ldb: version 2.2.1

o BUG #14595: CVE-2020-27840: Heap corruption via crafted DN strings.
o BUG #14655: CVE-2021-20277: Out of bounds read in AD DC LDAP server.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Karolin Seeger <kseeger@samba.org>

VERSION: Disable GIT_SNAPSHOT for the 4.13.6 release.

o BUG #14595: CVE-2020-27840: Heap corruption via crafted DN strings.
o BUG #14655: CVE-2021-20277: Out of bounds read in AD DC LDAP server.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

WHATSNEW: Add release notes for Samba 4.13.6.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

CVE-2020-27840: pytests: move Dn.validate test to ldb

We had the test in the Samba Python segfault suite because
a) the signal catching infrastructure was there, and
b) the ldb tests lack Samba's knownfail mechanism, which allowed us to
   assert the failure.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2020-27840 ldb_dn: avoid head corruption in ldb_dn_explode

A DN string with lots of trailing space can cause ldb_dn_explode() to
put a zero byte in the wrong place in the heap.

When a DN string has a value represented with trailing spaces,
like this

     "CN=foo   ,DC=bar"

the whitespace is supposed to be ignored. We keep track of this in the
`t` pointer, which is NULL when we are not walking through trailing
spaces, and points to the first space when we are. We are walking with
the `p` pointer, writing the value to `d`, and keeping the length in
`l`.

     "CN=foo   ,DC= "       ==>       "foo   "
            ^  ^                             ^
            t  p                             d
                                       --l---

The value is finished when we encounter a comma or the end of the
string. If `t` is not NULL at that point, we assume there are trailing
spaces and wind `d and `l` back by the correct amount. Then we switch
to expecting an attribute name (e.g. "CN"), until we get to an "=",
which puts us back into looking for a value.

Unfortunately, we forget to immediately tell `t` that we'd finished
the last value, we can end up like this:

     "CN=foo   ,DC= "       ==>        ""
            ^      ^                    ^
            t      p                    d
                                        l=0

where `p` is pointing to a new value that contains only spaces, while
`t` is still referring to the old value. `p` notices the value ends,
and we subtract `p - t` from `d`:

     "CN=foo   ,DC= "       ==>  ?     ""
            ^       ^            ^
            t       p            d
                                      l ~= SIZE_MAX - 8

At that point `d` wants to terminate its string with a '\0', but
instead it terminates someone else's byte. This does not crash if the
number of trailing spaces is small, as `d` will point into a previous
value (a copy of "foo" in this example). Corrupting that value will
ultimately not matter, as we will soon try to allocate a buffer `l`
long, which will be greater than the available memory and the whole
operation will fail properly.

However, with more spaces, `d` will point into memory before the
beginning of the allocated buffer, with the exact offset depending on
the length of the earlier attributes and the number of spaces.

What about a longer DN with more attributes? For example,
"CN=foo     ,DC= ,DC=example,DC=com" -- since `d` has moved out of
bounds, won't we continue to use it and write more DN values into
mystery memory? Fortunately not, because the aforementioned allocation
of `l` bytes must happen first, and `l` is now huge. The allocation
happens in a talloc_memdup(), which is by default restricted to
allocating 256MB.

So this allows a person who controls a string parsed by ldb_dn_explode
to corrupt heap memory by placing a single zero byte at a chosen
offset before the allocated buffer.

An LDAP bind request can send a string DN as a username. This DN is
necessarily parsed before the password is checked, so an attacker does
not need proper credentials. The attacker can easily cause a denial of
service and we cannot rule out more subtle attacks.

The immediate solution is to reset `t` to NULL when a comma is
encountered, indicating that we are no longer looking at trailing
whitespace.

Found with the help of Honggfuzz.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2020-27840: pytests:segfault: add ldb.Dn validate test

ldb.Dn.validate wraps ldb_dn_explode.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14595

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2021-20277 ldb/attrib_handlers casefold: stay in bounds

For a string that had N spaces at the beginning, we would
try to move N bytes beyond the end of the string.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14655

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry-picked from commit for master)

CVE-2021-20277 ldb: Remove tests from ldb_match_test that do not pass

This reverts some of the backport of 33a95a1e75b85e9795c4490b78ead2162e2a1f47

This is done here rather than squashed in the cherry-pick of the expanded testsuite
because it allows this commit to be simply reverted for the backport of bug 14044
if this lands first, or to be dropped if bug 14044 lands first.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14655

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

CVE-2021-20277 ldb tests: ldb_match tests with extra spaces

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14655

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry-picked from commit for master)

ldb: add tests for ldb_wildcard_compare

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14044

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry-picked from commit 33a95a1e75b85e9795c4490b78ead2162e2a1f47)

VERSION: Bump version up to 4.13.6...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit b30c0416390ce4151a6bf97ea44e18e9d668e596)

VERSION: Disable GIT_SNAPSHOT for the 4.13.5 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

Revert "wscript: use --as-needed only if tested successfully"

This reverts commit eebf510fbd8847077c7bec72a1cda674b5a02714.

WHATSNEW: Add release notes for Samba 4.13.5.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

g_lock: Fix uninitalized variable reads

If dbwrap_watched_watch_recv() returns IO_TIMEOUT, "blockerdead" might
be an uninitialized non-false, and further down we'll remove the wrong
exclusive locker.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14636
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Mar  5 11:22:07 UTC 2021 on sn-devel-184

(cherry picked from commit 654c18a244f060d81280493a324b98602a69dbbf)

Autobuild-User(v4-13-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-13-test): Mon Mar  8 09:47:35 UTC 2021 on sn-devel-184

locking: Fix an uninitialized variable read

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14636
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 84b634c613352fc1da8e1525d72597c526d534d2)

s3:modules:vfs_virusfilter: Recent talloc changes cause infinite start-up failure

Recent talloc changes cause the current check for failure to allocate to be incorrectly triggered.

This patch checks to see if the original parameter to be checked for NULL if the talloc returns NULL. This allows for rapid passing in the ca

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14634
RN: Fix failure of vfs_virusfilter starting due to talloc changes

Signed-off-by: Trever L. Adams" <trever.adams@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
(cherry picked from commit 5a92810082c9a9d2833946ae0d83ce05a6bde597)

Autobuild-User(v4-13-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-13-test): Fri Mar  5 12:18:56 UTC 2021 on sn-devel-184

wscript: use --as-needed only if tested successfully

Some OSes like Solaris based OmiOS don't support this.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14288

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 996560191ac6bd603901dcd6c0de5d239e019ef4)

s3: VFS: nfs4_acls. Add missing TALLOC_FREE(frame) in error path.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14648

Signed-off-by: Peter Eriksson <pen@lysator.liu.se>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Thu Feb 25 20:46:02 UTC 2021 on sn-devel-184

(cherry picked from commit 3d91fe071a29e2e0c54a10ba081a46cb5c324585)

Autobuild-User(v4-13-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-13-test): Wed Mar  3 09:08:34 UTC 2021 on sn-devel-184

script/autobuild.py: let cleanup() ignore errors from rmdir_force() by default

It's not useful to generate a python backtrace from within the cleanup code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14628

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 9883ac45939f253a63f3ff312fc3912c5f02cdac)

Autobuild-User(v4-14-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-14-test): Tue Feb  2 10:29:44 UTC 2021 on sn-devel-184

(cherry picked from commit cc1568be4d4250390a9ad03c84f5e260fc7acffd)

script/autobuild.py: split out a rmdir_force() helper function

That also tries to re-add write permissions before removing.
In future we'll have jobs changing there directory to read-only.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14628

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 7a5df2deaaf62a7edd7c64251f75ab15abe94c07)
(cherry picked from commit c933135969be29072971f96481b05f499fd48b57)

selftest: make/use a copy of GNUPGHOME

That makes it possible to run tests from a read only source tree.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14628

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 86343125a55d184c15aa94cd01f4c8893a5a0917)
(cherry picked from commit c1a4cb97d1d71b974eed2ecb5f34bb1425f36294)

s4:selftest: use plansmbtorture4testsuite() for 'rpc.echo'

This makes sure "--basedir=$SELFTEST_TMPDIR" is passed to smbtorture.

Tests should not create files in the build nor the source directory!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14628

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit d06f2c22d726a5ec7bd804d89154ee272ab1a679)
(cherry picked from commit 81b36b389cb01eca9b2f0a2a452d290e21f31394)

s3:selftest: run test_smbclient_tarmode.pl with a fixed subdirectory name

$PREFIX is the the value from --with-selftest-prefix.

The result of the test should not depend on --with-selftest-prefix,
the 'long_path' test in particular.

If the path is to long smbclient (via libarchive) will only
put the full path into a PAX HEADER as 'path' keyword,
that's fine in general, modern tools handle it just fine.
But Perl's Archive::Tar don't handle it and only seems
truncated file names.

I have a fix for Archive::Tar, see:
https://git.samba.org/?p=metze/samba/wip.git;a=shortlog;h=c75037d0a06a96cdaca3f3b20a6d237e768b075b

But finishing that is a task for another day, for now I just want to remove
the dependency to --with-selftest-prefix.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14628

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit e0d9b656452ba6277cdc7f0abb2a06d3d284ef3a)
(cherry picked from commit 3eba14718dd6269fe1657de15a2f47c848b60518)

selftest/Samba4: allow get_cmd_env_vars() to take an overwrite dictionary

This way we can use it on even in some special cases, where we combine
variables from multiple environments.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14628

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 568c7d38debaa5ccd90d6ea33c683de512de7005)
(cherry picked from commit f1c7967b568034da2707ccc4bd1f64358d55eacc)

selftest/Samba4: correctly pass KRB5CCNAME to provision

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14628

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit dce0bdc39ebb01ef4f5e35af0552451cfc29fd1b)
(cherry picked from commit 85800df90358f3a76b6b86f8414582178fe50946)

selftest/Samba4: make more use of get_cmd_env_vars()

This simplifies the code a lot and makes it much easier to
add new environment variables in future.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14628

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 15b39160406c3ef49c5f074793d3a55b3bf12e0e)
(cherry picked from commit 9d5f5e821cbe23cc2e64f201e7409aaec4b50387)

selftest:Samba4: avoid File::Path 'make_path' in setup_dns_hub_internal()

While spliting the build and test stages I hit strange permission
problems, when a parent directory is missing,
which can be avoided by using plain mkdir() on each level.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14628

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 719eccd445e9cc56a1c2988c4deeb39d301bcbff)
(cherry picked from commit 56c2c0f651e1c038ecf87a14a7dbe478e5e58d8d)

selftest: allow a prefix under /m/username/

We only want to match/replace only a '.' pathname component
not any single character pathname compoment!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14628

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 02301222386f2f08631d48d6e88c03cd1439325d)
(cherry picked from commit f480161b754aade6c1af2d05f3ce742466b28026)

Makefile: add support for 'make testonly'

That skips any attempt to recompile before running the tests.
Some times that's useful for debugging and we'll
use it to split the build and test stages in autobuild and gitlab-ci
later.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14628

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 1e4714940211b10ae6574770f15b7c6ed95f5f59)
(cherry picked from commit 9fed2749c039164794faadef71aa83cfd360d130)

s3: fix fcntl waf configure check

RN: Fix fcntl waf configure check
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14503

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Sep 21 07:26:54 UTC 2020 on sn-devel-184

(cherry picked from commit 454ccd986b61799908a6898a55d0480911f15306)

Autobuild-User(v4-13-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-13-test): Fri Feb 26 10:57:20 UTC 2021 on sn-devel-184

smbd: In conn_force_tdis_done() when forcing a connection closed force a full reload of services.

Prevents reload_services() caching the fact it might be
called multiple times in a row.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14604

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit e4c8cd0781aef2a29bb4db1314c9fcd4f6edcecd)

Autobuild-User(v4-13-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-13-test): Fri Feb 26 08:50:23 UTC 2021 on sn-devel-184

dbcheck: Check Deleted Objects and reduce noise in reports about expired tombstones

These reports (about recently deleted objects)
create concern about a perfectly normal part of DB operation.

We must not operate on objects that are expired or we might reanimate them,
but we must fix "Deleted Objects" if it is wrong (mostly it is set as being
deleted in 9999, but in alpha19 we got this wrong).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14593

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Feb  3 05:29:11 UTC 2021 on sn-devel-184

(cherry picked from commit da627106cdbf8d375b25fa3338a717447f3dbb6e)

Autobuild-User(v4-13-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-13-test): Mon Feb 22 12:58:04 UTC 2021 on sn-devel-184

selftest: Confirm that we fix any errors on the Deleted Objects container itself

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14593

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 1ec1c35a3ae422720df491f5555c9bc787c9944c)

classicupgrade: treat old never expires value right

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14624

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Feb 10 15:06:49 UTC 2021 on sn-devel-184

(cherry picked from commit df75d82c9de6977c466ee9f01886cb012a9c5fef)

Autobuild-User(v4-13-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-13-test): Tue Feb 16 17:16:21 UTC 2021 on sn-devel-184

s3:pysmbd: fix fd leak in py_smbd_create_file()

Various 'samba-tool domain backup' commands use this and will
fail if there's over ~1000 files in the sysvol folder.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13898

Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit d8fa464a2dfb11df4e1db4ebffe8bd28ff118c75)

HEIMDAL: krb5_storage_free(NULL) should work

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12505

Signed-off-by: Paul Wise <pabs3@bonedaddy.net>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Original-author: Nicolas Williams <nico@twosigma.com>
(cherry-picked from heimdal commit b3db07d5f0e03f6a1a0a392e70f9675e19a6d6af)
(cherry picked from commit f9ed4f7028a5ed29026ac8ef1b47b63755ba98f8)

lib:util: Avoid free'ing our own pointer

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14625

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 0bdbe50fac680be3fe21043246b8c75005611351)

Autobuild-User(v4-13-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-13-test): Mon Feb  8 11:42:58 UTC 2021 on sn-devel-184

lib:util: Add cache oversize test for memcache

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14625

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 00543ab3b29e3fbfe8314e51919629803e14ede6)

lib:util: Add basic memcache unit test

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14625

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit bebbf621d6052f797c5cf19a2a9bbc13e699d3f0)

s3: libsmb: Add missing cli_tdis() in error path if encryption setup failed on temp proxy connection.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13992

Signed-off-by: Jeremy Allison <jra@samba.org>

s3: libsmb: cli_state_save_tcon(). Don't deepcopy tcon struct when temporarily swapping out a connection on a cli_state.

This used to make a deep copy of either
cli->smb2.tcon or cli->smb1.tcon, but this leaves
the original tcon pointer in place which will then get
TALLOC_FREE()'d when the new tree connection is made on
this cli_state.

As there may be pipes open on the old tree connection with
talloc'ed state allocated using the original tcon pointer as a
talloc parent we can't deep copy and then free this pointer
as that will fire the destructors on the pipe memory and
mark them as not connected.

This call is used to temporarily swap out a tcon pointer
(whilst keeping existing pipes open) to allow a new tcon
on the same cli_state and all users correctly call
cli_state_restore_tcon() once they are finished with
the new tree connection.

Just return the existing pointer and set the old value to NULL.
We know we MUST be calling cli_state_restore_tcon() below
to restore the original tcon tree connection pointer before
closing the session.

Remove the knownfail.d entry.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13992

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Feb  2 21:05:25 UTC 2021 on sn-devel-184

(cherry picked from commit 4f80f5f9046b64a9e5e0503b1cb54f1492c4faec)

Autobuild-User(v4-13-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-13-test): Wed Feb  3 21:23:36 UTC 2021 on sn-devel-184

s3: torture: Change the SMB1-only UID-REGRESSION-TEST to do an explicit copy of the tcon struct in use.

For this test only, explicitly copy the SMB1 tcon struct,
don't use cli_state_save_tcon()//cli_state_restore_tcon()
as these calls will soon change to just manipulate the pointer
to avoid TALLOC_FREE() on the tcon struct which calls
destructors on child pipe data.

In SMB1 this test calls cli_tdis() twice with an invalid
vuid and expects the SMB1 tcon struct to be preserved
across the calls.

SMB1 cli_tdis() frees cli->smb1.tcon so we must put back
a deep copy into cli->smb1.tcon to be able to safely call
cli_tdis() again.

This is a test-only hack. Real client code
uses cli_state_save_tcon()/cli_state_restore_tcon()
if it needs to temporarily swap out the active
tcon on a client connection.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13992

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit e93e6108837eff0cebad8dc26d055c0e1386093a)

s3: smbtorture3: Ensure run_tcon_test() always replaces any saved tcon and shuts down correctly even in error paths.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13992

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit f9ca91bd293e9f2710c4449c5d4f5d016a066049)

s3: smbtorture3: Ensure we *always* replace the saved saved_tcon even in an error condition.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13992

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit dc701959cad7bf15aa47cad6451212606520f67f)

s3: tests: Add regression test for bug 13992.

Subtle extra test. Mark as knownfail for now.

'^ user1$' must appear MORE THAN ONCE, as it can read more than one
share. The previous test found user1, but only once as the bug only
allows reading the security descriptor for one share, and we were
unlucky that the first share security descriptor returned allows
user1 to read from it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13992

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 068f4a977f0539f790809d580bf22d2362032e3d)

smbd: use fsp->conn->session_info for the initial delete-on-close token

There's a correctly set up session_info at fsp->conn->session_info, we can just
use that.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14617

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jan 26 04:04:14 UTC 2021 on sn-devel-184

(cherry picked from commit e06f86bbd93d024c70016e1adcf833db85742aca)

Autobuild-User(v4-13-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-13-test): Mon Feb  1 08:47:05 UTC 2021 on sn-devel-184

selftest: add a test that verifies unlink works when "force user" is set

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14617

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit aa1f09cda0a097617e34dd0a8b1b0acc7a37bca8)

selftest: add force_user_error_inject share in maptoguest env

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14617

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit f3f8fdfbf10f690bc8d972a13d6f74f1fb0fb375)

vfs_error_inject: add unlinkat hook

Note that a failure is only injected if the owner of the parent directory is not
the same as the current user.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14617

Back-ported from commit c44dad3ac2eb36fc5eb5a9f80a9ef97183be26ef.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s3/auth: implement "winbind:ignore domains"

Under the following conditions a user from an ignored domain might be able to
authenticate:

- using Kerberos

- successfully previous authentication so the idmap and name caches are filled

- winbind not running (fwiw, winbindd is mandatory on a domain member)

- nscd running with a cached getpwnam for the ignored user (otherwise auth fails
  because getpwnam fails)

- lookup_name() function being modified to look into the name cache before
  contacting winbindd. Currently it talks directly to winbindd and that will
  check the cache.

Currently, authentication will only fail because creating the local token for
the user fails because an LSA lookupname RPC call fails (because winbindd is not
running).

All of this makes a successfull authentication unlikelly, but that is more by
accident then by design.

To ensures that if winbindd is not running and as such winbindd itself can not
enforce the restriction, also implement the ignored domains check in the auth
system as a last line of defense.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602
RN: "winbind:ignore domains" doesn't prevent user login from trusted domain

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit df5fe2d835169161d3930acf1e9c750dd2bc64b6)

winbind: check for allowed domains in winbindd_pam_auth_pac_verify()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit da474ddd13d84f07f5da81c843e651844f33a003)

winbind: check for allowed domains in winbindd_dual_pam_chauthtok()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 88e92faace7ec17810903166fa3433aa4842a4e3)

winbind: check for allowed domains in winbindd_dual_pam_chng_pswd_auth_crap()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 4bc17600bc50fbc0e54d9d019d8db67001fc3eef)

winbind: check for allowed domains in winbindd_dual_pam_auth_crap()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit c17bc9c6115e4e92132f3cb912547eac78227938)

winbind: check for allowed domains in winbindd_dual_pam_auth()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 4cefdf03fec91cdcf700922b1a5ceca02407e259)

winbind: move "winbind:ignore domain" logic to a seperate function

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 894caca79476d25a0268d89b2ad8a5758b7e31f3)

selftest: add a test for "winbind:ignore domains"

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 32197d21dabecaee9bc1d6cd557578892220fe4c)

winbind: handle MSG_SMB_CONF_UPDATED in the winbinds children

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 072ef48001710ed8326c83295f2d3cc301d27cfe)

winbind: set logfile after reloading config

lp_load_global() will overwrite whatever we've set with lp_set_logfile().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 0c4497f8c66d0ea7c68d42c19e859932ebc3e2ac)

winbind: move config-reloading code to winbindd_dual.c

In preperation of forwarding MSG_SMB_CONF_UPDATED to all childs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 81edc65e79aba121db800ec53aadd766e61a0001)

selftest: use correct DNS domain name for wrapper hosts file

For some reason the join fails to register the DNS records when provisioning the
member env:

   Using short domain name -- SAMBA2008R2
   Joined 'IDMAPADMEMBER' to dns domain 'samba2008r2.example.com'
   DNS Update for idmapadmember.samba.example.com failed: ERROR_DNS_UPDATE_FAILED

At the same time the hosts file used by the wrappers contains the wrong fqdn. As
a result the test that the next commit is going do add fails due do the broken
DNS resolution:

...
UNEXPECTED(failure): samba3.blackbox.winbind_ignore_domain.test_winbind_ignore_domains_ok_krb5(ad_member_idmap_ad:local)
REASON: Exception: Exception: do_connect: Connection to idmapadmember.samba2008r2.example.com failed (Error NT_STATUS_UNSUCCESSFUL)
...

Checking DNS in the testenv, first the working record for the main DC:

testenv$ dig @10.53.57.64 dc7.samba2008r2.example.com +short
10.53.57.27

testenv$ bin/samba-tool dns query dc7 samba2008r2.example.com dc7 A -U Administrator%locDCpass7
  Name=, Records=1, Children=0
    A: 10.53.57.27 (flags=f0, serial=1, ttl=900)

Now the failing idmapadmember:

testenv$ dig @10.53.57.64 idmapadmember.samba2008r2.example.com +short

testenv$ bin/samba-tool dns query dc7 samba2008r2.example.com idmapadmember A -U Administrator%locDCpass7
ERROR: Record or zone does not exist.

Fixing the hosts file lets the tests work, fixing the broken DNS record
registration is a task for another day.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14602

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit e1fc84138ca118c4187d87b7be4a7e6dd771dc4f)

VERSION: Bump version up to 4.13.5...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

VERSION: Disable GIT_SNAPSHOT for the 4.13.4 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

WHATSNEW: Add release notes for Samba 4.13.4.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

script/release.sh: always select the GPG key by it's ID

Signed-off-by: Karolin Seeger <kseeger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 715b208b513035269a6523f8543c4bf328a7c0f2)

Autobuild-User(v4-13-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-13-test): Fri Jan 22 15:10:26 UTC 2021 on sn-devel-184

ReleaseKey: add GnuPG key transition statement for the Samba release key

Signed-off-by: Karolin Seeger <kseeger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 38a278b1afedd6c0a6de0fd4f08008e83f8597a9)

script/release.sh: Use new GPG key.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit 2f6cea063ddf52d77037644d612bbc209837e707)

s3: smbd: Add call to conn_setup_case_options() to create_conn_struct_as_root().

Ensures temporary DFS share doesn't leave the case parameters set
as zero (i.e.:

conn->case sensitive = 0
conn->share_case_preserve = 0
and default case is lower

which can cause problems doing a DFS_GET_REFERRALS request).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14612

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Wed Jan 13 18:14:31 UTC 2021 on sn-devel-184

(cherry picked from commit 39ce73321093a0a5e25f574d0d32d7f88892de46)

Autobuild-User(v4-13-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-13-test): Wed Jan 20 10:27:02 UTC 2021 on sn-devel-184

s3: smbd: Factor out setting up case parameters for a share to a function - conn_setup_case_options().

Will allow it to be reused in the msdfs temporary share code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14612

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
(cherry picked from commit ab7700177c2badbf8ed649985be8029223b6e946)

build: remove smbd_conn private library

This is not needed anymore since 6822baa2920f30374ec84363497d97e24f359fab.

Needed here for:
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14612

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 80ac7fa7c4c728bef4f947872c090fec35fb26f0)

libcli/smb: allow unexpected padding in SMB2 IOCTL responses

A NetApp Ontap 7.3.7 SMB server add 8 padding bytes to an
offset that's already 8 byte aligned.

RN: Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607

Pair-Programmed-With: Volker Lendecke <vl@samba.org>

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Jan 15 08:36:34 UTC 2021 on sn-devel-184

(cherry picked from commit 4c6c71e1378401d66bf2ed230544a75f7b04376f)

smbd: implement FSCTL_SMBTORTURE_IOCTL_RESPONSE_BODY_PADDING8 as reproducer for bug 14607

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 39c0d2b666a6ddac7cd3b29fe76be7375690b27b)

s4:torture/smb2: add samba3.smb2.ioctl.bug14607

FSCTL_SMBTORTURE_IOCTL_RESPONSE_BODY_PADDING8 will be used
to trigger an SMB2 IOCTL response with extra padding.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 3db566026bcc0bff87acae762211e1c49220dc82)

libcli/smb: split out smb2cli_ioctl_parse_buffer()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607

Pair-Programmed-With: Volker Lendecke <vl@samba.org>

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 508ed5b42c23f8b3d9730d838bd921cb73c61358)

libcli/smb: Allow smb2cli_validate_negotiate_info_done() to ignore NT_STATUS_INVALID_PARAMETER.

This can be returned from NetApp Ontap 7.3.7 SMB server
implementations. Now we have ensured smb2_signing_check_pdu()
cannot return NT_STATUS_INVALID_PARAMETER on a signing error
it's safe to check this error code here. Windows 10
clients ignore this error from the NetApp.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 0abb5ca6b96c843909dea56d5594e334547ae90f)

libcli/smb: Change some checks to SMB_ASSERTS

If we end up here, it's definitely a programming error in the basic
parsing layer of the SMB2 packet.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14607

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit fdcdfceefdd3186ef0b70bb6e83dddc8f4c073db)

vfs_fruit: fix close for fake_fd

If the next backend doesn't use kernel fd's should not
pass a fake_fd to the next backend.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14596

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jan  8 21:38:18 UTC 2021 on sn-devel-184

(back-ported from commit 564b62a6f7c0a9b9712946d723118122b9c3785f)

Autobuild-User(v4-13-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-13-test): Wed Jan 13 14:45:03 UTC 2021 on sn-devel-184

vfs_fruit: check fake_fd in fruit_pread_meta_stream()

Don't call into the next VFS backend if we know we still have a fake-fd. Just
return -1 and the caller has the logic to handle this, which results in
returning a AFP_AfpInfo blob initialized with some defaults.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14596

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(back-ported from commit c5da08422990dfc1e082bc01aa10d6e415eebe3f)

vfs_fruit: use "fake_fd" instead of "created"

Both have basically the same semantics.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14596

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(back-ported from commit 36eb30fd7d4b82bffd0e1ab471c088f678d700a4)

vfs_streams_xattr: make use of vfs_fake_fd_close()

When we used vfs_fake_fd() we should use vfs_fake_fd_close()
in order to have things symetric.

That may allows us to change vfs_fake_fd() internally if required.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14596

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(back-ported from commit 40e70cbd3c3a1df9205a7b18d07784c1754cc340)

vfs_fruit: make use of vfs_fake_fd_close()

When we used vfs_fake_fd() we should use vfs_fake_fd_close()
in order to have things symetric.

That may allows us to change vfs_fake_fd() internally if required.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14596

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(back-ported from commit 719c83b4dc4cef16429ec2803621039545f6885e)

s3:smbd: add vfs_fake_fd_close() helper

When we used vfs_fake_fd() we should use vfs_fake_fd_close()
in order to have things symetric.

This makes code easier to understand and may allow us to change
vfs_fake_fd() internally if required.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14596

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(back-ported from commit 8f057333466b2d9845cd8bc2b794d98252ade2a4)

s3:lib: Create the cache path of user gencache recursively

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14601

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan  6 23:59:58 UTC 2021 on sn-devel-184

(cherry picked from commit 38c989fab78c3baade3e441829b7becf6b25ef3f)

lib:util: Add directory_create_or_exists_recursive()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14601

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
from commit bf7b165877bdfd07eb84ecafdc87bd7a6d945f09)

vfs_virusfilter: Allocate separate memory for config char*

Instead of using only the pointer to the configuration char* from the
global configuration, vfs_virusfilter now allocates its own memory and
copies the char* from the global configuration.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14606
Signed-off-by: Arne Kreddig <arne@kreddig.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jan  7 19:25:38 UTC 2021 on sn-devel-184

(cherry picked from commit 2f21d1b0ac8526508161de73290f67858b2fe668)

Do not create an empty DB when accessing a sam.ldb

Samba already does this for samba-tool and doing this should make
our errors more sensible, particularly in BIND9 if not provisioned
with the correct --dns-backend=DLZ_BIND9

The old error was like:

 named[62954]: samba_dlz: Unable to get basedn for
 /var/lib/samba/private/dns/sam.ldb
  - NULL Base DN invalid for a base search.

The new error will be like (in this case from the torture test):
 Failed to connect to Failed to connect to
 ldb:///home/abartlet/samba/st/chgdcpass/bind-dns/dns/sam.ldb:
 Unable to open tdb '/home/abartlet/samba/st/chgdcpass/bind-dns/dns/sam.ldb':
 No such file or directory: Operations error

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14579

Reviewed-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit d49e96bc45ea5e2d3364242dad36fe9094b7cc42)

Autobuild-User(v4-13-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-13-test): Thu Jan  7 10:50:10 UTC 2021 on sn-devel-184

bootstrap: Cope with case changes in CentOS 8 repo names

RN: Be more flexible with repository names in CentOS 8 test environments

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14594
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(backported from commit 1c59f49aaede8ec1662d4e49aef84fcd902a8a76)

Autobuild-User(v4-13-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-13-test): Tue Jan  5 12:50:02 UTC 2021 on sn-devel-184

lib: Avoid declaring zero-length VLAs in various messaging functions

In messaging_rec_create(), messaging_recv_cb() and
messaging_dispatch_rec(), variable length arrays of file descriptors are
declared using an incoming num_fds parameter.

However, there are several scenarios where num_fds can be zero, and
declaring a zero-length VLA is undefined behavior. This can lead to
segmentation faults and/or other crashes when compiling with recent
versions of clang at high optimization levels.

To avoid ever using zero as the length for these declarations, use
MAX(1, length) instead.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14605

Signed-off-by: Dimitry Andric <dimitry@andric.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Jan  4 10:50:07 UTC 2021 on sn-devel-184

(cherry picked from commit 3e96c95d41e4ccd0bf43b3ee78af644e2bc32e30)

VERSION: Bump version up to 4.13.4...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

VERSION: Disable GIT_SNAPSHOT for the 4.13.3 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

WHATSNEW: Add release notes for Samba 4.13.3.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

vfs_zfsacl: add missing inherited flag on hidden "magic" everyone@ ACE

This was an omission in the fixes for bug 14470.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14587

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Dec  1 20:29:34 UTC 2020 on sn-devel-184

(cherry picked from commit 936f74daed0d6221312f651f35c4ed357bbf1414)

Autobuild-User(v4-13-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-13-test): Wed Dec  9 08:56:47 UTC 2020 on sn-devel-184

vfs_zfsacl: reformatting

No change in behaviour.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14587

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit a8457ac3c80e22588e33a343c2306b702734ca88)

s4/samba: call force_check_log_size() in standard_new_task()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14248
RN: samba process does not honor max log size

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Dec  7 18:54:29 UTC 2020 on sn-devel-184

(cherry picked from commit 058f96f4c4eda42b404f0067521d3eafb495fe7d)

s4/samba: call force_check_log_size() in standard_accept_connection()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14248

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 6fa5fb8ef26dab862df5c46bb5e74f19839c30e2)

s4/samba: call force_check_log_size() in prefork_reload_after_fork()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14248

Signed-off-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 82b64e930b0e2d3b2e5186017d9f8e420994136c)

s4: call reopen_logs_internal() in the SIGHUP handler of the prefork process model

With debug_schedule_reopen_logs() the actual reopen only takes place at some
point in the future when a DEBUG message is processed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14248

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 19413e76a46f07fdd46fde5e60707bb6845a782d)

s4: replace low-level SIGUP handler with a tevent handler

Replace the low-level signal handler for SIGHUP with a nice tevent signal
handler. The low-level handler sig_hup() installed by setup_signals() remains
being used during early startup before a tevent context is available.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14248

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 9f71e6173ab43a04804ba8061cb0e8ae6c0165bf)

s4: install tevent tracing hooks to trigger logfile rotation

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14248

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 516c2a04a242a539f9fbddb2822295fee233644c)