VERSION: Disable git snapshots for the 4.2.7 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

WHATSNEW: Add release notes for Samba 4.2.7.

This is a security to address CVE-2015-3223, CVE-2015-5252,
CVE-2015-5299, CVE-2015-5296, CVE-2015-8467, CVE-2015-5330.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

CVE-2015-8467: samdb: Match MS15-096 behaviour for userAccountControl

Swapping between account types is now restricted

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11552

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

CVE-2015-5296: libcli/smb: make sure we require signing when we demand encryption on a session

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

CVE-2015-5296: s3:libsmb: force signing when requiring encryption in SMBC_server_internal()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

CVE-2015-5296: s3:libsmb: force signing when requiring encryption in do_connect()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11536

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

CVE-2015-5299: s3-shadow-copy2: fix missing access check on snapdir

Fix originally from <partha@exablox.com>

https://bugzilla.samba.org/show_bug.cgi?id=11529

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

CVE-2015-5252: s3: smbd: Fix symlink verification (file access outside the share).

Ensure matching component ends in '/' or '\0'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11395

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

ldb: bump version of the required system ldb to 1.1.24

This is needed to ensure we build against a system ldb library that
contains the fixes for CVE-2015-5330 and CVE-2015-3223.

autobuild must still be able to build against the older version
1.1.20 including the patches.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11325
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11636

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

CVE-2015-5330: ldb_dn_explode: copy strings by length, not terminators

That is, memdup(), not strdup(). The terminators might not be there.

But, we have to make sure we put the terminator on, because we tend to
assume the terminator is there in other places.

Use talloc_set_name_const() on the resulting chunk so talloc_report()
remains unchanged.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Pair-programmed-with: Stefan Metzmacher <metze@samba.org>
Pair-programmed-with: Ralph Boehme <slow@samba.org>

CVE-2015-5330: next_codepoint_handle_ext: don't short-circuit UTF16 low bytes

UTF16 contains zero bytes when it is encoding ASCII (for example), so we
can't assume the absense of the 0x80 bit means a one byte encoding. No
current callers use UTF16.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

CVE-2015-5330: strupper_talloc_n_handle(): properly count characters

When a codepoint eats more than one byte we really want to know,
especially if the string is not NUL terminated.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

CVE-2015-5330: Fix handling of unicode near string endings

Until now next_codepoint_ext() and next_codepoint_handle_ext() were
using strnlen(str, 5) to determine how much string they should try to
decode. This ended up looking past the end of the string when it was not
null terminated and the final character looked like a multi-byte encoding.
The fix is to let the caller say how long the string can be.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

CVE-2015-5330: ldb_dn_escape_value: use known string length, not strlen()

ldb_dn_escape_internal() reports the number of bytes it copied, so
lets use that number, rather than using strlen() and hoping a zero got
in the right place.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

CVE-2015-5330: ldb_dn: simplify and fix ldb_dn_escape_internal()

Previously we relied on NUL terminated strings and jumped back and
forth between copying escaped bytes and memcpy()ing un-escaped chunks.
This simple version is easier to reason about and works with
unterminated strings. It may also be faster as it avoids reading the
string twice (first with strcspn, then with memcpy).

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11599

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

CVE-2015-3223: lib: ldb: Use memmem binary search, not strstr text search.

Values might have embedded zeros.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11325

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

CVE-2015-3223: lib: ldb: Cope with canonicalise_fn returning string "", length 0.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11325

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

VERSION: Bump version up to 4.2.7...

and re-enable git snapshots.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

VERSION: Disable git snapshots for the 4.2.6 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

WHATSNEW: Add release notes for Samba 4.2.6.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

docs: Fix some typos in the idmap backend section.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Nov 26 14:47:17 CET 2015 on sn-devel-104

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11619

(cherry picked from commit 257ec9c6e28b1ddc32bd554ff8259f8a067dd44e)

Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Mon Dec  7 13:49:59 CET 2015 on sn-devel-104

doc: fix a typo in the smb.conf manpage, explanation of idmap config

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Nov  6 06:26:34 CET 2015 on sn-devel-104

(cherry picked from commit c6ae462a020648c851fe6f6724ae9cf32c9d0ab8)

s3: smbd: have_file_open_below() fails to enumerate open files below an open directory handle.

There are three issues:

1). The memcmp checking that the open file path has the open
directory path as its parent compares using the wrong length
(it uses the full open file path which will never compare as
the same).

2). The files_below_forall() function doesn't fill in the
callback function or callback data when calling share_mode_forall(),
leading to a crash (which we never saw, as the previous issue (1)
meant the callback function would never be invoked).

3). When invoking the callback function from files_below_forall_fn()
we were passing in the wrong private_data pointer (needs to be
the one from the state, not the private_data passed into
files_below_forall_fn()).

Found when running the torture test smb2.rename.rename_dir_openfile
when fixing bug #11065.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11615

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Nov 24 19:36:20 CET 2015 on sn-devel-104

(cherry picked from commit 158200611271bd80d80280c88578dfd5380f8fd0)

Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Wed Nov 25 12:22:53 CET 2015 on sn-devel-104

wafsamba: Also build libraries with RELRO protection

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11346

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 893b5f81441bbc98ef403855ec8e2e39569479d2)

fix writev(vector[...]) points to uninitialised bytes in call_trans2findfirst

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 9b2aba1b7aa7386dfc64bcefafa83374b6525354)

The last 5 patches address
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11597
backport some valgrind fixes from upstream master to 4.2 / 4.3

Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Fri Nov 20 14:18:32 CET 2015 on sn-devel-104

fix 'Invalid read of size 1' in reply_search

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 0f2f8a4f772ff22d00a9e87dafa97a431af8f6da)

fix writev(vector[...]) points to uninitialised bytes in call_trans2findnext

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 17482d52160acc869af9f7a2029d5b595d33a12d)

fix uninitialised read in process_host_announce

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 7ade51901381507beaeac92e9b0d2f0d424123a9)

remove many valgrind errors for base.lock test

mostly "Conditional jump or move depends on uninitialised value" &
"Use of uninitialised value of size 8" errors, suspect this is
related to compiler padding for the struct

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Nov  6 00:16:53 CET 2015 on sn-devel-104

(cherry picked from commit ce8068e70b11a3ce5634c56f43a035713c5ea2ed)

nss_wins: Use lp_global_no_reinit()

This avoids that we run into use after free issues when we access memory
allocated on the globals and the global being reinitialized.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11563

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 0abbfb2e4d5bcd847983ef7981840f1eab7b917c)

s3: winbind: Prevent null ptr access by returning error if no creds available

Prevent rpccli_netlogon_network_logon/rpccli_netlogon_password_logon
being called with 'NULL' credentials

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11569

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit e8fab02773892812f563eea7098847618df76e1b)

Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Mon Nov 16 12:55:13 CET 2015 on sn-devel-104

s3: rpcclient: Prevent null ptr access by returning error if no creds available

Prevent rpccli_netlogon_password_logon being called with 'NULL' credentials.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11569

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 89940f39c6d2db03b3a468942d686e762f126f9f)

s3: smbd: If EA's are turned off on a share don't allow an SMB2 create containing them.

Otherwise a create that should have failed may succeed.

Based on an original patch from John Mulligan <phlogistonjohn@asynchrono.us>
and comments from Uri Simchoni <uri@samba.org>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11589

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Wed Nov  4 22:14:22 CET 2015 on sn-devel-104

(cherry picked from commit aa3cc0b459124c66de0aad8ff41908e1bf261222)

vfs_gpfs: Re-enable share modes

is_ntfs_default_stream_smb_fname returns false for a NULL stream name, so for
streamless filenames we do not set gpfs share modes without this patch.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11243
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Nov  6 03:21:01 CET 2015 on sn-devel-104

Changing log level of two entries to from 1 to 3

On domain members using RFC2307, machine acccounts without an uidNumber
attribute are not retrieved via idmap_ad. This leads to many of the following
two error messages:
   Username DOMAIN\machineaccountname$ is invalid on this system
and
   Failed to map kerberos principal to system user (NT_STATUS_LOGON_FAILURE)
Machine accounts don't have an uidNumber attribute, if not set manually. To
avoid flooding the logs, raising the level 1 to 3 for these messages.

Bugreport: https://bugzilla.samba.org/show_bug.cgi?id=9912

Signed-off-by: Marc Muehlfeld <mmuehlfeld@samba.org>
Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Fri Nov  6 14:57:14 CET 2015 on sn-devel-104

lib: util: Make non-critical message a warning.

Non-root utilities (e.g. bin/net) call this via messaging_init().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11566

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(back-ported from commit 859e3415b38538ff6c023e4a56570d94a4fe4432)

manpage: corrected small typo error

Corrected mistakes, probably comming from a too fast
"copy and paste", in the smb.conf manpage.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11584

Signed-off-by: YvanM <yvan.masson@openmailbox.org>
Reviewed-by: Björn Jacke <bj@sernet.de>
Reviewed-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Mon Nov  2 14:43:15 CET 2015 on sn-devel-104

(cherry picked from commit d66863b1fff862aa2ae21a06116bc2a2b2f7a6ce)

Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Wed Nov  4 12:24:20 CET 2015 on sn-devel-104

ctdb: strip trailing spaces from nodes file.

This is essentially commit 15ac12af9c00adb05dcdfcb637777b503b87994b
from master backported.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11365

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jose A. Rivera <jarrpa@samba.org>
Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Mon Nov  2 13:57:12 CET 2015 on sn-devel-104

ctdb: open the RO tracking db with perms 0600 instead of 0000

While 0000 is possible from the UNIX/POSIX point of view,
these permissions create problems in an environment with
selinux enabled, which is more strict.

This aligns the perms of the read only tracking db with other
internal dbs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11577

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Wed Oct 28 06:13:09 CET 2015 on sn-devel-104

(cherry picked from commit 0a90ed51245d4a7acb23d22e47ee3fd5b83819b0)

Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Thu Oct 29 12:00:24 CET 2015 on sn-devel-104

selftest: Avoid system krb5.conf in "none" test env

Some torture tests do not perform Kerberos activity and do not
run against a server (hence the "none" test env), but do create
a krb5 context, and that causes the Kerberos libs to read
krb5.conf and choke if they don't understand it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11576

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit f9d6be3b749313a03e9097d848ce078f19197a0a)

Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Wed Oct 28 15:08:10 CET 2015 on sn-devel-104

selftest: Avoid system krb5.conf in some test envs that don't use kerberos

Some test envs don't use kerberos (e.g. nt4_dc). However, the client
tools are built with Kerberos support and may get upset if hitting
a krb5.conf file they don't understand.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11576

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 8d3106b1a4d9da5bf8b127fa70a77076d3dfeca8)

selftest: Avoid system krb5.conf in testenv provisioning

Some provisioning commands don't necessarily need a krb5.conf,
but they still must cause samba's Kerberos libraries to avoid
looking at the system krb5.conf, as this file may not be understood
by samba's Kerberos libs and fail the env provisioning.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11576

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 63c891938a2d3e1c222898d6dea5c640822b0191)

auth: gensec: Parameters out_mem_ctx and ev are passed in the wrong order to gensec_spnego_server_try_fallback().

Fix suggested by <lev@zadarastorage.com>. Fixes a memory leak.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11565

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Oct 22 11:27:19 CEST 2015 on sn-devel-104

(cherry picked from commit d4059e1a53ea8940b1b147d797efa1b39a5cabd1)

async_req: fix non-blocking connect()

According to Stevens UNIX Network Programming and various other sources,
the correct handling for non-blocking connect() is:

- when the initial connect() return -1/EINPROGRESS polling the socket
  for *writeability*

- in the poll handler call getsocktopt() with SO_ERROR to get the
  finished connect() return value

Simply calling connect() a second time without error checking is
probably wrong and not portable. For a successfull connect() Linux
returns 0, but Solaris will return EISCONN:

24254:   0.0336  0.0002 connect(4, 0xFEFFECAC, 16, SOV_DEFAULT) Err#150 EINPROGRESS
24254:          AF_INET  name = 10.10.10.143  port = 1024
24254:   0.0349  0.0001 port_associate(3, 4, 0x00000004, 0x0000001D,0x080648A8) = 0
24254:   0.0495  0.0146 port_getn(3, 0xFEFFEB50, 1, 1, 0xFEFFEB60) = 1 [0]
24254:   0.0497  0.0002 connect(4, 0x080646E4, 16, SOV_DEFAULT) Err#133 EISCONN
24254:          AF_INET  name = 10.10.10.143  port = 1024

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11564

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 05d4dbda8357712cb81008e0d611fdb0e7239587)

selftest: add a test for async_connect_send()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11564

Also includes:

selftest: Fix memset parameters in test for async_connect_send()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit aa96c75346a9bad60471a206d65c7b7049b9ca83)
(cherry picked from commit 7cf45539da9cba25130457941814da12d0a828c3)

s3-torture: Remove (incorrect) samba3-specific behavior in samba3.raw.unlink now the server is correct

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11452

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit e4054f211872168ac4cf022e2d961e8979610920)

s3-torture: Add WILDDELETE test to smbtorture3 to test old wildcard delete with zero attribute

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11452

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 618d3dd5990e7477d45220cf7183c5cdaa548f1a)

s3-smbd: Fix old DOS client doing wildcard delete - gives a attribute type of zero

In the wildcard delete path we forgot to map 0 -> FILE_ATTRIBUTE_NORMAL
as we do in the non-wildcard delete path.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11452

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 1d51119f8acaa586e9ec09d14f10b43ed0053df5)

smbd: Send SMB2 oplock breaks unencrypted

This is not what Windows server does, but it seems that Windows
clients expect.  Windows->Windows never runs into this issue, because
an encryption-enabled SMB3 connection will always use leases, and lease
breaks *are* unencrypted...

You can reproduce the issue Windows->Windows by disabling leases on the
Windows server. Disable leases using the registry key:

HKLM\SYSTEM\CurrentControlSet\Services\LanmanServer\DisableLeasing

Dochelp confirmed that this is a valid workaround for Windows clients
dropping encrypted oplock breaks.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11570

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Oct 24 05:01:32 CEST 2015 on sn-devel-104

(cherry picked from commit 0a924d13cf4bb570cce3955cf0de9d8678b37dbe)

VERSION: Bump version up to 4.2.6...

and re-enable git snapshots.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

VERSION: Disable git snapshots for the 4.2.5 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

WHATSNEW: Add release notes for Samba 4.2.5.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

dcerpc.idl: accept invalid dcerpc_bind_nak pdus

Older Samba versions (<= 4.1) had a bug in the dcerpc_bind_nak
idl, see commit f73ef3028c4f4583c81b611a9714608eae79360c.

Note: ndr_pull_dcerpc_bind_nak() was generated by pidl and
has been extended by the (_available == 0) check.
That's why we ignore the 80 char per line limit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11327

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 21 20:34:28 CEST 2015 on sn-devel-104

(cherry picked from commit 38d547bc0d39b56a7491a5f220905f1756c1530a)

Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Mon Oct 26 13:40:47 CET 2015 on sn-devel-104

s3:smbstatus: add stream name to share_entry_forall()

Add stream name argument to share_entry_forall machinery so smbstatus
can print the stream name of a file.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11550

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit cd0c2a5eca43cea76491ae0d820414287c234c1a)

Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Wed Oct 21 11:39:53 CEST 2015 on sn-devel-104

s3: lsa: lookup_name() logic for unqualified (no DOMAIN\ component) names is incorrect.

Change so we only use unqualified name lookup logic if
domain component = "" and LOOKUP_NAME_ISOLATED flag is
passed in.

Remember to search for "NT Authority" *before* going
into unqualified name lookup logic.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11555

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 2f6dc260ada6cd178a650ca003c2ad22e12697c1)

s3:lib: validate domain name in lookup_wellknown_name()

If domain argument is not an empty string, only search the matching
wellknown domain name.

As the only wellknown domain with a name is "NT Authority", passing ""
to lookup_wellknown_name() will search all domains inlcuding "NT
Authority".

Passing "NT Authority" otoh will obviously only search that domain.

This change makes lookup_wellknown_name() behave like this:

in domain         | in name       | ok | out sid | out domain
========================================================
                    Dialup          +    S-1-5-1   NT Authority
NT Authority        Dialup          +    S-1-5-1   NT Authority
Creator Authority   Dialup          -    -         -
                    Creator Owner   +    S-1-3-0   ""
Creator Authority   Creator Owner   -    -         -
NT Authority        Creator Owner   -    -         -

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11555

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 23f674488a1f62fcc58bb94bed0abed98078b96d)

s3:locking: initialize lease pointer in share_mode_traverse_fn()

Initialize lease pointer to point to the share_mode_data leases array
entry at index lease_idx.

This fixes a bug in smbstatus where the lease info is not printed.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11549

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 13 01:14:09 CEST 2015 on sn-devel-104

(cherry picked from commit 0ef9c67b56a0b493ed06f9a64ac2bc2233041aee)

s4: torture: Add SMB2 access-based enumeration test. Passes against Win2k12R2.

https://bugzilla.samba.org/show_bug.cgi?id=10252

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Oct 14 19:00:03 CEST 2015 on sn-devel-104

(cherry picked from commit 808f29cb2f9de47dcf78b380cc8767e9546e1954)

lib: cli: Add accessor function smb2cli_tcon_flags() to get tcon flags.

We need this to see if a share supports access-based enumeration.

https://bugzilla.samba.org/show_bug.cgi?id=10252

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit b1bd84e9c9867092055f29fe39279e1c767f570a)

s3: smbd: Fix our access-based enumeration on "hide unreadable" to match Windows.

Torture test to follow.

https://bugzilla.samba.org/show_bug.cgi?id=10252

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit cc05f73872c36cd307da3d6fed200beb16d5c2a8)

smbd: Fix file name buflen and padding in notify repsonse

The array is uint16, doubling the file name length consumes twice the space
required.

As we're hand assembling this as a series of concatinated individual data_blobs,
we must take care to ensure the correct 4 byte alignment that was
being masked by the previous doubling of the filename length.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10634

Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Oct 18 01:56:41 CEST 2015 on sn-devel-104

(cherry picked from commit 7c483690ac6ed007798aeeb7b8549c9d55877e56)

vfs_fruit: return value of ad_pack in vfs_fruit.c

ad_pack() in vfs_fruit.c returns false on failure and 0 on success -
i.e. return value is interpreted as success even when it fails.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11543

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Tue Oct  6 16:14:42 CEST 2015 on sn-devel-104

(cherry picked from commit 5d7eaf959a0f11be878f698305fcb8908d7ba047)

Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Tue Oct 13 00:00:36 CEST 2015 on sn-devel-104

tdb: Fix bug 11381, deadlock

This fixes a deadlock in tdb that is a bad interaction between tdb_lockall
and tdb_traverse. This deadlock condition has been around even before
tdb mutexes, it's just that the kernel fcntl EDEADLK detection protected
us from this ABBA lock condition to become a real deadlock stalling
processes. With tdb mutexes, this deadlock protection is gone, so we do
lock dead.

This patch glosses over this particular ABBA condition, making tdb with
mutexes behave the same as tdb without mutexes. Admittedly this is no
real fix, but it works around a real user's problem.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11381
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 1061a9cafda7d73ebcd2f74e69e74f4adc485d5d)

vfs_commit: set the fd on open before calling SMB_VFS_FSTAT

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11547

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct  8 02:56:41 CEST 2015 on sn-devel-104

(cherry picked from commit 5709dece4860f205e31309e31ec4e3e938d9f6a5)

s3:ctdbd_conn: make sure we destroy tevent_fd before closing the socket

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11316

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 70dbba96e311449575f571db68710584fc991234)

kerberos: make sure we only use prompter type when available.

We also verified that we cannot simply remove the prompter as several older
versions of Heimdal would crash.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11038

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Oct  2 07:29:43 CEST 2015 on sn-devel-104

(cherry picked from commit 6755376cedaf0c88230b47e04c584c7d9fce13e3)

Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Mon Oct  5 12:04:41 CEST 2015 on sn-devel-104

winbind: Fix 100% loop

Thanks to "L.P.H. van Belle" <belle@bazuin.nl>
for help in reproducing the issue.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11038

From the bug report:

"With e551cdb37d3e re-applied the problem is gone with
and without kerberos. Moreover, if correctly configured,
sshd requests you to change your password at logon time,
which then succeeds.

The problem why I had this reverted was because I had not
gone through the pain to correctly configure all the PAM
services (in particular the "account" section), leading
to sshd letting the user in when the password had to be
changed."

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit e551cdb37d3e8cfb155bc33f9b162761c8d60889)

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct  2 00:16:29 CEST 2015 on sn-devel-104

(cherry picked from commit e524ab9f7ee9f4aff50dd5bc42312f9000bf1c6e)

s3: smbd: Fix NULL pointer bug introduced by previous 'raw' stream fix (bug #11522).

Ensure dirpath can never be NULL.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11535

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Oct  1 08:58:36 CEST 2015 on sn-devel-104

(cherry picked from commit f9ceaf443991e0bb5db23eeced2841436f47359e)

s3: smbd: fix a crash in unix_convert()

Some error code paths may result in dirpath being NULL.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11535

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit bec685fb13e7cbe3bb98e5647183720d31f1c522)

net: fix a crash with net ads keytab create

Fix a crash that happens when executing "net ads keytab create"
and the machine account in AD does not have setvice principal names
attached to it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11528

Signed-off-by: Uri Simchoni <urisimchoni@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit e224e622971853bddbe24df717ea5dcddef71b89)

s3: tests: smbclient test to ensure we can create and see a :foobar stream on the top level directory in a share.

Regression test for:

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11522

Remember to remove the ARCHIVE attribute from the toplevel
share when done (can only be done over SMB2+).

Back-ported from master 6ce3643e45bac6660ae69123738c4b39d7bc1864

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: smbd: Fix opening/creating :stream files on the root share directory.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11522

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 74fd4f93efe92516fc507edf71a588660782879e)

s3: smbd: Remove unused parameter from build_stream_path().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 94e7e707783036b57babc73d320d2a3d8c0648d6)

s3: smbclient: Move cmd_setmode out of clitar.c and back into client.c

setmode <file> attribute is a valid smbclient command even if libarchive
isn't on the system and tarmode isn't compiled in.

Back-ported from master a47012d5429044c9a3616718bac21360f281aa81.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

pam_winbind: Fix a segfault if initialization fails

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11502

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Sep  8 21:39:21 CEST 2015 on sn-devel-104

(cherry picked from commit 7d84cd6e40024fd361ea21635f7befed40f0e41f)

s4: torture: Test mkdir race condition.

Found by Max of LoadDynamix <adx.forum@gmail.com>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11486

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Sep 24 06:13:22 CEST 2015 on sn-devel-104

(cherry picked from commit 969d043596c0a382325d54d16dbd5e049f884fa9)

s3: smbd: Fix mkdir race condition.

Found by Max of LoadDynamix <adx.forum@gmail.com>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11486

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit b1c823dc8c2824ec89921601d8e5e95f6d18fca8)

s3: dfs: Fix a crash when the dfs targets are disabled.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11509

Signed-off-by: Har Gagan Sahai <SHarGagan@novell.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ira Cooper <ira@wakeful.net>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep 11 06:39:19 CEST 2015 on sn-devel-104

nss_winbind: fix hang on Solaris on big groups

The problem with large groups on Solaris in the the NSS winbind module is
Solaris wants the return value to be NSS_UNAVAIL if the buffer given is too
small for getgrnam_r.  The current code return NSS_TRYAGAIN which causes
Solaris/Illumos to loop without trying to resize the buffer.

Thanks to  Nathan Huff <nhuff@acm.org> for finding this out.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10365

Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Ralph Böhme <rb@sernet.de>
(cherry picked from commit d3e51b9cfe3d56530253571e020af72da1877044)

Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Tue Sep 15 13:32:29 CEST 2015 on sn-devel-104

build: use as-needed linker flag also on OpenBSD

OpenBSD is unusable with binaries with many superfluous libs linked in.
samba-tool start times of 250 seconds without as-needed vs. 1.4 seconds with
as-needed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11355

Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Ralph Böhme <rb@sernet.de>
Autobuild-User(master): Björn Jacke <bj@sernet.de>
Autobuild-Date(master): Fri Sep 11 03:37:17 CEST 2015 on sn-devel-104

(cherry picked from commit b0f41c07ffe8600433c20a038b1612c04ed29e89)

VERSION: Bump version up to 4.2.5...

and re-enable git snapshots.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

VERSION: Disable git snapshots for the 4.2.4 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

WHATSNEW: Add release notes for Samba 4.2.4.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

s4:torture:vfs_fruit: created empty resourceforks

Check for opens and creates, created empty resourceforks result in
ENOENT in subsequent opens.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11467

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep  2 06:50:16 CEST 2015 on sn-devel-104

Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Fri Sep  4 15:24:26 CEST 2015 on sn-devel-104

s4:torture:vfs_fruit: add a resource fork truncation test

Truncating a resource fork to 0 bytes should make it inaccessible for
subsequent creates and return NT_STATUS_OBJECT_NAME_NOT_FOUND.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11467

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs_fruit: delete ._ file when deleting the basefile

0 byte resource fork streams are not listed by vfs_streaminfo, as a
result stream cleanup/deletion of file deletion doesn't remove the
resourcefork stream.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11467

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs_fruit: split and simplify fruit_ftruncate

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11467

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs_fruit: handling of empty resource fork

Opening the resource fork stream with O_CREAT mustn't create a visible
node in the filesystem, only create a file handle. As long as the
creator didn't write into the stream, other openers withour O_CREAT
MUST get an ENOENT error. This is way OS X SMB server implements it.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11467

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

samr4: Use <SID=%s> in GetGroupsForUser

This way we avoid quoting problems in user's DNs

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Sep  1 23:49:14 CEST 2015 on sn-devel-104

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11488
(cherry picked from commit 841845dea35089a187fd1626c9752d708989ac7b)

Autobuild-User(v4-2-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-2-test): Thu Sep  3 11:45:06 CEST 2015 on sn-devel-104

s3-util: Compare the maximum allowed length of a NetBIOS name

This fixes a problem where is_myname() returns true if one of our names
is a substring of the specified name.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11427

Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 4e178ed498c594ffcd5592d0b792d47b064b9586)

Autobuild-User(v4-2-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-2-test): Mon Aug 31 12:33:42 CEST 2015 on sn-devel-104

s3-auth: Fix a memory leak in make_server_info_info3()

We call make_server_info(NULL) and it is possible that we do not free
it, because server_info is not allocated on the memory context we pass
to the function.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9862

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 6363c0232c2238e1a782e9c22ef762e3ff9b7563)

s3-auth: Pass nt_username to check_account()

We set nt_username above but do not use it in this function.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9862

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit e8c76932e4ac192a00afa3b9731f5921c4b37da6)

s3-auth: Fix 'map to guest = Bad Uid' support

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9862

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 34965d4d98d172e848e2b96fad8a9e0b99288ba7)

s3: winbindd: Fix TALLOC_FREE of uninitialized groups variable.

Fix created by by: wei zhong <wweyeww@gmail.com>

Only for 4.2.x and below, master code already fixed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10823

Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(v4-2-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-2-test): Tue Aug 25 11:25:58 CEST 2015 on sn-devel-104

s4:rpc_server/netlogon: fix bugs in dcesrv_netr_DsRGetDCNameEx2()

We should return the our ip address the client is connected too.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 459d1d3fb9a5282d19121eaacba9d611896b37ff)

Autobuild-User(v4-2-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-2-test): Tue Aug 18 19:15:43 CEST 2015 on sn-devel-104

ctdb-daemon: Correctly process the exit code from failed eventscripts

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11431

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Jul 22 15:03:53 CEST 2015 on sn-devel-104

(cherry picked from commit 00ec3c477eba50206801b451ae4eb64c12aba5db)

Autobuild-User(v4-2-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-2-test): Tue Aug 18 15:55:44 CEST 2015 on sn-devel-104

ctdb-daemon: Improve error handling for running event scripts

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11431

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Nov 14 03:06:12 CET 2014 on sn-devel-104

(cherry picked from commit d04bfc6ec6ad7a4749ebfee2284253c4a91a81aa)

ctdb-tool: Correctly print timed out event scripts output

The timed out error is ignored for certain events (start_recovery,
recoverd, takeip, releaseip).  If these events time out, then the debug
hung script outputs the following:

 3 scripts were executed last releaseip cycle
 00.ctdb              Status:OK    Duration:4.381 Thu Jul 16 23:45:24 2015
 01.reclock           Status:OK    Duration:13.422 Thu Jul 16 23:45:28 2015
 10.external          Status:DISABLED
 10.interface         Status:OK    Duration:-1437083142.208 Thu Jul 16 23:45:42 2015

The endtime for timed out scripts is not set.  Since the status is not
returned as -ETIME for some events, ctdb scriptstatus prints -ve duration.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11431

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit 71b89b2b7a9768de437347e6678370b2682da892)

s3:lib: fix some corner cases of open_socket_out_cleanup()

In case of timeouts we retry the async_connect_send() and forgot
to remember it, this results in an abort() in async_connect_cleanup()
as the fd is already closed when calling fcntl(F_SETFL).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11316

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit ce3c77fb45ccf4d45a0fa655325e30e748d89245)

lib: Fix rundown of open_socket_out()

Under valgrind I've seen the abort in async_connect_cleanup kick in. Yes, it's
good that we check these return codes!

Bug: https://bugzilla.samba.org/show_bug.cgi?id=11316
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: "Stefan (metze) Metzmacher" <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Jun 30 20:24:37 CEST 2015 on sn-devel-104

(cherry picked from commit 6fc65aaf956f35e2068e2a6f8521af2f2351d31e)