git.samba.org - aaptel/samba-autobuild/.git/log

ldb: Release 1.2.3

- Intersect the index from SCOPE_ONELEVEL with the index for the search expression

    This helps ensure we do not have to scan all objects at this level
    which could be very many (one per DNS zone entry).

    However, due to the O(n*m) behaviour in the LDB index code
    we only do this for small numbers of matches on the
    filter tree.

    This behaviour will only be for ldb 1.2 and will not be kept
    long-term in LDB, versions 1.3.1 and above will instead only
    intersect when the more efficient GUID index is in use.

    Finally, disallowDNFilter now applies to SCOPE_ONELEVEL banning
    dn= as a filter string when so configured.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13191

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

ldb: Intersect the index from SCOPE_ONELEVEL with the index for the search expression

This helps ensure we do not have to scan all objects at this level
which could be very many (one per DNS zone entry).

However, due to the O(n*m) behaviour in list_intersect() for ldb
1.2 and earlier, we only do this for small numbers of matches on the
filter tree.

This behaviour will only be for ldb 1.2 and will not be kept
long-term in LDB, versions 1.3.1 and above will instead only
intersect when the GUID index is in use.

NOTE WELL: the behaviour of disallowDNFilter is enforced
in the index code, so this fixes SCOPE_ONELEVEL to also
honour disallowDNFilter if there @IDXONE is enabled. Again,
this will change again in 1.3.1 and above.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13191

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(adapted from ef240aaca0ef693a96726ac2366c454294b87b96 in master)

ldb_tdb: Provide struct ltdb_private to index routines

This will make it easier to switch the GUID index mode on and off

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13191

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(cherry picked from commit 3d952157d72b3a4635f3942449c1727c438c97c6)

selftest: Do not use dn= filter string

This accidentially worked with SCOPE_ONELEVEL against Samba but dn= filters are
not valid in AD.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(cherry picked from commit 44eee9ce9e9818df8387b2b3782504408112f12c)

s4:samba: Fix default to be running samba as a deamon

Commit 8736013dc42c5755b75bbb2e843a290bcd545909 got the (confusing) sense of opt_fork
wrong.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13129

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Dec 19 11:24:29 CET 2017 on sn-devel-144

(cherry picked from commit 0806ff7dfd3f982226e4cd9b923a0e570b765f0c)

Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-7-test): Thu Dec 21 00:55:29 CET 2017 on sn-devel-144

messaging: Always register the unique id

The winbind child does not call serverid_register, so the unique id is not
registered. ctdbd_process_exists now calls CTDB_CONTROL_CHECK_PID_SRVID, which
then fails.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13180
Signed-off-by: Volker Lendecke <vl@samba.org>
Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-7-test): Fri Dec 15 15:35:25 CET 2017 on sn-devel-144

winbindd: idmap_rid: error code for failing id-to-sid mapping request

NT_STATUS_NO_SUCH_DOMAIN triggers complete request failure in the parent
winbindd. By returning NT_STATUS_NONE_MAPPED winbindd lets the individual
mapping fail but keeps processing any remaining mapping requests.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13052

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Oct 10 19:57:37 CEST 2017 on sn-devel-144

(cherry picked from commit 490c35df35bad6c2f1c4acd2f056d6fdc480ec1f)

Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-7-test): Thu Dec 14 16:32:49 CET 2017 on sn-devel-144

winbindd: idmap_rid: don't rely on the static domain list

The domain list in the idmap child is inherited from the parent winbindd
process and may not contain all domains in case enumerating trusted
domains didn't finish before the first winbind request that triggers the
idmap child fork comes along.

The previous commits added the domain SID as an additional argument to
the wbint_UnixIDs2Sids request, storing the domain SID in struct
idmap_domain.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13052

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 108675c4cf4c3d5bd29468255743423a56bd1471)

winbindd: pass domain SID to wbint_UnixIDs2Sids

This makes the domain SID available to the idmap child for
wbint_UnixIDs2Sids mapping request. It's not used yet anywhere, this
comes in the next commit.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13052

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 71f99cb132f4c26f9febac6cb7dcd79f4940216a)

winbindd: add domain SID to idmap mapping domains

Fetch the domain SID for every domain in the idmap-domain map. This is
in preperation of passing the domain SID as an additional argument to
xid2sid requests to the idmap child.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13052

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 59438bfd3d3551195582cf88bd1109c3cbc7e12a)

pthreadpool: Add a test for the race condition fixed in the last commit

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13179
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 53f7bbca0451e4f57cdbe8ab4f67f601fe8d40c1)

pthreadpool: Fix starvation after fork

After the race is before the race:

1) Create an idle thread
2) Add a job: This won't create a thread anymore
3) Immediately fork

The idle thread will be woken twice before it's actually woken up: Both
pthreadpool_add_job and pthreadpool_prepare_pool call cond_signal, for
different reasons. We must look at pool->prefork_cond first because otherwise
we will end up in a blocking job deep within a fork call, the helper thread
must take its fingers off the condvar as quickly as possible. This means that
after the fork there's no idle thread around anymore that would pick up the job
submitted in 2). So we must keep the idle threads around across the fork.

The quick solution to re-create one helper thread in pthreadpool_parent has a
fatal flaw: What do we do if that pthread_create call fails? We're deep in an
application calling fork(), and doing fancy signalling from there is really
something we must avoid.

This has one potential performance issue: If we have hundreds of idle threads
(do we ever have that) during the fork, the call to pthread_mutex_lock on the
fork_mutex from pthreadpool_server (the helper thread) will probably cause a
thundering herd when the _parent call unlocks the fork_mutex. The solution for
this to just keep one idle thread around. But this adds code that is not
strictly required functionally for now.

More detailed explanation from Jeremy:

First, understanding the problem the test reproduces:

add a job (num_jobs = 1) -> creates thread to run it.
job finishes, thread sticks around (num_idle = 1).
num_jobs is now zero (initial job finished).

a) Idle thread is now waiting on pool->condvar inside
pthreadpool_server() in pthread_cond_timedwait().

Now, add another job ->

pthreadpool_add_job()
-> pthreadpool_put_job()
This adds the job to the queue.
Oh, there is an idle thread so don't
create one, do:

pthread_cond_signal(&pool->condvar);

and return.

Now call fork *before* idle thread in (a) wakes from
the signaling of pool->condvar.

In the parent (child is irrelevent):

Go into: pthreadpool_prepare() ->
pthreadpool_prepare_pool()

Set the variable to tell idle threads to exit:

pool->prefork_cond = &prefork_cond;

then wake them up with:

pthread_cond_signal(&pool->condvar);

This does nothing as the idle thread
is already awoken.

b) Idle thread wakes up and does:

Reduce idle thread count (num_idle = 0)

pool->num_idle -= 1;

Check if we're in the middle of a fork.

if (pool->prefork_cond != NULL) {

Yes we are, tell pthreadpool_prepare()
we are exiting.

pthread_cond_signal(pool->prefork_cond);

And exit.

pthreadpool_server_exit(pool);
return NULL;
}

So we come back from the fork in the parent with num_jobs = 1,
a job on the queue but no idle threads - and the code that
creates a new thread on job submission was skipped because
an idle thread existed at point (a).

OK, assuming that the previous explaination is correct, the
fix is to create a new pthreadpool context mutex:

pool->fork_mutex

and in pthreadpool_server(), when an idle thread wakes up and
notices we're in the prepare fork state, it puts itself to
sleep by waiting on the new pool->fork_mutex.

And in pthreadpool_prepare_pool(), instead of waiting for
the idle threads to exit, hold the pool->fork_mutex and
signal each idle thread in turn, and wait for the pool->num_idle
to go to zero - which means they're all blocked waiting on
pool->fork_mutex.

When the parent continues, pthreadpool_parent()
unlocks the pool->fork_mutex and all the previously
'idle' threads wake up (and you mention the thundering
herd problem, which is as you say vanishingly small :-)
and pick up any remaining job.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13179
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit f6858505aec9f1004aeaffa83f21e58868749d65)

third_party: Fix a typo in the option name

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13174

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit e7e68958025937f97554cd956ca482dfe507f803)

third_party: Link th aesni-intel library with -z noexecstack

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13174

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
(cherry picked from commit 6015cfad6ebf46b9f311a069dd960ff5af5bdcd8)

s3: libsmb: Fix reversing of oldname/newname paths when creating a reparse point symlink on Windows from smbclient.

This happened as smbd doesn't support reparse points so we couldn't test.
This was the reverse of the (tested) symlink parameters in the unix extensions
symlink command.

Rename parameters to link_target instead of oldname so this is clearer.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13172

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit abbc9b9ab793d22bca6a37828f4375ef38c56dd3)

Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-7-test): Wed Dec 13 14:19:59 CET 2017 on sn-devel-144

s3: client: Rename <oldname> to <link_target> in cmd_symlink() and cli_posix_symlink().

Stops us from mixing up the old and new names. Only behavior change
is correcting the names printed in the error messages.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13172

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 8448dcaa8da78bcb84fca6a000c75e256bce1e77)

pthreadpool: Fix deadlock

Christof's idea from

https://lists.samba.org/archive/samba-technical/2017-December/124384.html

was that the thread already exited. It could also be that the thread is
not yet idle when the new pthreadpool_add_jobs comes around the corner.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Wed Dec 13 04:46:12 CET 2017 on sn-devel-144

(cherry picked from commit dfc4670640341761b346065922a62a3e755e9e58)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13170

pthreadpool: Add test for pthread_create failure

This is implemented using cmocka and the __wrap override for
pthread_create.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13170

Signed-off-by: Christof Schmitt <cs@samba.org
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Fri Dec 8 13:54:20 CET 2017 on sn-devel-144

(cherry picked from commit 8cdb3995caf7a21d0c27a56a0bf0c1efd5b491e4)

wscript: Add check for --wrap linker flag

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13170

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 8e17be1c3df09c238560c8a7e62c17e9f9ff9bc7)

pthreadpool: Undo put_job when returning error

When an error is returned to the caller of pthreadpool_add_job, the job
should not be kept in the internal job array. Otherwise the caller might
free the data structure and a later worker thread would still reference
it.

When it is not possible to create a single worker thread, the system
might be out of resources or hitting a configured limit. In this case
fall back to calling the job function synchronously instead of raising
the error to the caller and possibly back to the SMB client.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13170

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 065fb5d94d25d19fc85832bb85aa9e379e8551cc)

pthreadpool: Move creating of thread to new function

No functional change, but this simplifies error handling.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13170

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 949ccc3ea9073a3d38bff28345f644d39177256f)

ctdb-daemon: Send STARTUP control after startup event

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13154

STARTUP control is primarily used to synchronise tcp tickles from running
nodes to a node which has just started up.  Earlier STARTUP control was
sent (using BROADCAST_ALL) after setup event.  Once the other nodes in
the cluster connected to this node, the queued up messages would be sent
and the tcp tickles would get synchronised.

Recent fix to drop messages to disconnected or not-yet-connected nodes,
the STARTUP control was never sent to the remote nodes and the tcp
tickles did not get synchronised.

To fix this problem send the STARTUP control (using BROADCAST_CONNECTED)
after startup event.  By this time all the running nodes in the cluster
are connected.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Nov 30 15:29:48 CET 2017 on sn-devel-144

(cherry picked from commit d7a5cd589b7b16d625dbc64dac21a1384519e32b)

ctdb-takeover: Send tcp tickles immediately on STARTUP control

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13154

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit 73e261b48c4abc91e00775ac7437752c9640e5bd)

ctdb-takeover: Refactor code to send tickle lists for all public IPs

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13154

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit 2b253f6b1bc4e765f3fcb614a3b67b14084a625d)

vfs_zfsacl: fix compilation error

Bug: https://bugzilla.samba.org/show_bug.cgi?id=6133

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Nov 2 03:16:11 CET 2017 on sn-devel-144

(cherry picked from commit 11da1e5c056c92fd7f51ecce0285628cac65f174)

Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-7-test): Thu Dec 7 14:19:57 CET 2017 on sn-devel-144

winbindd: let normalize_name_map() call find_domain_from_name_noinit()

Let normalize_name_map fetch the domain itself with
find_domain_from_name_noinit().

This removes two calls to find_domain_from_name_noinit() in the default
configuration of "winbind normalize names = no". The domain is only need
in normalize_name_map if "winbind normalize names" is enabled.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13173

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 1ce165a73350e802500c32435dbefe3639340435)

Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-7-test): Tue Dec 5 14:48:41 CET 2017 on sn-devel-144

s3: libsmb: Fix valgrind read-after-free error in cli_smb2_close_fnum_recv().

cli_smb2_close_fnum_recv() uses tevent_req_simple_recv_ntstatus(req), which
frees req, then uses the state pointer which was owned by req.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13171

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Nov 30 05:47:12 CET 2017 on sn-devel-144

(cherry picked from commit 5c8032b6b8ce4439b3ef8f43a62a419f081eb787)

testprogs: Test net ads keytab list

Test that correct keytab is picked up.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13166

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 4be05c835e9d8b8f13856d592aaf42b40ce397c2)

s3:libads: net ads keytab list fails with "Key table name malformed"

When keytab_name is NULL don't call smb_krb5_kt_open use ads_keytab_open
instead, this function will determine the correct keytab to use.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13166

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 3048ae318fc8b4d1b7663826972306372430a463)

vfs_fruit: proper VFS-stackable conversion of FinderInfo

This fixes the problem that conversion failed with
fruit:metadata=stream. Before we were calling ad_set() which stores the
metadata in the Netatalk compatible format.

Rewrite to fully go through the VFS by calling SMB_VFS_CREATE_FILE() and
SMB_VFS_PWRITE().

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov 29 08:38:06 CET 2017 on sn-devel-144

(cherry picked from commit 1da17204344a99a3bfa289355a996027a21814b8)

vfs_fruit: add AfpInfo prototypes

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 84976cb670847f199598995d48bd9c3f3dd0f035)

s4/torture: fruit: in test_adouble_conversion() also check stream list and AFPINFO_STREAM

This reveals that the conversion doesn't work properly with
fruit:metadata=stream.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 7b00b558761b6564928289efcf835e9b9cc86a89)

s4/torture: fruit: remove use of localdir from test_adouble_conversion test

The previous use of localdir and torture_setup_local_file() was
motivated by the fact that by default vfs_fruit rejects access to files
with a "._" prefix.

Since a previous commit allowed SMB access to ._ files, rewrite the
test_adouble_conversion() test to create the ._ AppleDouble file over
SMB.

This also renders torture_setup_local_file() obsolete.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit ebbffd80862d7d7b025eca219bc0c8f818585ac9)

selftest: add "fruit:veto_appledouble = no" to fruit shares

This is needed for a subsequent commit that modifies an existing test to
write a ._ file over SMB instead of using the ugly local creation hack.

SMB acces of ._ files requires "fruit:veto_appledouble = no", so let's
set it.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 3f9b45a410384904d64bdd0d68ff2a5bc25bd3e9)

s4/torture: let write_stream() deal with stream=NULL

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit ac880848a905a3840b69af2cb1d842d307401a07)

selftest: run AppleDouble sidecar-file conversion test runs against all fruit shares

This needs for work in all possible fruit configs, so test it.

This currently fails with stream_depot, as we don't propely copy over
the resourcefork data from the ._ file to the stream.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit e28dd6a0ce753a880b2512eb62661411b20f763b)

s4/torture: use torture_assert_goto in a vfs.fruit test

No change in behavior.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 9af9c5c073d88b126aebd4a2d7a1a1971527fbf4)

s4/torture: rework stream names tests usage of local xattr call

Previously this test, that tests for correct conversion of ':' in stream
names, only worked with streams_xattr with "fruit:metadata" set to
"netatalk".

In order to have test coverage for fruit shares with other configs,
split the test into two:

one test creates the stream over SMB and run against all shares, the
other one is the unmodified existing test and is only run against the
share with streams_xattr and fruit:metadata=netatalk.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 75a3c0f3b1f843ba9a7838aa7a1c311fc262f8c7)

selftest: add localdir option to fruit subtests

A subsequent commits modifies an existing tests that needs $localdir to
also run against "vfs_fruit_metadata_stream" and
"vfs_fruit_stream_depot". This reveals test failures, those will be
fixed in a subsequent commit.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 3c1bdafde6419c266941624f57cf768e57e2bd98)

selftest: reorder arguments for fruit tests

This just puts the auth option first matching the first test with the
"vfs_fruit" share directly above the modified lines.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13155

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 06542b2c4c000e5397f0990713de7f7bb67cc0bd)

s3/loadparm: don't mark IPC$ as autoloaded

A related problem that affects configuration for the hidden IPC$
share. This share is marked a "autoloaded" and such shares are not
reloaded when requested. That resulted in the tcon to IPC$ still using
encrpytion after running the following sequence of changes:

1. stop Samba
2. set [global] smb encrypt = required
3. start Samba
4. remove [global] smb encrypt = required
5. smbcontrol smbd reload-config
6a bin/smbclient -U slow%x //localhost/raw -c quit, or
6b bin/smbclient -U slow%x -mNT1 //localhost/raw -c ls

In 6a the client simply encrypted packets on the IPC$ tcon. In 6b the
client got a tcon failure with NT_STATUS_ACCESS_DENIED, but silently
ignore the error.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13051

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Nov 28 02:02:37 CET 2017 on sn-devel-144

(cherry picked from commit deaaff6843159f02bb15aeaf457f8af305e40164)

s3/loadparm: ensure default service options are not changed

Rename sDefault to _sDefault and make it const. sDefault is make a copy
of _sDefault in in the initialisation function lp_load_ex().

As we may end up in setup_lp_context() without going through
lp_load_ex(), sDefault may still be uninitialized at that point, so I'm
initializing lp_ctx->sDefault from _sDefault.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13051

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit ea4e6f95ae5c97e8570b8090ee7e7a577b49a8c3)

s3/loadparm: allocate a fresh sDefault object per lp_ctx

This is in preperation of preventing direct access to sDefault in all
places that currently modify it.

As currently s3/loadparm is afaict not accessing lp_ctx->sDefault, but
changes sDefault indirectly through lp_parm_ptr() this change is just a
safety measure to prevent future breakage.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13051

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 1fc103547023aa1c880713e5b65ec164acb58b54)

Add vfs_zfsacl manpage to the list of manpages if we have this module enabled.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12934

Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 8034b88d4e771663c4b7b581fb6b1992c33d5d96)

Fix typo in the "wide links" description for the getwd cache.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12934

Signed-off-by: Timur I. Bakeyev <timur@iXsystems.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit e9e4cd4d2b6ae376cba90fdb56b9c9684f2dc492)

s4:samba: Allow samba daemon to run in foreground

We are passing the no_process_group to become_daemon() that setsid() is
not called. In case we are double forking, we run in SysV daemon mode,
setsid() should be called!

See:
https://www.freedesktop.org/software/systemd/man/daemon.html

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13129

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 8736013dc42c5755b75bbb2e843a290bcd545909)

Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-7-test): Thu Nov 30 14:11:02 CET 2017 on sn-devel-144

s4:samba: Do not segfault if we run into issues

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit bfafabfb942668328401a3c89fc55b50dc56c209)

s4/smbd: set the process group.

Set the process group in the samba daemon, the --no-process-group option
allows this to be disabled. The no-process-group option needs to be
disabled in self test.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Sep 18 04:39:50 CEST 2017 on sn-devel-144

repl_meta_data: Fix removing of backlink on deleted objects

USER is memberOf GROUP and they both were deleted on W2K8R2 AD. Domain join ends
with error below.

Failed to apply records: ../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:421
8: Failed to remove backlink of memberOf when deleting CN=USER\0ADEL:a1f2a2cc-1
179-4734-b753-c121ed02a34c,CN=Deleted Objects,DC=samdom,DC=intern: dsdb_module_
search_dn: did not find base dn CN=GROUP\0ADEL:030d0be1-3ada-4b93-8371-927f2092
3116,CN=Deleted Objects,DC=samdom,DC=intern (0 results): Operations error
Failed to commit objects: WERR_GEN_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13120

Signed-off-by: Andrej Gessel <Andrej.Gessel@janztec.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 40bd7e145a68c9a58d6bc3c5526a12fdf0027729)

Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-7-test): Wed Nov 29 13:43:37 CET 2017 on sn-devel-144

repl_meta_data: Allow delete of an object with dangling backlinks

This should not happen, but stopping all replication because of it is a pain.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Nov 24 19:53:50 CET 2017 on sn-devel-144

(cherry picked from commit 6cf7abbcfdad84fee57852862ebe44aa6115ca25)

selftest: Add more corruption cases for runtime and dbcheck

These tests now confirm we can handle these issues at runtime
as well as at dbcheck

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 4815efc0e3f89079e7c9b868b7514ea7c49a807c)

selftest: add dbcheck tests for duplicate links

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 70bf809e0cdf84029022ca95fb83d17a0d6e36c0)

dbcheck: detect and fix duplicate links

Check with git show -w

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 239fbeb163c24b0f08e1bd9d8f7a9f73443d4b90)

dbcheck: only calculate linked attribute helper variables once in check_dn()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 9a631560c9358e4f28b96fecf23a545e1d04098c)

dbcheck: remove indentation level

Check with git show -w

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit eb6bd6511a98dafebaa0d3951fe78c77acf13e3a)

dsdb:extended_dn_store: implement DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS control

This will be used by dbcheck to fix duplicate link values.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 83aa22260bd39ad0e6aab7764f9a7fc915d02a4b)

dsdb:repl_meta_data: implement DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS control

This will be used by dbcheck to fix duplicate link values.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 9a1e23a1f67c38248e41e0d3aa2af8a682477364)

s4:dsdb: allocate DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS oid

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 1eb8d8ec5a62baf1b8e3c7cb1856787de4a3ccb2)

s4:schema_samba4: mark DSDB_CONTROL_INVALID_NOT_IMPLEMENTED 1.3.6.1.4.1.7165.4.3.32 as allocated

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 126d28d0b58740a8abd4137562dda685a57449bb)

selftest: Additional check for a backlink pointing at a deleted object

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit a784cc3a7f2043a5762d426e904a90e44b101ecd)

selftest: Split out creation of complex (often invalid) links

This will allow us to test other run-time behaviour with broken
databases.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 25ae8d72d66cbe7342b50254ede7e5890bc23b73)

selftest: Split out dbcheck runs from dangling_multi_valued test

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit b99d2ee122991d0bf1742fa5665656bbbba44057)

selftest: add more dbcheck tests

This validates some more combinations and ensures that the changes
in 962a1b32201fce0a49c6be55943d4fbb57ed781e are tested.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 7be38c605468786894a373e15068b8017323da78)

dbcheck: Use the GUID as the DN to fix replPropertyMetaData

This allows this to still work after an object is renamed under the deleted objects container.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 527f2c95cfe24d29fa34ed19db3b073781d96d9a)

dbcheck: Clarify error count bumping in deleted/gone DN handling

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 3b111fbdbed99d5d90c1120243200baae9867534)

selftest: sort dbcheck output to avoid sort order impacting results

The GUID index code will change the returned results order

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(cherry picked from commit da575f01313673fedfc7d15ec11ba6818dbd30d8)

dbcheck: Allow removal of one-way links to missing objects

If dbcheck is not run within the tombstone lifetime, these links can
persist in the database forever. The risk of unintentional information loss
is why these links are only removed within the same partition. A
replication may be in progress which has created only one end of
the link, so we must keep that.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Rowland Penny <rpenny@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 19 00:50:19 CEST 2017 on sn-devel-144

(cherry picked from commit 962a1b32201fce0a49c6be55943d4fbb57ed781e)

systemd: Start processes in forground and without a process group

We should not double fork in notify mode or systemd think something
during startup will be wrong and send SIGTERM to the process. So
sometimes the daemon will not start up correctly.

systemd will also handle the process group.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13129

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 8b6f58194da7e849cdb9d20712dff49b17a93a77)

libnet_join: fix "net rpc oldjoin"

We need to open the ncacn_np (smb) transport connection with
anonymous credentials.

In order to do netr_ServerPasswordSet*() we need to
establish a 2nd netlogon connection using dcerpc schannel
authentication.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13149

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(similar to commit d27f38d35bf111a5c0a898a5ef8b7dd0b320da0d)

Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-7-test): Tue Nov 28 14:47:32 CET 2017 on sn-devel-144

s3:selftest: add samba3.blackbox.net_rpc_oldjoin test

This demonstrates that "net rpc oldjoin" is currently broken.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13149

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 9466796c87cc4ca8d32da553421cd8ecef1bb8e4)

vfs_glusterfs: include glusterfs/api/glfs.h without relying on -I options

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13125

The glfs.h header file has always resided under glusterfs/api/ in the
standard include directory. The glusterfs-api.pc file adds the unneeded
-I${includedir}/glusterfs compiler option. This option will be removed
from future versions of the pkg-config file.

This change can safely be backported to older versions if there is a
need to have them build against glusterfs-3.13 or newer.

URL: https://review.gluster.org/18576
CC: Andrea Bolognani <abologna@redhat.com>
Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Nov 9 22:37:30 CET 2017 on sn-devel-144

(cherry picked from commit 732ba3c84a2d40040550ea36b0478dd6af9a173a)

Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-7-test): Fri Nov 24 16:23:43 CET 2017 on sn-devel-144

ctdb-common: Call missing tevent_wakeup_recv() in sock_daemon

https://bugzilla.samba.org/show_bug.cgi?id=13153

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit 49308f7f22f3d6fa05cc81fdef3db020e503fa9f)

Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-7-test): Wed Nov 22 16:57:01 CET 2017 on sn-devel-144

ctdb-daemon: Allocate deferred calls off calling context

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13152

This makes sure that if a client disconnects, all the deferred calls
from the client are correctly freed.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit 848f2425984667c243ccac847b8f48a66ce10178)

winbind: Remove winbind_messaging_context

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13150

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Nov 18 04:07:24 CET 2017 on sn-devel-144

(cherry picked from commit 050ca45dc7fc5bbab6e1c60b919ac0b1e9661e27)

winbind: winbind_messaging_context -> server_messaging_context

Don't use winbind_messaging_context anymore.

This fixes a bug analysed by Peter Somogyi <PSOMOGYI@hu.ibm.com>: If a
parent winbind forks, it only called reinit_after_fork on
winbind_messaging_context. On the other hand, deep in dbwrap_open we use
server_messaging_context(). This is not reinitialized by
winbind_reinit_after fork, so the parent and child share a ctdb
connection. This is invalid, because replies from ctdb end up in the
wrong process.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13150

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit d8a01d09c13728f36107f6eb94ecb7653706a4db)

winbind: Remove winbind_event_context

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13150

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit e1f12acc13a3cc004518ac3460c6000ea0b95115)

winbind: Replace winbind_event_context with server_event_context

There's no point in having two global event contexts

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13150

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 7e83d1489406cd53d72097e40bf02295c88ea61e)

s3: smbclient: tests: Test "volume" command over SMB1 and SMB2+.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13140

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Nov 15 19:50:54 CET 2017 on sn-devel-144

(cherry picked from commit f8cd211acc3824e01d89a6f8b6666c39aa5cd54e)

s3: smbclient: Implement "volume" command over SMB2.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13140

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit aaa52ab7b5ae711b80e3967ab1ecc91888c346f6)

VERSION: Bump version up to 4.7.4...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

Merge tag 'samba-4.7.3' into v4-7-test

samba: tag release samba-4.7.3

s3: libsmb: smbc_statvfs is missing the supporting SMB2 calls.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13138

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit eefc7a27155b70d027b1193187dd435267d863ea)

Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-7-test): Mon Nov 20 17:19:21 CET 2017 on sn-devel-144

libsmbclient: Allow server (NetApp) to return STATUS_INVALID_PARAMETER from an echo.

It does this if we send a session ID of zero. The server still replied.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13007

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Nov 11 08:44:37 CET 2017 on sn-devel-144

(cherry picked from commit a0f6ea8dec1ab3d19bc93da12a9b0a1c0ccf6142)

VERSION: Disable GIT_SNAPSHOT for the 4.7.3 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

WHATSNEW: Add release notes for Samba 4.7.3.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

s3: smbd: Chain code can return uninitialized memory when talloc buffer is grown.

Ensure we zero out unused grown area.

CVE-2017-15275

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13077

Signed-off-by: Jeremy Allison <jra@samba.org>

s3: smbd: Fix SMB1 use-after-free crash bug. CVE-2017-14746

When setting up the chain, always use 'next->' variables
not the 'req->' one.

Bug discovered by 连一汉 <lianyihan@360.cn>

CVE-2017-14746

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13041

Signed-off-by: Jeremy Allison <jra@samba.org>

VERSION: Bump version up to 4.7.3...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

VERSION: Disable GIT_SNAPSHOT for the 4.7.2 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

WHATSNEW: Add release notes for Samba 4.7.2.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

s4: torture: kernel oplocks. Add smb2.kernel-oplocks.kernel_oplocks8

Test if the server blocks whilst waiting on a kernel lease held by
a non-smbd process.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13121

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Nov 11 20:12:26 CET 2017 on sn-devel-144

(cherry picked from commit ad82557e1355107920ae80fd6a0df0f16d1bdb6c)

Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-7-test): Tue Nov 14 16:59:15 CET 2017 on sn-devel-144

s3: smbd: kernel oplocks. Replace retry_open() with setup_kernel_oplock_poll_open().

If a O_NONBLOCK open fails with EWOULDBLOCK, this code changes smbd to
do a retry open every second, until either the timeout or we get a successful
open. If we're opening a file that has a kernel lease set by a non-smbd
process, this is the best we can do.

Prior to this, smbd would block on the second open on such a leased file
(not using O_NONBLOCK) which freezes active clients.

Regression test to follow.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13121

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 47c13fc10a2c9709e9511b2ffcf0e1004497887d)

python: use communicate to fix Popen deadlock

`Popen.wait()` will deadlock when using stdout=PIPE and/or stderr=PIPE and the
child process generates large output to a pipe such that it blocks waiting for
the OS pipe buffer to accept more data. Use communicate() to avoid that.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Oct 19 09:27:16 CEST 2017 on sn-devel-144

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13127

(cherry picked from commit 5dc773a5b00834c7a53130a73a48f49048bd55e8)

blackbox tests: method to check specific exit codes

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(cherry picked from commit 74ebcf6dfc84b6aab6838fa99e12808eb6b913d9)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13127

tevent: version 0.9.34

* Remove unused select backend
* Fix a race condition in tevent_threaded_schedule_immediate()
(bug #13130)

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Nov 13 18:02:46 CET 2017 on sn-devel-144

(cherry picked from commit 2e573eead96b2e98dd8a15c9c8e470679e530392)

lib: tevent: Remove select backend.

select() is no longer useful on modern systems.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sat Sep 16 08:35:39 CEST 2017 on sn-devel-144

(cherry picked from commit 2a003b1a576dcbbba0d60bae90427776a5c27867)

tevent: Fix a race condition

We can't rely on tctx to exist after we unlocked the mutex. It took a
while, but this does lead to data corruption. If *tctx is replaced with
something where tctx->wakeup_fd points to a real, existing file
descriptor, we're screwed. And by screwed, this means file corruption
on disk.

Again. I am not tall enough for this business.

http://bholley.net/blog/2015/must-be-this-tall-to-write-multi-threaded-code.html

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13130

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Nov 11 03:20:09 CET 2017 on sn-devel-144

(cherry picked from commit 20cfcb7dbc5dd099384b76a76e3d35cf627100b6)

Autobuild-User(v4-7-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-7-test): Mon Nov 13 13:54:56 CET 2017 on sn-devel-144

s4: torture: Add smb2 FIND_and_set_DOC test case.

Regression tests doing an SMB2_find followed by
a set delete on close and then close on a directory.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13118

Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sun Nov 5 12:31:12 CET 2017 on sn-devel-144

(cherry picked from commit 44c018bdcc2d81aaf667d11c0c8fae209419ddd7)

s3: smbd: Fix delete-on-close after smb2_find

Both dptr_create() and can_delete_directory_fsp() are calling OpenDir_fsp()
to get a directory handle. This causes an issue when delete-on-close is
set after smb2_find because both directory handle instances share the same
underlying file descriptor. In addition the SMB_ASSERT() in destructor
smb_Dir_destructor() gets triggered.

To avoid this use OpenDir() instead of OpenDir_fsp().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13118

Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit c9e996d78df3ce326a5c13f8f4f1426918769ceb)

s4: torture: kernel_oplocks. Create a regression test case for bug #13058.

It implements the following test case:

1. client of smbd-1 opens the file and sets the oplock.
2. client of smbd-2 tries to open the file. open() fails(EAGAIN) and open is deferred.
3. client of smbd-1 sends oplock break request to the client.
4. client of smbd-1 closes the file.
5. client of smbd-1 opens the file and sets the oplock.
6. client of smbd-2 calls defer_open_done(), sees that the file lease was not changed
and does not reschedule open.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13058

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
(cherry picked from commit 15597a95ecd2d1c2b7edce4942d489c95796951f)