[SCM] Samba Shared Repository - branch master updated

[Jeremy Allison]

The branch, master has been updated
   via  6f073f258f1 s3:rpc_server: Fix double blackslash issue in dfs path
   via  8c10f539286 s3:rpc_server: Initialize consumedcnt to 0 in 
_dfs_GetInfo()
   via  2af9c65f2a1 s3:tests: Add rpcclient 'dfsgetinfo' test
  from  083fe1c28c6 smbd: call exit_server_cleanly() to avoid panicking

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 6f073f258f1f4f03a8eb568ea05be78fdbec49eb
Author: Pavel Filipenský 
Date:   Tue Jun 20 16:24:55 2023 +0200

s3:rpc_server: Fix double blackslash issue in dfs path

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15400

Signed-off-by: Pavel Filipenský 
Reviewed-by: Jeremy Allison 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Wed Jul  5 20:24:35 UTC 2023 on atb-devel-224

commit 8c10f53928653d02bbb75d6ab05510e87ee97420
Author: Pavel Filipenský 
Date:   Fri Jun 23 10:08:39 2023 +0200

s3:rpc_server: Initialize consumedcnt to 0 in _dfs_GetInfo()

Signed-off-by: Pavel Filipenský 
Reviewed-by: Jeremy Allison 

commit 2af9c65f2a17ace4e1021b5c8fd6df636c904cfe
Author: Pavel Filipenský 
Date:   Fri Jun 23 12:03:30 2023 +0200

s3:tests: Add rpcclient 'dfsgetinfo' test

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15400

Signed-off-by: Pavel Filipenský 
Reviewed-by: Jeremy Allison 

---

Summary of changes:
 source3/rpc_server/dfs/srv_dfs_nt.c| 32 ++
 source3/script/tests/test_rpcclient_dfs.sh |  7 +++
 2 files changed, 31 insertions(+), 8 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/rpc_server/dfs/srv_dfs_nt.c 
b/source3/rpc_server/dfs/srv_dfs_nt.c
index 7b5119bbaf7..8eaa59a8b0e 100644
--- a/source3/rpc_server/dfs/srv_dfs_nt.c
+++ b/source3/rpc_server/dfs/srv_dfs_nt.c
@@ -63,6 +63,7 @@ WERROR _dfs_Add(struct pipes_struct *p, struct dfs_Add *r)
char *altpath = NULL;
NTSTATUS status;
TALLOC_CTX *ctx = talloc_tos();
+   const char *pathnamep = r->in.path;
 
if (session_info->unix_token->uid != sec_initial_uid()) {
DEBUG(10,("_dfs_add: uid != 0. Access denied.\n"));
@@ -84,10 +85,15 @@ WERROR _dfs_Add(struct pipes_struct *p, struct dfs_Add *r)
return WERR_NOT_ENOUGH_MEMORY;
}
 
+   while (IS_DIRECTORY_SEP(pathnamep[0]) &&
+  IS_DIRECTORY_SEP(pathnamep[1])) {
+   pathnamep++;
+   }
+
/* The following call can change the cwd. */
status = get_referred_path(ctx,
   session_info,
-  r->in.path,
+  pathnamep,
   remote_address,
   local_address,
   jn, , _ref);
@@ -141,6 +147,7 @@ WERROR _dfs_Remove(struct pipes_struct *p, struct 
dfs_Remove *r)
TALLOC_CTX *ctx = talloc_tos();
char *altpath = NULL;
NTSTATUS status;
+   const char *pathnamep = r->in.dfs_entry_path;
 
if (session_info->unix_token->uid != sec_initial_uid()) {
DEBUG(10,("_dfs_remove: uid != 0. Access denied.\n"));
@@ -166,9 +173,14 @@ WERROR _dfs_Remove(struct pipes_struct *p, struct 
dfs_Remove *r)
r->in.dfs_entry_path, r->in.servername, 
r->in.sharename));
}
 
+   while (IS_DIRECTORY_SEP(pathnamep[0]) &&
+  IS_DIRECTORY_SEP(pathnamep[1])) {
+   pathnamep++;
+   }
+
status = get_referred_path(ctx,
   session_info,
-  r->in.dfs_entry_path,
+  pathnamep,
   remote_address,
   local_address,
   jn, , _ref);
@@ -390,20 +402,25 @@ WERROR _dfs_GetInfo(struct pipes_struct *p, struct 
dfs_GetInfo *r)
dcesrv_connection_get_remote_address(dcesrv_conn);
struct auth_session_info *session_info =
dcesrv_call_session_info(dce_call);
-   size_t consumedcnt = strlen(r->in.dfs_entry_path);
+   size_t consumedcnt = 0;
struct junction_map *jn = NULL;
bool self_ref = False;
TALLOC_CTX *ctx = talloc_tos();
bool ret;
NTSTATUS status;
+   const char *pathnamep = r->in.dfs_entry_path;
 
jn = talloc_zero(ctx, struct junction_map);
if (!jn) {
return WERR_NOT_ENOUGH_MEMORY;
}
 
-   ret = create_junction(ctx, r->in.dfs_entry_path,
- jn);
+   while (IS_DIRECTORY_SEP(pathnamep[0]) &&
+  IS_DIRECTORY_SEP(pathnamep[1])) {
+   pathnamep++;
+   }
+
+   ret = create_junction(ctx, 

[SCM] Samba Shared Repository - branch master updated

[Stefan Metzmacher]

The branch, master has been updated
   via  083fe1c28c6 smbd: call exit_server_cleanly() to avoid panicking
   via  50e771c12f8 s3:winbindd: let winbind_samlogon_retry_loop() fallback 
to NT_STATUS_NO_LOGON_SERVERS
   via  b317b10dffd s3:winbindd: make use of reset_cm_connection_on_error() 
in winbind_samlogon_retry_loop()
   via  0cb6de4b1d5 s3:winbindd: let winbind_samlogon_retry_loop() always 
start with authoritative = 1
   via  4ad5a35a3f6 s3:winbindd: make use of reset_cm_connection_on_error() 
for winbindd_lookup_{names,sids}()
   via  cb59fd43bbf s3:winbindd: call reset_cm_connection_on_error() in 
wb_cache_query_user_list()
  from  d2940694c6a ctdb-tests: Run ShellCheck on event-script unit test 
support scripts

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 083fe1c28c6ec69cbd15d8cc2f7f06b1b630f2bc
Author: Ralph Boehme 
Date:   Wed Jul 5 11:33:58 2023 +0200

smbd: call exit_server_cleanly() to avoid panicking

The parent smdb forwards SIGTERM to its process group in order to kill all
children like the scavenger. This happens from a function registered via
atexit() which means the signal forwarding is happening very briefly before 
the
main smbd process exits. When exiting the pipe between smbd and scavenger is
closed which triggers a file event in the scavenger.

However, due to kernel sheduling it is possible that the file descriptor 
event
is received before the signal, where we call exit_server() which call
smb_panic() at the end.

Change the exit to exit_server_cleanly() and just log this event at level 2
which we already do.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15275

Signed-off-by: Ralph Boehme 
Reviewed-by: Stefan Metzmacher 

Autobuild-User(master): Stefan Metzmacher 
Autobuild-Date(master): Wed Jul  5 13:14:08 UTC 2023 on atb-devel-224

commit 50e771c12f84f9268c2e9ddeef0965f79f85de3d
Author: Stefan Metzmacher 
Date:   Tue Jul 4 14:12:03 2023 +0200

s3:winbindd: let winbind_samlogon_retry_loop() fallback to 
NT_STATUS_NO_LOGON_SERVERS

When we were not able to get a valid response from any DC we should
report NT_STATUS_NO_LOGON_SERVERS with authoritative = 1.

This matches what windows does. In a chain of transitive
trusts the ACCESS_DENIED/authoritative=0 is not propagated,
instead NT_STATUS_NO_LOGON_SERVERS/authoritative=1 is
passed along the chain if there's no other DC is available.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Andreas Schneider 
Reviewed-by: Volker Lendecke 

commit b317b10dffd99d1add3ff0b85b958edd9639abc8
Author: Stefan Metzmacher 
Date:   Tue Jul 4 13:01:24 2023 +0200

s3:winbindd: make use of reset_cm_connection_on_error() in 
winbind_samlogon_retry_loop()

Note this is more than a simple invalidate_cm_connection() as it may set
domain->conn.netlogon_force_reauth = true, which is important in order
to recover from NT_STATUS_RPC_SEC_PKG_ERROR errors.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Andreas Schneider 
Reviewed-by: Volker Lendecke 

commit 0cb6de4b1d5410f3699172952be81c6eb75c2c86
Author: Stefan Metzmacher 
Date:   Wed Feb 16 14:19:16 2022 +0100

s3:winbindd: let winbind_samlogon_retry_loop() always start with 
authoritative = 1

Otherwise we could treat a local problem as non-authoritative.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Andreas Schneider 
Reviewed-by: Volker Lendecke 

commit 4ad5a35a3f67860aa7a1345efcfc92fe40578e31
Author: Stefan Metzmacher 
Date:   Tue Jul 4 12:32:34 2023 +0200

s3:winbindd: make use of reset_cm_connection_on_error() for 
winbindd_lookup_{names,sids}()

Note this is more than a simple invalidate_cm_connection() as it may set
domain->conn.netlogon_force_reauth = true.

This is not strictly needed as the callers call
reset_cm_connection_on_error() via reconnect_need_retry().
But it might avoid one roundtrip.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Andreas Schneider 
Reviewed-by: Volker Lendecke 

commit cb59fd43bbf758e4bad774cfc19ef87b157052c2
Author: Stefan Metzmacher 
Date:   Tue Jul 4 12:32:34 2023 +0200

s3:winbindd: call reset_cm_connection_on_error() in 
wb_cache_query_user_list()

This is mostly for consistency, every remote call should call
reset_cm_connection_on_error(). Note this is more than
a simple invalidate_cm_connection() as it may set
domain->conn.netlogon_force_reauth = true.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413

  

[SCM] Samba Shared Repository - branch master updated

[Martin Schwenke]

The branch, master has been updated
   via  d2940694c6a ctdb-tests: Run ShellCheck on event-script unit test 
support scripts
   via  b2026e92d68 ctdb-tests: Avoid ShellCheck warnings
   via  a45a76fd19c ctdb-tests: Avoid ShellCheck warning SC2059
   via  58a117d3d57 ctdb-tests: Avoid ShellCheck warnings SC2046, SC2005
   via  1190c91090a ctdb-tests: Drop unreachable code
   via  cbda1a78dc8 ctdb-tests: Reformat with "shfmt -w -p -i 0 -fn"
   via  7813c979edb ctdb-tests: Drop unused test code for tunables
   via  92f17474484 ctdb-tests: Avoid ShellCheck warning SC2086
   via  37105addecc ctdb-scripts: Avoid ShellCheck warnings SC2317, SC2086
   via  aeb5b0adfa7 ctdb-tools: Avoid ShellCheck warning SC2317
  from  6965e77268e s3:libads: re-initialize num_requests to 0 for 
cldap_ping_list retries

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit d2940694c6a1d7a842d5d91792f36974846da4e0
Author: Martin Schwenke 
Date:   Mon Jul 3 12:02:36 2023 +1000

ctdb-tests: Run ShellCheck on event-script unit test support scripts

Signed-off-by: Martin Schwenke 
Reviewed-by: Andreas Schneider 

Autobuild-User(master): Martin Schwenke 
Autobuild-Date(master): Wed Jul  5 12:16:57 UTC 2023 on atb-devel-224

commit b2026e92d68c12e0b6169742954a706b6faa7bf8
Author: Martin Schwenke 
Date:   Mon Jul 3 09:32:26 2023 +1000

ctdb-tests: Avoid ShellCheck warnings

These are all trivial, so handle them in bulk.

* Change code to avoid (approximately sorted by frequency):

  SC2004 $/${} is unnecessary on arithmetic variables.
  SC2086 Double quote to prevent globbing and word splitting.
  SC2162 read without -r will mangle backslashes.
  SC2254 Quote expansions in case patterns to match literally rather than 
as a glob.
  SC2154 (warning):  is referenced but not assigned.
  SC3037 (warning): In POSIX sh, echo flags are undefined.
  SC2016 (info): Expressions don't expand in single quotes, use double 
quotes for that.
  SC2069 (warning): To redirect stdout+stderr, 2>&1 must be last (or use '{ 
cmd > file; } 2>&1' to clarify).
  SC2124 (warning): Assigning an array to a string! Assign as array, or use 
* instead of @ to concatenate.
  SC2166 (warning): Prefer [ p ] && [ q ] as [ p -a q ] is not well defined.
  SC2223 (info): This default assignment may cause DoS due to globbing. 
Quote it.

* Locally disable checks:

  SC2034 (warning):  appears unused. Verify use (or export if 
used externally).
  SC2086 (info): Double quote to prevent globbing and word splitting. [once]
  SC2120 (warning):  references arguments, but none are ever 
passed.
  SC2317 (info): Command appears to be unreachable. Check usage (or ignore 
if invoked indirectly).

While touching reads for SC2162, switch unused variables to "_"
instead of "_x", which seems to be preferred by ShellCheck.

Signed-off-by: Martin Schwenke 
Reviewed-by: Andreas Schneider 

commit a45a76fd19ce486049583e1e7435320be40f9ef9
Author: Martin Schwenke 
Date:   Tue Jul 4 10:30:05 2023 +1000

ctdb-tests: Avoid ShellCheck warning SC2059

  SC2059 (info): Don't use variables in the printf format string. Use 
printf '..%s..' "$foo".

Move the format string to the function and just parameterise the share
type.

Signed-off-by: Martin Schwenke 
Reviewed-by: Andreas Schneider 

commit 58a117d3d57de416b946c91bf78107d507616e63
Author: Martin Schwenke 
Date:   Mon Jul 3 11:54:15 2023 +1000

ctdb-tests: Avoid ShellCheck warnings SC2046, SC2005

In ./tests/UNIT/eventscripts/scripts/local.sh line 328:
echo $(ctdb ifaces -X | awk -F'|' 'FNR > 1 {print $2}')
 ^-- SC2046 (warning): Quote this to prevent word splitting.
 ^-- SC2005 (style): Useless echo? Instead of 'echo $(cmd)', 
just use 'cmd'.

Use xargs to get output on 1 line.

Signed-off-by: Martin Schwenke 
Reviewed-by: Andreas Schneider 

commit 1190c91090a0b2ea718ebc5a48860d4362bf4c41
Author: Martin Schwenke 
Date:   Mon Jul 3 11:42:56 2023 +1000

ctdb-tests: Drop unreachable code

This generates ShellCheck warnings:

In ./tests/UNIT/eventscripts/scripts/60.nfs.sh line 412:
if [ -n "$service_check_cmd" ]; then
 ^^ SC2031 (info): 
service_check_cmd was modified in a subshell. That change might be lost.

In ./tests/UNIT/eventscripts/scripts/60.nfs.sh line 413:
if eval "$service_check_cmd"; then
 ^^ SC2031 (info): 
service_check_cmd was modified in a subshell. That change might be lost.

service_check_cmd will never be set here because it is only set in a
sub-shell in 

[SCM] Samba Website Repository - branch master updated

[Jule Anger]

The branch, master has been updated
   via  cbef3ec NEWS[4.18.4]: Samba 4.18.4 Available for Download
  from  f09ac97 NEWS[4.18.3]: Samba 4.18.3 Available for Download

https://git.samba.org/?p=samba-web.git;a=shortlog;h=master


- Log -
commit cbef3ec36079d6f7d705961801cd699b9ec31c9a
Author: Jule Anger 
Date:   Wed Jul 5 13:27:45 2023 +0200

NEWS[4.18.4]: Samba 4.18.4 Available for Download

Signed-off-by: Jule Anger 

---

Summary of changes:
 history/header_history.html  |  1 +
 history/samba-4.18.4.html| 69 
 posted_news/20230705-113408.4.18.4.body.html | 13 +
 posted_news/20230705-113408.4.18.4.headline.html |  3 ++
 4 files changed, 86 insertions(+)
 create mode 100644 history/samba-4.18.4.html
 create mode 100644 posted_news/20230705-113408.4.18.4.body.html
 create mode 100644 posted_news/20230705-113408.4.18.4.headline.html


Changeset truncated at 500 lines:

diff --git a/history/header_history.html b/history/header_history.html
index d201e8b..285a0cb 100755
--- a/history/header_history.html
+++ b/history/header_history.html
@@ -9,6 +9,7 @@
Release Notes


+   samba-4.18.4
samba-4.18.3
samba-4.18.2
samba-4.18.1
diff --git a/history/samba-4.18.4.html b/history/samba-4.18.4.html
new file mode 100644
index 000..b30aa4a
--- /dev/null
+++ b/history/samba-4.18.4.html
@@ -0,0 +1,69 @@
+http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd;>
+http://www.w3.org/1999/xhtml;>
+
+Samba 4.18.4 - Release Notes
+
+
+Samba 4.18.4 Available for Download
+
+https://download.samba.org/pub/samba/stable/samba-4.18.4.tar.gz;>Samba 
4.18.4 (gzipped)
+https://download.samba.org/pub/samba/stable/samba-4.18.4.tar.asc;>Signature
+
+
+https://download.samba.org/pub/samba/patches/samba-4.18.3-4.18.4.diffs.gz;>Patch
 (gzipped) against Samba 4.18.3
+https://download.samba.org/pub/samba/patches/samba-4.18.3-4.18.4.diffs.asc;>Signature
+
+
+
+   ==
+   Release Notes for Samba 4.18.4
+   July 05, 2023
+   ==
+
+
+This is the latest stable release of the Samba 4.18 release series.
+
+
+Changes since 4.18.3
+
+
+o  Douglas Bagnall douglas.bagn...@catalyst.net.nz
+   * BUG 15404: Backport --pidl-developer fixes.
+
+o  Samuel Cabrero scabr...@samba.org
+   * BUG 14030: Named crashes on DLZ zone update.
+
+o  Bjrn Jacke b...@sernet.de
+   * BUG 2312: smbcacls and smbcquotas do not check // before the server.
+
+o  Volker Lendecke v...@samba.org
+   * BUG 15382: cli_list loops 100% CPU against pre-lanman2 servers.
+   * BUG 15391: smbclient leaks fds with showacls.
+   * BUG 15402: smbd returns NOT_FOUND when creating files on a r/o filesystem.
+
+o  Stefan Metzmacher me...@samba.org
+   * BUG 15355: NSS_WRAPPER_HOSTNAME doesnt match NSS_WRAPPER_HOSTS 
entry and
+ causes test timeouts.
+
+o  Noel Power noel.po...@suse.com
+   * BUG 15384: net ads lookup (with unspecified realm) fails.
+
+o  Christof Schmitt c...@samba.org
+   * BUG 15381: Register Samba processes with GPFS.
+
+o  Andreas Schneider a...@samba.org
+   * BUG 15390: Python tarfile extraction needs change to avoid a warning
+ (CVE-2007-4559 mitigation).
+   * BUG 15398: The winbind child segfaults when listing users with `winbind
+ scan trusted domains = yes`.
+
+o  Jones Syue joness...@qnap.com
+   * BUG 15383: Remove comments about deprecated write cache size.
+   * BUG 15403: smbget memory leak if failed to download files recursively.
+
+
+
+
+
+
diff --git a/posted_news/20230705-113408.4.18.4.body.html 
b/posted_news/20230705-113408.4.18.4.body.html
new file mode 100644
index 000..756313b
--- /dev/null
+++ b/posted_news/20230705-113408.4.18.4.body.html
@@ -0,0 +1,13 @@
+
+05 July 2023
+Samba 4.18.4 Available for Download
+
+This is the latest stable release of the Samba 4.18 release series.
+
+
+The uncompressed tarball has been signed using GnuPG (ID AA99442FB680B620).
+The source code can be https://download.samba.org/pub/samba/stable/samba-4.18.4.tar.gz;>downloaded
 now.
+A https://download.samba.org/pub/samba/patches/samba-4.18.3-4.18.4.diffs.gz;>patch
 against Samba 4.18.3 is also available.
+See https://www.samba.org/samba/history/samba-4.18.4.html;>the 
release notes for more info.
+
+
diff --git a/posted_news/20230705-113408.4.18.4.headline.html 
b/posted_news/20230705-113408.4.18.4.headline.html
new file mode 100644
index 000..90ba14d
--- /dev/null
+++ b/posted_news/20230705-113408.4.18.4.headline.html
@@ -0,0 +1,3 @@
+
+ 05 July 2023 Samba 4.18.4 Available for 
Download
+


-- 
Samba Website Repository

[SCM] Samba Shared Repository - branch v4-18-stable updated

[Jule Anger]

The branch, v4-18-stable has been updated
   via  273696dc5d4 VERSION: Disable GIT_SNAPSHOT for the 4.18.4 release.
   via  bcdc186bb67 WHATSNEW: Add release notes for Samba 4.18.4.
   via  d4b86186d29 selftest:Samba3: use the correct NSS_WRAPPER_HOSTNAME
   via  d35c773e969 pidl: avoid py compile issues with --pidl-developer
   via  29c08b5891d s3:utils: smbget fix a memory leak
   via  694829f1872 smbd: Don't mask open error if fstatat() fails
   via  5d040beed2c tests: Show smbd returns wrong error code when creating 
on r/o fs
   via  14cbe1b8671 error_inject: Enable returning EROFS for O_CREAT
   via  3350e196a7e error_inject: map EROFS
   via  ccb235c2f4e vfs_gpfs: Register smbd process with GPFS
   via  2492a18d762 gpfswrap: Add wrapper for gpfs_register_cifs_export
   via  fe17ff2cfc4 s3:winbind: Fix talloc parent in find_dc() leading to a 
segfault
   via  a6edfaa4985 python:safe_tarfile: Improve safe extract()
   via  b7cad429a52 python:safe_tarfile: Implement safer extractall()
   via  eff4e88d2cc python:safe_tarfile: Set extraction_filter for pythons 
providing it
   via  4a79ee44c31 python:tests: Adopt safe_tarfile for extraction_filter 
raises
   via  d2c86925f62 s3/utils: avoid erronous NO MEMORY detection
   via  c7e3c042fbc smbcacls/smbcquotas: check for valid UNC path
   via  c4968128b7f smbclient: Fix fd leak with "showacls;ls"
   via  d49f9f4be7d smbd: remove comments about deprecated 'write cache 
size'
   via  3662ddaadc9 libsmb: Fix directory listing against old servers
   via  ad3f78b4ab6 tests: Show that we 100% loop in cli_list_old_recv()
   via  6f0d17e1210 tests: Make timelimit available to test scripts
   via  af4d536ad20 s4:dnsserver: Rename dns_name_equal() to 
samba_dns_name_equal()
   via  fcf2e89167f VERSION: Bump version up to Samba 4.18.4...
  from  897e67a7cf8 VERSION: Disable GIT_SNAPSHOT for the 4.18.3 release.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-18-stable


- Log -
---

Summary of changes:
 VERSION |  2 +-
 WHATSNEW.txt| 73 -
 docs-xml/smbdotconf/locking/smb2leases.xml  |  2 -
 docs-xml/smbdotconf/tuning/aioreadsize.xml  |  2 +-
 docs-xml/smbdotconf/tuning/aiowritesize.xml |  2 +-
 lib/util/gpfswrap.c | 12 +
 lib/util/gpfswrap.h |  1 +
 pidl/lib/Parse/Pidl/Samba4/Python.pm|  8 ++--
 python/samba/safe_tarfile.py| 73 -
 python/samba/tests/safe_tarfile.py  | 27 ---
 selftest/selftesthelpers.py |  1 +
 selftest/target/Samba3.pm   |  4 +-
 source3/client/client.c |  1 +
 source3/libsmb/clilist.c|  6 +++
 source3/modules/vfs_error_inject.c  | 20 
 source3/modules/vfs_gpfs.c  |  6 +++
 source3/script/tests/test_old_dirlisting.sh | 28 +++
 source3/script/tests/test_rofs.sh   | 34 ++
 source3/selftest/tests.py   | 13 +
 source3/smbd/open.c |  9 
 source3/smbd/smb2_read.c|  1 -
 source3/utils/net_ads.c | 10 ++--
 source3/utils/smbcacls.c|  5 ++
 source3/utils/smbcquotas.c  |  5 ++
 source3/utils/smbget.c  |  1 +
 source3/winbindd/winbindd_cm.c  |  2 +-
 source4/dns_server/dns_crypto.c |  2 +-
 source4/dns_server/dns_update.c |  4 +-
 source4/dns_server/dnsserver_common.c   | 21 +
 source4/dns_server/dnsserver_common.h   |  2 +-
 source4/rpc_server/dnsserver/dnsutils.c |  2 +-
 source4/torture/dns/dlz_bind9.c |  8 ++--
 32 files changed, 334 insertions(+), 53 deletions(-)
 create mode 100755 source3/script/tests/test_old_dirlisting.sh
 create mode 100755 source3/script/tests/test_rofs.sh


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index 93ebe2430aa..35e338ed4d5 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=18
-SAMBA_VERSION_RELEASE=3
+SAMBA_VERSION_RELEASE=4
 
 
 # If a official release has a serious bug  #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 01c121a8e48..c5dbc985f28 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,73 @@
+   ==
+   Release Notes for Samba 4.18.4
+   July 05, 2023
+   ==
+
+
+This is the latest stable release of the Samba 

[SCM] Samba Shared Repository - annotated tag samba-4.18.4 created

[Jule Anger]

The annotated tag, samba-4.18.4 has been created
at  f9a1b51ed7e03867e08a5125892dbf18557fc8af (tag)
   tagging  273696dc5d4c485735cfea0be9e71e28c97ffcf9 (commit)
  replaces  samba-4.18.3
 tagged by  Jule Anger
on  Wed Jul 5 13:26:14 2023 +0200

- Log -
samba: tag release samba-4.18.4
-BEGIN PGP SIGNATURE-

iQIzBAABCgAdFiEEgfXigyvSVFoYl7cTqplEL7aAtiAFAmSlU1YACgkQqplEL7aA
tiCpsBAArrKikaRNC8DVFABXy4T6Tr90/XUTmg79Rn9BIZtQQUH7xM50BPFXAw19
niiNDwCyu7a4KNuElnh1cO7+m7UBtdX1pfNLqON4wwqwR9oQNzEP1NKxsxQ+WfzP
jFohHXo91lc6ESkqSvHcF38XvG4Os/Caj63PWQBksQoYpa/sLmsvg2rMA3HD154f
yGQNSIjWCDDNY1lLKQL+iNFjDJqcdBjIfCeSyQZt/MewhYJqKC2mqyL6Z9zygSCe
OsqVFxUbL0ECbxl9ZabQX4FheIt0o+fYoRrQ1lY2KthN8oJj9UzzFWdt1X9QrCCp
839pAU8qOLhngSWSA9V9uz1LB5+H3dTvLfKX/G8LTQ/oTIQDP8irc+rD8/B5UoR0
FNJplaHrqfvBwmsA6S6dqMYmysSVCoUqUKqwVG2WGXBBfpxdnjtqScUIRTeGrP6V
3vvs7dtHfocViH1gOOB1ITluChPz2ApcjyjuPOFYw59ZWz2NMZ70xHQNtY0aCq17
hsQyiVEiYWeA4Ln00fEa8F9xZSZjN3CCt2pXiXIg01CEQDJK9rBDHBy9FJquxaeP
pwT5sSR7AZrYBtgubcE2Sdj1FZLGfcBZrabag2e/Rkvk+T6wh2ElK8XysjDuPZQv
lRxRrUx9hgu7Tm1ohngtEMbzNa+c7xeqW5gXJTkrWZLs4wYkfQE=
=rC8U
-END PGP SIGNATURE-

Andreas Schneider (5):
  python:tests: Adopt safe_tarfile for extraction_filter raises
  python:safe_tarfile: Set extraction_filter for pythons providing it
  python:safe_tarfile: Implement safer extractall()
  python:safe_tarfile: Improve safe extract()
  s3:winbind: Fix talloc parent in find_dc() leading to a segfault

Björn Jacke (1):
  smbcacls/smbcquotas: check for valid UNC path

Christof Schmitt (2):
  gpfswrap: Add wrapper for gpfs_register_cifs_export
  vfs_gpfs: Register smbd process with GPFS

Douglas Bagnall (1):
  pidl: avoid py compile issues with --pidl-developer

Jones Syue (2):
  smbd: remove comments about deprecated 'write cache size'
  s3:utils: smbget fix a memory leak

Jule Anger (3):
  VERSION: Bump version up to Samba 4.18.4...
  WHATSNEW: Add release notes for Samba 4.18.4.
  VERSION: Disable GIT_SNAPSHOT for the 4.18.4 release.

Noel Power (1):
  s3/utils: avoid erronous NO MEMORY detection

Samuel Cabrero (1):
  s4:dnsserver: Rename dns_name_equal() to samba_dns_name_equal()

Stefan Metzmacher (1):
  selftest:Samba3: use the correct NSS_WRAPPER_HOSTNAME

Volker Lendecke (8):
  tests: Make timelimit available to test scripts
  tests: Show that we 100% loop in cli_list_old_recv()
  libsmb: Fix directory listing against old servers
  smbclient: Fix fd leak with "showacls;ls"
  error_inject: map EROFS
  error_inject: Enable returning EROFS for O_CREAT
  tests: Show smbd returns wrong error code when creating on r/o fs
  smbd: Don't mask open error if fstatat() fails

---


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

[Volker Lendecke]

The branch, master has been updated
   via  6965e77268e s3:libads: re-initialize num_requests to 0 for 
cldap_ping_list retries
  from  bf7fbf7e2b6 s3-net: no secrets access required when processing a 
ODJ provisioning

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 6965e77268e1abfc21f1793c7cd006444938ac03
Author: Stefan Metzmacher 
Date:   Tue Jul 4 18:07:12 2023 +0200

s3:libads: re-initialize num_requests to 0 for cldap_ping_list retries

Commit 8132edf119757ee91070facffef016c93de9c2a6 introduced a retry loop
arround cldap_multi_netlogon(), but it forgot to reset num_requests to 0
for the retries.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15416

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Volker Lendecke 

Autobuild-User(master): Volker Lendecke 
Autobuild-Date(master): Wed Jul  5 11:17:43 UTC 2023 on atb-devel-224

---

Summary of changes:
 source3/libads/ldap.c | 1 +
 1 file changed, 1 insertion(+)


Changeset truncated at 500 lines:

diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index a01b1193013..3ba32d0cf44 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -446,6 +446,7 @@ again:
 * The retry loop is bound by the timeout
 */
retry = false;
+   num_requests = 0;
 
for (i = 0; i < count; i++) {
char server[INET6_ADDRSTRLEN];


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-18-test updated

[Jule Anger]

The branch, v4-18-test has been updated
   via  f2c18045a57 VERSION: Bump version up to Samba 4.18.5...
   via  273696dc5d4 VERSION: Disable GIT_SNAPSHOT for the 4.18.4 release.
   via  bcdc186bb67 WHATSNEW: Add release notes for Samba 4.18.4.
  from  d4b86186d29 selftest:Samba3: use the correct NSS_WRAPPER_HOSTNAME

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-18-test


- Log -
commit f2c18045a57e95597b4841e704e67b5811454979
Author: Jule Anger 
Date:   Wed Jul 5 12:35:59 2023 +0200

VERSION: Bump version up to Samba 4.18.5...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Jule Anger 

commit 273696dc5d4c485735cfea0be9e71e28c97ffcf9
Author: Jule Anger 
Date:   Wed Jul 5 12:35:33 2023 +0200

VERSION: Disable GIT_SNAPSHOT for the 4.18.4 release.

Signed-off-by: Jule Anger 

commit bcdc186bb67ac6889e08b6c534f72ce0cc1461d6
Author: Jule Anger 
Date:   Wed Jul 5 12:34:37 2023 +0200

WHATSNEW: Add release notes for Samba 4.18.4.

Signed-off-by: Jule Anger 

---

Summary of changes:
 VERSION  |  2 +-
 WHATSNEW.txt | 73 ++--
 2 files changed, 72 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index b11e1c9469e..80ff8c0c369 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=18
-SAMBA_VERSION_RELEASE=4
+SAMBA_VERSION_RELEASE=5
 
 
 # If a official release has a serious bug  #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 01c121a8e48..c5dbc985f28 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,73 @@
+   ==
+   Release Notes for Samba 4.18.4
+   July 05, 2023
+   ==
+
+
+This is the latest stable release of the Samba 4.18 release series.
+
+
+Changes since 4.18.3
+
+
+o  Douglas Bagnall 
+   * BUG 15404: Backport --pidl-developer fixes.
+
+o  Samuel Cabrero 
+   * BUG 14030: Named crashes on DLZ zone update.
+
+o  Björn Jacke 
+   * BUG 2312: smbcacls and smbcquotas do not check // before the server.
+
+o  Volker Lendecke 
+   * BUG 15382: cli_list loops 100% CPU against pre-lanman2 servers.
+   * BUG 15391: smbclient leaks fds with showacls.
+   * BUG 15402: smbd returns NOT_FOUND when creating files on a r/o filesystem.
+
+o  Stefan Metzmacher 
+   * BUG 15355: NSS_WRAPPER_HOSTNAME doesn't match NSS_WRAPPER_HOSTS entry and
+ causes test timeouts.
+
+o  Noel Power 
+   * BUG 15384: net ads lookup (with unspecified realm) fails.
+
+o  Christof Schmitt 
+   * BUG 15381: Register Samba processes with GPFS.
+
+o  Andreas Schneider 
+   * BUG 15390: Python tarfile extraction needs change to avoid a warning
+ (CVE-2007-4559 mitigation).
+   * BUG 15398: The winbind child segfaults when listing users with `winbind
+ scan trusted domains = yes`.
+
+o  Jones Syue 
+   * BUG 15383: Remove comments about deprecated 'write cache size'.
+   * BUG 15403: smbget memory leak if failed to download files recursively.
+
+
+###
+Reporting bugs & Development Discussion
+###
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+==
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==
+
+
+Release notes for older releases follow:
+
==
Release Notes for Samba 4.18.3
 May 31, 2023
@@ -58,8 +128,7 @@ database (https://bugzilla.samba.org/).
 ==
 
 
-Release notes for older releases follow:
-
+--
==
Release Notes for Samba 4.18.2
April 19, 2023


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-18-test updated

[Jule Anger]

The branch, v4-18-test has been updated
   via  d4b86186d29 selftest:Samba3: use the correct NSS_WRAPPER_HOSTNAME
  from  d35c773e969 pidl: avoid py compile issues with --pidl-developer

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-18-test


- Log -
commit d4b86186d293c80682b4e2189b8dbbec4572a9e8
Author: Stefan Metzmacher 
Date:   Wed Apr 12 17:22:02 2023 +0200

selftest:Samba3: use the correct NSS_WRAPPER_HOSTNAME

The value of NSS_WRAPPER_HOSTNAME needs to match value
we put into the NSS_WRAPPER_HOSTS file.

We had a mismatch of
idmapridmember.samba.example.com
vs.
idmapridmember.addom.samba.example.com

This causes getaddrinfo() in nss_wrapper to fallback to
the libc version, which talks to a dns server.
It's not clear if recent glibc code will reach resolve/socket wrapper.
So it's not unlikely that idmapridmember.samba.example.com will
be passed via the internet, which causes delays up to 20 seconds.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15355

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Ralph Boehme 

Autobuild-User(master): Stefan Metzmacher 
Autobuild-Date(master): Wed Apr 12 20:29:05 UTC 2023 on atb-devel-224

(cherry picked from commit 53f0a292f8057a63ddee951058e380b43b9d2916)

Autobuild-User(v4-18-test): Jule Anger 
Autobuild-Date(v4-18-test): Wed Jul  5 10:19:29 UTC 2023 on atb-devel-224

---

Summary of changes:
 selftest/target/Samba3.pm | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 0556efd4741..ba3268f147c 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -3678,7 +3678,7 @@ jacknomappergroup:x:$gid_jacknomapper:jacknomapper
$createuser_env{NSS_WRAPPER_PASSWD} = $nss_wrapper_passwd;
$createuser_env{NSS_WRAPPER_GROUP} = $nss_wrapper_group;
$createuser_env{NSS_WRAPPER_HOSTS} = $nss_wrapper_hosts;
-   $createuser_env{NSS_WRAPPER_HOSTNAME} = "${hostname}.samba.example.com";
+   $createuser_env{NSS_WRAPPER_HOSTNAME} = "${hostname}.${dns_domain}";
if ($ENV{SAMBA_DNS_FAKING}) {
$createuser_env{RESOLV_WRAPPER_HOSTS} = $dns_host_file;
} else {
@@ -3732,7 +3732,7 @@ jacknomappergroup:x:$gid_jacknomapper:jacknomapper
$ret{NSS_WRAPPER_PASSWD} = $nss_wrapper_passwd;
$ret{NSS_WRAPPER_GROUP} = $nss_wrapper_group;
$ret{NSS_WRAPPER_HOSTS} = $nss_wrapper_hosts;
-   $ret{NSS_WRAPPER_HOSTNAME} = "${hostname}.samba.example.com";
+   $ret{NSS_WRAPPER_HOSTNAME} = "${hostname}.${dns_domain}";
$ret{NSS_WRAPPER_MODULE_SO_PATH} = 
Samba::nss_wrapper_winbind_so_path($self);
$ret{NSS_WRAPPER_MODULE_FN_PREFIX} = "winbind";
if ($ENV{SAMBA_DNS_FAKING}) {


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

[Günther Deschner]

The branch, master has been updated
   via  bf7fbf7e2b6 s3-net: no secrets access required when processing a 
ODJ provisioning
  from  0bfdefffc8b s3:include: Fix code spelling

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit bf7fbf7e2b675145e25ce7bffc29abbf44c35540
Author: Günther Deschner 
Date:   Tue Jun 6 11:14:01 2023 +0200

s3-net: no secrets access required when processing a ODJ provisioning

It should be possible to call "net offlinejoin provision" as non-root,
no access to secrets.tdb required in that case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15414

Guenther

Signed-off-by: Guenther Deschner 
Reviewed-by: Andreas Schneider 

Autobuild-User(master): Günther Deschner 
Autobuild-Date(master): Wed Jul  5 09:23:22 UTC 2023 on atb-devel-224

---

Summary of changes:
 source3/libnet/libnet_join.c | 8 
 1 file changed, 8 insertions(+)


Changeset truncated at 500 lines:

diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 3bff7ec1412..b60eb112d0a 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -2369,6 +2369,14 @@ static WERROR libnet_join_pre_processing(TALLOC_CTX 
*mem_ctx,
r->in.admin_account = admin_account;
}
 
+   if (r->in.provision_computer_account_only) {
+   /*
+* When in the "provision_computer_account_only" path we do not
+* need to have access to secrets.tdb at all - gd
+*/
+   return WERR_OK;
+   }
+
if (!secrets_init()) {
libnet_join_set_error_string(mem_ctx, r,
"Unable to open secrets database");


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch master updated

[Andreas Schneider]

The branch, master has been updated
   via  0bfdefffc8b s3:include: Fix code spelling
   via  a26c00db11d s4:client: Fix code spelling
   via  ef5ab45be70 s3:auth: Use new debug macros for logging
   via  e57f034f013 s3:auth: Fix code spelling
   via  60b02126a3c selftest: Fix code spelling
   via  2bba3ef297f script: Fix code spelling
   via  3233fc03356 python:tests: Fix code spelling
  from  3522cddf9cf libcli/smb: Remove unused fallback case for 
ALLOW_GNUTLS_AEAD_CIPHER_ENCRYPTV2_AES_GCM

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 0bfdefffc8b269674e4ffeb273170ad68f8efa32
Author: Andreas Schneider 
Date:   Fri Jun 30 12:10:26 2023 +0200

s3:include: Fix code spelling

Signed-off-by: Andreas Schneider 
Reviewed-by: Joseph Sutton 

Autobuild-User(master): Andreas Schneider 
Autobuild-Date(master): Wed Jul  5 07:32:15 UTC 2023 on atb-devel-224

commit a26c00db11d9e02b18e7ef9a516eca4a107764d6
Author: Andreas Schneider 
Date:   Fri Jun 30 12:06:20 2023 +0200

s4:client: Fix code spelling

Signed-off-by: Andreas Schneider 
Reviewed-by: Joseph Sutton 

commit ef5ab45be70469b9471455574ac38e7fb435c043
Author: Andreas Schneider 
Date:   Mon Jul 3 11:19:33 2023 +0200

s3:auth: Use new debug macros for logging

Signed-off-by: Andreas Schneider 
Reviewed-by: Joseph Sutton 

commit e57f034f013bda65618898f22f3fb0cb903f0d94
Author: Andreas Schneider 
Date:   Fri Jun 30 12:06:01 2023 +0200

s3:auth: Fix code spelling

Signed-off-by: Andreas Schneider 
Reviewed-by: Joseph Sutton 

commit 60b02126a3c0c05e710ad5be59257e969c0f1e2a
Author: Andreas Schneider 
Date:   Fri Jun 30 12:04:33 2023 +0200

selftest: Fix code spelling

Signed-off-by: Andreas Schneider 
Reviewed-by: Joseph Sutton 

commit 2bba3ef297f5f9a8ff55db0b73da5e9ec253e9cb
Author: Andreas Schneider 
Date:   Fri Jun 30 11:57:55 2023 +0200

script: Fix code spelling

Signed-off-by: Andreas Schneider 
Reviewed-by: Joseph Sutton 

commit 3233fc0335607ee67c1e03b6387d4b3efb0cc24d
Author: Andreas Schneider 
Date:   Fri Jun 30 11:56:06 2023 +0200

python:tests: Fix code spelling

Signed-off-by: Andreas Schneider 
Reviewed-by: Joseph Sutton 

---

Summary of changes:
 python/samba/tests/dsdb.py   |  2 +-
 script/traffic_replay|  2 +-
 script/traffic_summary.pl|  8 +++---
 selftest/create_smb1_fail_skipfile.txt   |  6 ++---
 selftest/flapping.d/nbt_dgram|  2 +-
 selftest/knownfail   |  4 +--
 selftest/knownfail.d/dns |  2 +-
 selftest/knownfail.d/samba-4.5-emulation |  2 +-
 selftest/knownfail_heimdal_kdc   |  2 +-
 selftest/knownfail_mit_kdc   |  2 +-
 selftest/knownfail_mit_kdc_pre_1_20  |  2 +-
 selftest/manage-ca/manage-ca.sh  |  2 +-
 selftest/ns/mk_nsenter.sh|  2 +-
 selftest/selftest.pl |  2 +-
 selftest/target/Samba3.pm|  6 ++---
 selftest/todo_smb2_tests_to_port.list|  2 +-
 source3/auth/auth.c  | 46 ++--
 source3/auth/auth_builtin.c  |  2 +-
 source3/auth/auth_generic.c  |  2 +-
 source3/auth/auth_util.c |  2 +-
 source3/auth/auth_winbind.c  |  2 +-
 source3/auth/check_samsec.c  |  4 +--
 source3/auth/pampass.c   | 10 +++
 source3/auth/pass_check.c|  2 +-
 source3/auth/proto.h | 12 -
 source3/client/clitar.c  |  4 +--
 source3/include/fake_file.h  |  2 +-
 source3/include/idmap.h  |  6 ++---
 source3/include/idmap_autorid_tdb.h  |  4 +--
 source3/include/libsmbclient.h   | 20 +++---
 source3/include/local.h  |  6 ++---
 source3/include/messages.h   |  4 +--
 source3/include/nameserv.h   |  2 +-
 source3/include/passdb.h | 30 ++---
 source3/include/smb.h|  2 +-
 source3/include/vfs.h|  8 +++---
 36 files changed, 112 insertions(+), 106 deletions(-)


Changeset truncated at 500 lines:

diff --git a/python/samba/tests/dsdb.py b/python/samba/tests/dsdb.py
index d8d9ac1ee3c..37c36d6ab02 100644
--- a/python/samba/tests/dsdb.py
+++ b/python/samba/tests/dsdb.py
@@ -1189,7 +1189,7 @@ class DsdbStartUpTests(TestCase):
 lp = samba.tests.env_loadparm()
 path = lp.configfile
 
-# This is to avoid a tatoo of the global state
+# This is to avoid a tattoo of the global state
 self.lp = LoadParm(filename_for_non_global_lp=path)
 self.creds = Credentials()
 self.creds.guess(self.lp)
diff