[SCM] Samba Shared Repository - branch v4-7-test updated

2019-02-26 Thread Stefan Metzmacher 
The branch, v4-7-test has been updated
   via  a6f3bbf17ea CVE-2019-3824 ldb: Release ldb 1.2.4
   via  c6ec3fc6d0f CVE-2019-3824 ldb: Add tests for ldb_wildcard_match
   via  8ddaf853404 CVE-2019-3824 ldb: wildcard_match end of data check
   via  c62bd66b84d CVE-2019-3824 ldb: wildcard_match check tree operation
   via  e71cdbe57b5 CVE-2019-3824 ldb: ldb_parse_tree use talloc_zero
   via  5d6df9adbfd CVE-2019-3824 ldb: Improve code style and layout in 
wildcard processing
   via  a3c42ff9331 CVE-2019-3824 ldb: Extra comments to clarify no pointer 
wrap in wildcard processing
   via  e8af7222d2d CVE-2019-3824 ldb: Out of bound read in 
ldb_wildcard_compare
  from  23b41ebe1de CVE-2018-14629 dns: fix CNAME loop prevention using 
counter regression

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit a6f3bbf17ea49838b799aad2bc942105fdf718db
Author: Gary Lockyer 
Date:   Wed Feb 20 01:03:41 2019 +

CVE-2019-3824 ldb: Release ldb 1.2.4

* CVE-2019-3824 out of bounds read in wildcard compare (bug 13773)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773

Signed-off-by: Gary Lockyer 

Autobuild-User(v4-7-test): Stefan Metzmacher 
Autobuild-Date(v4-7-test): Tue Feb 26 16:52:19 CET 2019 on sn-devel-144

commit c6ec3fc6d0f47885f4ce4fa89ac5644167a7dab0
Author: Gary Lockyer 
Date:   Tue Feb 19 10:24:38 2019 +1300

CVE-2019-3824 ldb: Add tests for ldb_wildcard_match

Add cmocka tests for ldb_wildcard_match.

Running test_wildcard_match under valgrind reproduces
 CVE-2019-3824 out of bounds read in wildcard compare (bug 13773)

 valgrind --suppressions=lib/ldb/tests/ldb_match_test.valgrind\
  bin/ldb_match_test

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773

Signed-off-by: Gary Lockyer 

commit 8ddaf853404f3cddef84b77b38951526d73ffbda
Author: Gary Lockyer 
Date:   Tue Feb 19 10:26:56 2019 +1300

CVE-2019-3824 ldb: wildcard_match end of data check

ldb_handler_copy and ldb_val_dup over allocate by one and add a trailing 
'\0'
to the data, to make them safe to use the C string functions on.

However testing for the trailing '\0' is not the correct way to test for
the end of a value, the length should be checked instead.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773

Signed-off-by: Gary Lockyer 

commit c62bd66b84defc73465e5f16f230f1855fb3bde3
Author: Gary Lockyer 
Date:   Tue Feb 19 10:26:25 2019 +1300

CVE-2019-3824 ldb: wildcard_match check tree operation

Check the operation type of the passed parse tree, and return
LDB_INAPPROPRIATE_MATCH if the operation is not LDB_OP_SUBSTRING.

A query of "attribute=*" gets parsed as LDB_OP_PRESENT, checking the
operation and failing ldb_wildcard_match should help prevent confusion
writing tests.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773

Signed-off-by: Gary Lockyer 

commit e71cdbe57b5c86e597f1c007c07c66df652038c5
Author: Gary Lockyer 
Date:   Tue Feb 19 10:25:24 2019 +1300

CVE-2019-3824 ldb: ldb_parse_tree use talloc_zero

Initialise the created ldb_parse_tree with talloc_zero, this ensures
that it is correctly initialised if inadvertently passed to a function
expecting a different operation type.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773

Signed-off-by: Gary Lockyer 

commit 5d6df9adbfd279cc0da7d5cae90cd724b635e97c
Author: Andrew Bartlett 
Date:   Mon Feb 4 11:22:50 2019 +1300

CVE-2019-3824 ldb: Improve code style and layout in wildcard processing

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773

Signed-off-by: Andrew Bartlett 

commit a3c42ff9331642ea989cba20175b7813050b9f5f
Author: Andrew Bartlett 
Date:   Mon Feb 4 11:22:34 2019 +1300

CVE-2019-3824 ldb: Extra comments to clarify no pointer wrap in wildcard 
processing

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13773

Signed-off-by: Andrew Bartlett 

commit e8af7222d2de69d19216b922d5a85e4259ea5c40
Author: Lukas Slebodnik 
Date:   Fri Jan 18 16:37:24 2019 +0100

CVE-2019-3824 ldb: Out of bound read in ldb_wildcard_compare

There is valgrind error in few tests tests/test-generic.sh
 91 echo "Test wildcard match"
 92 $VALGRIND ldbadd $LDBDIR/tests/test-wildcard.ldif  || exit 1
 93 $VALGRIND ldbsearch '(cn=test*multi)'  || exit 1
 95 $VALGRIND ldbsearch '(cn=*test_multi)'  || exit 1
 97 $VALGRIND ldbsearch '(cn=test*multi*test*multi)'  || exit 1

e.g.
  ==3098== Memcheck, a memory error detector
  ==3098== Copyright (C) 2002-2017, and GNU GPL'd, by Julian Seward et al.
  ==3098== Using Valgrind-3.14.0 and LibVEX; rerun with -h for copyright 
info
  ==3098== Command: ./bin/ldbsearch (cn=test*multi)
  ==3098==

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-12-07 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  23b41ebe1de CVE-2018-14629 dns: fix CNAME loop prevention using 
counter regression
   via  afc79912685 CVE-2018-14629: Tests to expose regression from dns 
cname loop fix
   via  29481e9dd5d .gitlab-ci.yml: Adapt to current GitLab CI setup
   via  463ee44 gitlab-ci: add .gitlab-ci.yml
   via  fcbea2c7c96 CVE-2018-16853: fix crash in expired passowrd case
   via  09b9a9bed3a CVE-2018-16853: Do not segfault if client is not set
   via  03607d79e35 CVE-2018-16853: Add a test to verify s4u2self doesn't 
crash
   via  22794132513 CVE-2018-16853: The ticket in check_policy_as can 
actually be a TGS
   via  51518080df9 CVE-2018-16853: Fix kinit test on system lacking 
ldbsearch
  from  c4ec9d57608 VERSION: Bump version up to 4.7.13.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 23b41ebe1deca762e03d4d688f0a11e11f809afd
Author: Stefan Metzmacher 
Date:   Wed Nov 28 15:21:56 2018 +0100

CVE-2018-14629 dns: fix CNAME loop prevention using counter regression

The loop prevention should only be done for CNAME records!

Otherwise we truncate the answer records for A,  or
SRV queries, which is a bad idea if you have more than 20 DCs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Douglas Bagnall 

Autobuild-User(master): Andrew Bartlett 
Autobuild-Date(master): Tue Dec  4 08:52:29 CET 2018 on sn-devel-144

(cherry picked from commit 34f4491d79b47b2fe2457b8882f11644cf773bc4)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Fri Dec  7 16:59:16 CET 2018 on sn-devel-144

commit afc799126853e1ce9cb498c4cc0eb17b9e0dd565
Author: Aaron Haslett 
Date:   Fri Nov 30 18:37:27 2018 +1300

CVE-2018-14629: Tests to expose regression from dns cname loop fix

These tests expose the regression described by Stefan Metzmacher in
discussion on the bugzilla paged linked below.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13600
Signed-off-by: Aaron Haslett 
Reviewed-by: Douglas Bagnall 
Reviewed-by: Stefan Metzmacher 
(cherry picked from commit 14399fd818b130a6347eec860460929c292d5996)

commit 29481e9dd5dc1765d1108eee5d6ab2a3551c5192
Author: Andrew Bartlett 
Date:   Tue Jun 26 14:59:26 2018 +1200

.gitlab-ci.yml: Adapt to current GitLab CI setup

Signed-off-by: Andrew Bartlett 
(cherry picked from commit fb522c1ba0afa1b2298e66dfde42806cae72e5b9)

commit 463ee44ec1757b9b16d293a331e2f5c962e6
Author: Joe Guo 
Date:   Wed Sep 20 09:33:27 2017 +1200

gitlab-ci: add .gitlab-ci.yml

Add .gitlab-ci.yml file, and define build jobs in groups.

Once gitlab-runner set up, builds and tests can be triggered
automatically in parallel when push to gitlab.
Also, with gitlab-runner autoscale mode, build instances
will be created and removed on demand.

Signed-off-by: Joe Guo 
Reviewed-by: Andrew Bartlett 
Reviewed-by: Ralph Boehme 

Autobuild-User(master): Ralph Böhme 
Autobuild-Date(master): Tue Oct 31 15:32:16 CET 2017 on sn-devel-144

(cherry picked from commit 8be4236b323b5f755ff6c0bf0a4a5fb99343c84d)

commit fcbea2c7c9680ad7e24235150d61f9a0aee36bb4
Author: Isaac Boukris 
Date:   Wed Nov 7 22:53:35 2018 +0200

CVE-2018-16853: fix crash in expired passowrd case

When calling encode_krb5_padata_sequence() make sure to
pass a null terminated array as required.

Fixes expired passowrd case in samba4.blackbox.kinit test.

Signed-off-by: Isaac Boukris 
Reviewed-by: Andreas Schneider 
Reviewed-by: Stefan Metzmacher 

commit 09b9a9bed3aae0fbd945921849cd66ce9e22e0ea
Author: Andreas Schneider 
Date:   Wed Sep 28 07:22:32 2016 +0200

CVE-2018-16853: Do not segfault if client is not set

This can be triggered with FAST but we don't support this yet.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571

Signed-off-by: Andreas Schneider 
Reviewed-by: Stefan Metzmacher 

commit 03607d79e358c664bcf25a5304684dccb49b3ffe
Author: Isaac Boukris 
Date:   Sat Aug 18 16:01:59 2018 +0300

CVE-2018-16853: Add a test to verify s4u2self doesn't crash

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571

Signed-off-by: Isaac Boukris 
Reviewed-by: Andreas Schneider 
Reviewed-by: Stefan Metzmacher 

commit 22794132513e7c8ddc3cff98f7786a48554499dc
Author: Isaac Boukris 
Date:   Sat Aug 18 00:40:30 2018 +0300

CVE-2018-16853: The ticket in check_policy_as can actually be a TGS

This happens when we are called from S4U2Self flow, and in that case
kdcreq->client is NULL.  Use the name from client entry instead.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13571

Signed-off-by: Isaac

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-11-27 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  c4ec9d57608 VERSION: Bump version up to 4.7.13.
   via  ba16fccfccc Merge tag 'samba-4.7.12' into v4-7-test
   via  b7d190f89d7 VERSION: Disable GIT_SNAPSHOT for the 4.7.12 release.
   via  fb5d78cfa06 WHATSNEW: Add release notes for Samba 4.7.12.
   via  5f7f57fbe30 CVE-2018-16853 build: The Samba AD DC, when build with 
MIT Kerberos is experimental
   via  ac0b38fb285 CVE-2018-16851 ldap_server: Check ret before 
manipulating blob
   via  b49c87f8d64 CVE-2018-16841 selftest: Check for mismatching 
principal in certficate compared with principal in AS-REQ
   via  e1026a1685b CVE-2018-16841 heimdal: Fix segfault on PKINIT with 
mis-matching principal
   via  f7a8294d65e CVE-2018-14629 dns: CNAME loop prevention using counter
   via  32299234424 VERSION: Bump version up to 4.7.12...
  from  787ab099388 VERSION: Bump version up to 4.7.12...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit c4ec9d57608a1d010973890d91f9ae9bba6a9ebc
Author: Karolin Seeger 
Date:   Tue Nov 27 11:08:33 2018 +0100

VERSION: Bump version up to 4.7.13.

Signed-off-by: Karolin Seeger 

commit ba16fccfcccd408a01b2bf1c6f7212c1a18eb1fd
Merge: 787ab099388 b7d190f89d7
Author: Karolin Seeger 
Date:   Tue Nov 27 11:08:12 2018 +0100

Merge tag 'samba-4.7.12' into v4-7-test

samba: tag release samba-4.7.12

---

Summary of changes:
 VERSION   |   2 +-
 WHATSNEW.txt  | 103 +-
 python/samba/tests/dns.py |  24 +++
 selftest/knownfail.d/dns  |   6 ++
 source4/dns_server/dns_query.c|   6 ++
 source4/kdc/db-glue.c |   6 +-
 source4/ldap_server/ldap_server.c |   4 +-
 testprogs/blackbox/test_pkinit_heimdal.sh |   8 +++
 wscript   |  17 +
 9 files changed, 168 insertions(+), 8 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index a8a6777bdd1..43f0495fecc 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=7
-SAMBA_VERSION_RELEASE=12
+SAMBA_VERSION_RELEASE=13
 
 
 # If a official release has a serious bug  #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index e3da5bfadb5..be9dc7e56c3 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,102 @@
+   ==
+   Release Notes for Samba 4.7.12
+  November 27, 2018
+   ==
+
+
+This is a security release in order to address the following defects:
+
+o  CVE-2018-14629 (Unprivileged adding of CNAME record causing loop in AD
+   Internal DNS server)
+o  CVE-2018-16841 (Double-free in Samba AD DC KDC with PKINIT)
+o  CVE-2018-16851 (NULL pointer de-reference in Samba AD DC LDAP server)
+o  CVE-2018-16853 (Samba AD DC S4U2Self crash in experimental MIT Kerberos
+   configuration (unsupported))
+
+
+===
+Details
+===
+
+o  CVE-2018-14629:
+   All versions of Samba from 4.0.0 onwards are vulnerable to infinite
+   query recursion caused by CNAME loops. Any dns record can be added via
+   ldap by an unprivileged user using the ldbadd tool, so this is a
+   security issue.
+
+o  CVE-2018-16841:
+   When configured to accept smart-card authentication, Samba's KDC will call
+   talloc_free() twice on the same memory if the principal in a validly signed
+   certificate does not match the principal in the AS-REQ.
+
+   This is only possible after authentication with a trusted certificate.
+
+   talloc is robust against further corruption from a double-free with
+   talloc_free() and directly calls abort(), terminating the KDC process.
+
+   There is no further vulnerability associated with this issue, merely a
+   denial of service.
+
+o  CVE-2018-16851:
+   During the processing of an LDAP search before Samba's AD DC returns
+   the LDAP entries to the client, the entries are cached in a single
+   memory object with a maximum size of 256MB.  When this size is
+   reached, the Samba process providing the LDAP service will follow the
+   NULL pointer, terminating the process.
+
+   There is no further vulnerability associated with this issue, merely a
+   denial of service.
+
+o  CVE-2018-16853:
+   A user in a Samba AD domain can crash the KDC when Samba is built in the
+   non-default MIT Kerberos configuration.
+
+   With this advisory we clarify that the MIT Kerberos build of the Samba
+   AD DC is considered experimental.  Therefore the Samba Team will not
+   issue security patches for this

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-10-23 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  787ab09 VERSION: Bump version up to 4.7.12...
   via  9a8a725 VERSION: Disable GIT_SNAPSHOT for the 4.7.11 release.
   via  db25438 WHATSNEW: Add release notes for Samba 4.7.11.
  from  145b2ee s3:winbind: Fix regression introduced with bso #12851

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 787ab0993889f5ac06691426d7eca3d78bded4a6
Author: Karolin Seeger 
Date:   Mon Oct 22 12:51:33 2018 +0200

VERSION: Bump version up to 4.7.12...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger 

commit 9a8a7255853ae8cd73cacf8ca024545b44aec24e
Author: Karolin Seeger 
Date:   Mon Oct 22 12:50:50 2018 +0200

VERSION: Disable GIT_SNAPSHOT for the 4.7.11 release.

Signed-off-by: Karolin Seeger 

commit db25438883c2869ae8a300fab19d32a43680c0dc
Author: Karolin Seeger 
Date:   Mon Oct 22 12:50:13 2018 +0200

WHATSNEW: Add release notes for Samba 4.7.11.

Signed-off-by: Karolin Seeger 

---

Summary of changes:
 VERSION  |  2 +-
 WHATSNEW.txt | 69 ++--
 2 files changed, 68 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index a9c988c..a8a6777 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=7
-SAMBA_VERSION_RELEASE=11
+SAMBA_VERSION_RELEASE=12
 
 
 # If a official release has a serious bug  #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 98fcfe5..e3da5bf 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,69 @@
==
+   Release Notes for Samba 4.7.11
+  October 23, 2018
+   ==
+
+
+Please note that this will very likely be the last bugfix release of the Samba
+4.7 release series. There will be security fixes only beyond this point.
+
+
+Changes since 4.7.10:
+
+
+o  Paulo Alcantara 
+   * BUG 13578: s3: util: Do not take over stderr when there is no log file.
+
+o  Jeremy Allison 
+   * BUG 13585: s3: smbd: Ensure get_real_filename() copes with empty 
pathnames.
+   * BUG 13633: s3: smbd: Prevent valgrind errors in smbtorture3 POSIX test.
+
+o  Ralph Boehme 
+   * BUG 13549:  Durable Reconnect fails because cookie.allow_reconnect is not
+ set redundant for SMB2.
+
+o  Alexander Bokovoy 
+   * BUG 13539: krb5-samba: Interdomain trust uses different salt principal.
+
+o  Volker Lendecke 
+   * BUG 13362: Fix possible memory leak in the Samba process.
+   * BUG 13441: vfs_fruit: Don't unlink the main file.
+   * BUG 13602: smbd: Fix a memleak in async search ask sharemode.
+
+o  Stefan Metzmacher 
+   * BUG 11517: Fix Samba GPO issue when Trust is enabled.
+   * BUG 13539: samba-tool: Add virtualKerberosSalt attribute to 'user
+ getpassword/syncpasswords'.
+   * BUG 13624: smb2_server: Set req->do_encryption = true earlier.
+
+o  Andreas Schneider 
+   * BUG 12851: s3:winbind: Fix regression.
+
+
+###
+Reporting bugs & Development Discussion
+###
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+==
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==
+
+
+Release notes for older releases follow:
+
+
+   ==
Release Notes for Samba 4.7.10
August 27, 2018
==
@@ -100,8 +165,8 @@ database (https://bugzilla.samba.org/).
 ==
 
 
-Release notes for older releases follow:
-
+--
+
 
=
Release Notes for Samba 4.7.9


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-10-19 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  145b2ee s3:winbind: Fix regression introduced with bso #12851
  from  9885da4 smb2_server: set req->do_encryption = true earlier

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 145b2ee5b0df35d1c1b6a316e04e49a8a5816cee
Author: Andreas Schneider 
Date:   Wed Jun 20 11:38:28 2018 +0200

s3:winbind: Fix regression introduced with bso #12851

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12851

Pair-Programmed-With: Guenther Deschner 
Signed-off-by: Andreas Schneider 
Signed-off-by: Guenther Deschner 
(cherry picked from commit c1c764925e24788905ab91aa455b415765d6f71f)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Fri Oct 19 15:17:27 CEST 2018 on sn-devel-144

---

Summary of changes:
 source3/winbindd/wb_getpwsid.c | 28 ++--
 1 file changed, 10 insertions(+), 18 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/winbindd/wb_getpwsid.c b/source3/winbindd/wb_getpwsid.c
index 0595034..c7cbb53 100644
--- a/source3/winbindd/wb_getpwsid.c
+++ b/source3/winbindd/wb_getpwsid.c
@@ -95,25 +95,17 @@ static void wb_getpwsid_queryuser_done(struct tevent_req 
*subreq)
info->domain_name,
acct_name,
_name);
-   if (NT_STATUS_IS_OK(status)) {
-   output_username = fill_domain_username_talloc(state,
-info->domain_name,
-mapped_name, true);
-   if (output_username == NULL) {
-   tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
-   return;
-   }
+   if (NT_STATUS_IS_OK(status) ||
+   NT_STATUS_EQUAL(status, NT_STATUS_FILE_RENAMED)) {
fstrcpy(acct_name, mapped_name);
-   } else if (NT_STATUS_EQUAL(status, NT_STATUS_FILE_RENAMED)) {
-   fstrcpy(acct_name, mapped_name);
-   } else {
-   output_username = fill_domain_username_talloc(state,
-info->domain_name,
-acct_name, true);
-   if (output_username == NULL) {
-   tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
-   return;
-   }
+   }
+   output_username = fill_domain_username_talloc(state,
+ info->domain_name,
+ acct_name,
+ true);
+   if (output_username == NULL) {
+   tevent_req_nterror(req, NT_STATUS_NO_MEMORY);
+   return;
}
 
strlcpy(pw->pw_name, output_username, sizeof(pw->pw_name));


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-10-10 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  9885da4 smb2_server: set req->do_encryption = true earlier
   via  fcdce95 s4:torture: split smb2.session.expire{1,2} to run with 
signing and encryptpion
  from  1f634f3 s3: smbd: Prevent valgrind errors in smbtorture3 POSIX test.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 9885da4b6645465a3b9020f5d430892c949a8254
Author: Stefan Metzmacher 
Date:   Fri Aug 17 11:35:41 2018 +0200

smb2_server: set req->do_encryption = true earlier

The STATUS_SESSION_EXPIRED error was returned unencrypted,
if the request was encrypted.

If clients use SMB3 encryption and the kerberos authenticated session
expires, clients disconnect the connection instead of doing a 
reauthentication.

From 
https://blogs.msdn.microsoft.com/openspecification/2012/10/05/encryption-in-smb-3-0-a-protocol-perspective/

  The sender encrypts the message if any of the following conditions is
  satisfied:

- If the sender is sending a response to an encrypted request.
- If Session.EncryptData is TRUE and the request or response being
  sent is not NEGOTIATE.
- If Session.EncryptData is FALSE, the request or response being sent
  is not NEGOTIATE or SESSION_SETUP or TREE_CONNECT, and
  .EncryptData is TRUE.

[MS-SMB2] 3.3.4.1.4 Encrypting the Message

 If Connection.Dialect belongs to the SMB 3.x dialect family and
 Connection.ClientCapabilities includes the SMB2_GLOBAL_CAP_ENCRYPTION
 bit, the server MUST encrypt the message before sending, if any of the
 following conditions are satisfied:

 - If the message being sent is any response to a client request for which
   Request.IsEncrypted is TRUE.

 - If Session.EncryptData is TRUE and the response being sent is not
   SMB2_NEGOTIATE or SMB2 SESSION_SETUP.

 - If Session.EncryptData is FALSE, the response being sent is not
   SMB2_NEGOTIATE or SMB2 SESSION_SETUP or SMB2 TREE_CONNECT, and
   Share.EncryptData for the share associated with the TreeId in the SMB2
   header of the response is TRUE.

 The server MUST encrypt the message as specified in section 3.1.4.3,
 before sending it to the client.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13624

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Jeremy Allison 

Autobuild-User(master): Volker Lendecke 
Autobuild-Date(master): Tue Oct  2 14:11:30 CEST 2018 on sn-devel-144

(cherry picked from commit 4ef45e5334d5874f5d0fdc69286b745ebcdc612d)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Wed Oct 10 15:51:31 CEST 2018 on sn-devel-144

commit fcdce95838db67b04ef8c5525fab18e76b78f5a5
Author: Stefan Metzmacher 
Date:   Fri Sep 28 12:23:37 2018 +0200

s4:torture: split smb2.session.expire{1,2} to run with signing and 
encryptpion

This reproduces the problem we have with expired encrypted sessions.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13624

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Jeremy Allison 
(cherry picked from commit 01b868455c9bae309d1ca7ddad54077fc5d7f4b1)

---

Summary of changes:
 source3/smbd/smb2_server.c | 15 -
 source4/torture/smb2/session.c | 50 ++
 2 files changed, 56 insertions(+), 9 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index 177e5ff..af065e9 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -2364,7 +2364,11 @@ NTSTATUS smbd_smb2_request_dispatch(struct 
smbd_smb2_request *req)
 
req->async_internal = false;
req->do_signing = false;
-   req->do_encryption = false;
+   if (opcode != SMB2_OP_SESSSETUP) {
+   req->do_encryption = encryption_desired;
+   } else {
+   req->do_encryption = false;
+   }
req->was_encrypted = false;
if (intf_v->iov_len == SMB2_TF_HDR_SIZE) {
const uint8_t *intf = SMBD_SMB2_IN_TF_PTR(req);
@@ -2388,9 +2392,11 @@ NTSTATUS smbd_smb2_request_dispatch(struct 
smbd_smb2_request *req)
}
 
req->was_encrypted = true;
+   req->do_encryption = true;
}
 
if (encryption_required && !req->was_encrypted) {
+   req->do_encryption = true;
return smbd_smb2_request_error(req,
NT_STATUS_ACCESS_DENIED);
}
@@ -2526,15 +2532,14 @@ NTSTATUS smbd_smb2_request_dispatch(struct 
smbd_smb2_request *req)
encryption_required = true;
}
if (encryption_required && !req->was_encrypted) {

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-10-09 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  1f634f3 s3: smbd: Prevent valgrind errors in smbtorture3 POSIX test.
  from  629466e lib: Hold at most 10 outstanding paged result cookies

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 1f634f328c46ac2dbfccbaf2efa52436299f4a3b
Author: Jeremy Allison 
Date:   Thu Sep 27 14:12:47 2018 -0700

s3: smbd: Prevent valgrind errors in smbtorture3 POSIX test.

Missing fsp talloc free and linked list delete in error
paths in close_directory(). Now matches close_normal_file()
and close_fake_file().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13633

Signed-off-by: Jeremy Allison 
Reviewed-by: Ralph Boehme 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Sat Sep 29 05:32:41 CEST 2018 on sn-devel-144

(cherry picked from commit 660dbfaeff493359474ebdb36098ac49b3f7ba0c)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Tue Oct  9 17:20:22 CEST 2018 on sn-devel-144

---

Summary of changes:
 source3/smbd/close.c | 4 
 1 file changed, 4 insertions(+)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index 095feec..9c9217b 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -1081,6 +1081,8 @@ static NTSTATUS close_directory(struct smb_request *req, 
files_struct *fsp,
if (lck == NULL) {
DEBUG(0, ("close_directory: Could not get share mode lock for "
  "%s\n", fsp_str_dbg(fsp)));
+   close_filestruct(fsp);
+   file_free(req, fsp);
return NT_STATUS_INVALID_PARAMETER;
}
 
@@ -1164,6 +1166,8 @@ static NTSTATUS close_directory(struct smb_request *req, 
files_struct *fsp,
if (!NT_STATUS_IS_OK(status)) {
DEBUG(5, ("delete_all_streams failed: %s\n",
  nt_errstr(status)));
+   close_filestruct(fsp);
+   file_free(req, fsp);
return status;
}
}


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-09-28 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  629466e lib: Hold at most 10 outstanding paged result cookies
   via  5968278 lib: Put "results_store" into a doubly linked list
  from  dccaea5 krb5-samba: interdomain trust uses different salt principal

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 629466ec5662248ffeba1faf7b7e6c9dbf46512f
Author: Volker Lendecke 
Date:   Mon May 7 16:53:00 2018 +0200

lib: Hold at most 10 outstanding paged result cookies

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13362
Signed-off-by: Volker Lendecke 
Reviewed-by: Jeremy Allison 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Tue May 15 09:37:21 CEST 2018 on sn-devel-144

(cherry picked from commit 9fbd4672b06de5333a9c44fc126b8edac0b9d31a)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Fri Sep 28 13:55:34 CEST 2018 on sn-devel-144

commit 59682787ad97674c49c084acd161bb81aacb16b8
Author: Volker Lendecke 
Date:   Mon May 7 16:41:55 2018 +0200

lib: Put "results_store" into a doubly linked list

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13362
Signed-off-by: Volker Lendecke 
Reviewed-by: Jeremy Allison 
(cherry picked from commit 8063995a92fffc93aa9d6d1d92a75bf3f3c9592b)

---

Summary of changes:
 lib/ldb/modules/paged_results.c | 43 -
 1 file changed, 25 insertions(+), 18 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/ldb/modules/paged_results.c b/lib/ldb/modules/paged_results.c
index de014a3..ecb2227 100644
--- a/lib/ldb/modules/paged_results.c
+++ b/lib/ldb/modules/paged_results.c
@@ -35,6 +35,8 @@
 #include "replace.h"
 #include "system/filesys.h"
 #include "system/time.h"
+#include "dlinklist.h"
+#include 
 #include "ldb_module.h"
 
 struct message_store {
@@ -48,14 +50,13 @@ struct message_store {
 struct private_data;
 
 struct results_store {
+   struct results_store *prev, *next;
 
struct private_data *priv;
 
char *cookie;
time_t timestamp;
 
-   struct results_store *next;
-
struct message_store *first;
struct message_store *last;
int num_entries;
@@ -68,6 +69,7 @@ struct results_store {
 
 struct private_data {
uint32_t next_free_id;
+   size_t num_stores;
struct results_store *store;

 };
@@ -75,22 +77,12 @@ struct private_data {
 static int store_destructor(struct results_store *del)
 {
struct private_data *priv = del->priv;
-   struct results_store *loop;
-
-   if (priv->store == del) {
-   priv->store = del->next;
-   return 0;
-   }
+   DLIST_REMOVE(priv->store, del);
 
-   for (loop = priv->store; loop; loop = loop->next) {
-   if (loop->next == del) {
-   loop->next = del->next;
-   return 0;
-   }
-   }
+   assert(priv->num_stores > 0);
+   priv->num_stores -= 1;
 
-   /* is not in list ? */
-   return -1;
+   return 0;
 }
 
 static struct results_store *new_store(struct private_data *priv)
@@ -120,11 +112,23 @@ static struct results_store *new_store(struct 
private_data *priv)
newr->first_ref = NULL;
newr->controls = NULL;
 
-   newr->next = priv->store;
-   priv->store = newr;
+   DLIST_ADD(priv->store, newr);
+
+   assert(priv->num_stores < SIZE_MAX);
+   priv->num_stores += 1;
 
talloc_set_destructor(newr, store_destructor);
 
+   if (priv->num_stores > 10) {
+   struct results_store *last;
+   /*
+* 10 is the default for MaxResultSetsPerConn --
+* possibly need to parameterize it.
+*/
+   last = DLIST_TAIL(priv->store);
+   TALLOC_FREE(last);
+   }
+
return newr;
 }
 
@@ -381,6 +385,8 @@ static int paged_search(struct ldb_module *module, struct 
ldb_request *req)
return LDB_ERR_UNWILLING_TO_PERFORM;
}
 
+   DLIST_PROMOTE(private_data->store, current);
+
ac->store = current;
 
/* check if it is an abandon */
@@ -412,6 +418,7 @@ static int paged_request_init(struct ldb_module *module)
}
 
data->next_free_id = 1;
+   data->num_stores = 0;
data->store = NULL;
ldb_module_set_private(module, data);
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-09-05 Thread Stefan Metzmacher 
The branch, v4-7-test has been updated
   via  dccaea5 krb5-samba: interdomain trust uses different salt principal
   via  b31ba49 testprogs/blackbox: let test_trust_user_account.sh check 
the correct kerberos salt
   via  5f89783 testprogs/blackbox: add testit[_expect_failure]_grep() to 
subunit.sh
   via  fab6d42 samba-tool: add virtualKerberosSalt attribute to 'user 
getpassword/syncpasswords'
   via  f7b9267 s4:selftest: test kinit with the interdomain trust user 
account
   via  38d7e58 libds: rename UF_MACHINE_ACCOUNT_MASK to 
UF_TRUST_ACCOUNT_MASK
   via  17ed5e0 vfs_fruit: Don't unlink the main file
   via  3d8fdc3 torture: Make sure that fruit_ftruncate only unlinks streams
   via  0e8298e s3:smbd: add a comment stating that file_close_user() is 
redundant for SMB2
   via  b7c659a s3:smbd: let session logoff close files and tcons before 
deleting the session
   via  5125304 s3:smbd: reorder tcon global record deletion and closing 
files of a tcon
   via  6a179a5 selftest: add a durable handle test with delayed disconnect
   via  34b4b5b s4:selftest: reformat smb2_s3only list
   via  ada2165 vfs_delay_inject: adding delay to VFS calls
   via  fc3d25b s4:rpc_server/netlogon: don't treet trusted domains as 
primary in LogonGetDomainInfo()
   via  f77ea35 s4:rpc_server/netlogon: make use of talloc_zero_array() for 
the netr_OneDomainInfo array
   via  f73ef35 s4:rpc_server/netlogon: use 
samdb_domain_guid()/dsdb_trust_local_tdo_info() to build our netr_OneDomainInfo 
values
   via  ecffd79 s4:dsdb/common: add samdb_domain_guid() helper function
   via  14a2695 dsdb:util_trusts: add dsdb_trust_local_tdo_info() helper 
function
   via  467e6ae dsdb/util_trusts: domain_dn is an input parameter of 
dsdb_trust_crossref_tdo_info()
   via  8e81aa4 s4:torture/rpc/netlogon: verify the trusted domains output 
of LogonGetDomainInfo()
   via  435e096a s4:torture/rpc/netlogon: assert that 
cli_credentials_get_{workstation,password} don't return NULL
   via  592bdff smbd: Fix a memleak in async search ask sharemode
   via  8f1183d s3: util: Do not take over stderr when there is no log file
  from  1cdf976 s3: smbd: Ensure get_real_filename() copes with empty 
pathnames.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit dccaea50ce57d6718ffd937cc8b97b64c98c0e79
Author: Alexander Bokovoy 
Date:   Fri Feb 16 18:15:28 2018 +0200

krb5-samba: interdomain trust uses different salt principal

Salt principal for the interdomain trust is krbtgt/DOMAIN@REALM where
DOMAIN is the sAMAccountName without the dollar sign ($)

The salt principal for the BLA$ user object was generated wrong.

dn: CN=bla.base,CN=System,DC=w4edom-l4,DC=base
securityIdentifier: S-1-5-21-4053568372-2049667917-3384589010
trustDirection: 3
trustPartner: bla.base
trustPosixOffset: -2147483648
trustType: 2
trustAttributes: 8
flatName: BLA

dn: CN=BLA$,CN=Users,DC=w4edom-l4,DC=base
userAccountControl: 2080
primaryGroupID: 513
objectSid: S-1-5-21-278041429-3399921908-1452754838-1597
accountExpires: 9223372036854775807
sAMAccountName: BLA$
sAMAccountType: 805306370
pwdLastSet: 131485652467995000

The salt stored by Windows in the package_PrimaryKerberosBlob
(within supplementalCredentials) seems to be
'W4EDOM-L4.BASEkrbtgtBLA' for the above trust
and Samba stores 'W4EDOM-L4.BASEBLA$'.

While the salt used when building the keys from
trustAuthOutgoing/trustAuthIncoming is
'W4EDOM-L4.BASEkrbtgtBLA.BASE', which we handle correct.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13539

Pair-Programmed-With: Stefan Metzmacher 

Signed-off-by: Alexander Bokovoy 
Signed-off-by: Stefan Metzmacher 
Reviewed-by: Andrew Bartlett 

Autobuild-User(master): Andrew Bartlett 
Autobuild-Date(master): Wed Sep  5 03:57:22 CEST 2018 on sn-devel-144

(cherry picked from commit f3e349bebc443133fdbe4e14b148ca8db8237060)

Autobuild-User(v4-7-test): Stefan Metzmacher 
Autobuild-Date(v4-7-test): Wed Sep  5 18:44:46 CEST 2018 on sn-devel-144

commit b31ba498125995dcb67451e4cb28cc27f9e799ed
Author: Stefan Metzmacher 
Date:   Tue Sep 4 10:53:52 2018 +0200

testprogs/blackbox: let test_trust_user_account.sh check the correct 
kerberos salt

This demonstrates the bug we currently have.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13539

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Andrew Bartlett 
(cherry picked from commit 1b31fa62567ec549e32c9177b322cfbfb3b6ec1a)

commit 5f8978321fea94bab94810bda4ea4b16928fd150
Author: Stefan Metzmacher 
Date:   Tue Sep 4 10:38:44 2018 +0200

testprogs/blackbox: add testit[_expect_failure]_grep() to subunit.sh

BUG:

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-08-29 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  1cdf976 s3: smbd: Ensure get_real_filename() copes with empty 
pathnames.
  from  b9b4e96 VERSION: Bump version up to 4.7.9...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 1cdf976a530f1e47b54837a41e141053f4b68d97
Author: Jeremy Allison 
Date:   Tue Aug 21 12:05:34 2018 -0700

s3: smbd: Ensure get_real_filename() copes with empty pathnames.

Needed for vfs_glusterfs, as Gluster requires "." not '\0'.

Based on a fix from Anoop C S 

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13585

Signed-off-by: Jeremy Allison 
Reviewed-by: Ira Cooper 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Wed Aug 22 21:50:41 CEST 2018 on sn-devel-144

(cherry picked from commit 9c71f61ed8a31d287d343d4f2e68cb40c57a2b89)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Wed Aug 29 14:00:12 CEST 2018 on sn-devel-144

---

Summary of changes:
 source3/smbd/filename.c | 5 +
 1 file changed, 5 insertions(+)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/filename.c b/source3/smbd/filename.c
index 1186918..4d79ea1 100644
--- a/source3/smbd/filename.c
+++ b/source3/smbd/filename.c
@@ -1443,6 +1443,11 @@ int get_real_filename(connection_struct *conn, const 
char *path,
int ret;
bool mangled;
 
+   /* handle null paths */
+   if ((path == NULL) || (*path == 0)) {
+   path = ".";
+   }
+
mangled = mangle_is_mangled(name, conn->params);
 
if (mangled) {


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-08-27 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  b9b4e96 VERSION: Bump version up to 4.7.9...
   via  2ec3c4d VERSION: Disable GIT_SNAPSHOT for the 4.7.10 release.
   via  eb1028b WHATSNEW: Add release notes for Samba 4.7.10.
  from  b21740a torture: Demonstrate the invalid lock order panic

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit b9b4e96dc4ae0d445f73eaf8d48579bba0c29cfe
Author: Karolin Seeger 
Date:   Mon Aug 27 09:51:59 2018 +0200

VERSION: Bump version up to 4.7.9...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger 

commit 2ec3c4dc3475cac330de3f3d59e39ae42d5f12a8
Author: Karolin Seeger 
Date:   Mon Aug 27 09:51:10 2018 +0200

VERSION: Disable GIT_SNAPSHOT for the 4.7.10 release.

Signed-off-by: Karolin Seeger 

commit eb1028bd49be784ee02ad26a4aa5ea1f77ab810b
Author: Karolin Seeger 
Date:   Mon Aug 27 09:50:08 2018 +0200

WHATSNEW: Add release notes for Samba 4.7.10.

Signed-off-by: Karolin Seeger 

---

Summary of changes:
 VERSION  |   2 +-
 WHATSNEW.txt | 109 +--
 2 files changed, 108 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index 96ac5db..a9c988c 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=7
-SAMBA_VERSION_RELEASE=10
+SAMBA_VERSION_RELEASE=11
 
 
 # If a official release has a serious bug  #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index c812417..98fcfe5 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,108 @@
+   ==
+   Release Notes for Samba 4.7.10
+   August 27, 2018
+   ==
+
+
+This is the latest stable release of the Samba 4.7 release series.
+
+
+Changes since 4.7.9:
+
+
+o  Jeremy Allison 
+   * BUG 13474: python: pysmbd: Additional error path leak fix.
+   * BUG 13511: libsmbclient: Initialize written value before use.
+   * BUG 13527: s3: libsmbclient: Fix cli_splice() fallback when reading less
+ than a complete file.
+   * BUG 13537: Using "sendfile = yes" with SMB2 can cause CPU spin.
+
+o  Jeffrey Altman 
+   * BUG 11573: heimdal: lib/krb5: Do not fail set_config_files due to parse
+ error.
+
+o  Andrew Bartlett 
+   * BUG 13519: ldb: Refuse to build Samba against a newer minor version of
+ ldb.
+
+o  Bailey Berro 
+   * BUG 13511: libsmbclient: Initialize written in cli_splice_fallback().
+
+o  Alexander Bokovoy 
+   * BUG 13538: samba-tool trust: Support discovery via netr_GetDcName.
+
+o  Ralph Boehme 
+   * BUG 13318: Durable Handles reconnect fails in a cluster when the cluster
+ fs uses different device ids.
+   * BUG 13351: s3: smbd: Always set vuid in check_user_ok().
+   * BUG 13505: lib: smb_threads: Fix access before init bug.
+   * BUG 13535: s3: smbd: Fix path check in
+ smbd_smb2_create_durable_lease_check().
+   * BUG 13451: Fail renaming file if that file has open streams.
+
+o  Günther Deschner 
+   * BUG 13437: Fix building Samba with gcc 8.1.
+
+o  David Disseldorp 
+   * BUG 13506: vfs_ceph: Don't lie about flock support.
+   * BUG 13540: Fix deadlock with ctdb_mutex_ceph_rados_helper.
+
+o  Volker Lendecke 
+   * BUG 13195: g_lock: Fix lock upgrades.
+   * BUG 13584: vfs_fruit: Fix a panic if fruit_access_check detects a locking
+ conflict.
+
+o  Gary Lockyer 
+   * BUG 13536: The current position in the dns name was not advanced past the
+ '.' character.
+
+o  Stefan Metzmacher 
+   * BUG 13308: samba-tool domain trust: Fix trust compatibility to Windows
+ Server 1709 and FreeIPA.
+
+o  Christof Schmitt 
+   * BUG 13478: krb5_wrap: Fix keep_old_entries logic for older kerberos
+ libraries.
+
+o  Andreas Schneider 
+   * BUG 13437: Fix building Samba with gcc 8.1.
+
+o  Martin Schwenke 
+   * BUG 13499: Don't use CTDB_BROADCAST_VNNMAP.
+   * BUG 13500: ctdb-daemon: Only consider client ID for local database attach.
+
+o  Karolin Seeger 
+   * BUG 13499: s3/notifyd.c: Rename CTDB_BROADCAST_VNNMAP to
+ CTDB_BROADCAST_ACTIVE.
+
+o  Ralph Wuerthner 
+   * BUG 13568: vfs_time_audit: Fix handling of token_blob in
+ smb_time_audit_offload_read_recv().
+
+
+###
+Reporting bugs & Development Discussion
+###
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-08-23 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  b21740a torture: Demonstrate the invalid lock order panic
   via  8ef80a0 vfs_fruit: Fix a leak of "br_lck"
   via  a73d973 selftest: Load time_audit and full_audit modules for all 
tests
   via  0470afa s3: vfs: time_audit: fix handling of token_blob in 
smb_time_audit_offload_read_recv()
   via  a329764 g_lock: Fix lock upgrades
   via  cc4eed2 torture3: Extend the g_lock6 test to also cover upgrades
   via  72a4177 torture3: add LOCAL-G-LOCK6 test
  from  50b081a selftest: subunithelper needs to follow the subunit spec 
more closely

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit b21740a25ac098735fbf27ae4d6063885405a977
Author: Volker Lendecke 
Date:   Mon Aug 6 14:35:15 2018 +0200

torture: Demonstrate the invalid lock order panic

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13584

Signed-off-by: Volker Lendecke 
Reviewed-by: Jeremy Allison 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Tue Aug 21 02:33:05 CEST 2018 on sn-devel-144

(cherry picked from commit ec3c37ee53f21d8c0e80b1d3b3d7e95a4ac8e0bc)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Thu Aug 23 15:48:56 CEST 2018 on sn-devel-144

commit 8ef80a001b961309d820a61404d41e23bef9ad1c
Author: Volker Lendecke 
Date:   Mon Aug 6 14:33:34 2018 +0200

vfs_fruit: Fix a leak of "br_lck"

Fix a panic if fruit_access_check detects a locking conflict.

do_lock() returns a valid br_lck even in case of a locking conflict.
Not free'ing it leads to a invalid lock order panic later, because
"br_lck" corresponds to a dbwrap lock on brlock.tdb.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13584

Signed-off-by: Volker Lendecke 
Reviewed-by: Jeremy Allison 
(cherry picked from commit 51d57073798f76ec4f1261945e0ba779b2530009)

commit a73d973f0869fb92723bf5acf86a9eaf4029
Author: Christof Schmitt 
Date:   Fri Aug 10 10:38:28 2018 -0700

selftest: Load time_audit and full_audit modules for all tests

Previously the only test was to load these modules to trigger the
smb_vfs_assert_all_fns check. As these modules just pass through the
calls, they can be loaded for all tests to ensure that the codepaths are
exercised. This would have found the problem in
smb_time_audit_offload_read_recv.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13568

Signed-off-by: Christof Schmitt 
Reviewed-by: Jeremy Allison 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Mon Aug 13 22:35:20 CEST 2018 on sn-devel-144

(cherry picked from commit a98f09a09db2fc7be85f9171b586e65344a39e92)

commit 0470afae4398c2bae388dd30d31d85bd6cf469c9
Author: Ralph Wuerthner 
Date:   Wed Aug 8 17:42:18 2018 +0200

s3: vfs: time_audit: fix handling of token_blob in 
smb_time_audit_offload_read_recv()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13568

Signed-off-by: Ralph Wuerthner 
Reviewed-by: Christof Schmitt 
Reviewed-by: Jeremy Allison 
(cherry picked from commit 4909b966050c921b0a6a32285fee55f5f14dc3ff)

commit a3297648fa049471cc6b3767e34d9b8731473bd9
Author: Volker Lendecke 
Date:   Tue Aug 14 14:31:01 2018 +0200

g_lock: Fix lock upgrades

Master has changed significantly, this is a minimum fix for 4.7 without
cleaning up the code

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13195

Signed-off-by: Volker Lendecke 
Reviewed-by: Stefan Metzmacher 

commit cc4eed27367822c1829778cb0599c962b54e17f6
Author: Volker Lendecke 
Date:   Tue Aug 14 13:54:56 2018 +0200

torture3: Extend the g_lock6 test to also cover upgrades

The fixes for #13195 were incomplete and did not cover upgrades
properly. It's all gone in master with the new code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13195

Signed-off-by: Volker Lendecke 
Reviewed-by: Stefan Metzmacher 

commit 72a417741bf90b1a20e4d28cf720d43a3a358d03
Author: Stefan Metzmacher 
Date:   Wed Dec 20 09:44:40 2017 +0100

torture3: add LOCAL-G-LOCK6 test

This is a regression test for bug #13195.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13195

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Volker Lendecke 

---

Summary of changes:
 selftest/target/Samba3.pm|  12 +--
 source3/lib/g_lock.c |   4 +
 source3/modules/vfs_fruit.c  |  24 --
 source3/modules/vfs_time_audit.c |  12 +--
 source3/selftest/tests.py|   1 +
 source3/torture/proto.h  |   1 +
 source3/torture/test_g_lock.c| 168 +++
 source3/torture/torture.c|   1 +
 source4/torture/vfs/fruit.c

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-08-21 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  50b081a selftest: subunithelper needs to follow the subunit spec 
more closely
   via  9dcded3 unittests.lib_util_modules: test module probe with "skel", 
not "unix"
   via  cfcee58 ctdb: add expiry test for ctdb_mutex_ceph_rados_helper
   via  0056094 ctdb_mutex_ceph_rados_helper: fix deadlock via lock renewals
   via  3ec4c73 ctdb_mutex_ceph_rados_helper: rename timer_ev to 
ppid_timer_ev
   via  05295db ctdb_mutex_ceph_rados_helper: use talloc destructor for 
cleanup
   via  8c16413 ctdb_mutex_ceph_rados_helper: Set SIGINT signal handler
   via  a18bcf2 ctdb/build: link ctdb_mutex_ceph_rados_helper against 
ceph-common
  from  fe6886e VERSION: Bump version up to 4.7.10.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 50b081a609e03cd6cfda89ffb78c14ba1cbccdbc
Author: Douglas Bagnall 
Date:   Thu Feb 22 12:46:47 2018 +1300

selftest: subunithelper needs to follow the subunit spec more closely

In particular allow ]\n without \n]\n as used by cmocka

Signed-off-by: Douglas Bagnall 
Reviewed-by: Andrew Bartlett 
(cherry picked from commit 7d79575de8e47a0ce03e30c3ea84176be696269f)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Tue Aug 21 16:10:23 CEST 2018 on sn-devel-144

commit 9dcded330bfaa473f960cf33f50df9598cbe457f
Author: Douglas Bagnall 
Date:   Thu Feb 22 11:26:00 2018 +1300

unittests.lib_util_modules: test module probe with "skel", not "unix"

The unix module is not available as a module on some systems.

Signed-off-by: Douglas Bagnall 
Reviewed-by: Andrew Bartlett 
(cherry picked from commit cb5f1f3b262467faba59b3b323e240d1351d5fc0)

commit cfcee58488410feb9901ba6e5e26efaeee847e1a
Author: David Disseldorp 
Date:   Fri Jul 20 17:20:08 2018 +0200

ctdb: add expiry test for ctdb_mutex_ceph_rados_helper

Kill the ctdb_mutex_ceph_rados_helper with SIGKILL and then confirm
that the lock is automatically released following expiry.

Signed-off-by: David Disseldorp 
Reviewed-by: Samuel Cabrero 
Reviewed-by: Amitay Isaacs 

Autobuild-User(master): David Disseldorp 
Autobuild-Date(master): Thu Aug  9 16:26:36 CEST 2018 on sn-devel-144

(cherry picked from commit 4abf348ec4cbb78d3216d5e8c5f3020d4499f10a)

commit 0056094519166614c7c6d6f0851ea183d54f8721
Author: David Disseldorp 
Date:   Thu Jul 19 11:55:23 2018 +0200

ctdb_mutex_ceph_rados_helper: fix deadlock via lock renewals

RADOS locks without expiry persist indefinitely. This results in CTDB
deadlock during failover if the recovery master dies unexpectedly, as
subsequently elected recovery master nodes can't obtain the recovery
lock.
Avoid deadlock by using a lock expiration time (10s by default), and
renewing it periodically.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13540

Signed-off-by: David Disseldorp 
Reviewed-by: Samuel Cabrero 
Reviewed-by: Amitay Isaacs 
(cherry picked from commit ce289e89e5c469cf2c5626dc7f2666b945dba3bd)

commit 3ec4c73a53ec8a9d7d73aad3c88b86e73cbb07fc
Author: David Disseldorp 
Date:   Tue Jul 17 23:36:36 2018 +0200

ctdb_mutex_ceph_rados_helper: rename timer_ev to ppid_timer_ev

In preparation for adding a lock refresh timer.

Signed-off-by: David Disseldorp 
Reviewed-by: Samuel Cabrero 
Reviewed-by: Amitay Isaacs 
(cherry picked from commit 91a89c146453ca203a83dc2ba555bb93276c4d7f)

commit 05295db70482c35d58ef4a9d541b3ff508769af6
Author: David Disseldorp 
Date:   Thu Jul 19 18:46:27 2018 +0200

ctdb_mutex_ceph_rados_helper: use talloc destructor for cleanup

Signed-off-by: David Disseldorp 
Reviewed-by: Samuel Cabrero 
Reviewed-by: Amitay Isaacs 
(cherry picked from commit 8d30fd591600ac17c742cd78c7bc4056bba6b877)

commit 8c16413f6497615e9deaff0199cc734b679e3b1d
Author: Samuel Cabrero 
Date:   Fri Jun 15 18:15:53 2018 +0200

ctdb_mutex_ceph_rados_helper: Set SIGINT signal handler

Set a handler for SIGINT to release the lock.

Signed-off-by: Samuel Cabrero 
Reviewed-by: David Disseldorp 
Reviewed-by: Amitay Isaacs 
(cherry picked from commit 85706bd27535eaa4ec653f99b1910fbd8f2aab88)

commit a18bcf23a265b71fa88e1963ea23dfd26beaaec3
Author: David Disseldorp 
Date:   Mon Jul 9 14:53:00 2018 +0200

ctdb/build: link ctdb_mutex_ceph_rados_helper against ceph-common

ceph-common linkage is needed with new versions of Ceph.
Also respect the --libcephfs_dir= parameter when provided.

Signed-off-by: David Disseldorp 
Reviewed-by: Amitay Isaacs 
(cherry picked from commit bd64af6b8861f892e6ae2840a493f037d1e0a06c)

---

Summary of changes:

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-08-14 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  fe6886e VERSION: Bump version up to 4.7.10.
   via  764141d Merge tag 'samba-4.7.9' into v4-7-test
   via  3e5da7e VERSION: Disable GIT_SNAPSHOT for the 4.7.9 release.
   via  36ad973 WHATSNEW: Add release notes for Samba 4.7.9.
   via  9ff1d90 CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 
when it is disabled via "ntlm auth".
   via  cd2e11d CVE-2018-1139 selftest: verify whether ntlmv1 can be used 
via SMB1 when it is disabled.
   via  304ad86 CVE-2018-1139 s3-utils: use enum ntlm_auth_level in 
ntlm_password_check().
   via  29f2fe7 CVE-2018-1139 libcli/auth: fix debug messages in 
hash_password_check()
   via  a5fe27c CVE-2018-1139 libcli/auth: Add initial tests for 
ntlm_password_check()
   via  b2a68d6 selftest/tests.py: remove always-needed, never-set 
with_cmocka flag
   via  e0bb0b6 CVE-2018-10919 tests: Add extra test for dirsync deleted 
object corner-case
   via  9b17ce9 CVE-2018-10919 acl_read: Fix unauthorized attribute access 
via searches
   via  717bde3 CVE-2018-10919 acl_read: Flip the logic in the dirsync check
   via  df6c1db CVE-2018-10919 acl_read: Small refactor to 
aclread_callback()
   via  e95c621 CVE-2018-10919 acl_read: Split access_mask logic out into 
helper function
   via  ddd6279 CVE-2018-10919 tests: test ldap searches for non-existent 
attributes.
   via  1594cad CVE-2018-10919 security: Fix checking of object-specific 
CONTROL_ACCESS rights
   via  938a55c CVE-2018-10919 tests: Add test case for object visibility 
with limited rights
   via  49920e7 CVE-2018-10919 tests: Add tests for guessing confidential 
attributes
   via  81865e8 CVE-2018-10919 security: Add more comments to the 
object-specific access checks
   via  12f97f9 CVE-2018-10919 security: Move object-specific access checks 
into separate function
   via  49d940f CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) 
when not servicePrincipalName is set on a user
   via  011d25d CVE-2018-10858: libsmb: Harden smbc_readdir_internal() 
against returns from malicious servers.
   via  02db55b CVE-2018-10858: libsmb: Ensure smbc_urlencode() can't 
overwrite passed in buffer.
   via  9cf4b08 VERSION: Bump version up to 4.7.9...
  from  a431bdf s3: smbd: Fix AIX sendfile() for SMB2. Ensure we don't spin 
on EAGAIN.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit fe6886ee4d0ff66ddd21f777e176fdc6a323646b
Author: Karolin Seeger 
Date:   Tue Aug 14 12:18:43 2018 +0200

VERSION: Bump version up to 4.7.10.

Signed-off-by: Karolin Seeger 

commit 764141d4f4d1d253f6cbabf60e32a9e98d7a0f45
Merge: a431bdf 3e5da7e
Author: Karolin Seeger 
Date:   Tue Aug 14 12:18:19 2018 +0200

Merge tag 'samba-4.7.9' into v4-7-test

samba: tag release samba-4.7.9

---

Summary of changes:
 VERSION|2 +-
 WHATSNEW.txt   |   83 +-
 libcli/auth/ntlm_check.c   |   10 +-
 libcli/auth/tests/ntlm_check.c |  413 ++
 libcli/auth/wscript_build  |   13 +
 libcli/security/access_check.c |  110 ++-
 selftest/knownfail |3 +-
 selftest/tests.py  |   20 +-
 source3/libsmb/libsmb_dir.c|   57 +-
 source3/libsmb/libsmb_path.c   |9 +-
 source3/selftest/tests.py  |2 +-
 source3/utils/ntlm_auth.c  |6 +-
 source4/dsdb/samdb/cracknames.c|8 +-
 source4/dsdb/samdb/ldb_modules/acl_read.c  |  331 +++-
 source4/dsdb/tests/python/acl.py   |   68 ++
 source4/dsdb/tests/python/confidential_attr.py | 1025 
 source4/dsdb/tests/python/ldap.py  |9 +
 source4/selftest/tests.py  |3 +
 source4/torture/drs/python/cracknames.py   |   38 +
 19 files changed, 2117 insertions(+), 93 deletions(-)
 create mode 100644 libcli/auth/tests/ntlm_check.c
 create mode 100755 source4/dsdb/tests/python/confidential_attr.py


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index b3be468..96ac5db 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=7
-SAMBA_VERSION_RELEASE=9
+SAMBA_VERSION_RELEASE=10
 
 
 # If a official release has a serious bug  #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 54a9398..c812417 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,83 @@
=
+   Release Notes for Samba

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-07-28 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  a431bdf s3: smbd: Fix AIX sendfile() for SMB2. Ensure we don't spin 
on EAGAIN.
   via  7bf1568 s3: smbd: Fix FreeBSD sendfile() for SMB2. Ensure we don't 
spin on EAGAIN.
   via  adb7d6a s3: smbd: Fix HPUX sendfile() for SMB2. Ensure we don't 
spin on EAGAIN.
   via  2c58fbd s3: smbd: Fix Solaris sendfile() for SMB2. Ensure we don't 
spin on EAGAIN.
   via  c166fa0 s3: smbd: Fix Linux sendfile() for SMB2. Ensure we don't 
spin on EAGAIN.
   via  2bc9c4d dns wildcards: fix BUG 13536
   via  c6d9862 dns wildcards: tests to confirm BUG 13536
   via  066ba51 s3: smbd: fix path check in 
smbd_smb2_create_durable_lease_check()
   via  0c37304 s4: torture: run test_durable_v2_open_reopen2_lease() in a 
subdirectory
   via  80c7e28 s3: libsmbclient: Fix cli_splice() fallback when reading 
less than a complete file.
   via  a7783f5 s3: torture: Test SMB1 cli_splice() fallback path when 
doing a non-full file splice.
   via  6cf5809 docs/vfs_ceph: add CTDB_SAMBA_SKIP_SHARE_CHECK=yes caveat
   via  be42bf4 vfs_ceph: don't lie about flock support
   via  5bfa46c ldb: Refuse to build Samba against a newer minor version of 
ldb
   via  7658ffc samba-tool trust: support discovery via netr_GetDcName
   via  a500e04 s3:selftest: run rpc.lsa.lookupsids also with explicit 
[smb1] and [smb2]
   via  3aaaeb9 s4:librpc: autonegotiate SMB1/2/3
   via  882db91 python/tests: use explicit "client ipc max protocol = NT1" 
for samba.tests.net_join_no_spnego
   via  80a0c49 tests/auth_log: Permit SMB2 service description if empty 
binding is used for kerberos authentication
   via  0af5606 s4:libcli: add smb_connect_nego_{send,recv}()
   via  faa5c60 s4:libcli: allow a fallback to NTLMSSP if SPNEGO is not 
supported locally
   via  73f0518 s4:libcli: add fallback_to_anonymous to smb2_connect_send()
   via  b2e0a78 s4:libcli: allow passing an already negotiated connection 
to smb2_connect_send()
   via  384a61f s4:libcli: split out smb2_connect_session_start()
   via  630b5b9 s4:libcli: add smb2_transport_raw_init()
   via  139ee19 s4:libcli: allow passing an already negotiated connection 
to smb_composite_connect()
   via  5bed1ef s4:libcli: use talloc_zero() for struct 
smb_composite_connect in fetchfile.c
   via  7ee0293 s4:libcli: add smbcli_transport_raw_init()
   via  b2a3582 s4:libcli: split out smb_raw_negotiate_fill_transport()
   via  3f03c9a librpc: add binding handle support for [smb1]
  from  5260dbc s3: smbd: always set vuid in check_user_ok()

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit a431bdf08fdad479471bbb2ab0cf86c595260d23
Author: Jeremy Allison 
Date:   Wed Jul 18 15:49:29 2018 -0700

s3: smbd: Fix AIX sendfile() for SMB2. Ensure we don't spin on EAGAIN.

For SMB2 the socket is set non-blocking. Ensure sendfile()
calls complete if they return EAGAIN by saving the socket state,
setting it blocking, doing the sendfile until completion and then
restoring the socket state.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13537

Signed-off-by: Jeremy Allison 
Reviewed-by: Volker Lendecke 

Autobuild-User(master): Volker Lendecke 
Autobuild-Date(master): Fri Jul 20 15:14:24 CEST 2018 on sn-devel-144

(cherry picked from commit 582ce5d6b599516d6d8d619529a2aa809139a175)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Sat Jul 28 10:57:39 CEST 2018 on sn-devel-144

commit 7bf15686b60c35c853ae469906baa7d5ed51e4b7
Author: Jeremy Allison 
Date:   Wed Jul 18 15:44:34 2018 -0700

s3: smbd: Fix FreeBSD sendfile() for SMB2. Ensure we don't spin on EAGAIN.

For SMB2 the socket is set non-blocking. Ensure sendfile()
calls complete if they return EAGAIN by saving the socket state,
setting it blocking, doing the sendfile until completion and then
restoring the socket state.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13537

Signed-off-by: Jeremy Allison 
Reviewed-by: Volker Lendecke 
(cherry picked from commit 456e520a3be7e4b54f1f144324c3671b8f6e35ea)

commit adb7d6a1f465dcf39e68cdaa3980a0bf65ca35b4
Author: Jeremy Allison 
Date:   Wed Jul 18 15:36:47 2018 -0700

s3: smbd: Fix HPUX sendfile() for SMB2. Ensure we don't spin on EAGAIN.

For SMB2 the socket is set non-blocking. Ensure sendfile()
calls complete if they return EAGAIN by saving the socket state,
setting it blocking, doing the sendfile until completion and then
restoring the socket state.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13537

Signed-off-by: Jeremy Allison 
Reviewed-by: Volker Lendecke 
(cherry picked from commit d222caa449d9c00bb2dd9da6c79ea509960d47c6)

commit 2c58fbdec214d33561e1d1ddad5724d36cfc07f2

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-07-26 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  5260dbc s3: smbd: always set vuid in check_user_ok()
  from  50e4615 s3: smbd/durable: remove dev and inode check from 
vfs_default_durable_reconnect_check_stat()

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 5260dbc6e380762a83ef98fa68b058030204ddb7
Author: Ralph Boehme 
Date:   Thu Mar 22 08:03:58 2018 +0100

s3: smbd: always set vuid in check_user_ok()

A SMB session reauth will have invalidated conn->vuid via
conn_clear_vuid_caches().

Ensure conn->vuid always has the vuid of the current user in
check_user_ok().

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13351

Signed-off-by: Ralph Boehme 
Reviewed-by: Stefan Metzmacher 

Autobuild-User(master): Ralph Böhme 
Autobuild-Date(master): Thu Mar 22 18:26:04 CET 2018 on sn-devel-144

(cherry picked from commit 42d6dd2f30b6c3b3176bd1f378422a2eb62b1008)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Thu Jul 26 10:54:01 CEST 2018 on sn-devel-144

---

Summary of changes:
 source3/smbd/uid.c | 2 ++
 1 file changed, 2 insertions(+)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/uid.c b/source3/smbd/uid.c
index 6eb5392..b24ae3c 100644
--- a/source3/smbd/uid.c
+++ b/source3/smbd/uid.c
@@ -202,6 +202,7 @@ static bool check_user_ok(connection_struct *conn,
conn->session_info = ent->session_info;
conn->read_only = ent->read_only;
conn->share_access = ent->share_access;
+   conn->vuid = ent->vuid;
return(True);
}
}
@@ -250,6 +251,7 @@ static bool check_user_ok(connection_struct *conn,
ent->share_access = share_access;
free_conn_session_info_if_unused(conn);
conn->session_info = ent->session_info;
+   conn->vuid = ent->vuid;
if (vuid == UID_FIELD_INVALID) {
/*
 * Not strictly needed, just make it really


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-07-12 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  50e4615 s3: smbd/durable: remove dev and inode check from 
vfs_default_durable_reconnect_check_stat()
   via  449d166 libsmbclient: Initialize written in cli_splice_fallback()
   via  956d7c7 libsmbclient: Initialize written value before use.
   via  6699ce8 lib: smb_threads: fix access before init bug
   via  c93357b python: pysmbd: Additional error path leak fix.
   via  ab45387 s3:smbd: don't allow renaming basefile if streams are open
   via  279fa62 s3:locking: add file_has_open_streams()
   via  2da420e s3:smbd: add private option 
NTCREATEX_OPTIONS_PRIVATE_STREAM_BASEOPEN
   via  ab32e7a s4:torture/vfs/fruit: adjust test testing basefile rename 
to expect failure
   via  7d0b1fd s4:torture/smb2/streams: try to rename basefile while is 
has open streams
   via  7f84f9f selftest: run smb2.streams tests against a share with 
vfs_streams_xattr
   via  0a3ba68 vfs_fruit: delete 0 byte size streams if AAPL is enabled
   via  1a500df s4:torture: test setting EOF of a stream to 0 with enabled 
AAPL extensions
   via  c5ed2b3 s4:torture/vfs/fruit: decrease large resource fork size in 
test from 1 GB to 64 MB
  from  58403cb s3/notifyd.c: Rename CTDB_BROADCAST_VNNMAP to 
CTDB_BROADCAST_ACTIVE.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 50e461549f456959caee56fdea92a73a67c9040e
Author: Ralph Boehme 
Date:   Fri Mar 2 15:50:29 2018 +0100

s3: smbd/durable: remove dev and inode check from 
vfs_default_durable_reconnect_check_stat()

On a cluster filesystem the device numbers may differ on the cluster
nodes. We already verify the file_id in vfs_default_durable_reconnect(),
so we can safely remove the dev/inode checks.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13318

Signed-off-by: Ralph Boehme 
Reviewed-by: Jeremy Allison 
(cherry picked from commit 0a91ade5272698c094137fa28d2ad4723b5963cf)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Thu Jul 12 17:47:34 CEST 2018 on sn-devel-144

commit 449d166537174e75596fcc84a0732dcd5ee8226c
Author: Bailey Berro 
Date:   Tue Jun 26 13:13:39 2018 -0700

libsmbclient: Initialize written in cli_splice_fallback()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13511

Signed-off-by: Bailey Berro 
Reviewed-by: David Mulder 
Reviewed-by: Jeremy Allison 
Reviewed-by: David Disseldorp 

Autobuild-User(master): David Disseldorp 
Autobuild-Date(master): Mon Jul  9 21:29:48 CEST 2018 on sn-devel-144

(cherry picked from commit fe25bc793d30a64f06b19f737c652b0c7389ca92)

commit 956d7c7a3cd506a85efb1a5ece09e8698b150167
Author: Jeremy Allison 
Date:   Fri Jul 6 11:46:44 2018 -0700

libsmbclient: Initialize written value before use.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13511

Signed-off-by: Jeremy Allison 
Reviewed-by: David Disseldorp 
(cherry picked from commit 2e4878a69a62fb59d843ee53a1a9469b987e3a59)

commit 6699ce8ec32205969aafe964779959295eb87098
Author: Ralph Boehme 
Date:   Tue Jul 3 15:30:33 2018 +0200

lib: smb_threads: fix access before init bug

talloc_stackframe_internal() calls SMB_THREAD_GET_TLS(global_ts)  which
calls smb_get_tls_pthread() in the POSIX pthread wrapper implementation.

If SMB_THREAD_SET_TLS() hasn't been called before, global_ts is NULL and
smb_get_tls_pthread dereferences it so it crashes.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13505

Signed-off-by: Ralph Boehme 
Reviewed-by: Andreas Schneider 
(cherry picked from commit e311801e0e7171a2b50e39d3e0c2d2137f8b3d7e)

commit c93357b78a61895089d0aac31e18d83fc427bab8
Author: Jeremy Allison 
Date:   Wed Jul 11 15:23:09 2018 -0700

python: pysmbd: Additional error path leak fix.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13474

Signed-off-by: Jeremy Allison 

commit ab453876876f5843df4ebb01b10245748500a405
Author: Ralph Boehme 
Date:   Sat May 26 18:32:21 2018 +0200

s3:smbd: don't allow renaming basefile if streams are open

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13451

Signed-off-by: Ralph Boehme 
Reviewed-by: Jeremy Allison 
(cherry picked from commit 465b7d07e5db787c3d6330371e5e42ecbb1b57b9)

commit 279fa62a634ac7fc0e926a201cb7f547f4a2c1c2
Author: Ralph Boehme 
Date:   Sun May 27 13:03:25 2018 +0200

s3:locking: add file_has_open_streams()

This can be used to check if a file opened by fsp also has stream opens.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13451

Signed-off-by: Ralph Boehme 
Reviewed-by: Jeremy Allison 
(cherry picked from commit dd8cf54c79fe8536e34cde15801d60931cd47b8b)

commit 2da420e9f21772b8f544f25cc681fd6645a12823
Author: Ralph Boehme 
Date:   Sun May 27

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-07-09 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  58403cb s3/notifyd.c: Rename CTDB_BROADCAST_VNNMAP to 
CTDB_BROADCAST_ACTIVE.
   via  516448f ctdb-tests: Avoid segfault by initializing logging
   via  bea8c19 ctdb-tests: Avoid segfault by initializing logging
   via  5f0ba9c ctdb-pmda: Use modified API in pcp library 4.0
   via  66d36b3 socket_wrapper: Add missing dependency on tirpc
   via  7fd58cb ctdb-daemon: Only consider client ID for local database 
attach
   via  b521f79 ctdb-docs: Fix the documentation for VNN map
   via  99d490d ctdb-server: Rename CTDB_BROADCAST_VNNMAP -> 
CTDB_BROADCAST_ACTIVE
   via  9352dd5 ctdb-tests: Add a simple test for database traverses
   via  93c09bd ctdb-tests: Add check for non-lmaster node status in 
integration tests
  from  e728f9f s4:kcc: Add a NULL check before qsort()

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 58403cb7053d8f0131e2780deb004ae094aa2d5c
Author: Karolin Seeger 
Date:   Fri Jul 6 12:38:02 2018 +0200

s3/notifyd.c: Rename CTDB_BROADCAST_VNNMAP to CTDB_BROADCAST_ACTIVE.

This fixes the build. Was introduced by a fix for
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13499.

Signed-off-by: Karolin Seeger 

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Mon Jul  9 17:29:44 CEST 2018 on sn-devel-144

commit 516448f203ea4fa721656fe7c92172ba9bdb44a9
Author: Amitay Isaacs 
Date:   Thu Jul 5 13:40:33 2018 +1000

ctdb-tests: Avoid segfault by initializing logging

This is in addition to af697008531.

Signed-off-by: Amitay Isaacs 
Reviewed-by: Martin Schwenke 

Autobuild-User(master): Martin Schwenke 
Autobuild-Date(master): Thu Jul  5 15:22:16 CEST 2018 on sn-devel-144

(cherry picked from commit a30ac853ff9bca023c53ad98775eabb23156c566)

commit bea8c194633dc0a9079c19ec213709663a6f5c46
Author: Amitay Isaacs 
Date:   Thu Jun 21 20:00:41 2018 +1000

ctdb-tests: Avoid segfault by initializing logging

Setting DEBUGLEVEL before calling debug_init() causes segmentation
violation with gcc8.  DEBUGLEVEL_CLASS is statically initialized to
debug_class_list_initial which is defined as const.  Only after
debug_init() is called, DEBUGLEVEL_CLASS becomes a talloc'd array.

So before modifying DEBUGLEVEL, ensure debug_init() is called via
setup_logging().  (debug_init is a static function.)

Signed-off-by: Amitay Isaacs 
Reviewed-by: Martin Schwenke 
(cherry picked from commit af697008531bd74546656841dd3a1ed92522fc57)

commit 5f0ba9c1d94681eb14636509702b720f50bb37ae
Author: Amitay Isaacs 
Date:   Thu Mar 1 12:32:26 2018 +1100

ctdb-pmda: Use modified API in pcp library 4.0

Support backward compatibility by checking for __pmID_int type, which
was previously in .  In the new version, this type is not
defined anymore and there is no need to include .

Signed-off-by: Amitay Isaacs 
Reviewed-by: Martin Schwenke 

Autobuild-User(master): Martin Schwenke 
Autobuild-Date(master): Fri Mar  2 00:38:52 CET 2018 on sn-devel-144

(cherry picked from commit 426e4a5a20cff73a80d80b46f15826deac3f934f)

commit 66d36b3199166ff40234fba1bdbd32e02686c164
Author: Amitay Isaacs 
Date:   Mon May 14 16:52:58 2018 +1000

socket_wrapper: Add missing dependency on tirpc

Signed-off-by: Amitay Isaacs 
Reviewed-by: Andreas Schneider 

Autobuild-User(master): Amitay Isaacs 
Autobuild-Date(master): Tue May 22 13:57:07 CEST 2018 on sn-devel-144

(cherry picked from commit 7049b2153b08152f03a0fcbb1817b430fe0a8451)

commit 7fd58cbec458a353f8732c7becadb5fc2315695c
Author: Martin Schwenke 
Date:   Tue Jun 26 20:12:23 2018 +1000

ctdb-daemon: Only consider client ID for local database attach

The comment immediately above this code says "don't allow local
clients to attach" and then looks up the client ID regardless of
whether the request is local or remote.

This means that an intentional remote attach from a client will not
work correctly.  No real client should ever do that since clients
attach so they an access databases locally.  Perhaps some sanity
checks should be added.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13500

Signed-off-by: Martin Schwenke 
Reviewed-by: Amitay Isaacs 
(cherry picked from commit 63255ef92552da92956c05160f33622d0bbc3a28)

commit b521f79e4ab64c0de5f1c9a81f051fb1f3a8514d
Author: Martin Schwenke 
Date:   Fri Jun 15 06:07:54 2018 +1000

ctdb-docs: Fix the documentation for VNN map

It is incorrectly says that nodes not in the VNN map can not be
DMASTER.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13499

Signed-off-by: Martin Schwenke 
Reviewed-by: Amitay Isaacs 
(cherry picked from commit

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-06-27 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  e728f9f s4:kcc: Add a NULL check before qsort()
   via  84bac58 s3:smbget: Fix buffer truncation issues with gcc8
   via  e0a7415 s3:registry: Fix buffer truncation issues issues with gcc8
   via  ce0b090 samdb: Fix build error with gcc8
   via  bc6a072 s3-winbindd: remove unused fill_domain_username()
   via  6fa0630 s3-winbindd: use fill_domain_username_talloc() in winbind.
   via  7b6a1de s3:libnet: Fix format-truncation warning in samsync_ldif
   via  6aaf3a8 lib: Fix array size in audit_logging
   via  aab4aca s4:ntvfs: Fix string copy of share_name
   via  461bd25 lib:util: Fix parameter aliasing in tfork test
   via  99ab2e2 s3:passdb: Fix size of ascii_p16
   via  992faaa s3:lib: Use memcpy() in escape_ldap_string()
   via  7cf1573 s4:torture: Use strlcpy() in gen_name()
   via  c4a2cd3 s3-utils: fix format-truncation in smbpasswd
   via  911417a s4-torture: fix format-truncation warning in smb2 session 
tests.
   via  c146fd8 s3-printing: fix format-truncation in print_queue_update()
  from  454f425 heimdal: lib/krb5: do not fail set_config_files due to 
parse error

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit e728f9f4e0c4a2a196b87d02f33892cdd0e032c2
Author: Andreas Schneider 
Date:   Thu Jun 21 11:11:58 2018 +0200

s4:kcc: Add a NULL check before qsort()

../source4/dsdb/kcc/kcc_topology.c: In function 
‘kcctpl_get_all_bridgehead_dcs.constprop’:
../source4/dsdb/kcc/kcc_topology.c:1330:3: error: argument 1 null where 
non-null expected [-Werror=nonnull]
   qsort(bridgeheads.data, bridgeheads.count,
   ^~

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Signed-off-by: Andreas Schneider 
Reviewed-by: Guenther Deschner 

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Wed Jun 27 14:52:13 CEST 2018 on sn-devel-144

commit 84bac589f3d4f8ce7131d374963f275ea80af80b
Author: Andreas Schneider 
Date:   Mon Jun 18 10:43:53 2018 +0200

s3:smbget: Fix buffer truncation issues with gcc8

../source3/utils/smbget.c: In function ‘smb_download_file’:
../source3/utils/smbget.c:97:27: error: ‘b’ directive output may be 
truncated writing 1 byte into a region of size between 0 and 19 
[-Werror=format-truncation=]
   snprintf(buffer, l, "%jdb", (intmax_t)s);
   ^

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Signed-off-by: Andreas Schneider 
Reviewed-by: Guenther Deschner 
(cherry picked from commit 4a3164e0beea35c1f4ce44fbe43547f7104587d1)

commit e0a7415b48cf986ae8359e88dfd1eee51b7a2cb8
Author: Andreas Schneider 
Date:   Mon Jun 18 10:34:27 2018 +0200

s3:registry: Fix buffer truncation issues issues with gcc8

../source3/registry/reg_perfcount.c: In function ‘reg_perfcount_get_hkpd’:
../source3/registry/reg_perfcount.c:337:29: error: ‘snprintf’ output may be 
truncated before the last format character [-Werror=format-truncation=]
   snprintf(buf, buflen,"%d%s", key_part1, key_part2);

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Signed-off-by: Andreas Schneider 
Reviewed-by: Guenther Deschner 
(cherry picked from commit 29f6842ee86b768f3677b38c5640655e312c398e)

commit ce0b0908b7753d6daf5162c9694f9c96bc8b563d
Author: Andreas Schneider 
Date:   Mon Jun 18 10:24:06 2018 +0200

samdb: Fix build error with gcc8

../source4/dsdb/samdb/ldb_modules/samldb.c: In function ‘samldb_add’:
../source4/dsdb/samdb/ldb_modules/samldb.c:424:6: error: ‘found’ may be 
used uninitialized in this function [-Werror=maybe-uninitialized]
   if (found) {
  ^
../source4/dsdb/samdb/ldb_modules/samldb.c:348:11: note: ‘found’ was 
declared here
  bool ok, found;
   ^

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Signed-off-by: Andreas Schneider 
Reviewed-by: Guenther Deschner 
(cherry picked from commit 76828876faa3cd463023e323983df0be597c7361)

commit bc6a07241d30118589dd61d061a3a4498d0a6757
Author: Günther Deschner 
Date:   Tue May 8 11:19:42 2018 +0200

s3-winbindd: remove unused fill_domain_username()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Guenther

Signed-off-by: Guenther Deschner 
Reviewed-by: Andreas Schneider 
(cherry picked from commit b24d4eb7afad82afc3a9bab65e1d799edc4b5172)

commit 6fa063049a685970f962394aee034b4388e4be26
Author: Günther Deschner 
Date:   Tue May 8 11:18:56 2018 +0200

s3-winbindd: use fill_domain_username_talloc() in winbind.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Guenther

Signed-off-by: Guenther Deschner 
Reviewed-by: Andreas Schneider 
(cherry picked from commit

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-06-25 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  454f425 heimdal: lib/krb5: do not fail set_config_files due to 
parse error
   via  cdf16fd krb5_wrap: fix keep_old_entries logic for older kerberos 
libraries
  from  0b95014 VERSION: Bump version up to 4.7.9...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 454f425048151e52fca2094b99f295935370f858
Author: Jeffrey Altman 
Date:   Thu Jun 16 16:25:41 2016 -0400

heimdal: lib/krb5: do not fail set_config_files due to parse error

Follow Apple's lead and do not fail krb5_set_config_files() simply
because one of the files in the profile list fails to parse correctly.
Doing so can lead to hard to find failures and could lead to an end
user shooting themselves in the foot and no longer be able to login
to their system to fix it.

Parse as many of the files as we can.  Only fail krb5_set_config_files()
if init_context_from_config_file() fails.

Change-Id: I122664c6d707a5f926643808ba414bf4f681f8b8

Cherry-pick of Heimdal commit b7cf5e7caf9b270f4d4151d2690177b11a7a1bdf

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11573

Signed-off-by: Björn Baumbach 
Reviewed-by: Alexander Bokovoy 
(cherry picked from commit f05a1554b770c6a2c905170347bfb41157f4aa78)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Mon Jun 25 17:16:50 CEST 2018 on sn-devel-144

commit cdf16fd98fc765072a14fdfadb92a2004798c498
Author: Christof Schmitt 
Date:   Tue Jun 19 15:09:41 2018 -0700

krb5_wrap: fix keep_old_entries logic for older kerberos libraries

MIT kerberos 1.13 and older only stores 8 bits of the KVNO. The change
from commit 35b2fb4ff32 resulted in breakage for these kerberos
versions: 'net ads keytab create' reads a large KVNO from AD, and only
the lower 8 bits are stored. The next check then removed the entry again
as the 8 bit value did not match the currently valid KVNO.

Fix this by limiting the check to only 8 bits.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13478

Signed-off-by: Christof Schmitt 
Reviewed-by: Alexander Bokovoy 

Autobuild-User(master): Christof Schmitt 
Autobuild-Date(master): Sat Jun 23 00:57:47 CEST 2018 on sn-devel-144

(cherry picked from commit 97eaeea6a130871cfac5be42459380c0c4e0fae6)

---

Summary of changes:
 lib/krb5_wrap/krb5_samba.c | 2 +-
 source4/heimdal/lib/krb5/config_file.c | 4 ++--
 source4/heimdal/lib/krb5/context.c | 3 ++-
 3 files changed, 5 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 7c461e5..0ba8aae 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -1549,7 +1549,7 @@ krb5_error_code 
smb_krb5_kt_seek_and_delete_old_entries(krb5_context context,
}
 
if (!flush &&
-   (kt_entry.vno == kvno) &&
+   ((kt_entry.vno & 0xff) == (kvno & 0xff)) &&
(kt_entry_enctype != enctype))
{
DEBUG(5, (__location__ ": Saving entry with kvno [%d] "
diff --git a/source4/heimdal/lib/krb5/config_file.c 
b/source4/heimdal/lib/krb5/config_file.c
index 4ac25ae..f5ddcc9 100644
--- a/source4/heimdal/lib/krb5/config_file.c
+++ b/source4/heimdal/lib/krb5/config_file.c
@@ -370,11 +370,11 @@ krb5_config_parse_debug (struct fileptr *f,
b = NULL;
} else if (*p == '}') {
*err_message = "unmatched }";
-   return EINVAL;  /* XXX */
+   return KRB5_CONFIG_BADFORMAT;
} else if(*p != '\0') {
if (s == NULL) {
*err_message = "binding before section";
-   return EINVAL;
+   return KRB5_CONFIG_BADFORMAT;
}
ret = parse_binding(f, lineno, p, , >u.list, err_message);
if (ret)
diff --git a/source4/heimdal/lib/krb5/context.c 
b/source4/heimdal/lib/krb5/context.c
index 23e3879..770f012 100644
--- a/source4/heimdal/lib/krb5/context.c
+++ b/source4/heimdal/lib/krb5/context.c
@@ -646,7 +646,8 @@ krb5_set_config_files(krb5_context context, char 
**filenames)
 krb5_config_binding *tmp = NULL;
 while(filenames != NULL && *filenames != NULL && **filenames != '\0') {
ret = krb5_config_parse_file_multi(context, *filenames, );
-   if(ret != 0 && ret != ENOENT && ret != EACCES && ret != EPERM) {
+   if (ret != 0 && ret != ENOENT && ret != EACCES && ret != EPERM
+   && ret != KRB5_CONFIG_BADFORMAT) {
krb5_config_file_free(context, tmp);
return ret;
}


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-06-21 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  0b95014 VERSION: Bump version up to 4.7.9...
   via  c216a22 VERSION: Disable GIT_SNAPSHOT for the 4.7.8 release.
   via  8d6bfb4 WHATSNEW: Add release notes for Samba 4.7.8.
  from  ca441a0 python: Fix talloc frame use in make_simple_acl().

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 0b9501442285fc17eb508d3d7afac1938850363a
Author: Karolin Seeger 
Date:   Thu Jun 21 09:58:10 2018 +0200

VERSION: Bump version up to 4.7.9...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger 

commit c216a22f793c5b21825afbcfc5b95c1ff051d969
Author: Karolin Seeger 
Date:   Thu Jun 21 09:57:01 2018 +0200

VERSION: Disable GIT_SNAPSHOT for the 4.7.8 release.

Signed-off-by: Karolin Seeger 

commit 8d6bfb41fbce6c958dd45cecaf7a51b6a3b3d395
Author: Karolin Seeger 
Date:   Thu Jun 21 09:56:30 2018 +0200

WHATSNEW: Add release notes for Samba 4.7.8.

Signed-off-by: Karolin Seeger 

---

Summary of changes:
 VERSION  |   2 +-
 WHATSNEW.txt | 120 ++-
 2 files changed, 119 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index b54c7f1..b3be468 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=7
-SAMBA_VERSION_RELEASE=8
+SAMBA_VERSION_RELEASE=9
 
 
 # If a official release has a serious bug  #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 629dba8..54a9398 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,120 @@
=
+   Release Notes for Samba 4.7.8
+   June 21, 2018
+   =
+
+
+This is the latest stable release of the Samba 4.7 release series.
+
+
+Changes since 4.7.7:
+
+
+o  Jeremy Allison 
+   * BUG 13380: s3: smbd: Generic fix for incorrect reporting of stream dos
+ attributes on a directory.
+   * BUG 13412: ceph: VFS: Add asynchronous fsync to ceph module, fake using
+ synchronous call.
+   * BUG 13419: s3: libsmbclient: Fix hard-coded connection error return of
+ ETIMEDOUT.
+   * BUG 13428: s3: smbd: Fix SMB2-FLUSH against directories.
+   * BUG 13457: s3: smbd: printing: Re-implement delete-on-close semantics for
+ print files missing since 3.5.x.
+   * BUG 13474: python: Fix talloc frame use in make_simple_acl().
+
+o  Andrew Bartlett 
+   * BUG 13430: winbindd on the AD DC is slow for passdb queries.
+   * BUG 13454: No Backtrace given by Samba's AD DC by default. 
+
+o  Ralph Boehme 
+   * BUG 13332: winbindd doesn't recover loss of netlogon secure channel in
+ case the peer DC is rebooted.
+   * BUG 13432: s3:smbd: Fix interaction between chown and SD flags.
+
+o  Günther Deschner 
+   * BUG 13437: s4-heimdal: Fix the format-truncation errors.
+
+o  David Disseldorp 
+   * BUG 13425: vfs_ceph: Add fake async pwrite/pread send/recv hooks.
+
+o  Björn Jacke 
+   * BUG 13395: printing: Return the same error code as Windows does on upload
+ failures.
+
+o  Volker Lendecke 
+   * BUG 13290: winbind: Improve child selection.
+   * BUG 13292: winbind: Maintain a binding handle per domain and always go via
+ wb_domain_request_send().
+   * BUG 13332: winbindd doesn't recover loss of netlogon secure channel in
+ case the peer DC is rebooted.
+   * BUG 13369: Looking up the user using the UPN results in user name with the
+ REALM instead of the DOMAIN.
+   * BUG 13370: rpc_server: Init local_server_* in
+ make_internal_rpc_pipe_socketpair.
+   * BUG 13382: smbclient: Fix broken notify. 
+
+o  Stefan Metzmacher 
+   * BUG 13273: libads: Fix the build --without-ads.
+   * BUG 13279: winbindd: Don't split the rid for SID_NAME_DOMAIN sids in
+ wb_lookupsids.
+   * BUG 13280: winbindd: initialize type = SID_NAME_UNKNOWN in
+ wb_lookupsids_single_done().
+   * BUG 13289: s4:rpc_server: Fix call_id truncation in
+ dcesrv_find_fragmented_call().
+   * BUG 13290:  A disconnecting winbind client can cause a problem in the
+ winbind parent child communication.
+   * BUG 13291: tevent: version 0.9.36
+   - improve documentation of tevent_queue_add_optimize_empty()
+- add tevent_queue_entry_untrigger()
+   * BUG 13292: winbind: Use one queue for all domain children.
+   * BUG 13293: Minimize the lifetime of winbindd_cli_state->{pw,gr}ent_state.
+   * BUG 13294: winbind should avoid using fstrcpy(domain->dcname,...) on a
+ char *.
+   * BUG 13295: The winbind parent should find the dc of a foreign domain via
+ the primary domain.
+   * BUG 13400: nsswitch: Fix memory

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-06-19 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  ca441a0 python: Fix talloc frame use in make_simple_acl().
   via  03cfdb0 s3: smbd: printing: Re-implement delete-on-close semantics 
for print files missing since 3.5.x.
   via  1f1edc0 s4-heimdal: Fix the format-truncation errors.
   via  db362df s3: smbtorture: Add new SMB2-DIR-FSYNC test to show 
behavior of FSYNC on directories.
   via  a743be8 s3: smbd: Fix SMB2-FLUSH against directories.
  from  d3c2cc2 smbd: Flush dfree memcache on service reload

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit ca441a0f8ddde4458cb729eaabc6906a45458f1d
Author: Jeremy Allison 
Date:   Thu Jun 14 14:08:36 2018 -0700

python: Fix talloc frame use in make_simple_acl().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13474

Signed-off-by: Jeremy Allison 
Reviewed-by: Stefan Metzmacher 

This was fixed differently by commit
539f51f0dfbe4ce317a2978982fd0fc9a7fd6922 in master.

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Tue Jun 19 17:54:45 CEST 2018 on sn-devel-144

commit 03cfdb0d758d9b0697844d4c5053bd2428b16a6d
Author: Jeremy Allison 
Date:   Thu May 31 10:35:48 2018 -0700

s3: smbd: printing: Re-implement delete-on-close semantics for print files 
missing since 3.5.x.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13457

Signed-off-by: Jeremy Allison 
Reviewed-by: Andreas Schneider 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Fri Jun  1 20:32:03 CEST 2018 on sn-devel-144

(cherry picked from commit 364175b359f018c8641359440fa07b0ea567b045)

commit 1f1edc09bfa3384571254f7057703dbc5db069bf
Author: Günther Deschner 
Date:   Wed May 30 09:27:49 2018 +0200

s4-heimdal: Fix the format-truncation errors.

../source4/heimdal/lib/com_err/compile_et.c: In function ‘generate_h’:
../source4/heimdal/lib/com_err/compile_et.c:138:33: error: ‘%s’ directive 
output may be truncated writing up to 127 bytes into a region of size 126 
[-Werror=format-truncation=]
 snprintf(fn, sizeof(fn), "__%s__", hfn);
 ^~ ~~~
../source4/heimdal/lib/com_err/compile_et.c:138:5: note: ‘snprintf’ output 
between 5 and 132 bytes into a destination of size 128
 snprintf(fn, sizeof(fn), "__%s__", hfn);
 ^~~
../source4/heimdal/lib/com_err/compile_et.c: In function ‘main’:
../source4/heimdal/lib/com_err/compile_et.c:234:35: error: ‘.h’ directive 
output may be truncated writing 2 bytes into a region of size between 1 and 128 
[-Werror=format-truncation=]
 snprintf(hfn, sizeof(hfn), "%s.h", Basename);
   ^~
../source4/heimdal/lib/com_err/compile_et.c:234:5: note: ‘snprintf’ output 
between 3 and 130 bytes into a destination of size 128
 snprintf(hfn, sizeof(hfn), "%s.h", Basename);
 ^~~~
../source4/heimdal/lib/com_err/compile_et.c:235:35: error: ‘.c’ directive 
output may be truncated writing 2 bytes into a region of size between 1 and 128 
[-Werror=format-truncation=]
 snprintf(cfn, sizeof(cfn), "%s.c", Basename);
   ^~
../source4/heimdal/lib/com_err/compile_et.c:235:5: note: ‘snprintf’ output 
between 3 and 130 bytes into a destination of size 128
 snprintf(cfn, sizeof(cfn), "%s.c", Basename);
 ^~~~
cc1: some warnings being treated as errors

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13437

Guenther

Signed-off-by: Günther Deschner 
Reviewed-by: Andreas Schneider 

Autobuild-User(master): Andreas Schneider 
Autobuild-Date(master): Fri Jun  8 13:23:51 CEST 2018 on sn-devel-144

commit db362df94261512fff0701cf4153441fc8cf0c07
Author: Jeremy Allison 
Date:   Thu May 10 11:30:24 2018 -0700

s3: smbtorture: Add new SMB2-DIR-FSYNC test to show behavior of FSYNC on 
directories.

Tests against a directory handle on the root of a share,
and a directory handle on a sub-directory in a share.

Check SEC_DIR_ADD_FILE and SEC_DIR_ADD_SUBDIR separately,
either allows flush to succeed.

Passes against Windows.

Regression test for:

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13428

Signed-off-by: Jeremy Allison 
Reviewed-by: Ralph Boehme 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Fri May 18 02:38:50 CEST 2018 on sn-devel-144

(cherry picked from commit d42f467a25e75e5487a00378609a24809ddc83ee)

commit a743be8440b05d8dd11170777965aac0fd06b062
Author: Jeremy Allison 
Date:   Thu May 10 10:26:52 2018 -0700

s3: smbd: Fix SMB2-FLUSH against directories.

Directories opened

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-06-07 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  d3c2cc2 smbd: Flush dfree memcache on service reload
   via  b310f37 smbd: Cache dfree information based on query path
   via  bf63e6f memcache: Add new cache type for dfree information
   via  5cbb3c3 selftest: Add test for 'dfree cache'
   via  9d9d959 selftest: Add dfq_cache share with 'dfree cache time' set
  from  f156d20 lib/util: Call log_stack_trace() in smb_panic_default()

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit d3c2cc28545b052754a2b77a5df0a7dc86e90766
Author: Christof Schmitt 
Date:   Fri May 18 20:51:58 2018 -0700

smbd: Flush dfree memcache on service reload

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13446

Signed-off-by: Christof Schmitt 
Reviewed-by: Jeremy Allison 
(cherry picked from commit e30d0c0e0d11f65b2d1886be3c0fe9e32eaf3926)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Thu Jun  7 13:54:43 CEST 2018 on sn-devel-144

commit b310f375726afedbc33f9f9033f7f79772898dc9
Author: Christof Schmitt 
Date:   Wed May 16 13:17:52 2018 -0700

smbd: Cache dfree information based on query path

Sub directories in a SMB share can have different free space information
(e.g. when a different file system is mounted there). Caching the dfree
information per SMB share will return invalid data. Address this by
switching to memcache and store the cached data based on the query path.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13446

Signed-off-by: Christof Schmitt 
Reviewed-by: Jeremy Allison 
(cherry picked from commit 8f121747b06ca78cf51801a3931b2ddd1a424c77)

commit bf63e6f23721487e1e582154b14ba7b069670d93
Author: Christof Schmitt 
Date:   Wed May 16 13:05:36 2018 -0700

memcache: Add new cache type for dfree information

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13446

Signed-off-by: Christof Schmitt 
Reviewed-by: Jeremy Allison 
(cherry picked from commit f5d05562679f6aa691b98b4a75952f7dda7ed343)

commit 5cbb3c35561b52369335020df7dc4d69bc49fc35
Author: Christof Schmitt 
Date:   Wed May 23 11:25:42 2018 -0700

selftest: Add test for 'dfree cache'

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13446

Signed-off-by: Christof Schmitt 
Reviewed-by: Jeremy Allison 
(cherry picked from commit a55b3d2fcc2f7737a2702bf908dcf1f80969bf21)

commit 9d9d95965b425075d2c602cacc896ebd781b6ff8
Author: Christof Schmitt 
Date:   Wed May 23 11:07:54 2018 -0700

selftest: Add dfq_cache share with 'dfree cache time' set

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13446

Signed-off-by: Christof Schmitt 
Reviewed-by: Jeremy Allison 
(cherry picked from commit 7ffcbd5ce1222971cb9879f78765d87cdc4102a8)

---

Summary of changes:
 lib/util/memcache.h  |   3 +-
 selftest/target/Samba3.pm|   6 ++
 source3/script/tests/test_dfree_quota.sh |  35 +++
 source3/smbd/dfree.c | 104 +--
 source3/smbd/proto.h |   1 +
 source3/smbd/server_reload.c |   1 +
 6 files changed, 130 insertions(+), 20 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/util/memcache.h b/lib/util/memcache.h
index b87746b..c6a5b86 100644
--- a/lib/util/memcache.h
+++ b/lib/util/memcache.h
@@ -44,7 +44,8 @@ enum memcache_number {
SINGLETON_CACHE_TALLOC, /* talloc */
SINGLETON_CACHE,
SMB1_SEARCH_OFFSET_MAP,
-   SHARE_MODE_LOCK_CACHE   /* talloc */
+   SHARE_MODE_LOCK_CACHE,  /* talloc */
+   DFREE_CACHE,
 };
 
 /*
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 299d55b..39a8f49 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -2007,6 +2007,12 @@ sub provision($)
vfs objects = acl_xattr fake_acls xattr_tdb fake_dfq
admin users = $unix_name
include = $dfqconffile
+[dfq_cache]
+   path = $shrdir/dfree
+   vfs objects = acl_xattr fake_acls xattr_tdb fake_dfq
+   admin users = $unix_name
+   include = $dfqconffile
+   dfree cache time = 60
 [dfq_owner]
path = $shrdir/dfree
vfs objects = acl_xattr fake_acls xattr_tdb fake_dfq
diff --git a/source3/script/tests/test_dfree_quota.sh 
b/source3/script/tests/test_dfree_quota.sh
index 6e227c4..abd82b4 100755
--- a/source3/script/tests/test_dfree_quota.sh
+++ b/source3/script/tests/test_dfree_quota.sh
@@ -130,6 +130,35 @@ test_smbclient_dfree() {
return $status
 }
 
+# Issue two queries to different directories in one session to test
+# caching effects
+test_smbclient_dfree_2() {
+   name="$1"
+   share="$2"
+   dir1="$3"
+   dir2="$4"
+   confs="$5"
+

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-06-04 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  f156d20 lib/util: Call log_stack_trace() in smb_panic_default()
   via  0dc4806 lib/util: Move log_stack_trace() to common code
   via  67d037c lib/util: Log PANIC before calling pacic action just like s3
   via  8f9be61 s3-lib: Remove support for libexc for IRIX backtraces
   via  e322613 s3:utils: Do not segfault on error in DoDNSUpdate()
   via  e8489ae auth/ntlmssp: fix handling of GENSEC_FEATURE_LDAP_STYLE as 
a server
   via  7731ad2 s4:selftest: run test_ldb_simple.sh with more auth options
   via  0edc63e auth/ntlmssp: add ntlmssp_client:ldap_style_send_seal option
  from  603bc01 s3:smbd: fix interaction between chown and SD flags

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit f156d2039653a59d675a962495213e7417f03116
Author: Andrew Bartlett 
Date:   Tue Apr 10 16:37:45 2018 +1200

lib/util: Call log_stack_trace() in smb_panic_default()

This matches the AD DC with the behaviour in smbd.

Signed-off-by: Andrew Bartlett 
Reviewed-by: Jeremy Allison 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13454

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Wed Apr 11 04:03:07 CEST 2018 on sn-devel-144

(cherry picked from commit 462eb4a44cc51dc17aebbcd5c609c9ff7f088554)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Mon Jun  4 14:20:17 CEST 2018 on sn-devel-144

commit 0dc480678749484819c72533c0e00552627ab262
Author: Andrew Bartlett 
Date:   Tue Apr 10 16:35:07 2018 +1200

lib/util: Move log_stack_trace() to common code

Signed-off-by: Andrew Bartlett 
Reviewed-by: Jeremy Allison 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13454
(cherry picked from commit bf9551902afdb32310db4a3381964c435dd08bf0)

commit 67d037c58f93845640cfff792686d4797cb86a7c
Author: Andrew Bartlett 
Date:   Tue Apr 10 16:06:12 2018 +1200

lib/util: Log PANIC before calling pacic action just like s3

This is like the changes made in s3 by
4fa555980070d78b39711ef21d77628d26055bc2

Signed-off-by: Andrew Bartlett 
Reviewed-by: Jeremy Allison 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13454
(cherry picked from commit 3acc00b6808d5d5ad035d9d43526204db1608c8a)

commit 8f9be615515622738fbc7175a44902679f2187d7
Author: Andrew Bartlett 
Date:   Tue Apr 10 15:54:10 2018 +1200

s3-lib: Remove support for libexc for IRIX backtraces

IRIX is long dead, and this code needs become_root() which is not in
the top level code.

Additionally, the check for libexc never made it into waf, so this
has been dead code since Samba 4.1.

Signed-off-by: Andrew Bartlett 
Reviewed-by: Jeremy Allison 
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13454
(cherry picked from commit 85dc9ee14023a8fb84b5c74555d43008bb6bb0c0)

commit e322613d518953dfe725a8d6c0c35c8cd73c8dbb
Author: Andreas Schneider 
Date:   Thu May 17 11:53:18 2018 +0200

s3:utils: Do not segfault on error in DoDNSUpdate()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13440

Signed-off-by: Andreas Schneider 
Reviewed-by: Volker Lendecke 

(cherry picked from commit cdd98aa1e2116fb97e16718d115ee883fe1bc8ba)

commit e8489ae8538a06fb224e8af9e45da43fecaef316
Author: Stefan Metzmacher 
Date:   Mon May 7 14:50:27 2018 +0200

auth/ntlmssp: fix handling of GENSEC_FEATURE_LDAP_STYLE as a server

This fixes "NTLMSSP NTLM2 packet check failed due to invalid signature!"
error messages, which were generated if the client only sends
NTLMSSP_NEGOTIATE_SIGN without NTLMSSP_NEGOTIATE_SEAL on an LDAP
connection.

This fixes a regession in the combination of commits
77adac8c3cd2f7419894d18db735782c9646a202 and
3a0b835408a6efa339e8b34333906bfe3aacd6e3.

We need to evaluate GENSEC_FEATURE_LDAP_STYLE at the end
of the authentication (as a server, while we already
do so at the beginning as a client).

As a reminder I introduced GENSEC_FEATURE_LDAP_STYLE
(as an internal flag) in order to let us work as a
Windows using NTLMSSP for LDAP. Even if only signing is
negotiated during the authentication the following PDUs
will still be encrypted if NTLMSSP is used. This is exactly the
same as if the client would have negotiated NTLMSSP_NEGOTIATE_SEAL.
I guess it's a bug in Windows, but we have to reimplement that
bug. Note this only applies to NTLMSSP and only to LDAP!
Signing only works fine for LDAP with Kerberos
or DCERPC and NTLMSSP.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13427

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Andrew Bartlett 

Autobuild-User(master): Andrew Bartlett 
Autobuild-Date(master): Wed May 16 03:26:03 CEST 2018 on sn-devel-144

(cherry

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-05-24 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  603bc01 s3:smbd: fix interaction between chown and SD flags
   via  b99d51f s4:torture/smb2: new test for interaction between chown and 
SD flags
   via  6a8939c nsswitch:tests: Add test for wbinfo --user-info
   via  0c8b0b0 selftest: Add a user with a different userPrincipalName
   via  67dc018 nsswitch: Lookup the domain in tests with the wb seperator
   via  b3bdf4b nsswitch: Add a test looking up domain sid
   via  9fbdbe6 nsswitch: Add a test looking up the user using the upn
   via  0f2e271 winbindd: Name<->SID cache is not sequence number based 
anymore
   via  a92c5dc winbindd: Move name<->sid cache to gencache
   via  ea49628 winbindd: Factor out winbindd_domain_init_backend from 
get_cache()
   via  7626db2 net: Parse namemap_cache in "net cache list"
   via  ccad9a3 lib: Add namemap_cache
   via  afcffa9 lib: Pass blob instead of  to gencache_set_data_blob
   via  18664ed lib: Allow parsing a strv from a non-talloc const buf
   via  5c5c38b lib: Only call strlen if necessary in strv
   via  9d402a9 lib: Pass in "strv_len" to strv_valid_entry
  from  4dc19ac s3: VFS: Fix memory leak in vfs_ceph.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 603bc0160f9cf3322f7958a530c14fb35262251c
Author: Ralph Boehme 
Date:   Thu May 10 12:29:35 2018 +0200

s3:smbd: fix interaction between chown and SD flags

A change ownership operation that doesn't set the NT ACLs must not touch
the SD flags (type).

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13432

Signed-off-by: Ralph Boehme 
Reviewed-by: Jeremy Allison 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Fri May 11 23:30:32 CEST 2018 on sn-devel-144

(cherry picked from commit ced55850034a3653525823bf9623912a4fcf18a0)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Thu May 24 17:22:35 CEST 2018 on sn-devel-144

commit b99d51f1b88b606f9b162b019ee28c707e1d59a6
Author: Ralph Boehme 
Date:   Thu May 10 12:28:43 2018 +0200

s4:torture/smb2: new test for interaction between chown and SD flags

This passes against Windows, but fails against Samba.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13432

Signed-off-by: Ralph Boehme 
Reviewed-by: Jeremy Allison 
(cherry picked from commit 12f6d56c4814fca64e0e3c636018e70d71ad0be5)

commit 6a8939ccd46ba02d775760a40b4c8441951eeaaf
Author: Andreas Schneider 
Date:   Fri Apr 20 11:20:44 2018 +0200

nsswitch:tests: Add test for wbinfo --user-info

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369

Signed-off-by: Andreas Schneider 
Reviewed-by: Stefan Metzmacher 
(cherry picked from commit 2715f52f54e66a73131a92d752a8c2447da1fd33)

commit 0c8b0b00ec1675c371d135a53de27aad2ebdc6f9
Author: Andreas Schneider 
Date:   Fri Apr 20 09:38:24 2018 +0200

selftest: Add a user with a different userPrincipalName

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369

Signed-off-by: Andreas Schneider 
Reviewed-by: Stefan Metzmacher 
(cherry picked from commit 5319cae00096dcecc29aa9fa675a983352ad64d8)

commit 67dc018917b05b46b12b4cdf03fdd515edd539ec
Author: Andreas Schneider 
Date:   Mon May 7 13:23:42 2018 +0200

nsswitch: Lookup the domain in tests with the wb seperator

Signed-off-by: Andreas Schneider 
Reviewed-by: Stefan Metzmacher 
(cherry picked from commit 4fa811ec7bc301e96f5e40ba281e8d4e8709b94f)

commit b3bdf4b6c7af8e702ec26c7dd3d8e6f480b07e50
Author: Andreas Schneider 
Date:   Fri May 4 12:43:05 2018 +0200

nsswitch: Add a test looking up domain sid

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369

Signed-off-by: Andreas Schneider 
Reviewed-by: Stefan Metzmacher 
(cherry picked from commit 0aceca6a94e868f9c01a66f79624ca10d80560ab)

commit 9fbdbe6fc511ed1179a67c291b8f292b7e798ee3
Author: Andreas Schneider 
Date:   Fri Apr 20 11:24:30 2018 +0200

nsswitch: Add a test looking up the user using the upn

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13369

Signed-off-by: Andreas Schneider 
Reviewed-by: Stefan Metzmacher 
(cherry picked from commit 0d2f743d826b87b369e25fc6bb9ff61f2b0896aa)

commit 0f2e2711e92a433abdc9436ecaf3ba9d773902c8
Author: Volker Lendecke 
Date:   Tue Aug 8 14:24:27 2017 +0200

winbindd: Name<->SID cache is not sequence number based

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-05-17 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  4dc19ac s3: VFS: Fix memory leak in vfs_ceph.
  from  91edd9c winbindd: Do re-connect if the RPC call fails in the passdb 
case

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 4dc19aced2c2d5b44a4c89e64c0445953911e917
Author: Vandana Rungta 
Date:   Tue May 8 11:27:47 2018 -0700

s3: VFS: Fix memory leak in vfs_ceph.

Centralize error handling.

https://bugzilla.samba.org/show_bug.cgi?id=13424

Signed-off-by: Vandana Rungta 
Reviewed-by: Jeremy Allison 
Reviewed-by: David Disseldorp 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Wed May  9 04:28:11 CEST 2018 on sn-devel-144

(cherry picked from commit 4e78aeedb8329953df83fc7f2c191b2c97a051d0)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Thu May 17 18:18:42 CEST 2018 on sn-devel-144

---

Summary of changes:
 source3/modules/vfs_ceph.c | 21 +++--
 1 file changed, 11 insertions(+), 10 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/modules/vfs_ceph.c b/source3/modules/vfs_ceph.c
index a27b762..9f75283 100644
--- a/source3/modules/vfs_ceph.c
+++ b/source3/modules/vfs_ceph.c
@@ -1355,30 +1355,31 @@ static struct smb_filename *cephwrap_realpath(struct 
vfs_handle_struct *handle,
TALLOC_CTX *ctx,
const struct smb_filename *smb_fname)
 {
-   char *result;
+   char *result = NULL;
const char *path = smb_fname->base_name;
size_t len = strlen(path);
struct smb_filename *result_fname = NULL;
+   int r = -1;
 
-   result = SMB_MALLOC_ARRAY(char, PATH_MAX+1);
if (len && (path[0] == '/')) {
-   int r = asprintf(, "%s", path);
-   if (r < 0) return NULL;
+   r = asprintf(, "%s", path);
} else if ((len >= 2) && (path[0] == '.') && (path[1] == '/')) {
if (len == 2) {
-   int r = asprintf(, "%s",
+   r = asprintf(, "%s",
handle->conn->connectpath);
-   if (r < 0) return NULL;
} else {
-   int r = asprintf(, "%s/%s",
+   r = asprintf(, "%s/%s",
handle->conn->connectpath, [2]);
-   if (r < 0) return NULL;
}
} else {
-   int r = asprintf(, "%s/%s",
+   r = asprintf(, "%s/%s",
handle->conn->connectpath, path);
-   if (r < 0) return NULL;
}
+
+   if (r < 0) {
+   return NULL;
+   }
+
DBG_DEBUG("[CEPH] realpath(%p, %s) = %s\n", handle, path, result);
result_fname = synthetic_smb_fname(ctx,
result,


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-05-14 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  91edd9c winbindd: Do re-connect if the RPC call fails in the passdb 
case
   via  6a41a0d winbindd: Add a cache of the samr and lsa handles for the 
passdb domain
   via  139743e vfs_ceph: add fake async pwrite/pread send/recv hooks
  from  bf466d2 s3: libsmbclient: Fix hard-coded connection error return of 
ETIMEDOUT.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 91edd9c30f2545519844e3413e43626b3ca0c321
Author: Andrew Bartlett 
Date:   Wed Mar 21 20:44:31 2018 +1300

winbindd: Do re-connect if the RPC call fails in the passdb case

This is very, very unlikely but possible as in the AD case the RPC server 
is in
another process that may eventually be able to restart.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13430

Signed-off-by: Andrew Bartlett 
Reviewed-by: Ralph Boehme 
(cherry picked from commit fc9150dcab231fe9beb72e198b0c2742d5f2505f)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Mon May 14 14:58:22 CEST 2018 on sn-devel-144

commit 6a41a0dcbec9644f2661c919c669144c67bf9394
Author: Andrew Bartlett 
Date:   Wed Mar 21 20:43:10 2018 +1300

winbindd: Add a cache of the samr and lsa handles for the passdb domain

This domain is very close, in AD DC configurations over a internal ncacn_np 
pipe
and otherwise in the same process via C linking.  It is however very 
expensive
to re-create the binding handle per SID->name lookup, so keep a cache.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13430

Signed-off-by: Andrew Bartlett 
Reviewed-by: Ralph Boehme 
(cherry picked from commit d418d0ca33afb41a793a2fff19ca68871aa5e9ef)

commit 139743ec1ed9078be0891e416c536305b6dd1b33
Author: David Disseldorp 
Date:   Wed May 9 16:51:34 2018 +0200

vfs_ceph: add fake async pwrite/pread send/recv hooks

As found by Jeremy, VFS modules that don't provide pread_send() or
pwrite_send() hooks result in vfs_default fallback, which is
catastrophic for VFS modules with non-mounted filesystems such as
vfs_ceph.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13425

Reported-by: Jeremy Allison 
Signed-off-by: David Disseldorp 
Reviewed-by: Jeremy Allison 
(cherry picked from commit f0e6453b0420fe9d062936d4ddc05f44b40cf2ba)

---

Summary of changes:
 source3/modules/vfs_ceph.c   | 109 ++-
 source3/winbindd/winbindd_samr.c | 395 ---
 2 files changed, 395 insertions(+), 109 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/modules/vfs_ceph.c b/source3/modules/vfs_ceph.c
index 87d3c00..a27b762 100644
--- a/source3/modules/vfs_ceph.c
+++ b/source3/modules/vfs_ceph.c
@@ -482,6 +482,57 @@ static ssize_t cephwrap_pread(struct vfs_handle_struct 
*handle, files_struct *fs
WRAP_RETURN(result);
 }
 
+struct cephwrap_pread_state {
+   ssize_t bytes_read;
+   struct vfs_aio_state vfs_aio_state;
+};
+
+/*
+ * Fake up an async ceph read by calling the synchronous API.
+ */
+static struct tevent_req *cephwrap_pread_send(struct vfs_handle_struct *handle,
+ TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct files_struct *fsp,
+ void *data,
+ size_t n, off_t offset)
+{
+   struct tevent_req *req = NULL;
+   struct cephwrap_pread_state *state = NULL;
+   int ret = -1;
+
+   DBG_DEBUG("[CEPH] %s\n", __func__);
+   req = tevent_req_create(mem_ctx, , struct cephwrap_pread_state);
+   if (req == NULL) {
+   return NULL;
+   }
+
+   ret = ceph_read(handle->data, fsp->fh->fd, data, n, offset);
+   if (ret < 0) {
+   /* ceph returns -errno on error. */
+   tevent_req_error(req, -ret);
+   return tevent_req_post(req, ev);
+   }
+
+   state->bytes_read = ret;
+   tevent_req_done(req);
+   /* Return and schedule the completion of the call. */
+   return tevent_req_post(req, ev);
+}
+
+static ssize_t cephwrap_pread_recv(struct tevent_req *req,
+  struct vfs_aio_state *vfs_aio_state)
+{
+   struct cephwrap_pread_state *state =
+   tevent_req_data(req, struct cephwrap_pread_state);
+
+   DBG_DEBUG("[CEPH] %s\n", __func__);
+   if (tevent_req_is_unix_error(req, _aio_state->error)) {
+   return

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-05-07 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  bf466d2 s3: libsmbclient: Fix hard-coded connection error return of 
ETIMEDOUT.
   via  989c684 ceph: VFS: Add asynchronous fsync to ceph module, fake 
using synchronous call.
   via  314f0e1 rpc_server: Fix NetSessEnum with stale sessions
   via  0797e58 selftest: Add testcase for querying sessions after smbd 
crash
   via  cfbcd62 rpcclient: Print number of entries for NetSessEnum
   via  1f5faf4 printing: return the same error code as windows does on 
upload failures
   via  6db05c0 s3: tests: Regression test to ensure we can never return a 
DIRECTORY attribute on a stream.
   via  8607fea s3: smbd. Generic fix for incorrect reporting of stream dos 
attributes on a directory
   via  db8296b s3: vfs: vfs_streams_xattr: Don't blindly re-use the base 
file mode bits.
   via  d4940e6 winbindd: add retry to _winbind_SendToSam
   via  4319c43 winbindd: add retry to 
_winbind_DsrUpdateReadOnlyServerDnsRecords
   via  1e6275a winbindd: add retry to _wbint_DsGetDcName
   via  b7c598d winbindd: add retry to _wbint_LookupSids()
   via  b0a14aec winbindd: use reset_cm_connection_on_error() instead of 
dcerpc_binding_handle_is_connected()
   via  1b7c16a winbindd: fix logic calling 
dcerpc_binding_handle_is_connected()
   via  76a4df1 winbindd: call dcerpc_binding_handle_is_connected() from 
reset_cm_connection_on_error()
   via  30dd8bc winbindd: force netlogon reauth for certain errors in 
reset_cm_connection_on_error()
   via  5fde0c6 winbindd: call reset_cm_connection_on_error() from 
reconnect_need_retry()
   via  3ef2377 winbindd: make reset_cm_connection_on_error() public
   via  406a8f3 winbindd: check for NT_STATUS_IO_DEVICE_ERROR in 
reset_cm_connection_on_error()
   via  4f793f6 winbindd: add and use ldap_reconnect_need_retry() in 
winbindd_reconnect_ads.c
   via  bc655b6 winbind: Keep "force_reauth" in invalidate_cm_connection
   via  8da9fb5 winbind: Add smbcontrol disconnect-dc
   via  91fd11d utils: Add destroy_netlogon_creds_cli
  from  d6ac540 nsswitch: fix memory leak in winbind_open_pipe_sock() when 
the privileged pipe is not accessable.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit bf466d26a9d48e19caa887c3c15781739c2d120d
Author: Jeremy Allison 
Date:   Wed May 2 11:19:31 2018 -0700

s3: libsmbclient: Fix hard-coded connection error return of ETIMEDOUT.

We shouldn't hard-code the connection error as ETIMEDOUT when
we have a perfectly good NT_STATUS to map from.

Found by the ChromeOS guys trying to connect an SMB2-only client
to an SMB1-only supporting server.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13419

Signed-off-by: Jeremy Allison 
Reviewed-by: Volker Lendecke 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Thu May  3 02:42:20 CEST 2018 on sn-devel-144

(cherry picked from commit 795ec751ac5f6e58966385bec25063c4af4f185d)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Mon May  7 14:19:42 CEST 2018 on sn-devel-144

commit 989c68483baa5925271c020dd9173726ad443ded
Author: Jeremy Allison 
Date:   Fri Apr 27 14:25:54 2018 -0700

ceph: VFS: Add asynchronous fsync to ceph module, fake using synchronous 
call.

This will allow me to ultimately simplify the VFS by removing the 
synchronous
fsync VFS call.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13412

Signed-off-by: Jeremy Allison 
Reviewed-by: Ralph Boehme 

Autobuild-User(master): Ralph Böhme 
Autobuild-Date(master): Mon Apr 30 21:48:55 CEST 2018 on sn-devel-144

(cherry picked from commit aefe444d17a2eee3c0ff38bd34cf9e3f012ecf51)

commit 314f0e1ebe8e565e1df7f992b22aa359278e8bd5
Author: Christof Schmitt 
Date:   Tue Apr 24 13:53:41 2018 -0700

rpc_server: Fix NetSessEnum with stale sessions

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13407

Signed-off-by: Christof Schmitt 
Reviewed-by: Jeremy Allison 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Wed Apr 25 22:49:07 CEST 2018 on sn-devel-144

(cherry picked from commit a6fade4e10760284ef56abf45d3fa70038091cbe)

commit 0797e58833d7b4880df7e3ff9d76802952278175
Author: Christof Schmitt 
Date:   Tue Apr 24 13:52:59 2018 -0700

selftest: Add testcase for querying sessions after smbd crash

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13407

Signed-off-by: Christof Schmitt 
Reviewed-by: Jeremy Allison 
(cherry

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-05-02 Thread Stefan Metzmacher 
The branch, v4-7-test has been updated
   via  d6ac540 nsswitch: fix memory leak in winbind_open_pipe_sock() when 
the privileged pipe is not accessable.
  from  825aea7 s4:rpc_server: fix call_id truncation in 
dcesrv_find_fragmented_call()

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit d6ac5408f7c4d2fc0bb648a302bc012b725bec41
Author: Stefan Metzmacher 
Date:   Tue Apr 24 10:59:05 2018 +0200

nsswitch: fix memory leak in winbind_open_pipe_sock() when the privileged 
pipe is not accessable.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13400

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Volker Lendecke 
(cherry picked from commit ffe970007bf934955f72ec2d73bf8f94a2b796eb)

Autobuild-User(v4-7-test): Stefan Metzmacher 
Autobuild-Date(v4-7-test): Wed May  2 15:36:48 CEST 2018 on sn-devel-144

---

Summary of changes:
 nsswitch/wb_common.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/nsswitch/wb_common.c b/nsswitch/wb_common.c
index 262181a..336092b 100644
--- a/nsswitch/wb_common.c
+++ b/nsswitch/wb_common.c
@@ -420,14 +420,14 @@ static int winbind_open_pipe_sock(struct winbindd_context 
*ctx,
ctx->winbindd_fd = fd;
ctx->is_privileged = 1;
}
+
+   SAFE_FREE(response.extra_data.data);
}
 
if ((need_priv != 0) && (ctx->is_privileged == 0)) {
return -1;
}
 
-   SAFE_FREE(response.extra_data.data);
-
return ctx->winbindd_fd;
 #else
return -1;


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-04-25 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  825aea7 s4:rpc_server: fix call_id truncation in 
dcesrv_find_fragmented_call()
   via  bdfdf93 tests:dcerpc/raw_protocol: reproduce call_id truncation bug
   via  7a636de winbindd: initialize type = SID_NAME_UNKNOWN in 
wb_lookupsids_single_done()
   via  d1869c6 winbindd: don't split the rid for SID_NAME_DOMAIN sids in 
wb_lookupsids
  from  38af417 s3:passdb: Do not return OK if we don't have pinfo set up

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 825aea77e5cb4d600933b6493633c8ed0515f783
Author: Stefan Metzmacher 
Date:   Wed Feb 21 00:49:55 2018 +0100

s4:rpc_server: fix call_id truncation in dcesrv_find_fragmented_call()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13289

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Ralph Boehme 

Autobuild-User(master): Ralph Böhme 
Autobuild-Date(master): Wed Feb 21 19:02:56 CET 2018 on sn-devel-144

(cherry picked from commit 5d113f80944f2e1d2a7e80f73aea7a4cfdfbd140)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Wed Apr 25 13:15:10 CEST 2018 on sn-devel-144

commit bdfdf93f0ca2bc847d640733bbaa71efb0d8e262
Author: Stefan Metzmacher 
Date:   Wed Feb 21 00:50:26 2018 +0100

tests:dcerpc/raw_protocol: reproduce call_id truncation bug

We need to make sure the server handles call_id values > UINT16_MAX.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13289

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Ralph Boehme 
(cherry picked from commit 65e8edb382fbc7450919aad8b42cfcae9e779d11)

commit 7a636de5fabdf1f46fe9f7178114540b48e00b39
Author: Stefan Metzmacher 
Date:   Tue Jan 23 23:52:59 2018 +0100

winbindd: initialize type = SID_NAME_UNKNOWN in wb_lookupsids_single_done()

We check for !NT_STATUS_LOOKUP_ERR(), but wb_lookupsid_recv()
only initializes the results together with NT_STATUS_OK.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13280

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Ralph Boehme 
(cherry picked from commit b5ffa0e21f74fa0c452df38cf50e542eb278562d)

commit d1869c670fb2d9ccca0c2ad17c5901d42449d54e
Author: Stefan Metzmacher 
Date:   Tue Jan 23 14:34:45 2018 +0100

winbindd: don't split the rid for SID_NAME_DOMAIN sids in wb_lookupsids

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13279

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Ralph Boehme 
(cherry picked from commit 17c48f26dea5701feed1c24769348f332695391c)

---

Summary of changes:
 python/samba/tests/dcerpc/raw_protocol.py | 2 +-
 source3/winbindd/wb_lookupsids.c  | 6 --
 source4/rpc_server/dcerpc_server.c| 2 +-
 3 files changed, 6 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/python/samba/tests/dcerpc/raw_protocol.py 
b/python/samba/tests/dcerpc/raw_protocol.py
index 587df54..ff815e9 100755
--- a/python/samba/tests/dcerpc/raw_protocol.py
+++ b/python/samba/tests/dcerpc/raw_protocol.py
@@ -1974,7 +1974,7 @@ class TestDCERPC_BIND(RawDCERPCTest):
 
 # And now try a request without auth_info
 # netr_ServerReqChallenge()
-req = self.generate_request(call_id = 2,
+req = self.generate_request(call_id = 0x21234,
 pfc_flags=pfc_flags,
 context_id=ctx.context_id,
 opnum=4,
diff --git a/source3/winbindd/wb_lookupsids.c b/source3/winbindd/wb_lookupsids.c
index f2b2768..bd90c43 100644
--- a/source3/winbindd/wb_lookupsids.c
+++ b/source3/winbindd/wb_lookupsids.c
@@ -513,7 +513,7 @@ static void wb_lookupsids_single_done(struct tevent_req 
*subreq)
req, struct wb_lookupsids_state);
const char *domain_name = NULL;
const char *name = NULL;
-   enum lsa_SidType type;
+   enum lsa_SidType type = SID_NAME_UNKNOWN;
uint32_t res_sid_index;
uint32_t src_rid;
 
@@ -545,7 +545,9 @@ static void wb_lookupsids_single_done(struct tevent_req 
*subreq)
 */
 
sid_copy(_domain_sid, >sids[res_sid_index]);
-   sid_split_rid(_domain_sid, _rid);
+   if (type != SID_NAME_DOMAIN) {
+   sid_split_rid(_domain_sid, _rid);
+   }
 
src_domain.name.string = domain_name;
src_domain.sid = _domain_sid;
diff --git a/source4/rpc_server/dcerpc_server.c 
b/source4/rpc_server/dcerpc_server.c
index

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-04-20 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  38af417 s3:passdb: Do not return OK if we don't have pinfo set up
   via  7a58eb8 lib/util: remove unused '#include ' from 
tests/tfork.c
   via  5d00889 winbind: Use one queue for all domain children
   via  470aa11 winbind: Maintain a binding handle per domain and always go 
via wb_domain_request_send()
   via  fe8982b winbind: make choose_domain_child() static
   via  8a544c7 winbind: add locator_child_handle() and use it instead of 
child->binding_handle
   via  136c16e winbind: add idmap_child_handle() and use it instead of 
child->binding_handle
   via  128789f winbind: improve wb_domain_request_send() to use 
wb_dsgetdcname_send() for a foreign domain
   via  5bbe243 winbind: use state->{ev,request} in wb_domain_request_send()
   via  ed83d30 winbind: avoid using fstrcpy(dcname,...) in 
_dual_init_connection
   via  bd14266 winbind: cleanup winbindd_cli_state->pwent_state if 
winbindd_getpwent_recv() returns an error
   via  e404058 winbind: cleanup winbindd_cli_state->grent_state if 
winbindd_getgrent_recv() returns an error
   via  2594449 winbind: call lp_winbind_enum_{users,groups}() already in 
set{pw,gr}ent()
   via  06c5e07 winbind: protect a pending wb_child_request against a 
talloc_free()
   via  dbb72ad winbind: use tevent_queue_wait_send/recv in 
wb_child_request_*()
   via  28680d7 winbind: Improve child selection
   via  e19b0731 smbclient: Handle ENUM_DIR in "notify" command
   via  0c5e24d libsmb: Handle IO_TIMEOUT in cli_smb2_notify properly
   via  b28593e libsmb: Handle long-running smb2cli_notify
   via  3c3746f libsmb: Enable "cli_notify" for SMB2+
   via  41666d5 libsmb: Add cli_smb2_notify
   via  898297b libsmb: Add smb2cli_notify()
   via  8b47aed rpc_server: Init local_server_* in 
make_internal_rpc_pipe_socketpair
   via  80b822b tevent: version 0.9.36
   via  c2a tevent: add tevent_queue_entry_untrigger()
   via  55b8d61 tevent: improve documentation of 
tevent_queue_add_optimize_empty()
   via  a588c39 tevent: version 0.9.35
   via  5457c2f lib/async_req/async_sock.c set socket close on exec
   via  b344866 lib/tevent/echo_server.c set socket close on exec
   via  7206dfd tevent: Fix typos
   via  772ca21 lib: tevent: Minor cleanup. wakeup_fd can always be gotten 
from the event context.
   via  bc24206 lib: tevent: Use system , not internal header 
path (except in self-test).
   via  383f130 libads: Fix the build --without-ads
  from  2366b51 VERISON: Bump version up to 4.7.8...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 38af417f34bee9d60417affb8ece81bc2c172b92
Author: Andreas Schneider 
Date:   Tue Apr 17 08:55:23 2018 +0200

s3:passdb: Do not return OK if we don't have pinfo set up

This prevents a crash in fill_mem_keytab_from_secrets()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13376

Signed-off-by: Andreas Schneider 
Reviewed-by: Stefan Metzmacher 

(cherry picked from commit 99859479fc6e12b2f74ce2dfa83da56d8b8f3d26)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Fri Apr 20 16:43:11 CEST 2018 on sn-devel-144

commit 7a58eb8aac648f4fb34c9f09cad0b8633469d14c
Author: Stefan Metzmacher 
Date:   Tue Mar 20 16:49:30 2018 +0100

lib/util: remove unused '#include ' from tests/tfork.c

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13342

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Ralph Boehme 
(cherry picked from commit f2ff61ce9e8ab56d8a69fce29c9f214d5d98f89e)

commit 5d008894dca367f4683f3455edea1f3f778c4aed
Author: Stefan Metzmacher 
Date:   Wed Feb 14 15:04:01 2018 +0100

winbind: Use one queue for all domain children

If we have multiple domain children, it's important
that the first idle child takes over the next waiting request.

Before we had the problem that a request could get stuck in the
queue of a busy child, while later requests could get served fine by
other children.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13292

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Volker Lendecke 

Autobuild-User(master): Stefan Metzmacher 
Autobuild-Date(master): Fri Feb 23 09:04:23 CET 2018 on sn-devel-144

(similar to commit 7f2d45a6c2a88dd8833fc66d314ec21507dd52c3)

commit 470aa11c339a1e5283245750bac831075910f0c4
Author: Volker Lendecke 
Date:   Tue Feb 13 16:04:44 2018 +0100

winbind: Maintain a binding handle per domain and always go via 
wb_domain_request_send()

Pair-Programmed-With: Stefan

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-04-17 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  2366b51 VERISON: Bump version up to 4.7.8...
   via  41f51e0 WHATSNEW: Fix release date.
   via  c2df74d Revert "VERISON: Bump version up to 4.7.8..."
  from  a79aad4 VERISON: Bump version up to 4.7.8...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 2366b510ba25d8a40c970997164a5761d591c24b
Author: Karolin Seeger 
Date:   Wed Apr 11 11:16:34 2018 +0200

VERISON: Bump version up to 4.7.8...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger 

commit 41f51e0180615494bc61ec643ba4e921208cc369
Author: Karolin Seeger 
Date:   Tue Apr 17 09:02:57 2018 +0200

WHATSNEW: Fix release date.

Signed-off-by: Karolin Seeger 

commit c2df74dbdfa7482235bbcad716d073aabaca0976
Author: Karolin Seeger 
Date:   Tue Apr 17 09:05:38 2018 +0200

Revert "VERISON: Bump version up to 4.7.8..."

This reverts commit a79aad47de6606d6b211d33c6c22217f3c14bd97.

---

Summary of changes:
 WHATSNEW.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


Changeset truncated at 500 lines:

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 3eea285..629dba8 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,6 +1,6 @@
=
Release Notes for Samba 4.7.7
-   April 12, 2018
+   April 17, 2018
=
 
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-04-17 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  a79aad4 VERISON: Bump version up to 4.7.8...
   via  19a46b0 WHATSNEW: Add release notes for Samba 4.7.7.
  from  5a2066f torture: Test compound request request counters

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit a79aad47de6606d6b211d33c6c22217f3c14bd97
Author: Karolin Seeger 
Date:   Wed Apr 11 11:16:34 2018 +0200

VERISON: Bump version up to 4.7.8...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger 

commit 19a46b0f221e9ae43425ec9d9b9bab4284538d73
Author: Karolin Seeger 
Date:   Wed Apr 11 11:02:52 2018 +0200

WHATSNEW: Add release notes for Samba 4.7.7.

Signed-off-by: Karolin Seeger 

---

Summary of changes:
 VERSION  |   4 +--
 WHATSNEW.txt | 109 +--
 2 files changed, 109 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index f9f4813..b54c7f1 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=7
-SAMBA_VERSION_RELEASE=7
+SAMBA_VERSION_RELEASE=8
 
 
 # If a official release has a serious bug  #
@@ -99,7 +99,7 @@ SAMBA_VERSION_RC_RELEASE=
 # e.g. SAMBA_VERSION_IS_SVN_SNAPSHOT=yes   #
 #  ->  "3.0.0-SVN-build-199"   #
 
-SAMBA_VERSION_IS_GIT_SNAPSHOT=no
+SAMBA_VERSION_IS_GIT_SNAPSHOT=yes
 
 
 # This is for specifying a release nickname#
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 021f2e7..3eea285 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,109 @@
=
+   Release Notes for Samba 4.7.7
+   April 12, 2018
+   =
+
+
+This is the latest stable release of the Samba 4.7 release series.
+
+
+Changes since 4.7.6:
+
+
+o  Jeremy Allison 
+   * BUG 13206: s4:auth_sam: Allow logons with an empty domain name.
+   * BUG 13244: s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on
+ error, we don't own it here.
+   * BUG 13270: s3: smbd: Fix possible directory fd leak if the underlying
+ OS doesn't support fdopendir().
+   * BUG 13319: Round-tripping ACL get/set through vfs_fruit will increase
+ the number of ACE entries without limit.
+   * BUG 13347: s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically
+ debug credit issues.
+   * BUG 13358: s3: smbd: Files or directories can't be opened DELETE_ON_CLOSE
+ without delete access.
+   * BUG 13372: s3: smbd: Fix memory leak in vfswrap_getwd().
+   * BUG 13375: s3: smbd: Unix extensions attempts to change wrong field
+ in fchown call.
+
+o  Ralph Boehme 
+   * BUG 13363: s3:smbd: Don't use the directory cache for SMB2/3.
+
+o  Günther Deschner 
+   * BUG 13277: build: Fix libceph-common detection.
+
+o  David Disseldorp 
+   * BUG 13250: build: Fix ceph_statx check when configured with libcephfs_dir.
+
+o  Poornima G 
+   * BUG 13297: vfs_glusterfs: Fix the wrong pointer being sent in
+ glfs_fsync_async.
+
+o  Amitay Isaacs 
+   * BUG 13359: ctdb-scripts: Drop 'net serverid wipe' from 50.samba event
+ script.
+
+o  Lutz Justen 
+   * BUG 13368: s3: lib: messages: Don't use the result of sec_init() before
+ calling sec_init().
+
+o  Volker Lendecke 
+   * BUG 13215: smbd can panic if the client-supplied channel sequence number
+ wraps.
+   * BUG 13367: dsdb: Fix CID 1034966 Uninitialized scalar variable.
+
+o  Stefan Metzmacher 
+   * BUG 13206: s3:libsmb: Allow -U"\\administrator" to work.
+   * BUG 13328: Windows 10 cannot logon on Samba NT4 domain.
+
+o  David Mulder 
+   * BUG 13050: smbc_opendir should not return EEXIST with invalid login
+ credentials.
+
+o  Anton Nefedov
+   * BUG 13338: s3:smbd: map nterror on smb2_flush errorpath.
+
+o  Dan Robertson 
+   * BUG 13310: libsmb: Use smb2 tcon if conn_protocol >= SMB2_02.
+
+o  Garming Sam 
+   * BUG 13031: subnet: Avoid a segfault when renaming subnet objects.
+
+o  Christof Schmitt 
+   * BUG 13312: 'wbinfo --name-to-sid' returns misleading result on invalid
+ query.
+
+o  Andreas Schneider 
+   * BUG 13315: s3:smbd: Do not crash if we fail to init the session table.
+
+o

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-04-13 Thread Stefan Metzmacher 
The branch, v4-7-test has been updated
   via  5a2066f torture: Test compound request request counters
   via  bb15458 s3:smb2_server: correctly maintain request counters for 
compound requests
  from  686b2ba winbindd: Do not ignore domain in the LOOKUPNAME request

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 5a2066f5ca52d8f1421139f27112183952070a05
Author: Volker Lendecke 
Date:   Wed Apr 11 15:11:10 2018 +0200

torture: Test compound request request counters

This will send an unfixed smbd into the

SMB_ASSERT(op->request_count > 0);

in smbd_smb2_request_reply_update_counts

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13215
Signed-off-by: Volker Lendecke 
Reviewed-by: Stefan Metzmacher 

Autobuild-User(master): Volker Lendecke 
Autobuild-Date(master): Thu Apr 12 14:38:39 CEST 2018 on sn-devel-144

(cherry picked from commit 40edd1bc273f664d5567ef5be169033899acee1f)

Autobuild-User(v4-7-test): Stefan Metzmacher 
Autobuild-Date(v4-7-test): Fri Apr 13 22:48:05 CEST 2018 on sn-devel-144

commit bb15458485e48ce173e54186f1b54aef2e852544
Author: Stefan Metzmacher 
Date:   Wed Apr 11 12:14:59 2018 +0200

s3:smb2_server: correctly maintain request counters for compound requests

If a session expires during a compound request chain,
we exit smbd_smb2_request_dispatch() with
'return smbd_smb2_request_error(req, ...)' before
calling smbd_smb2_request_dispatch_update_counts().

As req->request_counters_updated was only reset
within smbd_smb2_request_dispatch_update_counts(),
smbd_smb2_request_reply_update_counts() was called
twice on the same request, which triggers
SMB_ASSERT(op->request_count > 0);

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13215

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Volker Lendecke 
(cherry picked from commit 87e25cd1e45bfe57292b62ffc44ddafc01c61ca0)

---

Summary of changes:
 source3/smbd/smb2_server.c  |  6 +++-
 source4/torture/smb2/compound.c | 77 +
 2 files changed, 82 insertions(+), 1 deletion(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/smb2_server.c b/source3/smbd/smb2_server.c
index ee03a8e..177e5ff 100644
--- a/source3/smbd/smb2_server.c
+++ b/source3/smbd/smb2_server.c
@@ -2180,7 +2180,7 @@ static NTSTATUS smbd_smb2_request_dispatch_update_counts(
bool update_open = false;
NTSTATUS status = NT_STATUS_OK;
 
-   req->request_counters_updated = false;
+   SMB_ASSERT(!req->request_counters_updated);
 
if (xconn->protocol < PROTOCOL_SMB2_22) {
return NT_STATUS_OK;
@@ -2315,6 +2315,8 @@ NTSTATUS smbd_smb2_request_dispatch(struct 
smbd_smb2_request *req)
 
DO_PROFILE_INC(request);
 
+   SMB_ASSERT(!req->request_counters_updated);
+
/* TODO: verify more things */
 
flags = IVAL(inhdr, SMB2_HDR_FLAGS);
@@ -2755,6 +2757,8 @@ static void smbd_smb2_request_reply_update_counts(struct 
smbd_smb2_request *req)
return;
}
 
+   req->request_counters_updated = false;
+
if (xconn->protocol < PROTOCOL_SMB2_22) {
return;
}
diff --git a/source4/torture/smb2/compound.c b/source4/torture/smb2/compound.c
index c592308..d2d4d7e 100644
--- a/source4/torture/smb2/compound.c
+++ b/source4/torture/smb2/compound.c
@@ -1030,6 +1030,81 @@ done:
return ret;
 }
 
+static bool test_compound_invalid4(struct torture_context *tctx,
+  struct smb2_tree *tree)
+{
+   struct smb2_create cr;
+   struct smb2_read rd;
+   NTSTATUS status;
+   const char *fname = "compound_invalid4.dat";
+   struct smb2_close cl;
+   bool ret = true;
+   bool ok;
+   struct smb2_request *req[2];
+
+   smb2_transport_credits_ask_num(tree->session->transport, 2);
+
+   smb2_util_unlink(tree, fname);
+
+   ZERO_STRUCT(cr);
+   cr.in.security_flags  = 0x00;
+   cr.in.oplock_level= 0;
+   cr.in.impersonation_level = NTCREATEX_IMPERSONATION_IMPERSONATION;
+   cr.in.create_flags= 0x;
+   cr.in.reserved= 0x;
+   cr.in.desired_access  = SEC_RIGHTS_FILE_ALL;
+   cr.in.file_attributes = FILE_ATTRIBUTE_NORMAL;
+   cr.in.share_access= NTCREATEX_SHARE_ACCESS_READ |
+   NTCREATEX_SHARE_ACCESS_WRITE |
+   NTCREATEX_SHARE_ACCESS_DELETE;
+   cr.in.create_disposition  = NTCREATEX_DISP_OPEN_IF;
+   cr.in.create_options  =

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-04-11 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  686b2ba winbindd: Do not ignore domain in the LOOKUPNAME request
   via  81c3e2d Add test for wbinfo name lookup
   via  ccbdb3c nsswitch: Fix wbcListGroups test
   via  af5d75d nsswitch: Fix wbcListUsers test
   via  705b1fa test_smbclient_s3.sh: Use correct separator in "list with 
backup privilege" test
  from  d7f84b6 s3: smbd: Unix extensions attempts to change wrong field in 
fchown call.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 686b2ba3641f6c0367dd8531cab5feda51837416
Author: Christof Schmitt 
Date:   Wed Feb 28 12:05:34 2018 -0700

winbindd: Do not ignore domain in the LOOKUPNAME request

A LOOKUPNAME request with a domain and a name containing a winbind
separator character would return the result for the joined domain,
instead of the specified domain.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13312

Signed-off-by: Christof Schmitt 
Reviewed-by: Andreas Schneider 

Autobuild-User(master): Andreas Schneider 
Autobuild-Date(master): Fri Apr  6 21:03:31 CEST 2018 on sn-devel-144

(cherry picked from commit 1775ac8aa4dc00b9a0845ade238254ebb8b32429)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Wed Apr 11 13:53:02 CEST 2018 on sn-devel-144

commit 81c3e2dbc830563d3721005974bdbc46b595f7d5
Author: Christof Schmitt 
Date:   Wed Feb 28 13:10:43 2018 -0700

Add test for wbinfo name lookup

This demonstrates that wbinfo -n / --name-to-sid returns information
instead of failing the request. More specifically the query for
INVALIDDOMAIN//user returns the user SID for the joined domain, instead
of failing the request.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13312

Signed-off-by: Christof Schmitt 
Reviewed-by: Andreas Schneider 
(cherry picked from commit 552a00ec1f6795b9025298931a6cc50ebe552052)

commit ccbdb3c0741feaea1645f8777251b62f40e9a4e3
Author: Christof Schmitt 
Date:   Fri Mar 30 14:35:03 2018 -0700

nsswitch: Fix wbcListGroups test

With an AD DC, wbcListGroups returns the users in the DOMAIN SEPARATOR
GROUPNAME format.  The test then calls wbcLookupName with the domain
name and the previous string (including domain and separator) as
username. Fix this by passing the correct username and adding some
additional checks.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13312

Signed-off-by: Christof Schmitt 
Reviewed-by: Andreas Schneider 
(cherry picked from commit f4db4e86c341a89357082e81e30c302440647530)

commit af5d75d009eac8f24c44c407dbe4efebceaff695
Author: Christof Schmitt 
Date:   Fri Mar 30 14:28:46 2018 -0700

nsswitch: Fix wbcListUsers test

With an AD DC, wbcListUsers returns the users in the DOMAIN SEPARATOR
USERNAME format.  The test then calls wbcLookupName with the domain name
and the previous string (including domain and separator) as username.
Fix this by passing the correct username and adding some additional
checks.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13312

Signed-off-by: Christof Schmitt 
Reviewed-by: Andreas Schneider 
(cherry picked from commit 3c146be404affc894c0c702bbfbfcc4fb9ed902b)

commit 705b1fa689829b0234209d245b950e3927439c15
Author: Christof Schmitt 
Date:   Fri Mar 16 13:52:14 2018 -0700

test_smbclient_s3.sh: Use correct separator in "list with backup privilege" 
test

Samba selftest uses the forward slash as winbind separator and in the
USERNAME passed to the test. "net sam rights" expect the backslash. Map
the separator used in selftest to a backslash to avoid creating an
incorrect username DOMAIN\DOMAIN/USERNAME.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13312

Signed-off-by: Christof Schmitt 
Reviewed-by: Andreas Schneider 
(cherry picked from commit 6f07afad07d9c670a00d9d314a8134efdda5e424)

---

Summary of changes:
 nsswitch/libwbclient/tests/wbclient.c | 66 ++-
 nsswitch/tests/test_wbinfo_name_lookup.sh | 40 +++
 source3/script/tests/test_smbclient_s3.sh | 10 +++--
 source3/selftest/tests.py |  4 ++
 source3/winbindd/winbindd_lookupname.c| 33 ++--
 5 files changed, 136 insertions(+), 17 deletions(-)
 create mode 100755 nsswitch/tests/test_wbinfo_name_lookup.sh


Changeset truncated at 500 lines:

diff --git a/nsswitch/libwbclient/tests/wbclient.c

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-04-10 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  d7f84b6 s3: smbd: Unix extensions attempts to change wrong field in 
fchown call.
  from  00428e8 s3: smbd: Fix memory leak in vfswrap_getwd()

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit d7f84b64897192c252b992db0d9b5f06845d53c5
Author: Jeremy Allison 
Date:   Mon Apr 9 09:32:23 2018 -0700

s3: smbd: Unix extensions attempts to change wrong field in fchown call.

Cut and paste error.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13375

Reported-by: Rungta, Vandana 
Signed-off-by: Jeremy Allison 
Reviewed-by: David Disseldorp 

Autobuild-User(master): David Disseldorp 
Autobuild-Date(master): Tue Apr 10 00:45:56 CEST 2018 on sn-devel-144

(cherry picked from commit 3227b110d065500ed84fc70063da70ab35823a2e)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Wed Apr 11 02:26:18 CEST 2018 on sn-devel-144

---

Summary of changes:
 source3/smbd/trans2.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index de6073a..d028dd0 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -7783,10 +7783,10 @@ static NTSTATUS 
smb_set_file_unix_basic(connection_struct *conn,
 
DEBUG(10,("smb_set_file_unix_basic: SMB_SET_FILE_UNIX_BASIC "
  "changing group %u for file %s\n",
- (unsigned int)set_owner,
+ (unsigned int)set_grp,
  smb_fname_str_dbg(smb_fname)));
if (fsp && fsp->fh->fd != -1) {
-   ret = SMB_VFS_FCHOWN(fsp, set_owner, (gid_t)-1);
+   ret = SMB_VFS_FCHOWN(fsp, (uid_t)-1, set_grp);
} else {
/*
 * UNIX extensions calls must always operate


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-04-10 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  00428e8 s3: smbd: Fix memory leak in vfswrap_getwd()
   via  d217375 s3: lib: messages: Don't use the result of sec_init() 
before calling sec_init().
   via  c62c1c9 dsdb: Fix CID 1034966 Uninitialized scalar variable
   via  119c28b s3:smbd: don't use the directory cache for SMB2/3
   via  4de5e3b ctdb-scripts: Drop "net serverid wipe" from 50.samba event 
script
  from  8ac2ffa s4: torture: Test all combinations of directory open with 
existing directory to ensure behavior is the same.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 00428e8b36ee25110922989ec5507f875aba8797
Author: Jeremy Allison 
Date:   Fri Apr 6 13:52:52 2018 -0700

s3: smbd: Fix memory leak in vfswrap_getwd()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13372

Signed-off-by: Andrew Walker .
Reviewed-by: Jeremy Allison 
Reviewed-by: Ralph Boehme 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Mon Apr  9 21:48:12 CEST 2018 on sn-devel-144

(cherry picked from commit 461a1172ff819692aa0a2dc5ce7fc5379c8a529e)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Tue Apr 10 14:09:46 CEST 2018 on sn-devel-144

commit d217375a87d49d65aeff9957d50046722b40e734
Author: Lutz Justen 
Date:   Wed Apr 4 09:50:12 2018 -0700

s3: lib: messages: Don't use the result of sec_init() before calling 
sec_init().

Commit ad8c7171ba86e8a47d78b0c7329bb814e5a8871e accidently
moved sec_init() to the point after sec_initial_uid() is
called in the call to directory_create_or_exist_strict().
I missed this in the review (sorry). This works as root
as initial_uid/initial_gid are static (and so initialized
as zero) but doesn't work on ChromeOS as this code isn't
running as root.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13368

Signed-off-by: Lutz Justen 
Reviewed-by: Jeremy Allison 
Reviewed-by: Andreas Schneider 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Wed Apr  4 23:52:02 CEST 2018 on sn-devel-144

(cherry picked from commit e895b6cf4a7eb3d50d618a022be74db85975bf69)

commit c62c1c93f5712e7c3590eb9b9df9573300bd229a
Author: Volker Lendecke 
Date:   Wed Mar 28 15:43:53 2018 -0500

dsdb: Fix CID 1034966 Uninitialized scalar variable

"continue" in a do-while loop jumps to the "while"-check, so "id_exists" 
needs
to be initialized by that point.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13367

Signed-off-by: Volker Lendecke 
Reviewed-by: Jeremy Allison 
Reviewed-by: Stefan Metzmacher 
(cherry picked from commit 925d1f23291c4bdbc832977b2b4577964b8301c8)

commit 119c28bba77f258f3d2912b9524884b369200b2d
Author: Ralph Boehme 
Date:   Thu Mar 29 20:06:47 2018 +0200

s3:smbd: don't use the directory cache for SMB2/3

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13363

Signed-off-by: Ralph Boehme 
Reviewed-by: Jeremy Allison 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Fri Mar 30 03:51:48 CEST 2018 on sn-devel-144

(cherry picked from commit 66052fdccd28922cf1caa2bc750e39051a6414cf)

commit 4de5e3bb09a62eae2e2f8f27d84251a5695ecf92
Author: Amitay Isaacs 
Date:   Thu Mar 29 10:45:19 2018 +1100

ctdb-scripts: Drop "net serverid wipe" from 50.samba event script

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13359

There is no serverid database anymore.

Signed-off-by: Amitay Isaacs 
Reviewed-by: Volker Lendecke 
Reviewed-by: Martin Schwenke 

Autobuild-User(master): Martin Schwenke 
Autobuild-Date(master): Sat Mar 31 08:34:00 CEST 2018 on sn-devel-144

(cherry picked from commit 6b75d2c650aa9ee632122fa87ea8a2a98f1fa613)

---

Summary of changes:
 ctdb/config/events.d/50.samba  |  2 --
 .../smbdotconf/misc/directorynamecachesize.xml |  5 ++--
 source3/lib/messages.c |  9 --
 source3/modules/vfs_default.c  |  9 --
 source3/smbd/dir.c | 32 --
 source4/dsdb/samdb/ldb_modules/samldb.c|  1 +
 6 files changed, 46 insertions(+), 12 deletions(-)


Changeset truncated at 500 lines:

diff --git a/ctdb/config/events.d/50.samba

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-04-04 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  8ac2ffa s4: torture: Test all combinations of directory open with 
existing directory to ensure behavior is the same.
   via  2500fe7 s4: torture: Test all combinations of directory create to 
ensure behavior is the same.
   via  ada7126 s4: torture: Test all combinations of file open with 
existing file to ensure behavior is the same.
   via  1d8c67f s4: torture: Test all combinations of file create to ensure 
behavior is the same.
   via  052ca44 s4: torture: Ensure a failed file create doesn't create the 
file.
   via  bd2c850 s3: smbd: Files or directories can't be opened 
DELETE_ON_CLOSE without delete access.
   via  9f2bae3 Allow AESNI to be used on all processor supporting AESNI, 
not just Intel's This improves performance/reduced CPU usage. Tests performed: 
- Ran on Ivy Bridge and Ryzen and verified that AESNI is detected (crypto 
tests) - Ran on Ryzen, and observed 50% increased speed.
   via  b44b079 smbc_opendir should not return EEXIST with invalid login 
credentials
  from  214291f s3: docs: Add documentation for "smb2" and "smb2_credits" 
debug classes.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 8ac2ffaa0060cff4df92e1c90ff4b648a301d74d
Author: Jeremy Allison 
Date:   Wed Mar 28 13:19:12 2018 -0700

s4: torture: Test all combinations of directory open with existing 
directory to ensure behavior is the same.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13358

Signed-off-by: Jeremy Allison 
Reviewed-by: Volker Lendecke 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Thu Mar 29 23:13:42 CEST 2018 on sn-devel-144

(cherry picked from commit c98cd0f25edaae7558f18fd331e2fef3aabb61f2)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Wed Apr  4 16:56:29 CEST 2018 on sn-devel-144

commit 2500fe7c4014f3da3d768360be6cad5d29c3c35b
Author: Jeremy Allison 
Date:   Wed Mar 28 13:17:14 2018 -0700

s4: torture: Test all combinations of directory create to ensure behavior 
is the same.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13358

Signed-off-by: Jeremy Allison 
Reviewed-by: Volker Lendecke 
(cherry picked from commit fd9084336e7e86ccec83141d880fd7c336c23b6c)

commit ada71264ddf1b19ae17e593015b12bf3b523be39
Author: Jeremy Allison 
Date:   Wed Mar 28 11:44:40 2018 -0700

s4: torture: Test all combinations of file open with existing file to 
ensure behavior is the same.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13358

Signed-off-by: Jeremy Allison 
Reviewed-by: Volker Lendecke 
(cherry picked from commit 820b35bb1ceb445eb3659b67eedfb0a2f5b2f976)

commit 1d8c67f44feaf4c2b3c6b9ae2dcdbb965c94f7ae
Author: Jeremy Allison 
Date:   Wed Mar 28 11:00:59 2018 -0700

s4: torture: Test all combinations of file create to ensure behavior is the 
same.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13358

Signed-off-by: Jeremy Allison 
Reviewed-by: Volker Lendecke 
(cherry picked from commit 22fe8dcb77565495886244e88bb0433363d1f80a)

commit 052ca448aca47bbd23ab10a667f392adaa594ed6
Author: Jeremy Allison 
Date:   Wed Mar 28 10:54:30 2018 -0700

s4: torture: Ensure a failed file create doesn't create the file.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13358

Signed-off-by: Jeremy Allison 
Reviewed-by: Volker Lendecke 
(cherry picked from commit 53cdf7a9a18ed547eade4c3cdd80d286058e440d)

commit bd2c850c3dd74b3a8e9ff7a4d4af1cfe7cf87079
Author: Jeremy Allison 
Date:   Wed Mar 28 12:42:20 2018 -0700

s3: smbd: Files or directories can't be opened DELETE_ON_CLOSE without 
delete access.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13358

Signed-off-by: Jeremy Allison 
Reviewed-by: Volker Lendecke 
(cherry picked from commit 2514bee0a3b0a12430e2679ee590075c54d4803a)

commit 9f2bae39970e020420238edfff7aa999bd5ba52a
Author: Eric Vannier 
Date:   Thu Mar 22 21:32:56 2018 -0700

Allow AESNI to be used on all processor supporting AESNI, not just Intel's 
This improves performance/reduced CPU usage. Tests performed: - Ran on Ivy 
Bridge and Ryzen and verified that AESNI is detected (crypto tests) - Ran on 
Ryzen, and observed 50% increased speed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13302

Signed-off-by: Eric Vannier 
Reviewed-by: Jeremy

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-03-22 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  214291f s3: docs: Add documentation for "smb2" and "smb2_credits" 
debug classes.
   via  2546926 s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically 
debug credit issues.
   via  465f3a3 lib: debug: Add DBGC_XXX versions of the macros to allow 
class-specific messages.
   via  8bfe55e s3: debug: smb2: Create a new DBGC_SMB2 debug class and 
mark all smbd/smb2_*.c files with it.
   via  fe02c78 s3:smbd: map nterror on smb2_flush errorpath
   via  62388a0 s3: smbd: Fruit. Make the use of dom_sid_compare_domain() 
much clearer.
   via  8b9e15b s4: vfs: fruit tests: Add regression test for dealing with 
NFS ACE entries.
   via  8df51e5 selftest: vfs.fruit: add xattr_tdb where possible
   via  bb8bbed selftest: run vfs.fruit_netatalk test against seperate share
   via  3893417 s3: smbd: vfs_fruit: Replace code in fruit_fget_nt_acl() 
with remove_virtual_nfs_aces().
   via  85553b7 s3: smbd: vfs_fruit: Replace code in check_ms_nfs() with 
remove_virtual_nfs_aces().
   via  bf3e904 s3: smbd: vfs_fruit: Add remove_virtual_nfs_aces() a 
generic NFS ACE remover.
   via  db293b8 s3: vfs_fruit. Change check_ms_nfs() to remove the virtual 
ACE's generated by fruit_fget_nt_acl().
   via  a37fad5 s3: vfs_fruit. If the security descriptor was modified, 
ensure we set the flags correctly to reflect the ACE's left.
   via  9b5d24d s3: vfs_fruit: Ensure we operate on a copy of the incoming 
security descriptor.
   via  15391e3 s3: vfs_fruit. Ensure we only return one set of the 
'virtual' UNIX ACE entries.
   via  ea6c0ae vfs_glusterfs: Fix the wrong pointer being sent in 
glfs_fsync_async
   via  6d4906c s3: smbd: Fix possible directory fd leak if the underlying 
OS doesn't support fdopendir()
   via  520672e s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed 
on error, we don't own it here.
  from  7a49112 s4:auth_sam: allow logons with an empty domain name

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 214291f832510b2e0245c0703c7ee1ca5c41f0c6
Author: Jeremy Allison 
Date:   Wed Mar 21 12:56:12 2018 -0700

s3: docs: Add documentation for "smb2" and "smb2_credits" debug classes.

https://bugzilla.samba.org/show_bug.cgi?id=13347

Signed-off-by: Jeremy Allison 
Reviewed-by: Ralph Böhme 
(cherry picked from commit fc922bd29b40a20450f16728fa7347f8f83d3bcd)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Fri Mar 23 02:37:09 CET 2018 on sn-devel-144

commit 25469265883a0e63baee72ab3d1ff250ad122264
Author: Jeremy Allison 
Date:   Wed Mar 21 12:52:49 2018 -0700

s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically debug credit 
issues.

https://bugzilla.samba.org/show_bug.cgi?id=13347

Signed-off-by: Jeremy Allison 
Reviewed-by: Ralph Böhme 
(cherry picked from commit ad973fddef00d6d92443be89e7f5404006a94d99)

commit 465f3a39b11ce7caf28d36e4168f7a1eeb76ee0a
Author: Jeremy Allison 
Date:   Wed Mar 21 12:40:50 2018 -0700

lib: debug: Add DBGC_XXX versions of the macros to allow class-specific 
messages.

https://bugzilla.samba.org/show_bug.cgi?id=13347

Signed-off-by: Jeremy Allison 
Reviewed-by: Ralph Böhme 
(cherry picked from commit cdde6d93605d15a59e816a35e8e02ca193bf1403)

commit 8bfe55e063fbb79048dcf715520265f3ac814434
Author: Jeremy Allison 
Date:   Wed Mar 21 12:01:05 2018 -0700

s3: debug: smb2: Create a new DBGC_SMB2 debug class and mark all 
smbd/smb2_*.c files with it.

Will allow easier smb2-specific debugging.

https://bugzilla.samba.org/show_bug.cgi?id=13347

Signed-off-by: Jeremy Allison 
Reviewed-by: Ralph Böhme 
(cherry picked from commit 8dabcf8948c2e514b489169c34673e093519b583)

commit fe02c78becb2f0bed3fe876157f2ea2d52bb0a97
Author: Anton Nefedov via samba-technical 
Date:   Thu Mar 15 14:38:41 2018 +0300

s3:smbd: map nterror on smb2_flush errorpath

smbd_smb2_flush_recv() expects nterror in tevent_req, and otherwise
aborts in tevent_req_is_nterror()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13338

Signed-off-by: Anton Nefedov 
Reviewed-by: Volker Lendecke 
Reviewed-by: Jeremy Allison 
(cherry picked from commit 98623129446672521b7fa41d3457b8ce95db828c)

commit 62388a06a548e83decd0e74d3003f6c03b742729
Author: Jeremy Allison 
Date:   Mon Mar 19 15:46:41 2018 -0700

s3: smbd: Fruit. Make the use of dom_sid_compare_domain() much clearer.

BUG:

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-03-20 Thread Stefan Metzmacher 
The branch, v4-7-test has been updated
   via  7a49112 s4:auth_sam: allow logons with an empty domain name
   via  7ea5588 tests/bind.py: Add a bind test with NTLMSSP with no domain
   via  35c8220 tests/py_creds: Add a SamLogonEx test with an empty string 
domain
   via  04cc893 s3:cliconnect.c: remove useless ';'
   via  4c087a0 s3:libsmb: allow -U"\administrator" to work
   via  6c1dde6 s3:auth: make use of make_{server,session}_info_anonymous()
   via  47b1336 s3:rpc_server: make use of make_session_info_anonymous()
   via  8f69498 s3:auth: add make_{server,session}_info_anonymous()
   via  c3fdc61 s3:auth: pass the whole auth_session_info from 
copy_session_info_serverinfo_guest() to create_local_token()
   via  1902652 s3:auth: base make_new_session_info_system() on 
auth_system_user_info_dc() and auth3_create_session_info()
   via  b8c518d s3:auth: add auth3_user_info_dc_add_hints() and 
auth3_session_info_create()
   via  104de61 auth: add auth_user_info_copy() function
   via  8b5253e s3:auth: remove static from finalize_local_nt_token()
   via  627a86b s3:auth: pass AUTH_SESSION_INFO_* flags to 
finalize_local_nt_token()
   via  ecee945 s3:auth: don't try to expand system or anonymous tokens in 
finalize_local_nt_token()
   via  7687d26 s3:auth: add add_builtin_guests() handling to 
finalize_local_nt_token()
   via  e0e4aa1 s3:auth: only call secrets_fetch_domain_sid() once in 
finalize_local_nt_token()
   via  c1f61c0 s3:passdb: handle dom_sid=NULL in 
create_builtin_{users,administrators}()
   via  85097b1 s3:auth: move add_local_groups() out of 
finalize_local_nt_token()
   via  1258f28 s3:auth: add the "Unix Groups" sid for the primary gid
   via  b991dca s3:auth: remove unused auth_serversupplied_info->system
   via  ff7a8e4 libcli/security: only announce a session as GUEST if 
'Builtin\Guests' is there without 'Authenticated User'
   via  e39a5bd s3:selftest: run SMB2-ANONYMOUS
   via  23d1850 s3:torture: add SMB2-ANONYMOUS which asserts no GUEST bit 
for anonymous
  from  17977a9 Merge tag 'samba-4.7.6' into v4-7-test

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 7a49112b5077381383d9d6c2b5356e6208dceaf0
Author: Stefan Metzmacher 
Date:   Tue Jan 9 08:54:11 2018 +0100

s4:auth_sam: allow logons with an empty domain name

It turns out that an empty domain name maps to the local SAM.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Andrew Bartlett 

Autobuild-User(master): Andrew Bartlett 
Autobuild-Date(master): Fri Feb 23 04:08:26 CET 2018 on sn-devel-144

(cherry picked from commit 57762229da971e837b923f09ca01bad6151f9419)

Autobuild-User(v4-7-test): Stefan Metzmacher 
Autobuild-Date(v4-7-test): Tue Mar 20 21:51:18 CET 2018 on sn-devel-144

commit 7ea5588d089b5b97f307c71aa4de78fe0aa2441b
Author: Garming Sam 
Date:   Mon Jan 8 16:34:02 2018 +1300

tests/bind.py: Add a bind test with NTLMSSP with no domain

Confirmed to pass against Windows 2012 R2.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206

Signed-off-by: Garming Sam 
Reviewed-by: Andrew Bartlett 
Reviewed-by: Stefan Metzmacher 
(cherry picked from commit 2e49a9ebf5bffbeadca03517b4a21bca24c0)

commit 35c8220990a2671443ca6b9f457efd72a427be9e
Author: Garming Sam 
Date:   Mon Jan 8 13:36:59 2018 +1300

tests/py_creds: Add a SamLogonEx test with an empty string domain

This test passes against 4.6, but failed against 4.7.5 and master.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206

Signed-off-by: Garming Sam 
Reviewed-by: Andrew Bartlett 
Reviewed-by: Stefan Metzmacher 
(cherry picked from commit 5c625eae3f54e8de434de26e9f6a0f2fde557c18)

commit 04cc8936c3f90bf3bbb05bce25c55212c8f0823b
Author: Stefan Metzmacher 
Date:   Tue Jan 9 08:57:05 2018 +0100

s3:cliconnect.c: remove useless ';'

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Andrew Bartlett 
(cherry picked from commit e039e9b0d2a16b21ace019b028e5c8244486b8a3)

commit 4c087a0e9e8ffd797e810f7dc21d630fd6833eed
Author: Stefan Metzmacher 
Date:   Tue Jan 9 08:55:48 2018 +0100

s3:libsmb: allow -U"\\administrator" to work

cli_credentials_get_principal() returns NULL in that case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13206

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-03-13 Thread Stefan Metzmacher 
The branch, v4-7-test has been updated
   via  17977a9 Merge tag 'samba-4.7.6' into v4-7-test
   via  5cfa947 VERSION: Disable GIT_SNAPSHOT for the 4.7.6 release.
   via  4119137 WHATSNEW: Add release notes for Samba 4.7.6.
   via  11fbafc CVE-2018-1057: s4:dsdb/acl: changing dBCSPwd is only 
allowed with a control
   via  86b41e9 CVE-2018-1057: s4:dsdb: use 
DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID
   via  f11f3cc CVE-2018-1057: s4:dsdb/samdb: define 
DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID control
   via  32d65d8 CVE-2018-1057: s4:dsdb/acl: run password checking only once
   via  946bab0 CVE-2018-1057: s4/dsdb: correctly detect password resets
   via  bb2ab8e CVE-2018-1057: s4:dsdb/acl: add a NULL check for 
talloc_new() in acl_check_password_rights()
   via  a6221ea CVE-2018-1057: s4:dsdb/acl: add check for 
DSDB_CONTROL_PASSWORD_HASH_VALUES_OID control
   via  32384ea CVE-2018-1057: s4:dsdb/acl: check for internal controls 
before other checks
   via  31088fa CVE-2018-1057: s4:dsdb/acl: remove unused else branches in 
acl_check_password_rights()
   via  50eb427 CVE-2018-1057: s4:dsdb/acl: only call dsdb_acl_debug() if 
we checked the acl in acl_check_password_rights()
   via  e2acd0d CVE-2018-1057: s4:dsdb/password_hash: add a helper variable 
for passwordAttr->num_values
   via  5ad58a9 CVE-2018-1057: s4:dsdb/password_hash: add a helper variable 
for LDB_FLAG_MOD_TYPE
   via  d8de52b CVE-2018-1057: s4:dsdb/tests: add a test for password 
change with empty delete
   via  9f9db58 CVE-2018-1050: s3: RPC: spoolss server. Protect against 
null pointer derefs.
   via  a572eed VERSION: Bump version up to 4.7.6...
  from  cc04ea1 VERSION: Bump version up to 4.7.7.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 17977a918f97309f2d2d2aeaa162766f36342478
Merge: cc04ea1 5cfa947
Author: Stefan Metzmacher 
Date:   Tue Mar 13 11:11:29 2018 +0100

Merge tag 'samba-4.7.6' into v4-7-test

samba: tag release samba-4.7.6

---

Summary of changes:


Changeset truncated at 500 lines:



-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-03-13 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  cc04ea1 VERSION: Bump version up to 4.7.7.
   via  2f57b6d VERSION: Disable GIT_SNAPSHOT for the 4.7.6 release.
   via  f17ddb9 WHATSNEW: Add release notes for Samba 4.7.6.
   via  49b49f1 CVE-2018-1057: s4:dsdb/acl: changing dBCSPwd is only 
allowed with a control
   via  7d8de68 CVE-2018-1057: s4:dsdb: use 
DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID
   via  f797e86 CVE-2018-1057: s4:dsdb/samdb: define 
DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID control
   via  c5a663f CVE-2018-1057: s4:dsdb/acl: run password checking only once
   via  7cc3749 CVE-2018-1057: s4/dsdb: correctly detect password resets
   via  a192242 CVE-2018-1057: s4:dsdb/acl: add a NULL check for 
talloc_new() in acl_check_password_rights()
   via  fd1817c CVE-2018-1057: s4:dsdb/acl: add check for 
DSDB_CONTROL_PASSWORD_HASH_VALUES_OID control
   via  0820307 CVE-2018-1057: s4:dsdb/acl: check for internal controls 
before other checks
   via  0bb68f5 CVE-2018-1057: s4:dsdb/acl: remove unused else branches in 
acl_check_password_rights()
   via  b3746a4 CVE-2018-1057: s4:dsdb/acl: only call dsdb_acl_debug() if 
we checked the acl in acl_check_password_rights()
   via  7ee55ea CVE-2018-1057: s4:dsdb/password_hash: add a helper variable 
for passwordAttr->num_values
   via  43a5d96 CVE-2018-1057: s4:dsdb/password_hash: add a helper variable 
for LDB_FLAG_MOD_TYPE
   via  d15b66c CVE-2018-1057: s4:dsdb/tests: add a test for password 
change with empty delete
   via  b59ca4d CVE-2018-1050: s3: RPC: spoolss server. Protect against 
null pointer derefs.
  from  af47cdb s3:smbd: Do not crash if we fail to init the session table

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit cc04ea177183c054236edd6ab721dc9f36c5dab3
Author: Karolin Seeger 
Date:   Tue Mar 13 10:24:24 2018 +0100

VERSION: Bump version up to 4.7.7.

Signed-off-by: Karolin Seeger 

commit 2f57b6d9aa381dba7646f919dd7c7dc18fab4979
Author: Karolin Seeger 
Date:   Sun Mar 11 22:03:58 2018 +0100

VERSION: Disable GIT_SNAPSHOT for the 4.7.6 release.

CVE-2018-1050 (Denial of Service Attack on external print server.)
CVE-2018-1057 (Authenticated users can change other user's password.)

Signed-off-by: Karolin Seeger 

commit f17ddb96286dbbe45e3aec5f9af1aac4383c0561
Author: Karolin Seeger 
Date:   Sun Mar 11 22:02:30 2018 +0100

WHATSNEW: Add release notes for Samba 4.7.6.

CVE-2018-1050 (Denial of Service Attack on external print server.)
CVE-2018-1057 (Authenticated users can change other user's password.)

Signed-off-by: Karolin Seeger 

commit 49b49f16030858d498e1937d1c81124b65567828
Author: Ralph Boehme 
Date:   Thu Feb 15 23:11:38 2018 +0100

CVE-2018-1057: s4:dsdb/acl: changing dBCSPwd is only allowed with a control

This is not strictly needed to fig bug 13272, but it makes sense to also
fix this while fixing the overall ACL checking logic.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272

Signed-off-by: Ralph Boehme 
Reviewed-by: Stefan Metzmacher 

commit 7d8de684f0ff3882fdb5db549a85d515bef4391c
Author: Ralph Boehme 
Date:   Fri Feb 16 15:38:19 2018 +0100

CVE-2018-1057: s4:dsdb: use DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID

This is used to pass information about which password change operation 
(change
or reset) the acl module validated, down to the password_hash module.

It's very important that both modules treat the request identical.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272

Signed-off-by: Ralph Boehme 
Reviewed-by: Stefan Metzmacher 

commit f797e86896397b9dfd3a235f3537ced6cb37
Author: Ralph Boehme 
Date:   Fri Feb 16 15:30:13 2018 +0100

CVE-2018-1057: s4:dsdb/samdb: define 
DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID control

Will be used to pass "user password change" vs "password reset" from the
ACL to the password_hash module, ensuring both modules treat the request
identical.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272

Signed-off-by: Ralph Boehme 
Reviewed-by: Stefan Metzmacher 

commit c5a663f754148af6fb7e47f5990b93b55abd7342
Author: Ralph Boehme 
Date:   Wed Feb 14 19:15:49 2018 +0100

CVE-2018-1057: s4:dsdb/acl: run password checking only once

This is needed, because a later commit will let the acl module add a
control to the change request msg and we must ensure that this is only
done once.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13272

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-03-08 Thread Stefan Metzmacher 
The branch, v4-7-test has been updated
   via  af47cdb s3:smbd: Do not crash if we fail to init the session table
   via  1efaec6 libsmb: Use smb2 tcon if conn_protocol >= SMB2_02
   via  e8a69b9 torture: Add test for channel sequence number handling
   via  164b38c smbXcli: Add "force_channel_sequence"
   via  f2d311e smbd: Fix channel sequence number checks for long-running 
requests
   via  d5c0ad6 smbd: Remove a "!" from an if-condition for easier 
readability
   via  caca68c torture4: Fix typos
   via  09200da smbd: Fix a typo
  from  b276495 build: fix libceph-common detection

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit af47cdb3e1310ba0a365fa2c5b0161b6554fbead
Author: Andreas Schneider 
Date:   Mon Feb 19 18:07:50 2018 +0100

s3:smbd: Do not crash if we fail to init the session table

This should the following segfault with SMB1:

  #6  sig_fault (sig=) at ../lib/util/fault.c:94
  #7  
  #8  smbXsrv_session_create (conn=conn@entry=0x5654d3512af0, 
now=now@entry=131594481900356690, _session=_session@entry=0x7ffc93a778e8)
  at ../source3/smbd/smbXsrv_session.c:1212
  #9  0x7f7618aa21ef in reply_sesssetup_and_X 
(req=req@entry=0x5654d35174b0) at ../source3/smbd/sesssetup.c:961
  #10 0x7f7618ae17b0 in switch_message (type=, 
req=req@entry=0x5654d35174b0) at ../source3/smbd/process.c:1726
  #11 0x7f7618ae3550 in construct_reply (deferred_pcd=0x0, 
encrypted=false, seqnum=0, unread_bytes=0, size=140, inbuf=0x0, 
xconn=0x5654d35146d0)
  at ../source3/smbd/process.c:1762
  #12 process_smb (xconn=xconn@entry=0x5654d3512af0, inbuf=, 
nread=140, unread_bytes=0, seqnum=0, encrypted=,
  deferred_pcd=deferred_pcd@entry=0x0) at ../source3/smbd/process.c:2008
  #13 0x7f7618ae4c41 in smbd_server_connection_read_handler 
(xconn=0x5654d3512af0, fd=40) at ../source3/smbd/process.c:2608
  #14 0x7f761587eedb in epoll_event_loop_once () from 
/lib64/libtevent.so.0

Inspection the core shows that:
  conn->client-session_table is NULL
  conn->protocol is PROTOCOL_NONE

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13315

Signed-off-by: Andreas Schneider 
Reviewed-by: Jeremy Allison 
(cherry picked from commit a89a7146563f2d9eb8bc02f1c090158ee499c878)

Autobuild-User(v4-7-test): Stefan Metzmacher 
Autobuild-Date(v4-7-test): Thu Mar  8 17:53:27 CET 2018 on sn-devel-144

commit 1efaec6bc9f51e3595ed254e38b6569962d36ee4
Author: Dan Robertson 
Date:   Thu Feb 22 20:47:11 2018 +

libsmb: Use smb2 tcon if conn_protocol >= SMB2_02

When the connection protocol is SMB2 the tid from the smb1 member is
used instead of smb2 in cli_state_set_tid which often results in a null
deref.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13310

Signed-off-by: Dan Robertson 
Reviewed-by: Jeremy Allison 
Reviewed-by: Andreas Schneider 
(cherry picked from commit b67ffaf518c971817b167b41bf6226cddfdcfd2f)

commit e8a69b9a3a58de4d78be1fabe7c5263002528a47
Author: Volker Lendecke 
Date:   Thu Jan 11 11:55:39 2018 +0100

torture: Add test for channel sequence number handling

We run into an assert when the csn wraps

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13215

Signed-off-by: Volker Lendecke 
Reviewed-by: Stefan Metzmacher 

Autobuild-User(master): Stefan Metzmacher 
Autobuild-Date(master): Sun Jan 14 14:47:15 CET 2018 on sn-devel-144

(cherry picked from commit 0abe16a5343de9a69bb5cccbad9809b28b642f45)

commit 164b38ccb778a9128fd6ad29cad72ab96e109f9d
Author: Volker Lendecke 
Date:   Thu Jan 11 11:25:49 2018 +0100

smbXcli: Add "force_channel_sequence"

This enables use of the channel sequence number even for
non-multi-channel servers. This makes our client invalid, but we need to
protect against broken clients with tests.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13215

Signed-off-by: Volker Lendecke 
Reviewed-by: Stefan Metzmacher 
(cherry picked from commit cd288a08500b1cc38ef26e5cb8ef754b4da658b6)

commit f2d311eee9301717b99ed7ae758f0d05958d86b0
Author: Volker Lendecke 
Date:   Thu Jan 11 15:34:45 2018 +0100

smbd: Fix channel sequence number checks for long-running requests

When the client's supplied csn overflows and hits a pending, long-running
request's csn, we panic. Fix this by counting the overflows in
smbXsrv_open_global0->channel_generation

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13215

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-02-28 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  b276495 build: fix libceph-common detection
  from  4978ee1 subnet: Avoid a segfault when renaming subnet objects

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit b27649592001ef64f255380eade6246554c1e216
Author: Günther Deschner 
Date:   Mon Jan 15 23:20:39 2018 +0100

build: fix libceph-common detection

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13277

Guenther

Signed-off-by: Guenther Deschner 
Reviewed-by: David Disseldorp 

Autobuild-User(master): Günther Deschner 
Autobuild-Date(master): Thu Feb 22 19:30:12 CET 2018 on sn-devel-144

(cherry picked from commit 6a59619844e0def505a6bfa778c17721c062e0ee)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Wed Feb 28 16:51:15 CET 2018 on sn-devel-144

---

Summary of changes:
 source3/wscript | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/wscript b/source3/wscript
index 6823e0a..611af5b 100644
--- a/source3/wscript
+++ b/source3/wscript
@@ -1583,11 +1583,13 @@ main() {
 conf.env['CPPPATH_CEPHFS'] = Options.options.libcephfs_dir + '/include'
 conf.env['LIBPATH_CEPHFS'] = Options.options.libcephfs_dir + '/lib'
 conf.env['LIBPATH_CEPH-COMMON'] = Options.options.libcephfs_dir + 
'/lib/ceph'
+else:
+conf.env['LIBPATH_CEPH-COMMON'] = Options.options.LIBDIR + '/ceph'
 
 if (Options.options.with_cephfs and
 conf.CHECK_HEADERS('cephfs/libcephfs.h', False, False, 'cephfs') and
-conf.CHECK_LIB('cephfs', shlib=True) and
-conf.CHECK_LIB('ceph-common', shlib=True)):
+conf.CHECK_LIB('cephfs', shlib=True)):
+conf.CHECK_LIB('ceph-common', shlib=True)
 if Options.options.with_acl_support:
 conf.DEFINE('HAVE_CEPH', '1')
 if conf.CHECK_FUNCS_IN('ceph_statx', 'cephfs ceph-common',


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-02-20 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  4978ee1 subnet: Avoid a segfault when renaming subnet objects
  from  1fa65b4 build: fix ceph_statx check when configured with 
libcephfs_dir

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 4978ee103d7474015e98bff5654d0d4f834e6dcd
Author: Garming Sam 
Date:   Wed Sep 20 14:55:11 2017 +1200

subnet: Avoid a segfault when renaming subnet objects

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13031

Signed-off-by: Garming Sam 
Reviewed-by: Douglas Bagnall 

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Tue Feb 20 17:48:35 CET 2018 on sn-devel-144

---

Summary of changes:
 python/samba/subnets.py | 33 
 source4/dsdb/samdb/ldb_modules/samldb.c |  8 +++---
 source4/dsdb/tests/python/sites.py  | 45 +
 3 files changed, 82 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/python/samba/subnets.py b/python/samba/subnets.py
index e859f06..72eeb0f 100644
--- a/python/samba/subnets.py
+++ b/python/samba/subnets.py
@@ -127,6 +127,39 @@ def delete_subnet(samdb, configDn, subnet_name):
 
 samdb.delete(dnsubnet)
 
+def rename_subnet(samdb, configDn, subnet_name, new_name):
+"""Rename a subnet.
+
+:param samdb: A samdb connection
+:param configDn: The DN of the configuration partition
+:param subnet_name: Name of the subnet to rename
+:param new_name: New name for the subnet
+:return: None
+:raise SubnetNotFound: if the subnet to be renamed does not exist.
+:raise SubnetExists: if the subnet to be created already exists.
+"""
+dnsubnet = ldb.Dn(samdb, "CN=Subnets,CN=Sites")
+if dnsubnet.add_base(configDn) == False:
+raise SubnetException("dnsubnet.add_base() failed")
+if dnsubnet.add_child("CN=X") == False:
+raise SubnetException("dnsubnet.add_child() failed")
+dnsubnet.set_component(0, "CN", subnet_name)
+
+newdnsubnet = ldb.Dn(samdb, str(dnsubnet))
+newdnsubnet.set_component(0, "CN", new_name)
+try:
+samdb.rename(dnsubnet, newdnsubnet)
+except LdbError as (enum, estr):
+if enum == ldb.ERR_NO_SUCH_OBJECT:
+raise SubnetNotFound('Subnet %s does not exist' % subnet)
+elif enum == ldb.ERR_ENTRY_ALREADY_EXISTS:
+raise SubnetAlreadyExists('A subnet with the CIDR %s already 
exists'
+  % new_name)
+elif enum == ldb.ERR_INVALID_DN_SYNTAX:
+raise SubnetInvalid("%s is not a valid subnet: %s" % (new_name,
+  estr))
+else:
+raise
 
 def set_subnet_site(samdb, configDn, subnet_name, site_name):
 """Assign a subnet to a site.
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c 
b/source4/dsdb/samdb/ldb_modules/samldb.c
index 971048d..3e429e1 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -3351,13 +3351,13 @@ static int verify_cidr(const char *cidr)
 }
 
 
-static int samldb_verify_subnet(struct samldb_ctx *ac)
+static int samldb_verify_subnet(struct samldb_ctx *ac, struct ldb_dn *dn)
 {
struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
const char *cidr = NULL;
const struct ldb_val *rdn_value = NULL;
 
-   rdn_value = ldb_dn_get_rdn_val(ac->msg->dn);
+   rdn_value = ldb_dn_get_rdn_val(dn);
if (rdn_value == NULL) {
ldb_set_errstring(ldb, "samldb: ldb_dn_get_rdn_val "
  "failed");
@@ -3588,7 +3588,7 @@ static int samldb_add(struct ldb_module *module, struct 
ldb_request *req)
 
if (samdb_find_attribute(ldb, ac->msg,
 "objectclass", "subnet") != NULL) {
-   ret = samldb_verify_subnet(ac);
+   ret = samldb_verify_subnet(ac, ac->msg->dn);
if (ret != LDB_SUCCESS) {
talloc_free(ac);
return ret;
@@ -3991,7 +3991,7 @@ static int check_rename_constraints(struct ldb_message 
*msg,
 
/* subnet objects */
if (samdb_find_attribute(ldb, msg, "objectclass", "subnet") != NULL) {
-   ret = samldb_verify_subnet(ac);
+   ret = samldb_verify_subnet(ac, newdn);
if (ret != LDB_SUCCESS) {
talloc_free(ac);
return ret;
diff --git a/source4/dsdb/tests/python/sites.py 
b/source4/dsdb/tests/python/sites.py
index a894da3..123e1ec 100755
--- a/source4/dsdb/tests/python/sites.py
+++ b/source4/dsdb/tests/python/sites.py
@@ -183,6 +183,51 @@

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-02-13 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  1fa65b4 build: fix ceph_statx check when configured with 
libcephfs_dir
  from  5c782d5 VERSION: Bump version up to 4.7.6...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 1fa65b4e832c690412ed40b72ed7772e63d44ec5
Author: David Disseldorp 
Date:   Thu Jul 20 11:10:57 2017 +0200

build: fix ceph_statx check when configured with libcephfs_dir

When configured with a custom libcephfs_dir, the ceph_statx check fails
to link. This is due to the location of the ceph-common dependency,
which is installed under a ceph subdirectory.

ceph/build > make DESTDIR=./inst install
...
ceph/build > find inst/|grep -e /libcephfs -e /libceph-common
inst/usr/local/lib64/ceph/libceph-common.so.0
inst/usr/local/lib64/ceph/libceph-common.so
inst/usr/local/lib64/libcephfs.so.2.0.0
inst/usr/local/lib64/libcephfs.so.2
inst/usr/local/lib64/libcephfs.so
inst/usr/local/include/cephfs/libcephfs.h

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13250

Signed-off-by: David Disseldorp 
Reviewed-by: Jeff Layton 

(cherry picked from commit ff7df3d3f5259362a6bb6780d6b532e57e89681d)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Tue Feb 13 14:05:47 CET 2018 on sn-devel-144

---

Summary of changes:
 source3/wscript | 9 +++--
 1 file changed, 7 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/wscript b/source3/wscript
index aa1a7b3..6823e0a 100644
--- a/source3/wscript
+++ b/source3/wscript
@@ -1582,11 +1582,16 @@ main() {
 if Options.options.libcephfs_dir:
 conf.env['CPPPATH_CEPHFS'] = Options.options.libcephfs_dir + '/include'
 conf.env['LIBPATH_CEPHFS'] = Options.options.libcephfs_dir + '/lib'
+conf.env['LIBPATH_CEPH-COMMON'] = Options.options.libcephfs_dir + 
'/lib/ceph'
 
-if conf.CHECK_HEADERS('cephfs/libcephfs.h', False, False, 'cephfs') and 
conf.CHECK_LIB('cephfs', shlib=True) and Options.options.with_cephfs:
+if (Options.options.with_cephfs and
+conf.CHECK_HEADERS('cephfs/libcephfs.h', False, False, 'cephfs') and
+conf.CHECK_LIB('cephfs', shlib=True) and
+conf.CHECK_LIB('ceph-common', shlib=True)):
 if Options.options.with_acl_support:
 conf.DEFINE('HAVE_CEPH', '1')
-if conf.CHECK_FUNCS_IN('ceph_statx', 'cephfs', 
headers='cephfs/libcephfs.h'):
+if conf.CHECK_FUNCS_IN('ceph_statx', 'cephfs ceph-common',
+   headers='cephfs/libcephfs.h'):
 conf.DEFINE('HAVE_CEPH_STATX', '1')
 else:
 Logs.warn("ceph support disabled due to --without-acl-support")


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-02-07 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  5c782d5 VERSION: Bump version up to 4.7.6...
   via  c15b477 VERSION: Disable GIT_SNAPSHOT for the 4.7.5 release.
   via  bbf315b WHATSNEW: Add release notes for Samba 4.7.5.
  from  9f4091b dbcheck: skip find_missing_forward_links_from_backlinks() 
if the db has the sortedLinks feature

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 5c782d5f7670d7855990cd359b919706d584ac4b
Author: Karolin Seeger 
Date:   Wed Feb 7 09:27:59 2018 +0100

VERSION: Bump version up to 4.7.6...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger 

commit c15b47761e1f10748f7b6eafd2e7a01ddcf10660
Author: Karolin Seeger 
Date:   Wed Feb 7 09:26:57 2018 +0100

VERSION: Disable GIT_SNAPSHOT for the 4.7.5 release.

Signed-off-by: Karolin Seeger 

commit bbf315b9396fc989e4a18c3d3927dec0db866bc9
Author: Karolin Seeger 
Date:   Wed Feb 7 09:26:05 2018 +0100

WHATSNEW: Add release notes for Samba 4.7.5.

Signed-off-by: Karolin Seeger 

---

Summary of changes:
 VERSION  |  2 +-
 WHATSNEW.txt | 91 ++--
 2 files changed, 90 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index 2a351ec..bbc59a4 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=7
-SAMBA_VERSION_RELEASE=5
+SAMBA_VERSION_RELEASE=6
 
 
 # If a official release has a serious bug  #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 22ad049..2914f57 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,91 @@
=
+   Release Notes for Samba 4.7.5
+  February 7, 2018
+   =
+
+
+This is the latest stable release of the Samba 4.7 release series.
+
+Major enhancements include:
+
+o  BUG 13228: This is a major issue in Samba's ActiveDirectory domain
+   controller code. It might happen that AD objects have missing or broken
+   linked attributes. This could lead to broken group memberships e.g.
+   All Samba AD domain controllers set up with Samba 4.6 or lower and then
+   upgraded to 4.7 are affected. The corrupt database can be fixed with
+   'samba-tool dbcheck --cross-ncs --fix'.
+
+
+Changes since 4.7.4:
+
+
+o  Jeremy Allison 
+   * BUG 13193: smbd tries to release not leased oplock during oplock II
+ downgrade.
+
+o  Ralph Boehme 
+   * BUG 13181: Fix copying file with empty FinderInfo from Windows client
+ to Samba share with fruit.
+
+o  Günther Deschner 
+   * BUG 10976: build: Deal with recent glibc sunrpc header removal.
+   * BUG 13238: Make Samba work with tirpc and libnsl2.
+
+o  David Disseldorp 
+   * BUG 13208: vfs_ceph: Add fs_capabilities hook to avoid local statvfs.
+
+o  Love Hornquist Astrand 
+   * BUG 12986: Kerberos: PKINIT: Can't decode algorithm parameters in
+ clientPublicValue.
+
+o  Amitay Isaacs 
+   * BUG 13188: ctdb-recovery-helper: Deregister message handler in error
+ paths.
+
+o  Volker Lendecke 
+   * BUG 13240: samba: Only use async signal-safe functions in signal handler.
+
+o  Stefan Metzmacher 
+   * BUG 12986: Kerberos: PKINIT: Can't decode algorithm parameters in
+ clientPublicValue.
+   * BUG 13228: repl_meta_data: Fix linked attribute corruption on databases
+ with unsorted links on expunge. dbcheck: Add functionality to fix the
+ corrupt database.
+
+o  Christof Schmitt 
+   * BUG 13189: Fix smbd panic when chdir returns error during exit.
+
+o  Andreas Schneider 
+   * BUG 13238: Make Samba work with tirpc and libnsl2.
+
+o  Uri Simchoni 
+   * BUG 13176: Fix POSIX ACL support on HPUX and possibly other big-endian 
OSs.
+
+
+###
+Reporting bugs & Development Discussion
+###
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-02-06 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  9f4091b dbcheck: skip find_missing_forward_links_from_backlinks() 
if the db has the sortedLinks feature
   via  692e6b2 dbcheck: add support for restoring missing forward links
   via  dad609d dbcheck: add find_missing_forward_links_from_backlinks()
   via  8fcdf4e dbcheck: make sure we ask for replPropertyMetaData if we 
need to process any forward link attributes
   via  944c05b dbcheck: make sure we always ask for the objectGUID 
attribute explicitly
   via  1c524c1 dbcheck: add a helper function that checks is a value has 
duplicate links
   via  323c8f2 dbcheck: add a dict where we remember attributes with 
duplicate links
   via  8224416 dbcheck: split out check_duplicate_links from check_dn
   via  6dd195d dbcheck: store fixed forward link attributes with the 
correct sorting
   via  882befa dbcheck: remove ldb.FLAG_MOD_REPLACE when replacing search 
results for forward links
   via  163c935 dbcheck: rename err_duplicate_links() to 
err_recover_forward_links() and adjust the output message
   via  43d419b dbcheck: add link direction to error message for duplicate 
links
   via  86015a9 dbcheck: rename err_duplicate_links arguments
   via  b03423b dbcheck: only pass obj_dn to err_orphaned_backlink()
   via  1d59b2a dbcheck: add forward_syntax argument to 
err_orphaned_backlink
   via  478f51c dbcheck: rename and reorder err_orphaned_backlink arguments
   via  b230586 selftest/dbcheck: add a test for corrupt forward links 
restoration
   via  51383bd Revert "dbcheck: disable fixing duplicate linked attributes 
until we can recover lost forward links"
   via  9819e1e python/common: add __cmp__ function to dsdb_Dn similar to 
parsed_dn_compare()
   via  ca2605a python:tests: add test_dsdb_Dn_sorted() to 
"samba.tests.common"
   via  12f6cf7 python:tests: remove test_dsdb_Dn() to test_dsdb_Dn_binary()
   via  fdf182b python:tests: use TestCaseInTempDir for "samba.tests.common"
  from  a73a751 vfs_fruit: set delete-on-close for empty finderinfo

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 9f4091b2d858e351e95aa5107fd3b00ddedcb25a
Author: Stefan Metzmacher 
Date:   Wed Jan 31 09:50:47 2018 +0100

dbcheck: skip find_missing_forward_links_from_backlinks() if the db has the 
sortedLinks feature

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Ralph Boehme 

Autobuild-User(master): Stefan Metzmacher 
Autobuild-Date(master): Mon Feb  5 18:32:51 CET 2018 on sn-devel-144

(cherry picked from commit 0c3348feb09f4f0ba85455b8c3ff5c5fa60d139b)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Tue Feb  6 16:41:09 CET 2018 on sn-devel-144

commit 692e6b2897ff99ff7a2dea7f16ccb5a0b6869e2a
Author: Ralph Boehme 
Date:   Thu Jan 25 14:48:55 2018 +0100

dbcheck: add support for restoring missing forward links

This recovers broken databases with duplicate and missing
forward links.

See commit a25c99c9f1fd1814c56c21848c748cd0e038eed7 for
the fix that prevents to problem from happening.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228

Pair-Programmed-With: Stefan Metzmacher 

Signed-off-by: Ralph Boehme 
Signed-off-by: Stefan Metzmacher 
(cherry picked from commit 5bf823d68bd33ee3160175a18a3838eff4e3cbb2)

commit dad609d0d74d1fbdaa3eb6dd59b800f3b258e714
Author: Ralph Boehme 
Date:   Thu Jan 25 14:48:55 2018 +0100

dbcheck: add find_missing_forward_links_from_backlinks()

find_missing_forward_links_from_backlinks() finds and returns missing 
forward-links by
searching all for all objects that link to the object in the backlink 
attribute.

This will be used in the next commit to restore forward links in a corrupted
forward link attribute by passing the missing backling objects to
err_recover_forward_links().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228

Pair-Programmed-With: Stefan Metzmacher 

Signed-off-by: Ralph Boehme 
Signed-off-by: Stefan Metzmacher 
(cherry picked from commit d59f201388e8a16688adda145734dab8e27b785f)

commit 8fcdf4e8218cf01c353b276630deadb370ade256
Author: Stefan Metzmacher 
Date:   Tue Jan 30 12:19:31 2018 +0100

dbcheck: make sure we ask for replPropertyMetaData if we need to process 
any forward link attributes

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13228

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Ralph Boehme

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-01-25 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  a73a751 vfs_fruit: set delete-on-close for empty finderinfo
   via  f06e251 vfs_fruit: filter out AFP_AfpInfo streams with pending 
delete-on-close
   via  f597147 vfs_fruit: factor out delete_invalid_meta_stream() from 
fruit_streaminfo_meta_stream()
   via  b4864ac s4/torture/fruit: enhance zero AFP_AfpInfo stream test
   via  2a376b7 s4/torture/fruit: ensure AFP_AfpInfo blobs are 0-initialized
   via  aba3f9b dbcheck: disable fixing duplicate linked attributes until 
we can recover lost forward links
   via  5070224 repl_meta_data: fix linked attribute corruption on 
databases with unsorted links on expunge
   via  376298e testprogs:blackbox: add regression test for unsorted links 
in tombstones-expunge.sh
   via  46a212d samba: Only use async signal-safe functions in signal 
handler
   via  fafbd4e waf: Fix NFS quota support with libtirpc
   via  7ed0c06 wafsamba: Allow passing 'lib' to CHECK_STRUCTURE_MEMBER
   via  25e01d9 build: deal with recent glibc sunrpc header removal
   via  f3f5d50 include: Create system/nis.h in libreplace
   via  3bc0a57 s3:waf: Move HAVE_NETGROUP to wscript
  from  bde3d64 vfs_default: use VFS statvfs macro in fs_capabilities

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit a73a7512390d71009feee0d0703730539da6fdf6
Author: Ralph Boehme 
Date:   Wed Dec 6 22:09:52 2017 +0100

vfs_fruit: set delete-on-close for empty finderinfo

We previously removed the stream from the underlying filesystem stream
backing store when the client zeroes out FinderInfo in the AFP_AfpInfo
stream, but this causes certain operations to fail (eg stat) when trying
to access the stream over any file-handle open on that stream.

So instead of deleting, set delete-on-close on the stream. The previous
commit already implemented not to list list streams with delete-on-close
set which is necessary to implemenent correct macOS semantics for this
particular stream.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13181

Signed-off-by: Ralph Boehme 
Reviewed-by: Jeremy Allison 

Autobuild-User(master): Ralph Böhme 
Autobuild-Date(master): Tue Jan  9 17:09:12 CET 2018 on sn-devel-144

(cherry picked from commit e61e9e98e9ff461055daae2fe78f0202f7ed8663)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Fri Jan 26 01:29:54 CET 2018 on sn-devel-144

commit f06e2514748672fb5847629056357427b91ef44b
Author: Ralph Boehme 
Date:   Thu Dec 7 17:32:35 2017 +0100

vfs_fruit: filter out AFP_AfpInfo streams with pending delete-on-close

This is in preperation of fixing the implementation of removing the
AFP_AfpInfo stream by zeroing the FinderInfo out.

We currently remove the stream blob from the underyling filesystem
backing store, but that results in certain operations to fail on any
still open file-handle.

The fix comes in the next commit which will convert to backing store
delete operation to a set delete-on-close on the stream.

This commit adds filtering on streams that have the delete-on-close
set. It is only needed for the fruit:metadata=stream case, as with
fruit:metadata=netatalk the filtering is already done in
fruit_streaminfo_meta_netatalk().

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13181

Signed-off-by: Ralph Boehme 
Reviewed-by: Jeremy Allison 
(cherry picked from commit 70d8f7c5d25f35b58620c2db8f57c7c0758267b3)

commit f59714752445bac37feb6ced394afe5a173f3c30
Author: Ralph Boehme 
Date:   Thu Dec 7 14:56:36 2017 +0100

vfs_fruit: factor out delete_invalid_meta_stream() from 
fruit_streaminfo_meta_stream()

No change in behaviour, just some refactoring before adding more code to
fruit_streaminfo_meta_stream() in the next commit.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13181

Signed-off-by: Ralph Boehme 
Reviewed-by: Jeremy Allison 
(cherry picked from commit c41e1ea9247611473d30184efd953c61955ead15)

commit b4864ac384d23fdff60cc8212ad852a1aa71e6ee
Author: Ralph Boehme 
Date:   Thu Dec 7 13:43:02 2017 +0100

s4/torture/fruit: enhance zero AFP_AfpInfo stream test

This test more operations in the zeroed out FinderInfo test, ensuring
after zeroing out FinderInfo, operations on the filehandle still work
and that enumerating streams doesn't return the stream anymore.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13181

Signed-off-by: Ralph Boehme 
Reviewed-by: Jeremy Allison 
(cherry picked

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-01-22 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  bde3d64 vfs_default: use VFS statvfs macro in fs_capabilities
   via  da6ee0c vfs_ceph: add fs_capabilities hook to avoid local statvfs
  from  d251dcc selftest: allow more time for tests

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit bde3d6402e6424015089fe3a2887c72eee45144f
Author: David Disseldorp 
Date:   Wed Jan 10 14:03:09 2018 +0100

vfs_default: use VFS statvfs macro in fs_capabilities

Currently the vfs_default fs_capabilities handler calls statvfs
directly, rather than calling the vfs macro. This behaviour may cause
issues for VFS modules that delegate fs_capabilities handling to
vfs_default but offer their own statvfs hook.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13208

Signed-off-by: David Disseldorp 
Reviewed-by: Jeremy Allison 
(cherry picked from commit 4b25c9f4a4d336a16894452862ea059701b025de)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Mon Jan 22 13:48:30 CET 2018 on sn-devel-144

commit da6ee0cf34af010d0796abddd06c83887e61c88e
Author: David Disseldorp 
Date:   Wed Jan 10 01:37:14 2018 +0100

vfs_ceph: add fs_capabilities hook to avoid local statvfs

Adding the fs_capabilities() hook to the CephFS VFS module avoids
fallback to the vfs_default code-path, which calls statvfs() against the
share path on the *local* filesystem.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13208

Signed-off-by: David Disseldorp 
Reviewed-by: Jeremy Allison 
(cherry picked from commit 2724e0cac29cd1632ea28075a740fcc888affb36)

---

Summary of changes:
 source3/modules/vfs_ceph.c| 15 +++
 source3/modules/vfs_default.c | 14 +++---
 2 files changed, 22 insertions(+), 7 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/modules/vfs_ceph.c b/source3/modules/vfs_ceph.c
index 9abd321..f482a8b 100644
--- a/source3/modules/vfs_ceph.c
+++ b/source3/modules/vfs_ceph.c
@@ -270,6 +270,20 @@ static int cephwrap_statvfs(struct vfs_handle_struct 
*handle,
return ret;
 }
 
+static uint32_t cephwrap_fs_capabilities(struct vfs_handle_struct *handle,
+enum timestamp_set_resolution 
*p_ts_res)
+{
+   uint32_t caps = FILE_CASE_SENSITIVE_SEARCH | FILE_CASE_PRESERVED_NAMES;
+
+#ifdef HAVE_CEPH_STATX
+   *p_ts_res = TIMESTAMP_SET_NT_OR_BETTER;
+#else
+   *p_ts_res = TIMESTAMP_SET_MSEC;
+#endif
+
+   return caps;
+}
+
 /* Directory operations */
 
 static DIR *cephwrap_opendir(struct vfs_handle_struct *handle,
@@ -1399,6 +1413,7 @@ static struct vfs_fn_pointers ceph_fns = {
.get_quota_fn = cephwrap_get_quota,
.set_quota_fn = cephwrap_set_quota,
.statvfs_fn = cephwrap_statvfs,
+   .fs_capabilities_fn = cephwrap_fs_capabilities,
 
/* Directory operations */
 
diff --git a/source3/modules/vfs_default.c b/source3/modules/vfs_default.c
index 53d9785..6686303 100644
--- a/source3/modules/vfs_default.c
+++ b/source3/modules/vfs_default.c
@@ -129,8 +129,14 @@ static uint32_t vfswrap_fs_capabilities(struct 
vfs_handle_struct *handle,
struct vfs_statvfs_struct statbuf;
int ret;
 
+   smb_fname_cpath = synthetic_smb_fname(talloc_tos(), conn->connectpath,
+ NULL, NULL, 0);
+   if (smb_fname_cpath == NULL) {
+   return caps;
+   }
+
ZERO_STRUCT(statbuf);
-   ret = sys_statvfs(conn->connectpath, );
+   ret = SMB_VFS_STATVFS(conn, smb_fname_cpath, );
if (ret == 0) {
caps = statbuf.FsCapabilities;
}
@@ -140,12 +146,6 @@ static uint32_t vfswrap_fs_capabilities(struct 
vfs_handle_struct *handle,
/* Work out what timestamp resolution we can
 * use when setting a timestamp. */
 
-   smb_fname_cpath = synthetic_smb_fname(talloc_tos(), conn->connectpath,
- NULL, NULL, 0);
-   if (smb_fname_cpath == NULL) {
-   return caps;
-   }
-
ret = SMB_VFS_STAT(conn, smb_fname_cpath);
if (ret == -1) {
TALLOC_FREE(smb_fname_cpath);


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-01-11 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  d251dcc selftest: allow more time for tests
  from  7336f54 s3: smbd: Use identical logic to test for kernel oplocks on 
a share.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit d251dcc909f11f382000aaaf1d647287dacc213a
Author: Douglas Bagnall 
Date:   Thu Dec 28 11:45:49 2017 +1300

selftest: allow more time for tests

Maybe make test *should* run in under 4 hours, but it currently
doesn't.

Signed-off-by: Douglas Bagnall 
Reviewed-by: Stefan Metzmacher 

Autobuild-User(master): Stefan Metzmacher 
Autobuild-Date(master): Fri Dec 29 02:48:59 CET 2017 on sn-devel-144

(cherry picked from commit a0f810e7e39cde003c9c5e0cb701846472e80a74)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Thu Jan 11 14:00:50 CET 2018 on sn-devel-144

---

Summary of changes:
 selftest/selftest.pl | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index db65500..9bfd4e5 100755
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -441,8 +441,8 @@ if ($opt_testenv) {
 # 1 year should be enough :-)
 $server_maxtime = 365 * 24 * 60 * 60;
 } else {
-# make test should run under 4 hours
-$server_maxtime = 4 * 60 * 60;
+# make test should run under 5 hours
+$server_maxtime = 5 * 60 * 60;
 }
 
 if (defined($ENV{SMBD_MAXTIME}) and $ENV{SMBD_MAXTIME} ne "") {


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-01-09 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  7336f54 s3: smbd: Use identical logic to test for kernel oplocks on 
a share.
  from  671a3c6 smbd: Fix coredump on failing chdir during logoff

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 7336f54d45ab8848ae1e52db9c5639888df376d8
Author: Jeremy Allison 
Date:   Wed Jan 3 09:52:33 2018 -0800

s3: smbd: Use identical logic to test for kernel oplocks on a share.

Due to inconsistent use of lp_kernel_oplocks() we could miss kernel
oplocks being on/off in some of our oplock handling code, and thus
use the wrong logic.

Ensure all logic around koplocks and lp_kernel_oplocks() is consistent.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13193

Signed-off-by: Jeremy Allison 
Reviewed-by: Volker Lendecke 

Autobuild-User(master): Volker Lendecke 
Autobuild-Date(master): Thu Jan  4 16:03:38 CET 2018 on sn-devel-144

(cherry picked from commit 114f5da2fab6f587de77e792274b396fb3d7ce71)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Tue Jan  9 17:47:10 CET 2018 on sn-devel-144

---

Summary of changes:
 source3/smbd/oplock.c | 25 ++---
 1 file changed, 18 insertions(+), 7 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/oplock.c b/source3/smbd/oplock.c
index 1b2a87b..e848b5e 100644
--- a/source3/smbd/oplock.c
+++ b/source3/smbd/oplock.c
@@ -56,7 +56,8 @@ NTSTATUS set_file_oplock(files_struct *fsp)
 {
struct smbd_server_connection *sconn = fsp->conn->sconn;
struct kernel_oplocks *koplocks = sconn->oplocks.kernel_ops;
-   bool use_kernel = lp_kernel_oplocks(SNUM(fsp->conn)) && koplocks;
+   bool use_kernel = lp_kernel_oplocks(SNUM(fsp->conn)) &&
+   (koplocks != NULL);
 
if (fsp->oplock_type == LEVEL_II_OPLOCK) {
if (use_kernel &&
@@ -98,7 +99,8 @@ static void release_file_oplock(files_struct *fsp)
 {
struct smbd_server_connection *sconn = fsp->conn->sconn;
struct kernel_oplocks *koplocks = sconn->oplocks.kernel_ops;
-   bool use_kernel = lp_kernel_oplocks(SNUM(fsp->conn)) && koplocks;
+   bool use_kernel = lp_kernel_oplocks(SNUM(fsp->conn)) &&
+   (koplocks != NULL);
 
if ((fsp->oplock_type != NO_OPLOCK) &&
use_kernel) {
@@ -131,13 +133,15 @@ static void downgrade_file_oplock(files_struct *fsp)
 {
struct smbd_server_connection *sconn = fsp->conn->sconn;
struct kernel_oplocks *koplocks = sconn->oplocks.kernel_ops;
+   bool use_kernel = lp_kernel_oplocks(SNUM(fsp->conn)) &&
+   (koplocks != NULL);
 
if (!EXCLUSIVE_OPLOCK_TYPE(fsp->oplock_type)) {
DEBUG(0, ("trying to downgrade an already-downgraded 
oplock!\n"));
return;
}
 
-   if (koplocks) {
+   if (use_kernel) {
koplocks->ops->release_oplock(koplocks, fsp, LEVEL_II_OPLOCK);
}
fsp->oplock_type = LEVEL_II_OPLOCK;
@@ -729,12 +733,14 @@ static void add_oplock_timeout_handler(files_struct *fsp)
 {
struct smbd_server_connection *sconn = fsp->conn->sconn;
struct kernel_oplocks *koplocks = sconn->oplocks.kernel_ops;
+   bool use_kernel = lp_kernel_oplocks(SNUM(fsp->conn)) &&
+   (koplocks != NULL);
 
/*
 * If kernel oplocks already notifies smbds when an oplock break times
 * out, just return.
 */
-   if (koplocks &&
+   if (use_kernel &&
(koplocks->flags & KOPLOCKS_TIMEOUT_NOTIFICATION)) {
return;
}
@@ -845,7 +851,8 @@ static void process_oplock_break_message(struct 
messaging_context *msg_ctx,
break_to &= ~SMB2_LEASE_READ;
}
 
-   use_kernel = lp_kernel_oplocks(SNUM(fsp->conn)) && koplocks;
+   use_kernel = lp_kernel_oplocks(SNUM(fsp->conn)) &&
+   (koplocks != NULL);
if (use_kernel && !(koplocks->flags & KOPLOCKS_LEVEL2_SUPPORTED)) {
DEBUG(10, ("Kernel oplocks don't allow level2\n"));
break_to &= ~SMB2_LEASE_READ;
@@ -1255,8 +1262,10 @@ void smbd_contend_level2_oplocks_begin(files_struct *fsp,
 {
struct smbd_server_connection *sconn = fsp->conn->sconn;
struct kernel_oplocks *koplocks = sconn->oplocks.kernel_ops;
+   bool use_kernel = lp_kernel_oplocks(SNUM(fsp->conn)) &&
+   (koplocks != NULL);
 
-   if (koplocks && koplocks->ops->contend_level2_oplocks_begin) {
+   if (use_kernel && koplocks->ops->contend_level2_oplocks_begin) {
koplocks->ops->contend_level2_oplocks_begin(fsp, type);

[SCM] Samba Shared Repository - branch v4-7-test updated

2018-01-02 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  671a3c6 smbd: Fix coredump on failing chdir during logoff
   via  e21538a selftest: Add test for failing chdir call in smbd
   via  bba8e0f selftest: Make location of log file available in tests
   via  02c60f2 selftest: Add share for error injection testing
   via  028d129 vfs_error_inject: Add new module
   via  47b6eca ctdb-recovery-helper: Deregister message handler in error 
paths
   via  d983766 sysacls: change datatypes to 32 bits
   via  0752022 pysmbd: fix use of sysacl API
  from  424e40f HEIMDAL:kdc: fix dh->q allocation check in get_dh_param()

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 671a3c6a5e8f5025ad4cdaff38461fce49737c7c
Author: Christof Schmitt 
Date:   Wed Dec 13 11:34:23 2017 -0700

smbd: Fix coredump on failing chdir during logoff

server_exit does an internal tree disconnect which requires a chdir to
the share directory. In case the file system encountered a problem and
the chdir call returns an error, this triggers a SERVER_EXIT_ABNORMAL
which in turn results in a panic and a coredump. As the log already
indicates the problem (chdir returned an error), avoid the
SERVER_EXIT_ABNORMAL in this case and not trigger a coredump.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13189

Signed-off-by: Christof Schmitt 
Reviewed-by: Jeremy Allison 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Sat Dec 16 01:56:06 CET 2017 on sn-devel-144

(cherry picked from commit 7fa91fc4791d076c609eaf119753e38dd3c50a1c)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Tue Jan  2 14:19:44 CET 2018 on sn-devel-144

commit e21538a676539471016425201c36ef2ad637204f
Author: Christof Schmitt 
Date:   Wed Dec 13 12:58:18 2017 -0700

selftest: Add test for failing chdir call in smbd

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13189

Signed-off-by: Christof Schmitt 
Reviewed-by: Jeremy Allison 
(cherry picked from commit 0d3000be2af8f8c4a37892d95ae694ad834d7b3a)

commit bba8e0f761186f92f6864c03aeca1dc082c5f21a
Author: Christof Schmitt 
Date:   Wed Dec 13 12:47:31 2017 -0700

selftest: Make location of log file available in tests

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13189

Signed-off-by: Christof Schmitt 
Reviewed-by: Jeremy Allison 
(cherry picked from commit b0e1fc74fdacecb86f46b47e527b3fdf1906d27b)

commit 02c60f2e83b9ecd1024138954c635be248fd3a7b
Author: Christof Schmitt 
Date:   Wed Dec 13 11:34:05 2017 -0700

selftest: Add share for error injection testing

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13189

Signed-off-by: Christof Schmitt 
Reviewed-by: Jeremy Allison 
(cherry picked from commit 8b6402f3e5ff98c2701e626e47246b2400f76e5f)

commit 028d12916c872075c5b11a1038fd0d1d5a9274de
Author: Christof Schmitt 
Date:   Fri Dec 8 15:29:07 2017 -0700

vfs_error_inject: Add new module

This module allow injecting errors in vfs calls. It only implements one
case (return ESTALE from chdir), but the idea is to extend this to more
vfs functions and more errors when needed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13189

Signed-off-by: Christof Schmitt 
Signed-off-by: Andrew Bartlett 
Reviewed-by: Jeremy Allison 
(cherry picked from commit 24623d53256c2424563709dedc19af1a106ccc73)

commit 47b6ecaf953a3ed3edbdba04a25a32f0241af2c4
Author: Amitay Isaacs 
Date:   Wed Dec 13 16:12:09 2017 +1100

ctdb-recovery-helper: Deregister message handler in error paths

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13188

If PULL_DB control times out but the remote node is still sending the
data, then the tevent_req for pull_database_send will be freed without
removing the message handler.  So when the data is received, srvid
handler will be called and it will try to access tevent_req which will
result in use-after-free and abort.

Signed-off-by: Amitay Isaacs 
Reviewed-by: Martin Schwenke 

commit d983766eaf7ff93db5aa0ac478bbacdda8aef62d
Author: Uri Simchoni 
Date:   Tue Dec 5 20:56:49 2017 +0200

sysacls: change datatypes to 32 bits

The SMB_ACL_PERMSET_T and SMB_ACL_PERM_T were defined as
mode_t, which is 16-bits on some (non-Linux) systems. However,
pidl *always* encodes mode_t as uint32_t. That created a bug on
big-endian systems as

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-12-23 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  424e40f HEIMDAL:kdc: fix dh->q allocation check in get_dh_param()
   via  d06e849 HEIMDAL: don't bother seeing q if not sent
   via  c793ac6 HEIMDAL: allow optional q in DH DomainParameters
  from  efc261d VERSION: Bump version up to 4.7.5...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 424e40f75b03b5b9311d10c8d724c4aa8bb3c1a1
Author: Stefan Metzmacher 
Date:   Tue Aug 29 07:24:35 2017 +0200

HEIMDAL:kdc: fix dh->q allocation check in get_dh_param()

Thanks to Doug Nazar  for spotting this!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12986

Signed-off-by: Stefan Metzmacher 
(cherry picked from heimdal commit a79b59ba27070a015479e8d981b7e685dbe34310)
Reviewed-by: Andreas Schneider 

(cherry picked from commit 183e5d1e3dc306491c06f94c8c98e4882c64bc27)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Sun Dec 24 01:36:48 CET 2017 on sn-devel-144

commit d06e849e7238a6afff0797afdcac489889aae873
Author: Love Hornquist Astrand 
Date:   Mon Apr 29 11:42:46 2013 -0700

HEIMDAL: don't bother seeing q if not sent

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12986

Reviewed-by: Stefan Metzmacher 
Reviewed-by: Andrew Bartlett 
(cherry picked from heimdal commit 19f9fdbcea11013cf13ac72c416f161ee55dee2b)

Autobuild-User(master): Andrew Bartlett 
Autobuild-Date(master): Mon Aug 28 15:10:54 CEST 2017 on sn-devel-144

(cherry picked from commit dd3e06f14ec1788a59e4c6ba4ea165fd77b9135e)

commit c793ac602cfc252f7dd2025e9ac0d17b06256d0d
Author: Love Hornquist Astrand 
Date:   Mon Apr 29 11:37:39 2013 -0700

HEIMDAL: allow optional q in DH DomainParameters

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12986

Reviewed-by: Stefan Metzmacher 
Reviewed-by: Andrew Bartlett 
(cherry picked from heimdal commit e8317b955f5a390c4f296871ba6987ad05478c95)

(cherry picked from commit 9f245aafdca8397df7dc050e25cfd858aeb1cc7f)

---

Summary of changes:
 source4/heimdal/kdc/pkinit.c  | 11 +++
 source4/heimdal/lib/asn1/rfc2459.asn1 |  2 +-
 source4/heimdal/lib/krb5/pkinit.c |  7 ++-
 3 files changed, 14 insertions(+), 6 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source4/heimdal/kdc/pkinit.c b/source4/heimdal/kdc/pkinit.c
index d85b156..ad7f3ef 100644
--- a/source4/heimdal/kdc/pkinit.c
+++ b/source4/heimdal/kdc/pkinit.c
@@ -361,7 +361,7 @@ get_dh_param(krb5_context context,
 }
 
 ret = _krb5_dh_group_ok(context, config->pkinit_dh_min_bits,
-   , , , moduli,
+   , , dhparam.q, moduli,
_params->dh_group_name);
 if (ret) {
/* XXX send back proposal of better group */
@@ -381,9 +381,12 @@ get_dh_param(krb5_context context,
 dh->g = integer_to_BN(context, "DH base", );
 if (dh->g == NULL)
goto out;
-dh->q = integer_to_BN(context, "DH p-1 factor", );
-if (dh->g == NULL)
-   goto out;
+
+if (dhparam.q) {
+   dh->q = integer_to_BN(context, "DH p-1 factor", dhparam.q);
+   if (dh->q == NULL)
+   goto out;
+}
 
 {
heim_integer glue;
diff --git a/source4/heimdal/lib/asn1/rfc2459.asn1 
b/source4/heimdal/lib/asn1/rfc2459.asn1
index bf82f81..7843f65 100644
--- a/source4/heimdal/lib/asn1/rfc2459.asn1
+++ b/source4/heimdal/lib/asn1/rfc2459.asn1
@@ -239,7 +239,7 @@ ValidationParms ::= SEQUENCE {
 DomainParameters ::= SEQUENCE {
p   INTEGER, -- odd prime, p=jq +1
g   INTEGER, -- generator, g
-   q   INTEGER, -- factor of p-1
+   q   INTEGER OPTIONAL, -- factor of p-1
j   INTEGER OPTIONAL, -- subgroup factor
validationParms ValidationParms OPTIONAL -- ValidationParms
 }
diff --git a/source4/heimdal/lib/krb5/pkinit.c 
b/source4/heimdal/lib/krb5/pkinit.c
index 1103a17..c30a298 100644
--- a/source4/heimdal/lib/krb5/pkinit.c
+++ b/source4/heimdal/lib/krb5/pkinit.c
@@ -497,7 +497,12 @@ build_auth_pack(krb5_context context,
free_DomainParameters();
return ret;
}
-   ret = BN_to_integer(context, dh->q, );
+   dp.q = calloc(1, sizeof(*dp.q));
+   if (dp.q == NULL) {
+   free_DomainParameters();
+   return ENOMEM;
+   }
+   ret = BN_to_integer(context, dh->q, dp.q);
if (ret) {
free_DomainParameters();
return ret;


-- 
Samba

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-12-22 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  efc261d VERSION: Bump version up to 4.7.5...
   via  4b1b5b1 VERSION: Disable GIT_SNAPSHOT for the 4.7.4 release.
   via  437395d WHATSNEW: Add release notes for Samba 4.7.4.
  from  237bead s4:kdc: only map SDB_ERR_NOT_FOUND_HERE to 
HDB_ERR_NOT_FOUND_HERE

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit efc261dedf3a37e7c4b5a236e5a708ef83d7500e
Author: Karolin Seeger 
Date:   Fri Dec 22 21:38:26 2017 +0100

VERSION: Bump version up to 4.7.5...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger 

commit 4b1b5b141d3a46847eeec169a08516b65ab27255
Author: Karolin Seeger 
Date:   Fri Dec 22 21:37:26 2017 +0100

VERSION: Disable GIT_SNAPSHOT for the 4.7.4 release.

Signed-off-by: Karolin Seeger 

commit 437395d0bf5d2b2b3721878e4678267d01425fba
Author: Karolin Seeger 
Date:   Fri Dec 22 21:36:39 2017 +0100

WHATSNEW: Add release notes for Samba 4.7.4.

Signed-off-by: Karolin Seeger 

---

Summary of changes:
 VERSION  |   2 +-
 WHATSNEW.txt | 128 ++-
 2 files changed, 127 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index 6be993b..2a351ec 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=7
-SAMBA_VERSION_RELEASE=4
+SAMBA_VERSION_RELEASE=5
 
 
 # If a official release has a serious bug  #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 4e403ae..22ad049 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,128 @@
=
+   Release Notes for Samba 4.7.4
+  December 22, 2017
+   =
+
+
+This is the latest stable release of the Samba 4.7 release series.
+
+
+smbclient reparse point symlink parameters reversed
+===
+
+A bug in smbclient caused the 'symlink' command to reverse the
+meaning of the new name and link target parameters when creating a
+reparse point symlink against a Windows server.
+
+This only affects using the smbclient 'symlink' command against
+a Windows server, not a Samba server using the UNIX extensions
+(the parameter order is correct in that case) so no existing
+user scripts that depend on creating symlinks on Samba servers
+need to change.
+
+As this is a little used feature the ordering of these parameters
+has been reversed to match the parameter ordering of the UNIX
+extensions 'symlink' command. This means running 'symlink' against
+both Windows and Samba now uses the same paramter ordering in both
+cases.
+
+The usage message for this command has also been improved to remove confusion.
+
+
+Changes since 4.7.3:
+
+
+o  Jeremy Allison 
+   * BUG 13140: s3: smbclient: Implement 'volume' command over SMB2.
+   * BUG 13171: s3: libsmb: Fix valgrind read-after-free error in
+ cli_smb2_close_fnum_recv().
+   * BUG 13172: s3: libsmb: Fix reversing of oldname/newname paths when 
creating
+ a reparse point symlink on Windows from smbclient.
+
+o  Timur I. Bakeyev 
+   * BUG 12934: Build man page for vfs_zfsacl.8 with Samba.
+
+o  Andrew Bartlett 
+   * BUG 13095: repl_meta_data: Allow delete of an object with dangling
+ backlinks.
+   * BUG 13129: s4:samba: Fix default to be running samba as a deamon.
+   * BUG 13191: Performance regression in DNS server with introduction of
+ DNS wildcard, ldb: Release 1.2.3
+
+o  Ralph Boehme 
+   * BUG 6133: vfs_zfsacl: Fix compilation error.
+   * BUG 13051: "smb encrypt" setting changes are not fully applied until full
+ smbd restart.
+   * BUG 13052: winbindd: Fix idmap_rid dependency on trusted domain list.
+   * BUG 13155: vfs_fruit: Proper VFS-stackable conversion of FinderInfo.
+   * BUG 13173: winbindd: Dependency on trusted-domain list in winbindd in
+ critical auth codepath.
+
+o  Andrej Gessel 
+   * BUG 13120: repl_meta_data: Fix removing of backlink on deleted objects.
+
+o  Amitay Isaacs 
+   "* BUG 13153: ctdb: sock_daemon leaks memory.
+   * BUG 13154: TCP tickles not getting synchronised on CTDB restart.
+
+o  Volker Lendecke 
+   * BUG 13150: winbindd: winbind parent and child share a ctdb connection.
+   * BUG 13170: pthreadpool: Fix deadlock.
+   * BUG 13179: pthreadpool: Fix starvation after fork.
+   * BUG 13180: messaging: Always

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-12-22 Thread Stefan Metzmacher 
The branch, v4-7-test has been updated
   via  237bead s4:kdc: only map SDB_ERR_NOT_FOUND_HERE to 
HDB_ERR_NOT_FOUND_HERE
   via  8be0198 s3:smb2_server: allow logoff, close, unlock, cancel and 
echo on expired sessions
   via  2108b10 s3:smbd: return the correct error for cancelled SMB2 
notifies on expired sessions
   via  b5e8614 s4:torture: add smb2.session.expire2 test
   via  3648ab0 g_lock: fix cleanup of stale entries in g_lock_trylock()
   via  7249bc1 dns_server: Use the indexed "name" attribute in wildcard 
lookup
   via  6c5481b dns_server: Do not look for a wildcard for @
   via  7d60443 dns_server: Do the exact match query first, then do the 
wildcard lookup
   via  2cd8389 ldb: Release 1.2.3
   via  82764c9 ldb: Intersect the index from SCOPE_ONELEVEL with the index 
for the search expression
   via  5f51561 ldb_tdb: Provide struct ltdb_private to index routines
   via  6ddcbfd selftest: Do not use dn= filter string
  from  edc0c99 s4:samba: Fix default to be running samba as a deamon

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 237bead2f243224264aca0b5c65bf3bfadef78aa
Author: Stefan Metzmacher 
Date:   Thu Sep 21 12:02:25 2017 +0200

s4:kdc: only map SDB_ERR_NOT_FOUND_HERE to HDB_ERR_NOT_FOUND_HERE

HDB_ERR_NOT_FOUND_HERE indicated a very specific error on an RODC.

We should not map any error to HDB_ERR_NOT_FOUND_HERE,
we should just pass errors along unmapped.

Otherwise we'll hit the logic bug in:

if (ret == KDC_PROXY_REQUEST) {
uint16_t port;

if (!sock->kdc_socket->kdc->am_rodc) {
DEBUG(0,("kdc_udp_call_loop: proxying requested when not 
RODC"));
talloc_free(call);
goto done;
}

And just don't send an error message to the client.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13132

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Andreas Schneider 

Autobuild-User(master): Andreas Schneider 
Autobuild-Date(master): Wed Dec  6 23:16:54 CET 2017 on sn-devel-144

(cherry picked from commit aaa946bb9eb8088389b8ffdec460023f1961616c)

Autobuild-User(v4-7-test): Stefan Metzmacher 
Autobuild-Date(v4-7-test): Fri Dec 22 14:23:12 CET 2017 on sn-devel-144

commit 8be019859010a12874e0e78ebec2d44e5b2abe5c
Author: Stefan Metzmacher 
Date:   Wed Dec 20 14:05:54 2017 +0100

s3:smb2_server: allow logoff, close, unlock, cancel and echo on expired 
sessions

Windows client at least doesn't have code to replay
a SMB2 Close after getting NETWORK_SESSION_EXPIRED,
which locks out a the client and generates an endless
loop around NT_STATUS_SHARING_VIOLATION.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13197

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Jeremy Allison 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Thu Dec 21 23:28:42 CET 2017 on sn-devel-144

(cherry picked from commit c4919d4d5f78aeb54a438b95d4eab2f082a8174e)

commit 2108b1092e3106f59ae2383c34c7bfbeb896314b
Author: Stefan Metzmacher 
Date:   Thu Dec 21 14:47:06 2017 +0100

s3:smbd: return the correct error for cancelled SMB2 notifies on expired 
sessions

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13197

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Jeremy Allison 
(cherry picked from commit cfaba684785529d656138df454165aa08a775a01)

commit b5e86148c6c6c465805486fcfd628dc4d6d8a6a5
Author: Stefan Metzmacher 
Date:   Thu Dec 21 12:53:02 2017 +0100

s4:torture: add smb2.session.expire2 test

This demonstrates the interaction of NT_STATUS_NETWORK_SESSION_EXPIRED
and various SMB2 opcodes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13197

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Jeremy Allison 
(cherry picked from commit f60af3b61c4a374d7d1c575049a932d1824489b6)

commit 3648ab02d4188f6441b83806faa79ae7c06bdb61
Author: Stefan Metzmacher 
Date:   Wed Dec 20 08:25:19 2017 +0100

g_lock: fix cleanup of stale entries in g_lock_trylock()

g_lock_trylock() always incremented the counter 'i', even after cleaning a 
stale
entry at position 'i', which means it skipped checking for a conflict 
against
the new entry at position 'i'.

As result a process could get a write lock, while there're still
some read lock holders. Once we get into that problem, also more than
one write lock are possible.

BUG:

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-12-20 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  edc0c99 s4:samba: Fix default to be running samba as a deamon
  from  1eb0844 messaging: Always register the unique id

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit edc0c992e0ddbd305e4a70939dac6a0691db5cf2
Author: Andrew Bartlett 
Date:   Tue Dec 19 16:30:08 2017 +1300

s4:samba: Fix default to be running samba as a deamon

Commit 8736013dc42c5755b75bbb2e843a290bcd545909 got the (confusing) sense 
of opt_fork
wrong.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13129

Signed-off-by: Andrew Bartlett 
Reviewed-by: Garming Sam 

Autobuild-User(master): Andrew Bartlett 
Autobuild-Date(master): Tue Dec 19 11:24:29 CET 2017 on sn-devel-144

(cherry picked from commit 0806ff7dfd3f982226e4cd9b923a0e570b765f0c)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Thu Dec 21 00:55:29 CET 2017 on sn-devel-144

---

Summary of changes:
 source4/smbd/server.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


Changeset truncated at 500 lines:

diff --git a/source4/smbd/server.c b/source4/smbd/server.c
index 2349d5c..b57ee4c 100644
--- a/source4/smbd/server.c
+++ b/source4/smbd/server.c
@@ -429,7 +429,7 @@ static int binary_smbd_main(const char *binary_name,
"not allowed together with -D|--daemon\n\n");
poptPrintUsage(pc, stderr, 0);
return 1;
-   } else if (!opt_interactive && !opt_fork) {
+   } else if (!opt_interactive && opt_fork) {
/* default is --daemon */
opt_daemon = true;
}


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-12-15 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  1eb0844 messaging: Always register the unique id
  from  40ac029 winbindd: idmap_rid: error code for failing id-to-sid 
mapping request

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 1eb08445d96a2c41593719925203f43f881b3567
Author: Volker Lendecke 
Date:   Thu Nov 30 21:06:53 2017 +0100

messaging: Always register the unique id

The winbind child does not call serverid_register, so the unique id is not
registered. ctdbd_process_exists now calls CTDB_CONTROL_CHECK_PID_SRVID, 
which
then fails.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13180
Signed-off-by: Volker Lendecke 

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Fri Dec 15 15:35:25 CET 2017 on sn-devel-144

---

Summary of changes:
 source3/lib/messages_ctdbd.c | 13 +
 1 file changed, 13 insertions(+)


Changeset truncated at 500 lines:

diff --git a/source3/lib/messages_ctdbd.c b/source3/lib/messages_ctdbd.c
index 6ecec32..95bd694 100644
--- a/source3/lib/messages_ctdbd.c
+++ b/source3/lib/messages_ctdbd.c
@@ -223,6 +223,19 @@ static int messaging_ctdbd_init_internal(struct 
messaging_context *msg_ctx,
return ret;
}
 
+   {
+   struct server_id self = messaging_server_id(msg_ctx);
+
+   ret = register_with_ctdbd(ctx->conn, self.unique_id,
+ NULL, NULL);
+   if (ret != 0) {
+   DBG_DEBUG("register_with_ctdbd failed: %s\n",
+ strerror(ret));
+   return ret;
+   }
+
+   }
+
ctdb_fd = ctdbd_conn_get_fd(ctx->conn);
ev = messaging_tevent_context(msg_ctx);
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-12-14 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  40ac029 winbindd: idmap_rid: error code for failing id-to-sid 
mapping request
   via  e92edf0 winbindd: idmap_rid: don't rely on the static domain list
   via  5724d65 winbindd: pass domain SID to wbint_UnixIDs2Sids
   via  5ffedec winbindd: add domain SID to idmap mapping domains
   via  dce01ac pthreadpool: Add a test for the race condition fixed in the 
last commit
   via  b418ab3 pthreadpool: Fix starvation after fork
   via  2530053 third_party: Fix a typo in the option name
   via  364f1c5 third_party: Link th aesni-intel library with -z noexecstack
  from  2d1d00b s3: libsmb: Fix reversing of oldname/newname paths when 
creating a reparse point symlink on Windows from smbclient.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 40ac02968ec88acca9ca7cf0345aa5b4b9ba39b4
Author: Ralph Boehme 
Date:   Mon Oct 9 13:29:05 2017 +0200

winbindd: idmap_rid: error code for failing id-to-sid mapping request

NT_STATUS_NO_SUCH_DOMAIN triggers complete request failure in the parent
winbindd. By returning NT_STATUS_NONE_MAPPED winbindd lets the individual
mapping fail but keeps processing any remaining mapping requests.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13052

Signed-off-by: Ralph Boehme 
Reviewed-by: Volker Lendecke 

Autobuild-User(master): Ralph Böhme 
Autobuild-Date(master): Tue Oct 10 19:57:37 CEST 2017 on sn-devel-144

(cherry picked from commit 490c35df35bad6c2f1c4acd2f056d6fdc480ec1f)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Thu Dec 14 16:32:49 CET 2017 on sn-devel-144

commit e92edf0db5b4f58666b7826448f242f2ceda3d26
Author: Ralph Boehme 
Date:   Mon Sep 25 15:42:08 2017 +0200

winbindd: idmap_rid: don't rely on the static domain list

The domain list in the idmap child is inherited from the parent winbindd
process and may not contain all domains in case enumerating trusted
domains didn't finish before the first winbind request that triggers the
idmap child fork comes along.

The previous commits added the domain SID as an additional argument to
the wbint_UnixIDs2Sids request, storing the domain SID in struct
idmap_domain.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13052

Signed-off-by: Ralph Boehme 
Reviewed-by: Volker Lendecke 
(cherry picked from commit 108675c4cf4c3d5bd29468255743423a56bd1471)

commit 5724d651c450a1980ec5899e1afa870060c7ae59
Author: Ralph Boehme 
Date:   Mon Sep 25 15:39:39 2017 +0200

winbindd: pass domain SID to wbint_UnixIDs2Sids

This makes the domain SID available to the idmap child for
wbint_UnixIDs2Sids mapping request. It's not used yet anywhere, this
comes in the next commit.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13052

Signed-off-by: Ralph Boehme 
Reviewed-by: Volker Lendecke 
(cherry picked from commit 71f99cb132f4c26f9febac6cb7dcd79f4940216a)

commit 5ffedec128d6087eecc447a3ea7ef1e507e08b41
Author: Ralph Boehme 
Date:   Mon Sep 25 13:25:57 2017 +0200

winbindd: add domain SID to idmap mapping domains

Fetch the domain SID for every domain in the idmap-domain map. This is
in preperation of passing the domain SID as an additional argument to
xid2sid requests to the idmap child.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13052

Signed-off-by: Ralph Boehme 
Reviewed-by: Volker Lendecke 
(cherry picked from commit 59438bfd3d3551195582cf88bd1109c3cbc7e12a)

commit dce01acabed7fc8e8ad35369971f0cfd2ddefbc3
Author: Volker Lendecke 
Date:   Wed Nov 29 18:55:21 2017 +0100

pthreadpool: Add a test for the race condition fixed in the last commit

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13179
Signed-off-by: Volker Lendecke 
Reviewed-by: Jeremy Allison 
(cherry picked from commit 53f7bbca0451e4f57cdbe8ab4f67f601fe8d40c1)

commit b418ab369876f6aff08ee564a7f07d9e5dc0bcc0
Author: Volker Lendecke 
Date:   Wed Nov 29 16:45:40 2017 +0100

pthreadpool: Fix starvation after fork

After the race is before the race:

1) Create an idle thread
2) Add a job: This won't create a thread anymore
3) Immediately fork

The idle thread will be woken twice before it's actually woken up: Both
pthreadpool_add_job and pthreadpool_prepare_pool call cond_signal, for
different reasons. We must look at pool->prefork_cond first because 
otherwise
we will end up in a blocking job deep within a

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-12-13 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  2d1d00b s3: libsmb: Fix reversing of oldname/newname paths when 
creating a reparse point symlink on Windows from smbclient.
   via  3f1f2a8 s3: client: Rename  to  in 
cmd_symlink() and cli_posix_symlink().
   via  61140f4 pthreadpool: Fix deadlock
   via  086b453 pthreadpool: Add test for pthread_create failure
   via  a677717 wscript: Add check for --wrap linker flag
   via  fcc8616 pthreadpool: Undo put_job when returning error
   via  c43c888 pthreadpool: Move creating of thread to new function
   via  97a9e81 ctdb-daemon: Send STARTUP control after startup event
   via  6f7215f ctdb-takeover: Send tcp tickles immediately on STARTUP 
control
   via  0fdc82e ctdb-takeover: Refactor code to send tickle lists for all 
public IPs
  from  5bb2b9c vfs_zfsacl: fix compilation error

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 2d1d00bdd0f1acf66c6700488f4a3e3970b722a1
Author: Jeremy Allison 
Date:   Wed Nov 29 13:16:43 2017 -0800

s3: libsmb: Fix reversing of oldname/newname paths when creating a reparse 
point symlink on Windows from smbclient.

This happened as smbd doesn't support reparse points so we couldn't test.
This was the reverse of the (tested) symlink parameters in the unix 
extensions
symlink command.

Rename parameters to link_target instead of oldname so this is clearer.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13172

Signed-off-by: Jeremy Allison 
Reviewed-by: Volker Lendecke 
(cherry picked from commit abbc9b9ab793d22bca6a37828f4375ef38c56dd3)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Wed Dec 13 14:19:59 CET 2017 on sn-devel-144

commit 3f1f2a82896fb7f506b4671a95613365e9250f46
Author: Jeremy Allison 
Date:   Wed Nov 29 13:10:25 2017 -0800

s3: client: Rename  to  in cmd_symlink() and 
cli_posix_symlink().

Stops us from mixing up the old and new names. Only behavior change
is correcting the names printed in the error messages.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13172

Signed-off-by: Jeremy Allison 
Reviewed-by: Volker Lendecke 
(cherry picked from commit 8448dcaa8da78bcb84fca6a000c75e256bce1e77)

commit 61140f4b47488018ec3d505a390f55640dd724d8
Author: Volker Lendecke 
Date:   Tue Dec 12 23:07:39 2017 +0100

pthreadpool: Fix deadlock

Christof's idea from

https://lists.samba.org/archive/samba-technical/2017-December/124384.html

was that the thread already exited. It could also be that the thread is
not yet idle when the new pthreadpool_add_jobs comes around the corner.

Signed-off-by: Volker Lendecke 
Reviewed-by: Christof Schmitt 

Autobuild-User(master): Christof Schmitt 
Autobuild-Date(master): Wed Dec 13 04:46:12 CET 2017 on sn-devel-144

(cherry picked from commit dfc4670640341761b346065922a62a3e755e9e58)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13170

commit 086b45389fe825f461f04de00b90c98ff5f335b9
Author: Christof Schmitt 
Date:   Wed Dec 6 15:10:23 2017 -0700

pthreadpool: Add test for pthread_create failure

This is implemented using cmocka and the __wrap override for
pthread_create.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13170

Signed-off-by: Christof Schmitt 

Autobuild-User(master): Christof Schmitt 
Autobuild-Date(master): Fri Dec  8 13:54:20 CET 2017 on sn-devel-144

(cherry picked from commit 8cdb3995caf7a21d0c27a56a0bf0c1efd5b491e4)

commit a6777171c0a4e0a8bdda9bf160193773c6b93838
Author: Christof Schmitt 
Date:   Thu Dec 7 10:42:30 2017 -0700

wscript: Add check for --wrap linker flag

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13170

Signed-off-by: Christof Schmitt 
Reviewed-by: Andreas Schneider 
(cherry picked from commit 8e17be1c3df09c238560c8a7e62c17e9f9ff9bc7)

commit fcc8616450f16850ba1d35fb3d7529c784b615f2
Author: Christof Schmitt 
Date:   Tue Nov 28 10:59:06 2017 -0700

pthreadpool: Undo put_job when returning error

When an error is returned to the caller of pthreadpool_add_job, the job
should not be kept in the internal job array. Otherwise the caller might
free the data structure and a later worker thread would still reference
it.

When it is not possible to create a single worker thread, the system
might be out of resources or hitting a configured limit. In this case
fall back to

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-12-07 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  5bb2b9c vfs_zfsacl: fix compilation error
  from  8a313c8 winbindd: let normalize_name_map() call 
find_domain_from_name_noinit()

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 5bb2b9c9a3e296e84130b85718a0bb1f037588e8
Author: Ralph Boehme 
Date:   Sat Oct 28 16:13:16 2017 +0200

vfs_zfsacl: fix compilation error

Bug: https://bugzilla.samba.org/show_bug.cgi?id=6133

Signed-off-by: Ralph Boehme 
Reviewed-by: Jeremy Allison 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Thu Nov  2 03:16:11 CET 2017 on sn-devel-144

(cherry picked from commit 11da1e5c056c92fd7f51ecce0285628cac65f174)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Thu Dec  7 14:19:57 CET 2017 on sn-devel-144

---

Summary of changes:
 source3/modules/vfs_zfsacl.c | 10 ++
 1 file changed, 6 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c
index dd0f343..2e277c6 100644
--- a/source3/modules/vfs_zfsacl.c
+++ b/source3/modules/vfs_zfsacl.c
@@ -51,6 +51,7 @@ static NTSTATUS zfs_get_nt_acl_common(struct 
connection_struct *conn,
SMB_STRUCT_STAT sbuf;
const SMB_STRUCT_STAT *psbuf = NULL;
int ret;
+   bool is_dir;
 
if (VALID_STAT(smb_fname->st)) {
psbuf = _fname->st;
@@ -65,10 +66,7 @@ static NTSTATUS zfs_get_nt_acl_common(struct 
connection_struct *conn,
}
psbuf = 
}
-
-   if (S_ISDIR(psbuf->st_ex_mode) && (ace->aceMask & SMB_ACE4_ADD_FILE)) {
-   ace->aceMask |= SMB_ACE4_DELETE_CHILD;
-   }
+   is_dir = S_ISDIR(psbuf->st_ex_mode);
 
/* read the number of file aces */
if((naces = acl(smb_fname->base_name, ACE_GETACLCNT, 0, NULL)) == -1) {
@@ -115,6 +113,10 @@ static NTSTATUS zfs_get_nt_acl_common(struct 
connection_struct *conn,
aceprop.aceMask |= SMB_ACE4_SYNCHRONIZE;
}
 
+   if (is_dir && (aceprop.aceMask & SMB_ACE4_ADD_FILE)) {
+   aceprop.aceMask |= SMB_ACE4_DELETE_CHILD;
+   }
+
if(aceprop.aceFlags & ACE_OWNER) {
aceprop.flags = SMB_ACE4_ID_SPECIAL;
aceprop.who.special_id = SMB_ACE4_WHO_OWNER;


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-12-05 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  8a313c8 winbindd: let normalize_name_map() call 
find_domain_from_name_noinit()
   via  ac32a77 s3: libsmb: Fix valgrind read-after-free error in 
cli_smb2_close_fnum_recv().
   via  0fcdf5d testprogs: Test net ads keytab list
   via  aba1e91 s3:libads: net ads keytab list fails with "Key table name 
malformed"
   via  73d3e64 vfs_fruit: proper VFS-stackable conversion of FinderInfo
   via  3f94680 vfs_fruit: add AfpInfo prototypes
   via  2d3e21f s4/torture: fruit: in test_adouble_conversion() also check 
stream list and AFPINFO_STREAM
   via  3d90751 s4/torture: fruit: remove use of localdir from 
test_adouble_conversion test
   via  8946fc8 selftest: add "fruit:veto_appledouble = no" to fruit shares
   via  1143b2f s4/torture: let write_stream() deal with stream=NULL
   via  0b7e170 selftest: run AppleDouble sidecar-file conversion test runs 
against all fruit shares
   via  b9f7dd4 s4/torture: use torture_assert_goto in a vfs.fruit test
   via  e24e345 s4/torture: rework stream names tests usage of local xattr 
call
   via  1a2f564 selftest: add localdir option to fruit subtests
   via  590a4cf selftest: reorder arguments for fruit tests
   via  9990e6e s3/loadparm: don't mark IPC$ as autoloaded
   via  cecbc43 s3/loadparm: ensure default service options are not changed
   via  7dc2782 s3/loadparm: allocate a fresh sDefault object per lp_ctx
   via  e36b1ce Add vfs_zfsacl manpage to the list of manpages if we have 
this module enabled.
   via  b21d9f0 Fix typo in the "wide links" description for the getwd 
cache.
  from  39922b5 s4:samba: Allow samba daemon to run in foreground

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 8a313c8d6974f691b33a276fa4c7e2488733ba0d
Author: Ralph Boehme 
Date:   Mon Nov 27 12:42:44 2017 +0100

winbindd: let normalize_name_map() call find_domain_from_name_noinit()

Let normalize_name_map fetch the domain itself with
find_domain_from_name_noinit().

This removes two calls to find_domain_from_name_noinit() in the default
configuration of "winbind normalize names = no". The domain is only need
in normalize_name_map if "winbind normalize names" is enabled.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13173

Signed-off-by: Ralph Boehme 
Reviewed-by: Stefan Metzmacher 
(cherry picked from commit 1ce165a73350e802500c32435dbefe3639340435)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Tue Dec  5 14:48:41 CET 2017 on sn-devel-144

commit ac32a770fc1fad988629654039119278e0c1afa4
Author: Jeremy Allison 
Date:   Wed Nov 29 09:21:30 2017 -0800

s3: libsmb: Fix valgrind read-after-free error in 
cli_smb2_close_fnum_recv().

cli_smb2_close_fnum_recv() uses tevent_req_simple_recv_ntstatus(req), which
frees req, then uses the state pointer which was owned by req.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13171

Signed-off-by: Jeremy Allison 
Reviewed-by: Ralph Böhme 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Thu Nov 30 05:47:12 CET 2017 on sn-devel-144

(cherry picked from commit 5c8032b6b8ce4439b3ef8f43a62a419f081eb787)

commit 0fcdf5db90a05ee95c30ddfa32f3868702b77628
Author: Noel Power 
Date:   Fri Nov 24 07:06:27 2017 +

testprogs: Test net ads keytab list

Test that correct keytab is picked up.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13166

Signed-off-by: Noel Power 
Reviewed-by: Andreas Schneider 
Reviewed-by: Ralph Boehme 
(cherry picked from commit 4be05c835e9d8b8f13856d592aaf42b40ce397c2)

commit aba1e9199ddb18c229bf0def46a7caf333d2d618
Author: Noel Power 
Date:   Thu Nov 23 15:55:21 2017 +

s3:libads: net ads keytab list fails with "Key table name malformed"

When keytab_name is NULL don't call smb_krb5_kt_open use ads_keytab_open
instead, this function will determine the correct keytab to use.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13166

Signed-off-by: Noel Power 
Reviewed-by: Andreas Schneider 
Reviewed-by: Ralph Boehme 
(cherry picked from commit 3048ae318fc8b4d1b7663826972306372430a463)

commit 73d3e642f8c71177bc8f42afb6724a7f93ef5472
Author: Ralph Boehme 
Date:   Wed Nov 15 16:52:48 2017 +0100

vfs_fruit: proper VFS-stackable conversion of FinderInfo

This fixes the problem that conversion failed with
fruit:metadata=stream. Before we were calling ad_set()

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-11-30 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  39922b5 s4:samba: Allow samba daemon to run in foreground
   via  6182708 s4:samba: Do not segfault if we run into issues
   via  e41925e s4/smbd: set the process group.
  from  00dfe4c repl_meta_data: Fix removing of backlink on deleted objects

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 39922b5a6fa830fcf507354ae6c0a30be0a077cc
Author: Andreas Schneider 
Date:   Fri Nov 10 09:18:18 2017 +0100

s4:samba: Allow samba daemon to run in foreground

We are passing the no_process_group to become_daemon() that setsid() is
not called. In case we are double forking, we run in SysV daemon mode,
setsid() should be called!

See:
https://www.freedesktop.org/software/systemd/man/daemon.html

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13129

Signed-off-by: Andreas Schneider 
Reviewed-by: Andrew Bartlett 

(cherry picked from commit 8736013dc42c5755b75bbb2e843a290bcd545909)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Thu Nov 30 14:11:02 CET 2017 on sn-devel-144

commit 6182708d014e1c2b48eb3d5085eff23c35aba6b6
Author: Andreas Schneider 
Date:   Wed Nov 15 10:00:52 2017 +0100

s4:samba: Do not segfault if we run into issues

Signed-off-by: Andreas Schneider 
Reviewed-by: Andrew Bartlett 
(cherry picked from commit bfafabfb942668328401a3c89fc55b50dc56c209)

commit e41925e5ecfd245d690719e9e1fdf7054c21302e
Author: Gary Lockyer 
Date:   Mon Aug 21 15:12:04 2017 +1200

s4/smbd: set the process group.

Set the process group in the samba daemon, the --no-process-group option
allows this to be disabled.  The no-process-group option needs to be
disabled in self test.

Signed-off-by: Gary Lockyer 
Reviewed-by: Andrew Bartlett 
Reviewed-by: Ralph Boehme 

Autobuild-User(master): Ralph Böhme 
Autobuild-Date(master): Mon Sep 18 04:39:50 CEST 2017 on sn-devel-144

---

Summary of changes:
 selftest/target/Samba4.pm |  2 +-
 source3/smbd/server.c |  2 +-
 source4/smbd/server.c | 39 +++
 3 files changed, 37 insertions(+), 6 deletions(-)


Changeset truncated at 500 lines:

diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 772f982..6a1856e 100755
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -158,7 +158,7 @@ sub check_or_start($$$)
close($env_vars->{STDIN_PIPE});
open STDIN, ">&", $STDIN_READER or die "can't dup STDIN_READER 
to STDIN: $!";
 
-   exec(@preargs, Samba::bindir_path($self, "samba"), "-M", 
$process_model, "-i", "--maximum-runtime=$self->{server_maxtime}", 
$env_vars->{CONFIGURATION}, @optargs) or die("Unable to start samba: $!");
+   exec(@preargs, Samba::bindir_path($self, "samba"), "-M", 
$process_model, "-i", "--no-process-group", 
"--maximum-runtime=$self->{server_maxtime}", $env_vars->{CONFIGURATION}, 
@optargs) or die("Unable to start samba: $!");
}
$env_vars->{SAMBA_PID} = $pid;
print "DONE ($pid)\n";
diff --git a/source3/smbd/server.c b/source3/smbd/server.c
index 181bcd1..252b431 100644
--- a/source3/smbd/server.c
+++ b/source3/smbd/server.c
@@ -1592,7 +1592,7 @@ extern void build_options(bool screen);
struct poptOption long_options[] = {
POPT_AUTOHELP
{"daemon", 'D', POPT_ARG_NONE, NULL, OPT_DAEMON, "Become a daemon 
(default)" },
-   {"interactive", 'i', POPT_ARG_NONE, NULL, OPT_INTERACTIVE, "Run 
interactive (not a daemon)"},
+   {"interactive", 'i', POPT_ARG_NONE, NULL, OPT_INTERACTIVE, "Run 
interactive (not a daemon) and log to stdout"},
{"foreground", 'F', POPT_ARG_NONE, NULL, OPT_FORK, "Run daemon in 
foreground (for daemontools, etc.)" },
{"no-process-group", '\0', POPT_ARG_NONE, NULL, OPT_NO_PROCESS_GROUP, 
"Don't create a new process group" },
{"log-stdout", 'S', POPT_ARG_NONE, NULL, OPT_LOG_STDOUT, "Log to 
stdout" },
diff --git a/source4/smbd/server.c b/source4/smbd/server.c
index a8bad06..2349d5c 100644
--- a/source4/smbd/server.c
+++ b/source4/smbd/server.c
@@ -100,8 +100,16 @@ static void cleanup_tmp_files(struct loadparm_context 
*lp_ctx)
 {
char *path;
TALLOC_CTX *mem_ctx = talloc_new(NULL);
+   if (mem_ctx == NULL) {
+   exit_daemon("Failed to create memory context",
+   ENOMEM);
+   }
 
path = smbd_tmp_path(mem_ctx, lp_ctx, NULL);
+   if (path == NULL) {
+   exit_daemon("Failed to cleanup

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-11-29 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  00dfe4c repl_meta_data: Fix removing of backlink on deleted objects
   via  f2c4754 repl_meta_data: Allow delete of an object with dangling 
backlinks
   via  fe3ae81 selftest: Add more corruption cases for runtime and dbcheck
   via  09a311c selftest: add dbcheck tests for duplicate links
   via  ece46f7 dbcheck: detect and fix duplicate links
   via  c1860d1 dbcheck: only calculate linked attribute helper variables 
once in check_dn()
   via  7b67da4 dbcheck: remove indentation level
   via  27cdadf dsdb:extended_dn_store: implement 
DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS control
   via  aafcb73 dsdb:repl_meta_data: implement 
DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS control
   via  f0920ea s4:dsdb: allocate DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS 
oid
   via  67270b3 s4:schema_samba4: mark DSDB_CONTROL_INVALID_NOT_IMPLEMENTED 
1.3.6.1.4.1.7165.4.3.32 as allocated
   via  ee05047 selftest: Additional check for a backlink pointing at a 
deleted object
   via  df23dc8 selftest: Split out creation of complex (often invalid) 
links
   via  505936a selftest: Split out dbcheck runs from dangling_multi_valued 
test
   via  74688a2 selftest: add more dbcheck tests
   via  68bf275 dbcheck: Use the GUID as the DN to fix replPropertyMetaData
   via  b7c9edb dbcheck: Clarify error count bumping in deleted/gone DN 
handling
   via  ed4189f selftest: sort dbcheck output to avoid sort order impacting 
results
   via  45911b0 dbcheck: Allow removal of one-way links to missing objects
   via  e90e3d7 systemd: Start processes in forground and without a process 
group
  from  fe6da67 libnet_join: fix "net rpc oldjoin"

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 00dfe4cf9818abdc50da034fd931e29bc871b10c
Author: Andrej Gessel 
Date:   Thu Oct 19 17:16:37 2017 +0200

repl_meta_data: Fix removing of backlink on deleted objects

USER is memberOf GROUP and they both were deleted on W2K8R2 AD. Domain join 
ends
with error below.

Failed to apply records: 
../source4/dsdb/samdb/ldb_modules/repl_meta_data.c:421
8: Failed to remove backlink of memberOf when deleting 
CN=USER\0ADEL:a1f2a2cc-1
179-4734-b753-c121ed02a34c,CN=Deleted Objects,DC=samdom,DC=intern: 
dsdb_module_
search_dn: did not find base dn 
CN=GROUP\0ADEL:030d0be1-3ada-4b93-8371-927f2092
3116,CN=Deleted Objects,DC=samdom,DC=intern (0 results): Operations error
Failed to commit objects: 
WERR_GEN_FAILURE/NT_STATUS_INVALID_NETWORK_RESPONSE

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13120

Signed-off-by: Andrej Gessel 
Reviewed-by: Andrew Bartlett 
Reviewed-by: Stefan Metzmacher 
(cherry picked from commit 40bd7e145a68c9a58d6bc3c5526a12fdf0027729)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Wed Nov 29 13:43:37 CET 2017 on sn-devel-144

commit f2c47544dc8fd42680b1f90bc962e57fe915de45
Author: Andrew Bartlett 
Date:   Wed Nov 1 08:22:22 2017 +1300

repl_meta_data: Allow delete of an object with dangling backlinks

This should not happen, but stopping all replication because of it is a 
pain.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095

Signed-off-by: Andrew Bartlett 
Reviewed-by: Stefan Metzmacher 

Autobuild-User(master): Stefan Metzmacher 
Autobuild-Date(master): Fri Nov 24 19:53:50 CET 2017 on sn-devel-144

(cherry picked from commit 6cf7abbcfdad84fee57852862ebe44aa6115ca25)

commit fe3ae81cd9a5cf263da9cb373d07ebad4541727b
Author: Andrew Bartlett 
Date:   Wed Nov 1 09:02:01 2017 +1300

selftest: Add more corruption cases for runtime and dbcheck

These tests now confirm we can handle these issues at runtime
as well as at dbcheck

Signed-off-by: Andrew Bartlett 
Reviewed-by: Stefan Metzmacher 
(cherry picked from commit 4815efc0e3f89079e7c9b868b7514ea7c49a807c)

commit 09a311caa602265b18067d8cd155e91f33918b1a
Author: Stefan Metzmacher 
Date:   Thu Oct 26 14:42:23 2017 +0200

selftest: add dbcheck tests for duplicate links

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13095

Pair-Programmed-With: Andrew Bartlett 

Signed-off-by: Stefan Metzmacher 
Signed-off-by: Andrew Bartlett 
(cherry picked from commit 70bf809e0cdf84029022ca95fb83d17a0d6e36c0)

commit ece46f7278ed2633167d01f483cdb44858d0dd51
Author: Stefan Metzmacher 
Date:   Fri Oct 27 10:21:26 2017 +0200

dbcheck:

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-11-28 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  fe6da67 libnet_join: fix "net rpc oldjoin"
   via  72e69f5 s3:selftest: add samba3.blackbox.net_rpc_oldjoin test
  from  3ef93ab vfs_glusterfs: include glusterfs/api/glfs.h without relying 
on -I options

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit fe6da6730b5a7bc43fe8a060f00571cad783ee15
Author: Stefan Metzmacher 
Date:   Thu Nov 16 21:09:20 2017 +

libnet_join: fix "net rpc oldjoin"

We need to open the ncacn_np (smb) transport connection with
anonymous credentials.

In order to do netr_ServerPasswordSet*() we need to
establish a 2nd netlogon connection using dcerpc schannel
authentication.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13149

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Jeremy Allison 
(similar to commit d27f38d35bf111a5c0a898a5ef8b7dd0b320da0d)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Tue Nov 28 14:47:32 CET 2017 on sn-devel-144

commit 72e69f597fa7a16434de817903ee896128baeff1
Author: Stefan Metzmacher 
Date:   Fri Nov 17 15:51:36 2017 +0100

s3:selftest: add samba3.blackbox.net_rpc_oldjoin test

This demonstrates that "net rpc oldjoin" is currently broken.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13149

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Jeremy Allison 
(cherry picked from commit 9466796c87cc4ca8d32da553421cd8ecef1bb8e4)

---

Summary of changes:
 source3/libnet/libnet_join.c | 94 +---
 source3/script/tests/test_net_rpc_oldjoin.sh | 32 ++
 source3/selftest/tests.py|  4 ++
 3 files changed, 108 insertions(+), 22 deletions(-)
 create mode 100755 source3/script/tests/test_net_rpc_oldjoin.sh


Changeset truncated at 500 lines:

diff --git a/source3/libnet/libnet_join.c b/source3/libnet/libnet_join.c
index 591c177..903c93b 100644
--- a/source3/libnet/libnet_join.c
+++ b/source3/libnet/libnet_join.c
@@ -1044,12 +1044,23 @@ static NTSTATUS libnet_join_lookup_dc_rpc(TALLOC_CTX 
*mem_ctx,
NTSTATUS status, result;
union lsa_PolicyInformation *info = NULL;
struct dcerpc_binding_handle *b;
+   const char *account = r->in.admin_account;
+   const char *domain = r->in.admin_domain;
+   const char *password = r->in.admin_password;
+   bool use_kerberos = r->in.use_kerberos;
+
+   if (r->in.join_flags & WKSSVC_JOIN_FLAGS_JOIN_UNSECURE) {
+   account = "";
+   domain = "";
+   password = NULL;
+   use_kerberos = false;
+   }
 
status = libnet_join_connect_dc_ipc(r->in.dc_name,
-   r->in.admin_account,
-   r->in.admin_domain,
-   r->in.admin_password,
-   r->in.use_kerberos,
+   account,
+   domain,
+   password,
+   use_kerberos,
cli);
if (!NT_STATUS_IS_OK(status)) {
goto done;
@@ -1121,16 +1132,19 @@ static NTSTATUS 
libnet_join_joindomain_rpc_unsecure(TALLOC_CTX *mem_ctx,
struct cli_state *cli)
 {
TALLOC_CTX *frame = talloc_stackframe();
-   struct rpc_pipe_client *netlogon_pipe = NULL;
+   struct rpc_pipe_client *authenticate_pipe = NULL;
+   struct rpc_pipe_client *passwordset_pipe = NULL;
struct netlogon_creds_cli_context *netlogon_creds = NULL;
-   struct samr_Password current_nt_hash;
+   struct cli_credentials *cli_creds = NULL;
+   struct netlogon_creds_CredentialState *creds = NULL;
+   uint32_t netlogon_flags = 0;
size_t len = 0;
bool ok;
DATA_BLOB new_trust_blob = data_blob_null;
NTSTATUS status;
 
status = cli_rpc_pipe_open_noauth(cli, _table_netlogon,
- _pipe);
+ _pipe);
if (!NT_STATUS_IS_OK(status)) {
TALLOC_FREE(frame);
return status;
@@ -1148,31 +1162,67 @@ static NTSTATUS 
libnet_join_joindomain_rpc_unsecure(TALLOC_CTX *mem_ctx,
}
}
 
+   cli_creds = cli_credentials_init(talloc_tos());
+   if (cli_creds == NULL) {
+   TALLOC_FREE(frame);
+   return NT_STATUS_NO_MEMORY;
+   }
+
+   cli_credentials_set_username(cli_creds,

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-11-24 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  3ef93ab vfs_glusterfs: include glusterfs/api/glfs.h without relying 
on -I options
  from  710c2ad ctdb-common: Call missing tevent_wakeup_recv() in 
sock_daemon

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 3ef93aba153fc262ca093e6440457fbc170e50ce
Author: Niels de Vos 
Date:   Tue Oct 31 15:52:49 2017 +0100

vfs_glusterfs: include glusterfs/api/glfs.h without relying on -I options

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13125

The glfs.h header file has always resided under glusterfs/api/ in the
standard include directory. The glusterfs-api.pc file adds the unneeded
-I${includedir}/glusterfs compiler option. This option will be removed
from future versions of the pkg-config file.

This change can safely be backported to older versions if there is a
need to have them build against glusterfs-3.13 or newer.

URL: https://review.gluster.org/18576
CC: Andrea Bolognani 
Signed-off-by: Niels de Vos 
Reviewed-by: Andreas Schneider 
Reviewed-by: Guenther Deschner 

Autobuild-User(master): Günther Deschner 
Autobuild-Date(master): Thu Nov  9 22:37:30 CET 2017 on sn-devel-144

(cherry picked from commit 732ba3c84a2d40040550ea36b0478dd6af9a173a)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Fri Nov 24 16:23:43 CET 2017 on sn-devel-144

---

Summary of changes:
 source3/modules/vfs_glusterfs.c | 2 +-
 source3/wscript | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c
index 32074cb..55a9467 100644
--- a/source3/modules/vfs_glusterfs.c
+++ b/source3/modules/vfs_glusterfs.c
@@ -38,7 +38,7 @@
 #include "includes.h"
 #include "smbd/smbd.h"
 #include 
-#include "api/glfs.h"
+#include 
 #include "lib/util/dlinklist.h"
 #include "lib/util/tevent_unix.h"
 #include "smbd/globals.h"
diff --git a/source3/wscript b/source3/wscript
index 8fa51fb..f3b6d33 100644
--- a/source3/wscript
+++ b/source3/wscript
@@ -1588,10 +1588,10 @@ main() {
 if Options.options.with_glusterfs:
 conf.CHECK_CFG(package='glusterfs-api', args='"glusterfs-api >= 4" 
--cflags --libs',
msg='Checking for glusterfs-api >= 4', 
uselib_store="GFAPI")
-conf.CHECK_HEADERS('api/glfs.h', lib='gfapi')
+conf.CHECK_HEADERS('glusterfs/api/glfs.h', lib='gfapi')
 conf.CHECK_LIB('gfapi', shlib=True)
 
-if conf.CONFIG_SET('HAVE_API_GLFS_H'):
+if conf.CONFIG_SET('HAVE_GLUSTERFS_API_GLFS_H'):
 if Options.options.with_acl_support:
  conf.DEFINE('HAVE_GLUSTERFS', '1')
 else:


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-11-22 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  710c2ad ctdb-common: Call missing tevent_wakeup_recv() in 
sock_daemon
   via  e4cce45 ctdb-daemon: Allocate deferred calls off calling context
   via  f398a79 winbind: Remove winbind_messaging_context
   via  bbe5614 winbind: winbind_messaging_context -> 
server_messaging_context
   via  3aaa48c winbind: Remove winbind_event_context
   via  f6a9d34 winbind: Replace winbind_event_context with 
server_event_context
   via  58e728a s3: smbclient: tests: Test "volume" command over SMB1 and 
SMB2+.
   via  ea297d6 s3: smbclient: Implement "volume" command over SMB2.
  from  cb6ec4d VERSION: Bump version up to 4.7.4...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 710c2ade8c2c30d4e86b0343f16ceec7c1d28b15
Author: Amitay Isaacs 
Date:   Fri Nov 10 12:18:01 2017 +1100

ctdb-common: Call missing tevent_wakeup_recv() in sock_daemon

https://bugzilla.samba.org/show_bug.cgi?id=13153

Signed-off-by: Amitay Isaacs 
Reviewed-by: Martin Schwenke 
(cherry picked from commit 49308f7f22f3d6fa05cc81fdef3db020e503fa9f)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Wed Nov 22 16:57:01 CET 2017 on sn-devel-144

commit e4cce452e7dc1629e3680b14ab1dbdecd887f08e
Author: Amitay Isaacs 
Date:   Thu Oct 19 14:58:18 2017 +1100

ctdb-daemon: Allocate deferred calls off calling context

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13152

This makes sure that if a client disconnects, all the deferred calls
from the client are correctly freed.

Signed-off-by: Amitay Isaacs 
Reviewed-by: Martin Schwenke 
(cherry picked from commit 848f2425984667c243ccac847b8f48a66ce10178)

commit f398a79dedc477fcce4848bb56bca4a504c0452f
Author: Volker Lendecke 
Date:   Fri Nov 17 11:47:37 2017 +0100

winbind: Remove winbind_messaging_context

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13150

Signed-off-by: Volker Lendecke 
Reviewed-by: Jeremy Allison 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Sat Nov 18 04:07:24 CET 2017 on sn-devel-144

(cherry picked from commit 050ca45dc7fc5bbab6e1c60b919ac0b1e9661e27)

commit bbe5614e312109834a61a1c2f9f1ad501b351900
Author: Volker Lendecke 
Date:   Fri Nov 17 11:42:34 2017 +0100

winbind: winbind_messaging_context -> server_messaging_context

Don't use winbind_messaging_context anymore.

This fixes a bug analysed by Peter Somogyi : If a
parent winbind forks, it only called reinit_after_fork on
winbind_messaging_context. On the other hand, deep in dbwrap_open we use
server_messaging_context(). This is not reinitialized by
winbind_reinit_after fork, so the parent and child share a ctdb
connection. This is invalid, because replies from ctdb end up in the
wrong process.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13150

Signed-off-by: Volker Lendecke 
Reviewed-by: Jeremy Allison 
(cherry picked from commit d8a01d09c13728f36107f6eb94ecb7653706a4db)

commit 3aaa48c8c3f702fb9a72df967ae231f409d5c3cf
Author: Volker Lendecke 
Date:   Fri Nov 17 11:37:30 2017 +0100

winbind: Remove winbind_event_context

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13150

Signed-off-by: Volker Lendecke 
Reviewed-by: Jeremy Allison 
(cherry picked from commit e1f12acc13a3cc004518ac3460c6000ea0b95115)

commit f6a9d3485c590bb4629b27946a2e97f667bc7c6e
Author: Volker Lendecke 
Date:   Fri Nov 17 11:35:19 2017 +0100

winbind: Replace winbind_event_context with server_event_context

There's no point in having two global event contexts

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13150

Signed-off-by: Volker Lendecke 
Reviewed-by: Jeremy Allison 
(cherry picked from commit 7e83d1489406cd53d72097e40bf02295c88ea61e)

commit 58e728ac7bbc2702c0c76f073215a92bd8685b7f
Author: Jeremy Allison 
Date:   Tue Nov 14 15:54:19 2017 -0800

s3: smbclient: tests: Test "volume" command over SMB1 and SMB2+.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13140

Signed-off-by: Jeremy Allison 
Reviewed-by: Andreas Schneider 

Autobuild-User(master): Andreas Schneider 
Autobuild-Date(master): Wed Nov 15 19:50:54 CET 2017 on sn-devel-144

(cherry picked from commit f8cd211acc3824e01d89a6f8bc39aa5cd54e)

commit

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-11-22 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  cb6ec4d VERSION: Bump version up to 4.7.4...
   via  641af30 Merge tag 'samba-4.7.3' into v4-7-test
   via  d0b59a5 VERSION: Disable GIT_SNAPSHOT for the 4.7.3 release.
   via  6dc9b5f WHATSNEW: Add release notes for Samba 4.7.3.
   via  8c08a4e s3: smbd: Chain code can return uninitialized memory when 
talloc buffer is grown.
   via  7e17418 s3: smbd: Fix SMB1 use-after-free crash bug. CVE-2017-14746
  from  7b28a97 s3: libsmb: smbc_statvfs is missing the supporting SMB2 
calls.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit cb6ec4d50ebc5eb89ef6cff3c4d8f887d329da1b
Author: Karolin Seeger 
Date:   Wed Nov 22 09:08:06 2017 +0100

VERSION: Bump version up to 4.7.4...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger 

commit 641af304b9d1d55951376a57b41d8396658714e4
Merge: 7b28a97 d0b59a5
Author: Karolin Seeger 
Date:   Wed Nov 22 09:07:45 2017 +0100

Merge tag 'samba-4.7.3' into v4-7-test

samba: tag release samba-4.7.3

---

Summary of changes:
 VERSION|  2 +-
 WHATSNEW.txt   | 75 --
 source3/smbd/process.c |  7 +++--
 source3/smbd/reply.c   |  5 
 source3/smbd/srvstr.c  | 14 ++
 5 files changed, 97 insertions(+), 6 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index 0ba31a3..6be993b 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=7
-SAMBA_VERSION_RELEASE=3
+SAMBA_VERSION_RELEASE=4
 
 
 # If a official release has a serious bug  #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 8074a83..4e403ae 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,75 @@
=
+   Release Notes for Samba 4.7.3
+ November 21, 2017
+   =
+
+
+This is a security release in order to address the following defects:
+
+o  CVE-2017-14746 (Use-after-free vulnerability.)
+o  CVE-2017-15275 (Server heap memory information leak.)
+
+
+===
+Details
+===
+
+o  CVE-2017-14746:
+   All versions of Samba from 4.0.0 onwards are vulnerable to a use after
+   free vulnerability, where a malicious SMB1 request can be used to
+   control the contents of heap memory via a deallocated heap pointer. It
+   is possible this may be used to compromise the SMB server.
+
+o  CVE-2017-15275:
+   All versions of Samba from 3.6.0 onwards are vulnerable to a heap
+   memory information leak, where server allocated heap memory may be
+   returned to the client without being cleared.
+
+   There is no known vulnerability associated with this error, but
+   uncleared heap memory may contain previously used data that may help
+   an attacker compromise the server via other methods. Uncleared heap
+   memory may potentially contain password hashes or other high-value
+   data.
+
+For more details and workarounds, please see the security advisories:
+
+   o https://www.samba.org/samba/security/CVE-2017-14746.html
+   o https://www.samba.org/samba/security/CVE-2017-15275.html
+
+
+Changes since 4.7.2:
+
+
+o  Jeremy Allison 
+   * BUG 13041: CVE-2017-14746: s3: smbd: Fix SMB1 use-after-free crash bug.
+   * BUG 13077: CVE-2017-15275: s3: smbd: Chain code can return uninitialized
+ memory when talloc buffer is grown.
+
+
+###
+Reporting bugs & Development Discussion
+###
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+==
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==
+
+
+Release notes for older releases follow:
+
+
+   =
Release Notes for Samba 4.7.2
  November 15, 2017
=
@@ -51,8 +122,8 @@ database (https://bugzilla.samba.org/).

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-11-20 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  7b28a97 s3: libsmb: smbc_statvfs is missing the supporting SMB2 
calls.
   via  6f18428 libsmbclient: Allow server (NetApp) to return 
STATUS_INVALID_PARAMETER from an echo.
  from  70d7a5c VERSION: Bump version up to 4.7.3...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 7b28a97a7f5125022d784f0f633ad17f79843535
Author: Jeremy Allison 
Date:   Tue Nov 14 13:52:03 2017 -0800

s3: libsmb: smbc_statvfs is missing the supporting SMB2 calls.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13138

Signed-off-by: Jeremy Allison 
Reviewed-by: Andreas Schneider 
(cherry picked from commit eefc7a27155b70d027b1193187dd435267d863ea)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Mon Nov 20 17:19:21 CET 2017 on sn-devel-144

commit 6f184288eb2d3eab0dfe6f50bce3b6b51496e437
Author: Jeremy Allison 
Date:   Fri Sep 8 16:20:34 2017 -0700

libsmbclient: Allow server (NetApp) to return STATUS_INVALID_PARAMETER from 
an echo.

It does this if we send a session ID of zero. The server still replied.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13007

Signed-off-by: Jeremy Allison 
Reviewed-by: Andreas Schneider 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Sat Nov 11 08:44:37 CET 2017 on sn-devel-144

(cherry picked from commit a0f6ea8dec1ab3d19bc93da12a9b0a1c0ccf6142)

---

Summary of changes:
 source3/client/client.c|  8 +++-
 source3/libsmb/cli_smb2_fnum.c | 97 ++
 source3/libsmb/cli_smb2_fnum.h |  6 +++
 source3/libsmb/clifsinfo.c |  9 
 source3/libsmb/libsmb_server.c | 11 -
 5 files changed, 129 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/client/client.c b/source3/client/client.c
index b4a6c7d..9c57375 100644
--- a/source3/client/client.c
+++ b/source3/client/client.c
@@ -5900,7 +5900,13 @@ static void readline_callback(void)
/* Ping the server to keep the connection alive using SMBecho. */
memset(garbage, 0xf0, sizeof(garbage));
status = cli_echo(cli, 1, data_blob_const(garbage, sizeof(garbage)));
-   if (NT_STATUS_IS_OK(status)) {
+   if (NT_STATUS_IS_OK(status) ||
+   NT_STATUS_EQUAL(status, NT_STATUS_INVALID_PARAMETER)) {
+   /*
+* Even if server returns NT_STATUS_INVALID_PARAMETER
+* it still responded.
+* BUG: https://bugzilla.samba.org/show_bug.cgi?id=13007
+*/
return;
}
 
diff --git a/source3/libsmb/cli_smb2_fnum.c b/source3/libsmb/cli_smb2_fnum.c
index a478c41..89cb1f4 100644
--- a/source3/libsmb/cli_smb2_fnum.c
+++ b/source3/libsmb/cli_smb2_fnum.c
@@ -1993,6 +1993,103 @@ NTSTATUS cli_smb2_dskattr(struct cli_state *cli, const 
char *path,
 }
 
 /***
+ Wrapper that allows SMB2 to query file system sizes.
+ Synchronous only.
+***/
+
+NTSTATUS cli_smb2_get_fs_full_size_info(struct cli_state *cli,
+   uint64_t *total_allocation_units,
+   uint64_t *caller_allocation_units,
+   uint64_t *actual_allocation_units,
+   uint64_t *sectors_per_allocation_unit,
+   uint64_t *bytes_per_sector)
+{
+   NTSTATUS status;
+   uint16_t fnum = 0x;
+   DATA_BLOB outbuf = data_blob_null;
+   struct smb2_hnd *ph = NULL;
+   TALLOC_CTX *frame = talloc_stackframe();
+
+   if (smbXcli_conn_has_async_calls(cli->conn)) {
+   /*
+* Can't use sync call while an async call is in flight
+*/
+   status = NT_STATUS_INVALID_PARAMETER;
+   goto fail;
+   }
+
+   if (smbXcli_conn_protocol(cli->conn) < PROTOCOL_SMB2_02) {
+   status = NT_STATUS_INVALID_PARAMETER;
+   goto fail;
+   }
+
+   /* First open the top level directory. */
+   status =
+   cli_smb2_create_fnum(cli, "", 0,   /* create_flags */
+FILE_READ_ATTRIBUTES, /* desired_access */
+FILE_ATTRIBUTE_DIRECTORY, /* file attributes */
+FILE_SHARE_READ | FILE_SHARE_WRITE |
+FILE_SHARE_DELETE, /* share_access */
+FILE_OPEN, /* create_disposition */
+

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-11-14 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  70d7a5c VERSION: Bump version up to 4.7.3...
   via  c5bb8ef VERSION: Disable GIT_SNAPSHOT for the 4.7.2 release.
   via  53b7208 WHATSNEW: Add release notes for Samba 4.7.2.
  from  d7a0721 s4: torture: kernel oplocks. Add 
smb2.kernel-oplocks.kernel_oplocks8

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 70d7a5c8dc5f73649440a9f50910d532e2eb2a34
Author: Karolin Seeger 
Date:   Tue Nov 14 13:24:15 2017 +0100

VERSION: Bump version up to 4.7.3...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger 

commit c5bb8ef9e793bb7cd82f8d53786f2c5daa431470
Author: Karolin Seeger 
Date:   Tue Nov 14 13:23:27 2017 +0100

VERSION: Disable GIT_SNAPSHOT for the 4.7.2 release.

Signed-off-by: Karolin Seeger 

commit 53b7208fd6814cd7a973f11663e7a1c83283411e
Author: Karolin Seeger 
Date:   Tue Nov 14 13:22:52 2017 +0100

WHATSNEW: Add release notes for Samba 4.7.2.

Signed-off-by: Karolin Seeger 

---

Summary of changes:
 VERSION  |  2 +-
 WHATSNEW.txt | 60 ++--
 2 files changed, 59 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index 0411083..0ba31a3 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=7
-SAMBA_VERSION_RELEASE=2
+SAMBA_VERSION_RELEASE=3
 
 
 # If a official release has a serious bug  #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 6de5de8..8074a83 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,60 @@
=
+   Release Notes for Samba 4.7.2
+ November 15, 2017
+   =
+
+
+This is an additional bugfix release to address a possible data corruption
+issue. Please update immediately! For details, please see
+
+  https://bugzilla.samba.org/show_bug.cgi?id=13130
+
+Samba 4.6.0 and newer is affected by this issue.
+
+
+Changes since 4.7.1:
+
+
+o  Jeremy Allison 
+   * BUG 13121: Non-smbd processes using kernel oplocks can hang smbd.
+
+o  Joe Guo 
+   * BUG 13127: python: use communicate to fix Popen deadlock.
+
+o  Volker Lendecke 
+   * BUG 13130: smbd on disk file corruption bug under heavy threaded load.
+
+o  Stefan Metzmacher 
+   * BUG 13130: tevent: version 0.9.34.
+
+o  Ralph Wuerthner 
+   * BUG 13118: s3: smbd: Fix delete-on-close after smb2_find.
+
+
+###
+Reporting bugs & Development Discussion
+###
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+==
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==
+
+
+Release notes for older releases follow:
+
+
+   =
Release Notes for Samba 4.7.1
  November 02, 2017
=
@@ -106,8 +162,8 @@ database (https://bugzilla.samba.org/).
 ==
 
 
-Release notes for older releases follow:
-
+--
+
 
=
Release Notes for Samba 4.7.0


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-11-14 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  d7a0721 s4: torture: kernel oplocks. Add 
smb2.kernel-oplocks.kernel_oplocks8
   via  6e276ca s3: smbd: kernel oplocks. Replace retry_open() with 
setup_kernel_oplock_poll_open().
   via  510b11d python: use communicate to fix Popen deadlock
   via  f1fe68f blackbox tests: method to check specific exit codes
   via  e45ab18 tevent: version 0.9.34
   via  cbd lib: tevent: Remove select backend.
  from  5ec68b2 tevent: Fix a race condition

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit d7a07213e478e1c30d153c7061eb8ae72dcb75c9
Author: Jeremy Allison 
Date:   Thu Nov 9 09:59:23 2017 -0800

s4: torture: kernel oplocks. Add smb2.kernel-oplocks.kernel_oplocks8

Test if the server blocks whilst waiting on a kernel lease held by
a non-smbd process.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13121

Signed-off-by: Jeremy Allison 
Reviewed-by: Ralph Boehme 

Autobuild-User(master): Ralph Böhme 
Autobuild-Date(master): Sat Nov 11 20:12:26 CET 2017 on sn-devel-144

(cherry picked from commit ad82557e1355107920ae80fd6a0df0f16d1bdb6c)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Tue Nov 14 16:59:15 CET 2017 on sn-devel-144

commit 6e276cab469da33a4499feca62858451bac63494
Author: Jeremy Allison 
Date:   Thu Nov 9 12:48:15 2017 -0800

s3: smbd: kernel oplocks. Replace retry_open() with 
setup_kernel_oplock_poll_open().

If a O_NONBLOCK open fails with EWOULDBLOCK, this code changes smbd to
do a retry open every second, until either the timeout or we get a 
successful
open. If we're opening a file that has a kernel lease set by a non-smbd
process, this is the best we can do.

Prior to this, smbd would block on the second open on such a leased file
(not using O_NONBLOCK) which freezes active clients.

Regression test to follow.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13121

Signed-off-by: Jeremy Allison 
Reviewed-by: Ralph Boehme 
(cherry picked from commit 47c13fc10a2c9709e9511b2ffcf0e1004497887d)

commit 510b11d0b675f91cd3cad4ea422538d197bbf6f1
Author: Joe Guo 
Date:   Fri Sep 15 16:13:26 2017 +1200

python: use communicate to fix Popen deadlock

`Popen.wait()` will deadlock when using stdout=PIPE and/or stderr=PIPE and 
the
child process generates large output to a pipe such that it blocks waiting 
for
the OS pipe buffer to accept more data. Use communicate() to avoid that.

Signed-off-by: Joe Guo 
Reviewed-by: Douglas Bagnall 
Reviewed-by: Andrew Bartlett 

Autobuild-User(master): Andrew Bartlett 
Autobuild-Date(master): Thu Oct 19 09:27:16 CEST 2017 on sn-devel-144

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13127

(cherry picked from commit 5dc773a5b00834c7a53130a73a48f49048bd55e8)

commit f1fe68f724022aa89d8a6c1aeb991257e0a047be
Author: Gary Lockyer 
Date:   Wed Aug 16 13:52:25 2017 +1200

blackbox tests: method to check specific exit codes

Signed-off-by: Gary Lockyer 
Reviewed-by: Douglas Bagnall 
Reviewed-by: Garming Sam 
(cherry picked from commit 74ebcf6dfc84b6aab6838fa99e12808eb6b913d9)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13127

commit e45ab18baeb665b5ec5a82adda288c92c731f11e
Author: Stefan Metzmacher 
Date:   Mon Nov 13 11:05:04 2017 +0100

tevent: version 0.9.34

* Remove unused select backend
* Fix a race condition in tevent_threaded_schedule_immediate()
  (bug #13130)

Signed-off-by: Stefan Metzmacher 

Autobuild-User(master): Stefan Metzmacher 
Autobuild-Date(master): Mon Nov 13 18:02:46 CET 2017 on sn-devel-144

(cherry picked from commit 2e573eead96b2e98dd8a15c9c8e470679e530392)

commit cbd6024ee4208cd7c5356f4c3fb68b8476b8
Author: Jeremy Allison 
Date:   Tue Sep 12 12:08:38 2017 -0700

lib: tevent: Remove select backend.

select() is no longer useful on modern systems.

Signed-off-by: Jeremy Allison 
Reviewed-by: Volker Lendecke 

Autobuild-User(master): Volker Lendecke 
Autobuild-Date(master): Sat Sep 16 08:35:39 CEST 2017 on sn-devel-144

(cherry picked from commit 2a003b1a576dcbbba0d60bae90427776a5c27867)

---

Summary of changes:

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-11-13 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  5ec68b2 tevent: Fix a race condition
   via  d41af5d s4: torture: Add smb2 FIND_and_set_DOC test case.
   via  007e8fe s3: smbd: Fix delete-on-close after smb2_find
   via  aebe7a4 s4: torture: kernel_oplocks. Create a regression test case 
for bug #13058.
   via  0b0d248 Revert "s3/smbd: fix deferred open with streams and kernel 
oplocks"
  from  2505c6c VERSION: Bump version up to 4.7.2...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 5ec68b2e44e5c0c4e6fae362c7e36ad99124faa8
Author: Volker Lendecke 
Date:   Fri Nov 10 21:22:26 2017 +0100

tevent: Fix a race condition

We can't rely on tctx to exist after we unlocked the mutex. It took a
while, but this does lead to data corruption. If *tctx is replaced with
something where tctx->wakeup_fd points to a real, existing file
descriptor, we're screwed. And by screwed, this means file corruption
on disk.

Again. I am not tall enough for this business.


http://bholley.net/blog/2015/must-be-this-tall-to-write-multi-threaded-code.html

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13130

Signed-off-by: Volker Lendecke 
Reviewed-by: Jeremy Allison 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Sat Nov 11 03:20:09 CET 2017 on sn-devel-144

(cherry picked from commit 20cfcb7dbc5dd099384b76a76e3d35cf627100b6)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Mon Nov 13 13:54:56 CET 2017 on sn-devel-144

commit d41af5d03dd7f8375e1295001d920007c113143c
Author: Ralph Wuerthner 
Date:   Fri Oct 27 14:59:32 2017 +0200

s4: torture: Add smb2 FIND_and_set_DOC test case.

Regression tests doing an SMB2_find followed by
a set delete on close and then close on a directory.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13118

Signed-off-by: Ralph Wuerthner 
Reviewed-by: Jeremy Allison 
Reviewed-by: Volker Lendecke 

Autobuild-User(master): Volker Lendecke 
Autobuild-Date(master): Sun Nov  5 12:31:12 CET 2017 on sn-devel-144

(cherry picked from commit 44c018bdcc2d81aaf667d11c0c8fae209419ddd7)

commit 007e8fe6a148217c91beb43cfe6865dd620802ff
Author: Ralph Wuerthner 
Date:   Fri Nov 3 22:33:28 2017 +

s3: smbd: Fix delete-on-close after smb2_find

Both dptr_create() and can_delete_directory_fsp() are calling OpenDir_fsp()
to get a directory handle. This causes an issue when delete-on-close is
set after smb2_find because both directory handle instances share the same
underlying file descriptor. In addition the SMB_ASSERT() in destructor
smb_Dir_destructor() gets triggered.

To avoid this use OpenDir() instead of OpenDir_fsp().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13118

Signed-off-by: Ralph Wuerthner 
Reviewed-by: Jeremy Allison 
Reviewed-by: Volker Lendecke 
(cherry picked from commit c9e996d78df3ce326a5c13f8f4f1426918769ceb)

commit aebe7a4974e71d449950ccde840128161205df3f
Author: Jeremy Allison 
Date:   Fri Nov 3 12:02:17 2017 -0700

s4: torture: kernel_oplocks. Create a regression test case for bug #13058.

It implements the following test case:

1. client of smbd-1 opens the file and sets the oplock.
2. client of smbd-2 tries to open the file. open() fails(EAGAIN) and open 
is deferred.
3. client of smbd-1 sends oplock break request to the client.
4. client of smbd-1 closes the file.
5. client of smbd-1 opens the file and sets the oplock.
6. client of smbd-2 calls defer_open_done(), sees that the file lease was 
not changed
and does not reschedule open.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13058

Signed-off-by: Jeremy Allison 
Reviewed-by: Ralph Böhme 
(cherry picked from commit 15597a95ecd2d1c2b7edce4942d489c95796951f)

commit 0b0d2485ea55e324577b01a880286183e14b2dac
Author: Jeremy Allison 
Date:   Fri Nov 3 21:47:01 2017 +

Revert "s3/smbd: fix deferred open with streams and kernel oplocks"

This reverts commit b35a296a27a0807c780f2a9e7af2f2e93feefaa8.

This was the cause of

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13058

1. client of smbd-1 opens the file and sets the oplock.
2. client of smbd-2 tries to open the file. open() fails(EAGAIN) and open 
is deferred.
3. client of smbd-1 sends oplock break request to the client.
4. client of smbd-1

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-11-02 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  2505c6c VERSION: Bump version up to 4.7.2...
   via  b174cb5 VERSION: Disable GIT_SNAPSHOTS for the Samba 4.7.1 release.
   via  e36b55c WHATSNEW: Add release notes for Samba 4.7.1.
  from  3c45cc8 s4:pyparam: Fix resource leaks on error

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 2505c6c4071f142571bde5809504e8665837d412
Author: Karolin Seeger 
Date:   Thu Nov 2 12:36:25 2017 +0100

VERSION: Bump version up to 4.7.2...

and re-enable GIT_SNAPSHOTS.

Signed-off-by: Karolin Seeger 

commit b174cb515385afc81e591a4b42d2bef1a2244c03
Author: Karolin Seeger 
Date:   Thu Nov 2 12:35:19 2017 +0100

VERSION: Disable GIT_SNAPSHOTS for the Samba 4.7.1 release.

Signed-off-by: Karolin Seeger 

commit e36b55c7ec27e2a9ee16c80123f452b79f83ca77
Author: Karolin Seeger 
Date:   Thu Nov 2 12:34:42 2017 +0100

WHATSNEW: Add release notes for Samba 4.7.1.

Signed-off-by: Karolin Seeger 

---

Summary of changes:
 VERSION  |   2 +-
 WHATSNEW.txt | 111 +++
 2 files changed, 112 insertions(+), 1 deletion(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index e927ea0..0411083 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=7
-SAMBA_VERSION_RELEASE=1
+SAMBA_VERSION_RELEASE=2
 
 
 # If a official release has a serious bug  #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 09c7be6..6de5de8 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,4 +1,115 @@
=
+   Release Notes for Samba 4.7.1
+ November 02, 2017
+   =
+
+
+This is the latest stable release of the Samba 4.7 release series.
+
+
+Changes since 4.7.0:
+
+
+o  Michael Adam 
+   * BUG 13091: vfs_glusterfs: Fix exporting subdirs with shadow_copy2.
+
+o  Jeremy Allison 
+   * BUG 13027: s3: smbd: Currently if getwd() fails after a chdir(), we panic.
+   * BUG 13068: s3: VFS: Ensure default SMB_VFS_GETWD() call can't return a
+ partially completed struct smb_filename.
+   * BUG 13069: sys_getwd() can leak memory or possibly return the wrong errno
+ on older systems.
+   * BUG 13093: 'smbclient' doesn't correctly canonicalize all local names
+ before use.
+
+o  Douglas Bagnall 
+   * BUG 13095: Fix broken linked attribute handling.
+
+o  Andrew Bartlett 
+   * BUG 12994: Missing LDAP query escapes in DNS rpc server.
+   * BUG 13087: replace: Link to -lbsd when building replace.c by hand.
+
+o  Ralph Boehme 
+   * BUG 6133: Cannot delete non-ACL files on Solaris/ZFS/NFSv4 ACL filesystem.
+   * BUG 7909: Map SYNCHRONIZE acl permission statically in zfs_acl vfs module.
+   * BUG 7933: Samba fails to honor SEC_STD_WRITE_OWNER bit with the
+ acl_xattr module.
+   * BUG 12991: s3/mdssvc: Missing assignment in sl_pack_float.
+   * BUG 12995: Wrong Samba access checks when changing DOS attributes.
+   * BUG 13062: samba_runcmd_send() leaves zombie processes on timeout
+   * BUG 13065: net: groupmap cleanup should not delete BUILTIN mappings.
+   * BUG 13076: Enabling vfs_fruit results in loss of Finder tags and other
+ xattrs.
+
+o  Alexander Bokovoy 
+   * BUG 9613: man pages: Properly ident lists.
+   * BUG 13081: smb.conf.5: Sort parameters alphabetically.
+
+o  Samuel Cabrero 
+   * BUG 12993: s3: spoolss: Fix GUID string format on GetPrinter info.
+
+o  Amitay Isaacs 
+   * BUG 13042: Remote serverid check doesn't check for the unique id.
+   * BUG 13056: CTDB starts consuming memory if there are dead nodes in the
+ cluster.
+   * BUG 13070: ctdb-common: Ignore event scripts with multiple '.'s.
+
+o  Lutz Justen 
+   * BUG 13046: libgpo doesn't sort the GPOs in the correct order.
+
+o  Volker Lendecke 
+   * BUG 13042: Remote serverid check doesn't check for the unique id.
+   * BUG 13090: vfs_catia: Fix a potential memleak.
+   * BUG 12903: Fix file change notification for renames.
+
+o  Gary Lockyer 
+   * BUG 12952: Samba DNS server does not honour wildcards.
+
+o  Stefan Metzmacher 
+   * BUG 13079:  Can't change password in samba from a Windows client if Samba
+ runs on IPv6 only interface.
+
+o  Anoop C S 
+   * BUG 13086:

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-11-01 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  3c45cc8 s4:pyparam: Fix resource leaks on error
   via  81047d0 s3:modules: Check correct variable for NULL in 
posixacl_xattr
   via  bdbbc80 s3:passdb: Make sure the salt is fully initialized before 
passing
   via  e4a4a43 s3:secrets: Do not leak memory of pw and old_pw
   via  bd6e153 s3:vfs_glusterfs: Fix a double free in vfs_gluster_getwd()
   via  8bb2f28 s4:scripting: Fix ntstatus_gen.h generation on 32bit
   via  8875241 ctdb-tests: Process-exists unit tests should wait until PID 
is registered
   via  020afdc ctdb-tests: Wait for fake_ctdbd to start, fail if it doesn't
   via  418c5c5 ctdb-tests: Skip starting fake_ctdbd when current node is 
disconnected
   via  4dc2604 ctdb-tests: Wait for ctdb_eventd to start, fail if it 
doesn't
   via  a3b2963 ctdb-tests: Allow wait_until() to be used in unit tests
   via  ab7d073 replmd: check for duplicate values in MOD_REPLACE case
   via  1167d46 linked attribute tests: test against duplicates in replace
   via  3379b70 s3: smbclient: Test we can rename with a name containing.
   via  5e86ee4 s3: smbclient: Ensure we call client_clean_name() before 
all operations on remote pathnames.
   via  f3f306c s3: client: Add new utility function client_clean_name().
   via  5e1abab vfs_glusterfs: Fix exporting subdirs with shadow_copy2
   via  9a5761b replace: Link to -lbsd when building replace.c by hand
   via  62e9e06 vfs_fruit: Replace closedir() by SMB_VFS_CLOSEDIR
   via  7963780 selftest: Also run smbtorture smb2.compound with aio enabled
   via  d9723a2 torture: Add testcase for compound CREATE-WRITE-CLOSE 
request
   via  f66d6cc smbd/aio: Do not go async for SMB2 compound requests
   via  c1dbeb2 smbd: Move check for SMB2 compound request to new function
  from  eec0b43 vfs_catia: Fix a potential memleak

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 3c45cc8a3abe2fcd7986a9db93bd83773640c864
Author: Andreas Schneider 
Date:   Wed Oct 25 19:25:20 2017 +0200

s4:pyparam: Fix resource leaks on error

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13101

Signed-off-by: Andreas Schneider 
Reviewed-by: Jeremy Allison 
(cherry picked from commit e56626e864492831a3dbbca2d4fb8f3281547a90)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Wed Nov  1 14:59:46 CET 2017 on sn-devel-144

commit 81047d00c909caec4211b60c8dd3a4c2e1118f49
Author: Andreas Schneider 
Date:   Wed Oct 25 19:55:32 2017 +0200

s3:modules: Check correct variable for NULL in posixacl_xattr

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13101

Signed-off-by: Andreas Schneider 
Reviewed-by: Jeremy Allison 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Fri Oct 27 04:54:22 CEST 2017 on sn-devel-144

(cherry picked from commit 327190893f5f3352a2e6abc4872b54092ee7de68)

commit bdbbc80a2c54724f4b31a7a1e0d95d04fa42e88c
Author: Andreas Schneider 
Date:   Wed Oct 25 19:50:57 2017 +0200

s3:passdb: Make sure the salt is fully initialized before passing

Otherwise the magic member is not initialized.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13101

Signed-off-by: Andreas Schneider 
Reviewed-by: Jeremy Allison 
(cherry picked from commit 5274beba4cf722a34403dc07bf287815a6df6281)

commit e4a4a4368200ad720859c5cd33eb173a33d5c078
Author: Andreas Schneider 
Date:   Wed Oct 25 19:30:28 2017 +0200

s3:secrets: Do not leak memory of pw and old_pw

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13101

Signed-off-by: Andreas Schneider 
Reviewed-by: Jeremy Allison 
(cherry picked from commit d6a418c13f0a41851ecc0579765502e076a5cd3b)

commit bd6e153f34efe86d2b5f63459254b65f7c863c3d
Author: Andreas Schneider 
Date:   Wed Oct 25 19:39:34 2017 +0200

s3:vfs_glusterfs: Fix a double free in vfs_gluster_getwd()

Found by cppcheck.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13100

Signed-off-by: Andreas Schneider 
Reviewed-by: Jeremy Allison 

(cherry picked from commit 16389bed0773952ca563b7bf1fecc2a737587257)

commit 8bb2f283dfb60189a0e0a44e572f463f76a56f6d
Author: Andreas Schneider 
Date:   Wed Oct 25 17:37:24 2017 +0200

s4:scripting: Fix ntstatus_gen.h generation on 32bit

The hex() function results in different output on 32bit systems. It adds
a L for long for some numbers. Thus we have a different header file.

This patch makes sure we

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-10-25 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  eec0b43 vfs_catia: Fix a potential memleak
   via  d179770 vfs_catia: Fix a memory leak
   via  43088b1 smb.conf.5: sort parameters alphabetically
   via  38d6051 krb5_wrap: ADDRTYPE_INET6 is available in all supported MIT 
versions
   via  64db83b krb5_wrap: KRB5_ADDRESS_INET6 is not a define in Heimdal
   via  779a5a9 s4/torture: vfs_fruit: test xattr unpacking
   via  4942194 s4/torture: vfs_fruit: replace AppleDouble data blob with 
xattr data
   via  76bd6dc vfs_fruit: on-access conversion of AppleDouble xattr data
   via  3a6ee04 vfs_fruit: static string fruit_catia_maps
   via  d076049 vfs_fruit: pass smb_fname to ad_convert
   via  266a416 vfs_fruit: unpack AppleDouble xattr header if present
   via  0a62033 vfs_fruit: allocate ad_data buffer up to 
AD_XATTR_MAX_HDR_SIZE bytes
   via  a0acb0f vfs_fruit: add AppleDouble xattr structure definitions
   via  9245b3f vfs_fruit: fix ftruncating resource fork
   via  e433622 vfs_catia: factor out mapping functions
   via  cc2f7d6 ctdb-tests: Add tests for event scripts with multiple '.'s
   via  fbac803 ctdb-common: Ignore event scripts with multiple '.'s
   via  7d36ecb s3: VFS: Protect errno if sys_getwd() fails across free() 
call.
   via  6b1971f s3: VFS: Ensure sys_getwd() doesn't leak memory on error on 
really old systems.
   via  e507bcd s3: VFS: Ensure default SMB_VFS_GETWD() call can't return a 
partially completed struct smb_filename.
   via  7070cfb net: groupmap cleanup should not delete BUILTIN mappings
   via  61dcee4 ctdb-common: Do not queue a packet if queue does not have 
valid fd
   via  433132e ctdb-tests: Send broadcast to connected nodes, not 
configured nodes
   via  6676099 ctdb-daemon: Send broadcast to connected nodes, not 
configured nodes
   via  7689bdd vfs_solarisacl: fix build for samba 4.7 and up
   via  7015e55 lib: gpo: Put enforced GPOs at the end of the list.
   via  953d05b lib: gpo: Fixes issue with GPOPTIONS_BLOCK_INHERITANCE.
   via  3e7a1d1 lib: gpo: Changes order to match GPO application order.
   via  9501b00 lib: Use CTDB_CONTROL_CHECK_PID_SRVID
   via  660a4cc lib: Add "unique_id" to ctdbd_process_exists
   via  f1da343 ctdb-tests: Add tests for client with multiple connections
   via  8455844 ctdb-tests: Add support for multiple ctdb connections in 
dummy_client
   via  f007f3c ctdb-tests: Check all connections from a process in 
CHECK_PID_SRVID control
   via  3893a71 ctdb-daemon: Check all connections from a process in 
CHECK_PID_SRVID control
   via  4c833aa ctdb-tests: Add tests for PID with srvid
   via  c3b6860 ctdb-tests: Implement control CHECK_PID_SRVID in fake daemon
   via  a93d844 ctdb-tests: Reimplement message handlers using srvid 
abstraction
   via  00fafb1 ctdb-tool: Update process-exists command to pass optional 
srvid
   via  ac799fb ctdb-client: Add client code for control CHECK_PID_SRVID
   via  be97d96 ctdb-daemon: Add implementation of control CHECK_PID_SRVID
   via  655c67f ctdb-protocol: Add marshalling for control CHECK_PID_SRVID
   via  cce9800 ctdb-protocol: Add marshalling for struct ctdb_pid_srvid
   via  ef9db44 ctdb-protocol: Add new control CTDB_CONTROL_CHECK_PID_SRVID
   via  29fae09 ctdb-common: Extend srvid_exists() check to support 
optional private_data
   via  0a99c01 s3: smbd: Currently if getwd() fails after a chdir(), we 
panic.
   via  df225fe s3/smbd: use correct access in get_file_handle_for_metadata
   via  12f19c3 s3/smbd: fix access checks in set_ea_dos_attribute()
   via  7fff450 s3/smbd: README.Coding fixes in set_ea_dos_attribute
   via  08e6e69 s3: spoolss: Fix GUID string format on GetPrinter info
   via  3d23c0c s3/mdssvc: missing assignment in sl_pack_float
   via  7f7b132 s4:rpc_server:backupkey: Move variable into scope
   via  925aa83 s4-dnsserver: Check for too many DNS results
   via  6ed5472 s4-dnsserver: Always encode user-supplied names when 
looking up DNS records
   via  e0d79ab samba-tool dns query: Allow '*' in names
   via  443b85c samba-tool dns: Test support of DNS wild card in names
   via  bf9ad97 dnsserver: Add support for dns wildcards
   via  086b68c dnsserver: Tighten DNS name checking
   via  d603ff0 dnsserver: Tests for dns wildcard entries
   via  8aa3ae4 s4/torture: add a test for rename change notification with 
inotify enabled
   via  70809cf selftest: run smb2.notify-inotify testsuite against 
fileserver
   via  f85dcf3 selftest: enable kernel change notifications in the 
fileserver environment
   via  9663cab messaging: Remove messaging_handler_send
   via  32cbcbe notifyd: Remove notifyd_handler_done
   via  a4e5da1 notifyd: Use messaging_register for MSG_SMB_NOTIFY_DB
   via  dea5b99 notifyd: Use messaging_register for

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-10-02 Thread Stefan Metzmacher 
The branch, v4-7-test has been updated
   via  6a67866 lib/util/run_cmd: use a cleanup function instead of a 
destructor
   via  31eefb6 lib/util/run_cmd: remove a printf
   via  c7f33ca lib/util/run_cmd: ensure fd_stdin gets set to -1 in the 
destructor
   via  634514a lib/util/run_cmd: prevent zombies in samba_runcmd_send on 
timeout
   via  3711ec4 selftest: Check re-opening sam.ldb corrects the @ATTRIBUTES 
and @INDEXLIST
  from  16594ab VERSION: Bump version up to 4.7.1...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 6a678665aec5ec026edb49841f037703ea2fd5a7
Author: Ralph Boehme 
Date:   Fri Sep 29 13:07:53 2017 +0200

lib/util/run_cmd: use a cleanup function instead of a destructor

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13062

Pair-programmed-with: Stefan Metzmacher 

Signed-off-by: Stefan Metzmacher 
Signed-off-by: Ralph Boehme 

Autobuild-User(master): Ralph Böhme 
Autobuild-Date(master): Sat Sep 30 12:14:57 CEST 2017 on sn-devel-144

(cherry picked from commit 6539cc8a24204697b20506896c401e7b40eee928)

Autobuild-User(v4-7-test): Stefan Metzmacher 
Autobuild-Date(v4-7-test): Mon Oct  2 13:17:15 CEST 2017 on sn-devel-144

commit 31eefb6c98418cdde9dcee383262a298ae956ac4
Author: Ralph Boehme 
Date:   Fri Sep 29 13:07:26 2017 +0200

lib/util/run_cmd: remove a printf

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13062

Pair-programmed-with: Stefan Metzmacher 

Signed-off-by: Stefan Metzmacher 
Signed-off-by: Ralph Boehme 
(cherry picked from commit 94a8331e5425b735f9e2c0121afc2fb108bec891)

commit c7f33ca3183a68be725587044ce8cf0c44d5d549
Author: Ralph Boehme 
Date:   Fri Sep 29 13:06:08 2017 +0200

lib/util/run_cmd: ensure fd_stdin gets set to -1 in the destructor

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13062

Pair-programmed-with: Stefan Metzmacher 

Signed-off-by: Stefan Metzmacher 
Signed-off-by: Ralph Boehme 
(cherry picked from commit 4aaf072d1fd732abf2cbea135d508260cdafa4eb)

commit 634514a8d431b45a070f1d052b552bcf5f0a3bee
Author: Ralph Boehme 
Date:   Fri Sep 29 12:45:24 2017 +0200

lib/util/run_cmd: prevent zombies in samba_runcmd_send on timeout

Ensure the state desctructor calls tfork_destroy to reap the waiter and
worker processes. Otherwise we leave the waiter process as a zombie
behind us as we never call waitpid on it in case of a timeout
or talloc_free() from the caller.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13062

Pair-programmed-with: Stefan Metzmacher 

Signed-off-by: Stefan Metzmacher 
Signed-off-by: Ralph Boehme 
(cherry picked from commit 9a8eeabd95afca2e88666b3e8f2af954dbf23ba9)

commit 3711ec4dafc098668eb0c1bee9dee62838024a59
Author: Andrew Bartlett 
Date:   Wed Sep 13 16:13:06 2017 +1200

selftest: Check re-opening sam.ldb corrects the @ATTRIBUTES and @INDEXLIST

https://bugzilla.samba.org/show_bug.cgi?id=13025

Signed-off-by: Andrew Bartlett 
Reviewed-by: Garming Sam 
(cherry picked from commit 51be27522caffde8a3806f8c0c877a0f85eaf398)

---

Summary of changes:
 lib/util/util_runcmd.c   | 19 +-
 python/samba/tests/dsdb_schema_attributes.py | 53 
 2 files changed, 64 insertions(+), 8 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/util/util_runcmd.c b/lib/util/util_runcmd.c
index 6077fdd..42d84a8 100644
--- a/lib/util/util_runcmd.c
+++ b/lib/util/util_runcmd.c
@@ -32,18 +32,21 @@
 #include "../lib/util/tfork.h"
 #include "../lib/util/sys_rw.h"
 
-static int samba_runcmd_state_destructor(struct samba_runcmd_state *state)
+static void samba_runcmd_cleanup_fn(struct tevent_req *req,
+   enum tevent_req_state req_state)
 {
-   if (state->pid > 0) {
-   kill(state->pid, SIGKILL);
-   waitpid(state->pid, NULL, 0);
-   state->pid = -1;
+   struct samba_runcmd_state *state = tevent_req_data(
+   req, struct samba_runcmd_state);
+
+   if (state->tfork != NULL) {
+   tfork_destroy(>tfork);
}
+   state->pid = -1;
 
if (state->fd_stdin != -1) {
close(state->fd_stdin);
+   state->fd_stdin = -1;
}
-   return 0;
 }
 
 static void samba_runcmd_io_handler(struct

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-09-21 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  16594ab VERSION: Bump version up to 4.7.1...
  from  d1e6984 VERSION: Disable GIT_SNAPSHOTS for the 4.7.0 release.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 16594ab0468b375154d5a164f1ff06796c53c7cd
Author: Karolin Seeger 
Date:   Thu Sep 21 08:29:04 2017 +0200

VERSION: Bump version up to 4.7.1...

and re-enable GIT_SNAPSHOTS.

Signed-off-by: Karolin Seeger 

---

Summary of changes:
 VERSION | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index d91963a..e927ea0 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=7
-SAMBA_VERSION_RELEASE=0
+SAMBA_VERSION_RELEASE=1
 
 
 # If a official release has a serious bug  #
@@ -99,7 +99,7 @@ SAMBA_VERSION_RC_RELEASE=
 # e.g. SAMBA_VERSION_IS_SVN_SNAPSHOT=yes   #
 #  ->  "3.0.0-SVN-build-199"   #
 
-SAMBA_VERSION_IS_GIT_SNAPSHOT=no
+SAMBA_VERSION_IS_GIT_SNAPSHOT=yes
 
 
 # This is for specifying a release nickname#


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-09-21 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  d1e6984 VERSION: Disable GIT_SNAPSHOTS for the 4.7.0 release.
   via  9c85af0 WHATSNEW: Add release notes for Samba 4.7.0.
  from  19df09e CVE-2017-12163: s3:smbd: Prevent client short SMB1 write 
from writing server memory to file.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit d1e69845e28c20a491c4cd60c712b46ddfcb9dc0
Author: Karolin Seeger 
Date:   Wed Sep 20 12:53:38 2017 +0200

VERSION: Disable GIT_SNAPSHOTS for the 4.7.0 release.

Signed-off-by: Karolin Seeger 

commit 9c85af09b66c9b2b2684f7b38ecb6135b888ec14
Author: Karolin Seeger 
Date:   Wed Sep 20 12:52:08 2017 +0200

WHATSNEW: Add release notes for Samba 4.7.0.

Signed-off-by: Karolin Seeger 

---

Summary of changes:
 VERSION  |  4 ++--
 WHATSNEW.txt | 30 ++
 2 files changed, 24 insertions(+), 10 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index d460d71..d91963a 100644
--- a/VERSION
+++ b/VERSION
@@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE=
 # e.g. SAMBA_VERSION_RC_RELEASE=1  #
 #  ->  "3.0.0rc1"  #
 
-SAMBA_VERSION_RC_RELEASE=7
+SAMBA_VERSION_RC_RELEASE=
 
 
 # To mark SVN snapshots this should be set to 'yes'#
@@ -99,7 +99,7 @@ SAMBA_VERSION_RC_RELEASE=7
 # e.g. SAMBA_VERSION_IS_SVN_SNAPSHOT=yes   #
 #  ->  "3.0.0-SVN-build-199"   #
 
-SAMBA_VERSION_IS_GIT_SNAPSHOT=yes
+SAMBA_VERSION_IS_GIT_SNAPSHOT=no
 
 
 # This is for specifying a release nickname#
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 4da5ae3..09c7be6 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,13 +1,11 @@
-Release Announcements
-=
+   =
+   Release Notes for Samba 4.7.0
+September 20, 2017
+   =
 
-This is the sixth release candidate of Samba 4.7.  This is *not*
-intended for production environments and is designed for testing
-purposes only.  Please report any defects via the Samba bug reporting
-system at https://bugzilla.samba.org/.
-
-Samba 4.7 will be the next version of the Samba suite.
 
+This is the first stable release of Samba 4.7.
+Please read the release notes carefully before upgrading.
 
 UPGRADING
 =
@@ -370,6 +368,22 @@ KNOWN ISSUES
 
https://wiki.samba.org/inFdex.php/Release_Planning_for_Samba_4.7#Release_blocking_bugs
 
 
+CHANGES SINCE 4.7.0rc6
+==
+
+o  CVE-2017-12150:
+   A man in the middle attack may hijack client connections.
+
+o  CVE-2017-12151:
+   A man in the middle attack can read and may alter confidential
+   documents transferred via a client connection, which are reached
+   via DFS redirect when the original connection used SMB3.
+
+o  CVE-2017-12163:
+   Client with write access to a share can cause server memory contents to be
+   written into a file or printer.
+
+
 CHANGES SINCE 4.7.0rc5
 ==
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-09-20 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  19df09e CVE-2017-12163: s3:smbd: Prevent client short SMB1 write 
from writing server memory to file.
   via  ecb3cfd CVE-2017-12151: s3:libsmb: make use of 
cli_state_is_encryption_on()
   via  c38e3a7 CVE-2017-12151: s3:libsmb: add cli_state_is_encryption_on() 
helper function
   via  e0fe5d0 CVE-2017-12150: s3:libsmb: only fallback to anonymous if 
authentication was not requested
   via  acd9dcb CVE-2017-12150: libcli/smb: add 
smbXcli_conn_signing_mandatory()
   via  dfd1156 CVE-2017-12150: auth/credentials: 
cli_credentials_authentication_requested() should check for 
NTLM_CCACHE/SIGN/SEAL
   via  d148d6d CVE-2017-12150: libgpo: make use of SMB_SIGNING_REQUIRED in 
gpo_connect_server()
   via  f737447 CVE-2017-12150: s3:pylibsmb: make use of 
SMB_SIGNING_DEFAULT for 'samba.samba3.libsmb_samba_internal'
   via  1b6684e CVE-2017-12150: s3:lib: get_cmdline_auth_info_signing_state 
smb_encrypt SMB_SIGNING_REQUIRED
   via  1217df5 CVE-2017-12150: s3:popt_common: don't turn a guessed 
username into a specified one
  from  f2f5ab6 VERSION: Bump version up to 4.7.0rc7...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 19df09e29a3c1daace945dfa9e5f7ba7c574a888
Author: Jeremy Allison 
Date:   Fri Sep 8 10:13:14 2017 -0700

CVE-2017-12163: s3:smbd: Prevent client short SMB1 write from writing 
server memory to file.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13020

Signed-off-by: Jeremy Allison 
Signed-off-by: Stefan Metzmacher 

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Wed Sep 20 16:20:07 CEST 2017 on sn-devel-144

commit ecb3cfd8982a6d6b610f98ca80362d3db4178b50
Author: Stefan Metzmacher 
Date:   Sat Dec 17 10:36:49 2016 +0100

CVE-2017-12151: s3:libsmb: make use of cli_state_is_encryption_on()

This will keep enforced encryption across dfs referrals.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12996

Signed-off-by: Stefan Metzmacher 

commit c38e3a7086164b1c58e003dd627b207ffcbe856e
Author: Stefan Metzmacher 
Date:   Mon Aug 14 12:13:18 2017 +0200

CVE-2017-12151: s3:libsmb: add cli_state_is_encryption_on() helper function

This allows to check if the current cli_state uses encryption
(either via unix extentions or via SMB3).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12996

Signed-off-by: Stefan Metzmacher 

commit e0fe5d09082509c8a11720f683264ffac21e7a75
Author: Stefan Metzmacher 
Date:   Mon Dec 12 06:07:56 2016 +0100

CVE-2017-12150: s3:libsmb: only fallback to anonymous if authentication was 
not requested

With forced encryption or required signing we should also don't fallback.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997

Signed-off-by: Stefan Metzmacher 

commit acd9dcb671fdc4cd543ddf76918e70599cb09259
Author: Stefan Metzmacher 
Date:   Tue Aug 29 15:35:49 2017 +0200

CVE-2017-12150: libcli/smb: add smbXcli_conn_signing_mandatory()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997

Signed-off-by: Stefan Metzmacher 

commit dfd11569de24064bcf8a4348b4b5271807dd501b
Author: Stefan Metzmacher 
Date:   Tue Aug 29 15:24:14 2017 +0200

CVE-2017-12150: auth/credentials: 
cli_credentials_authentication_requested() should check for 
NTLM_CCACHE/SIGN/SEAL

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997

Signed-off-by: Stefan Metzmacher 

commit d148d6df0b39e0c2c31ba8fc1d31207a4c852af0
Author: Stefan Metzmacher 
Date:   Mon Dec 12 05:49:46 2016 +0100

CVE-2017-12150: libgpo: make use of SMB_SIGNING_REQUIRED in 
gpo_connect_server()

It's important that we use a signed connection to get the GPOs!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997

Signed-off-by: Stefan Metzmacher 

commit f7374475c867cb8a71fe4cf07a6bfec9f148af0b
Author: Stefan Metzmacher 
Date:   Fri Dec 9 09:26:32 2016 +0100

CVE-2017-12150: s3:pylibsmb: make use of SMB_SIGNING_DEFAULT for 
'samba.samba3.libsmb_samba_internal'

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12997

Signed-off-by: Stefan Metzmacher 

commit 1b6684ea4e9c77229c5b9ef6399eb639ec39e50f
Author: Stefan Metzmacher 
Date:   Thu Nov 3 17:16:43 2016 +0100

CVE-2017-12150: s3:lib: get_cmdline_auth_info_signing_state smb_encrypt 
SMB_SIGNING_REQUIRED

This is an addition to the fixes for CVE-2015-5296.

It applies to smb2mount -e, smbcacls -e and smbcquotas -e.

BUG:

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-09-17 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  f2f5ab6 VERSION: Bump version up to 4.7.0rc7...
   via  33244e5 VERSION: Disable GIT_SNAPSHOT for the 4.7.0rc6 release.
   via  abb58c4 WHATSNEW: Prepare release notes for Samba 4.7.0rc6.
  from  d02af0b util_runcmd: Free the fde in event handler.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit f2f5ab69cd41d34879aa9fe22ee1de70ce057c4a
Author: Karolin Seeger 
Date:   Thu Sep 14 06:47:22 2017 -0700

VERSION: Bump version up to 4.7.0rc7...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger 

commit 33244e57d95e516bc088cd5a5ad39a9178c5889a
Author: Karolin Seeger 
Date:   Thu Sep 14 06:46:34 2017 -0700

VERSION: Disable GIT_SNAPSHOT for the 4.7.0rc6 release.

Signed-off-by: Karolin Seeger 

commit abb58c49f0cbd8ed46fdd9217fdf6250d0c0bc1e
Author: Karolin Seeger 
Date:   Thu Sep 14 06:45:45 2017 -0700

WHATSNEW: Prepare release notes for Samba 4.7.0rc6.

Signed-off-by: Karolin Seeger 

---

Summary of changes:
 VERSION  |  2 +-
 WHATSNEW.txt | 25 +++--
 2 files changed, 24 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index b880ed7..d460d71 100644
--- a/VERSION
+++ b/VERSION
@@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE=
 # e.g. SAMBA_VERSION_RC_RELEASE=1  #
 #  ->  "3.0.0rc1"  #
 
-SAMBA_VERSION_RC_RELEASE=6
+SAMBA_VERSION_RC_RELEASE=7
 
 
 # To mark SVN snapshots this should be set to 'yes'#
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 46a786c..4da5ae3 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,7 +1,7 @@
 Release Announcements
 =
 
-This is the fifth release candidate of Samba 4.7.  This is *not*
+This is the sixth release candidate of Samba 4.7.  This is *not*
 intended for production environments and is designed for testing
 purposes only.  Please report any defects via the Samba bug reporting
 system at https://bugzilla.samba.org/.
@@ -367,13 +367,15 @@ smb.conf changes
 KNOWN ISSUES
 
 
-https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.7#Release_blocking_bugs
+https://wiki.samba.org/inFdex.php/Release_Planning_for_Samba_4.7#Release_blocking_bugs
 
 
 CHANGES SINCE 4.7.0rc5
 ==
 
 o  Jeremy Allison 
+   * BUG 13003: s3: vfs: catia: compression get/set must act only on base 
file, and
+ must cope with fsp==NULL.
* BUG 13008: lib: crypto: Make smbd use the Intel AES instruction set for 
signing
  and encryption.
 
@@ -386,18 +388,37 @@ o  Andrew Bartlett 
* BUG 13017: Add ldb_ldif_message_redacted_string() to allow debug of 
redacted
  log messages, avoiding showing secret values.
* BUG 13023: ldb: version 1.2.2.
+   * BUG 13025: schema: Rework dsdb_schema_set_indices_and_attributes() db
+ operations.
+
+o  Alexander Bokovoy 
+   * BUG 13030: Install dcerpc/__init__.py for all Python environments.
 
 o  Ralph Boehme 
* BUG 13024: s3/smbd: Sticky write time offset miscalculation causes broken
  timestamps
+   * BUG 13037: lib/util: Only close the event_fd in tfork if the caller didn't
+ call tfork_event_fd().
 
 o  Volker Lendecke 
* BUG 13006: messaging: Avoid a socket leak after fork.
 
+o  Stefan Metzmacher 
+   * BUG 13018: charset: Fix str[n]casecmp_m() by comparing lower case values.
+
+o  Gary Lockyer 
+   * BUG 13037: util_runcmd: Free the fde in event handler.
+
 o  Amitay Isaacs 
* BUG 13012: ctdb-daemon: Fix implementation of process_exists control.
* BUG 13021: GET_DB_SEQNUM control can cause ctdb to deadlock when databases
  are frozen.
+   * BUG 13029: ctdb-daemon: Free up record data if a call request is deferred.
+   * BUG 13036: ctdb-client: Initialize ctdb_ltdb_header completely for empty
+ record.
+
+o  Christof Schmitt 
+   * BUG 13032: vfs_streams_xattr: Fix segfault when running with log level 10.
 
 
 CHANGES SINCE 4.7.0rc4


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-09-17 Thread Stefan Metzmacher 
The branch, v4-7-test has been updated
   via  d02af0b util_runcmd: Free the fde in event handler.
   via  21624ed lib/util: only close the event_fd in tfork if the caller 
didn't call tfork_event_fd()
   via  392d300 util/tfork: Write to the status pipe
   via  a401725 tests util/tfork: Tests for status and event fd
  from  9e8688a ctdb-client: Initialize ctdb_ltdb_header completely for 
empty record

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit d02af0b151affcd9c63ab1701f8025f4927437f9
Author: Gary Lockyer 
Date:   Fri Sep 8 14:03:25 2017 +1200

util_runcmd: Free the fde in event handler.

Free the fde in the event handler to prevent the event triggering again
While not strictly necessary in this case, this code serves as an
example of the usage of tfork.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13037

Signed-off-by: Gary Lockyer 
Reviewed-by: Andrew Bartlett 
Reviewed-by: Ralph Boehme 

Autobuild-User(master): Ralph Böhme 
Autobuild-Date(master): Sat Sep 16 23:50:27 CEST 2017 on sn-devel-144

(cherry picked from commit 563bbb9c24d1d0bcc64530a6635b8b82d1ebb24d)

Autobuild-User(v4-7-test): Stefan Metzmacher 
Autobuild-Date(v4-7-test): Sun Sep 17 13:56:23 CEST 2017 on sn-devel-144

commit 21624ed39eb0aecea65aee79df3f5b286001edd0
Author: Ralph Boehme 
Date:   Sat Sep 16 01:22:31 2017 -0700

lib/util: only close the event_fd in tfork if the caller didn't call 
tfork_event_fd()

Make closing of the event_fd the global responsibility of the
parent process if it called tfork_event_fd().

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13037

Signed-off-by: Ralph Boehme 
Reviewed-by: Gary Lockyer 
Reviewed-by: Stefan Metzmacher 
(cherry picked from commit 6c36ea0737ae12fc97e4a024588e6a3845caf329)

commit 392d300743f13fcb8cc3288440cec388584114da
Author: Gary Lockyer 
Date:   Mon Sep 11 10:25:49 2017 +1200

util/tfork: Write to the status pipe

The previous design relied on only calling close() of the status pipe.

We now write a single 0 byte to the status FD as well as closing it in the
parent process.  Both of these operations typically trigger a read
event on the other end of the FD, held in the waiter process (the child).

The child process blocks on the status FD, until it becomes readable.

However if there is a sibling process that was launched after the waiter
process they also will hold the status FD open and the status FD would,
until this change, never become readable to the waiter process (the child).

This caused the waiter process (child) not to exit and the parent process
to hang in tfork_status() while expecting the waitpid() to return.

That is, file descriptors are essentially global variables copied
to children in the process tree.  The last child that (unwittingly) holds
the file descriptor open is the one that needs to trigger the close() this
code previously depended on.

Without this change, there is no notification of process death until
all these unrelated children exit for their own reasons.

We can write up to 4K (PIPE_BUF) into this pipe before blocking,
but we only write one byte.  Additionally sys_write() refuses to block.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13037

Signed-off-by: Gary Lockyer 
Reviewed-by: Andrew Bartlett 
Reviewed-by: Ralph Boehme 
(cherry picked from commit f6a40ff2a1c133b6c30cf3ce29d7bb3ea005e3c8)

commit a4017255bfd4d63230ac14ece9d91c0f0d1d2175
Author: Gary Lockyer 
Date:   Mon Sep 11 14:48:21 2017 +1200

tests util/tfork: Tests for status and event fd

Add tests to ensure that:
- The event_fd becomes readable once the worker process has terminated
- That the event_fd is not closed by the tfork code.
  - If this is done in tevent code and the event fde has not been
freed, "Bad talloc magic value - " errors can result.
- That the status call does not block if the parent process launches
  more than one child process.
  - The status file descriptor for a child is passed to the
subsequent children.  These processes hold the FD open, so that
closing the fd does not make the read end go readable, and the
process calling status blocks.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13037

Signed-off-by: Gary Lockyer 
Reviewed-by: Andrew Bartlett 
Reviewed-by: Ralph Boehme

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-09-16 Thread Stefan Metzmacher 
The branch, v4-7-test has been updated
   via  9e8688a ctdb-client: Initialize ctdb_ltdb_header completely for 
empty record
   via  aea5af0 ctdb-daemon: Free up record data if a call request is 
deferred
   via  74bbce0 s3: vfs: catia: compression get/set must act only on base 
file, and must cope with fsp==NULL.
   via  d955230 s3: VFS: streams_xattr: Compression is only set/get on base 
filenames.
   via  8d52dd3 vfs_streams_xattr: Fix segfault when running with log level 
10
   via  5c36e9a schema: Rework dsdb_schema_set_indices_and_attributes() db 
operations
   via  db16b55 Install dcerpc/__init__.py for all Python environments
   via  11048d4 charset: fix str[n]casecmp_m() by comparing lower case 
values
   via  1630838 charset/tests: also tests the system str[n]casecmp()
   via  c6a4931 charset/tests: add more str[n]casecmp_m() tests to 
demonstrate the bug
   via  7e47230 charset/tests: assert the exact values of str[n]casecmp_m()
  from  adfca55 WHATSNEW: Prepare changes since 4.7.0rc5.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 9e8688a58f00393662ee482d408cfabed2fd4ea2
Author: Amitay Isaacs 
Date:   Mon Sep 11 14:05:17 2017 +1000

ctdb-client: Initialize ctdb_ltdb_header completely for empty record

ctdb_ltdb_fetch() only fills in relevant portion of ctdb_ltdb_header
if the record does not exist.  This can result in uninitialized writes
to ctdb_rec_buffer.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13036

Signed-off-by: Amitay Isaacs 
Reviewed-by: Martin Schwenke 
(cherry picked from commit a878171cb432673f635a75cce0b72c92bb0d3ec7)

Autobuild-User(v4-7-test): Stefan Metzmacher 
Autobuild-Date(v4-7-test): Sat Sep 16 13:34:33 CEST 2017 on sn-devel-144

commit aea5af075f33b85090125da0e197b21844d42737
Author: Amitay Isaacs 
Date:   Mon Sep 11 15:59:19 2017 +1000

ctdb-daemon: Free up record data if a call request is deferred

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13029

If a call request for a key (migration request) is in flight, then all
the subsequent call requests for the same key are deferred.  In that case,
the data corresponding to key read from the local tdb is useless and there
is no need to keep it around.  Once the deferred call is reprocessed,
the data corresponding to that key will be fetched again.

Signed-off-by: Amitay Isaacs 
Reviewed-by: Martin Schwenke 
(cherry picked from commit 77c17b03cfc4734142fd86ba3cdd9663e75f34e3)

commit 74bbce04e93eba09c7b63b6cf4df3b3aeb2cdb90
Author: Jeremy Allison 
Date:   Fri Sep 8 15:28:39 2017 -0700

s3: vfs: catia: compression get/set must act only on base file, and must 
cope with fsp==NULL.

Correctly do filename conversion.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13003

Signed-off-by: Jeremy Allison 
Reviewed-by: Ralph Boehme 

Autobuild-User(master): Ralph Böhme 
Autobuild-Date(master): Tue Sep 12 10:50:57 CEST 2017 on sn-devel-144

(cherry picked from commit 3ff1b83ab7cb3a6ab94b87d0bf73857b731c869d)

commit d95523041bb5ccb94df8cd8353133881ddb6590c
Author: Jeremy Allison 
Date:   Fri Sep 8 15:27:37 2017 -0700

s3: VFS: streams_xattr: Compression is only set/get on base filenames.

Can be ignored (pass-through) in streams_xattr VFS module.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13003

Signed-off-by: Jeremy Allison 
Reviewed-by: Ralph Boehme 
(cherry picked from commit 1a7c0f77e2203aa674eb8b06fe3220868f11)

commit 8d52dd377bddd1bd705cf8ac58471d57aee721d5
Author: Christof Schmitt 
Date:   Wed Sep 13 16:23:53 2017 -0700

vfs_streams_xattr: Fix segfault when running with log level 10

This happens when vfs_streams_xattr is loaded, log level is set to 10
and the default stream of a file or directory is accessed. In that case
streams_xattr_open does not allocate the stream_io fsp extension. The
DBG_DEBUG message in streams_xattr_fstat tries to access the stream_io
before checking for a NULL value, resulting in the crash. Fix this by
moving the debug message after the check for a NULL pointer.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13032

Signed-off-by: Christof Schmitt 
Reviewed-by: Ralph Boehme 

Autobuild-User(master): Ralph Böhme 
Autobuild-Date(master): Thu Sep 14 10:58:12 CEST 2017 on sn-devel-144

(cherry picked from commit 1b6aa39fac0825b1f25fd62a6c67994b5c491170)

commit

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-09-14 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  adfca55 WHATSNEW: Prepare changes since 4.7.0rc5.
   via  81f31fd libcli: SMB2: NetApps negotiate SMB3_11 but also set the 
SMB2_CAP_ENCRYPTION flag.
   via  668cc39 python: Allow debug classes to be specified on the command 
line for python tools
   via  c7f3f20 librpc/dceprc_util.c: Move debug message to DBG_DEBUG()
   via  2f2edad libcli/security: Move debug message to DBG_DEBUG()
   via  f6cadd5 dsdb: Add missing 
 to debug
   via  66de4c1 drs repl: Only print raw DRS replication traffic at level 9
   via  5977227 debug: Add new debug class "drs_repl" for DRS replication 
processing
   via  8fbaf15 repl_meta_data: Re-work printing of replicated entries
   via  2ea6beb linked_attributes: Use ldb_ldif_message_redacted_string() 
for consistency
   via  11568c8 repl_meta_data: Use ldb_ldif_message_redacted_string() to 
avoid printing secrets in logs
   via  dab3dea ldb: version 1.2.2
   via  256f485 ldb: Add new ldb_ldif_message_redacted_string() with tests
   via  0806c9c ldb_tdb: Refuse to re-index very old database with no DN in 
the record
   via  8f603e7 ldb_tdb: Use braces in ltdb_dn_list_find_val()
   via  504d3df ldb_tdb: Check for talloc_strdup() failure in 
ltdb_index_add1()
   via  285efde ldb_tdb: Check for errors during tdb operations in 
ltdb_reindex()
   via  5311eb4 ldb_tdb: Use memcmp rather than strncmp() in 
ltdb_key_is_record(), re_key() and re_index()
   via  0c87159 ldb_tdb: Create a common ltdb_key_is_record() allowing 
multiple key forms
   via  e703680 ldb_tdb: Do not trigger the unique index check during a 
re-index, use another pass
   via  7db6c56 ldb_tdb: Use memcmp() to compare TDB keys in re_index()
   via  1a2d909 ldb: Add tests for indexed and unindexed search expressions
   via  e517bc4 ldb: Fix tests to call the parent tearDown(), not setUp in 
tearDown
   via  b6fd54b ldb_tdb: Rework ltdb_modify_internal() to use 
ltdb_search_dn1() internally
   via  98a803f ldb: Add LDB_UNPACK_DATA_FLAG_NO_ATTRS
  from  eabed4d ctdb-daemon: GET_DB_SEQNUM should read database 
conditionally

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit adfca554850ca2078dce79f26699308db799c85a
Author: Karolin Seeger 
Date:   Thu Sep 14 06:45:45 2017 -0700

WHATSNEW: Prepare changes since 4.7.0rc5.

Signed-off-by: Karolin Seeger 

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Thu Sep 14 22:01:27 CEST 2017 on sn-devel-144

commit 81f31fd50901a91fcce2024f3616f3543d4e4504
Author: Jeremy Allison 
Date:   Mon Sep 11 16:36:47 2017 -0700

libcli: SMB2: NetApps negotiate SMB3_11 but also set the 
SMB2_CAP_ENCRYPTION flag.

This is a SHOULD not, not a MUST not.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13009

Signed-off-by: Jeremy Allison 
Reviewed-by: Steve French 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Thu Sep 14 14:48:20 CEST 2017 on sn-devel-144

(cherry picked from commit f0a90a1287a8f4c4114919a32afaff52e3c69a9b)

commit 668cc39e320aeb30641580a1fcab39c108bd9c26
Author: Andrew Bartlett 
Date:   Thu Sep 7 11:26:04 2017 +1200

python: Allow debug classes to be specified on the command line for python 
tools

Signed-off-by: Andrew Bartlett 
Reviewed-by: Douglas Bagnall 

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13017

Autobuild-User(master): Andrew Bartlett 
Autobuild-Date(master): Thu Sep  7 10:43:33 CEST 2017 on sn-devel-144

(cherry picked from commit c938f61d332de0323cb135b201367f90f08d76a8)

commit c7f3f20590971d2777b81302484e32b595d109d5
Author: Andrew Bartlett 
Date:   Thu Sep 7 11:20:27 2017 +1200

librpc/dceprc_util.c: Move debug message to DBG_DEBUG()

This message shows up a lot (every packet) at level 6 for the succesful case

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13017

Signed-off-by: Andrew Bartlett 
Reviewed-by: Douglas Bagnall 
(cherry picked from commit cbb3dcf2c67dd6ddbb419fff04112e3c345c2108)

commit 2f2edada445e32a41c8f3c861261dff114f3f2d3
Author: Andrew Bartlett 
Date:   Thu Sep 7 11:19:01 2017 +1200

libcli/security: Move debug message to DBG_DEBUG()

This message shows up a lot at level 6 for no particularly good reason

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13017

Signed-off-by: Andrew Bartlett 
Reviewed-by: Douglas Bagnall

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-09-13 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  eabed4d ctdb-daemon: GET_DB_SEQNUM should read database 
conditionally
   via  8c22449 ctdb-daemon: Add a function to check if db access is allowed
   via  a472eb9 ctdb-tests: Fix ctdb test binary name in path testing
   via  17410dc ctdb-tests: Wait up to 30 seconds for process to be 
registered in ctdbd
   via  c4599cc ctdb-tests: Fix ctdb process-exist tests
   via  104f9ca ctdb-tests: Add a dummy ctdb client for testing
   via  551a778 ctdb-tests: Fix the implementation of process-exists in 
fake daemon
   via  3afa1b4 ctdb-daemon: Fix implementation of process_exists control
  from  024c1b7 s3/smbd: sticky write time offset miscalculation causes 
broken timestamps

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit eabed4d055487a6607b4b2169d88c57bf3cb8783
Author: Amitay Isaacs 
Date:   Thu Sep 7 17:21:03 2017 +1000

ctdb-daemon: GET_DB_SEQNUM should read database conditionally

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13021

Once the recovery starts and databases are frozen, then all the record
access is postponed till the recovery is complete except reading the
database sequence number.  Database access for reading sequence number
is done via a control which does not check if the databases are frozen
or not.

If the database is frozen and if the freeze transaction is not started
(this can happen when a node is inactive, or during recovery when the
database is frozen but the transaction has not yet started), then trying
to read sequence number will cause ctdb daemon to deadlock.

Before reading the sequence number, check if the database access is
allowed.

Signed-off-by: Amitay Isaacs 
Reviewed-by: Martin Schwenke 
(cherry picked from commit f57d379446c551bca5906247c622e857c77089b0)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Wed Sep 13 19:52:24 CEST 2017 on sn-devel-144

commit 8c22449d65d0aac09f245b05a987361fea0c4850
Author: Amitay Isaacs 
Date:   Thu Sep 7 17:18:18 2017 +1000

ctdb-daemon: Add a function to check if db access is allowed

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13021

Signed-off-by: Amitay Isaacs 
Reviewed-by: Martin Schwenke 
(cherry picked from commit 5d2f2677de65a0fd6683bb759d80ebced604fa6b)

commit a472eb9eeaa966ccf4f326c938116df40b8363c3
Author: Amitay Isaacs 
Date:   Tue Sep 5 13:52:47 2017 +1000

ctdb-tests: Fix ctdb test binary name in path testing

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13012

Signed-off-by: Amitay Isaacs 
Reviewed-by: Martin Schwenke 
(cherry picked from commit 96aef2371c6c1e0c6bd13874a71583eb9609959b)

commit 17410dcdd1e34bd645bcc0959049143180650f7a
Author: Martin Schwenke 
Date:   Tue Sep 12 11:51:19 2017 +1000

ctdb-tests: Wait up to 30 seconds for process to be registered in ctdbd

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13012

This avoids a potential race where the client is not properly
registered before "ctdb process-exists" is called.

Signed-off-by: Martin Schwenke 
Reviewed-by: Amitay Isaacs 
(cherry picked from commit ff75f0836aef56476ec45a3bc8f3ca22c118e3a4)

commit c4599ccbad940aa98af7b557c556fb5a1394c3c1
Author: Amitay Isaacs 
Date:   Fri Aug 25 16:55:34 2017 +1000

ctdb-tests: Fix ctdb process-exist tests

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13012

Signed-off-by: Amitay Isaacs 
Reviewed-by: Martin Schwenke 

Autobuild-User(master): Amitay Isaacs 
Autobuild-Date(master): Sat Sep  9 14:44:57 CEST 2017 on sn-devel-144

(cherry picked from commit 87f7d32a906799e83cb9b023978e689a630de017)

commit 104f9cacc2aa9d403fda57024bf806ccfba5347a
Author: Amitay Isaacs 
Date:   Wed Aug 30 13:05:32 2017 +1000

ctdb-tests: Add a dummy ctdb client for testing

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13012

Signed-off-by: Amitay Isaacs 
Reviewed-by: Martin Schwenke 
(cherry picked from commit 3067db5b50162fdae288aaad8e75beb924fc9494)

commit 551a778015683cbffe0fd66e43c4d2dfbd42f0c7
Author: Amitay Isaacs 
Date:   Fri Aug 25 16:54:47 2017 +1000

ctdb-tests: Fix the implementation of process-exists in fake daemon

Keep track of clients and their pids.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13012

Signed-off-by: Amitay Isaacs

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-09-12 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  024c1b7 s3/smbd: sticky write time offset miscalculation causes 
broken timestamps
  from  4e64d1f WHATSNEW: Unify usage of "''".

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 024c1b725eb174b61cb4fb1e211a4539d8c4c997
Author: Ralph Boehme 
Date:   Fri Sep 8 12:19:03 2017 +0200

s3/smbd: sticky write time offset miscalculation causes broken timestamps

The offset calculation for the offset that got passed to
fetch_write_time_send() in the enumeration loop was wrong as it passed
the offset before smbd_dirptr_lanman2_entry() added required padding.

This resulted in broken timestamps in the find response.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13024

Signed-off-by: Ralph Boehme 
Reviewed-by: Jeremy Allison 

Autobuild-User(master): Ralph Böhme 
Autobuild-Date(master): Tue Sep 12 02:45:46 CEST 2017 on sn-devel-144

(cherry picked from commit 7e0b2af4c0c429a3d347ace7b2f75cfeecea6d1f)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Tue Sep 12 23:59:14 CEST 2017 on sn-devel-144

---

Summary of changes:
 source3/smbd/smb2_query_directory.c | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/smb2_query_directory.c 
b/source3/smbd/smb2_query_directory.c
index 3e0abdf..430fdca 100644
--- a/source3/smbd/smb2_query_directory.c
+++ b/source3/smbd/smb2_query_directory.c
@@ -501,7 +501,6 @@ static struct tevent_req 
*smbd_smb2_query_directory_send(TALLOC_CTX *mem_ctx,
while (true) {
bool got_exact_match = false;
int space_remaining = in_output_buffer_length - off;
-   int cur_off = off;
struct file_id file_id;
bool stop = false;
 
@@ -556,7 +555,7 @@ static struct tevent_req 
*smbd_smb2_query_directory_send(TALLOC_CTX *mem_ctx,
   conn,
   file_id,
   info_level,
-  base_data + cur_off,
+  base_data + 
last_entry_off,
   );
if (tevent_req_nomem(subreq, req)) {
return tevent_req_post(req, ev);


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-09-10 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  4e64d1f WHATSNEW: Unify usage of "''".
   via  9651f4a WHATSNEW: Add Using x86_64 Accelerated AES Crypto 
Instructions section.
   via  a1aa3f4 lib: crypto: Add the ability to select Intel AESNI 
instruction set at configure time.
   via  9d193a9 lib: crypto: Plumb in the Intel AES instructions.
   via  8e2afc8 lib: crypt: Prepare the existing code to switch to Intel 
AES hardware instructions.
   via  ed459e2 third_party: Add build capability to aesni-intel.
   via  add95df third_party: Add the Intel Add support for AES-NI 
acceleration.
   via  36aa4af messaging: Avoid a socket leak after fork
  from  f08b212 pthreadpool: Test fork with an active thread

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 4e64d1fb31196e1e326f097b9e98362bc203f9bc
Author: Karolin Seeger 
Date:   Sun Sep 10 16:02:24 2017 +0200

WHATSNEW: Unify usage of "''".

Signed-off-by: Karolin Seeger 

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Mon Sep 11 05:30:28 CEST 2017 on sn-devel-144

commit 9651f4a50273efb05146bde929944d82526da124
Author: Jeremy Allison 
Date:   Wed Sep 6 12:13:32 2017 -0700

WHATSNEW: Add Using x86_64 Accelerated AES Crypto Instructions section.

Describes --accel-aes configure time option.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13008

Signed-off-by: Jeremy Allison 
Reviewed-by: Stefan Metzmacher 
(cherry picked from commit c754f48575a5034242594762d62261a48025cebc)

commit a1aa3f49bf348e2c9bbfd23a04b973b2b1e03c6b
Author: Jeremy Allison 
Date:   Wed Sep 6 11:59:44 2017 -0700

lib: crypto: Add the ability to select Intel AESNI instruction set at 
configure time.

Add --accel-aes=[none|intelaesni] to select.
Default is none.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13008

Signed-off-by: Jeremy Allison 
Reviewed-by: Stefan Metzmacher 
(cherry picked from commit 5f87a05aa314776135eec1057dd644c0b25a9d14)

commit 9d193a942fdbcab135e40d06422eab640d33d00b
Author: Jeremy Allison 
Date:   Wed Sep 6 11:40:02 2017 -0700

lib: crypto: Plumb in the Intel AES instructions.

Causes:

AES_set_encrypt_key()
AES_set_decrypt_key()
AES_encrypt()
AES_decrypt()

to probe for the Intel AES instructions at runtime (only once)
and then call the hardware implementations if so, otherwise
fall back to the software implementations.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13008

Based on original work by Justin Maggard 

Signed-off-by: Jeremy Allison 
Reviewed-by: Stefan Metzmacher 
(cherry picked from commit 53ac0f7c59a9192e4fa88bf3d257ad80379ded23)

commit 8e2afc83b012bf1caa662a03c4cff28d9f0259a6
Author: Jeremy Allison 
Date:   Thu Aug 31 11:41:32 2017 -0700

lib: crypt: Prepare the existing code to switch to Intel AES hardware 
instructions.

Rename the old struct aes_key as an intermediate struct aes_key_rj
and wrap it in a union so we can chose an alternate aes_key struct
when using Intel AES hardware.

Rename the original software implementations of:

 AES_set_encrypt_key()
 AES_set_decrypt_key()
 AES_encrypt()
 AES_decrypt()

by adding an _rj on the end, and call them via a wrapper
function.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13008

Based on original work by Justin Maggard 

Signed-off-by: Jeremy Allison 
Reviewed-by: Stefan Metzmacher 
(cherry picked from commit 3324b55bde96d4098df2f1138be5fd243206ceba)

commit ed459e272cf4b8b04555eb2bb363d9aa5f84d011
Author: Jeremy Allison 
Date:   Wed Sep 6 09:58:06 2017 -0700

third_party: Add build capability to aesni-intel.

Minor modifications to code to allow building as a Samba
shared library.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13008

Based on original work by Justin Maggard 

Signed-off-by: Jeremy Allison 
Reviewed-by: Stefan Metzmacher 
(cherry picked from commit 11a56768950e1caae302507e15e58eb1c316c30a)

commit add95df6e4720a0416e079d6dfa8df608c041efc
Author: Jeremy Allison 
Date:   Wed Sep 6 09:44:42 2017 -0700

third_party: Add the Intel Add support for AES-NI acceleration.

This commit takes the Linux kernel AES-NI code, and puts it into a
third_party private library. The Linux kernel code is under GPLv2+
so is compatible with

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-09-08 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  f08b212 pthreadpool: Test fork with an active thread
   via  efcd9ee pthreadpool: Fix fork behaviour
  from  4cc6517 WHATSNEW: We generate SHA265 certificates now

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit f08b212c5cfbd42410b6114df2c75c8b68b6e9bc
Author: Volker Lendecke 
Date:   Tue Aug 29 21:57:54 2017 +0200

pthreadpool: Test fork with an active thread

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13006
Signed-off-by: Volker Lendecke 
Reviewed-by: Jeremy Allison 
Reviewed-by: Stefan Metzmacher 

Autobuild-User(master): Volker Lendecke 
Autobuild-Date(master): Thu Aug 31 21:34:57 CEST 2017 on sn-devel-144

(cherry picked from commit 981e674a7472017274c9b169c776d5c5e8bd1469)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Sat Sep  9 01:44:12 CEST 2017 on sn-devel-144

commit efcd9eed9882a98e9ecd80ba773138f705d228f6
Author: Volker Lendecke 
Date:   Mon Aug 28 16:38:19 2017 +0200

pthreadpool: Fix fork behaviour

glibc's pthread_cond_wait(, ) increments m.__data.__nusers, making
pthread_mutex_destroy return EBUSY. Thus we can't allow any thread waiting 
for
a job across a fork. Also, the state of the condvar itself is unclear 
across a
fork. Right now to me it looks like an initialized but unused condvar can be
used in the child. Busy worker threads don't cause any trouble here, they 
don't
hold mutexes or condvars. Also, they can't reach the condvar because 
_prepare
holds all mutexes.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13006
Signed-off-by: Volker Lendecke 
Reviewed-by: Jeremy Allison 
Reviewed-by: Stefan Metzmacher 
(cherry picked from commit ff98e3fb666b57b56a1427aa1196948ceebdec66)

---

Summary of changes:
 lib/pthreadpool/pthreadpool.c |  67 -
 lib/pthreadpool/tests.c   | 114 ++
 2 files changed, 179 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/pthreadpool/pthreadpool.c b/lib/pthreadpool/pthreadpool.c
index f97cdcc..23885aa 100644
--- a/lib/pthreadpool/pthreadpool.c
+++ b/lib/pthreadpool/pthreadpool.c
@@ -89,6 +89,13 @@ struct pthreadpool {
 * Number of idle threads
 */
int num_idle;
+
+   /*
+* Condition variable indicating that we should quickly go
+* away making way for fork() without anybody waiting on
+* pool->condvar.
+*/
+   pthread_cond_t *prefork_cond;
 };
 
 static pthread_mutex_t pthreadpools_mutex = PTHREAD_MUTEX_INITIALIZER;
@@ -148,6 +155,7 @@ int pthreadpool_init(unsigned max_threads, struct 
pthreadpool **presult,
pool->num_threads = 0;
pool->max_threads = max_threads;
pool->num_idle = 0;
+   pool->prefork_cond = NULL;
 
ret = pthread_mutex_lock(_mutex);
if (ret != 0) {
@@ -169,6 +177,47 @@ int pthreadpool_init(unsigned max_threads, struct 
pthreadpool **presult,
return 0;
 }
 
+static void pthreadpool_prepare_pool(struct pthreadpool *pool)
+{
+   pthread_cond_t prefork_cond = PTHREAD_COND_INITIALIZER;
+   int ret;
+
+   ret = pthread_mutex_lock(>mutex);
+   assert(ret == 0);
+
+   while (pool->num_idle != 0) {
+   /*
+* Exit all idle threads, which are all blocked in
+* pool->condvar. In the child we can destroy the
+* pool, which would result in undefined behaviour in
+* the pthread_cond_destroy(pool->condvar). glibc just
+* blocks here.
+*/
+   pool->prefork_cond = _cond;
+
+   ret = pthread_cond_signal(>condvar);
+   assert(ret == 0);
+
+   ret = pthread_cond_wait(_cond, >mutex);
+   assert(ret == 0);
+
+   pool->prefork_cond = NULL;
+   }
+
+   ret = pthread_cond_destroy(_cond);
+   assert(ret == 0);
+
+   /*
+* Probably it's well-defined somewhere: What happens to
+* condvars after a fork? The rationale of pthread_atfork only
+* writes about mutexes. So better be safe than sorry and
+* destroy/reinit pool->condvar across a fork.
+*/
+
+   ret = pthread_cond_destroy(>condvar);
+   assert(ret == 0);
+}
+
 static void pthreadpool_prepare(void)
 {
int ret;
@@ -180,8 +229,7 @@ static void pthreadpool_prepare(void)
pool = pthreadpools;
 
while (pool != NULL) {
-   ret = pthread_mutex_lock(>mutex);
-   assert(ret == 0);
+

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-09-06 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  4cc6517 WHATSNEW: We generate SHA265 certificates now
   via  2ab073a WHATSNEW: warn against using the RODC on older Samba 
versions
   via  4dfa810 WHATSNEW: explain that we may use much more RAM and SWAP 
with multi-process LDAP
   via  d6a9f6b WHATSNEW: fix spelling
  from  eb299c6 s4-drsuapi: Avoid segfault when replicating as a non-admin 
with GUID_DRS_GET_CHANGES

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 4cc6517a170f075a14375d64c56d7690c93a1e29
Author: Andrew Bartlett 
Date:   Mon Aug 28 21:37:16 2017 +1200

WHATSNEW: We generate SHA265 certificates now

Signed-off-by: Andrew Bartlett 

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Wed Sep  6 14:21:15 CEST 2017 on sn-devel-144

commit 2ab073a1ab9fa76337ca01e7dbc050795ec439ce
Author: Andrew Bartlett 
Date:   Mon Aug 28 21:36:14 2017 +1200

WHATSNEW: warn against using the RODC on older Samba versions

Signed-off-by: Andrew Bartlett 

commit 4dfa810ed569406387bbb4abd636ab3c7543c8f9
Author: Andrew Bartlett 
Date:   Mon Aug 28 21:35:56 2017 +1200

WHATSNEW: explain that we may use much more RAM and SWAP with multi-process 
LDAP

Signed-off-by: Andrew Bartlett 

commit d6a9f6be321f7f2489df934dc57362f09b5f3863
Author: Andrew Bartlett 
Date:   Mon Aug 28 21:35:34 2017 +1200

WHATSNEW: fix spelling

Signed-off-by: Andrew Bartlett 

---

Summary of changes:
 WHATSNEW.txt | 22 --
 1 file changed, 20 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index c58c297..8ba321f 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -53,7 +53,7 @@ Whole DB read locks: Improved LDAP and replication consistency
 --
 
 Prior to Samba 4.7 and ldb 1.2.0, the LDB database layer used by Samba
-erronously did not take whole-DB read locks to protect search
+erroneously did not take whole-DB read locks to protect search
 and DRS replication operations.
 
 While each object returned remained subject to a record-level lock (so
@@ -150,7 +150,8 @@ the rest of the 'samba' process, rather than being forced 
into a single
 process.  This aids in Samba's ability to scale to larger numbers of AD
 clients and the AD DC's overall resiliency, but will mean that there is a
 fork()ed child for every LDAP client, which may be more resource
-intensive in some situations.
+intensive in some situations.  If you run Samba in a
+resource-constrained VM, consider allocating more RAM and swap space.
 
 Improved Read-Only Domain Controller (RODC) Support
 ---
@@ -172,6 +173,14 @@ The reliability of RODCs locating a writable partner still 
requires some
 improvements and so the 'password server' configuration option is generally
 recommended on the RODC.
 
+Samba 4.7 is the first Samba release to be secure as an RODC or when
+hosting an RODC.  If you have been using earlier Samba versions to
+host or be an RODC, please upgrade.
+
+In particular see https://bugzilla.samba.org/show_bug.cgi?id=12977 for
+details on the security implications for password disclosure to an
+RODC using earlier versions.
+
 Additional password hashes stored in supplementalCredentials
 
 
@@ -247,6 +256,15 @@ the talloc_autofree_context() (which is inherently 
thread-unsafe)
 and still be valgrind-clean on exit. Modules that don't need to
 free long-lived data on exit should use the NULL talloc context.
 
+SHA256 LDAPS Certificates
+-
+
+The self-signed certificate generated for use on LDAPS will now be
+generated with a SHA256 self-signature, not a SHA1 self-signature.
+
+Replacing this certificate with a certificate signed by a trusted
+CA is still highly recommended.
+
 CTDB changes
 
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-08-31 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  eb299c6 s4-drsuapi: Avoid segfault when replicating as a non-admin 
with GUID_DRS_GET_CHANGES
   via  7364965 tests/fake_snap: sanitize paths
  from  8619bd1 VERSION: Bump version up to 4.7.0rc6...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit eb299c63f15c42bf65393f26cf3c7ab6b05470fd
Author: Andrew Bartlett 
Date:   Fri Aug 4 11:44:19 2017 +1200

s4-drsuapi: Avoid segfault when replicating as a non-admin with 
GUID_DRS_GET_CHANGES

Users who are not administrator do not get b_state->sam_ctx_system filled 
in.

We should probably use the 'sam_ctx' variable in all cases (instead of
b_state->sam_ctx*), but I'll make this change in a separate patch, so
that the bug fix remains independent from other tidy-ups.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12946

Signed-off-by: Andrew Bartlett 
Signed-off-by: Tim Beale 
Reviewed-by: Garming Sam 
(cherry picked from commit dd863b604984c1504895f376ec64f58e27e53efa)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Thu Aug 31 14:02:51 CEST 2017 on sn-devel-144

commit 7364965ac09b799a25f95ab475819b389dcad174
Author: David Disseldorp via samba-technical 
Date:   Sat Aug 26 23:40:37 2017 +0200

tests/fake_snap: sanitize paths

Ensure fake_snap.pl can be run in taint mode (-T), by sanitizing paths
and the PATH env. This fixes the following samba3.rpc.fsrvp selftest
failures:
Insecure dependency in mkdir while running setgid at (eval 2) line 4.
snap create failed: NT_STATUS_UNSUCCESSFUL
snap create failed for shadow copy of /home/ddiss/isms/samba/st/nt4_dc/share

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12988

Signed-off-by: David Disseldorp 
Reviewed-by: Jeremy Allison 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Tue Aug 29 04:54:51 CEST 2017 on sn-devel-144

(cherry picked from commit f9d4158f0b002b482df0a919d4cb337cce81f9f8)

---

Summary of changes:
 source3/script/tests/fake_snap.pl  |  19 -
 source4/rpc_server/drsuapi/getncchanges.c  |   2 +-
 source4/selftest/tests.py  |   5 ++
 source4/torture/drs/python/getnc_unpriv.py | 116 +
 4 files changed, 138 insertions(+), 4 deletions(-)
 create mode 100644 source4/torture/drs/python/getnc_unpriv.py


Changeset truncated at 500 lines:

diff --git a/source3/script/tests/fake_snap.pl 
b/source3/script/tests/fake_snap.pl
index d1233f3..18bbcb7 100755
--- a/source3/script/tests/fake_snap.pl
+++ b/source3/script/tests/fake_snap.pl
@@ -5,14 +5,25 @@ use strict;
 use File::Path qw(rmtree);
 use POSIX ();
 
+sub _untaint_path
+{
+   my ($path) = @_;
+
+   if ($path =~ /^(.*)$/) {
+   return $1;
+   }
+   die "bad path";
+}
+
 sub _create_snapshot
 {
-   my ($base_path) = @_;
+   my ($base_path) = _untaint_path(shift);
my $time_str = POSIX::strftime("%Y.%m.%d-%H.%M.%S" , localtime());
my $snap_path = $base_path . "/.snapshots/\@GMT-" . $time_str;
my $ret;
 
-   POSIX::mkdir($base_path . "/.snapshots", 0777);
+   $ENV{'PATH'} = '/bin:/usr/bin'; # untaint PATH
+   POSIX::mkdir($base_path . "/.snapshots", 0755);
 
# add trailing slash to src path to ensure that only contents is copied
$ret = system("rsync", "-a", "--exclude=.snapshots/", "${base_path}/",
@@ -28,7 +39,8 @@ sub _create_snapshot
 
 sub _delete_snapshot
 {
-   my ($base_path, $snap_path) = @_;
+   my $base_path = _untaint_path(shift);
+   my $snap_path = _untaint_path(shift);
 
# we're doing a recursive delete, so do some sanity checks
if ((index($snap_path, $base_path) != 0) || (index($snap_path, 
".snapshots") == -1)) {
@@ -36,6 +48,7 @@ sub _delete_snapshot
return -1;
}
 
+   $ENV{'PATH'} = '/bin:/usr/bin'; # untaint PATH
rmtree($snap_path, {error => \my $err});
if (@$err) {
for my $diag (@$err) {
diff --git a/source4/rpc_server/drsuapi/getncchanges.c 
b/source4/rpc_server/drsuapi/getncchanges.c
index da294a6..32580bd 100644
--- a/source4/rpc_server/drsuapi/getncchanges.c
+++ b/source4/rpc_server/drsuapi/getncchanges.c
@@ -2250,7 +2250,7 @@ allowed:
return WERR_NOT_ENOUGH_MEMORY;
}
 
-   ret = dsdb_find_guid_by_dn(b_state->sam_ctx_system,
+   ret = dsdb_find_guid_by_dn(b_state->sam_ctx,
   getnc_state->ncRoot_dn,

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-08-28 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  8619bd1 VERSION: Bump version up to 4.7.0rc6...
   via  7d8e33c VERSION: Disable GIT_SNAPSHOTS for the 4.7.0rc5 release.
   via  74baf7d WHATSNEW: Add release notes for Samba 4.7.0rc5.
  from  52d8cc3 s4:torture: The teardown function should just return

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 8619bd1036b26e2da655257a144ac6a3612d1b22
Author: Karolin Seeger 
Date:   Tue Aug 29 06:10:50 2017 +0200

VERSION: Bump version up to 4.7.0rc6...

and re-enable GIT_SNAPSHOTS.

Signed-off-by: Karolin Seeger 

commit 7d8e33c2adb2ee77e9ed66ae8364cf58a5d6c7f8
Author: Karolin Seeger 
Date:   Tue Aug 29 06:10:06 2017 +0200

VERSION: Disable GIT_SNAPSHOTS for the 4.7.0rc5 release.

Signed-off-by: Karolin Seeger 

commit 74baf7d0544154023759fb28bf819791ae17540f
Author: Karolin Seeger 
Date:   Tue Aug 29 06:09:24 2017 +0200

WHATSNEW: Add release notes for Samba 4.7.0rc5.

Signed-off-by: Karolin Seeger 

---

Summary of changes:
 VERSION  |  2 +-
 WHATSNEW.txt | 42 +-
 2 files changed, 42 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index 41c3271..b880ed7 100644
--- a/VERSION
+++ b/VERSION
@@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE=
 # e.g. SAMBA_VERSION_RC_RELEASE=1  #
 #  ->  "3.0.0rc1"  #
 
-SAMBA_VERSION_RC_RELEASE=5
+SAMBA_VERSION_RC_RELEASE=6
 
 
 # To mark SVN snapshots this should be set to 'yes'#
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index de74a99..c58c297 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,7 +1,7 @@
 Release Announcements
 =
 
-This is the fourth release candidate of Samba 4.7.  This is *not*
+This is the fifth release candidate of Samba 4.7.  This is *not*
 intended for production environments and is designed for testing
 purposes only.  Please report any defects via the Samba bug reporting
 system at https://bugzilla.samba.org/.
@@ -334,6 +334,46 @@ KNOWN ISSUES
 
https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.7#Release_blocking_bugs
 
 
+CHANGES SINCE 4.7.0rc4
+==
+
+o  Andrew Bartlett 
+   * BUG 12929: smb.conf: Explain that "ntlm auth" is a per-passdb setting.
+   * BUG 12953: s4/lib/tls: Use SHA256 to sign the TLS certificates.
+
+o  Jeremy Allison 
+   * BUG 12932: Get rid of talloc_autofree_context().
+
+o  Amitay Isaacs 
+   * BUG 12978: After restarting CTDB, it attaches replicated databases with
+ wrong flags.
+
+o  Stefan Metzmacher 
+   * BUG 12863: s3:smbclient: Don't try any workgroup listing with
+ "client min protocol = SMB2".
+   * BUG 12876: s3:libsmb: Don't call cli_NetServerEnum() on SMB2/3 connections
+ in SMBC_opendir_ctx().
+   * BUG 12881: s3:libsmb: Let do_connect() debug the negotiation result
+ similar to "session request ok".
+   * BUG 12919: s4:http/gensec: add missing tevent_req_done() to
+ gensec_http_ntlm_update_done().
+   * BUG 12968: Fix 'smbclient tarmode' with SMB2/3.
+   * BUG 12973: 'smbd': Don't use a lot of CPU on startup of a connection.
+
+o  Christof Schmitt 
+   * BUG 12983: vfs_default: Fix passing of errno from async calls.
+
+o  Andreas Schneider 
+   * BUG 12629: s3:utils: Do not report an invalid range for AD DC role.
+   * BUG 12704: s3:libsmb: Let get_ipc_connect() use
+ CLI_FULL_CONNECTION_FORCE_SMB1.
+   * BUG 12930: Fix build issues with GCC 7.1.
+   * BUG 12950: s3:script: Untaint user supplied data in modprinter.pl.
+   * BUG 12956: s3:libads: Fix changing passwords with Kerberos.
+   * BUG 12975: Fix changing the password with 'smbpasswd' as a local user on
+ a domain member.
+
+
 CHANGES SINCE 4.7.0rc3
 ==
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-08-28 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  52d8cc3 s4:torture: The teardown function should just return
   via  5b41f24 s4:torture: Delete printer before we remove the driver
   via  4ed0884 s4:torture: Use a different driver name for add_driver tests
   via  63945e1 [PATCH] WHATSNEW: Added links to Wiki documentation
   via  bec5eb1 vfs_default: Fix passing of errno from async calls
   via  9ca3ad4 ctdb-client: Fix ctdb_attach() to use database flags
   via  b787635 ctdb-client: Optionally return database id from 
ctdb_ctrl_createdb()
   via  da1aad0 ctdb-client: Fix ctdb_ctrl_createdb() to use database flags
   via  29270b0 ctdb-tests: Add a test to check databases are attached with 
correct flags
   via  8fb3c3c ctdb-tests: Add functions to start/stop/restart a single 
local daemon
   via  9774290 ctdb-tests: Add functions to start/stop/restart ctdb on 
single node
   via  5568b2d s3:utils: Remove pointless if-clause for remote_machine
   via  c308ad1 s3:utils: Make sure we authenticate against our SAM name in 
smbpasswd
   via  2fcedfb s3:utils: Pass domain to password_change() in smbpasswd
   via  0714ae6 s3:utils: Make strings const passed to password_change() in 
smbpasswd
   via  a53ed1e s3:libsmb: Move prototye of remote_password_change()
   via  34137a1 s3:libsmb: Pass domain to remote_password_change()
   via  c9eed50 s3:gse_krb5: make use of precalculated krb5 keys in 
fill_mem_keytab_from_secrets()
   via  069dd3e s3:secrets: allow secrets_fetch_or_upgrade_domain_info() on 
an AD DC
   via  173ea78 libcli/smb: debug an error if smb1cli_req_writev_submit() 
is called for SMB2/3
   via  f35dab5 s3: libsmb: Add cli_smb2_chkpath() and use from 
cli_chkpath().
   via  639ec48 blackbox: Add test for 'net ads changetrustpw'
   via  f3fb65c s3:libads: Fix changing passwords with Kerberos
   via  fa0b6d5 s3:script: Untaint user supplied data in modprinter.pl
   via  cc9f583 s4:http/gensec: add missing tevent_req_done() to 
gensec_http_ntlm_update_done()
   via  50ad7f1 s3:libsmb: let do_connect() debug the negotiation result 
similar to "session request ok"
   via  d5d9632 s3:libsmb: don't call cli_NetServerEnum() on SMB2/3 
connections in SMBC_opendir_ctx()
   via  84052d0 s3:smbclient: don't try any workgroup listing with "client 
min protocol = SMB2"
   via  50a8102 s3:smbclient: improve the error messages for smbclient -L
   via  dcdeb33 s3:libsmb: let get_ipc_connect() use 
CLI_FULL_CONNECTION_FORCE_SMB1
   via  3ba3f92 s3:libsmb: Print the kinit failed message with DBGLVL_NOTICE
   via  09df2eb s3:utils: Do not report an invalid range for AD DC role
   via  cf604fb s4/lib/tls: Use SHA256 to sign the TLS certificates
   via  21b585f heimdal: Fix printing a short int into a string
   via  168bea2 s3:utils: Fix buffer size for snprintf and format string
   via  3b9c9f0 s3:torture: Fix spoolss test to build with -O3
   via  9850c58 s4:samdb: Fix building Samba with -O3
  from  54ab11d s4: com: Replace erroneous inclusion of internal talloc.h 
header with external.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 52d8cc3f87894c91bf2f902721f2b7ab59cff8ed
Author: Andreas Schneider 
Date:   Tue Aug 8 12:05:24 2017 +0200

s4:torture: The teardown function should just return

The teardown functions should not return on error but finish cleaning
up!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12984

Signed-off-by: Andreas Schneider 
Reviewed-by: Guenther Deschner 
(cherry picked from commit c90069b26424752b15922de9cb796c431d2f3e08)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Mon Aug 28 15:19:58 CEST 2017 on sn-devel-144

commit 5b41f24a6f71f51c620fe14051468caee3098c5d
Author: Andreas Schneider 
Date:   Tue Aug 8 10:40:19 2017 +0200

s4:torture: Delete printer before we remove the driver

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12984

Signed-off-by: Andreas Schneider 
Reviewed-by: Guenther Deschner 
(cherry picked from commit bd44e435fa6a93d47a470f8ee95763a95eba4b5d)

commit 4ed08849e4c0bacc3c09f0688fb5bc3073824fc1
Author: Andreas Schneider 
Date:   Tue Aug 8 11:25:48 2017 +0200

s4:torture: Use a different driver name for add_driver tests

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12984

Signed-off-by: Andreas Schneider 
Reviewed-by: Guenther Deschner 
(cherry picked from commit 731fe596ac0999d54aae03ce4175356c56b3c94b)

commit 63945e1f55b9507534afa9237a4d8b526f1db933
Author: Marc Muehlfeld 
Date:   Mon Aug 28 10:54:43 2017 +0200

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-08-17 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  54ab11d s4: com: Replace erroneous inclusion of internal talloc.h 
header with external.
   via  dbc050b lib: auth: Store the netlogon_creds_cli_global_db pointer 
on the NULL context.
   via  eb2d10d s3: clients: Use netlogon_creds_cli_close_global_db() in 
all normal exit paths.
   via  301044e lib: auth: Add a shutdown function for 
netlogon_creds_cli_global_db.
   via  df7ccb9 s3: rpcclient: Use rpcclient_msg_ctx as the long-lived 
talloc context for rpcclient_netlogon_creds.
   via  fc3c124 s3: rpcclient: Use event context as the talloc parent of 
the rpcclient_msg_ctx.
   via  4880438 s3: rpcclient: Split out initialization and free of event 
context.
   via  65a90719 s3: rpc_client: Allocate struct db_context * off the local 
frame, as all other variables in this function.
   via  a4a0478 lib: cli: fname is a local variable already freed in the 
function scope, doesn't need to be on talloc_autofree_context()
   via  68f8c33 s4: schema: Allocate global_schema off the NULL context, 
not the talloc_autofree_context().
   via  07ee9d4 lib: ldb: Python. Take care of freeing the passed in module 
description if ldb_register_module() fails.
   via  d09bb56 lib: ldb: Use NULL to allocate modules not 
talloc_autofree_context().
   via  f5f63d6 s4: COM: Remove talloc_autofree_context() from (unused) COM 
code.
   via  490464a lib: rpc: The registered interfaces are a lists of 
singletons that are never removed.
   via  26cf4ec s4: modules. Fix missing TALLOC_CTX in module init function.
   via  a727c56 smb.conf: Explain that "ntlm auth" is a per-passdb setting
  from  67612bb selftest: Add test for password change when NTLM is disabled

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 54ab11d16f21d4bb3ae3a62a86597ebaade0ae09
Author: Jeremy Allison 
Date:   Mon Aug 14 13:02:30 2017 -0700

s4: com: Replace erroneous inclusion of internal talloc.h header with 
external.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932

Signed-off-by: Jeremy Allison 
Reviewed-by: Stefan Metzmacher 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Tue Aug 15 08:06:40 CEST 2017 on sn-devel-144

(cherry picked from commit f816de5636bb17ab09dd4b9c3e5b0249dc9b186f)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Thu Aug 17 14:58:08 CEST 2017 on sn-devel-144

commit dbc050b7e888373dd43b56d1c42756d73047b98c
Author: Jeremy Allison 
Date:   Mon Jul 24 16:14:00 2017 -0700

lib: auth: Store the netlogon_creds_cli_global_db pointer on the NULL 
context.

Now we shutdown correctly it doesn't need the talloc_autofree_context().

Last use of talloc_autofree_context() ourside the talloc test code !

Please don't add it ever again :-).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932

Signed-off-by: Jeremy Allison 
Reviewed-by: Andrew Bartlett 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Thu Jul 27 01:34:12 CEST 2017 on sn-devel-144

(cherry picked from commit e74081ce5d0f81024f7384816c589e5bc28baf80)

commit eb2d10df8ad7ed80de8c83e03618ae6624cb03cf
Author: Jeremy Allison 
Date:   Mon Jul 24 16:12:45 2017 -0700

s3: clients: Use netlogon_creds_cli_close_global_db() in all normal exit 
paths.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932

Signed-off-by: Jeremy Allison 
Reviewed-by: Andrew Bartlett 
(cherry picked from commit dbd32932463935cd47c55a9e1afdaccd7f6daf4d)

commit 301044e10640aa6ce4867c28fc61aed889fbb611
Author: Jeremy Allison 
Date:   Mon Jul 24 14:49:47 2017 -0700

lib: auth: Add a shutdown function for netlogon_creds_cli_global_db.

Will allow us to move off the talloc_autofree_context().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932

Signed-off-by: Jeremy Allison 
Reviewed-by: Andrew Bartlett 
(cherry picked from commit 4cc104d015bdfeb631c7c8f5252fc31727a128ca)

commit df7ccb91466fee717dd8d49c6ba54b770591c1b2
Author: Jeremy Allison 
Date:   Mon Jul 24 13:14:08 2017 -0700

s3: rpcclient: Use rpcclient_msg_ctx as the long-lived talloc context for 
rpcclient_netlogon_creds.

Guaranteed to stay around until the command exits.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12932

Signed-off-by: Jeremy Allison 
Reviewed-by: Andrew Bartlett 
(cherry picked from commit 74b589799e794cc8872a7d3845ced9f5087a8366)

commit

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-08-16 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  67612bb selftest: Add test for password change when NTLM is disabled
   via  5e1e86e WHATSNEW: Fix some typos.
  from  e131010 VERSION: Bump version up to 4.7.0rc5...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 67612bbe87bc61886daf407851c83511fa991e79
Author: Tim Beale 
Date:   Tue Jul 4 17:27:27 2017 +1200

selftest: Add test for password change when NTLM is disabled

When NTLM is disabled, the server should reject NTLM-based password
changes. Changing the password is a bit complicated from python, but
because the server should reject the password change outright with
NTLM_BLOCKED, the test doesn't actually need to provide valid
credentials.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11923
Signed-off-by: Tim Beale 
Reviewed-by: Andrew Bartlett 
Reviewed-by: Garming Sam 

Autobuild-User(master): Andrew Bartlett 
Autobuild-Date(master): Fri Jul 21 13:54:35 CEST 2017 on sn-devel-144

(cherry picked from commit 4e04f025a0665e2573bdd92efe9ba5aa9dcd82d7)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Wed Aug 16 13:03:26 CEST 2017 on sn-devel-144

commit 5e1e86e5e9eae26106aa6f3133161b360d4c3b3d
Author: Karolin Seeger 
Date:   Tue Aug 15 10:25:30 2017 +0200

WHATSNEW: Fix some typos.

Signed-off-by: Karolin Seeger 

---

Summary of changes:
 WHATSNEW.txt   | 37 -
 python/samba/tests/ntlmauth.py | 46 ++
 selftest/knownfail |  2 ++
 3 files changed, 54 insertions(+), 31 deletions(-)


Changeset truncated at 500 lines:

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index a40feb3..d738e4d 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -12,13 +12,13 @@ Samba 4.7 will be the next version of the Samba suite.
 UPGRADING
 =
 
-smbclient changes
--
+'smbclient' changes
+--
 
-smbclient no longer prints a 'Domain=[...] OS=[Windows 6.1] Server=[...]'
-banner when connecting to the first server. With SMB2 and Kerberos
-there's no way to print this information reliable. Now we avoid it at all
-consistently. In interactive session the following banner is now presented
+'smbclient' no longer prints a 'Domain=[...] OS=[Windows 6.1] Server=[...]'
+banner when connecting to the first server. With SMB2 and Kerberos,
+there's no way to print this information reliably. Now we avoid it at all
+consistently. In interactive sessions the following banner is now presented
 to the user: 'Try "help" do get a list of possible commands.'.
 
 The default for "client max protocol" has changed to "SMB3_11",
@@ -26,22 +26,23 @@ which means that smbclient (and related commands) will work 
against
 servers without SMB1 support.
 
 It's possible to use the '-m/--max-protocol' option to overwrite
-the "client max protocol" option temporary.
+the "client max protocol" option temporarily.
 
 Note that the '-e/--encrypt' option also works with most SMB3 servers
 (e.g. Windows >= 2012 and Samba >= 4.0.0), so the SMB1 unix extensions
 are not required for encryption.
 
-The change to SMB3_11 as default also  means smbclient no longer
+The change to SMB3_11 as default also means smbclient no longer
 negotiates SMB1 unix extensions by default, when talking to a Samba server with
-"unix extensions = yes".  As a result some commands are not available, e.g.
-posix_encrypt, posix_open, posix_mkdir, posix_rmdir, posix_unlink, 
posix_whoami,
-getfacl and symlink. Using "-mNT1" reenabled them, if the server supports SMB1.
+"unix extensions = yes".  As a result, some commands are not available, e.g.
+'posix_encrypt', 'posix_open', 'posix_mkdir', 'posix_rmdir', 'posix_unlink',
+'posix_whoami', 'getfacl' and 'symlink'. Using "-mNT1" reenables them, if the
+server supports SMB1.
 
 Note the default ("CORE") for "client min protocol" hasn't changed,
 so it's still possible to connect to SMB1-only servers by default.
 
-smbclient learned a new command "deltree" that is able to do
+'smbclient' learned a new command "deltree" that is able to do
 a recursive deletion of a directory tree.
 
 
@@ -106,15 +107,15 @@ Dynamic RPC port range
 --
 
 The dynamic port range for RPC services has been changed from the old default
-value 1024-1300 to 49152-65535. This port range is not only used by a
-Samba AD DC but also applies to all other server roles including NT4-style
+value "1024-1300" to "49152-65535". This port range is not only used by a
+Samba AD DC, but also applies to all other server roles including

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-08-15 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  e131010 VERSION: Bump version up to 4.7.0rc5...
   via  842bac1 VERSION: Disable GIT_SNAPSHOT for the 4.7.0rc4 release.
   via  7bc3506 WHATSNEW: Add release notes for Samba 4.7.0rc4.
  from  11a6fd3 source3/client: Fix typo in help message displayed by 
default

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit e1310105a7459094e6817509261e409f67e29416
Author: Karolin Seeger 
Date:   Mon Aug 14 12:49:02 2017 +0200

VERSION: Bump version up to 4.7.0rc5...

and re-enable GIT_SNAPSHOTS.

Signed-off-by: Karolin Seeger 

commit 842bac10737439d04e4dcd7421b952755612480b
Author: Karolin Seeger 
Date:   Mon Aug 14 12:47:57 2017 +0200

VERSION: Disable GIT_SNAPSHOT for the 4.7.0rc4 release.

Signed-off-by: Karolin Seeger 

commit 7bc35068cb2d74b57fca7d9c637d57cbee0435e2
Author: Karolin Seeger 
Date:   Mon Aug 14 12:47:16 2017 +0200

WHATSNEW: Add release notes for Samba 4.7.0rc4.

Signed-off-by: Karolin Seeger 

---

Summary of changes:
 VERSION  |  2 +-
 WHATSNEW.txt | 47 ++-
 2 files changed, 47 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index 9c77c15..41c3271 100644
--- a/VERSION
+++ b/VERSION
@@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE=
 # e.g. SAMBA_VERSION_RC_RELEASE=1  #
 #  ->  "3.0.0rc1"  #
 
-SAMBA_VERSION_RC_RELEASE=4
+SAMBA_VERSION_RC_RELEASE=5
 
 
 # To mark SVN snapshots this should be set to 'yes'#
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index aa0730b..a40feb3 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,7 +1,7 @@
 Release Announcements
 =
 
-This is the third release candidate of Samba 4.7.  This is *not*
+This is the fourth release candidate of Samba 4.7.  This is *not*
 intended for production environments and is designed for testing
 purposes only.  Please report any defects via the Samba bug reporting
 system at https://bugzilla.samba.org/.
@@ -327,6 +327,51 @@ KNOWN ISSUES
 
https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.7#Release_blocking_bugs
 
 
+CHANGES SINCE 4.7.0rc3
+==
+
+o  Jeremy Allison 
+   * BUG 12913: Implement cli_smb2_setatr() by calling cli_smb2_setpathinfo().
+
+o  Andrew Bartlett 
+   * BUG 11392: s4-cldap/netlogon: Match Windows 2012R2 and return
+ NETLOGON_NT_VERSION_5 when version unspecified.
+   * BUG 12855: dsdb: Do not force a re-index of sam.ldb on upgrade to 4.7.
+   * BUG 12904: dsdb: Fix dsdb_next_callback to correctly use ldb_module_done()
+ etc.
+   * BUG 12939: s4-rpc_server: Improve debug of new endpoints.
+
+o  Ralph Boehme 
+   * BUG 12791: Fix kernel oplocks issues with named streams.
+   * BUG 12944: vfs_gpfs: Handle EACCES when fetching DOS attributes from 
xattr.
+
+o  Bob Campbell 
+   * BUG 12842: samdb/cracknames: Support user and service principal as desired
+ format.
+
+o  David Disseldorp 
+   * BUG 12911: vfs_ceph: Fix cephwrap_chdir().
+
+o  Gary Lockyer 
+   * BUG 12865: Track machine account ServerAuthenticate3.
+
+o  Marc Muehlfeld 
+   * BUG 12947: python: Fix incorrect kdc.conf parameter name in kerberos.py.
+
+o  Noel Power 
+   * BUG 12937: s3/utils: 'smbcacls' failed to detect DIRECTORIES using SMB2
+ (Windows only).
+
+o  Arvid Requate 
+   * BUG 11392: s4-dsdb/netlogon: Allow missing ntver in cldap ping.
+
+o  Anoop C S 
+   * BUG 12936: source3/client: Fix typo in help message displayed by default.
+
+o  Andreas Schneider 
+   * BUG 12930: Fix building with GCC 7.1.1.
+
+
 CHANGES SINCE 4.7.0rc2
 ==
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-08-14 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  11a6fd3 source3/client: Fix typo in help message displayed by 
default
   via  d7ab149 vfs_fruit: factor out common code from ad_get() and 
ad_fget()
   via  67649b7 vfs_fruit: return fake pipe fd in fruit_open_meta_netatalk()
   via  6f00dc7 vfs_fruit: don't open basefile in ad_open() and simplify API
   via  dafa192 vfs_fruit: use path based setxattr call in ad_fset()
   via  4a742a6 s4/torture: additional tests for kernel-oplocks
   via  60a551e s4/torture: reproducer for kernel oplocks issue with streams
   via  a89dca2 vfs_streams_xattr: return a fake fd in streams_xattr_open()
   via  715bae3 vfs_streams_xattr: implement all missing handle based VFS 
functions
   via  577a3c1 vfs_streams_xattr: always pass NULL as fsp arg to 
get_ea_value()
   via  cc0ada5 vfs_streams_xattr: remove fsp argument from get_xattr_size()
   via  2987e49 vfs_streams_xattr: remove all uses of fd, use name based 
functions
   via  a0727ee vfs_streams_xattr: invalidate stat info if xattr was not 
found
   via  ca32a25 s3: torture: Add a test for cli_setpathinfo_basic() to 
smbtorture3.
   via  4cc812b s3: libsmb: Implement cli_smb2_setatr() by calling 
cli_smb2_setpathinfo().
   via  a899335 s3: libsmb: Add cli_smb2_setpathinfo(), to be called by 
cli_setpathinfo_basic().
   via  527d1aa s3: libsmbclient: Fix cli_setpathinfo_basic() to treat mode 
== -1 as no change.
  from  53643ac vfs_gpfs: handle EACCES when fetching DOS attributes from 
xattr

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 11a6fd32c36ff7159445a871fd97b3b80d1f7ae6
Author: Anoop C S 
Date:   Mon Jul 31 15:39:19 2017 +0530

source3/client: Fix typo in help message displayed by default

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12936

Signed-off-by: Anoop C S 
Reviewed-by: Volker Lendecke 
Reviewed-by: Andreas Schneider 
(cherry picked from commit 90487259e365d5b966ccc47ac51eadb4733f3197)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Mon Aug 14 14:35:34 CEST 2017 on sn-devel-144

commit d7ab149b68d84ed58cd69af607c451e5c70feebd
Author: Ralph Boehme 
Date:   Wed May 24 09:17:19 2017 +0200

vfs_fruit: factor out common code from ad_get() and ad_fget()

As a result of the previous changes ad_get() and ad_fget() do completey
the same, so factor out the common code to a new helper function. No
change in behaviour.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme 
Reviewed-by: Richard Sharpe 

Autobuild-User(master): Volker Lendecke 
Autobuild-Date(master): Wed Aug  9 22:33:36 CEST 2017 on sn-devel-144

(cherry picked from commit d55c27abc5a7357f740c7065bbe12e7f36b57125)

commit 67649b72d551d95d8fefc0f417d295be7a9c29ce
Author: Ralph Boehme 
Date:   Tue May 23 17:44:16 2017 +0200

vfs_fruit: return fake pipe fd in fruit_open_meta_netatalk()

Do not open the basefile, that conflict with "kernel oplocks = yes". We
just return a fake file fd based on dup'ing a pipe fd and ensure all VFS
functions that go through vfs_fruit and work on the metadata stream can
deal with it.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme 
Reviewed-by: Richard Sharpe 
Reviewed-by: Volker Lendecke 
(cherry picked from commit 7583ee6e1c558067e4c7a7351085fcc0e4240366)

commit 6f00dc7f9e9b14d0a018c22f75115d35e7cb22ad
Author: Ralph Boehme 
Date:   Tue May 23 17:31:47 2017 +0200

vfs_fruit: don't open basefile in ad_open() and simplify API

We never need an fd on the basefile when operating on the metadata, as
we can always use path based syscalls. Opening the basefile conflicts
with "kernel oplocks" so just don't do it.

Additional changes:

- remove the adouble_type_t argument to ad_open(), the type is passed
  and set when allocating a struct adouble with ad_alloc()

- additionally pass an optional fsp to ad_open() (so the caller can pass
  NULL). With this change we can move the fd inheritance from fsp to ad
  into ad_open() itself where it belongs and remove it from the caller
  ad_fget()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12791

Signed-off-by: Ralph Boehme 
Reviewed-by: Richard Sharpe 
(cherry picked from commit e92a39255e66f655e2758f0a71a01eaf258cf711)

commit dafa1922d161255ae340b8ef6f9c23f04bad0523
Author: Ralph Boehme

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-08-11 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  53643ac vfs_gpfs: handle EACCES when fetching DOS attributes from 
xattr
   via  07b678b s3/smbd: handle EACCES when fetching DOS attributes from 
xattr
   via  a64088b s3/smbd: handling of failed DOS attributes reading
  from  cb38898 python: Fix incorrect kdc.conf parameter name in kerberos.py

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 53643ac0eb2391ddebab11916f010d28039eb4ba
Author: Ralph Boehme 
Date:   Thu Jun 8 19:18:36 2017 +0200

vfs_gpfs: handle EACCES when fetching DOS attributes from xattr

When trying to fetch the DOS attributes via gpfswrap_get_winattrs_path()
if the filesystem doesn't grant READ_ATTR to the file the function fails
with EACCESS.

But according to MS-FSA 2.1.5.1.2.1 "Algorithm to Check Access to an
Existing File" FILE_LIST_DIRECTORY on a directory implies
FILE_READ_ATTRIBUTES for directory entries.

So if the user can open the parent directory for reading this implies
FILE_LIST_DIRECTORY and we can safely call gpfswrap_get_winattrs_path()
with DAC_OVERRIDE_CAPABILITY.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12944

Signed-off-by: Ralph Boehme 
Reviewed-by: Christof Schmitt 

Autobuild-User(master): Ralph Böhme 
Autobuild-Date(master): Wed Aug  9 01:21:14 CEST 2017 on sn-devel-144

(cherry picked from commit 62d73f5b936550d623ef4f31c7438ac3c90105b9)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Fri Aug 11 14:48:10 CEST 2017 on sn-devel-144

commit 07b678b377194d4e6b41e4d4e1609c3c55367cc0
Author: Ralph Boehme 
Date:   Thu Jun 8 19:10:20 2017 +0200

s3/smbd: handle EACCES when fetching DOS attributes from xattr

When trying to fetch the DOS attributes xattr via SMB_VFS_GETXATTR() if
the filesystem doesn't grant read access to the file the xattr read
request fails with EACCESS.

But according to MS-FSA 2.1.5.1.2.1 "Algorithm to Check Access to an
Existing File" FILE_LIST_DIRECTORY on a directory implies
FILE_READ_ATTRIBUTES for directory entries.

So if the user can open the parent directory for reading this implies
FILE_LIST_DIRECTORY and we can safely call SMB_VFS_GETXATTR() as root,
ensuring we can read the DOS attributes xattr.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12944

Signed-off-by: Ralph Boehme 
Reviewed-by: Christof Schmitt 
(cherry picked from commit c54fcb7cbd0de244eed4134e877da6e9c16e7aab)

commit a64088bdf223d408da4ad7912d5ea9c779ced34c
Author: Ralph Boehme 
Date:   Thu Jun 8 19:05:48 2017 +0200

s3/smbd: handling of failed DOS attributes reading

Only fall back to using UNIX modes if we get NOT_IMPLEMENTED. This is
exactly what we already do when setting DOS attributes.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12944

Signed-off-by: Ralph Boehme 
Reviewed-by: Christof Schmitt 
(cherry picked from commit 9de1411d9e7c7ac3da544345d4dea7fd73dff01b)

---

Summary of changes:
 source3/modules/vfs_gpfs.c | 69 +-
 source3/smbd/dosmode.c | 43 -
 2 files changed, 110 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/modules/vfs_gpfs.c b/source3/modules/vfs_gpfs.c
index a552cdd..b2c9244 100644
--- a/source3/modules/vfs_gpfs.c
+++ b/source3/modules/vfs_gpfs.c
@@ -1537,6 +1537,47 @@ static unsigned int 
vfs_gpfs_dosmode_to_winattrs(uint32_t dosmode)
return winattrs;
 }
 
+static int get_dos_attr_with_capability(struct smb_filename *smb_fname,
+   struct gpfs_winattr *attr)
+{
+   int saved_errno = 0;
+   int ret;
+
+   /*
+* According to MS-FSA 2.1.5.1.2.1 "Algorithm to Check Access to an
+* Existing File" FILE_LIST_DIRECTORY on a directory implies
+* FILE_READ_ATTRIBUTES for directory entries. Being able to stat() a
+* file implies FILE_LIST_DIRECTORY for the directory containing the
+* file.
+*/
+
+   if (!VALID_STAT(smb_fname->st)) {
+   /*
+* Safety net: dos_mode() already checks this, but as we set
+* DAC_OVERRIDE_CAPABILITY based on this, add an additional
+* layer of defense.
+*/
+   DBG_ERR("Rejecting DAC override, invalid stat [%s]\n",
+   smb_fname_str_dbg(smb_fname));
+   errno = EACCES;
+   return -1;
+   }
+
+

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-08-10 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  cb38898 python: Fix incorrect kdc.conf parameter name in kerberos.py
  from  ee55090 WHATSNEW: Update doc for Samba AD with MIT Kerberos

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit cb38898fb36d537146fc0bf49da7f2600f7efb3a
Author: Marc Muehlfeld 
Date:   Sun Aug 6 11:50:55 2017 +0200

python: Fix incorrect kdc.conf parameter name in kerberos.py

Signed-off-by: Marc Muehlfeld 
Reviewed-by: Andreas Schneider 

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12947
Typo in kdc.conf results in: Unable to load requested database module
'samba'.

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Thu Aug 10 12:58:59 CEST 2017 on sn-devel-144

---

Summary of changes:
 python/samba/provision/kerberos.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


Changeset truncated at 500 lines:

diff --git a/python/samba/provision/kerberos.py 
b/python/samba/provision/kerberos.py
index 24ced9c..4ed4d57 100644
--- a/python/samba/provision/kerberos.py
+++ b/python/samba/provision/kerberos.py
@@ -69,7 +69,7 @@ def create_kdc_conf(kdcconf, realm, domain, logdir):
 
 f.write("[dbmodules]\n")
 
-f.write("\tdb_modules_dir = %s\n" % kdb_modules_dir)
+f.write("\tdb_module_dir = %s\n" % kdb_modules_dir)
 f.write("\n")
 
 f.write("\t%s = {\n" % realm)


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-08-08 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  ee55090 WHATSNEW: Update doc for Samba AD with MIT Kerberos
   via  9461ede dsdb: Do not force a re-index of sam.ldb on upgrade to 4.7
   via  c13e416 dsdb: Fix dsdb_next_callback to correctly use 
ldb_module_done() etc
  from  d77de9a s4-cldap/netlogon: Match Windows 2012R2 and return 
NETLOGON_NT_VERSION_5 when version unspecified

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit ee55090a72af7186b6d98d72da38ddb668879580
Author: Andreas Schneider 
Date:   Mon Aug 7 14:55:34 2017 +0200

WHATSNEW: Update doc for Samba AD with MIT Kerberos

This has been changed, the file is created in the private samba
directory. The path is printed by 'samba-tool' after it has been
created.

Signed-off-by: Andreas Schneider 

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Tue Aug  8 12:49:24 CEST 2017 on sn-devel-144

commit 9461ede6adc4c9ec4d6754914b79d1d902127580
Author: Andrew Bartlett 
Date:   Tue Aug 1 10:26:34 2017 +1200

dsdb: Do not force a re-index of sam.ldb on upgrade to 4.7

This means that no compatibleFeatures or incompatibleFeatures will be 
honoured
until a re-index, but that can be triggered when these features are set.

New databases will still get this support.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12855
Signed-off-by: Andrew Bartlett 
Reviewed-by: Garming Sam 
(cherry picked from commit 39c6274084e5d72d6fdfae1fb9fede439f6ad60d)

commit c13e41642aa2e6b8aa7d0298d4a517d88281a5fd
Author: Andrew Bartlett 
Date:   Tue Aug 1 13:18:33 2017 +1200

dsdb: Fix dsdb_next_callback to correctly use ldb_module_done() etc

If we do not call ldb_module_done() then we do not know that 
up_req->callback()
has been called, and ldb_next_request() will call the callback again.

If called twice, the new ldb_lock_backend_callback() in ldb 1.2.0 will 
segfault.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12904

Signed-off-by: Andrew Bartlett 
Reviewed-by: Garming Sam 

Autobuild-User(master): Andrew Bartlett 
Autobuild-Date(master): Tue Aug  1 07:52:38 CEST 2017 on sn-devel-144

(cherry picked from commit d5750f016362ce55a1c905509c419756b523dde6)

---

Summary of changes:
 WHATSNEW.txt  |  5 +
 python/samba/tests/dsdb.py| 23 +++
 source4/dsdb/pydsdb.c |  1 +
 source4/dsdb/samdb/ldb_modules/util.c | 25 +++--
 source4/dsdb/samdb/samdb.h|  2 ++
 source4/dsdb/schema/schema_set.c  | 22 +-
 6 files changed, 71 insertions(+), 7 deletions(-)


Changeset truncated at 500 lines:

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 8302e5f..aa0730b 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -100,10 +100,7 @@ Missing features, compared to Heimdal, are:
 The Samba AD process will take care of starting the MIT KDC and it will load a
 KDB (Kerberos Database) driver to access the Samba AD database.  When
 provisioning an AD DC using 'samba-tool' it will take care of creating a 
correct
-kdc.conf file for the MIT KDC. Note that 'samba-tool' will overwrite the system
-kdc.conf by default. It is possible to use a different location during
-provision. You should consult the 'samba-tool' help and smb.conf manpage for
-details.
+kdc.conf file for the MIT KDC.
 
 Dynamic RPC port range
 --
diff --git a/python/samba/tests/dsdb.py b/python/samba/tests/dsdb.py
index ce5f599..a9f569b 100644
--- a/python/samba/tests/dsdb.py
+++ b/python/samba/tests/dsdb.py
@@ -23,6 +23,7 @@ from samba.auth import system_session
 from samba.tests import TestCase
 from samba.ndr import ndr_unpack, ndr_pack
 from samba.dcerpc import drsblobs
+from samba import dsdb
 import ldb
 import os
 import samba
@@ -505,3 +506,25 @@ class DsdbTests(TestCase):
backend_filename)
 backend_path = self.lp.private_path(backend_subpath)
 self._test_full_db_lock2(backend_path)
+
+def test_no_error_on_invalid_control(self):
+try:
+res = self.samdb.search(expression="cn=Administrator",
+scope=ldb.SCOPE_SUBTREE,
+attrs=["replPropertyMetaData"],
+controls=["local_oid:%s:0"
+  % 
dsdb.DSDB_CONTROL_INVALID_NOT_IMPLEMENTED])
+except ldb.LdbError as e:
+self.fail("Should have not raised an exception")
+
+

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-08-01 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  d77de9a s4-cldap/netlogon: Match Windows 2012R2 and return 
NETLOGON_NT_VERSION_5 when version unspecified
   via  cf4e08f s4-dsdb/netlogon: allow missing ntver in cldap ping
   via  11cbf1f s4:torture/ldap: Test netlogon without NtVer
   via  66707ea s3/utils: smbcacls failed to detect DIRECTORIES using SMB2 
(windows only)
  from  1a90ffe mit-kdb: Fix NULL pointer check after malloc

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit d77de9a6d0b265929fc10bcc31c560646ccc28bf
Author: Andrew Bartlett 
Date:   Tue Jul 25 14:26:45 2017 +1200

s4-cldap/netlogon: Match Windows 2012R2 and return NETLOGON_NT_VERSION_5 
when version unspecified

The previous patch set this incorrectly to NETLOGON_NT_VERSION_1

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11392

Signed-off-by: Andrew Bartlett 
Reviewed-by: Douglas Bagnall 
(cherry picked from commit 0554bc237f1b84d672d36781bead8b2c33f2e5a4)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Tue Aug  1 15:56:56 CEST 2017 on sn-devel-144

commit cf4e08fecb3cc5d687432aaee963e9c36ab96393
Author: Arvid Requate 
Date:   Thu Jun 22 13:37:13 2017 +0200

s4-dsdb/netlogon: allow missing ntver in cldap ping

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11392

Signed-off-by: Arvid Requate 
Reviewed-by: Douglas Bagnall 
Reviewed-by: Andrew Bartlett 
(cherry picked from commit 88db634ed84647e5105c4b4fdf37d5892bebfd8d)

commit 11cbf1f37494f8cfc8ba25554b348692f287ff77
Author: Arvid Requate 
Date:   Tue Jun 20 20:05:17 2017 +0200

s4:torture/ldap: Test netlogon without NtVer

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11392

Signed-off-by: Arvid Requate 
Reviewed-by: Douglas Bagnall 
Reviewed-by: Andrew Bartlett 
(cherry picked from commit 22a94b728bd5d513b2002b62c129271d2210ed73)

commit 66707ea1cdb3c274ad3c0752482180e2e97423b4
Author: Noel Power 
Date:   Thu Jul 20 13:01:50 2017 +0100

s3/utils: smbcacls failed to detect DIRECTORIES using SMB2 (windows only)

uint16_t get_fileinfo(...) returns file attributes, this function
called

 cli_qfileinfo_basic(cli, fnum, , NULL, NULL, NULL,
 NULL, NULL, NULL);

which was failing with NT_STATUS_ACCESS_DENIED errors when fnum above
was obtained via (when using protocol > SMB). Note: This only seems to be
an issue when run against a windows server, with smbd SMB1 & SMB2 work fine.

status = cli_ntcreate(cli, filename, 0, CREATE_ACCESS_READ,
  0, FILE_SHARE_READ|FILE_SHARE_WRITE,
  FILE_OPEN, 0x0, 0x0, , NULL);

The failing cli_qfileinfo_basic call above is unnecessary as we can already
obtain the required information from the cli_ntcreate call

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12937

Signed-off-by: Noel Power 
Reviewed-by: Jeremy Allison 
Reviewed-by: David Disseldorp 
(cherry picked from commit c57dcafb150823b00fd873046e65a966a8488fa8)

---

Summary of changes:
 source3/utils/smbcacls.c  | 14 ++---
 source4/dsdb/samdb/ldb_modules/netlogon.c |  6 +---
 source4/torture/ldap/netlogon.c   | 48 +++
 3 files changed, 52 insertions(+), 16 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/utils/smbcacls.c b/source3/utils/smbcacls.c
index 86b4591..6bf32e5 100644
--- a/source3/utils/smbcacls.c
+++ b/source3/utils/smbcacls.c
@@ -229,30 +229,22 @@ get fileinfo for filename
 static uint16_t get_fileinfo(struct cli_state *cli, const char *filename)
 {
uint16_t fnum = (uint16_t)-1;
-   uint16_t mode = 0;
NTSTATUS status;
+   struct smb_create_returns cr = {0};
 
/* The desired access below is the only one I could find that works
   with NT4, W2KP and Samba */
 
status = cli_ntcreate(cli, filename, 0, CREATE_ACCESS_READ,
  0, FILE_SHARE_READ|FILE_SHARE_WRITE,
- FILE_OPEN, 0x0, 0x0, , NULL);
+ FILE_OPEN, 0x0, 0x0, , );
if (!NT_STATUS_IS_OK(status)) {
printf("Failed to open %s: %s\n", filename, nt_errstr(status));
return 0;
}
 
-   status = cli_qfileinfo_basic(cli, fnum, , NULL, NULL, NULL,
-

[SCM] Samba Shared Repository - branch v4-7-test updated

2017-07-31 Thread Karolin Seeger 
The branch, v4-7-test has been updated
   via  1a90ffe mit-kdb: Fix NULL pointer check after malloc
   via  0309fcf s4:kcc: Add a NULL check before qsort()
   via  2a2ba42 selftest: Make --include-env and --exclude-env use the base 
env name
   via  6d469e7 selftest: Use NETLOGON_NEG_STRONG_KEYS constant in 
AuthLogTestsNetLogonBadCreds
   via  9fbfd46 s4-netlogon: Use log_escape to protect against un-validated 
strings
   via  3a65622 s4-netlogon: Extend ServerAuthenticate3 logging to split up 
username forms
   via  32e9367 source4 netlogon: Add authentication logging for 
ServerAuthenticate3
   via  280621c tests auth_log: Add new tests for NETLOGON
   via  09ed546 tests auth_log: Modify existing tests to handle NETLOGON 
messages
   via  d8b9a83 auth_log: use symbolic constant to replace 
/root/ncalrpc_as_system
   via  0523140 rpc: use symbolic constant to replace 
/root/ncalrpc_as_system
   via  eb6e820 dcerpc.idl Add symbolic constant for /root/ncalrpc_as_system
   via  e7d6201 samdb/cracknames: support user and service principal as 
desired format
   via  87103e3 samdb/cracknames: do not show recycled when a guid is 
desired
   via  08a0206 python/tests: add python test for cracknames
   via  a432712 s4-rpc_server: Improve debug of new endpoints
   via  c991fd9 s4-rpc_server: ensure we get a new endpoint for netlogon
   via  f81665e WHATSNEW: Fix typo.
   via  762d338 vfs_ceph: fix cephwrap_chdir()
  from  eb874b9 VERSION: Bump version up to 4.7.0rc4...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-7-test


- Log -
commit 1a90ffe6d125fba6d509ba2721527fd113e7
Author: Andreas Schneider 
Date:   Mon Jul 24 12:19:27 2017 +0200

mit-kdb: Fix NULL pointer check after malloc

This fixes building with GCC 7.1.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930

Signed-off-by: Andreas Schneider 
Reviewed-by: Ralph Boehme 

(cherry picked from commit 9b64b11c2f2c1bc77ae887b34d7efcb9f1452da7)

Autobuild-User(v4-7-test): Karolin Seeger 
Autobuild-Date(v4-7-test): Mon Jul 31 15:49:51 CEST 2017 on sn-devel-144

commit 0309fcfbdad1209eda38cfcd991a8542248a96b6
Author: Andreas Schneider 
Date:   Mon Jul 24 12:13:50 2017 +0200

s4:kcc: Add a NULL check before qsort()

This fixes building with GCC 7.1.1

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12930

Signed-off-by: Andreas Schneider 
Reviewed-by: Ralph Boehme 
(cherry picked from commit 314cf608932c21d593afd04769b07435bcd4fc53)

commit 2a2ba42a66f3fcff07f4e65bda8c5cf8653e15f4
Author: Andrew Bartlett 
Date:   Fri Jul 21 20:10:43 2017 +1200

selftest: Make --include-env and --exclude-env use the base env name

The code as deployed would have required (eg) '--include-env=ktest
--include-env=ktest:local' which was not done in autobuild, causing
tests to be skipped.  This patch restores the intended behaviour.

This causes 33 testsuites to run, one more test (the newly added
samba.tests.ntlmauth) than the old regex provided (before
602772159dfd1213385f42ecbf31136f57693b63).

(The regression dropped us down to matching only 7 tests).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12922

Signed-off-by: Andrew Bartlett 
Reviewed-by: Stefan Metzmacher 

Autobuild-User(master): Stefan Metzmacher 
Autobuild-Date(master): Mon Jul 24 03:33:01 CEST 2017 on sn-devel-144

(cherry picked from commit 61455ad82e293df4a094204fdf28162baad686ae)

commit 6d469e7ecb1b283064bc4768ba591b824964fbdf
Author: Andrew Bartlett 
Date:   Tue Jul 18 09:03:17 2017 +1200

selftest: Use NETLOGON_NEG_STRONG_KEYS constant in 
AuthLogTestsNetLogonBadCreds

Signed-off-by: Andrew Bartlett 
Reviewed-by: Alexander Bokovoy 

Autobuild-User(master): Andrew Bartlett 
Autobuild-Date(master): Tue Jul 25 03:21:19 CEST 2017 on sn-devel-144

(cherry picked from commit a420b1bdccbba72faf1108f7fae8b8202075db97)

commit 9fbfd465ff64bc7bdfe3bdae1b5bd91c11a1e9c0
Author: Andrew Bartlett 
Date:   Tue Jul 18 08:57:03 2017 +1200

s4-netlogon: Use log_escape to protect against un-validated strings

Signed-off-by: Andrew Bartlett 
Reviewed-by: Alexander Bokovoy 
(cherry picked from commit 427a11b812d1872879658c998ef0328dd7c2a53a)

commit 3a65622d77994c63c456ed1535fc3991af7cd94f
Author: Andrew Bartlett 
Date:   Tue Jul 18 08:46:08 2017 +1200

s4-netlogon: Extend ServerAuthenticate3 logging to split up

  1   2   >