: libcli/smb: make sure we require signing when we demand encryption on a session

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

CVE-2015-5296: s3:libsmb: force signing when requiring encryption in SMBC_server_internal()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

CVE-2015-5296: s3:libsmb: force signing when requiring encryption in do_connect()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

CVE-2015-5299: s3-shadow-copy2: fix missing access check on snapdir

Fix originally from <partha@exablox.com>

https://bugzilla.samba.org/show_bug.cgi?id=11529

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

CVE-2015-5252: s3: smbd: Fix symlink verification (file access outside the share).

Ensure matching component ends in '/' or '\0'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11395

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

ldb: bump version of the required system ldb to 1.1.24

This is needed to ensure we build against a system ldb library that
contains the fixes for CVE-2015-5330 and CVE-2015-3223.

autobuild must still be able to build against the older version
1.1.21 including the patches.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11325
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11636

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

CVE-2015-5330: ldb_dn_explode: copy strings by length, not terminators

That is, memdup(), not strdup(). The terminators might not be there.

But, we have to make sure we put the terminator on, because we tend to
assume the terminator is there in other places.

Use talloc_set_name_const() on the resulting chunk so talloc_report()
remains unchanged.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Pair-programmed-with: Stefan Metzmacher <metze@samba.org>
Pair-programmed-with: Ralph Boehme <slow@samba.org>

CVE-2015-5330: next_codepoint_handle_ext: don't short-circuit UTF16 low bytes

UTF16 contains zero bytes when it is encoding ASCII (for example), so we
can't assume the absense of the 0x80 bit means a one byte encoding. No
current callers use UTF16.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

CVE-2015-5330: strupper_talloc_n_handle(): properly count characters

When a codepoint eats more than one byte we really want to know,
especially if the string is not NUL terminated.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

CVE-2015-5330: Fix handling of unicode near string endings

Until now next_codepoint_ext() and next_codepoint_handle_ext() were
using strnlen(str, 5) to determine how much string they should try to
decode. This ended up looking past the end of the string when it was not
null terminated and the final character looked like a multi-byte encoding.
The fix is to let the caller say how long the string can be.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

CVE-2015-5330: ldb_dn_escape_value: use known string length, not strlen()

ldb_dn_escape_internal() reports the number of bytes it copied, so
lets use that number, rather than using strlen() and hoping a zero got
in the right place.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

CVE-2015-5330: ldb_dn: simplify and fix ldb_dn_escape_internal()

Previously we relied on NUL terminated strings and jumped back and
forth between copying escaped bytes and memcpy()ing un-escaped chunks.
This simple version is easier to reason about and works with
unterminated strings. It may also be faster as it avoids reading the
string twice (first with strcspn, then with memcpy).

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

CVE-2015-3223: lib: ldb: Use memmem binary search, not strstr text search.

Values might have embedded zeros.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11325

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

CVE-2015-3223: lib: ldb: Cope with canonicalise_fn returning string "", length 0.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11325

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

docs: Fix some typos in the idmap backend section.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Nov 26 14:47:17 CET 2015 on sn-devel-104

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11619

(cherry picked from commit 257ec9c6e28b1ddc32bd554ff8259f8a067dd44e)

Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Wed Dec  2 13:29:25 CET 2015 on sn-devel-104

doc: fix a typo in the smb.conf manpage, explanation of idmap config

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Nov  6 06:26:34 CET 2015 on sn-devel-104

(cherry picked from commit c6ae462a020648c851fe6f6724ae9cf32c9d0ab8)

VERSION: Bump version up to 4.3.3...

...and re-enable git snapshots.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

VERSION: Disable git snapshot for the 4.3.2 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

WHATSNEW: Add release notes for Samba 4.3.2.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

s3: smbd: have_file_open_below() fails to enumerate open files below an open directory handle.

There are three issues:

1). The memcmp checking that the open file path has the open
directory path as its parent compares using the wrong length
(it uses the full open file path which will never compare as
the same).

2). The files_below_forall() function doesn't fill in the
callback function or callback data when calling share_mode_forall(),
leading to a crash (which we never saw, as the previous issue (1)
meant the callback function would never be invoked).

3). When invoking the callback function from files_below_forall_fn()
we were passing in the wrong private_data pointer (needs to be
the one from the state, not the private_data passed into
files_below_forall_fn()).

Found when running the torture test smb2.rename.rename_dir_openfile
when fixing bug #11065.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11615

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Nov 24 19:36:20 CET 2015 on sn-devel-104

(cherry picked from commit 158200611271bd80d80280c88578dfd5380f8fd0)

Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Wed Nov 25 13:00:42 CET 2015 on sn-devel-104

selftest: add test for force user and well-known primary group

Add a test for connecting to a share with a "force user" whos
primary unix gid maps to a well-known alias.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11608

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Nov 19 23:20:36 CET 2015 on sn-devel-104
(cherry picked from commit d451bbaee2e025d4135f686c0f220d6337dbf38e)

Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Mon Nov 23 15:46:03 CET 2015 on sn-devel-104

auth: consistent handling of well-known alias as primary gid

When a local user has its primary group id mapped to a well-known
alias or a builtin group, smbd accepts logins of such a user, but
fails tree-connects to shares with a "force user" set to this user
with an error of NT_STATUS_INVALID_SID.

This fix causes the connect to succeed and the NT token to resemble
the token that would have been created in a login.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11608

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit d8717a038ef82caf05fff611c7cf92aecc436563)

auth: remove a line that has no effect

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11608

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 42b7d48f76189b1e138f5cac6489a4d018598c87)

winbind: Don't crash on invalid idmap configs

We should not leave NULL in idmap_domains[]. This will lead to NULL
ptr deferences in idmap_find_domain().

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11612
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Nov 19 20:16:44 CET 2015 on sn-devel-104

(cherry picked from commit 7e9aaecec552ca53c50fc0c731419af467f76a00)

fix writev(vector[...]) points to uninitialised bytes in call_trans2findfirst

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 9b2aba1b7aa7386dfc64bcefafa83374b6525354)

The last 5 patches address
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11597
backport some valgrind fixes from upstream master to 4.2 / 4.3

Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Fri Nov 20 12:18:55 CET 2015 on sn-devel-104

fix 'Invalid read of size 1' in reply_search

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 0f2f8a4f772ff22d00a9e87dafa97a431af8f6da)

fix writev(vector[...]) points to uninitialised bytes in call_trans2findnext

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 17482d52160acc869af9f7a2029d5b595d33a12d)

fix uninitialised read in process_host_announce

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 7ade51901381507beaeac92e9b0d2f0d424123a9)

remove many valgrind errors for base.lock test

mostly "Conditional jump or move depends on uninitialised value" &
"Use of uninitialised value of size 8" errors, suspect this is
related to compiler padding for the struct

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Nov  6 00:16:53 CET 2015 on sn-devel-104

(cherry picked from commit ce8068e70b11a3ce5634c56f43a035713c5ea2ed)

nss_wins: Use lp_global_no_reinit()

This avoids that we run into use after free issues when we access memory
allocated on the globals and the global being reinitialized.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11563

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 0abbfb2e4d5bcd847983ef7981840f1eab7b917c)

Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Tue Nov 17 14:42:19 CET 2015 on sn-devel-104

s3: winbind: Prevent null ptr access by returning error if no creds available

Prevent rpccli_netlogon_network_logon/rpccli_netlogon_password_logon
being called with 'NULL' credentials

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11569

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit e8fab02773892812f563eea7098847618df76e1b)

Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Mon Nov 16 13:33:26 CET 2015 on sn-devel-104

s3: rpcclient: Prevent null ptr access by returning error if no creds available

Prevent rpccli_netlogon_password_logon being called with 'NULL' credentials.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11569

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 89940f39c6d2db03b3a468942d686e762f126f9f)

s3: smbd: If EA's are turned off on a share don't allow an SMB2 create containing them.

Otherwise a create that should have failed may succeed.

Based on an original patch from John Mulligan <phlogistonjohn@asynchrono.us>
and comments from Uri Simchoni <uri@samba.org>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11589

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Wed Nov  4 22:14:22 CET 2015 on sn-devel-104

(cherry picked from commit aa3cc0b459124c66de0aad8ff41908e1bf261222)

vfs_gpfs: Re-enable share modes

is_ntfs_default_stream_smb_fname returns false for a NULL stream name, so for
streamless filenames we do not set gpfs share modes without this patch.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11243
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Nov  6 03:21:01 CET 2015 on sn-devel-104

texpect: undefined symbol rep_fprintf

Add libreplace dependency to texpect, fixes a linking error on Solaris.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11511

Signed-off-by: Tom Schulz <schulz@adi.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Oct 22 14:28:17 CEST 2015 on sn-devel-104

(cherry picked from commit c466ad47d53b1f3fbfc582a89f4b90a2c5dee2e9)

Changing log level of two entries to DBG_NOTICE

On domain members using RFC2307, machine acccounts without an uidNumber
attribute are not retrieved via idmap_ad. This leads to many of the following
two error messages:
   Username DOMAIN\machineaccountname$ is invalid on this system
and
   Failed to map kerberos principal to system user (NT_STATUS_LOGON_FAILURE)
Machine accounts don't have an uidNumber attribute, if not set manually. To
avoid flooding the logs, setting message from debug level 1 to DBG_NOTICE.

Bugreport: https://bugzilla.samba.org/show_bug.cgi?id=9912

Signed-off-by: Marc Muehlfeld <mmuehlfeld@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov  4 00:46:15 CET 2015 on sn-devel-104

(cherry picked from commit 18879dab9affffd79a647a4de697512c03e04425)

Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Fri Nov  6 15:36:28 CET 2015 on sn-devel-104

lib: util: Make non-critical message a warning.

Non-root utilities (e.g. bin/net) call this via messaging_init().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11566

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 859e3415b38538ff6c023e4a56570d94a4fe4432)

s3:smb2_server: make the logic of SMB2_CANCEL DLIST_REMOVE() clearer

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11581

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit ad85c8905184d125a2a38569f7955ccbf443ebcd)

Autobuild-User(v4-3-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-3-test): Thu Nov  5 14:51:25 CET 2015 on sn-devel-104

s3-smbd: Fix use after issue in smbd_smb2_request_dispatch()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11581

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Oct 30 19:49:47 CET 2015 on sn-devel-104

(cherry picked from commit db9e10d071793b91b3f3d40225a8634e3c34f65e)

manpage: corrected small typo error

Corrected mistakes, probably comming from a too fast
"copy and paste", in the smb.conf manpage.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11584

Signed-off-by: YvanM <yvan.masson@openmailbox.org>
Reviewed-by: Björn Jacke <bj@sernet.de>
Reviewed-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Mon Nov  2 14:43:15 CET 2015 on sn-devel-104

(cherry picked from commit d66863b1fff862aa2ae21a06116bc2a2b2f7a6ce)