The branch, v4-4-stable has been updated
       via  99ced63 Revert "script/release.sh: use 8 byte gpg key ids"
       via  b93b6dd VERSION: Disable git snapshots for the 4.4.6 release.
       via  54690a1 WHATSNEW: Add release notes for Samba 4.4.6.
       via  4f8a057 ctdb-recovery-helper: Add missing initialisation of 
ban_credits
       via  b1264c2 lib: poll_funcs : poll_funcs_context_slot_find can select 
the wrong slot to replace.
       via  c748a17 lib/poll_funcs: free contexts in 
poll_funcs_state_destructor()
       via  b064dfd vfs_acl_xattr|tdb: enforced settings when ignore system 
acls=yes
       via  7f3a857 docs: document vfs_acl_xattr|tdb enforced settings
       via  4b34770 vfs_acl_common: use DBG_LEVEL and remove function prefixes 
in DEBUG statements
       via  ac1d93e s4/torture: tests for vfs_acl_xattr default ACL styles
       via  41fb2ca vfs_acl_common: Windows style default ACL
       via  b94eefa vfs_acl_xattr|tdb: add option to control default ACL style
       via  5bc32fe vfs_acl_common: check for ignore_system_acls before 
fetching filesystem ACL
       via  a0fd7a5 vfs_acl_common: move stat stuff to a helper function
       via  1fd98a8 vfs_acl_tdb|xattr: use a config handle
       via  8084382 vfs_acl_common: move the ACL blob validation to a helper 
function
       via  7a80d45 vfs_acl_common: simplify ACL logic, cleanup and talloc 
hierarchy
       via  c1de539 vfs_acl_common: remove redundant NULL assignment
       via  d72dcd2 vfs_acl_common: rename pdesc_next to psd_fs
       via  31fc554 vfs_acl_common: rename psd to psd_blob in 
get_nt_acl_internal()
       via  06e9649 Revert "vfs_acl_xattr: objects without NT ACL xattr"
       via  180a034 vfs_shadow_copy: handle non-existant files and wildcards
       via  cbdb72f selftest: test listing directories inside snapshots
       via  962ab3d selftest: check file readability in shadow_copy2 test
       via  73cb902 selftest: add content to files created during shadow_copy2 
test
       via  0cf3141 ctdb-ipalloc: Fix cumulative takeover timeout
       via  f557d0c ctdb-ipalloc: Use a cumulative timeout for takeover run 
stages
       via  aa45e1a smbd: Reset O_NONBLOCK on open files
       via  1324acb ctdb-recovery: Terminate if recovery fails without any 
banning credits
       via  e4e5018 ctdb-protocol: Fix marshalling for GET_DB_SEQNUM control 
request
       via  80e17c7 s3/smbd: in call_trans2qfilepathinfo call lstat when 
dealing with posix pathnames
       via  44107d9 ctdb-packaging: Fix systemd network dependency
       via  87a42e6 ctdb-daemon: Don't steal control structure before 
synchronous reply
       via  f91cc13 ctdb-daemon: Handle failure immediately, do housekeeping 
later
       via  ed7a8f4 ctdb-daemon: Schedule running of callback if there are no 
event scripts
       via  438a79e s3-util: Fix asking for username and password in smbget.
       via  88c1b5c ctdb-daemon: When releasing an IP, update PNN in callback
       via  d17bc0c ctdb-daemon: Rename takeover_callback_state -> 
release_ip_callback_state
       via  80fce45 ctdb-daemon: Use release_ip_post() when releasing all IP 
addresses
       via  f981ea8 ctdb-daemon: Factor out new function release_ip_post()
       via  471eeec ctdb-daemon: Do not copy address for RELEASE_IP message
       via  c215783 ctdb-daemon: Do not update the VNN state on RELEASE_IP 
failure
       via  6d24dd8 ctdb-daemon: Try to release IP address even if interface is 
unknown
       via  5bbb0c6 ctdb-takeover: Inform clients when dropping all IP addresses
       via  11055aa ctdb-takeover: Do not kill smbd processes on releasing IP
       via  e0deedd idmap: centrally check that unix IDs returned by the idmap 
backends are in range
       via  9a320f6 idmap: don't generally forbid id==0 from 
idmap_unix_id_is_in_range()
       via  c6ac876 smbd: allow reading files based on FILE_EXECUTE access right
       via  59eb36d smbd: look only at handle readability for COPYCHUNK dest
       via  fda7740 s4-smbtorture: pin copychunk exec right behavior
       via  5ba3f0c seltest: allow opening files with arbitrary rights in 
smb2.ioctl tests
       via  577b459 seltest: implicit FILE_READ_DATA non-reporting
       via  5580e5f s4-selftest: add test for read access check
       via  f2f8df9 s4-selftest: add functions which create with desired access
       via  c0154e8 s4-smbtorture: use standard macros in smb2.read test
       via  c3169bc selftest: add tests for dfree with inherit owner enabled
       via  3d0a4f3 selftest: add definition of smbcacls to selftesthelpers.py
       via  adb3987 selftest: refactor test_dfree_quota.sh - add share parameter
       via  475131c smbd: use owner uid for free disk calculation if owner is 
inherited
       via  f776b51 smbd: get a valid file stat to disk_quotas
       via  1a07eec quotas: small cleanup
       via  a8accc7 s3: oplock: Fix race condition when closing an oplocked 
file.
       via  fc5f102 smbd: oplock: Factor out internals of remove_oplock() into 
new remove_oplock_under_lock().
       via  13c24a8 smbd: oplock: Fixup debug messages inside remove_oplock().
       via  52efd0c gensec/spnego: work around missing server mechListMIC in 
SMB servers
       via  7aaf3f58 dbcheck: Abandon dbcheck if we get an error during a 
transaction
       via  3f19982 dsdb: Allow missing a mandatory attribute from a dbcheck fix
       via  28d8230 script/release.sh: use 8 byte gpg key ids
       via  1305ba6 libgpo: Correctly use the 'server' parameter after parsing 
it out of the GPO path.
       via  fcb7910 s3: libsmb: Protect cli_connect_nb_send() from being passed 
a NULL hostname and dest_ss.
       via  39b4580 ldb-samba: Add "secret" as a value to hide in LDIF files
       via  3d11e5f samba-tool/ldapcmp: ignore differences of whenChanged
       via  fd6d190 script/autobuild.py: include the branch name in the output
       via  4245237 autobuild: fix typo in autobuild success subject line
       via  ec5f390 autobuild: Return the last 50 log lines
       via  8620c56 dbwrap_ctdb: treat empty records in ltdb as non-existing
       via  8f6b83d s4/torture: add a test for ctdb-tombstrone-record deadlock
       via  a21dbf7 smbd: ignore ctdb tombstone records in 
fetch_share_mode_unlocked_parser()
       via  793a6da ctdb-daemon: Fix CID 1125627 Resource leak (RESOURCE_LEAK)
       via  0bb88b7 ctdb-common: Fix CID 1125585 Dereference after null check 
(FORWARD_NULL)
       via  3a182d1 ctdb-common: Fix CID 1125583 Dereference after null check 
(FORWARD_NULL)
       via  d6bbbb7 ctdb-common: Fix CID 1125581 Dereference after null check 
(FORWARD_NULL)
       via  1a9e8e0 ctdb-daemon: Fix CID 1363067 Resource leak (RESOURCE_LEAK)
       via  1a1dbce ctdb-daemon: Fix CID 1363233 Resource leak (RESOURCE_LEAK)
       via  6b22bee ctdb-utils: Fix CID 1297451 Explicit null dereferenced 
(FORWARD_NULL)
       via  0c0231d ctdb-common: Consistently use strlcpy() on interface names
       via  5fb821d ctdb-common: Fix CID 1125553 Buffer not null terminated 
(BUFFER_SIZE_WARNING)
       via  b9a3011 ctdb-daemon: Fix CID 1364527/8/9: Null pointer dereferences 
(NULL_RETURNS)
       via  f557672 ctdb-packaging: Move ctdb tests to libexec directory
       via  ef3697f ctdb-waf: Move ctdb tests to libexec directory
       via  ec4a00b man: Wrong option for parameter ldap ssl in smb.conf man 
page
       via  49d09f6 async_req: make async_connect_send() "reentrant"
       via  d6639d7 vfs_acl_xattr: objects without NT ACL xattr
       via  10e1023 s3/smbd: move make_default_filesystem_acl() to 
vfs_acl_common.c
       via  5bf53f0 s3-rpc_server/mdssd: use smbd_reinit_after_fork()
       via  234dec5 smbd/notifyd: use smbd_reinit_after_fork()
       via  7f7e9d7 smbd/cleanupd: use smbd_reinit_after_fork()
       via  965e6ed selftest: test idmap backend id allocation for unknown SIDS
       via  036a6bd selftest: make autorid the default idmap backend in 
admember_rfc2307
       via  d5af3f3 winbindd: in wb_lookupsids return domain name if we have it
       via  01632a8 winbindd/idmap_rfc2307: fix a crash
       via  5437525 s3:mdssvc: older glib2 versions require g_type_init()
       via  34f5dc7 s3: smbd: Fix delete operations enumerating streams inside 
a file. This must always be done as a Windows operation.
       via  250a064 s3: smbd: Change lp_set_posix_pathnames() to take a newval 
parameter and return the old one.
       via  2a71f2e python/remove_dc: handle dnsNode objects without dnsRecord 
attribute
       via  bba6aa0 s4: ldb: Ignore case of "range" in sscanf as we've already 
checked for its presence.
       via  ea0770f third_party/zlib/zlib.h: use HAVE___ATTRIBUTE__ instead of 
__GNUC__
       via  ceb8542 s4/lib/wmi_wrap: use HAVE___ATTRIBUTE__ instead of __GNUC__
       via  3d62a68 mdssvc/sparql_parser.c: use HAVE___ATTRIBUTE__ instead of 
__GNUC__
       via  8c47303 s3/modules/getdate: use HAVE___ATTRIBUTE__ instead of 
__GNUC__
       via  fc4863a tevent.h: use HAVE___ATTRIBUTE__ instead of __GNUC__
       via  e8e6d4b libreplace: use HAVE___ATTRIBUTE__ instead of __GNUC__
       via  7ae1446 util/attr.h: use HAVE___ATTRIBUTE__, not __GNUC__ 
comparisons
       via  385c341 configure: set HAVE___ATTRIBUTE__ for heimdal
       via  f8cfb88 param: Correct the defaults for "dcerpc endpoint services"
       via  7243019 build: Always build eventlog6. This is not a duplicate of 
eventlog
       via  8cfac46 libads: ensure the right ccache is used during spnego bind
       via  98634bf libads: ensure the right ccache is used during gssapi bind
       via  b5aa461 auth: fix a memory leak in gssapi_get_session_key()
       via  ebc1e9a s3-libads: fix a memory leak in ads_sasl_spnego_bind()
       via  e93603f VERSION: Bump version up to 4.4.6...
       via  bc776bc Merge tag 'samba-4.4.5' into v4-4-test
       via  a2353be s3-winbind: Fix memory leak with each cached credential 
login
       via  8bac275 libutil: Support systemd 230
       via  833bbdd s4/torture: add a test for dosmode and hidden files
       via  efd6eaf s3/smbd: only use stored dos attributes for 
open_match_attributes() check
       via  7448b50 s3/smbd: make get_ea_dos_attribute() public
       via  c8d3d3c s3/smbd: move check for "hide files" to dos_mode_from_name()
       via  3296ee7 s3/smbd: call dos_mode_from_name after 
get_ea_dos_attribute()
       via  60587e8 s3/smbd: add helper func dos_mode_from_name()
       via  9e4b9e5 dcerpc.idl: remove unused DCERPC_NCACN_PAYLOAD_MAX_SIZE
       via  1a0775e s4:rpc_server: use a variable for the max total reassembled 
request payload
       via  81d7c85 s4:librpc/rpc: allow a total reassembled response payload 
of 240 MBytes
       via  2e69fda dcerpc.idl: add 
DCERPC_NCACN_{REQUEST,RESPONSE}_DEFAULT_MAX_SIZE
       via  ffd4a79 python/tests: add auth_pad test for the dcerpc raw_protocol 
test
       via  c63f1d1 s4:rpc_server: generate the correct error when we got an 
invalid auth_pad_length on BIND,ALTER,AUTH3
       via  cdc5165 librpc/rpc: ignore invalid auth_pad_length values in BIND, 
ALTER and AUTH3 pdus
       via  c7fd95c librpc/rpc: let dcerpc_pull_auth_trailer() check that 
auth_pad_length fits within the whole pdu.
       via  23273a6 librpc/rpc: let dcerpc_pull_auth_trailer() only accept 
auth_length!=NULL or auth_data_only=true
       via  c382397 s4:librpc/rpc: don't ask for auth_length if we ask for auth 
data only
       via  793b222 s4:rpc_server: parse auth data only for BIND,ALTER_REQ,AUTH3
       via  84f54ce build: Build less of Samba when building 
--without-ntvfs-fileserver
       via  bf9367e s3: libsmb: Correctly trim a trailing \ character in 
cli_smb2_create_fnum_send() when passing a pathname to SMB2 create.
       via  ac41e16 selftest: Add a DNS test matching Windows
       via  6ec1a8a s4: dns: Correctly check for talloc failure.
       via  6aeed14 selftest: add test for DNS updates with TKEY/TSIG
       via  3f7f433 s4/dns_server: enable sending of TSIG error records
       via  ea2d415 s4/dns_server: prepare sending correct error responses for 
dns_verify_tsig() errors
       via  1c8d127 s4/dns_server: don't compute TSIG MAC in TSIG error records
       via  721a858 s4/dns_server: error codes for failing MAC verification in 
TSIG requests
       via  f116a7b s4/dns_server: ensure we store the key name in error code 
paths
       via  0822257 s4/dns_server: not finding the key here is a fatal error
       via  001d7dd s4/dns_server: split out function that does the MAC 
computation
       via  c56d05c s4/dns_server: include request MAC in TSIG response MAC 
calculation
       via  d2ab8d3 librpc/dns: remove original_id from dns_fake_tsig_rec
       via  33a6532 librpc/dns: don't compress strings in TKEY and TSIG 
responses
       via  d4cf68c librpc/ndr: add flag LIBNDR_FLAG_NO_COMPRESSION
       via  ddcf7b7 libnet: ignore realm setting for domain security joins to 
AD domains if 'winbind rpc only = true'
       via  fdb3f7f s3-libnet: Print error string even on successfuly 
completion of libnetjoin.
       via  cee44fd s4: torture: Added raw readX test to ensure 'reserved' 
fields are zero.
       via  e23b5f8 s3: smbd: In reply_read_and_X() SMB1 server is overwriting 
part of the 'reserved' zero fields with reply data length.
       via  9b3295c s3: smbd: Use common function setup_readX_header() in aio 
read code.
       via  b3add95 s3: smbd: Make setup_readX_header() externally accessible
       via  40f4125 s3: smbd: Remove unused 'req' argument from 
setup_readX_header()
       via  2b63c23 libnet_join: use sitename if it was set by pre-join 
detection
       via  53ac611 s3: krb5: keytab - The done label can be jumped to with 
context == NULL.
       via  83fa480 lib: Fix uninitialized read in msghdr_copy
       via  8acad0e ctdb-recoverd: Avoid duplicate recoverd event in parallel 
recovery
       via  fb89732 lib: replace: snprintf - Fix length calculation for 
hex/octal 64-bit values.
       via  4f28e53 ctdb-packaging: Remove tevent-unix-util public library
       via  f41a550 lib/util: Avoid splitting tevent-unix-util as public library
       via  53e55bc ctdb-recovery-helper: Add banning to parallel recovery
       via  05a41ad ctdb-recoverd: Add message handler to assigning banning 
credits
       via  24ed0a4 ctdb-protocol: Add srvid for assigning banning credits
       via  8d67216 ctdb-daemon: Reset push_started flag once DB_PUSH_CONFIRM 
is done
       via  4b268d0 ctdb-recovery: Update timeout and number of retries during 
recovery
       via  9449b7e ctdb-recovery-helper: Introduce new #define variable
       via  10b5961 ctdb-recovery-helper: Improve log message
       via  9e7d0c9 ctdb-tests: Add a test for recovery of large databases
       via  4b4b870 ctdb-recovery-helper: Introduce push database abstraction
       via  406da1e ctdb-recovery-helper: Introduce pull database abstraction
       via  5fbc339 ctdb-protocol: Add new capability
       via  d00deab ctdb-protocol: Add srvid for messages during recovery
       via  314a5d5 ctdb-recovery-helper: Write recovery records to a recovery 
file
       via  77257d9 ctdb-recovery-helper: Re-factor function to retain records 
from recdb
       via  7785a9f ctdb-protocol: Add file IO functions for ctdb_rec_buffer
       via  e1fe4d2 ctdb-recovery-helper: Create accessors for recdb structure 
fields
       via  2543f15 ctdb-recovery-helper: Rename pnn to dmaster in 
recdb_records()
       via  e455727 ctdb-recovery-helper: Pass capabilities to database 
recovery functions
       via  715714d ctdb-recovery-helper: Factor out generic recv function
       via  e8c9c8f ctdb-client: Add client API functions for new controls
       via  6c497e4 ctdb-daemon: Implement new controls DB_PULL and 
DB_PUSH_START/DB_PUSH_CONFIRM
       via  24c8068 ctdb-protocol: Add new controls DB_PULL and 
DB_PUSH_START/DB_PUSH_CONFIRM
       via  d0c4375 ctdb-protocol: Add new data type ctdb_pulldb_ext for new 
control
       via  ea98f51 ctdb-tunables: Add new tunable RecBufferSizeLimit
       via  c35deed ctdb-client: Add client API for sending message to multiple 
nodes
       via  677fc74 ctdb-recovery-helper: Get tunables first, so control 
timeout can be set
       via  15fc4e8 ctdb-doc: Add documentation for missing tunables
       via  83b92a8 ctdb-doc: Update tunables documentation
       via  070c51f ctdb-doc: Sort the tunable variables in alphabetical order
       via  4c77c02 ctdb-client: Add async version of set/remove message 
handler functions
       via  9ca8891 ctdb-recovery: Add a log message when marshalling recovery 
database fails
       via  a33a783 ctdb-recovery: Create recovery databases in state dir
       via  049bb18 ctdb-recoverd: Freeze databases whenever the node is 
INACTIVE
       via  e9ea633 VERSION: Bump version up to 4.4.5...
      from  fb3e629 VERSION: Disable git snapshots for the 4.4.5 release.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-4-stable


- Log -----------------------------------------------------------------
commit 99ced630b38aa6009630b06c4fa45d4f094239d2
Author: Karolin Seeger <ksee...@samba.org>
Date:   Thu Sep 22 08:47:21 2016 +0200

    Revert "script/release.sh: use 8 byte gpg key ids"
    
    This reverts commit 28d82306b720487ab93474171d91d318afff7b78.

-----------------------------------------------------------------------

Summary of changes:
 VERSION                                            |    2 +-
 WHATSNEW.txt                                       |  151 ++-
 auth/gensec/spnego.c                               |   69 +-
 auth/kerberos/gssapi_pac.c                         |    7 +-
 buildtools/wafsamba/wscript                        |   16 +
 ctdb/client/client.h                               |   43 +
 ctdb/client/client_control_sync.c                  |   86 ++
 ctdb/client/client_message.c                       |  311 +++++
 ctdb/common/rb_tree.c                              |    6 +-
 ctdb/common/system_linux.c                         |    8 +-
 ctdb/config/ctdb.service                           |    2 +-
 ctdb/doc/ctdb-tunables.7.xml                       |  685 +++++-----
 ctdb/include/ctdb_private.h                        |   11 +
 ctdb/packaging/RPM/ctdb.spec.in                    |    7 +-
 ctdb/protocol/protocol.h                           |   24 +-
 ctdb/protocol/protocol_api.h                       |   18 +
 ctdb/protocol/protocol_client.c                    |   70 +
 ctdb/protocol/protocol_control.c                   |   82 +-
 ctdb/protocol/protocol_message.c                   |   12 +
 ctdb/protocol/protocol_private.h                   |    5 +
 ctdb/protocol/protocol_types.c                     |   90 ++
 ctdb/server/ctdb_control.c                         |   12 +
 ctdb/server/ctdb_daemon.c                          |    8 +
 ctdb/server/ctdb_logging.c                         |    9 +-
 ctdb/server/ctdb_recover.c                         |  343 +++++
 ctdb/server/ctdb_recoverd.c                        |   63 +-
 ctdb/server/ctdb_recovery_helper.c                 | 1376 ++++++++++++++++----
 ctdb/server/ctdb_takeover.c                        |  199 +--
 ctdb/server/ctdb_tunables.c                        |    3 +-
 ctdb/server/ctdbd.c                                |    4 +
 ctdb/server/eventscript.c                          |   87 +-
 ctdb/tests/simple/78_ctdb_large_db_recovery.sh     |  107 ++
 ctdb/tests/src/protocol_client_test.c              |   48 +
 ctdb/tests/src/protocol_types_test.c               |   67 +
 ctdb/utils/ping_pong/ping_pong.c                   |    4 +-
 ctdb/wscript                                       |   24 +-
 docs-xml/manpages/vfs_acl_tdb.8.xml                |   49 +
 docs-xml/manpages/vfs_acl_xattr.8.xml              |   49 +
 docs-xml/smbdotconf/ldap/ldapssl.xml               |    4 +-
 .../smbdotconf/protocol/dcerpcendpointservers.xml  |    2 +-
 lib/async_req/async_sock.c                         |   16 +-
 lib/ldb-samba/ldif_handlers.c                      |    2 +-
 lib/param/loadparm.c                               |    2 +-
 lib/replace/replace.h                              |    4 +-
 lib/replace/snprintf.c                             |    6 +-
 lib/tevent/tevent.h                                |    2 +-
 lib/util/attr.h                                    |   16 +-
 lib/util/debug.c                                   |    6 +-
 lib/util/wscript_build                             |   23 +-
 libgpo/gpo_fetch.c                                 |    2 +-
 librpc/idl/dns.idl                                 |    7 +-
 librpc/idl/idl_types.h                             |    1 +
 librpc/ndr/libndr.h                                |    3 +
 librpc/ndr/ndr_dns.c                               |   63 +-
 librpc/rpc/dcerpc_util.c                           |   61 +
 nsswitch/tests/test_idmap_nss.sh                   |   41 +
 python/samba/dbchecker.py                          |    7 +
 python/samba/netcmd/ldapcmp.py                     |    2 +-
 python/samba/remove_dc.py                          |   11 +-
 python/samba/tests/dcerpc/raw_protocol.py          |  548 ++++++++
 python/samba/tests/dns_tkey.py                     |  563 ++++++++
 script/autobuild.py                                |   29 +-
 selftest/knownfail                                 |    4 +
 selftest/selftesthelpers.py                        |    1 +
 selftest/target/Samba3.pm                          |   40 +-
 source3/include/proto.h                            |    2 +-
 source3/include/smb_macros.h                       |    8 +
 source3/lib/dbwrap/dbwrap_ctdb.c                   |   27 +-
 source3/lib/msghdr.c                               |    9 +-
 source3/lib/poll_funcs/poll_funcs_tevent.c         |   17 +-
 source3/libads/kerberos_keytab.c                   |   18 +-
 source3/libads/sasl.c                              |   57 +-
 source3/libnet/libnet_join.c                       |   18 +-
 source3/libsmb/cli_smb2_fnum.c                     |   12 +
 source3/libsmb/cliconnect.c                        |    6 +-
 source3/locking/share_mode_lock.c                  |    6 +
 source3/modules/getdate.c                          |    2 +-
 source3/modules/getdate.y                          |    2 +-
 source3/modules/vfs_acl_common.c                   |  775 +++++++----
 source3/modules/vfs_acl_tdb.c                      |   28 +
 source3/modules/vfs_acl_xattr.c                    |   28 +
 source3/modules/vfs_ceph.c                         |    5 +-
 source3/modules/vfs_default.c                      |    5 +-
 source3/modules/vfs_shadow_copy2.c                 |   31 +-
 source3/param/loadparm.c                           |   11 +-
 source3/rpc_server/mdssd.c                         |    2 +-
 source3/rpc_server/mdssvc/mdssvc.c                 |    5 +-
 source3/rpc_server/mdssvc/sparql_parser.c          |    4 +-
 source3/script/tests/test_dfree_quota.sh           |   84 +-
 source3/script/tests/test_shadow_copy.sh           |   96 +-
 source3/selftest/tests.py                          |   12 +-
 source3/smbd/aio.c                                 |    9 +-
 source3/smbd/close.c                               |   20 +-
 source3/smbd/dfree.c                               |   16 +-
 source3/smbd/dosmode.c                             |   64 +-
 source3/smbd/open.c                                |   43 +-
 source3/smbd/oplock.c                              |   54 +-
 source3/smbd/pipes.c                               |    1 -
 source3/smbd/posix_acls.c                          |  110 --
 source3/smbd/proto.h                               |   25 +-
 source3/smbd/quotas.c                              |   55 +-
 source3/smbd/reply.c                               |   23 +-
 source3/smbd/server.c                              |    4 +-
 source3/smbd/smb2_glue.c                           |   16 +
 source3/smbd/smb2_ioctl_network_fs.c               |    4 +-
 source3/smbd/trans2.c                              |   21 +-
 source3/smbd/vfs.c                                 |    4 +-
 source3/utils/net_ads.c                            |    5 +
 source3/utils/net_rpc.c                            |   10 +
 source3/utils/smbget.c                             |   26 +-
 source3/winbindd/idmap_rfc2307.c                   |    4 +-
 source3/winbindd/idmap_util.c                      |    5 -
 source3/winbindd/wb_lookupsids.c                   |   30 +-
 source3/winbindd/winbindd_cache.c                  |    8 +-
 source3/winbindd/winbindd_dual_srv.c               |    4 +
 source4/dns_server/dns_crypto.c                    |  150 ++-
 source4/dns_server/dns_server.c                    |   19 +-
 source4/dsdb/samdb/ldb_modules/objectclass_attrs.c |    9 +-
 source4/dsdb/samdb/ldb_modules/ranged_results.c    |    8 +-
 source4/lib/wmi/wmi_wrap.c                         |    8 +-
 source4/librpc/rpc/dcerpc.c                        |    8 +-
 source4/ntvfs/posix/posix_eadb.c                   |   81 +-
 source4/ntvfs/posix/wscript_build                  |   61 +-
 source4/ntvfs/wscript_build                        |  120 +-
 source4/rpc_server/common/server_info.c            |    1 -
 source4/rpc_server/dcerpc_server.c                 |   13 +-
 source4/rpc_server/dcesrv_auth.c                   |   27 +-
 source4/rpc_server/wkssvc/dcesrv_wkssvc.c          |    1 -
 source4/rpc_server/wscript_build                   |   15 +-
 source4/selftest/tests.py                          |    7 +-
 source4/smb_server/service_smb.c                   |    4 +-
 source4/smb_server/wscript_build                   |    2 +-
 source4/smbd/server.c                              |    4 -
 source4/torture/raw/read.c                         |   44 +
 source4/torture/smb2/dosmode.c                     |  183 +++
 source4/torture/smb2/getinfo.c                     |   45 +
 source4/torture/smb2/ioctl.c                       |  116 +-
 source4/torture/smb2/lock.c                        |   64 +
 source4/torture/smb2/read.c                        |   96 +-
 source4/torture/smb2/smb2.c                        |    1 +
 source4/torture/smb2/util.c                        |   63 +-
 source4/torture/smb2/wscript_build                 |    2 +-
 source4/torture/vfs/acl_xattr.c                    |  314 +++++
 source4/torture/vfs/vfs.c                          |    1 +
 source4/torture/wscript_build                      |    2 +-
 testprogs/blackbox/dbcheck-oldrelease.sh           |   10 +
 third_party/zlib/zlib.h                            |    2 +-
 147 files changed, 7268 insertions(+), 1667 deletions(-)
 create mode 100755 ctdb/tests/simple/78_ctdb_large_db_recovery.sh
 create mode 100755 nsswitch/tests/test_idmap_nss.sh
 create mode 100644 python/samba/tests/dns_tkey.py
 create mode 100644 source4/torture/smb2/dosmode.c
 create mode 100644 source4/torture/vfs/acl_xattr.c


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index bc1234c..c75e0f9 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 ########################################################
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=4
-SAMBA_VERSION_RELEASE=5
+SAMBA_VERSION_RELEASE=6
 
 ########################################################
 # If a official release has a serious bug              #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 0e2de46..7970201 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,151 @@
                    =============================
+                   Release Notes for Samba 4.4.6
+                        September 22, 2016
+                   =============================
+
+
+This is the latest stable release of Samba 4.4.
+
+
+Changes since 4.4.5:
+--------------------
+
+o  Michael Adam <ob...@samba.org>
+   * BUG 11977: libnet: Ignore realm setting for domain security joins to AD
+     domains if 'winbind rpc only = true'.
+   * BUG 12155: idmap: Centrally check that unix IDs returned by the idmap
+     backends are in range.
+
+o  Jeremy Allison <j...@samba.org>
+   * BUG 11838:  s4: ldb: Ignore case of "range" in sscanf as we've already
+     checked for its presence.
+   * BUG 11845: Incorrect bytecount in ReadAndX smb1 response.
+   * BUG 11955: lib: Fix uninitialized read in msghdr_copy.
+   * BUG 11959: s3: krb5: keytab - The done label can be jumped to with context
+     == NULL.
+   * BUG 11986: s3: libsmb: Correctly trim a trailing \\ character in
+     cli_smb2_create_fnum_send() when passing a pathname to SMB2 create.
+   * BUG 12021: Fix smbd crash (Signal 4) on File Delete.
+   * BUG 12135: libgpo: Correctly use the 'server' parameter after parsing it
+     out of the GPO path.
+   * BUG 12139: s3: oplock: Fix race condition when closing an oplocked file.
+   * BUG 12272: Fix messaging subsystem crash.
+
+o  Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
+   * BUG 11750: gcc6 fails to build internal heimdal.
+
+o  Andrew Bartlett <abart...@samba.org>
+   * BUG 11991: build: Build less of Samba when building
+     '--without-ntvfs-fileserver'.
+   * BUG 12026: build: Always build eventlog6. This is not a duplicate of
+     eventlog.
+   * BUG 12154: ldb-samba: Add "secret" as a value to hide in LDIF files.
+   * BUG 12178: dbcheck: Abandon dbcheck if we get an error during a
+     transaction.
+
+o  Ralph Boehme <s...@samba.org>
+   * BUG 10008: dbwrap_ctdb: Treat empty records in ltdb as non-existing.
+   * BUG 11520: Fix DNS secure updates.
+   * BUG 11961: idmap_autorid allocates ids for unknown SIDs from other
+     backends.
+   * BUG 11992: s3/smbd: Only use stored dos attributes for
+     open_match_attributes() check.
+   * BUG 12005: smbd: Ignore ctdb tombstone records in
+     fetch_share_mode_unlocked_parser().
+   * BUG 12016: cleanupd terminates main smbd on exit.
+   * BUG 12028: vfs_acl_xattr: Objects without NT ACL xattr.
+   * BUG 12105: async_req: Make async_connect_send() "reentrant".
+   * BUG 12177: vfs_acl_common: Fix unexpected synthesized default ACL from
+     vfs_acl_xattr.
+   * BUG 12181: vfs_acl_xattr|tdb: Enforced settings when
+     "ignore system acls = yes".
+
+o  Alexander Bokovoy <a...@samba.org>
+   * BUG 11975: libnet_join: use sitename if it was set by pre-join detection.
+
+o  G√ľnther Deschner <g...@samba.org>
+   * BUG 11977: s3-libnet: Print error string even on successful completion of
+     libnetjoin.
+
+o  Amitay Isaacs <ami...@gmail.com>
+   * BUG 11940: CTDB fails to recover large database.
+   * BUG 11941: CTDB does not ban misbehaving nodes during recovery.
+   * BUG 11946: Samba and CTDB packages both have tevent-unix-util dependency.
+   * BUG 11956: ctdb-recoverd: Avoid duplicate recoverd event in parallel
+     recovery.
+   * BUG 12158: CTDB release IP fixes.
+   * BUG 12259: ctdb-protocol: Fix marshalling for GET_DB_SEQNUM control
+     request.
+   * BUG 12271: CTDB recovery does not terminate if no node is banned due to
+     failure.
+   * BUG 12275: ctdb-recovery-helper: Add missing initialisation of 
ban_credits.
+
+o  Volker Lendecke <v...@samba.org>
+   * BUG 12268: smbd: Reset O_NONBLOCK on open files.
+
+o  Stefan Metzmacher <me...@samba.org>
+   * BUG 11948: dcerpc.idl: Remove unused DCERPC_NCACN_PAYLOAD_MAX_SIZE.
+   * BUG 11982: Invalid auth_pad_length is not ignored for BIND_* and ALTER_*
+     pdus.
+   * BUG 11994: gensec/spnego: Work around missing server mechListMIC in SMB
+     servers.
+   * BUG 12007: libads: Ensure the right ccache is used during spnego bind.
+   * BUG 12018: python/remove_dc: Handle dnsNode objects without dnsRecord
+     attribute.
+   * BUG 12129: samba-tool/ldapcmp: Ignore differences of whenChanged.
+
+o  Marc Muehlfeld <mmuehlf...@samba.org>
+   * BUG 12023: man: Wrong option for parameter ldap ssl in smb.conf man page.
+
+o  Andreas Schneider <a...@samba.org>
+   * BUG 11936: libutil: Support systemd 230.
+   * BUG 11999: s3-winbind: Fix memory leak with each cached credential login.
+   * BUG 12104: ctdb-waf: Move ctdb tests to libexec directory.
+   * BUG 12175: s3-util: Fix asking for username and password in smbget.
+
+o  Martin Schwenke <mar...@meltin.net>
+   * BUG 12104: ctdb-packaging: Move ctdb tests to libexec directory.
+   * BUG 12110: ctdb-daemon: Fix several Coverity IDs.
+   * BUG 12158: CTDB release IP fixes.
+   * BUG 12161: Fix CTDB cumulative takeover timeout.
+   * BUG 12180: Fix CTDB crashes running eventscripts.
+
+o  Uri Simchoni <u...@samba.org>
+   * BUG 12006: auth: Fix a memory leak in gssapi_get_session_key().
+   * BUG 12145: smbd: If inherit owner is enabled, the free disk on a folder
+     should take the owner's quota into account.
+   * BUG 12149: smbd: Allow reading files based on FILE_EXECUTE access right.
+   * BUG 12172: Fix access of snapshot folders via SMB1.
+
+o  Lorinczy Zsigmond <lzs...@freemail.c3.hu>
+   * BUG 11947: lib: replace: snprintf: Fix length calculation for hex/octal
+     64-bit values.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
+                   =============================
                    Release Notes for Samba 4.4.5
                            July 7, 2016
                    =============================
@@ -68,8 +215,8 @@ database (https://bugzilla.samba.org/).
 ======================================================================
 
 
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
 
                    =============================
                    Release Notes for Samba 4.4.4
diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c
index 3962d72..9e5e758 100644
--- a/auth/gensec/spnego.c
+++ b/auth/gensec/spnego.c
@@ -54,9 +54,11 @@ struct spnego_state {
 
        DATA_BLOB mech_types;
        size_t num_targs;
+       bool downgraded;
        bool mic_requested;
        bool needs_mic_sign;
        bool needs_mic_check;
+       bool may_skip_mic_check;
        bool done_mic_check;
 
        bool simulate_w2k;
@@ -433,6 +435,7 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct 
gensec_security *gensec_
                                         * Indicate the downgrade and request a
                                         * mic.
                                         */
+                                       spnego_state->downgraded = true;
                                        spnego_state->mic_requested = true;
                                        break;
                                }
@@ -1077,7 +1080,7 @@ static NTSTATUS gensec_spnego_update(struct 
gensec_security *gensec_security, TA
                        DEBUG(3,("GENSEC SPNEGO: client preferred mech (%s) not 
accepted, server wants: %s\n",
                                 gensec_get_name_by_oid(gensec_security, 
spnego_state->neg_oid),
                                 gensec_get_name_by_oid(gensec_security, 
spnego.negTokenTarg.supportedMech)));
-
+                       spnego_state->downgraded = true;
                        spnego_state->no_response_expected = false;
                        talloc_free(spnego_state->sub_sec_security);
                        nt_status = gensec_subcontext_start(spnego_state,
@@ -1134,6 +1137,23 @@ static NTSTATUS gensec_spnego_update(struct 
gensec_security *gensec_security, TA
                                return NT_STATUS_INVALID_PARAMETER;
                        }
 
+                       if (spnego.negTokenTarg.mechListMIC.length == 0
+                           && spnego_state->may_skip_mic_check) {
+                               /*
+                                * In this case we don't require
+                                * a mechListMIC from the server.
+                                *
+                                * This works around bugs in the Azure
+                                * and Apple spnego implementations.
+                                *
+                                * See
+                                * 
https://bugzilla.samba.org/show_bug.cgi?id=11994
+                                */
+                               spnego_state->needs_mic_check = false;
+                               nt_status = NT_STATUS_OK;
+                               goto client_response;
+                       }
+
                        nt_status = 
gensec_check_packet(spnego_state->sub_sec_security,
                                                        
spnego_state->mech_types.data,
                                                        
spnego_state->mech_types.length,
@@ -1189,9 +1209,56 @@ static NTSTATUS gensec_spnego_update(struct 
gensec_security *gensec_security, TA
                                         */
                                        new_spnego = false;
                                }
+
                                break;
 
                        case SPNEGO_ACCEPT_INCOMPLETE:
+                               if (spnego.negTokenTarg.mechListMIC.length > 0) 
{
+                                       new_spnego = true;
+                                       break;
+                               }
+
+                               if (spnego_state->downgraded) {
+                                       /*
+                                        * A downgrade should be protected if
+                                        * supported
+                                        */
+                                       break;
+                               }
+
+                               /*
+                                * The caller may just asked for
+                                * GENSEC_FEATURE_SESSION_KEY, this
+                                * is only reflected in the want_features.
+                                *
+                                * As it will imply
+                                * gensec_have_features(GENSEC_FEATURE_SIGN)
+                                * to return true.
+                                */
+                               if (gensec_security->want_features & 
GENSEC_FEATURE_SIGN) {
+                                       break;
+                               }
+                               if (gensec_security->want_features & 
GENSEC_FEATURE_SEAL) {
+                                       break;
+                               }
+                               /*
+                                * Here we're sure our preferred mech was
+                                * selected by the server and our caller doesn't
+                                * need GENSEC_FEATURE_SIGN nor
+                                * GENSEC_FEATURE_SEAL support.
+                                *
+                                * In this case we don't require
+                                * a mechListMIC from the server.
+                                *
+                                * This works around bugs in the Azure
+                                * and Apple spnego implementations.
+                                *
+                                * See
+                                * 
https://bugzilla.samba.org/show_bug.cgi?id=11994
+                                */
+                               spnego_state->may_skip_mic_check = true;
+                               break;
+
                        case SPNEGO_REQUEST_MIC:
                                if (spnego.negTokenTarg.mechListMIC.length > 0) 
{
                                        new_spnego = true;
diff --git a/auth/kerberos/gssapi_pac.c b/auth/kerberos/gssapi_pac.c
index 685d0ec..74c199a 100644
--- a/auth/kerberos/gssapi_pac.c
+++ b/auth/kerberos/gssapi_pac.c
@@ -246,6 +246,7 @@ NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx,
                int diflen, i;
                const uint8_t *p;
 
+               *keytype = 0;
                if (set->count < 2) {
 
 #ifdef HAVE_GSSKRB5_GET_SUBKEY
@@ -256,10 +257,6 @@ NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx,
                        if (gss_maj == 0) {
                                *keytype = KRB5_KEY_TYPE(subkey);
                                krb5_free_keyblock(NULL /* should be 
krb5_context */, subkey);
-                       } else
-#else
-                       {
-                               *keytype = 0;
                        }
 #endif
                        gss_maj = gss_release_buffer_set(&gss_min, &set);
@@ -270,7 +267,6 @@ NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx,
                                  gse_sesskeytype_oid.elements,
                                  gse_sesskeytype_oid.length) != 0) {
                        /* Perhaps a non-krb5 session key */
-                       *keytype = 0;
                        gss_maj = gss_release_buffer_set(&gss_min, &set);
                        return NT_STATUS_OK;
                }
@@ -280,7 +276,6 @@ NTSTATUS gssapi_get_session_key(TALLOC_CTX *mem_ctx,
                        gss_maj = gss_release_buffer_set(&gss_min, &set);
                        return NT_STATUS_INVALID_PARAMETER;
                }
-               *keytype = 0;
                for (i = 0; i < diflen; i++) {
                        *keytype = (*keytype << 7) | (p[i] & 0x7f);
                        if (i + 1 != diflen && (p[i] & 0x80) == 0) {
diff --git a/buildtools/wafsamba/wscript b/buildtools/wafsamba/wscript
index 586cc4b..8802e5a 100755
--- a/buildtools/wafsamba/wscript
+++ b/buildtools/wafsamba/wscript
@@ -402,6 +402,22 @@ def configure(conf):
             addmain=False,
             msg='Checking for library destructor support')
 
+    conf.CHECK_CODE('''
+            void test_attribute(void) __attribute__ (());
+
+            void test_attribute(void)
+            {
+                return;
+            }
+
+            int main(void) {
+                return 0;
+            }
+            ''',
+            'HAVE___ATTRIBUTE__',
+            addmain=False,
+            msg='Checking for __attribute__')
+
     if sys.platform.startswith('aix'):
         conf.DEFINE('_ALL_SOURCE', 1, add_to_cflags=True)
         # Might not be needed if ALL_SOURCE is defined
diff --git a/ctdb/client/client.h b/ctdb/client/client.h
index bce0c6b..eebb7a6 100644
--- a/ctdb/client/client.h
+++ b/ctdb/client/client.h
@@ -72,10 +72,38 @@ struct tevent_req *ctdb_client_message_send(TALLOC_CTX 
*mem_ctx,
 
 bool ctdb_client_message_recv(struct tevent_req *req, int *perr);
 
+struct tevent_req *ctdb_client_message_multi_send(
+                               TALLOC_CTX *mem_ctx,
+                               struct tevent_context *ev,
+                               struct ctdb_client_context *client,
+                               uint32_t *pnn_list, int count,
+                               struct ctdb_req_message *message);
+
+bool ctdb_client_message_multi_recv(struct tevent_req *req, int *perr,
+                                   TALLOC_CTX *mem_ctx, int **perr_list);
+
 int ctdb_client_message(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
                        struct ctdb_client_context *client,
                        uint32_t destnode, struct ctdb_req_message *message);
 
+struct tevent_req *ctdb_client_set_message_handler_send(
+                                       TALLOC_CTX *mem_ctx,
+                                       struct tevent_context *ev,
+                                       struct ctdb_client_context *client,
+                                       uint64_t srvid,
+                                       srvid_handler_fn handler,
+                                       void *private_data);
+bool ctdb_client_set_message_handler_recv(struct tevent_req *req, int *perr);
+
+struct tevent_req *ctdb_client_remove_message_handler_send(
+                                       TALLOC_CTX *mem_ctx,
+                                       struct tevent_context *ev,
+                                       struct ctdb_client_context *client,
+                                       uint64_t srvid,
+                                       void *private_data);
+bool ctdb_client_remove_message_handler_recv(struct tevent_req *req,
+                                            int *perr);
+
 int ctdb_client_set_message_handler(TALLOC_CTX *mem_ctx,
                                    struct tevent_context *ev,
                                    struct ctdb_client_context *client,
@@ -709,6 +737,21 @@ int ctdb_ctrl_db_transaction_cancel(TALLOC_CTX *mem_ctx,
                                    int destnode, struct timeval timeout,
                                    uint32_t db_id);
 
+int ctdb_ctrl_db_pull(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+                     struct ctdb_client_context *client,
+                     int destnode, struct timeval timeout,
+                     struct ctdb_pulldb_ext *pulldb, uint32_t *num_records);
+
+int ctdb_ctrl_db_push_start(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+                           struct ctdb_client_context *client,
+                           int destnode, struct timeval timeout,
+                           struct ctdb_pulldb_ext *pulldb);
+
+int ctdb_ctrl_db_push_confirm(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+                             struct ctdb_client_context *client,
+                             int destnode, struct timeval timeout,
+                             uint32_t db_id, uint32_t *num_records);
+
 /* from client/client_db.c */
 
 struct tevent_req *ctdb_attach_send(TALLOC_CTX *mem_ctx,
diff --git a/ctdb/client/client_control_sync.c 
b/ctdb/client/client_control_sync.c
index de52b47..753007e 100644
--- a/ctdb/client/client_control_sync.c
+++ b/ctdb/client/client_control_sync.c
@@ -3117,3 +3117,89 @@ int ctdb_ctrl_db_transaction_cancel(TALLOC_CTX *mem_ctx,
 
        return 0;
 }
+
+int ctdb_ctrl_db_pull(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+                     struct ctdb_client_context *client,
+                     int destnode, struct timeval timeout,
+                     struct ctdb_pulldb_ext *pulldb, uint32_t *num_records)
+{
+       struct ctdb_req_control request;
+       struct ctdb_reply_control *reply;
+       int ret;
+
+       ctdb_req_control_db_pull(&request, pulldb);
+       ret = ctdb_client_control(mem_ctx, ev, client, destnode, timeout,
+                                 &request, &reply);
+       if (ret != 0) {
+               DEBUG(DEBUG_ERR,
+                     ("Control DB_PULL failed to node %u, ret=%d\n",
+                      destnode, ret));
+               return ret;
+       }
+
+       ret = ctdb_reply_control_db_pull(reply, num_records);
+       if (ret != 0) {
+               DEBUG(DEBUG_ERR, ("Control DB_PULL failed, ret=%d\n", ret));
+               return ret;
+       }
+
+       return 0;
+}
+
+int ctdb_ctrl_db_push_start(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+                           struct ctdb_client_context *client,
+                           int destnode, struct timeval timeout,
+                           struct ctdb_pulldb_ext *pulldb)
+{
+       struct ctdb_req_control request;
+       struct ctdb_reply_control *reply;
+       int ret;
+
+       ctdb_req_control_db_push_start(&request, pulldb);
+       ret = ctdb_client_control(mem_ctx, ev, client, destnode, timeout,
+                                 &request, &reply);
+       if (ret != 0) {
+               DEBUG(DEBUG_ERR,
+                     ("Control DB_PUSH failed to node %u, ret=%d\n",
+                      destnode, ret));
+               return ret;
+       }
+
+       ret = ctdb_reply_control_db_push_start(reply);
+       if (ret != 0) {
+               DEBUG(DEBUG_ERR,
+                     ("Control DB_PUSH failed, ret=%d\n", ret));
+               return ret;
+       }
+
+       return 0;
+}
+
+int ctdb_ctrl_db_push_confirm(TALLOC_CTX *mem_ctx, struct tevent_context *ev,
+                             struct ctdb_client_context *client,
+                             int destnode, struct timeval timeout,
+                             uint32_t db_id, uint32_t *num_records)
+{
+       struct ctdb_req_control request;
+       struct ctdb_reply_control *reply;
+       int ret;
+


-- 
Samba Shared Repository

Reply via email to