[SCM] Samba Shared Repository - branch v4-11-test updated

2021-01-24 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  ddc4f401ced script/release.sh: always select the GPG key by it's ID
   via  78e6315d908 ReleaseKey: add GnuPG key transition statement for the 
Samba release key
   via  f5b0dfb0f0b script/release.sh: Use new GPG key.
  from  523c71f7ac7 VERSION: Bump version up to 4.11.18...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit ddc4f401ced98fc1d8f824ec8b0d61f271ed3de8
Author: Karolin Seeger 
Date:   Thu Jan 21 13:03:44 2021 +0100

script/release.sh: always select the GPG key by it's ID

Signed-off-by: Karolin Seeger 
Signed-off-by: Stefan Metzmacher 
(cherry picked from commit 715b208b513035269a6523f8543c4bf328a7c0f2)

commit 78e6315d908e958d0ebad870d0dc3f2cc6901ede
Author: Karolin Seeger 
Date:   Thu Jan 21 13:02:26 2021 +0100

ReleaseKey: add GnuPG key transition statement for the Samba release key

Signed-off-by: Karolin Seeger 
Signed-off-by: Stefan Metzmacher 
(cherry picked from commit 38a278b1afedd6c0a6de0fd4f08008e83f8597a9)

commit f5b0dfb0f0b196ea1fa2fc107880924a3183e51c
Author: Karolin Seeger 
Date:   Tue Dec 22 09:35:58 2020 +0100

script/release.sh: Use new GPG key.

Signed-off-by: Karolin Seeger 
(cherry picked from commit 2f6cea063ddf52d77037644d612bbc209837e707)

---

Summary of changes:
 GPG_AA99442FB680B620_replaces_6F33915B6568B7EA.txt | 27 ++
 script/release.sh  | 10 
 2 files changed, 32 insertions(+), 5 deletions(-)
 create mode 100644 GPG_AA99442FB680B620_replaces_6F33915B6568B7EA.txt


Changeset truncated at 500 lines:

diff --git a/GPG_AA99442FB680B620_replaces_6F33915B6568B7EA.txt 
b/GPG_AA99442FB680B620_replaces_6F33915B6568B7EA.txt
new file mode 100644
index 000..8e240bae8db
--- /dev/null
+++ b/GPG_AA99442FB680B620_replaces_6F33915B6568B7EA.txt
@@ -0,0 +1,27 @@
+-BEGIN PGP SIGNED MESSAGE-
+Hash: SHA1
+
+The GPG release key for Samba releases changed from:
+
+pub   dsa1024/6F33915B6568B7EA 2007-02-04 [SC] [expires: 2021-02-05]
+  Key fingerprint = 52FB C0B8 6D95 4B08 4332  4CDC 6F33 915B 6568 B7EA
+uid [  full  ] Samba Distribution Verification Key 

+sub   elg2048/9C6ED163DA6DFB44 2007-02-04 [E] [expires: 2021-02-05]
+
+to the following new key:
+
+pub   rsa4096/AA99442FB680B620 2020-12-21 [SC] [expires: 2022-12-21]
+  Key fingerprint = 81F5 E283 2BD2 545A 1897  B713 AA99 442F B680 B620
+uid [ultimate] Samba Distribution Verification Key 

+sub   rsa4096/97EF9386FBFD4002 2020-12-21 [E] [expires: 2022-12-21]
+
+Starting from Jan 21th 2021, all Samba releases will be signed with the new 
key.
+
+This document is signed with the old key.
+
+-BEGIN PGP SIGNATURE-
+
+iF0EARECAB0WIQRS+8C4bZVLCEMyTNxvM5FbZWi36gUCYAltCQAKCRBvM5FbZWi3
+6ofOAJ491tFEr36jLkf158ueIrDw9zNVtgCbBV3PgocOX5VH57s1NQdBOof+ihw=
+=wf56
+-END PGP SIGNATURE-
diff --git a/script/release.sh b/script/release.sh
index 507d5931a6a..45e9206005c 100755
--- a/script/release.sh
+++ b/script/release.sh
@@ -316,7 +316,7 @@ create_release() {
 
echo "Signing ${tarname} => ${tarname}.asc"
rm -f "${tarname}.asc"
-   gpg -u "${GPG_USER}" --detach-sign --armor ${tarname} || {
+   gpg --default-key "${GPG_KEYID}" --detach-sign --armor ${tarname} || {
return 1
}
test -f "${tarname}.asc" || {
@@ -362,7 +362,7 @@ patch_release() {
echo "Signing ${patchfile} => ${patchfile}.asc"
rm -f "${patchfile}.asc"
CLEANUP_FILES="${CLEANUP_FILES} ${patchfile}.asc"
-   gpg -u "${GPG_USER}" --detach-sign --armor ${patchfile} || {
+   gpg --default-key "${GPG_KEYID}" --detach-sign --armor ${patchfile} || {
return 1
}
test -f "${patchfile}.asc" || {
@@ -1053,7 +1053,7 @@ samba-rc)
}
 
test -z "${GPG_KEYID-}"  && {
-   GPG_KEYID='6F33915B6568B7EA'
+   GPG_KEYID='AA99442FB680B620'
}
 
productbase="samba"
@@ -1074,7 +1074,7 @@ samba-stable)
}
 
test -z "${GPG_KEYID-}"  && {
-   GPG_KEYID='6F33915B6568B7EA'
+   GPG_KEYID='AA99442FB680B620'
}
 
productbase="samba"
@@ -1096,7 +1096,7 @@ TODO-samba-security)
}
 
test -z "${GPG_KEYID-}"  && {
-   GPG_KEYID='6F33915B6568B7EA'
+   GPG_KEYID='AA99442FB680B620'
}
 
productbase="samba"


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-12-02 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  523c71f7ac7 VERSION: Bump version up to 4.11.18...
   via  99f4a3daa25 VERSION: Disable GIT_SNAPSHOT for the 4.11.17 release.
   via  1c76f331a69 WHATSNEW: Add release notes for Samba 4.11.17.
  from  f1b1dc12aba vfs_glusterfs: print exact cmdline for disabling 
write-behind translator

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 523c71f7ac7536bee39b1c397f12082b10d1dbc8
Author: Karolin Seeger 
Date:   Thu Dec 3 08:31:30 2020 +0100

VERSION: Bump version up to 4.11.18...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger 

commit 99f4a3daa25848fcf0ffd146768d5885be913de6
Author: Karolin Seeger 
Date:   Thu Dec 3 08:30:31 2020 +0100

VERSION: Disable GIT_SNAPSHOT for the 4.11.17 release.

Signed-off-by: Karolin Seeger 

commit 1c76f331a696ffe001b4d997b44f4d86ce48e105
Author: Karolin Seeger 
Date:   Thu Dec 3 08:20:13 2020 +0100

WHATSNEW: Add release notes for Samba 4.11.17.

Signed-off-by: Karolin Seeger 

---

Summary of changes:
 VERSION  |  2 +-
 WHATSNEW.txt | 52 ++--
 2 files changed, 51 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index 1c9c15fd82e..35e06c1e36c 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=11
-SAMBA_VERSION_RELEASE=17
+SAMBA_VERSION_RELEASE=18
 
 
 # If a official release has a serious bug  #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 914e3cc3bf9..b8b5c0009af 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,51 @@
+   ===
+   Release Notes for Samba 4.11.17
+  December 03, 2020
+   ===
+
+
+This is an extraordinary release of the Samba 4.11 release series to fix a
+regression introduced with Samba 4.11.16.
+
+
+Changes since 4.11.16
+-
+
+o  Jeremy Allison 
+   * BUG 14486: s3: vfs_glusterfs: Fix the error in preventing talloc leaks 
from
+ a function.
+
+o  Günther Deschner 
+   * BUG 14486: s3-vfs_glusterfs: Always disable write-behind translator.
+
+o  Anoop C S 
+   * BUG 14486: manpages/vfs_glusterfs: Mention silent skipping of write-behind
+ translator.
+
+
+###
+Reporting bugs & Development Discussion
+###
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+==
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==
+
+
+Release notes for older releases follow:
+
+
===
Release Notes for Samba 4.11.16
   November 04, 2020
@@ -67,8 +115,8 @@ database (https://bugzilla.samba.org/).
 ==
 
 
-Release notes for older releases follow:
-
+--
+
 
===
Release Notes for Samba 4.11.15


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-12-02 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  f1b1dc12aba vfs_glusterfs: print exact cmdline for disabling 
write-behind translator
   via  eb525a3e070 manpages/vfs_glusterfs: Mention silent skipping of 
write-behind translator
   via  d6fb44cba25 s3-vfs_glusterfs: always disable write-behind translator
  from  49710332b59 s3: modules: gluster. Fix the error I made in 
preventing talloc leaks from a function.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit f1b1dc12abaecbdef68f752d9a424180b0e6890d
Author: Günther Deschner 
Date:   Tue Nov 24 15:38:41 2020 +0100

vfs_glusterfs: print exact cmdline for disabling write-behind translator

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14486

Guenther

Signed-off-by: Guenther Deschner 
Reviewed-by: Anoop C S 

Autobuild-User(master): Günther Deschner 
Autobuild-Date(master): Fri Nov 27 17:15:07 UTC 2020 on sn-devel-184

(cherry picked from commit 369c1d539837b70e94fe9d533d44860c8a9380a1)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Wed Dec  2 16:04:24 UTC 2020 on sn-devel-184

commit eb525a3e0704595550a130ae865304a90f22b0f8
Author: Anoop C S 
Date:   Thu Nov 5 16:12:09 2020 +0530

manpages/vfs_glusterfs: Mention silent skipping of write-behind translator

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14486

Signed-off-by: Anoop C S 
Reviewed-by: Andrew Bartlett 
Reviewed-by: Guenther Deschner 

Autobuild-User(master): Günther Deschner 
Autobuild-Date(master): Mon Nov  9 13:30:06 UTC 2020 on sn-devel-184

(cherry picked from commit be03ce7d8bb213633eedcfc3299b8d9865a3c67f)

commit d6fb44cba256ce98feea3dc968653ca22aa715bd
Author: Günther Deschner 
Date:   Mon Nov 2 16:10:44 2020 +0100

s3-vfs_glusterfs: always disable write-behind translator

The "pass-through" option has now been merged upstream as of:
https://github.com/gluster/glusterfs/pull/1640

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14486

Guenther

Signed-off-by: Guenther Deschner 
Pair-Programmed-With: Anoop C S 
Pair-Programmed-With: Sachin Prabhu 
Reviewed-by: Jeremy Allison 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Wed Nov  4 22:53:49 UTC 2020 on sn-devel-184

(cherry picked from commit a51cda69ec6a017ad04b5690a3ae67a5478deee9)

Autobuild-User(v4-13-test): Karolin Seeger 
Autobuild-Date(v4-13-test): Thu Nov  5 13:54:25 UTC 2020 on sn-devel-184

---

Summary of changes:
 docs-xml/manpages/vfs_glusterfs.8.xml |  9 +
 source3/modules/vfs_glusterfs.c   | 27 ++-
 source3/wscript   |  3 +++
 3 files changed, 34 insertions(+), 5 deletions(-)


Changeset truncated at 500 lines:

diff --git a/docs-xml/manpages/vfs_glusterfs.8.xml 
b/docs-xml/manpages/vfs_glusterfs.8.xml
index 7a4da1af919..d25135e14ac 100644
--- a/docs-xml/manpages/vfs_glusterfs.8.xml
+++ b/docs-xml/manpages/vfs_glusterfs.8.xml
@@ -179,7 +179,16 @@
 translator and refuse to connect if detected.
 Please disable the write-behind translator for the GlusterFS
 volume to allow the plugin to connect to the volume.
+The write-behind translator can easily be disabled via calling
+
+gluster volume set volumename 
performance.write-behind off
+ on the commandline.

+
+With GlusterFS versions >= 9, we silently bypass write-behind
+translator during initial connect and failure is avoided.
+
+
 
 
 
diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c
index 190235cf8ae..ce31b5eba14 100644
--- a/source3/modules/vfs_glusterfs.c
+++ b/source3/modules/vfs_glusterfs.c
@@ -345,9 +345,12 @@ static int check_for_write_behind_translator(TALLOC_CTX 
*mem_ctx,
if (write_behind_present) {
DBG_ERR("Write behind translator is enabled for "
"volume (%s), refusing to connect! "
-   "Please check the vfs_glusterfs(8) manpage for "
+   "Please turn off the write behind translator by calling 
"
+   "'gluster volume set %s performance.write-behind off' "
+   "on the commandline. "
+   "Check the vfs_glusterfs(8) manpage for "
"further details.\n",
-   volume);
+   volume, volume);
return -1;
}
 
@@ -365,6 +368,7 @@ static int vfs_gluster_connect(struct vfs_handle_struct 
*handle,
glfs_t *fs = NULL;
TALLOC_CTX *tmp_ctx;
int ret = 0;
+

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-11-19 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  49710332b59 s3: modules: gluster. Fix the error I made in 
preventing talloc leaks from a function.
  from  09da9690e93 VERSION: Bump version up to 4.11.17...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 49710332b5937bb7490db87b803faeaf8ca5190b
Author: Jeremy Allison 
Date:   Tue Nov 10 10:18:18 2020 -0800

s3: modules: gluster. Fix the error I made in preventing talloc leaks from 
a function.

file_lines_parse() plays horrible tricks with
the passed-in talloc pointers and the hierarcy
which makes freeing hard to get right.

As we know mem_ctx is freed by the caller, after
calling file_lines_parse don't free on exit and let the caller
handle it. This violates good Samba coding practice
but we know we're not leaking here.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14486

Signed-off-by: Jeremy Allison 
Reviewed-by: Guenther Deschner 

Autobuild-User(master): Günther Deschner 
Autobuild-Date(master): Wed Nov 11 15:02:27 UTC 2020 on sn-devel-184

(cherry picked from commit 457b49c67803dd95abc8502c2a410fac273f6fba)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Thu Nov 19 12:38:34 UTC 2020 on sn-devel-184

---

Summary of changes:
 source3/modules/vfs_glusterfs.c | 20 
 1 file changed, 12 insertions(+), 8 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c
index 747176ecebb..190235cf8ae 100644
--- a/source3/modules/vfs_glusterfs.c
+++ b/source3/modules/vfs_glusterfs.c
@@ -315,15 +315,25 @@ static int check_for_write_behind_translator(TALLOC_CTX 
*mem_ctx,
return -1;
}
 
+   /*
+* file_lines_parse() plays horrible tricks with
+* the passed-in talloc pointers and the hierarcy
+* which makes freeing hard to get right.
+*
+* As we know mem_ctx is freed by the caller, after
+* this point don't free on exit and let the caller
+* handle it. This violates good Samba coding practice
+* but we know we're not leaking here.
+*/
+
lines = file_lines_parse(buf,
newlen,
,
mem_ctx);
if (lines == NULL || numlines <= 0) {
-   TALLOC_FREE(option);
-   TALLOC_FREE(buf);
return -1;
}
+   /* On success, buf is now a talloc child of lines !! */
 
for (i=0; i < numlines; i++) {
if (strequal(lines[i], option)) {
@@ -338,15 +348,9 @@ static int check_for_write_behind_translator(TALLOC_CTX 
*mem_ctx,
"Please check the vfs_glusterfs(8) manpage for "
"further details.\n",
volume);
-   TALLOC_FREE(lines);
-   TALLOC_FREE(option);
-   TALLOC_FREE(buf);
return -1;
}
 
-   TALLOC_FREE(lines);
-   TALLOC_FREE(option);
-   TALLOC_FREE(buf);
return 0;
 }
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-11-04 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  09da9690e93 VERSION: Bump version up to 4.11.17...
   via  9c32d5a99c1 VERSION: Disable GIT_SNAPSHOT for the 4.11.16 release.
   via  578fed57f0b WHATSNEW: Add release notes for Samba 4.11.16.
  from  f5135703e5f s3: modules: vfs_glusterfs: Fix leak of char **lines 
onto mem_ctx on return.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 09da9690e9359a5236e87b82903b46c683ae7afc
Author: Karolin Seeger 
Date:   Wed Nov 4 11:29:07 2020 +0100

VERSION: Bump version up to 4.11.17...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger 

commit 9c32d5a99c1464bcc88ab3b2e263bff5ce8213bd
Author: Karolin Seeger 
Date:   Wed Nov 4 09:51:03 2020 +0100

VERSION: Disable GIT_SNAPSHOT for the 4.11.16 release.

Signed-off-by: Karolin Seeger 

commit 578fed57f0b570e6de58970c5b4460238be6acab
Author: Karolin Seeger 
Date:   Wed Nov 4 09:49:41 2020 +0100

WHATSNEW: Add release notes for Samba 4.11.16.

Signed-off-by: Karolin Seeger 

---

Summary of changes:
 VERSION  |  2 +-
 WHATSNEW.txt | 75 ++--
 2 files changed, 74 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index 9c72b686524..1c9c15fd82e 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=11
-SAMBA_VERSION_RELEASE=16
+SAMBA_VERSION_RELEASE=17
 
 
 # If a official release has a serious bug  #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 8869edcdc87..914e3cc3bf9 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,75 @@
+   ===
+   Release Notes for Samba 4.11.16
+  November 04, 2020
+   ===
+
+
+This is an extraordinary release of the Samba 4.11 release series to address 
the
+following issues:
+
+  o BUG 14537: ctdb-common: Avoid aliasing errors during code optimization.
+  o BUG 14486: vfs_glusterfs: Avoid data corruption with the write-behind
+   translator.
+
+
+===
+Details
+===
+
+The GlusterFS write-behind performance translator, when used with Samba, could
+be a source of data corruption. The translator, while processing a write call,
+immediately returns success but continues writing the data to the server in the
+background. This can cause data corruption when two clients relying on Samba to
+provide data consistency are operating on the same file.
+
+The write-behind translator is enabled by default on GlusterFS.
+The vfs_glusterfs plugin will check for the presence of the translator and
+refuse to connect if detected. Please disable the write-behind translator for
+the GlusterFS volume to allow the plugin to connect to the volume.
+
+
+Changes since 4.11.15
+-
+
+o  Jeremy Allison 
+   * BUG 14486: s3: modules: vfs_glusterfs: Fix leak of char
+ **lines onto mem_ctx on return.
+
+o  Günther Deschner 
+   * BUG 14486: s3-vfs_glusterfs: Refuse connection when write-behind xlator is
+ present.
+
+o  Amitay Isaacs 
+   * BUG 14537: ctdb-common: Avoid aliasing errors during code optimization.
+
+o  Sachin Prabhu 
+   * BUG 14486: docs-xml/manpages: Add warning about write-behind translator 
for
+ vfs_glusterfs.
+
+
+###
+Reporting bugs & Development Discussion
+###
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+==
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==
+
+
+Release notes for older releases follow:
+
+
===
Release Notes for Samba 4.11.15
   October 29, 2020
@@ -88,8 +160,7 @@ database (https://bugzilla.samba.org/).
 ==
 
 
-Release notes for older releases follow:
-
+--

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-11-03 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  f5135703e5f s3: modules: vfs_glusterfs: Fix leak of char **lines 
onto mem_ctx on return.
   via  28db03fbe0e s3-vfs_glusterfs: refuse connection when write-behind 
xlator is present
   via  f214862ef7a docs-xml/manpages: Add warning about write-behind 
translator for vfs_glusterfs
   via  4352c99b18f ctdb-common: Avoid aliasing errors during code 
optimization
  from  34af9efc6ba VERSION: Bump version up to 4.11.16.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit f5135703e5f773a57369820cf667cf046741f322
Author: Jeremy Allison 
Date:   Mon Nov 2 15:46:51 2020 -0800

s3: modules: vfs_glusterfs: Fix leak of char **lines onto mem_ctx on return.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14486

Signed-off-by: Jeremy Allison 
Reviewed-by: Andrew Bartlett 

Autobuild-User(master): Andrew Bartlett 
Autobuild-Date(master): Tue Nov  3 01:56:59 UTC 2020 on sn-devel-184

(cherry picked from commit 7d846cd178d653600c71ee4bd6a491a9e48a56da)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Tue Nov  3 11:30:48 UTC 2020 on sn-devel-184

commit 28db03fbe0eb3fa84038089ba32777b3fa35bff7
Author: Günther Deschner 
Date:   Mon Nov 2 12:30:36 2020 +0100

s3-vfs_glusterfs: refuse connection when write-behind xlator is present

s3-vfs_glusterfs: refuse connection when write-behind xlator is present

Once the new glusterfs api is available we will programmtically disable
the translator, for now we just refuse the connection as there is
a potential for serious data damage.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14486

Guenther

Signed-off-by: Guenther Deschner 
Pair-Programmed-With: Sachin Prabhu 
Pair-Programmed-With: Anoop C S 
Reviewed-by: Jeremy Allison 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Mon Nov  2 21:40:33 UTC 2020 on sn-devel-184

(cherry picked from commit 2a49ccbcf5e3ff0f6833bcb7f04b800125f1783f)

commit f214862ef7a3a6715ff19129a27c827330e03eca
Author: Sachin Prabhu 
Date:   Thu Oct 15 12:14:33 2020 +0100

docs-xml/manpages: Add warning about write-behind translator for 
vfs_glusterfs

Add warning about data corruption with the write-behind translator.

The data corruption is highlighted by the smbtorture test smb2.rw.rw1.
More information about this data corruption issue is available in the
bz.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14486

Signed-off-by: Sachin Prabhu 
Reviewed-by: Jeremy Allison 
Reviewed-by: Guenther Deschner 
(cherry picked from commit 08f8f665d409ee7b93840c25a8142f2ce8bacfa1)

commit 4352c99b18ff4d89de53927a8f07634f3abd94cf
Author: Amitay Isaacs 
Date:   Mon Jul 27 12:51:41 2020 +1000

ctdb-common: Avoid aliasing errors during code optimization

When compiling with GCC 10.x and -O3 optimization, the IP checksum
calculation code generates wrong checksum.  The function uint16_checksum
gets inlined during optimization and ip4pkt->tcp data gets wrongly
aliased.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14537

Signed-off-by: Amitay Isaacs 
Reviewed-by: Martin Schwenke 

Autobuild-User(master): Martin Schwenke 
Autobuild-Date(master): Wed Oct 21 05:52:28 UTC 2020 on sn-devel-184

(cherry picked from commit 6aa396b0cd1f83f45cb76a4f3123d99135e8dd8c)

---

Summary of changes:
 ctdb/common/system_socket.c   | 31 ++--
 docs-xml/manpages/vfs_glusterfs.8.xml | 22 +
 source3/modules/vfs_glusterfs.c   | 91 +++
 3 files changed, 130 insertions(+), 14 deletions(-)


Changeset truncated at 500 lines:

diff --git a/ctdb/common/system_socket.c b/ctdb/common/system_socket.c
index 86cbdaab6ad..39979d7252e 100644
--- a/ctdb/common/system_socket.c
+++ b/ctdb/common/system_socket.c
@@ -67,16 +67,19 @@
 /*
   uint16 checksum for n bytes
  */
-static uint32_t uint16_checksum(uint16_t *data, size_t n)
+static uint32_t uint16_checksum(uint8_t *data, size_t n)
 {
uint32_t sum=0;
+   uint16_t value;
+
while (n>=2) {
-   sum += (uint32_t)ntohs(*data);
-   data++;
+   memcpy(, data, 2);
+   sum += (uint32_t)ntohs(value);
+   data += 2;
n -= 2;
}
if (n == 1) {
-   sum += (uint32_t)ntohs(*(uint8_t *)data);
+   sum += (uint32_t)ntohs(*data);
}
return sum;
 }
@@ -117,13 +120,13 @@ bool ctdb_sys_have_ip(ctdb_sock_addr *_addr)
 /*
  * simple TCP checksum - assumes data is multiple of 2 bytes long
  */
-static uint16_t ip_checksum(uint16_t *data, size_t n, struct ip

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-10-29 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  34af9efc6ba VERSION: Bump version up to 4.11.16.
   via  31e26fe4b2e Merge tag 'samba-4.11.15' into v4-11-test
   via  1819097773a VERSION: Disable GIT_SNAPSHOT for the 4.11.15 release.
   via  32ce2b3bc1e WHATSNEW: Add release notes for Samba 4.11.15.
   via  8e09649351e CVE-2020-14383: s4/dns: do not crash when additional 
data not found
   via  2632e8ebae8 CVE-2020-14383: s4/dns: Ensure variable initialization 
with NULL.
   via  6093b2d815a CVE-2020-14323 torture4: Add a simple test for invalid 
lookup_sids winbind call
   via  e6fe5b4d64a CVE-2020-14323 winbind: Fix invalid lookupsids DoS
   via  c300a858483 s3: smbd: Ensure change notifies can't get set unless 
the directory handle is open for SEC_DIR_LIST.
   via  a5da8919303 s4: torture: Add smb2.notify.handle-permissions test.
   via  d94265fd1df VERSION: Bump version up to 4.11.15...
  from  76c7e432b14 VERSION: Bump version up to 4.11.15...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 34af9efc6ba1dd41ce5a1f4eedcb12208f471f4d
Author: Karolin Seeger 
Date:   Thu Oct 29 10:45:07 2020 +0100

VERSION: Bump version up to 4.11.16.

Signed-off-by: Karolin Seeger 

commit 31e26fe4b2ebb8478066a40a26809b58b7084671
Merge: 76c7e432b14 1819097773a
Author: Karolin Seeger 
Date:   Thu Oct 29 10:44:33 2020 +0100

Merge tag 'samba-4.11.15' into v4-11-test

samba: tag release samba-4.11.15

---

Summary of changes:
 VERSION |  2 +-
 WHATSNEW.txt| 97 -
 source3/smbd/notify.c   |  8 ++
 source3/winbindd/winbindd_lookupsids.c  |  2 +-
 source4/rpc_server/dnsserver/dcerpc_dnsserver.c | 31 
 source4/torture/smb2/notify.c   | 80 
 source4/torture/winbind/struct_based.c  | 27 +++
 7 files changed, 229 insertions(+), 18 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index 6cbbafd64f6..9c72b686524 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=11
-SAMBA_VERSION_RELEASE=15
+SAMBA_VERSION_RELEASE=16
 
 
 # If a official release has a serious bug  #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index a46f56c3bd9..8869edcdc87 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,97 @@
+   ===
+   Release Notes for Samba 4.11.15
+  October 29, 2020
+   ===
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify.
+o CVE-2020-14323: Unprivileged user can crash winbind.
+o CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily
+ crafted records.
+
+
+===
+Details
+===
+
+o  CVE-2020-14318:
+   The SMB1/2/3 protocols have a concept of "ChangeNotify", where a client can
+   request file name notification on a directory handle when a condition such 
as
+   "new file creation" or "file size change" or "file timestamp update" occurs.
+
+   A missing permissions check on a directory handle requesting ChangeNotify
+   meant that a client with a directory handle open only for
+   FILE_READ_ATTRIBUTES (minimal access rights) could be used to obtain change
+   notify replies from the server. These replies contain information that 
should
+   not be available to directory handles open for FILE_READ_ATTRIBUTE only.
+
+o  CVE-2020-14323:
+   winbind in version 3.6 and later implements a request to translate multiple
+   Windows SIDs into names in one request. This was done for performance
+   reasons: The Microsoft RPC call domain controllers offer to do this
+   translation, so it was an obvious extension to also offer this batch
+   operation on the winbind unix domain stream socket that is available to 
local
+   processes on the Samba server.
+
+   Due to improper input validation a hand-crafted packet can make winbind
+   perform a NULL pointer dereference and thus crash.
+
+o  CVE-2020-14383:
+   Some DNS records (such as MX and NS records) usually contain data in the
+   additional section. Samba's dnsserver RPC pipe (which is an administrative
+   interface not used in the DNS server itself) made an error in handling the
+   case where there are no records present: instead of noticing the lack of
+   records, it dereferenced uninitialised memory, causing the RPC server to
+   crash. This RPC server, which also serves protocols other than dnsserver,
+

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-10-06 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  76c7e432b14 VERSION: Bump version up to 4.11.15...
   via  ee1f3500a1e VERSION: Disable GIT_SNAPSHOT for the 4.11.14 release.
   via  80086ce5563 WHATSNEW: Add release notes for Samba 4.11.14.
  from  979e078065e winbind: Fix a memleak

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 76c7e432b14485a263d23f266ffb04e29cca6418
Author: Karolin Seeger 
Date:   Fri Sep 25 11:27:41 2020 +0200

VERSION: Bump version up to 4.11.15...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger 

commit ee1f3500a1e467f466acc09ad25cabdcebd8f1ac
Author: Karolin Seeger 
Date:   Fri Sep 25 11:26:44 2020 +0200

VERSION: Disable GIT_SNAPSHOT for the 4.11.14 release.

Signed-off-by: Karolin Seeger 

commit 80086ce556392c8b4b532da56bc1322631d3306d
Author: Karolin Seeger 
Date:   Fri Sep 25 11:25:41 2020 +0200

WHATSNEW: Add release notes for Samba 4.11.14.

Signed-off-by: Karolin Seeger 

---

Summary of changes:
 VERSION  |  2 +-
 WHATSNEW.txt | 64 
 2 files changed, 61 insertions(+), 5 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index 5fa1c53e286..6cbbafd64f6 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=11
-SAMBA_VERSION_RELEASE=14
+SAMBA_VERSION_RELEASE=15
 
 
 # If a official release has a serious bug  #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 76dc4cc0d5a..a46f56c3bd9 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,62 @@
+   ===
+   Release Notes for Samba 4.11.14
+  October 06, 2020
+   ===
+
+
+This is the latest stable release of the Samba 4.11 release series.
+Please note that there will be *security releases only* beyond this point.
+
+
+Changes since 4.11.13
+-
+
+o  Günther Deschner 
+   * BUG 14166: lib/util: Do not install /usr/bin/test_util.
+
+o  Philipp Gesang 
+   * BUG 14490: smbd: don't log success as error.
+
+o  Volker Lendecke 
+   * BUG 14465: idmap_ad does not deal properly with a RFC4511 section 4.4.1
+ response.
+
+o  Laurent Menase 
+   * BUG 14388: winbind: Fix a memleak.
+
+o  Stefan Metzmacher 
+   * BUG 14465: idmap_ad: Pass tldap debug messages on to DEBUG().
+   * BUG 14482: lib/replace: Move lib/replace/closefrom.c from
+ ROKEN_HOSTCC_SOURCE to REPLACE_HOSTCC_SOURCE.
+
+o  Martin Schwenke 
+   * BUG 14466: ctdb disable/enable can fail due to race condition.
+
+
+###
+Reporting bugs & Development Discussion
+###
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+==
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==
+
+
+Release notes for older releases follow:
+
+
+
===
Release Notes for Samba 4.11.13
   September 18, 2020
@@ -98,10 +157,7 @@ database (https://bugzilla.samba.org/).
 ==
 
 
-Release notes for older releases follow:
-
-
-   ===
+-- 
  ===
Release Notes for Samba 4.11.12
August 25, 2020
   ===


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-10-05 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  979e078065e winbind: Fix a memleak
  from  cd50a5329a0 VERSION: Bump version up to 4.11.14...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 979e078065e51341e535fe3e69088852d8511a9f
Author: Laurent Menase 
Date:   Wed May 20 12:31:53 2020 +0200

winbind: Fix a memleak

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14388
Signed-off-by: Laurent Menase 
Reviewed-by: Volker Lendecke 
Reviewed-by: Noel Power 

Autobuild-User(master): Volker Lendecke 
Autobuild-Date(master): Mon Sep 14 13:33:13 UTC 2020 on sn-devel-184

(cherry picked from commit 8f868b0ea0b4795668f7bc0b028cd85686b249fb)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Mon Oct  5 11:17:23 UTC 2020 on sn-devel-184

---

Summary of changes:
 source3/winbindd/winbindd_ads.c | 1 +
 1 file changed, 1 insertion(+)


Changeset truncated at 500 lines:

diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index 20f47eb5954..6a9d1234f40 100644
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -405,6 +405,7 @@ static NTSTATUS query_user_list(struct winbindd_domain 
*domain,
DBG_NOTICE("ads query_user_list gave %d entries\n", count);
 
 done:
+   ads_msgfree(ads, res);
return status;
 }
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-09-18 Thread Stefan Metzmacher 
The branch, v4-11-test has been updated
   via  cd50a5329a0 VERSION: Bump version up to 4.11.14...
   via  70e9e595121 Merge tag 'samba-4.11.13' into v4-11-test
   via  ef64fc24b31 VERSION: Disable GIT_SNAPSHOT for the 4.11.13 release.
   via  e7dd032e320 WHATSNEW: Add release notes for Samba 4.11.13.
   via  db344db0efb CVE-2020-1472(ZeroLogon): s4 torture rpc: repeated 
bytes in client challenge
   via  337e4da4daa CVE-2020-1472(ZeroLogon): s4 torture rpc: Test empty 
machine acct pwd
   via  572a41b24e7 CVE-2020-1472(ZeroLogon): docs-xml: document 'server 
require schannel:COMPUTERACCOUNT'
   via  86c54d3a270 CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: log 
warnings about unsecure configurations
   via  615cc75074b CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: 
support "server require schannel:WORKSTATION$ = no"
   via  5ee9480a898 CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: 
refactor dcesrv_netr_creds_server_step_check()
   via  c836fc24b9c CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: log 
warnings about unsecure configurations
   via  92d7e9f7f92 CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: 
support "server require schannel:WORKSTATION$ = no"
   via  f867164dc57 CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: 
refactor dcesrv_netr_creds_server_step_check()
   via  0da2f3e2455 CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: 
protect netr_ServerPasswordSet2 against unencrypted passwords
   via  d5926ad40ff CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Fix 
mem leak onto p->mem_ctx in error path of _netr_ServerPasswordSet2().
   via  9b174d71541 CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: 
protect netr_ServerPasswordSet2 against unencrypted passwords
   via  fd05519caa2 CVE-2020-1472(ZeroLogon): libcli/auth: reject weak 
client challenges in netlogon_creds_server_init()
   via  13185dd8356 CVE-2020-1472(ZeroLogon): libcli/auth: add 
netlogon_creds_is_random_challenge() to avoid weak values
   via  35277995d39 CVE-2020-1472(ZeroLogon): s4:rpc_server:netlogon: make 
use of netlogon_creds_random_challenge()
   via  a71bc6c974d CVE-2020-1472(ZeroLogon): s3:rpc_server:netlogon: make 
use of netlogon_creds_random_challenge()
   via  f7b0e7a6dde CVE-2020-1472(ZeroLogon): libcli/auth: make use of 
netlogon_creds_random_challenge() in netlogon_creds_cli.c
   via  691d854c141 CVE-2020-1472(ZeroLogon): s4:torture/rpc: make use of 
netlogon_creds_random_challenge()
   via  6941fa1ff83 CVE-2020-1472(ZeroLogon): libcli/auth: add 
netlogon_creds_random_challenge()
  from  061d484f6da smbd: don't log success as error

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit cd50a5329a0c65344dcf4cfe3620e84e02e3b435
Author: Stefan Metzmacher 
Date:   Fri Sep 18 15:39:47 2020 +0200

VERSION: Bump version up to 4.11.14...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Stefan Metzmacher 

commit 70e9e595121161778efae0118cad1e0895dce372
Merge: 061d484f6da ef64fc24b31
Author: Stefan Metzmacher 
Date:   Fri Sep 18 15:38:14 2020 +0200

Merge tag 'samba-4.11.13' into v4-11-test

samba: tag release samba-4.11.13

Signed-off-by: Stefan Metzmacher 

---

Summary of changes:
 VERSION |   2 +-
 WHATSNEW.txt| 107 +-
 docs-xml/smbdotconf/security/serverschannel.xml |  69 +++-
 libcli/auth/credentials.c   |  44 +++
 libcli/auth/netlogon_creds_cli.c|   3 +-
 libcli/auth/proto.h |   4 +
 libcli/auth/wscript_build   |   2 +-
 source3/rpc_server/netlogon/srv_netlog_nt.c | 212 +++-
 source4/rpc_server/netlogon/dcerpc_netlogon.c   | 175 +-
 source4/torture/rpc/lsa.c   |   2 +-
 source4/torture/rpc/netlogon.c  | 433 
 11 files changed, 943 insertions(+), 110 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index 5885b36fd71..5fa1c53e286 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=11
-SAMBA_VERSION_RELEASE=13
+SAMBA_VERSION_RELEASE=14
 
 
 # If a official release has a serious bug  #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 80e5f32b1a0..76dc4cc0d5a 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,106 @@
+   ===
+   Release Notes for Samba 4.11.13
+  September 18, 2020
+   ===
+
+
+This is a security release in order to address the following

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-09-16 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  061d484f6da smbd: don't log success as error
  from  17800f413bc lib/replace: move lib/replace/closefrom.c from 
ROKEN_HOSTCC_SOURCE to REPLACE_HOSTCC_SOURCE

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 061d484f6da666dd5cb14ae665eeb0d4611d36f7
Author: Philipp Gesang 
Date:   Fri Sep 11 09:55:18 2020 +0200

smbd: don't log success as error

In 58bc493c77 the check for NT_STATUS_OK was removed, causing
smbd to spam syslog with misleading ``failure`` messages:

Sep 11 03:57:54 mail smbd[4813]:   remove_share_mode_lease: 
leases_db_del failed: NT_STATUS_OK
Sep 11 03:58:54 mail smbd[4813]:   remove_share_mode_lease: 
leases_db_del failed: NT_STATUS_OK
Sep 11 03:59:54 mail smbd[4813]:   remove_share_mode_lease: 
leases_db_del failed: NT_STATUS_OK
Sep 11 04:00:03 mail smbd[4798]:   remove_share_mode_lease: 
leases_db_del failed: NT_STATUS_OK
Sep 11 04:00:05 mail smbd[4798]:   remove_share_mode_lease: 
leases_db_del failed: NT_STATUS_OK

Reinstate the check; the code now follows the error handling
logic as in 4.13.

Signed-off-by: Philipp Gesang 

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Wed Sep 16 08:20:34 UTC 2020 on sn-devel-184

---

Summary of changes:
 source3/locking/locking.c | 13 -
 1 file changed, 8 insertions(+), 5 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/locking/locking.c b/source3/locking/locking.c
index 5272a3dc829..4aeee0819a0 100644
--- a/source3/locking/locking.c
+++ b/source3/locking/locking.c
@@ -704,17 +704,20 @@ static void remove_share_mode_lease(struct 
share_mode_data *d,
}
 
{
-   int level = DBGLVL_DEBUG;
NTSTATUS status;
 
status = leases_db_del(>client_guid,
   >lease_key,
   >id);
-   if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
-   level = DBGLVL_ERR;
+   if (!NT_STATUS_IS_OK(status)) {
+   int level = DBGLVL_DEBUG;
+
+   if (!NT_STATUS_EQUAL(status, NT_STATUS_NOT_FOUND)) {
+   level = DBGLVL_ERR;
+   }
+   DBG_PREFIX(level, ("leases_db_del failed: %s\n",
+  nt_errstr(status)));
}
-   DBG_PREFIX(level, ("leases_db_del failed: %s\n",
-  nt_errstr(status)));
}
 }
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-09-10 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  17800f413bc lib/replace: move lib/replace/closefrom.c from 
ROKEN_HOSTCC_SOURCE to REPLACE_HOSTCC_SOURCE
  from  7d0bb8cbced tldap: Receiving "msgid == 0" means the connection is 
dead

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 17800f413bc494d74d326518bca87b0972d23c0c
Author: Stefan Metzmacher 
Date:   Tue Sep 8 10:13:20 2020 +

lib/replace: move lib/replace/closefrom.c from ROKEN_HOSTCC_SOURCE to 
REPLACE_HOSTCC_SOURCE

This is where it really belongs and we avoid the strange interaction
with source4/heimdal_build/config.h. This a follow up for commit
f31333d40e6fa38daa32a3ebb32d5a317c06fc62.

This fixes a build problem if libbsd-dev is not installed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14482

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Alexander Bokovoy 
Reviewed-by: Andreas Schneider 
Reviewed-by: Björn Jacke 

Autobuild-User(master): Stefan Metzmacher 
Autobuild-Date(master): Tue Sep  8 13:59:58 UTC 2020 on sn-devel-184

(cherry picked from commit 0022cd94587b805a525b0b9ef71ff0f15780424a)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Thu Sep 10 07:24:07 UTC 2020 on sn-devel-184

---

Summary of changes:
 lib/replace/wscript | 3 +++
 source4/heimdal_build/wscript_build | 7 +--
 2 files changed, 4 insertions(+), 6 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/replace/wscript b/lib/replace/wscript
index d5651f1bdc0..1c3566d9974 100644
--- a/lib/replace/wscript
+++ b/lib/replace/wscript
@@ -864,6 +864,9 @@ def build(bld):
 if bld.CONFIG_SET('HAVE_LIBRT'): extra_libs += ' rt'
 if bld.CONFIG_SET('REPLACE_REQUIRES_LIBSOCKET_LIBNSL'): extra_libs += ' 
socket nsl'
 
+if not bld.CONFIG_SET('HAVE_CLOSEFROM'):
+REPLACE_HOSTCC_SOURCE += ' closefrom.c'
+
 bld.SAMBA_SUBSYSTEM('LIBREPLACE_HOSTCC',
 REPLACE_HOSTCC_SOURCE,
 use_hostcc=True,
diff --git a/source4/heimdal_build/wscript_build 
b/source4/heimdal_build/wscript_build
index 27adbc06dc6..4cc20c8bf60 100644
--- a/source4/heimdal_build/wscript_build
+++ b/source4/heimdal_build/wscript_build
@@ -410,12 +410,7 @@ if not bld.CONFIG_SET('USING_SYSTEM_ROKEN'):
 ../heimdal_build/replace.c
 '''
 
-if not bld.CONFIG_SET('HAVE_CLOSEFROM'):
-ROKEN_HOSTCC_SOURCE = ROKEN_COMMON_SOURCE + '''
-../../lib/replace/closefrom.c
-'''
-else:
-ROKEN_HOSTCC_SOURCE = ROKEN_COMMON_SOURCE
+ROKEN_HOSTCC_SOURCE = ROKEN_COMMON_SOURCE
 
 ROKEN_SOURCE = ROKEN_COMMON_SOURCE + '''
 lib/roken/resolve.c


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-08-31 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  7d0bb8cbced tldap: Receiving "msgid == 0" means the connection is 
dead
   via  6fca7ca8977 test: Test winbind idmap_ad ticket expiry behaviour
   via  df35c04f46f idmap_ad: Pass tldap debug messages on to DEBUG()
   via  e3b951241cf tldap: Add PRINTF_ATTRIBUTE declaration to tldap_debug()
   via  bf7dfed4f90 tldap: Make sure all requests are cancelled on rundown
   via  ec8e422f6ea tldap: Centralize connection rundown on error
   via  61b337dfb7b tldap: Maintain the ldap read request in tldap_context
   via  5cc2ac271d1 tldap: Always remove ourselves from ld->pending at 
cleanup time
   via  31a8c24a5d1 tldap: Fix tldap_msg_received()
   via  90e0feb0a35 tldap: Only free() ld->pending if "req" is part of it
   via  74fef4bc2ce ldap_server: Terminate LDAP connections on krb ticket 
expiry
   via  e2e0be0a312 ldap_server: Add the krb5 expiry to conn->limits
   via  1df2076dd47 torture: Test ldap session expiry
   via  8c0e5ddedf5 build: Wrap a long line
  from  3d7572b4032 ctdb-recoverd: Rename update_local_flags() -> 
update_flags()

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 7d0bb8cbcede8514edd4baa243817352e417416d
Author: Volker Lendecke 
Date:   Tue Aug 11 18:09:14 2020 +0200

tldap: Receiving "msgid == 0" means the connection is dead

We never use msgid=0, see tldap_next_msgid(). RFC4511 section 4.4.1
says that the unsolicited disconnect response uses msgid 0. We don't
parse this message, which supposedly is an extended response: Windows
up to 2019 sends an extended response in an ASN.1 encoding that does
not match RFC4511.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465

Signed-off-by: Volker Lendecke 
Reviewed-by: Stefan Metzmacher 

Autobuild-User(master): Volker Lendecke 
Autobuild-Date(master): Fri Aug 21 20:37:25 UTC 2020 on sn-devel-184

(cherry picked from commit ccaf661f7c75717341140e3fbfb2a48f96ea952c)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Mon Aug 31 09:26:18 UTC 2020 on sn-devel-184

commit 6fca7ca8977918500c7c307dfc32e52a27bc83e2
Author: Volker Lendecke 
Date:   Thu Aug 13 14:59:58 2020 +0200

test: Test winbind idmap_ad ticket expiry behaviour

We need to make sure that winbind's idmap_ad deals fine with an
expired krb ticket used to connect to AD via LDAP. In a customer
situation we have seen the RFC4511 section 4.4.1 unsolicited ldap exop
response coming through, but the TCP disconnect that Windows seems to
do after that did not make it. Winbind deals fine with a TCP
disconnect, but right now it does not handle just the section 4.4.1
response properly: It completely hangs.

This test requests a ticket valid for 5 seconds and makes the LDAP
server postpone the TCP disconnect after the ticket expiry for 10
seconds. The tests that winbind reacts to the ticket expiry exop
response by making sure in this situation the wbinfo call running into
the issue takes less than 8 seconds. If it did not look at the expiry
exop response, it would take more than 10 seconds.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465
Signed-off-by: Volker Lendecke 
Reviewed-by: Stefan Metzmacher 
(cherry picked from commit a4ecd112e7754ab25bcae749594952a28c4c8905)

commit df35c04f46fb7b0d9cb8d3899ef8f39c2ecad81f
Author: Stefan Metzmacher 
Date:   Tue Aug 11 18:24:39 2020 +0200

idmap_ad: Pass tldap debug messages on to DEBUG()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Volker Lendecke 
(cherry picked from commit 7af2df01dff62d6d9ca572f320ef60dea41d6064)

commit e3b951241cfe6e325741be9b8dd6dd89f54ab7a1
Author: Volker Lendecke 
Date:   Wed Aug 12 13:26:18 2020 +0200

tldap: Add PRINTF_ATTRIBUTE declaration to tldap_debug()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465

Signed-off-by: Volker Lendecke 
Reviewed-by: Stefan Metzmacher 
(cherry picked from commit a2b281bed022c04427ef478529462ff84fe42908)

commit bf7dfed4f9075efb4ff5d9347c496631865b5e8b
Author: Volker Lendecke 
Date:   Tue Aug 11 17:44:42 2020 +0200

tldap: Make sure all requests are cancelled on rundown

Put messages into the ld->pending array before sending them out, not
after they have been sent.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14465

Signed-off-by: Volker Lendecke 
Reviewed-by: Stefan Metzmacher 
(cherry picked from commit 2a2a6b27cccb2409d321c7e03feb8baa047d1bf4)

commit ec8e422f6eae2c7a68d04d52dd09145ab0acfdc5
Author: Volker Lendecke 
Date:   Tue Aug 11 17:30:22 2020 +0200

tldap: Centralize connection rundown on error

Whenever send or recv return -1,

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-08-25 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  3d7572b4032 ctdb-recoverd: Rename update_local_flags() -> 
update_flags()
   via  c348d7a5878 ctdb-recoverd: Change update_local_flags() to use 
already retrieved nodemaps
   via  7723e7d23d7 ctdb-recoverd: Get remote nodemaps earlier
   via  1956ee1f6b8 ctdb-recoverd: Do not fetch the nodemap from the 
recovery master
   via  8faae66a253 ctdb-recoverd: Change get_remote_nodemaps() to use 
connected nodes
   via  238564c7495 ctdb-recoverd: Fix node_pnn check and assignment of 
nodemap into array
   via  d1f01ff312b ctdb-recoverd: Add fail callback to assign banning 
credits
   via  90c0609df4c ctdb-recoverd: Add an intermediate state struct for 
nodemap fetching
   via  b0d4ae271de ctdb-recoverd: Move memory allocation into 
get_remote_nodemaps()
   via  942db2b3d27 ctdb-recoverd: Change signature of get_remote_nodemaps()
   via  9e52bb0c5c6 ctdb-recoverd: Fix a local memory leak
   via  55216cda607 ctdb-recoverd: Basic cleanups for get_remote_nodemaps()
   via  660f584477a ctdb-recoverd: Simplify calculation of new flags
   via  d8e6304a2bd ctdb-recoverd: Correctly find nodemap entry for pnn
   via  94a9842af6c ctdb-recoverd: Do not retrieve nodemap from recovery 
master
   via  c33e8703c10 ctdb-recoverd: Flatten update_flags_on_all_nodes()
   via  94416b40b7e ctdb-recoverd: Move ctdb_ctrl_modflags() to 
ctdb_recoverd.c
   via  d1b1da94eb1 ctdb-recoverd: Improve a call to 
update_flags_on_all_nodes()
   via  6419e3de633 ctdb-recoverd: Use update_flags_on_all_nodes()
   via  fffe852285b ctdb-recoverd: Introduce some local variables to 
improve readability
   via  34bc583a7f1 ctdb-recoverd: Change update_flags_on_all_nodes() to 
take rec argument
   via  cea37c849ce ctdb-recoverd: Drop unused nodemap argument from 
update_flags_on_all_nodes()
   via  051a9021d50 lib/util: do not install /usr/bin/test_util
  from  7cfb6f6db61 VERSION: Bump version up to 4.11.13...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 3d7572b40324f0ca0f72a799a2fc94e0077e1fd3
Author: Martin Schwenke 
Date:   Wed Jan 24 10:21:37 2018 +1100

ctdb-recoverd: Rename update_local_flags() -> update_flags()

This also updates remote flags so the name is misleading.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466
Signed-off-by: Martin Schwenke 
Reviewed-by: Amitay Isaacs 
(cherry picked from commit 4aa8e72d60e92951b35190d2ffcfdb1bfb756609)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Tue Aug 25 15:13:03 UTC 2020 on sn-devel-184

commit c348d7a58786f34d03737ff89be0d26538a15452
Author: Martin Schwenke 
Date:   Thu Jan 18 20:35:55 2018 +1100

ctdb-recoverd: Change update_local_flags() to use already retrieved nodemaps

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466
Signed-off-by: Martin Schwenke 
Reviewed-by: Amitay Isaacs 
(cherry picked from commit 702c7c4934e79a9161fdc59df70df30ae492d89f)

commit 7723e7d23d7d02d281584b9ca74c966a6e3dc4e1
Author: Martin Schwenke 
Date:   Fri Jun 14 03:51:01 2019 +1000

ctdb-recoverd: Get remote nodemaps earlier

update_local_flags() will be changed to use these nodemaps.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466
Signed-off-by: Martin Schwenke 
Reviewed-by: Amitay Isaacs 
(cherry picked from commit 910a0b3b747a987ba69b6a0b6256e964b7d85dfe)

commit 1956ee1f6b8d03aad37300e318af7b5aea5e11ff
Author: Martin Schwenke 
Date:   Fri Jun 14 00:23:22 2019 +1000

ctdb-recoverd: Do not fetch the nodemap from the recovery master

The nodemap has already been fetched from the local node and is
actually passed to this function.  Care must be taken to avoid
referencing the "remote" nodemap for the recovery master.  It also
isn't useful to do so, since it would be the same nodemap.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14466
Signed-off-by: Martin Schwenke 
Reviewed-by: Amitay Isaacs 
(cherry picked from commit d50919b0cb28f299c9b6985271b29d4f27c5f619)

commit 8faae66a253840e403cd3f66c8fff2ae7aec680c
Author: Martin Schwenke 
Date:   Thu Jan 18 20:02:42 2018 +1100

ctdb-recoverd: Change get_remote_nodemaps() to use connected nodes

The plan here is to use the nodemaps retrieved by get_remote_nodes()
in update_local_flags().  This will improve efficiency, since
get_remote_nodes() fetches flags from nodes in parallel.  It also
means that get_remote_nodes() can be used exactly once early on in
main_loop() to retrieve remote nodemaps.  Retrieving nodemaps multiple
times is unnecessary and racy - a single monitoring iteration should
not fetch flags multiple times and compare them.

This introduces a temporary behaviour change but it will be of no

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-08-25 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  7cfb6f6db61 VERSION: Bump version up to 4.11.13...
   via  1bd81cac381 VERSION: Disable GIT_SNAPSHOT for the 4.11.12 release.
   via  f1636226f12 WHATSNEW: Add release notes for Samba 4.11.12.
  from  684d4d70391 util: Add cmocka unit test for 
directory_create_or_exists

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 7cfb6f6db617b71879f0851462f55b8a07652bcb
Author: Karolin Seeger 
Date:   Tue Aug 25 09:46:42 2020 +0200

VERSION: Bump version up to 4.11.13...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger 

commit 1bd81cac381872633bdcbe9fb0622ede94ba5b97
Author: Karolin Seeger 
Date:   Tue Aug 25 09:45:14 2020 +0200

VERSION: Disable GIT_SNAPSHOT for the 4.11.12 release.

Signed-off-by: Karolin Seeger 

commit f1636226f1280d209b4e1614fe6e481cd72dc664
Author: Karolin Seeger 
Date:   Tue Aug 25 09:44:25 2020 +0200

WHATSNEW: Add release notes for Samba 4.11.12.

Signed-off-by: Karolin Seeger 

---

Summary of changes:
 VERSION  |  2 +-
 WHATSNEW.txt | 73 ++--
 2 files changed, 72 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index b522cf1179e..5885b36fd71 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=11
-SAMBA_VERSION_RELEASE=12
+SAMBA_VERSION_RELEASE=13
 
 
 # If a official release has a serious bug  #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index b9a6ac2e537..80e5f32b1a0 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,72 @@
+   ===
+   Release Notes for Samba 4.11.12
+   August 25, 2020
+  ===
+
+
+This is the latest stable release of the Samba 4.11 release series.
+
+
+Changes since 4.11.11
+-
+
+o  Jeremy Allison 
+   * BUG 14403: s3: libsmb: Fix SMB2 client rename bug to a Windows server.
+
+o  Andrew Bartlett 
+   * BUG 14424: dsdb: Allow "password hash userPassword schemes = CryptSHA256"
+ to work on RHEL7.
+   * BUG 14450: dbcheck: Allow a dangling forward link outside our known NCs.
+
+o  Ralph Boehme 
+   * BUG 14426: lib/debug: Set the correct default backend loglevel to
+ MAX_DEBUG_LEVEL.
+   * BUG 14428: s3:smbd: PANIC: assert failed in get_lease_type().
+
+o  Günther Deschner 
+   * BUG 14370: lib/util: do not install "test_util_paths".
+
+o  Amit Kumar 
+   * BUG 14345: lib:util: Fix smbclient -l basename dir.
+
+o  Stefan Metzmacher 
+   * BUG 14428: s3:smbd: PANIC: assert failed in get_lease_type().
+
+o  Christof Schmitt 
+   * BUG 14166: util: Allow symlinks in directory_create_or_exist.
+
+o  Andreas Schneider 
+   * BUG 14358: docs: Fix documentation for require_membership_of of
+ pam_winbind.
+
+o  Andrew 
+   * BUG 14425: s3:winbind:idmap_ad: Make failure to get attrnames for schema
+ mode fatal.
+
+
+###
+Reporting bugs & Development Discussion
+###
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+==
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==
+
+
+Release notes for older releases follow:
+
+
===
Release Notes for Samba 4.11.11
 July 02, 2020
@@ -79,8 +148,8 @@ database (https://bugzilla.samba.org/).
 ==
 
 
-Release notes for older releases follow:
-
+--
+
 
===
Release Notes for Samba 4.11.10


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-08-17 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  684d4d70391 util: Add cmocka unit test for 
directory_create_or_exists
   via  2d5e88dc84b util: Allow symlinks in directory_create_or_exist
  from  bb08c9b1f08 dbcheck: Allow a dangling forward link outside our 
known NCs

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 684d4d7039104a0235cac0542494aff254172bd3
Author: Christof Schmitt 
Date:   Fri Aug 14 12:18:51 2020 -0700

util: Add cmocka unit test for directory_create_or_exists

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14166

Signed-off-by: Christof Schmitt 
Reviewed-by: Volker Lendecke 

Autobuild-User(master): Volker Lendecke 
Autobuild-Date(master): Sun Aug 16 07:06:59 UTC 2020 on sn-devel-184

(cherry picked from commit e89ec78e9a262a6e7bb9082323083eb5f1609655)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Mon Aug 17 14:27:37 UTC 2020 on sn-devel-184

commit 2d5e88dc84bfb0b4ee3324448cd3149a8d95c035
Author: Christof Schmitt 
Date:   Fri Aug 14 09:36:26 2020 -0700

util: Allow symlinks in directory_create_or_exist

Commit 9f60a77e0b updated the check to avoid having files or other
objects instead of a directory. This missed the valid case that there
might be a symlink to a directory. Updated the check accordingly to
allow symlinks to directories.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14166

Signed-off-by: Christof Schmitt 
Reviewed-by: Volker Lendecke 
(cherry picked from commit 672212cecdd7a7de40acdc81c56e2996ea82c090)

---

Summary of changes:
 lib/util/tests/test_util.c | 234 +
 lib/util/util.c|  18 +++-
 lib/util/wscript_build |   5 +
 selftest/tests.py  |   2 +
 4 files changed, 257 insertions(+), 2 deletions(-)
 create mode 100644 lib/util/tests/test_util.c


Changeset truncated at 500 lines:

diff --git a/lib/util/tests/test_util.c b/lib/util/tests/test_util.c
new file mode 100644
index 000..eebba39e70c
--- /dev/null
+++ b/lib/util/tests/test_util.c
@@ -0,0 +1,234 @@
+/*
+ *  Unix SMB/CIFS implementation.
+ *
+ *  Unit test for util.c
+ *
+ *  Copyright (C) Christof Schmitt 2020
+ *
+ *  This program is free software; you can redistribute it and/or modify
+ *  it under the terms of the GNU General Public License as published by
+ *  the Free Software Foundation; either version 3 of the License, or
+ *  (at your option) any later version.
+ *
+ *  This program is distributed in the hope that it will be useful,
+ *  but WITHOUT ANY WARRANTY; without even the implied warranty of
+ *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ *  GNU General Public License for more details.
+ *
+ *  You should have received a copy of the GNU General Public License
+ *  along with this program; if not, see .
+ */
+
+#include "lib/util/util.c"
+#include 
+
+struct test_paths {
+   char testdir[PATH_MAX];
+   char none[PATH_MAX];
+   char dir[PATH_MAX];
+   mode_t dir_mode;
+   char file[PATH_MAX];
+   mode_t file_mode;
+   char symlink_none[PATH_MAX];
+   char symlink_dir[PATH_MAX];
+   char symlink_file[PATH_MAX];
+};
+
+static int group_setup(void **state)
+{
+   struct test_paths *paths = NULL;
+   char *testdir = NULL;
+   int ret, fd;
+
+   umask(0);
+
+   paths = malloc(sizeof(struct test_paths));
+   assert_non_null(paths);
+
+   strlcpy(paths->testdir, tmpdir(), sizeof(paths->testdir));
+   strlcat(paths->testdir, "/test_util_XX", sizeof(paths->testdir));
+   testdir = mkdtemp(paths->testdir);
+   assert_non_null(testdir);
+
+   strlcpy(paths->none, testdir, sizeof(paths->none));
+   strlcat(paths->none, "/none", sizeof(paths->none));
+
+   strlcpy(paths->dir, testdir, sizeof(paths->dir));
+   strlcat(paths->dir, "/dir", sizeof(paths->dir));
+   paths->dir_mode = 0750;
+   ret = mkdir(paths->dir, paths->dir_mode);
+   assert_return_code(ret, errno);
+
+   strlcpy(paths->file, testdir, sizeof(paths->file));
+   strlcat(paths->file, "/file", sizeof(paths->file));
+   paths->file_mode = 0640;
+   fd = creat(paths->file, paths->file_mode);
+   assert_return_code(fd, errno);
+   ret = close(fd);
+   assert_return_code(ret, errno);
+
+   strlcpy(paths->symlink_none, testdir, sizeof(paths->symlink_none));
+   strlcat(paths->symlink_none, "/symlink_none",
+   sizeof(paths->symlink_none));
+   ret = symlink("/none", paths->symlink_none);
+   assert_return_code(ret, errno);
+
+   strlcpy(paths->symlink_dir, testdir, sizeof(paths->symlink_dir));
+   strlcat(paths->symlink_dir, "/symlink_dir",

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-08-06 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  bb08c9b1f08 dbcheck: Allow a dangling forward link outside our 
known NCs
   via  b3d08729d1b s3:smbd: check for stale pid in delay_for_oplock_fn() 
when leases_db_get() fails
   via  7a431cb5b5c s3:leases: log errors with level 0 in 
leases_db_do_locked_fn()
   via  eb14d8850f8 smbd: check for stale pid in get_lease_type()
   via  37e41647813 smbd: let get_lease_type() take a non-const 
share_mode_entry
   via  fc4f7104690 smbd: inverse if/else logic in get_lease_type()
   via  4d5312be999 s3/leases: log NDR decoding failure with level 0 in 
leases_db_get_fn()
   via  58bc493c779 smbd: increase loglevel when leases_db_del() with 
anything then NT_STATUS_NOT_FOUND
   via  c8507d0af5c docs: Fix documentation for require_membership_of of 
pam_winbind.conf
   via  76d466f579f docs: Fix documentation for require_membership_of of 
pam_winbind
  from  482246b997b lib/debug: set the correct default backend loglevel to 
MAX_DEBUG_LEVEL

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit bb08c9b1f0897bd76e2df78aef4a5ad4576578ab
Author: Andrew Bartlett 
Date:   Mon Jul 27 11:37:29 2020 +1200

dbcheck: Allow a dangling forward link outside our known NCs

If we do not have the NC of the target object we can not be really sure
that the object is redundent and so we want to keep it for now
and not (as happened until now) break the dbcheck run made during the
replication stage of a "samba-tool domain backup rename".

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14450

Signed-off-by: Andrew Bartlett 
Reviewed-by: Douglas Bagnall 
(cherry picked from commit 05228c4e07013c0e6f78f1330b3b787271282ca8)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Thu Aug  6 13:32:29 UTC 2020 on sn-devel-184

commit b3d08729d1b29574d7d9ea3e5e93cb92796ad2e8
Author: Stefan Metzmacher 
Date:   Mon Jul 6 08:58:22 2020 +0200

s3:smbd: check for stale pid in delay_for_oplock_fn() when leases_db_get() 
fails

If leases_db_get() failed the leases_db record might have been cleaned up 
for
stale processes. Check if the share-mode-entry owner is stale in this case 
and
return ignore the entry. In any other case, log a debug messages and panic.

Commit 05d4466a6d1ad048fa86aea09ec0a56a7b961369
"smbd: check for stale pid in get_lease_type()" fixed only one half of
this.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Jeremy Allison 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Tue Jul  7 02:47:46 UTC 2020 on sn-devel-184

(backported from commit 58adf349edfd3001ad071cc7ed8cfc551f67f8a2)
[me...@samba.org: use share_mode_stale_pid() instead of 
share_entry_stale_pid()]
[me...@samba.org: use file_id_string_tos() instead of file_id_str_buf()]

commit 7a431cb5b5c741716b094b40744312e948165afe
Author: Stefan Metzmacher 
Date:   Mon Jul 6 14:03:39 2020 +0200

s3:leases: log errors with level 0 in leases_db_do_locked_fn()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Jeremy Allison 
(cherry picked from commit 217693682d5bbd0f2d6b5331f47b2a6348840898)

commit eb14d8850f8356b0b48d2a8708107599c359121c
Author: Ralph Boehme 
Date:   Thu Jul 2 14:47:12 2020 +0200

smbd: check for stale pid in get_lease_type()

If leases_db_get() failed the leases_db record might have been cleaned up 
for
stale processes. Check if the share-mode-entry owner is stale in this case 
and
return a 0 lease state. In any other case, log a debug messages and panic.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428

Signed-off-by: Ralph Boehme 

Autobuild-User(master): Stefan Metzmacher 
Autobuild-Date(master): Thu Jul  2 16:45:42 UTC 2020 on sn-devel-184

(backported from commit 05d4466a6d1ad048fa86aea09ec0a56a7b961369)
[s...@samba.org: use share_mode_stale_pid() instead of 
share_entry_stale_pid()]
[me...@samba.org: use file_id_string_tos() instead of file_id_str_buf()]

commit 37e4164781349c7a98d3bd336b9ea9411dfc2cba
Author: Ralph Boehme 
Date:   Thu Jul 2 14:45:59 2020 +0200

smbd: let get_lease_type() take a non-const share_mode_entry

We're going to add a call to share_entry_stale_pid(share_mode_entry) which 
takes
a non-const pointer (in order to eventually set e->state = true).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14428

Signed-off-by: Ralph Boehme 
Reviewed-by: Stefan Metzmacher 
(backported from commit 3f4a865821da27efbed4f7c38ad3efbcaae77a02)
[s...@samba.org: get_lease_type() takes arg d in 4.11]

commit fc4f71046908be6f7694642acb71845defc79fb6
Author: Ralph

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-07-09 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  482246b997b lib/debug: set the correct default backend loglevel to 
MAX_DEBUG_LEVEL
   via  d77eb1c1670 lib/debug: assert file backend
   via  c557da03cfe lib:util: Fix smbclient -l basename dir
   via  1e53f8a6b26 Add a test for smbclient -l basename
   via  05a6a60a745 s3:winbind:idmap_ad - make failure to get attrnames for 
schema mode fatal
  from  03eb7b7c0de lib/util: do not install "test_util_paths"

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 482246b997b8a720b92df32f7261e0fa2d40282d
Author: Ralph Boehme 
Date:   Tue Jun 30 17:03:05 2020 +0200

lib/debug: set the correct default backend loglevel to MAX_DEBUG_LEVEL

This fixed a regression introduced by commit
c83ce5f4f99aef94530411ec82cc03e9935b352d for bug #14345.

The backend loglevel globally restricts logging of a particular backend. If 
this
value is smaller then any explicitly configured logging class, logging for 
this
class is skipped.

Eg, given the following logging config in smb.conf:

  log level = 1 auth_json_audit:3@/var/log/samba/samba_auth_audit.log

the default class loglevel of 1 (dbgc_config[DBGC_ALL].loglevel) will be
assigned to the backend loglevel.

So even though the logging class auth_json_audit is configured at level 3, 
this
doesn't become effective as the file backend drops all log messages with a 
level
below 1.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14426

Signed-off-by: Ralph Boehme 
Reviewed-by: Andreas Schneider 

Autobuild-User(master): Andreas Schneider 
Autobuild-Date(master): Thu Jul  2 13:25:29 UTC 2020 on sn-devel-184

(cherry picked from commit 71488b812fe737df2d3439a6ff3f95bb69b4a5bd)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Thu Jul  9 11:40:15 UTC 2020 on sn-devel-184

commit d77eb1c1670ec40a4c4f757ba8cc8e13c3a976bb
Author: Ralph Boehme 
Date:   Tue Jun 30 17:02:07 2020 +0200

lib/debug: assert file backend

The debug file backend is a built-in default, if it's missing we're totally
screwed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14426

Signed-off-by: Ralph Boehme 
Reviewed-by: Andreas Schneider 
(cherry picked from commit 5aeaa6959da326095e98f0369b6d91dc5667415e)

commit c557da03cfe605bd09d9c63b705944068eaa6129
Author: Amit Kumar 
Date:   Wed Apr 22 06:53:42 2020 -0500

lib:util: Fix smbclient -l basename dir

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14345

Pair-Programmed-With: Andreas Schneider 
Signed-off-by: Andreas Schneider 
Signed-off-by: Amit Kumar 
Reviewed-by: Alexander Bokovoy 
(cherry picked from commit c83ce5f4f99aef94530411ec82cc03e9935b352d)

commit 1e53f8a6b2698e70a5fcfce678bbeaf32ba8f9c7
Author: Amit Kumar 
Date:   Wed Apr 22 06:53:33 2020 -0500

Add a test for smbclient -l basename

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14345

Signed-off-by: Amit Kumar 
Reviewed-by: Andreas Schneider 
Reviewed-by: Alexander Bokovoy 
(cherry picked from commit 2a7fc40fb3f3ca994cecad3e2957433d7a411208)

commit 05a6a60a745293569a327a673d10ceb542a7c746
Author: Andrew 
Date:   Tue Jun 30 06:54:06 2020 -0400

s3:winbind:idmap_ad - make failure to get attrnames for schema mode fatal

Add check for failure to resolve the OID array for the schema mode into
names.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14425

Signed-off-by: Andrew 
Reviewed-by: Stefan Metzmacher 
(cherry picked from commit b5b801026edd3a8fd8d0ba1752e891453cf675c9)

---

Summary of changes:
 lib/util/debug.c   |  6 
 .../script/tests/test_smbclient_log_basename.sh| 36 ++
 source3/selftest/tests.py  |  3 ++
 source3/winbindd/idmap_ad.c|  8 +
 4 files changed, 53 insertions(+)
 create mode 100755 source3/script/tests/test_smbclient_log_basename.sh


Changeset truncated at 500 lines:

diff --git a/lib/util/debug.c b/lib/util/debug.c
index c42022ec9bb..d8427c291da 100644
--- a/lib/util/debug.c
+++ b/lib/util/debug.c
@@ -30,6 +30,7 @@
 #include "util_strlist.h" /* LIST_SEP */
 #include "blocking.h"
 #include "debug.h"
+#include 
 
 /* define what facility to use for syslog */
 #ifndef SYSLOG_FACILITY
@@ -1113,6 +1114,7 @@ static bool reopen_one_log(int *fd, const char *logfile)
 */
 bool reopen_logs_internal(void)
 {
+   struct debug_backend *b = NULL;
mode_t oldumask;
int new_fd = 0;
size_t i;
@@ -1141,6 +1143,10 @@ bool reopen_logs_internal(void)
return true;
 
case DEBUG_FILE:
+   b =

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-07-07 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  03eb7b7c0de lib/util: do not install "test_util_paths"
  from  b36dc13c1a0 selftest: Run test of how userPassword / crypt() style 
passwords are stored in quicktest

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 03eb7b7c0de6a6191a54583f388cd84e32c982dc
Author: Günther Deschner 
Date:   Thu Jul 2 18:56:20 2020 +0200

lib/util: do not install "test_util_paths"

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14370

Guenther

Signed-off-by: Guenther Deschner 

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Tue Jul  7 08:16:40 UTC 2020 on sn-devel-184

---

Summary of changes:
 lib/util/wscript_build | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)


Changeset truncated at 500 lines:

diff --git a/lib/util/wscript_build b/lib/util/wscript_build
index 9cf411007eb..84c19bb136f 100644
--- a/lib/util/wscript_build
+++ b/lib/util/wscript_build
@@ -285,4 +285,5 @@ else:
 bld.SAMBA_BINARY('test_util_paths',
  source='tests/test_util_paths.c',
  deps='cmocka replace talloc samba-util',
- local_include=False)
+ local_include=False,
+ install=False)


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-07-06 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  b36dc13c1a0 selftest: Run test of how userPassword / crypt() style 
passwords are stored in quicktest
   via  f8d033dde43 selftest: Split 
samba.tests.samba_tool.user_virtualCryptSHA into GPG and not GPG parts
   via  e52f5199091 dsdb: Allow "password hash userPassword schemes = 
CryptSHA256" to work on RHEL7
   via  f0e3089a5a7 util: fix build on AIX by fixing the order of replace.h 
include
   via  1ffaeed5970 util: Reallocate larger buffer if getpwuid_r() returns 
ERANGE
   via  581b581700c util: Fix build on FreeBSD by avoiding NSS_BUFLEN_PASSWD
   via  cf319e099c1 util: Simplify input validation
   via  671e06eb496 s3: libsmb: Fix SMB2 client rename bug to a Windows 
server.
  from  7d407fa84ae VERSION: Bump version up to 4.11.12.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit b36dc13c1a01293a2d1fb5e35cce673545a00153
Author: Andrew Bartlett 
Date:   Wed Jul 1 14:31:54 2020 +1200

selftest: Run test of how userPassword / crypt() style passwords are stored 
in quicktest

This ensures that the crypt_r()/crypt_rn()/crypt() behaviour is tested in 
all
the samba-o3 builds and so is checked on RHEL7 in GitLab CI.

https://bugzilla.samba.org/show_bug.cgi?id=14424

Signed-off-by: Andrew Bartlett 
Reviewed-by: Alexander Bokovoy 
(cherry picked from commit cabf873b75b1d4d456190358bc3ed051bca16978)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Mon Jul  6 15:10:27 UTC 2020 on sn-devel-184

commit f8d033dde4387ea2b4fc8bd83cc20ea28d80f2bf
Author: Andrew Bartlett 
Date:   Wed Jul 1 14:30:24 2020 +1200

selftest: Split samba.tests.samba_tool.user_virtualCryptSHA into GPG and 
not GPG parts

This allows the userPassword (not GPG) part of the test to run on hosts 
without
python3-gpg (eg RHEL7) while still testing the userPassword handling.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14424

Signed-off-by: Andrew Bartlett 
Reviewed-by: Alexander Bokovoy 
(cherry picked from commit 2c4ecf002a3fbbe8be061814468529c8bd6bb7aa)

commit e52f51990912e08b4c25f53ceeab54e6220ac613
Author: Andrew Bartlett 
Date:   Wed Jul 1 14:35:39 2020 +1200

dsdb: Allow "password hash userPassword schemes = CryptSHA256" to work on 
RHEL7

On RHEL7 crypt_r() will set errno.  This is a problem because the 
implementation of crypt_r()
in RHEL8 and elsewhere in libcrypt will return non-NULL but set errno on 
failure.

The workaround is to use crypt_rn(), provided only by libcrypt, which will 
return NULL
on failure, and so avoid checking errno in the non-failure case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14424

Signed-off-by: Andrew Bartlett 
Reviewed-by: Alexander Bokovoy 
(cherry picked from commit 91453f110fa72062291eb59ad9d95fab0f423557)

commit f0e3089a5a75f02a3a4398c66fda4d2950a89c93
Author: Bjoern Jacke 
Date:   Mon Jun 29 12:00:46 2020 +

util: fix build on AIX by fixing the order of replace.h include

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14422

Signed-off-by: Bjoern Jacke 
Reviewed-by: Ralph Boehme 

(cherry picked from commit d93a6d2663a25bca072cd5623aea16e21ed650b8)

commit 1ffaeed59703acd286326c97ad0eccff94312378
Author: Martin Schwenke 
Date:   Fri Jun 5 22:05:42 2020 +1000

util: Reallocate larger buffer if getpwuid_r() returns ERANGE

Signed-off-by: Martin Schwenke 
Reviewed-by: Volker Lendecke 
Reviewed-by: Bjoern Jacke 

Autobuild-User(master): Martin Schwenke 
Autobuild-Date(master): Tue Jun  9 21:07:24 UTC 2020 on sn-devel-184

(cherry picked from commit ddac6b2eb4adaec8fc5e25ca07387d2b9417764c)

commit 581b581700c967d38bcbb8d81767a7dfdfe68147
Author: Martin Schwenke 
Date:   Fri Jun 5 21:52:23 2020 +1000

util: Fix build on FreeBSD by avoiding NSS_BUFLEN_PASSWD

NSS_BUFLEN_PASSWD is not defined on FreeBSD.  Use
sysconf(_SC_GETPW_R_SIZE_MAX) instead, as per POSIX.

Use a dynamically allocated buffer instead of trying to cram all of
the logic into the declarations.  This will come in useful later
anyway.

Signed-off-by: Martin Schwenke 
Reviewed-by: Volker Lendecke 
Reviewed-by: Bjoern Jacke 
(cherry picked from commit 847208cd8ac68c4c7d1dae63767820db1c69292b)

commit cf319e099c1dc6683864486bd86b44750b0e0b3e
Author: Martin Schwenke 
Date:   Tue Jun 9 11:52:50 2020 +1000

util: Simplify input validation

It appears that snprintf(3) is being used for input validation.
However, this seems like overkill because it causes szPath to be
copied an extra time.  The mostly likely protections being sought
here, according to https://cwe.mitre.org/data/definitions/20.html,
look to be DoS attacks involving CPU and memory

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-07-02 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  7d407fa84ae VERSION: Bump version up to 4.11.12.
   via  fe2edeccab4 Merge tag 'samba-4.11.11' into v4-11-test
   via  c9fa9874747 VERSION: Disable GIT_SNAPSHOT for the 4.11.11 release.
   via  1fa951943b5 Add release notes for Samba 4.11.11.
   via  df599b6b790 CVE-2020-10760 dsdb: Add tests for paged_results and 
VLV over the Global Catalog port
   via  4def2dc5547 CVE-2020-10760 dsdb: Ensure a proper talloc tree for 
saved controls
   via  153c8db09b2 CVE-2020-14303: s4 nbt: fix busy loop on empty UDP 
packet
   via  11034ea33fc CVE-2020-14303 Ensure an empty packet will not DoS the 
NBT server
   via  23e9eb71052 CVE-2020-10745: ndr/dns-utils: prepare for NBT 
compatibility
   via  83b00656ea0 CVE-2020-10745: dns_util/push: forbid names longer than 
255 bytes
   via  507503f80e8 CVE-2020-10745: ndr_dns: do not allow consecutive dots
   via  b687813ac36 CVE-2020-10745: ndr/dns_utils: correct a comment
   via  37cacb8f41b CVE-2020-10745: ndr_dns: move ndr_push_dns_string core 
into sharable function
   via  ddeabf87957 CVE-2020-10745: librpc/tests: cmocka tests of dns and 
ndr strings
   via  ddd3ed7ce2e CVE-2020-10745: pytests: hand-rolled invalid dns/nbt 
packet tests
   via  c9fd1dbb131 ldb: Bump version to 2.0.12
   via  303947c58ab CVE-2020-10730: lib ldb: Check if 
ldb_lock_backend_callback called twice
   via  ae6e9445ac8 CVE-2020-10730: s4 dsdb vlv_pagination: Prevent repeat 
call of ldb_module_done
   via  dcf713038ff CVE-2020-10730: s4 dsdb paged_results: Prevent repeat 
call of ldb_module_done
   via  0c8cd0a9fbd CVE-2020-10730: dsdb: Ban the combination of 
paged_results and VLV
   via  c7608e43c93 CVE-2020-10730: dsdb: Fix crash when vlv and 
paged_results are combined
   via  01cce3d1fc6 CVE-2020-10730: selftest: Add test to show that VLV and 
paged_results are incompatible
   via  3fd7ce69761 CVE-2020-10730: vlv: Another workaround for mixing ASQ 
and VLV
   via  cf10f9b9a9a CVE-2020-10730: selftest: Add test to confirm VLV 
interaction with ASQ
   via  2041c05d9b4 CVE-2020-10730: vlv: Do not re-ASQ search the results 
of an ASQ search with VLV
   via  b8628cb4476 CVE-2020-10730: vlv: Use strcmp(), not strncmp() 
checking the NULL terminated control OIDs
   via  a29be4ffa3b VERSION: Bump version up to 4.11.11...
  from  08a51254198 VERSION: Bump version up to 4.11.11...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 7d407fa84ae53605db801ec6488641d0622686e5
Author: Karolin Seeger 
Date:   Thu Jul 2 11:04:19 2020 +0200

VERSION: Bump version up to 4.11.12.

Signed-off-by: Karolin Seeger 

commit fe2edeccab47dcc5783632828f1b6419df5e49ad
Merge: 08a51254198 c9fa9874747
Author: Karolin Seeger 
Date:   Thu Jul 2 11:03:55 2020 +0200

Merge tag 'samba-4.11.11' into v4-11-test

samba: tag release samba-4.11.11

---

Summary of changes:
 VERSION|   2 +-
 WHATSNEW.txt   |  88 +++-
 lib/ldb/ABI/{ldb-2.0.10.sigs => ldb-2.0.12.sigs}   |   0
 ...ldb-util-1.1.10.sigs => pyldb-util-2.0.12.sigs} |   0
 lib/ldb/common/ldb.c   |   9 +-
 lib/ldb/wscript|   2 +-
 libcli/nbt/nbtsocket.c |  17 +-
 librpc/ndr/ndr_dns.c   |  80 +--
 librpc/ndr/ndr_dns_utils.c | 134 
 librpc/ndr/ndr_dns_utils.h |   6 +
 librpc/ndr/ndr_nbt.c   |  72 +--
 librpc/tests/test_ndr_dns_nbt.c| 236 +
 librpc/wscript_build   |  16 +-
 python/samba/tests/dns_packet.py   | 230 
 .../__init__.py => selftest/knownfail.d/dns_packet |   0
 selftest/knownfail.d/vlv   |   2 +-
 source4/dsdb/samdb/ldb_modules/paged_results.c |  65 +-
 source4/dsdb/samdb/ldb_modules/vlv_pagination.c| 102 +++--
 source4/dsdb/tests/python/asq.py   |  54 +
 source4/dsdb/tests/python/vlv.py   | 184 ++--
 source4/selftest/tests.py  |  12 ++
 21 files changed, 1076 insertions(+), 235 deletions(-)
 copy lib/ldb/ABI/{ldb-2.0.10.sigs => ldb-2.0.12.sigs} (100%)
 copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util-2.0.12.sigs} (100%)
 create mode 100644 librpc/ndr/ndr_dns_utils.c
 create mode 100644 librpc/ndr/ndr_dns_utils.h
 create mode 100644 librpc/tests/test_ndr_dns_nbt.c
 create mode 100644 python/samba/tests/dns_packet.py
 copy buildtools/wafsamba/__init__.py => selftest/knownfail.d/dns_packet (100%)


Changeset truncated at

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-06-30 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  08a51254198 VERSION: Bump version up to 4.11.11...
   via  a905508e09e VERSION: Disable GIT_SNAPSHOT for the 4.11.10 release.
   via  6fdb3c33990 WHATSNEW: Add release notes for Samba 4.11.10.
  from  9e819be438a ldb_ldap: fix off-by-one increment in lldb_add_msg_attr

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 08a51254198537395e9a6ea7a98fd627a491bf15
Author: Karolin Seeger 
Date:   Wed Jun 24 12:35:39 2020 +0200

VERSION: Bump version up to 4.11.11...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger 

commit a905508e09ebbd9ad2ec633be9606ca0e6881102
Author: Karolin Seeger 
Date:   Wed Jun 24 12:34:59 2020 +0200

VERSION: Disable GIT_SNAPSHOT for the 4.11.10 release.

Signed-off-by: Karolin Seeger 

commit 6fdb3c33990f802c9e679d1a5f3bc8ad6a79486b
Author: Karolin Seeger 
Date:   Wed Jun 24 12:34:26 2020 +0200

WHATSNEW: Add release notes for Samba 4.11.10.

Signed-off-by: Karolin Seeger 

---

Summary of changes:
 VERSION  |  2 +-
 WHATSNEW.txt | 63 ++--
 2 files changed, 62 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index 4c7fb5b4df2..8f8da5faff0 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=11
-SAMBA_VERSION_RELEASE=10
+SAMBA_VERSION_RELEASE=11
 
 
 # If a official release has a serious bug  #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index e4af7cb4105..c3f04c7993a 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,62 @@
+   ===
+   Release Notes for Samba 4.11.10
+June 30, 2020
+  ===
+
+
+This is the latest stable release of the Samba 4.11 release series.
+
+
+Changes since 4.11.9
+
+
+o  Jeremy Allison 
+   * BUG 14374: Fix segfault when using SMBC_opendir_ctx() routine for share
+ folder that contains incorrect symbols in any file name.
+
+o  Ralph Boehme 
+   * BUG 14350: vfs_shadow_copy2 doesn't fail case looking in 
snapdirseverywhere
+ mode.
+
+o  Alexander Bokovoy 
+   * BUG 14413: ldb_ldap: Fix off-by-one increment in lldb_add_msg_attr.
+
+o  Volker Lendecke 
+   * BUG 14366: Malicous SMB1 server can crash libsmbclient.
+   * BUG 14382: winbindd: Fix a use-after-free when winbind clients exit.
+
+o  Gary Lockyer 
+   * BUG 14330: ldb: Bump version to 2.0.11, LMDB databases can grow without
+ bounds.
+
+o  Andreas Schneider 
+   * BUG 14358: docs-xml: Fix usernames in pam_winbind manpages.
+   * BUG 14370: Client tools are not able to read gencache anymore.
+
+
+###
+Reporting bugs & Development Discussion
+###
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+==
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==
+
+
+Release notes for older releases follow:
+
+
==
Release Notes for Samba 4.11.9
 May 05, 2020
@@ -81,8 +140,8 @@ database (https://bugzilla.samba.org/).
 ==
 
 
-Release notes for older releases follow:
-
+--
+
 
==
Release Notes for Samba 4.11.8


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-06-24 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  9e819be438a ldb_ldap: fix off-by-one increment in lldb_add_msg_attr
   via  5761f5a199c lib/ldb: add unit test for ldb_ldap internal code
  from  0f35dbd96c0 s3: libsmbclient: Finish unifing bad iconv behavior 
across CORE NT1 SMB2 protocols.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 9e819be438ae8dd501474e62faf8cf71bd187aa8
Author: Alexander Bokovoy 
Date:   Thu Jun 18 10:45:41 2020 +0300

ldb_ldap: fix off-by-one increment in lldb_add_msg_attr

Fix regression introduced by commit ce2bf5c72b6423fff680b3d6a9042103a6cdda55

lldb_add_msg_attr() calls ldb_msg_add_empty() which, in turn, calls
calls _ldb_msg_add_el() which already increments msg->num_elements by one.

As a result, msg->num_elements is bigger than the actual number of
elements and any iteration over elements would step over elements array
boundary.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14413
Signed-off-by: Alexander Bokovoy 
Reviewed-by: Andreas Schneider 

Autobuild-User(master): Andreas Schneider 
Autobuild-Date(master): Fri Jun 19 08:35:33 UTC 2020 on sn-devel-184

(cherry picked from commit 990a0fc4a0481aed817fad7575d8df453fbe7af9)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Wed Jun 24 12:39:28 UTC 2020 on sn-devel-184

commit 5761f5a199c388282e15f8504a17dd7bfe46f5eb
Author: Alexander Bokovoy 
Date:   Thu Jun 18 11:49:08 2020 +0300

lib/ldb: add unit test for ldb_ldap internal code

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14413
Signed-off-by: Alexander Bokovoy 
Reviewed-by: Andreas Schneider 
(cherry picked from commit 36bd6edd8a603f3aa34aff81c43ef26efd3ad4cf)

---

Summary of changes:
 lib/ldb/ldb_ldap/ldb_ldap.c |   2 -
 lib/ldb/tests/lldb_ldap.c   | 105 
 lib/ldb/wscript |  14 ++
 3 files changed, 119 insertions(+), 2 deletions(-)
 create mode 100644 lib/ldb/tests/lldb_ldap.c


Changeset truncated at 500 lines:

diff --git a/lib/ldb/ldb_ldap/ldb_ldap.c b/lib/ldb/ldb_ldap/ldb_ldap.c
index d7222997732..0531f8a62ae 100644
--- a/lib/ldb/ldb_ldap/ldb_ldap.c
+++ b/lib/ldb/ldb_ldap/ldb_ldap.c
@@ -176,8 +176,6 @@ static int lldb_add_msg_attr(struct ldb_context *ldb,
el->num_values++;
}
 
-   msg->num_elements++;
-
return 0;
 }
 
diff --git a/lib/ldb/tests/lldb_ldap.c b/lib/ldb/tests/lldb_ldap.c
new file mode 100644
index 000..eea9f22f6b9
--- /dev/null
+++ b/lib/ldb/tests/lldb_ldap.c
@@ -0,0 +1,105 @@
+/*
+ * from cmocka.c:
+ * These headers or their equivalents should be included prior to
+ * including
+ * this header file.
+ *
+ * #include 
+ * #include 
+ * #include 
+ *
+ * This allows test applications to use custom definitions of C standard
+ * library functions and types.
+ */
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include 
+#include 
+#include 
+
+#include 
+#include 
+#include 
+#include 
+
+int ldb_ldap_init(const char *version);
+
+#include "ldb_ldap/ldb_ldap.c"
+
+struct test_ctx {
+   struct tevent_context *ev;
+   struct ldb_context *ldb;
+   struct ldb_message *msg;
+};
+
+static int lldb_msg_setup(void **state)
+{
+   struct test_ctx *test_ctx;
+
+   test_ctx = talloc_zero(NULL, struct test_ctx);
+   assert_non_null(test_ctx);
+
+   test_ctx->ev = tevent_context_init(test_ctx);
+   assert_non_null(test_ctx->ev);
+
+   test_ctx->ldb = ldb_init(test_ctx, test_ctx->ev);
+   assert_non_null(test_ctx->ldb);
+
+   test_ctx->msg = ldb_msg_new(test_ctx);
+   assert_non_null(test_ctx->msg);
+
+   *state = test_ctx;
+   return 0;
+}
+
+static int lldb_msg_teardown(void **state)
+{
+   struct test_ctx *test_ctx = talloc_get_type_abort(*state,
+ struct test_ctx);
+
+   talloc_free(test_ctx);
+   return 0;
+}
+
+static void test_lldb_add_msg_attr(void **state)
+{
+   struct test_ctx *test_ctx = talloc_get_type_abort(*state,
+ struct test_ctx);
+   struct ldb_message *msg = test_ctx->msg;
+   int ret;
+   unsigned int num_elements = 0;
+   struct berval **v = NULL;
+
+   v = talloc_zero_array(test_ctx, struct berval *, 2);
+   assert_non_null(v);
+
+   v[0] = talloc_zero(v, struct berval);
+   assert_non_null(v[0]);
+
+   v[0]->bv_val = talloc_strdup(msg, "dc=example,dc=test");
+   assert_non_null(v[0]->bv_val);
+
+   v[0]->bv_len = strlen(v[0]->bv_val);
+
+   num_elements = msg->num_elements;
+
+   ret = lldb_add_msg_attr(test_ctx->ldb, msg, "defaultNamingContext", v);
+   assert_int_equal(ret,

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-06-04 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  0f35dbd96c0 s3: libsmbclient: Finish unifing bad iconv behavior 
across CORE NT1 SMB2 protocols.
   via  daddc6956f6 s3: libsmb: In SMB2 return 
NT_STATUS_INVALID_NETWORK_RESPONSE if name conversion ended up with a NULL 
filename.
   via  b8f0a185bba s3: libsmb: In SMB1 old protocol - return 
NT_STATUS_INVALID_NETWORK_RESPONSE if name conversion ended up with a NULL 
filename.
   via  f02467bf688 s3: selftest: Add test_smbclient_iconv.sh to check 
client behavior on bad name conversion.
   via  ac45713a18a s3: selftest: Add share definition [bad_iconv] in 
fileserver.
  from  d90e5a71c79 winbindd: Fix a use-after-free when winbind clients exit

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 0f35dbd96c068d5d9638e2477cf0e5f6dafe8f37
Author: Jeremy Allison 
Date:   Mon May 11 15:58:27 2020 -0700

s3: libsmbclient: Finish unifing bad iconv behavior across CORE NT1 SMB2 
protocols.

On bad name conversion, exit the directory listing with an error, but leave 
the
connection intact. We were already checking for finfo->name == NULL here,
but were ignoring it and not reporting an error.

Remove the knownfail.d/bad_iconv file as we now
behave the same across CORE/NT1/SMB2.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14374

Signed-off-by: Jeremy Allison 
Reviewed-by: Andreas Schneider 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Tue May 12 21:32:44 UTC 2020 on sn-devel-184

(cherry picked from commit 393da520e43bd3a28feb231bcd9fd5308a3daa4a)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Thu Jun  4 11:47:26 UTC 2020 on sn-devel-184

commit daddc6956f673e5cf369924c9e4a9963e079aca5
Author: Jeremy Allison 
Date:   Mon May 11 12:23:49 2020 -0700

s3: libsmb: In SMB2 return NT_STATUS_INVALID_NETWORK_RESPONSE if name 
conversion ended up with a NULL filename.

Can happen if namelen == 0.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14374

Signed-off-by: Jeremy Allison 
Reviewed-by: Andreas Schneider 
(cherry picked from commit 753115a8d19f6ac8cd28305748fc6d888679dccc)

commit b8f0a185bba2c6b3263e5ca87ebcc9a5fc23c0f6
Author: Jeremy Allison 
Date:   Mon May 11 12:34:10 2020 -0700

s3: libsmb: In SMB1 old protocol - return 
NT_STATUS_INVALID_NETWORK_RESPONSE if name conversion ended up with a NULL 
filename.

Can happen if namelen == 0.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14374

Signed-off-by: Jeremy Allison 
Reviewed-by: Andreas Schneider 
(cherry picked from commit b10de0bb64fe022e6b066584013dfb0bdf2ade96)

commit f02467bf688e8ba7ef5dd48dda723314e09f21a5
Author: Jeremy Allison 
Date:   Mon May 11 15:37:00 2020 -0700

s3: selftest: Add test_smbclient_iconv.sh to check client behavior on bad 
name conversion.

SMB2 and NT1 fail this, CORE already returns 
NT_STATUS_INVALID_NETWORK_RESPONSE
on bad conversion.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14374

Signed-off-by: Jeremy Allison 
Reviewed-by: Andreas Schneider 
(back-ported from commit e016671d34c24c4768df774425ec743b88e30015)

commit ac45713a18aa9f1bfbca3dbd350635e8fbb83a26
Author: Jeremy Allison 
Date:   Mon May 11 14:10:54 2020 -0700

s3: selftest: Add share definition [bad_iconv] in fileserver.

Creates a utf8 valid filename within that is invalid in CP850.
Useful to test smbclient list directory character set conversions.

https://bugzilla.samba.org/show_bug.cgi?id=14374

Signed-off-by: Jeremy Allison 
Reviewed-by: Andreas Schneider 
(back-ported from commit a9651d6bc2b6dea8adc859ce21c2431253868887)

---

Summary of changes:
 selftest/target/Samba3.pm| 20 +++
 source3/libsmb/cli_smb2_fnum.c   |  6 
 source3/libsmb/clilist.c | 10 --
 source3/script/tests/test_smbclient_iconv.sh | 53 
 source3/selftest/tests.py|  7 
 5 files changed, 93 insertions(+), 3 deletions(-)
 create mode 100755 source3/script/tests/test_smbclient_iconv.sh


Changeset truncated at 500 lines:

diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index b6bfcef824d..a15979199f0 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -959,6 +959,9 @@ sub setup_fileserver
my $usershare_sharedir="$share_dir/usershares";
push(@dirs,$usershare_sharedir);
 
+   my $bad_iconv_sharedir="$share_dir/bad_iconv";
+   push(@dirs, $bad_iconv_sharedir);
+
my $fileserver_options = "
kernel change notify = yes
 
@@ -1026,6 +1029,12 @@ sub setup_fileserver
path = $share_dir

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-05-22 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  d90e5a71c79 winbindd: Fix a use-after-free when winbind clients exit
   via  d1b03ef8ddc s3: lib: Paranoia around use of snprintf copying into a 
fixed-size buffer from a getenv() pointer.
   via  cb50ee7a423 s3:gencache: Allow to open gencache as read-only
   via  247e406e985 lib:util: Add test for path_expand_tilde()
   via  107526266b2 lib:util: Add path_expand_tilde()
  from  f47dc8b8f68 docs-xml: Fix usernames in pam_winbind manpages

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit d90e5a71c79a3fe1d9ca3b93c7ca135fa091b996
Author: Volker Lendecke 
Date:   Fri May 15 15:19:45 2020 +0200

winbindd: Fix a use-after-free when winbind clients exit

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14382

Pair-Programmed-With: Stefan Metzmacher 

Signed-off-by: Volker Lendecke 
Signed-off-by: Stefan Metzmacher 

Autobuild-User(master): Stefan Metzmacher 
Autobuild-Date(master): Tue May 19 10:45:06 UTC 2020 on sn-devel-184

(cherry picked from commit 68380ebaa60c64311cc1081f700d571abbf69f4f)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Fri May 22 14:40:24 UTC 2020 on sn-devel-184

commit d1b03ef8ddc9ec84e52e6155fd510e601f043b20
Author: Jeremy Allison 
Date:   Fri May 15 12:18:02 2020 -0700

s3: lib: Paranoia around use of snprintf copying into a fixed-size buffer 
from a getenv() pointer.

Post checks for overflow/error.

Signed-off-by: Jeremy Allison 
Reviewed-by: Andrew Bartlett 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Mon May 18 23:42:57 UTC 2020 on sn-devel-184

(cherry picked from commit dd1f750293ef4361455a5d5b63fc7a89495715b7)

commit cb50ee7a4239e2e13b1c621cd7a3826ff123f84a
Author: Andreas Schneider 
Date:   Wed May 6 17:10:51 2020 +0200

s3:gencache: Allow to open gencache as read-only

This allows client tools to access the cache for ready-only operations
as a normal user.

Example:
net ads status

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14370

Signed-off-by: Andreas Schneider 
Reviewed-by: Stefan Metzmacher 

Autobuild-User(master): Andreas Schneider 
Autobuild-Date(master): Fri May 15 14:40:32 UTC 2020 on sn-devel-184

(cherry picked from commit 04f0c45475de383a0be4ca355ab9aa7784e61c27)

commit 247e406e9859ab223458a9b7fcdad746a64db8af
Author: Andreas Schneider 
Date:   Mon May 11 12:50:11 2020 +0200

lib:util: Add test for path_expand_tilde()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14370

Signed-off-by: Andreas Schneider 
Reviewed-by: Stefan Metzmacher 
(backported from commit a15bd5493b696c66c6803d8ca65bc13f1cfcdf0a)

commit 107526266b2d44fc9321386f0f1749d4b1c5c98d
Author: Andreas Schneider 
Date:   Thu May 7 12:25:24 2020 +0200

lib:util: Add path_expand_tilde()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14370

Signed-off-by: Andreas Schneider 
Reviewed-by: Stefan Metzmacher 
(cherry picked from commit 15457254be0ab1235c327bd305dfeee19b2ea7a1)

---

Summary of changes:
 lib/util/tests/test_util_paths.c | 127 +++
 lib/util/util_paths.c|  76 +++
 lib/util/util_paths.h|   9 +++
 lib/util/wscript_build   |   5 ++
 selftest/tests.py|   2 +
 source3/lib/gencache.c   |  63 ++-
 source3/winbindd/winbindd_dual.c |  28 -
 7 files changed, 306 insertions(+), 4 deletions(-)
 create mode 100644 lib/util/tests/test_util_paths.c


Changeset truncated at 500 lines:

diff --git a/lib/util/tests/test_util_paths.c b/lib/util/tests/test_util_paths.c
new file mode 100644
index 000..b89abf0aea1
--- /dev/null
+++ b/lib/util/tests/test_util_paths.c
@@ -0,0 +1,127 @@
+/*
+ * Unix SMB/CIFS implementation.
+ *
+ * Copyright (C) 2020  Andreas Schneider 
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program.  If not, see .
+ */
+
+#include 
+#include 
+#include 
+#include 
+#include 
+
+#include 
+
+#include "lib/replace/replace.h"
+#include "lib/util/util_paths.c"

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-05-14 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  f47dc8b8f68 docs-xml: Fix usernames in pam_winbind manpages
   via  f5ee0cc29e4 libsmb: Protect cli_oem_change_password() from rprcnt<2
   via  e8ffd6244d6 libsmb: Protect cli_RNetServerEnum against rprcnt<6
   via  39a3d728a60 libsmb: Protect cli_RNetShareEnum() against rprcnt<6
   via  f69c9ea345f libsmb: Fix indentation in cli_RNetShareEnum()
  from  84362eef4cf vfs_shadow_copy2: implement case canonicalisation in 
shadow_copy2_get_real_filename()

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit f47dc8b8f68c93e9e57bda704125b28c22bcf731
Author: Andreas Schneider 
Date:   Tue Apr 28 17:25:35 2020 +0200

docs-xml: Fix usernames in pam_winbind manpages

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14358

Signed-off-by: Andreas Schneider 
Reviewed-by: Alexander Bokovoy 

Autobuild-User(master): Andreas Schneider 
Autobuild-Date(master): Wed Apr 29 09:44:55 UTC 2020 on sn-devel-184

(cherry picked from commit 3abd92d7824e803f1ff53425088ebee30b58894b)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Thu May 14 15:42:16 UTC 2020 on sn-devel-184

commit f5ee0cc29e405b222d2c8ae7ea0eb166671d87be
Author: Volker Lendecke 
Date:   Sat May 2 15:18:07 2020 +0200

libsmb: Protect cli_oem_change_password() from rprcnt<2

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14366
Signed-off-by: Volker Lendecke 
Reviewed-by: Andreas Schneider 

Autobuild-User(master): Andreas Schneider 
Autobuild-Date(master): Tue May  5 17:12:04 UTC 2020 on sn-devel-184

(cherry picked from commit f80c97cb8da64f3cd9904e2e1fd43c29b691166d)

commit e8ffd6244d60866044f3702999eb292bebd0b99c
Author: Volker Lendecke 
Date:   Sat May 2 15:10:14 2020 +0200

libsmb: Protect cli_RNetServerEnum against rprcnt<6

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14366
Signed-off-by: Volker Lendecke 
Reviewed-by: Andreas Schneider 
(cherry picked from commit ce8b70df7bd63e96723b8e8dc864f1690f5fad7b)

commit 39a3d728a605b02d209b39ee764de5bd4d4501fc
Author: Volker Lendecke 
Date:   Sat May 2 14:59:07 2020 +0200

libsmb: Protect cli_RNetShareEnum() against rprcnt<6

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14366
Signed-off-by: Volker Lendecke 
Reviewed-by: Andreas Schneider 
(cherry picked from commit 4a9fe4efefa67d6f24efcbe29722a43fc4859fdc)

commit f69c9ea345fa05a1e63888eeccfba98a6c9182f7
Author: Volker Lendecke 
Date:   Sat May 2 14:54:01 2020 +0200

libsmb: Fix indentation in cli_RNetShareEnum()

Also remove a level of indentation with a "goto done;"

Best review with "git show -b", almost no code change

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14366
Signed-off-by: Volker Lendecke 
Reviewed-by: Andreas Schneider 
(cherry picked from commit ae91d67a247424d4ddc89230f52365558d6ff402)

---

Summary of changes:
 docs-xml/manpages/pam_winbind.8.xml  |   4 +-
 docs-xml/manpages/pam_winbind.conf.5.xml |   4 +-
 source3/libsmb/clirap.c  | 151 ++-
 3 files changed, 91 insertions(+), 68 deletions(-)


Changeset truncated at 500 lines:

diff --git a/docs-xml/manpages/pam_winbind.8.xml 
b/docs-xml/manpages/pam_winbind.8.xml
index b8af5b54c58..a9a227f1647 100644
--- a/docs-xml/manpages/pam_winbind.8.xml
+++ b/docs-xml/manpages/pam_winbind.8.xml
@@ -83,8 +83,8 @@

If this option is set, pam_winbind will only succeed if the 
user is a member of the given SID or NAME. A SID
can be either a group-SID, an alias-SID or even an user-SID. It 
is also possible to give a NAME instead of the
-   SID. That name must have the form: 
MYDOMAIN\\mygroup or
-   MYDOMAIN\\myuser.  pam_winbind will, in 
that case, lookup the SID internally. Note that
+   SID. That name must have the form: 
MYDOMAIN\mygroup or
+   MYDOMAIN\myuser.  pam_winbind will, in 
that case, lookup the SID internally. Note that
NAME may not contain any spaces. It is thus recommended to only 
use SIDs. You can verify the list of SIDs a
user is a member of with wbinfo 
--user-sids=SID.

diff --git a/docs-xml/manpages/pam_winbind.conf.5.xml 
b/docs-xml/manpages/pam_winbind.conf.5.xml
index a5aaa01504d..193a0dc971c 100644
--- a/docs-xml/manpages/pam_winbind.conf.5.xml
+++ b/docs-xml/manpages/pam_winbind.conf.5.xml
@@ -68,8 +68,8 @@

If this option is set, pam_winbind will only succeed if the 
user is a member of the given SID or NAME. A SID
can be either a group-SID, an alias-SID or even an user-SID. It 
is also possible to give a NAME

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-05-13 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  84362eef4cf vfs_shadow_copy2: implement case canonicalisation in 
shadow_copy2_get_real_filename()
   via  3d60f8ac9fa s3/lib: add is_gmt_token()
   via  f8805f5db4d smbd: make get_real_filename_full_scan() public
   via  f23992c09a6 CI: add two tests for shadow_copy2 VFS module
   via  ecaeedb3183 ldb: Bump version to 2.0.11
   via  d65f5a1567e lib ldb: lmdb init var before calling mdb_reader_check
   via  5fb94e3efc6 lib ldb: lmdb clear stale readers on write txn start
   via  9d8ca2233cd ldb tests: Confirm lmdb free list handling
  from  b6a7b42f9a8 VERSION: Bump version up to 4.11.10...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 84362eef4cfd199e0ef3e019f6ed444d1a73ed0d
Author: Ralph Boehme 
Date:   Thu Apr 23 16:10:23 2020 +0200

vfs_shadow_copy2: implement case canonicalisation in 
shadow_copy2_get_real_filename()

unix_convert() can't do this for us in snapdirseverywhere mode, so we do it
ourselves.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14350

Signed-off-by: Ralph Boehme 
(Similar to commit a3d1ac2a597e2441d6855db566306298ae5db99b)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Wed May 13 14:44:57 UTC 2020 on sn-devel-184

commit 3d60f8ac9fa2440fa559fd72f86adc53268254da
Author: Ralph Boehme 
Date:   Mon Apr 27 14:38:28 2020 +0200

s3/lib: add is_gmt_token()

This is not present in master as master has been converted to use struct
smb_filename.twrp instead of @GMT string tokens as part of the path.

Signed-off-by: Ralph Boehme 

commit f8805f5db4d350ecc4b97c4ef4cc207eed18ae56
Author: Ralph Boehme 
Date:   Thu Apr 23 16:09:16 2020 +0200

smbd: make get_real_filename_full_scan() public

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14350

Signed-off-by: Ralph Boehme 
Reviewed-by: Jeremy Allison 
(backported from commit aa5f19ddf1dec1ac4386441929bca94727f30ee6)
[Conflicts: source3/smbd/proto.h: more functions are missing in 4.12]

commit f23992c09a6fb4f5647e6805e1701000ca1dffa8
Author: Ralph Boehme 
Date:   Tue Apr 21 13:06:03 2020 +0200

CI: add two tests for shadow_copy2 VFS module

Note that the test "fetch a previous version of a regular file via 
non-canonical
basepath" doesn't fail by "luck" because it runs into the "creating file"
optimisation in unix_convert().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14350

Signed-off-by: Ralph Boehme 
Reviewed-by: Jeremy Allison 
(cherry picked from commit 655c86d72a185b3fe4061a8b5791fd748924)

commit ecaeedb3183494c6901e30778a02adcdf7eb5f2a
Author: Gary Lockyer 
Date:   Fri May 1 09:15:49 2020 +1200

ldb: Bump version to 2.0.11

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14330

Signed-off-by: Gary Lockyer 

commit d65f5a1567ed44490197f60dbdc95a1ebf7d1421
Author: Gary Lockyer 
Date:   Wed Apr 1 08:22:08 2020 +1300

lib ldb: lmdb init var before calling mdb_reader_check

Initilalise "stale" to zero before passing a pointer to it to
mdb_reader_check.

Signed-off-by: Gary Lockyer 
Reviewed-by: Andreas Schneider 

Autobuild-User(master): Andreas Schneider 
Autobuild-Date(master): Tue Apr  7 12:29:00 UTC 2020 on sn-devel-184

(cherry picked from commit d1f4002b914efb31aa34a59e7c93d80f3174727c)

commit 5fb94e3efc6efbbee8ce52f6e0146d9571fc5187
Author: Gary Lockyer 
Date:   Mon Mar 30 12:08:30 2020 +1300

lib ldb: lmdb clear stale readers on write txn start

In use process failures and Bind9 shut downs leave stale entries in the
lmdb reader table.  This can result in lmdb filling it's database file, as
the free list can not be reclaimed due to the stale reader.

In this fix we call mdb_reader_check at the start of each transaction,
to free any stale readers.  As the default maximum number of readers is
127, this should not impact on performance to any great extent.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14330

Signed-off-by: Gary Lockyer 
Reviewed-by: Andrew Bartlett 

Autobuild-User(master): Andrew Bartlett 
Autobuild-Date(master): Tue Mar 31 01:26:07 UTC 2020 on sn-devel-184

(cherry picked from commit 89041a6d18a1d091ea713e6986cac5ca66c2b481)

commit 9d8ca2233cde625e0d64c427e417ae1d32da3714
Author: Gary Lockyer 
Date:   Mon Mar 16 15:18:12 2020 +1300

ldb tests: Confirm lmdb free list handling

Add cmocka tests to confirm lmdb's handling of the free list.

As a result of lmdb's MVCC (Multiversion Concurrency Control) long
running read transactions or stale readers (read transactions where the
process exited without ending the transaction) can cause the database to
run out of space.

Items in the

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-05-05 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  b6a7b42f9a8 VERSION: Bump version up to 4.11.10...
   via  8f72e88335c VERSION: Disable GIT_SNAPSHOT for the 4.11.9 release.
   via  17ae6b047cc WHATSNEW: Add release notes for Samba 4.11.9.
  from  24e21906a33 s3: pass DCE RPC handle type to create_policy_hnd

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit b6a7b42f9a82223e613d5f2c13819ab4c8f5854c
Author: Karolin Seeger 
Date:   Tue May 5 13:41:52 2020 +0200

VERSION: Bump version up to 4.11.10...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger 

commit 8f72e88335c036333aeae20fcb1a9791344aee73
Author: Karolin Seeger 
Date:   Tue May 5 13:41:00 2020 +0200

VERSION: Disable GIT_SNAPSHOT for the 4.11.9 release.

Signed-off-by: Karolin Seeger 

commit 17ae6b047cc677aa053d63bcb980fb547aa3296a
Author: Karolin Seeger 
Date:   Tue May 5 13:40:29 2020 +0200

WHATSNEW: Add release notes for Samba 4.11.9.

Signed-off-by: Karolin Seeger 

---

Summary of changes:
 VERSION  |  2 +-
 WHATSNEW.txt | 90 ++--
 2 files changed, 89 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index 66e3bd4fc29..4c7fb5b4df2 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=11
-SAMBA_VERSION_RELEASE=9
+SAMBA_VERSION_RELEASE=10
 
 
 # If a official release has a serious bug  #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 3502516273e..e4af7cb4105 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,89 @@
+   ==
+   Release Notes for Samba 4.11.9
+May 05, 2020
+  ==
+
+
+This is the latest stable release of the Samba 4.11 release series.
+
+
+Changes since 4.11.8
+
+
+o  Douglas Bagnall 
+   * BUG 14242: nmblib: Avoid undefined behaviour in handle_name_ptrs().
+
+o  Björn Baumbach 
+   * BUG 14296: 'samba-tool group' commands do not handle group names with
+ special chars correctly.
+
+o  Ralph Boehme 
+   * BUG 14237: smbd: avoid calling vfs_file_id_from_sbuf() if statinfo is not
+ valid.
+   * BUG 14293: Missing check for DMAPI offline status in async DOS attributes.
+   * BUG 14307: smbd: Ignore set NTACL requests which contain S-1-5-88 NFS 
ACEs.
+   * BUG 14316: vfs_recycle: Prevent flooding the log if we're called on
+ non-existant paths.
+   * BUG 14320: smbd mistakenly updates a file's write-time on close.
+
+o  Alexander Bokovoy 
+   * BUG 14359: RPC handles cannot be differentiated in source3 RPC server.
+
+o  Günther Deschner 
+   * BUG 14313: librpc: Fix IDL for svcctl_ChangeServiceConfigW.
+   * BUG 14327: nsswitch: Fix use-after-free causing segfault in
+ _pam_delete_cred.
+
+o  Art M. Gallagher 
+   * BUG 13622: Fix fruit:time machine max size on arm.
+
+o  Amitay Isaacs 
+   * BUG 14294: CTDB recovery corner cases can cause record resurrection and
+ node banning.
+
+o  Volker Lendecke 
+   * BUG 14348: ctdb: Fix a memleak.
+   * libsmb: Don't try to find posix stat info in SMBC_getatr().
+
+o  Noel Power 
+   * BUG 14295: ctdb-tcp: Move free of inbound queue to TCP restart.
+   * BUG 14344: s3/librpc/crypto: Fix double free with unresolved credential
+ cache.
+
+o  Andreas Schneider 
+   * BUG 14336: s3:libads: Fix ads_get_upn().
+
+o  Martin Schwenke 
+   * BUG 14294: CTDB recovery corner cases can cause record resurrection and
+ node banning.
+   * BUG 14295: Starting ctdb node that was powered off hard before results in
+ recovery loop.
+   * BUG 14324: ctdb-recoverd: Avoid dereferencing NULL rec->nodemap.
+
+
+###
+Reporting bugs & Development Discussion
+###
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+==
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==
+
+
+Release notes for older releases follow:
+
+
==

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-05-04 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  24e21906a33 s3: pass DCE RPC handle type to create_policy_hnd
   via  08c012642f7 ctdb: Fix a memleak
   via  40a7250da76 libsmb: Don't try to find posix stat info in 
SMBC_getatr()
  from  e12887cdaec VERSION: Bump version up to 4.11.9.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 24e21906a339488d84a740783eb1d47e15ffc195
Author: Alexander Bokovoy 
Date:   Tue Apr 28 21:59:46 2020 +0300

s3: pass DCE RPC handle type to create_policy_hnd

Various RPC services expect policy handles of a specific type.

s3 RPC server did not allow to create policy handles with a specific
type while actually requiring that policy handle type itself in some
places.

Make sure we are able to specify the policy on-wire handle type when
creating the policy handle. The changes follow s4 DCE RPC server
implementation.

The original logic to always set on-wire handle type to 0 can be tracked
down to commit fdeea341ed1bae670382e45eb731db1b5838ad21 when we didn't
really know about differences in on-wire handle types.

All but LSA trusted domain RPC calls do not check the on-wire handle
type in s3 RPC server.

Fixes trusted domain operations when Samba RPC client attempts to call
s3 RPC server to perform lsa_lsaRSetForestTrustInformation in FreeIPA.
This fix is a pre-requisite for FreeIPA-FreeIPA forest trust.

Signed-off-by: Alexander Bokovoy 
Reviewed-by: Jeremy Allison 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Tue Apr 28 22:55:29 UTC 2020 on sn-devel-184

(cherry picked from commit c7a4578d06427a82ead287f0c5248c1a54cc9336)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Mon May  4 11:35:51 UTC 2020 on sn-devel-184

commit 08c012642f710c9005d2d89d5e5d3d89deb6d8e1
Author: Volker Lendecke 
Date:   Thu Apr 16 14:38:34 2020 +0200

ctdb: Fix a memleak

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14348
Signed-off-by: Volker Lendecke 
Reviewed-by: Martin Schwenke 

Autobuild-User(master): Martin Schwenke 
Autobuild-Date(master): Fri Apr 17 08:32:35 UTC 2020 on sn-devel-184

(cherry picked from commit ad4b53f2d95de3d3609f3a23d96602f3dd516705)

commit 40a7250da766e2ff24c36cb7efda8d6202136d6c
Author: Volker Lendecke 
Date:   Thu Mar 19 11:01:41 2020 +0100

libsmb: Don't try to find posix stat info in SMBC_getatr()

This wrongly used "frame" instead of "fname", which can never have
worked. A first attempt to fix in 51551e0d53fa6 caused a few followup
patches in an attempt to clean up the test failures 51551e0d53fa6
introduced. They were reverted after a few discussions. So rather than
changing behaviour, just remove the code that introduced the valgrind
error again.

Signed-off-by: Volker Lendecke 
Reviewed-by: Andreas Schneider 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Fri Mar 20 05:06:07 UTC 2020 on sn-devel-184

(cherry picked from commit 39c910fd9cba3caf7414274b678b9eee33d7e20b)

---

Summary of changes:
 ctdb/server/ctdb_recoverd.c   |  1 +
 source3/include/libsmb_internal.h |  1 -
 source3/libsmb/libsmb_file.c  | 20 ---
 source3/libsmb/libsmb_server.c|  9 ---
 source3/rpc_server/epmapper/srv_epmapper.c|  7 ++-
 source3/rpc_server/eventlog/srv_eventlog_nt.c |  2 +-
 source3/rpc_server/lsa/srv_lsa_nt.c   |  2 +-
 source3/rpc_server/mdssvc/srv_mdssvc_nt.c |  2 +-
 source3/rpc_server/rpc_handles.c  | 30 ++
 source3/rpc_server/rpc_pipes.h| 19 --
 source3/rpc_server/samr/srv_samr_nt.c | 84 ---
 source3/rpc_server/spoolss/srv_spoolss_nt.c   |  2 +-
 source3/rpc_server/svcctl/srv_svcctl_nt.c |  2 +-
 source3/rpc_server/winreg/srv_winreg_nt.c |  6 +-
 14 files changed, 109 insertions(+), 78 deletions(-)


Changeset truncated at 500 lines:

diff --git a/ctdb/server/ctdb_recoverd.c b/ctdb/server/ctdb_recoverd.c
index ef453d4737b..2c029256c02 100644
--- a/ctdb/server/ctdb_recoverd.c
+++ b/ctdb/server/ctdb_recoverd.c
@@ -2078,6 +2078,7 @@ static int verify_local_ip_allocation(struct ctdb_context 
*ctdb,
/* Return early if disabled... */
if (ctdb_config.failover_disabled ||
ctdb_op_is_disabled(rec->takeover_run)) {
+   talloc_free(mem_ctx);
return  0;
}
 
diff --git a/source3/include/libsmb_internal.h 
b/source3/include/libsmb_internal.h
index af56df58792..edd19c7c15b 100644
--- a/source3/include/libsmb_internal.h
+++ b/source3/include/libsmb_internal.h
@@ -76,7 +76,6 @@ typedef struct DOS_ATTR_DESC {

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-04-28 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  e12887cdaec VERSION: Bump version up to 4.11.9.
   via  94c0fbebc6c Merge tag 'samba-4.11.8' into v4-11-test
   via  86c951a1336 VERSION: Disable GIT_SNAPSHOT for the 4.11.8 release.
   via  b720477b57f WHATSNEW: Add release notes for Samba 4.11.8.
   via  40a58a973c0 CVE-2020-10704 libcli ldap: Check search request 
lengths.
   via  458b014a4d1 CVE-2020-10704: libcli ldap_message: Add search size 
limits to ldap_decode
   via  5cf90961748 CVE-2020-10704: S4 ldap server: Limit request sizes
   via  fde64820294 CVE-2020-10704: smb.conf: Add max ldap request sizes
   via  e5c4b58314e CVE-2020-10704: ldapserver tests: Limit search request 
sizes
   via  ef35bb12674 CVE-2020-10704: lib util asn1: Check parse tree depth
   via  f9d5c246f8a CVE-2020-10704: libcli ldap: test recursion depth in 
ldap_decode_filter_tree
   via  f931ec7b387 CVE-2020-10704: lib util asn1: Add ASN.1 max tree depth
   via  2a611988cac CVE-2020-10700: ldb: Bump version up to 2.0.10.
   via  980831bb97c CVE-2020-10700: dsdb: Do not permit the ASQ control for 
the GUID search in paged_results
   via  24e621b4dde CVE-2020-10700: ldb: Always use ldb_next_request() in 
ASQ module
   via  ffd2779db53 CVE-2020-10700: dsdb: Add test for ASQ and ASQ in 
combination with paged_results
   via  71bc0ab02b3 VERSION: Bump version up to 4.11.8...
  from  34bfaafc77e s3/librpc/crypto: Fix double free with unresolved 
credential cache

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit e12887cdaece9bf4edb125894f9c9e7a68c70830
Author: Karolin Seeger 
Date:   Tue Apr 28 13:50:45 2020 +0200

VERSION: Bump version up to 4.11.9.

Signed-off-by: Karolin Seeger 

commit 94c0fbebc6cf32b82e3b25a1f254e22efbc3fcdf
Merge: 34bfaafc77e 86c951a1336
Author: Karolin Seeger 
Date:   Tue Apr 28 13:50:10 2020 +0200

Merge tag 'samba-4.11.8' into v4-11-test

samba: tag release samba-4.11.8

---

Summary of changes:
 VERSION|   2 +-
 WHATSNEW.txt   |  65 -
 auth/gensec/gensec_util.c  |   2 +-
 docs-xml/smbdotconf/ldap/ldapmaxanonrequest.xml|  18 ++
 docs-xml/smbdotconf/ldap/ldapmaxauthrequest.xml|  18 ++
 docs-xml/smbdotconf/ldap/ldapmaxsearchrequest.xml  |  18 ++
 lib/ldb/ABI/{ldb-2.0.5.sigs => ldb-2.0.10.sigs}|   0
 ...ldb-util-1.1.10.sigs => pyldb-util-2.0.10.sigs} |   0
 lib/ldb/modules/asq.c  |  12 +-
 lib/ldb/wscript|   2 +-
 lib/param/loadparm.c   |   7 +
 lib/util/asn1.c|  37 ++-
 lib/util/asn1.h|  10 +-
 lib/util/tests/asn1_tests.c|   2 +-
 libcli/auth/spnego_parse.c |   6 +-
 libcli/cldap/cldap.c   |  20 +-
 libcli/ldap/ldap_message.c |   7 +-
 libcli/ldap/ldap_message.h |   5 +
 libcli/ldap/tests/data/1-or.dat| Bin 0 -> 39875 bytes
 libcli/ldap/tests/data/ldap-recursive.dat  | Bin 0 -> 970 bytes
 libcli/ldap/tests/ldap_message_test.c  | 287 +
 libcli/ldap/wscript_build  |  15 ++
 python/samba/tests/ldap_raw.py | 234 +
 source3/lib/tldap.c|   4 +-
 source3/lib/tldap_util.c   |   4 +-
 source3/libsmb/clispnego.c |   4 +-
 source3/param/loadparm.c   |   4 +
 source3/torture/torture.c  |   2 +-
 source4/auth/gensec/gensec_krb5.c  |   4 +-
 source4/dsdb/samdb/ldb_modules/paged_results.c |  18 +-
 source4/dsdb/tests/python/asq.py   | 171 
 source4/ldap_server/ldap_server.c  | 108 +++-
 source4/libcli/ldap/ldap_client.c  |   5 +-
 source4/libcli/ldap/ldap_controls.c|  48 ++--
 source4/selftest/tests.py  |   8 +
 35 files changed, 1078 insertions(+), 69 deletions(-)
 create mode 100644 docs-xml/smbdotconf/ldap/ldapmaxanonrequest.xml
 create mode 100644 docs-xml/smbdotconf/ldap/ldapmaxauthrequest.xml
 create mode 100644 docs-xml/smbdotconf/ldap/ldapmaxsearchrequest.xml
 copy lib/ldb/ABI/{ldb-2.0.5.sigs => ldb-2.0.10.sigs} (100%)
 copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util-2.0.10.sigs} (100%)
 create mode 100644 libcli/ldap/tests/data/1-or.dat
 create mode 100644 libcli/ldap/tests/data/ldap-recursive.dat
 create mode 100644 libcli/ldap/tests/ldap_message_test.c
 create mode 100644

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-04-15 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  34bfaafc77e s3/librpc/crypto: Fix double free with unresolved 
credential cache
  from  f7ff511bc26 testprogs: Add 'net ads join createupn' test also 
verifying the keytab

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 34bfaafc77e35c8808452f678111c73bbbdd705d
Author: Noel Power 
Date:   Tue Apr 14 11:21:22 2020 +0100

s3/librpc/crypto: Fix double free with unresolved credential cache

We free gse_ctx->k5ctx but then free it again in the
talloc dtor. This patch just lets the talloc dtor handle
things and removes the extra krb5_free_context

Failed to resolve credential cache 'DIR:/run/user/1000/krb5cc'! (No 
credentials cache found)
==30762== Invalid read of size 8
==30762==at 0x108100F4: k5_os_free_context (in 
/usr/lib64/libkrb5.so.3.3)
==30762==by 0x107EA661: krb5_free_context (in /usr/lib64/libkrb5.so.3.3)
==30762==by 0x7945D2E: gse_context_destructor (gse.c:84)
==30762==by 0x645FB49: _tc_free_internal (talloc.c:1157)
==30762==by 0x645FEC5: _talloc_free_internal (talloc.c:1247)
==30762==by 0x646118D: _talloc_free (talloc.c:1789)
==30762==by 0x79462E4: gse_context_init (gse.c:241)
==30762==by 0x794636E: gse_init_client (gse.c:268)
==30762==by 0x7947602: gensec_gse_client_start (gse.c:786)
==30762==by 0xBC87A3A: gensec_start_mech (gensec_start.c:743)
==30762==by 0xBC87BC6: gensec_start_mech_by_ops (gensec_start.c:774)
==30762==by 0xBC8167F: gensec_spnego_client_negTokenInit_step 
(spnego.c:633)
==30762==  Address 0x17259928 is 40 bytes inside a block of size 496 free'd
==30762==at 0x4C2F50B: free (in 
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==30762==by 0x79462CA: gse_context_init (gse.c:238)
==30762==by 0x794636E: gse_init_client (gse.c:268)
==30762==by 0x7947602: gensec_gse_client_start (gse.c:786)
==30762==by 0xBC87A3A: gensec_start_mech (gensec_start.c:743)
==30762==by 0xBC87BC6: gensec_start_mech_by_ops (gensec_start.c:774)
==30762==by 0xBC8167F: gensec_spnego_client_negTokenInit_step 
(spnego.c:633)
==30762==by 0xBC813E2: gensec_spnego_client_negTokenInit_start 
(spnego.c:537)
==30762==by 0xBC84084: gensec_spnego_update_pre (spnego.c:1943)
==30762==by 0xBC83AE5: gensec_spnego_update_send (spnego.c:1741)
==30762==by 0xBC85622: gensec_update_send (gensec.c:449)
==30762==by 0x551BFD0: cli_session_setup_gensec_local_next 
(cliconnect.c:997)
==30762==  Block was alloc'd at
==30762==at 0x4C306B5: calloc (in 
/usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so)
==30762==by 0x107EA7AE: krb5_init_context_profile (in 
/usr/lib64/libkrb5.so.3.3)
==30762==by 0xB853215: smb_krb5_init_context_common (krb5_samba.c:3597)
==30762==by 0x794615B: gse_context_init (gse.c:209)
==30762==by 0x794636E: gse_init_client (gse.c:268)
==30762==by 0x7947602: gensec_gse_client_start (gse.c:786)
==30762==by 0xBC87A3A: gensec_start_mech (gensec_start.c:743)
==30762==by 0xBC87BC6: gensec_start_mech_by_ops (gensec_start.c:774)
==30762==by 0xBC8167F: gensec_spnego_client_negTokenInit_step 
(spnego.c:633)
==30762==by 0xBC813E2: gensec_spnego_client_negTokenInit_start 
(spnego.c:537)
==30762==by 0xBC84084: gensec_spnego_update_pre (spnego.c:1943)
==30762==by 0xBC83AE5: gensec_spnego_update_send (spnego.c:1741)
==30762==

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14344
Signed-off-by: Noel Power 
Reviewed-by: Volker Lendecke 

Autobuild-User(master): Noel Power 
Autobuild-Date(master): Tue Apr 14 22:55:51 UTC 2020 on sn-devel-184

(cherry picked from commit 34f8ab774d1484b0e60dbdec8ad2a1607ad92122)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Wed Apr 15 14:34:51 UTC 2020 on sn-devel-184

---

Summary of changes:
 source3/librpc/crypto/gse.c | 4 
 1 file changed, 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/librpc/crypto/gse.c b/source3/librpc/crypto/gse.c
index 9a9f4261222..47dc1a0649a 100644
--- a/source3/librpc/crypto/gse.c
+++ b/source3/librpc/crypto/gse.c
@@ -234,10 +234,6 @@ static NTSTATUS gse_context_init(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
 
 err_out:
-   if (gse_ctx->k5ctx) {
-   krb5_free_context(gse_ctx->k5ctx);
-   }
-
TALLOC_FREE(gse_ctx);
return status;
 }


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-04-07 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  f7ff511bc26 testprogs: Add 'net ads join createupn' test also 
verifying the keytab
   via  d9709735d5b s3:libads: Fix ads_get_upn()
   via  fa3250fdac1 smbd: let delayed update handler also update on-disk 
timestamps
   via  c8b5d996ec7 smbd: let mark_file_modified() always call 
trigger_write_time_update()
   via  8dbdba4a315 smbd: remove stat call from mark_file_modified()
   via  dbff6af0acf smbd: avoid double chdir() in chdir_current_service()
   via  0a8d442fe53 smbd: flush pending writetime update when setting 
timestamps file
   via  4f5a5e5d6e7 smbd: flush pending writetime update when flushing file
   via  5f4a49bd9f6 smbd: always flush pending write time update when 
setting filesize
  from  16d837cb233 nsswitch: fix use-after-free causing segfault in 
_pam_delete_cred

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit f7ff511bc26abf6f7a1b98cf31e461234a387892
Author: Andreas Schneider 
Date:   Fri Apr 3 15:40:48 2020 +0200

testprogs: Add 'net ads join createupn' test also verifying the keytab

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14336

Signed-off-by: Andreas Schneider 
Reviewed-by: Alexander Bokovoy 

Autobuild-User(master): Andreas Schneider 
Autobuild-Date(master): Mon Apr  6 19:09:53 UTC 2020 on sn-devel-184

(cherry picked from commit c4be195da2845be4f64e47883e3c911dedd90e48)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Tue Apr  7 10:51:07 UTC 2020 on sn-devel-184

commit d9709735d5b26320a141ff686b9919539a8fa8a5
Author: Andreas Schneider 
Date:   Fri Apr 3 15:58:28 2020 +0200

s3:libads: Fix ads_get_upn()

This adds the userPrincipalName to ads_find_machine_acct() which
fetches the data for us.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14336

Signed-off-by: Andreas Schneider 
Reviewed-by: Alexander Bokovoy 
(cherry picked from commit ec69752cb963ae850568d3f4905d2941e485627e)

commit fa3250fdac1c8c79ffec6a4ebaf6183649b9086d
Author: Ralph Boehme 
Date:   Sun Mar 15 08:30:21 2020 +0100

smbd: let delayed update handler also update on-disk timestamps

Let delayed update handler also update on-disk timestamps by calling
trigger_write_time_update_immediate().

trigger_write_time_update_immediate() sets fsp->update_write_time_on_close 
to
false which prevents updating the write-time on close if there was ever 
only one
write to the file.

Besides resetting fsp->update_write_time_on_close and setting the on-disk 
timestamps
trigger_write_time_update_immediate() takes the same steps as the removed 
code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14320

Signed-off-by: Ralph Boehme 
Reviewed-by: Jeremy Allison 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Thu Mar 19 03:05:40 UTC 2020 on sn-devel-184

(back ported from commit 81c1a14e3271aeed7ed4fe6311171b19ba963555)

commit c8b5d996ec77704835c59f4b2cd8190c31df98c2
Author: Ralph Boehme 
Date:   Sun Mar 15 08:30:21 2020 +0100

smbd: let mark_file_modified() always call trigger_write_time_update()

Preperatory change: the next commit will reset 
fsp->update_write_time_on_close
in the event handler, so this change ensures it gets set again for any
subsequent write.

This will NOT always result in a write-time update because
trigger_write_time_update() has its own only-once logic using the internal
variable fsp->update_write_time_triggered.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14320

Signed-off-by: Ralph Boehme 
Reviewed-by: Jeremy Allison 
(cherry picked from commit 53de2da7acfc24513082190502d93306c12b7434)

commit 8dbdba4a3156e1b0caf18a55591cacebedb12369
Author: Ralph Boehme 
Date:   Sun Mar 15 15:51:18 2020 +0100

smbd: remove stat call from mark_file_modified()

This stat dates back to d03453864ab1bc5fd3b4a3abaf96176a006c102b where the 
call
to trigger_write_time_update() had been to the file IO codepath. It was 
present
there for other reasons: to setup the write-cache based on the file's size.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14320

Signed-off-by: Ralph Boehme 
Reviewed-by: Jeremy Allison 
(cherry picked from commit 2c19d27113036d607850f370bb9afd62856d671e)

commit dbff6af0acf36e2f377694d9f83a4a49d28b8ba6
Author: Ralph Boehme 
Date:   Wed Jan 22 10:52:39 2020 +0100

smbd: avoid double chdir() in chdir_current_service()

Since 8e81090789e4cc3ba9e5aa792d4e52971909c894 we're doing chdir() twice, 
first
into conn->connectpath, then into conn->origpath.

Before commit 8e81090789e4cc3ba9e5aa792d4e52971909c894 if
chdir(conn->connectpath) succeeded, we wouldn't do the second

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-03-31 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  16d837cb233 nsswitch: fix use-after-free causing segfault in 
_pam_delete_cred
  from  8159513ac73 ctdb-recoverd: Avoid dereferencing NULL rec->nodemap

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 16d837cb233fca641943d0194a3e0cb379275ec4
Author: Günther Deschner 
Date:   Fri Mar 27 10:13:11 2020 +0100

nsswitch: fix use-after-free causing segfault in _pam_delete_cred

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14327

Guenther

Signed-off-by: Guenther Deschner 
Reviewed-by: Alexander Bokovoy 

Autobuild-User(master): Günther Deschner 
Autobuild-Date(master): Mon Mar 30 13:01:20 UTC 2020 on sn-devel-184

(cherry picked from commit 047b0d8ab534c7a10a8572fd9f21e2456fd30710)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Tue Mar 31 16:14:54 UTC 2020 on sn-devel-184

---

Summary of changes:
 nsswitch/pam_winbind.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


Changeset truncated at 500 lines:

diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c
index 3ad70d3c4cd..7af03fe2bd0 100644
--- a/nsswitch/pam_winbind.c
+++ b/nsswitch/pam_winbind.c
@@ -2609,7 +2609,6 @@ static int _pam_delete_cred(pam_handle_t *pamh, int flags,
wbc_status = wbcCtxLogoffUserEx(ctx->wbc_ctx, , );
retval = wbc_auth_error_to_pam_error(ctx, error, wbc_status,
 user, "wbcLogoffUser");
-   wbcFreeMemory(error);
wbcFreeMemory(logoff.blobs);
logoff.blobs = NULL;
 
@@ -2629,6 +2628,7 @@ out:
retval = wbc_auth_error_to_pam_error(ctx, error, wbc_status,
 user, "wbcLogoffUser");
}
+   wbcFreeMemory(error);
 
/*
 * Delete the krb5 ccname variable from the PAM environment


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-03-30 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  8159513ac73 ctdb-recoverd: Avoid dereferencing NULL rec->nodemap
   via  10592fcd018 ctdb-daemon: Don't allow attach from recovery if 
recovery is not active
   via  938dd246786 ctdb-daemon: Remove more unused old client database 
functions
   via  5ef3effeaed ctdb-recovery: Remove old code for creating missing 
databases
   via  9beb8edf596 ctdb-recovery: Create database on nodes where it is 
missing
   via  44b330ad02f ctdb-recovery: Fetch database name from all nodes where 
it is attached
   via  678a5c33d69 ctdb-recovery: Pass db structure for each database 
recovery
   via  0d89960f18c ctdb-recovery: GET_DBMAP from all nodes
   via  62bb07b7b72 ctdb-recovery: Replace use of ctdb_dbid_map with local 
db_list
   via  92b0fcf3a4e ctdb-daemon: Respect CTDB_CTRL_FLAG_ATTACH_RECOVERY 
when attaching databases
   via  835f091f80a ctdb-recovery: Use CTDB_CTRL_FLAG_ATTACH_RECOVERY to 
attach during recovery
   via  c42aec419ff ctdb-protocol: Add control flag 
CTDB_CTRL_FLAG_ATTACH_RECOVERY
   via  eac703c1d31 ctdb-daemon: Remove unused old client database functions
   via  ac738d067ac ctdb-daemon: Fix database attach deferral logic
   via  436a746ed1a ctdb-recovery: Refactor banning a node into separate 
computation
   via  3640f428b13 ctdb-recovery: Don't trust nodemap obtained from local 
node
   via  3fa7d0c2ba4 ctdb-recovery: Consolidate node state
   via  1b703e591b6 ctdb-recovery: Fetched vnnmap is never used, so don't 
fetch it
   via  64d6c40bf1d ctdb-client: Factor out function client_db_tdb()
   via  9c3b0d389ce ctdb-daemon: Implement DB_VACUUM control
   via  b87b08a540f ctdb-vacuum: Only schedule next vacuum event if 
vacuuuming is scheduled
   via  c20ae7c8bc3 ctdb-daemon: Factor out code to create vacuuming child
   via  6a48db92ea7 ctdb-vacuum: Simplify recording of in-progress 
vacuuming child
   via  f0bd906afe7 ctdb-protocol: Add marshalling for control DB_VACUUM
   via  9a9dc4f05f4 ctdb-protocol: Add marshalling for struct ctdb_db_vacuum
   via  d036521725d ctdb-protocol: Add new control CTDB_CONTROL_DB_VACUUM
   via  bfdd98317b4 ctdb-vacuum: Avoid processing any more packets
   via  30d8a00c8e8 ctdb-daemon: Avoid memory leak when packet is deferred
   via  1d73ad17ec6 ctdb-recoverd: No need for database detach handler
   via  0a2428cf9f3 ctdb-recoverd: Drop VACUUM_FETCH message handling
   via  9aa7e66651d ctdb-vacuum: Replace VACUUM_FETCH message with control
   via  190b34ff2cf ctdb-vacuum: Add processing of fetch queue
   via  ee045a05acb ctdb-daemon: Add implementation of VACUUM_FETCH control
   via  8b81e9e93af ctdb-tests: Add marshalling tests for new control
   via  3eb8470086f ctdb-protocol: Add marshalling for new control 
VACUUM_FETCH
   via  08f7a43dda5 ctdb-protocol: Add new control VACUUM_FETCH
   via  3564e7c2940 ctdb-tests: Drop code releated to obsolete controls
   via  42e293f7e2e ctdb-protocol: Drop code related to obsolete controls
   via  e7a6abca56a ctdb-client: Fix some typos in debug messages
  from  45fab149767 selftest: test samba-tool group commands with 
groupnames with brackets and spaces

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 8159513ac73839a249a8adb059be9dbea9a57681
Author: Martin Schwenke 
Date:   Sun Mar 22 13:46:46 2020 +1100

ctdb-recoverd: Avoid dereferencing NULL rec->nodemap

Inside the nested event loop in ctdb_ctrl_getnodemap(), various
asynchronous handlers may dereference rec->nodemap, which will be
NULL.

One example is lost_reclock_handler(), which causes rec->nodemap to be
unconditionally dereferenced in list_of_nodes() via this call chain:

  list_of_nodes()
  list_of_active_nodes()
  set_recovery_mode()
  force_election()
  lost_reclock_handler()

Instead of attempting to trace all of the cases, just avoid leaving
rec->nodemap set to NULL.  Attempting to use an old value is generally
harmless, especially since it will be the same as the new value in
most cases.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14324

Reported-by: Volker Lendecke 
Signed-off-by: Martin Schwenke 
Reviewed-by: Amitay Isaacs 

Autobuild-User(master): Martin Schwenke 
Autobuild-Date(master): Tue Mar 24 01:22:45 UTC 2020 on sn-devel-184

(cherry picked from commit 716f52f68b248ae7cfd66479b3fc678c4a0d8b38)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Mon Mar 30 11:22:26 UTC 2020 on sn-devel-184

commit 10592fcd018b770c6ff877b06bedfa7cdd0d88cd
Author: Martin Schwenke 
Date:   Tue Feb 25 17:32:56 2020 +1100

ctdb-daemon: Don't allow attach from recovery if recovery is not active

Neither the

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-03-27 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  45fab149767 selftest: test samba-tool group commands with 
groupnames with brackets and spaces
   via  5608ab2f62d samba-tool group edit: use binary encoded group name
   via  f8525b2aa46 samba-tool group delete: use binary encoded group name
   via  b1d664f9541 samba-tool group move: use binary encoded group name
   via  6122aa423f2 samba-tool group listmembers: use binary encoded group 
names
   via  0d95ad22384 samba-tool group listmembers: find group members by 
groups SID
   via  f4fc8a04596 samba-tool group listmembers: handle 
group-does-not-exist error
   via  496424ebd63 samba-tool group listmembers: hide python backtracke on 
command error
  from  ab7fe462500 ctdb-tcp: Do not stop outbound connection in 
ctdb_tcp_node_connect()

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 45fab149767a951f458514093c12a5238b41c9e7
Author: Björn Baumbach 
Date:   Thu Feb 27 11:06:34 2020 +0100

selftest: test samba-tool group commands with groupnames with brackets and 
spaces

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296

Signed-off-by: Björn Baumbach 
Reviewed-by: Andrew Bartlett 
(cherry picked from commit 534809a0f09775390e89fa1cbfae3a1d0fafecb8)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Fri Mar 27 11:54:17 UTC 2020 on sn-devel-184

commit 5608ab2f62dca919016e3d7cedbd5601fe587d45
Author: Björn Baumbach 
Date:   Wed Feb 26 13:56:14 2020 +0100

samba-tool group edit: use binary encoded group name

Allows to edit groups with names like e.g. 'group1 (xy)'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296

Signed-off-by: Björn Baumbach 
Reviewed-by: Andrew Bartlett 
(cherry picked from commit f3e7ea0405d46ddfbeba9b3a84c13b7878464180)

commit f8525b2aa46edab630e1252bfd912126b365ac97
Author: Björn Baumbach 
Date:   Wed Feb 26 13:55:01 2020 +0100

samba-tool group delete: use binary encoded group name

Allows to delete groups with names like e.g. 'group1 (xy)'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296

Signed-off-by: Björn Baumbach 
Reviewed-by: Andrew Bartlett 
(cherry picked from commit 104582b73caf008600e15d76d57424263a0f28d4)

commit b1d664f9541e1949676c4709158f82906d058157
Author: Björn Baumbach 
Date:   Wed Feb 26 13:40:50 2020 +0100

samba-tool group move: use binary encoded group name

Allows to move groups with names like e.g. 'group1 (xy)'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296

Signed-off-by: Björn Baumbach 
Reviewed-by: Andrew Bartlett 
(cherry picked from commit 626209beab2fc9b0fdb7e90338cdfec5cfa48dd7)

commit 6122aa423f26d02336547034e920fe1000234599
Author: Björn Baumbach 
Date:   Wed Feb 26 13:38:50 2020 +0100

samba-tool group listmembers: use binary encoded group names

Allows to find groups with names like e.g. 'group1 (xy)'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296

Signed-off-by: Björn Baumbach 
Reviewed-by: Andrew Bartlett 
(cherry picked from commit d0f8e833653df652df01a472c4bbfd256f10f810)

commit 0d95ad22384d069b58b7271fe1e77a9c0e86a5af
Author: Björn Baumbach 
Date:   Wed Feb 26 13:39:44 2020 +0100

samba-tool group listmembers: find group members by groups SID

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296

Signed-off-by: Björn Baumbach 
Reviewed-by: Andrew Bartlett 
(cherry picked from commit 1d2e9f27fa9cff55245e45a194f696fc9ca4376d)

commit f4fc8a045967ae0b915e2964c60591524e33f56e
Author: Björn Baumbach 
Date:   Wed Feb 26 13:08:43 2020 +0100

samba-tool group listmembers: handle group-does-not-exist error

Return a error with a proper message instead of just do nothing when
the target group does not exist.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14296

Signed-off-by: Björn Baumbach 
Reviewed-by: Andrew Bartlett 
(cherry picked from commit 40e498e743e4677a42030373e8d97f6f9763080a)

commit 496424ebd6371c3e1bfac53c184f184c93083087
Author: Björn Baumbach 
Date:   Wed Feb 26 13:05:16 2020 +0100

samba-tool group listmembers: hide python backtracke on command error

Signed-off-by: Björn Baumbach 
Reviewed-by: Andrew Bartlett 
(cherry picked from commit 789d84c0a9a406f7e0c9ab48cf2f31afdc4d3829)

---

Summary of changes:
 python/samba/netcmd/group.py   | 41 ++
 python/samba/tests/samba_tool/group.py |  3 ++-
 2 files changed, 24 insertions(+), 20 deletions(-)


Changeset truncated at 500 lines:

diff --git a/python/samba/netcmd/group.py b/python/samba/netcmd/group.py
index 536c1cba613..88e666e27dc 100644
--- a/python/samba/netcmd/group.py
+++

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-03-19 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  ab7fe462500 ctdb-tcp: Do not stop outbound connection in 
ctdb_tcp_node_connect()
   via  482e40c0560 ctdb-tcp: Factor out function ctdb_tcp_start_outgoing()
   via  f1ed1860b07 ctdb-tcp: add ctdb_tcp_stop_incoming()
   via  8cfc1a398d1 ctdb-tcp: rename ctdb_tcp_stop_connection() to 
ctdb_tcp_stop_outgoing()
   via  a1a955a77f9 ctdb-tcp: Remove redundant restart in 
ctdb_tcp_tnode_cb()
   via  42a76edd5d1 ctdb-tcp: always call node_dead() upcall in 
ctdb_tcp_tnode_cb()
   via  04e5ac81498 ctdb-tcp: move free of inbound queue to TCP restart
   via  b6419a9e9fc ctdb-daemon: more logical whitespace, debug 
modernisation
   via  503427f7d67 ctdb-daemon: ensure restart() callback is called in 
half-connected state
   via  586ac88bca4 ctdb-daemon: Rename ctdb_context private_data to 
transport_data
   via  2cb3749ef90 ctdb-daemon: Rename ctdb_node private_data to 
transport_data
  from  aff55431702 nmblib: avoid undefined behaviour in handle_name_ptrs()

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit ab7fe4625009d7edd2ffb9f22b914b6fa0d0d03d
Author: Martin Schwenke 
Date:   Fri Mar 6 16:11:23 2020 +1100

ctdb-tcp: Do not stop outbound connection in ctdb_tcp_node_connect()

The only place the outgoing connection needs to be stopped is when
there is a timeout when waiting for the connection to become writable.
Add a new function ctdb_tcp_node_connect_timeout() to handle this
case.

All of the other cases are attempts to establish a new outgoing
connection (initial attempt, retry after an error or disconnect, ...)
so drop stopping the connection in those cases.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14295

Signed-off-by: Amitay Isaacs 
Signed-off-by: Martin Schwenke 

Autobuild-User(master): Martin Schwenke 
Autobuild-Date(master): Thu Mar 12 05:29:20 UTC 2020 on sn-devel-184

(cherry picked from commit 319c93f0c6a949545229b616dfbd4f51baf11171)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Thu Mar 19 10:55:49 UTC 2020 on sn-devel-184

commit 482e40c0560119a1b1906ff27f0b55beab274a96
Author: Martin Schwenke 
Date:   Fri Mar 6 15:59:32 2020 +1100

ctdb-tcp: Factor out function ctdb_tcp_start_outgoing()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14295

Signed-off-by: Amitay Isaacs 
Signed-off-by: Martin Schwenke 
(cherry picked from commit 3c8747fe29486a4f95308b335a5e3ec1807f62cb)

commit f1ed1860b0747b9de39928bd5390e8beb09e948b
Author: Ralph Boehme 
Date:   Sat Feb 29 11:54:51 2020 +0100

ctdb-tcp: add ctdb_tcp_stop_incoming()

No change in behaviour.  This makes the code self-documenting.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14295

Signed-off-by: Ralph Boehme 
Signed-off-by: Martin Schwenke 
(cherry picked from commit 2c73dbafba50b28e72a8ec7b4382fae42fca6d17)

commit 8cfc1a398d1ada22b7d48114700cc7caf7399a32
Author: Ralph Boehme 
Date:   Fri Feb 28 11:36:00 2020 +0100

ctdb-tcp: rename ctdb_tcp_stop_connection() to ctdb_tcp_stop_outgoing()

No change in behaviour.  This makes the code self-documenting.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14295

Signed-off-by: Ralph Boehme 
Reviewed-by: Martin Schwenke 
(cherry picked from commit 1e2a967ff41cc29c3a0d7f61a46937c68fdb90ba)

commit a1a955a77f9b67b7e8d8e271b3a2c71c62f52be6
Author: Ralph Boehme 
Date:   Sat Feb 29 12:28:20 2020 +0100

ctdb-tcp: Remove redundant restart in ctdb_tcp_tnode_cb()

The node dead upcall has already restarted the outgoing connection.
There's no need to repeat it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14295

Signed-off-by: Ralph Boehme 
Signed-off-by: Martin Schwenke 
(cherry picked from commit ea37ecdcd5960311f54a7a5510b88a654da23daa)

commit 42a76edd5d144c495de31517cb642416a5ab2875
Author: Ralph Boehme 
Date:   Sat Feb 29 12:13:12 2020 +0100

ctdb-tcp: always call node_dead() upcall in ctdb_tcp_tnode_cb()

ctdb_tcp_tnode_cb() is called when we receive data on the outgoing 
connection.

This can happen when we get an EOF on the connection because the other side 
as
closed. In this case data will be NULL.

It would also be called if we received data from the peer. In this case data
will not be NULL.

The latter case is a fatal error though and we already call
ctdb_tcp_stop_connection() for this case as well, which means even though 
the
node is not fully connected anymore, by not calling the node_dead() upcall
NODE_FLAGS_DISCONNECTED will not be set.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14295

Signed-off-by: Ralph Boehme 
Reviewed-by: Martin Schwenke 
(cherry picked

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-03-18 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  aff55431702 nmblib: avoid undefined behaviour in handle_name_ptrs()
   via  14511bd7ccd vfs_recycle: prevent flooding the log if we're called 
on non-existant paths
   via  c98e8ec8566 librpc: fix IDL for svcctl_ChangeServiceConfigW
   via  a573ccf2d7c s4-torture: add ndr svcctl testsuite
   via  e66e8021b58 s4-torture: add rpc test for ChangeServiceConfigW
   via  dd1fd01b657 lib:torture: add torture_assert_u32_[not_]equal[_goto] 
macros
   via  d65993a65ff VFS: default: add support for FILE_ATTRIBUTE_OFFLINE to 
async dosmode
   via  a0111dc1953 VFS: default: use correct type for pathlen in 
vfswrap_getxattrat_do_sync()
   via  15f60af436c VFS: default: avoid a crash in 
vfswrap_getxattrat_do_sync()
   via  56d86e3d55a VFS: default: remove unused arg from 
vfswrap_is_offline()
   via  6b3b348382b VFS: default: let vfswrap_is_offline() take conn, not 
handle
   via  703eeec9b31 smbd: ignore set NTACL requests which contain S-1-5-88 
NFS ACEs
   via  1b67228799f vfs_fruit: tmsize prevent overflow Force the type 
during arithmetic in order to prevent overflow when summing the Time Machine 
folder size. Increase the precision to off_t (used for file sizes), leave the 
overflow error traps but with more precise wording.
   via  6a2a635a5dd smbd: avoid calling vfs_file_id_from_sbuf() if statinfo 
is not valid
  from  46e19f9f402 VERSION: Bump version up to 4.11.7...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit aff55431702035a8d4d8c0bc8e88cf1ba726e105
Author: Douglas Bagnall 
Date:   Sun Jan 19 15:08:58 2020 +1300

nmblib: avoid undefined behaviour in handle_name_ptrs()

If *offset is length - 1, we would read ubuf[(*offset)+1] as the lower
bits of the new *offset. This value is undefined, but because it is
checked against the valid range, there is no way to read further
beyond that one byte.

Credit to oss-fuzz.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14242
OSS-Fuzz: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20193

Signed-off-by: Douglas Bagnall 
Reviewed-by: Jeremy Allison 
Reviewed-by: Andrew Bartlett 

Autobuild-User(master): Andrew Bartlett 
Autobuild-Date(master): Fri Feb  7 10:19:39 UTC 2020 on sn-devel-184

(cherry picked from commit 3bc7acc62646b105b03fd3c65e9170a373f95392)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Wed Mar 18 14:15:45 UTC 2020 on sn-devel-184

commit 14511bd7ccd655e6da4c0904512d8d1440b7e9ba
Author: Ralph Boehme 
Date:   Fri Mar 6 12:22:25 2020 +0100

vfs_recycle: prevent flooding the log if we're called on non-existant paths

vfs_recycle is assuming that any path passed to unlink must exist, 
otherwise it
logs this error. Turn this into a DEBUG level message.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14316
See also: https://bugzilla.redhat.com/show_bug.cgi?id=1780802

Signed-off-by: Ralph Boehme 
Reviewed-by: Isaac Boukris 

Autobuild-User(master): Isaac Boukris 
Autobuild-Date(master): Mon Mar  9 14:15:06 UTC 2020 on sn-devel-184

commit c98e8ec856604f7e537081de6fe9339cc402774d
Author: Günther Deschner 
Date:   Wed Mar 4 15:23:43 2020 +0100

librpc: fix IDL for svcctl_ChangeServiceConfigW

Found while trying to run winexe against Windows Server 2019.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14313

Guenther

Signed-off-by: Guenther Deschner 
Reviewed-by: Andreas Schneider 
(cherry picked from commit ebda529b59105e9b70cc74377fe4d54cc16b4f37)

commit a573ccf2d7cca5dd163fe207dcaab6de32858522
Author: Günther Deschner 
Date:   Thu Mar 5 20:42:21 2020 +0100

s4-torture: add ndr svcctl testsuite

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14313

Guenther

Signed-off-by: Guenther Deschner 
Reviewed-by: Andreas Schneider 
(cherry picked from commit c3fa0b2df9fc53dddcc3160b6a3dc751bbb389a4)

commit e66e8021b58b23a68a89d40eb7af7a8542218bd4
Author: Günther Deschner 
Date:   Thu Mar 5 22:45:48 2020 +0100

s4-torture: add rpc test for ChangeServiceConfigW

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14313

Guenther

Signed-off-by: Guenther Deschner 
Reviewed-by: Andreas Schneider 
(cherry picked from commit 0825324bc75d2ab10164a1f137be782d84c822b8)

commit dd1fd01b657c1022117075ebada8fbe39b3a9d2b
Author: Ralph Boehme 
Date:   Tue Apr 16 16:46:43 2019 +0200

lib:torture: add torture_assert_u32_[not_]equal[_goto] macros

Signed-off-by: Ralph Boehme 
Reviewed-by: Jeremy Allison 
(cherry picked from commit 4162ba78f8146ad9b39d0749a36fab674197c78e)

commit d65993a65fff869241f2e471cede7a9f33533792
Author: Ralph Boehme 
Date:   Mon Feb 24 15:03:56 2020

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-03-10 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  46e19f9f402 VERSION: Bump version up to 4.11.7...
   via  664f5488733 VERSION: Disable GIT_SNAPSHOT for the 4.11.7 release.
   via  9e3a577b275 WHATSNEW: Add release notes for Samba 4.11.7.
  from  2a9db8e77b4 selftest: Test behaviour of DNS scavenge with an 
existing dNSTombstoned value

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 46e19f9f40258855d84e747bcb02019262e72057
Author: Karolin Seeger 
Date:   Tue Mar 10 10:55:01 2020 +0100

VERSION: Bump version up to 4.11.7...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger 

commit 664f548873302a0ed34cd29be7c84dcabbb6ed8c
Author: Karolin Seeger 
Date:   Tue Mar 10 10:54:25 2020 +0100

VERSION: Disable GIT_SNAPSHOT for the 4.11.7 release.

Signed-off-by: Karolin Seeger 

commit 9e3a577b27508fa97491d5cf7d26cb926607f73e
Author: Karolin Seeger 
Date:   Tue Mar 10 10:53:56 2020 +0100

WHATSNEW: Add release notes for Samba 4.11.7.

Signed-off-by: Karolin Seeger 

---

Summary of changes:
 VERSION  |  2 +-
 WHATSNEW.txt | 68 ++--
 2 files changed, 67 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index 2ec627c3196..a1204edbed7 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=11
-SAMBA_VERSION_RELEASE=7
+SAMBA_VERSION_RELEASE=8
 
 
 # If a official release has a serious bug  #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 6f635618bb2..89e730b605e 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,67 @@
+   ==
+   Release Notes for Samba 4.11.7
+   March 10, 2020
+  ==
+
+
+This is the latest stable release of the Samba 4.11 release series.
+
+
+Changes since 4.11.6:
+-
+
+o  Jeremy Allison 
+   * BUG 14239: s3: lib: nmblib. Clean up and harden nmb packet processing.
+   * BUG 14283: s3: VFS: full_audit. Use system session_info if called from a
+ temporary share definition.
+
+o  Andrew Bartlett 
+   * BUG 14258: dsdb: Correctly handle memory in objectclass_attrs.
+   * BUG 14270: ldb: version 2.0.9, Samba 4.11 and later give incorrect results
+ for SCOPE_ONE searches.
+
+o  Volker Lendecke 
+   * BUG 14247: auth: Fix CIDs 1458418 and 1458420 Null pointer dereferences.
+   * BUG 14285: smbd: Handle EINTR from open(2) properly.
+
+o  Stefan Metzmacher 
+   * BUG 14247: winbind member (source3) fails local SAM auth with empty domain
+ name.
+   * BUG 14265: winbindd: Handling missing idmap in getgrgid().
+
+o  Andreas Schneider 
+   * BUG 14253: lib:util: Log mkdir error on correct debug levels.
+   * BUG 14266: wafsamba: Do not use 'rU' as the 'U' is deprecated in
+ Python 3.9.
+
+o  Martin Schwenke 
+   * BUG 14274: ctdb-tcp: Make error handling for outbound connection
+ consistent.
+
+
+###
+Reporting bugs & Development Discussion
+###
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+==
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==
+
+
+Release notes for older releases follow:
+
+
==
Release Notes for Samba 4.11.6
   January 28, 2020
@@ -67,8 +131,8 @@ database (https://bugzilla.samba.org/).
 ==
 
 
-Release notes for older releases follow:
-
+--
+
 
==
Release Notes for Samba 4.11.5


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-02-26 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  2a9db8e77b4 selftest: Test behaviour of DNS scavenge with an 
existing dNSTombstoned value
   via  c130ca2bcc3 dsdb: Correctly handle memory in objectclass_attrs
  from  8cb7818a405 ldb: version 2.0.9

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 2a9db8e77b45186e1f090f2425644c75e73d3559
Author: Andrew Bartlett 
Date:   Thu Jan 30 16:44:05 2020 +1300

selftest: Test behaviour of DNS scavenge with an existing dNSTombstoned 
value

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14258

Signed-off-by: Andrew Bartlett 
Reviewed-by: Stefan Metzmacher 

Autobuild-User(master): Stefan Metzmacher 
Autobuild-Date(master): Thu Feb  6 16:24:25 UTC 2020 on sn-devel-184

(cherry picked from commit c8e3c78d4f2a6f3e122fe458aa6835772290a700)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Wed Feb 26 13:53:10 UTC 2020 on sn-devel-184

commit c130ca2bcc3793e47d203b10867644b473d2a64c
Author: Andrew Bartlett 
Date:   Thu Jan 30 16:41:39 2020 +1300

dsdb: Correctly handle memory in objectclass_attrs

el->values is caller-provided memory that should be thought of as constant,
it should not be assumed to be a talloc context.

Otherwise, if the caller gives constant memory or a stack
pointer we will get an abort() in talloc when it expects
a talloc magic in the memory preceeding the el->values.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14258

Signed-off-by: Andrew Bartlett 
Reviewed-by: Stefan Metzmacher 
(cherry picked from commit 3657bbc21182d764ddfcd603025f24ec240fd263)

---

Summary of changes:
 python/samba/tests/dns.py  | 39 ++
 source4/dsdb/samdb/ldb_modules/objectclass_attrs.c | 17 +-
 2 files changed, 55 insertions(+), 1 deletion(-)


Changeset truncated at 500 lines:

diff --git a/python/samba/tests/dns.py b/python/samba/tests/dns.py
index 275d4fcd692..52bd708963b 100644
--- a/python/samba/tests/dns.py
+++ b/python/samba/tests/dns.py
@@ -1504,26 +1504,51 @@ class TestZones(DNSTest):
 name, txt = 'agingtest', ['test txt']
 name2, txt2 = 'agingtest2', ['test txt2']
 name3, txt3 = 'agingtest3', ['test txt3']
+name4, txt4 = 'agingtest4', ['test txt4']
+name5, txt5 = 'agingtest5', ['test txt5']
 self.dns_update_record(name, txt)
 self.dns_update_record(name2, txt)
 self.dns_update_record(name2, txt2)
 self.dns_update_record(name3, txt)
 self.dns_update_record(name3, txt2)
+
+# Create a tomb stoned record.
+self.dns_update_record(name4, txt4)
+self.dns_tombstone(name4, txt4, self.zone)
+records = self.ldap_get_records(name4)
+self.assertTrue("dNSTombstoned" in records[0])
+self.assertEqual(records[0]["dNSTombstoned"][0], b"TRUE")
+
+# Create an un-tombstoned record, with dnsTombstoned: FALSE
+self.dns_update_record(name5, txt5)
+self.dns_tombstone(name5, txt5, self.zone)
+self.dns_update_record(name5, txt5)
+records = self.ldap_get_records(name5)
+self.assertTrue("dNSTombstoned" in records[0])
+self.assertEqual(records[0]["dNSTombstoned"][0], b"FALSE")
+
 last_add = self.dns_update_record(name3, txt3)
 
 def mod_ts(rec):
 self.assertTrue(rec.dwTimeStamp > 0)
 if rec.data.str == txt:
 rec.dwTimeStamp -= interval * 5
+
+def mod_ts_all(rec):
+rec.dwTimeStamp -= interval * 5
 self.ldap_modify_dnsrecs(name, mod_ts)
 self.ldap_modify_dnsrecs(name2, mod_ts)
 self.ldap_modify_dnsrecs(name3, mod_ts)
+self.ldap_modify_dnsrecs(name5, mod_ts_all)
 self.assertTrue(callable(getattr(dsdb, '_scavenge_dns_records', None)))
 dsdb._scavenge_dns_records(self.samdb)
 
 recs = self.ldap_get_dns_records(name)
 self.assertEqual(len(recs), 1)
 self.assertEqual(recs[0].wType, dnsp.DNS_TYPE_TOMBSTONE)
+records = self.ldap_get_records(name)
+self.assertTrue("dNSTombstoned" in records[0])
+self.assertEqual(records[0]["dNSTombstoned"][0], b"TRUE")
 
 recs = self.ldap_get_dns_records(name2)
 self.assertEqual(len(recs), 1)
@@ -1537,6 +1562,20 @@ class TestZones(DNSTest):
 self.assertEqual(recs[0].wType, dnsp.DNS_TYPE_TXT)
 self.assertEqual(recs[1].wType, dnsp.DNS_TYPE_TXT)
 
+recs = self.ldap_get_dns_records(name4)
+self.assertEqual(len(recs), 1)
+self.assertEqual(recs[0].wType, dnsp.DNS_TYPE_TOMBSTONE)
+records = self.ldap_get_records(name4)
+self.assertTrue("dNSTombstoned" in records[0])
+

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-02-26 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  8cb7818a405 ldb: version 2.0.9
   via  17c43b99622 ldb: Add tests aimed at the SCOPE_ONELEVEL bug in 
particular
   via  b81fd260ebb ldb: Fix search with scope ONE and small result sets
   via  811d8057973 ldb: Ensure @IDXONE modes is tested in ldb.python 
(apy.py) tests
   via  e7ed0a80885 ldb: Add tests aimed at the SCOPE_ONELEVEL particular
   via  880c2d747aa ldb: Add tests for one-level indexes in conjunction 
with other indexes
  from  a95a8c7eaa4 smbd: Separate aio_pthread indicator from normal EINTR

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 8cb7818a40564e2af2090e9b775ac4d770d3aae5
Author: Andrew Bartlett 
Date:   Wed Feb 26 10:29:20 2020 +1300

ldb: version 2.0.9

 * Bug 14270:
   Samba 4.11 and later give incorrect results for SCOPE_ONE searches

Signed-off-by: Andrew Bartlett 

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Wed Feb 26 10:08:45 UTC 2020 on sn-devel-184

commit 17c43b99622f518bd816e26ae9885cd48918f0a9
Author: Andrew Bartlett 
Date:   Wed Feb 12 16:28:01 2020 +1300

ldb: Add tests aimed at the SCOPE_ONELEVEL bug in particular

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14270

Signed-off-by: Andrew Bartlett 
Reviewed-by: Stefan Metzmacher 
(cherry picked from commit 0b8ab0200805127e36eeb2affe561f3aee59604a)

commit b81fd260ebb76f135c6e68b052fdcf61e4142a2e
Author: Andrew Bartlett 
Date:   Fri Feb 7 16:56:13 2020 +1300

ldb: Fix search with scope ONE and small result sets

This changes the LDB behaviour in the combination of a SCOPE_ONE search and
an index returning less than 10 results.

After b6b5b5fe355fee2a4096e9214831cb88c7a2a4c6 the list->strict flag
became set to false in all cases, rather than being left to the
value set by the caller.

This changes the ldb_kv_index_dn_one() code to force strict
mode on success instead.

Thanks to Marcus Granér, ICEYE Oy for reporting.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14270

Signed-off-by: Andrew Bartlett 
Reviewed-by: Stefan Metzmacher 
(cherry picked from commit 3c7261c43da491b57f50e0e64d7050d85c6b973e)

commit 811d8057973bf8c6109dd158debbe9bc436c
Author: Andrew Bartlett 
Date:   Wed Feb 12 13:44:44 2020 +1300

ldb: Ensure @IDXONE modes is tested in ldb.python (apy.py) tests

Signed-off-by: Andrew Bartlett 
Reviewed-by: Stefan Metzmacher 
(cherry picked from commit ec34a7095705592279647c5046a000e0bf052d1a)

commit e7ed0a8088543abc9d83edbcc907357218a049c4
Author: Andrew Bartlett 
Date:   Wed Feb 12 11:45:36 2020 +1300

ldb: Add tests aimed at the SCOPE_ONELEVEL particular

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14270

Signed-off-by: Andrew Bartlett 
Reviewed-by: Stefan Metzmacher 
(cherry picked from commit 167676973b7f1db563da04d54e8ce5668034081c)

commit 880c2d747aac276ef27834cf5661152591f8fc30
Author: Andrew Bartlett 
Date:   Mon Feb 10 14:08:29 2020 +1300

ldb: Add tests for one-level indexes in conjunction with other indexes

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14270

Signed-off-by: Andrew Bartlett 
Reviewed-by: Stefan Metzmacher 
(cherry picked from commit 17bd63dbea7f6e6358f81f0ac5b9392b2321bb32)

---

Summary of changes:
 lib/ldb/ABI/{ldb-2.0.5.sigs => ldb-2.0.9.sigs} |   0
 ...yldb-util-1.1.10.sigs => pyldb-util-2.0.9.sigs} |   0
 lib/ldb/ldb_key_value/ldb_kv_index.c   |  21 +-
 lib/ldb/tests/python/api.py| 499 -
 lib/ldb/wscript|   2 +-
 5 files changed, 511 insertions(+), 11 deletions(-)
 copy lib/ldb/ABI/{ldb-2.0.5.sigs => ldb-2.0.9.sigs} (100%)
 copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util-2.0.9.sigs} (100%)


Changeset truncated at 500 lines:

diff --git a/lib/ldb/ABI/ldb-2.0.5.sigs b/lib/ldb/ABI/ldb-2.0.9.sigs
similarity index 100%
copy from lib/ldb/ABI/ldb-2.0.5.sigs
copy to lib/ldb/ABI/ldb-2.0.9.sigs
diff --git a/lib/ldb/ABI/pyldb-util-1.1.10.sigs 
b/lib/ldb/ABI/pyldb-util-2.0.9.sigs
similarity index 100%
copy from lib/ldb/ABI/pyldb-util-1.1.10.sigs
copy to lib/ldb/ABI/pyldb-util-2.0.9.sigs
diff --git a/lib/ldb/ldb_key_value/ldb_kv_index.c 
b/lib/ldb/ldb_key_value/ldb_kv_index.c
index 0853b28fe40..8e756c1a8e5 100644
--- a/lib/ldb/ldb_key_value/ldb_kv_index.c
+++ b/lib/ldb/ldb_key_value/ldb_kv_index.c
@@ -2113,16 +2113,19 @@ static int ldb_kv_index_dn_one(struct ldb_module 
*module,
   struct dn_list *list,
   enum key_truncation *truncation)
 {
-   /*
-* Ensure we do not shortcut on intersection for this list.
-* We must never

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-02-25 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  a95a8c7eaa4 smbd: Separate aio_pthread indicator from normal EINTR
   via  a33656c9df2 lib: Map EINPROGRESS->NT_STATUS_MORE_PROCESSING_REQUIRED
   via  64b2eda07fc test: Show that smbd does not handle EINTR from open() 
correctly
   via  0232cc46a35 test: Intercept open in vfs_error_inject
   via  ea1e73c2281 wafsamba: Do not use 'rU' as the 'U' is deprecated in 
Python 3.9
  from  370278fca39 s3: VFS: full_audit. Use system session_info if called 
from a temporary share definition.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit a95a8c7eaa46d5c8c485de714f0a97e307e49f7e
Author: Volker Lendecke 
Date:   Thu Feb 20 14:13:35 2020 +0100

smbd: Separate aio_pthread indicator from normal EINTR

According to Posix and the Linux open(2) manpage, the open-syscall can
return EINTR. If that happens, core smbd saw this as an indication
that aio_pthread's open function was doing its job. With a real EINTR
without aio_pthread this meant we ended up in a server_exit after 20
seconds, because there was nobody to do the retry.

EINTR is mapped to NT_STATUS_RETRY. Handle this by just retrying after
a second.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14285
Signed-off-by: Volker Lendecke 
Reviewed-by: Jeremy Allison 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Thu Feb 20 22:14:25 UTC 2020 on sn-devel-184

(cherry picked from commit aebe427b77b5315eb5d2b05b8c72824ca0389723)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Tue Feb 25 22:24:54 UTC 2020 on sn-devel-184

commit a33656c9df2cde3ff1cfc6b0427c7dfb2b140cae
Author: Volker Lendecke 
Date:   Thu Feb 20 10:25:16 2020 +0100

lib: Map EINPROGRESS->NT_STATUS_MORE_PROCESSING_REQUIRED

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14285
Signed-off-by: Volker Lendecke 
Reviewed-by: Jeremy Allison 
(cherry picked from commit 4a943d842a51674425f0c4019f823ef0a9d09f49)

commit 64b2eda07fcf3ee38a344848297c2a0f8a13748b
Author: Volker Lendecke 
Date:   Wed Feb 19 15:25:38 2020 +0100

test: Show that smbd does not handle EINTR from open() correctly

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14285
Signed-off-by: Volker Lendecke 
Reviewed-by: Jeremy Allison 
(cherry picked from commit 7bbba73b30f06304e9a2ad48e853d9ec8171dd30)

commit 0232cc46a35a57b4c3ccdb7d4222ec0c9f3fca38
Author: Volker Lendecke 
Date:   Wed Feb 19 14:44:11 2020 +0100

test: Intercept open in vfs_error_inject

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14285
Signed-off-by: Volker Lendecke 
Reviewed-by: Jeremy Allison 
(cherry picked from commit 305204a241b74c599f4f6a064cac6608afd9c893)

commit ea1e73c2281ea3e7849fd30002c42d858b19b968
Author: Andreas Schneider 
Date:   Wed Feb 5 16:58:26 2020 +0100

wafsamba: Do not use 'rU' as the 'U' is deprecated in Python 3.9

See https://docs.python.org/3.9/whatsnew/3.9.html#changes-in-the-python-api

"open(), io.open(), codecs.open() and fileinput.FileInput no longer accept 
'U'
(“universal newline”) in the file mode. This flag was deprecated since 
Python
3.3. In Python 3, the “universal newline” is used by default when a file is
open in text mode. The newline parameter of open() controls how universal
newlines works."

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14266

Signed-off-by: Andreas Schneider 
Reviewed-by: Douglas Bagnall 

Autobuild-User(master): Andreas Schneider 
Autobuild-Date(master): Thu Feb  6 07:30:13 UTC 2020 on sn-devel-184

(cherry picked from commit 52722746a5eb40c309ba59f78bd8e3d897417bdc)

---

Summary of changes:
 buildtools/wafsamba/samba_utils.py  |  2 +-
 source3/lib/errmap_unix.c   |  1 +
 source3/modules/vfs_aio_pthread.c   |  2 +-
 source3/modules/vfs_error_inject.c  | 17 +
 source3/script/tests/test_open_eintr.sh | 66 +
 source3/selftest/tests.py   |  9 +
 source3/smbd/open.c | 38 +--
 7 files changed, 122 insertions(+), 13 deletions(-)
 create mode 100755 source3/script/tests/test_open_eintr.sh


Changeset truncated at 500 lines:

diff --git a/buildtools/wafsamba/samba_utils.py 
b/buildtools/wafsamba/samba_utils.py
index ad97de1859b..be022adc8f5 100644
--- a/buildtools/wafsamba/samba_utils.py
+++ b/buildtools/wafsamba/samba_utils.py
@@ -700,7 +700,7 @@ def PROCESS_SEPARATE_RULE(self, rule):
 cache[node] = True
 self.pre_recurse(node)
 try:
-function_code = node.read('rU', None)
+function_code = node.read('r', None)

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-02-21 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  370278fca39 s3: VFS: full_audit. Use system session_info if called 
from a temporary share definition.
  from  4ee5642bea3 auth: Fix CID 1458418 Null pointer dereferences 
(REVERSE_INULL)

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 370278fca390c2cdbd4fe523a27208bfa094a81a
Author: Jeremy Allison 
Date:   Wed Feb 19 13:20:14 2020 -0800

s3: VFS: full_audit. Use system session_info if called from a temporary 
share definition.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14283

Signed-off-by: Jeremy Allison 

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Fri Feb 21 09:20:14 UTC 2020 on sn-devel-184

---

Summary of changes:
 source3/modules/vfs_full_audit.c | 20 
 1 file changed, 16 insertions(+), 4 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/modules/vfs_full_audit.c b/source3/modules/vfs_full_audit.c
index a442563115c..bdeff2aae46 100644
--- a/source3/modules/vfs_full_audit.c
+++ b/source3/modules/vfs_full_audit.c
@@ -478,6 +478,7 @@ static char *audit_prefix(TALLOC_CTX *ctx, 
connection_struct *conn)
 {
char *prefix = NULL;
char *result;
+   const struct auth_session_info *session_info = conn->session_info;
 
prefix = talloc_strdup(ctx,
lp_parm_const_string(SNUM(conn), "full_audit",
@@ -485,13 +486,24 @@ static char *audit_prefix(TALLOC_CTX *ctx, 
connection_struct *conn)
if (!prefix) {
return NULL;
}
+
+   if (session_info == NULL) {
+   /*
+* conn->session_info can be NULL if we're
+* called from a temporary conn created in
+* the MSDFS and other code. It's been created
+* by root so just use the system session.
+*/
+   session_info = get_session_info_system();
+   }
+
result = talloc_sub_full(ctx,
lp_servicename(talloc_tos(), SNUM(conn)),
-   conn->session_info->unix_info->unix_name,
+   session_info->unix_info->unix_name,
conn->connectpath,
-   conn->session_info->unix_token->gid,
-   conn->session_info->unix_info->sanitized_username,
-   conn->session_info->info->domain_name,
+   session_info->unix_token->gid,
+   session_info->unix_info->sanitized_username,
+   session_info->info->domain_name,
prefix);
TALLOC_FREE(prefix);
return result;


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-02-18 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  4ee5642bea3 auth: Fix CID 1458418 Null pointer dereferences 
(REVERSE_INULL)
   via  40b7c3c99ae auth: Fix CID 1458420 Null pointer dereferences 
(REVERSE_INULL)
  from  972d4418ae0 ctdb-tcp: Make error handling for outbound connection 
consistent

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 4ee5642bea361a3308df4743c69e6f10052a262a
Author: Volker Lendecke 
Date:   Wed Feb 12 15:40:32 2020 +0100

auth: Fix CID 1458418 Null pointer dereferences (REVERSE_INULL)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247

Signed-off-by: Volker Lendecke 
Reviewed-by: Stefan Metzmacher 
(cherry picked from commit ef0350221e194a3dd3350eab02b38baeb32d8fd3)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Wed Feb 19 06:19:13 UTC 2020 on sn-devel-184

commit 40b7c3c99aeb858100f0d14913fc2c03bcdcdb98
Author: Volker Lendecke 
Date:   Wed Feb 12 15:39:54 2020 +0100

auth: Fix CID 1458420 Null pointer dereferences (REVERSE_INULL)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247

Signed-off-by: Volker Lendecke 
Reviewed-by: Stefan Metzmacher 
(cherry picked from commit 503fc8f2ba662ecbec0788bd1710440464dc5cfd)

---

Summary of changes:
 source3/auth/auth_sam.c | 6 --
 1 file changed, 4 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
index cdb8453b311..f9764d87e3c 100644
--- a/source3/auth/auth_sam.c
+++ b/source3/auth/auth_sam.c
@@ -77,12 +77,13 @@ static NTSTATUS auth_samstrict_auth(const struct 
auth_context *auth_context,
const struct auth_usersupplied_info 
*user_info,
struct auth_serversupplied_info 
**server_info)
 {
-   const char *effective_domain = user_info->mapped.domain_name;
+   const char *effective_domain = NULL;
bool is_local_name, is_my_domain;
 
if (!user_info || !auth_context) {
return NT_STATUS_LOGON_FAILURE;
}
+   effective_domain = user_info->mapped.domain_name;
 
if (user_info->mapped.account_name == NULL ||
user_info->mapped.account_name[0] == '\0')
@@ -181,12 +182,13 @@ static NTSTATUS auth_sam_netlogon3_auth(const struct 
auth_context *auth_context,
const struct auth_usersupplied_info 
*user_info,
struct auth_serversupplied_info 
**server_info)
 {
-   const char *effective_domain = user_info->mapped.domain_name;
+   const char *effective_domain = NULL;
bool is_my_domain;
 
if (!user_info || !auth_context) {
return NT_STATUS_LOGON_FAILURE;
}
+   effective_domain = user_info->mapped.domain_name;
 
if (user_info->mapped.account_name == NULL ||
user_info->mapped.account_name[0] == '\0')


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-02-17 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  972d4418ae0 ctdb-tcp: Make error handling for outbound connection 
consistent
  from  70a36a668ca winbindd: handling missing idmap in getgrgid()

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 972d4418ae01684d447061812fa5b4e03820f454
Author: Martin Schwenke 
Date:   Tue Jan 28 16:49:14 2020 +1100

ctdb-tcp: Make error handling for outbound connection consistent

If we can't bind the local end of an outgoing connection then
something has gone wrong.  Retrying is better than failing into a
zombie state.  The interface might come back up and/or the address my
be reconfigured.

While here, do the same thing for the other (potentially transient)
failures.

The unknown address family failure is special but just handle it via a
retry.  Technically it can't happen because the node address parsing
can only return values with address family AF_INET or AF_INET6.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14274
RN: Retry inter-node TCP connections on more transient failures

Reported-by: 耿纪超 
Signed-off-by: Martin Schwenke 
Reviewed-by: Amitay Isaacs 
(cherry picked from commit a40fc709cc972dadb40efbf1394b10fae3cfcc07)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Mon Feb 17 13:13:01 UTC 2020 on sn-devel-184

---

Summary of changes:
 ctdb/tcp/tcp_connect.c | 36 +---
 1 file changed, 17 insertions(+), 19 deletions(-)


Changeset truncated at 500 lines:

diff --git a/ctdb/tcp/tcp_connect.c b/ctdb/tcp/tcp_connect.c
index a75f35a809e..04897f44249 100644
--- a/ctdb/tcp/tcp_connect.c
+++ b/ctdb/tcp/tcp_connect.c
@@ -183,16 +183,14 @@ void ctdb_tcp_node_connect(struct tevent_context *ev, 
struct tevent_timer *te,
tnode->out_fd = socket(sock_out.sa.sa_family, SOCK_STREAM, IPPROTO_TCP);
if (tnode->out_fd == -1) {
DBG_ERR("Failed to create socket\n");
-   return;
+   goto failed;
}
 
ret = set_blocking(tnode->out_fd, false);
if (ret != 0) {
DBG_ERR("Failed to set socket non-blocking (%s)\n",
strerror(errno));
-   close(tnode->out_fd);
-   tnode->out_fd = -1;
-   return;
+   goto failed;
}
 
set_close_on_exec(tnode->out_fd);
@@ -224,32 +222,22 @@ void ctdb_tcp_node_connect(struct tevent_context *ev, 
struct tevent_timer *te,
sockout_size = sizeof(sock_out.ip6);
break;
default:
-   DEBUG(DEBUG_ERR, (__location__ " unknown family %u\n",
-   sock_in.sa.sa_family));
-   close(tnode->out_fd);
-   tnode->out_fd = -1;
-   return;
+   DBG_ERR("Unknown address family %u\n", sock_in.sa.sa_family);
+   /* Can't happen to due to address parsing restrictions */
+   goto failed;
}
 
ret = bind(tnode->out_fd, (struct sockaddr *)_in, sockin_size);
if (ret == -1) {
DBG_ERR("Failed to bind socket (%s)\n", strerror(errno));
-   close(tnode->out_fd);
-   tnode->out_fd = -1;
-   return;
+   goto failed;
}
 
ret = connect(tnode->out_fd,
  (struct sockaddr *)_out,
  sockout_size);
if (ret != 0 && errno != EINPROGRESS) {
-   ctdb_tcp_stop_connection(node);
-   tnode->connect_te = tevent_add_timer(ctdb->ev,
-tnode,
-timeval_current_ofs(1, 0),
-ctdb_tcp_node_connect,
-node);
-   return;
+   goto failed;
}
 
/* non-blocking connect - wait for write event */
@@ -268,6 +256,16 @@ void ctdb_tcp_node_connect(struct tevent_context *ev, 
struct tevent_timer *te,
 timeval_current_ofs(1, 0),
 ctdb_tcp_node_connect,
 node);
+
+   return;
+
+failed:
+   ctdb_tcp_stop_connection(node);
+   tnode->connect_te = tevent_add_timer(ctdb->ev,
+tnode,
+timeval_current_ofs(1, 0),
+ctdb_tcp_node_connect,
+node);
 }
 
 /*


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-02-11 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  70a36a668ca winbindd: handling missing idmap in getgrgid()
   via  f778dc20b5a s3:auth_sam: map an empty domain or '.' to the local 
SAM name
   via  c880f3539a1 s3:selftest: test authentication with an empty 
userdomain and upn names
   via  58d1613609c s3:auth_sam: introduce effective_domain helper variables
   via  f8e11e6ca9a s3:auth_sam: make sure we never handle empty usernames
   via  5f8e3650f06 s3:auth_sam: unify the debug messages of all 
auth_sam*_auth() functions
   via  2db313bdb57 s3:auth_sam: replace confusing FALL_THROUGH; with break;
  from  5f57256cf52 script/release.sh: Don't use quotations any longer.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 70a36a668caf4e3e1dbfb1aad991b13608032a74
Author: Stefan Metzmacher 
Date:   Wed Jan 22 17:00:07 2020 +

winbindd: handling missing idmap in getgrgid()

A similar hunk was added via commit
89f753c1fc824fef29aebb7d783ab7e09cd1f04e ("winbind: Use xids2sids in 
getpwuid"),
but it was missing in commit
e2dda192e7f8b65a5f02120be56cf0f07d03679f ("winbind: Use xids2sids in 
getgrgid")

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14265

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Andreas Schneider 

Autobuild-User(master): Andreas Schneider 
Autobuild-Date(master): Wed Feb  5 17:56:58 UTC 2020 on sn-devel-184

(cherry picked from commit 4d0bda9467ac3f45f85f48a281cdb173ce1064eb)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Tue Feb 11 13:08:14 UTC 2020 on sn-devel-184

commit f778dc20b5af18b46260bc2f3791605f1874f38b
Author: Stefan Metzmacher 
Date:   Thu Jan 23 16:21:43 2020 +0100

s3:auth_sam: map an empty domain or '.' to the local SAM name

When a domain member gets an empty domain name or '.', it should
not forward the authentication to domain controllers of
the primary domain.

But we need to keep passing UPN account names with
an empty domain to the DCs as a domain member.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Andreas Schneider 
(cherry picked from commit 590df382bea44eec2dbfd2a28c659b0a29188bca)

commit c880f3539a11ee96235ca1505e3ca6a8a62ba388
Author: Stefan Metzmacher 
Date:   Tue Feb 4 11:32:05 2020 +0100

s3:selftest: test authentication with an empty userdomain and upn names

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Andreas Schneider 
(cherry picked from commit a9eeea6ef78cc44c8423c7125fa1376921060018)

commit 58d1613609cc4358e822adbe484e8c7d0da770c7
Author: Stefan Metzmacher 
Date:   Thu Jan 23 16:21:43 2020 +0100

s3:auth_sam: introduce effective_domain helper variables

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Andreas Schneider 
(cherry picked from commit a63e2a312c761093fedb09bd234b6736485a930a)

commit f8e11e6ca9ace9c1abf2eaa7dd7038852591ea07
Author: Stefan Metzmacher 
Date:   Thu Jan 23 16:17:30 2020 +0100

s3:auth_sam: make sure we never handle empty usernames

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Andreas Schneider 
(cherry picked from commit 01b8374e7942141e7f6cbdec7623c981a008e4c1)

commit 5f8e3650f06ff1d768ee2e11515a2051f8febd29
Author: Stefan Metzmacher 
Date:   Thu Jan 23 16:13:59 2020 +0100

s3:auth_sam: unify the debug messages of all auth_sam*_auth() functions

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Andreas Schneider 
(cherry picked from commit 72ef8d3a52c1ab07c079a4c014ba8ac7bff528f7)

commit 2db313bdb57acb67733e51021a19bd42d245ea75
Author: Stefan Metzmacher 
Date:   Thu Jan 23 15:48:39 2020 +0100

s3:auth_sam: replace confusing FALL_THROUGH; with break;

There's no real logic change here, but is makes it easier to
understand.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14247

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Andreas Schneider 
(cherry picked from commit 85b168c6dac88f5065c0ec6e925937439f2c12ed)

---

Summary of changes:
 python/samba/tests/auth_log_winbind.py |  4 +-
 selftest/knownfail.d/empty-domain-name |  7 +++
 source3/auth/auth_sam.c| 83 ++
 source3/selftest/tests.py  |  8 
 source3/winbindd/winbindd_getgrgid.c   |  4 ++
 5 files changed, 95 insertions(+), 11 deletions(-)
 create mode 100644 selftest/knownfail.d/empty-domain-name


Changeset truncated at 500 lines:

diff

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-02-04 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  5f57256cf52 script/release.sh: Don't use quotations any longer.
  from  0fbf07f0508 s4:torture: Skip the deltest20 as user root

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 5f57256cf52aeb3f934645a1d71e3841eac0a37d
Author: Karolin Seeger 
Date:   Tue Jan 28 11:48:53 2020 +0100

script/release.sh: Don't use quotations any longer.

Signed-off-by: Karolin Seeger 
Reviewed-by: Stefan Metzmacher 

Autobuild-User(master): Karolin Seeger 
Autobuild-Date(master): Mon Feb  3 12:45:39 UTC 2020 on sn-devel-184

(cherry picked from commit f699df32cdbae4fbc585c259828029c74163323b)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Tue Feb  4 11:53:54 UTC 2020 on sn-devel-184

---

Summary of changes:
 script/release.sh | 26 --
 1 file changed, 26 deletions(-)


Changeset truncated at 500 lines:

diff --git a/script/release.sh b/script/release.sh
index 6c3ba0d4add..507d5931a6a 100755
--- a/script/release.sh
+++ b/script/release.sh
@@ -193,26 +193,6 @@ verify_samba_stable() {
 
load_samba_stable_versions
 
-   test x"${product}" = x"samba-stable" && {
-   test -f "announce.${tagname}.quotation.txt" || {
-   echo ""
-   echo "announce.${tagname}.quotation.txt missing!"
-   echo ""
-   echo "Please create it and retry"
-   echo ""
-   echo "The content should look like this:"
-   echo "cat announce.${tagname}.quotation.txt"
-   echo 
'=='
-   echo '"Some text'
-   echo ' from someone."'
-   echo ''
-   echo ' The author'
-   echo 
'=='
-   echo ""
-   return 1
-   }
-   }
-
test -n "${oldtagname}" || {
return 0
}
@@ -793,11 +773,6 @@ announcement_samba_stable() {
return 1
}
 
-   test -f "announce.${tagname}.quotation.txt" || {
-   echo "announce.${tagname}.quotation.txt missing!"
-   return 1
-   }
-
local release_url="${download_url}samba/stable/"
local patch_url="${download_url}samba/patches/"
 
@@ -840,7 +815,6 @@ announcement_samba_stable() {
local headlimit=$(expr ${top} - 1 )
local taillimit=$(expr ${headlimit} - \( ${skip} - 1 \))
 
-   cat "announce.${tagname}.quotation.txt"
echo ""
echo ""
echo "Release Announcements"


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-01-31 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  0fbf07f0508 s4:torture: Skip the deltest20 as user root
   via  394e414b2dc lib:util: Log mkdir error on correct debug levels
   via  9349e689a86 s3: lib: nmblib. Clean up and harden nmb packet 
processing.
  from  040e0051e2b VERSION: Bump version up to 4.11.7...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 0fbf07f050832185e3d30bffcd8f05b116e1c0bd
Author: Andreas Schneider 
Date:   Thu Jan 30 16:18:25 2020 +0100

s4:torture: Skip the deltest20 as user root

The test is meant to be run as a user and not root.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14257

Signed-off-by: Andreas Schneider 
Reviewed-by: Ralph Boehme 

Autobuild-User(master): Andreas Schneider 
Autobuild-Date(master): Thu Jan 30 16:54:33 UTC 2020 on sn-devel-184

(cherry picked from commit 677bc1b18420e717154dc73f632044239ac3ff9e)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Fri Jan 31 12:31:10 UTC 2020 on sn-devel-184

commit 394e414b2dcdac88189eec19f228ac7bae5e3170
Author: Andreas Schneider 
Date:   Mon Jan 27 14:58:10 2020 +0100

lib:util: Log mkdir error on correct debug levels

For smbd we want an error and for smbclient we only want it in NOTICE
debug level.
The default log level of smbclient is log level 1 so we need notice to
not spam the user.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14253

Signed-off-by: Andreas Schneider 
Reviewed-by: Guenther Deschner 

Autobuild-User(master): Günther Deschner 
Autobuild-Date(master): Mon Jan 27 15:55:24 UTC 2020 on sn-devel-184

(cherry picked from commit 0ad6a243b259d284064c0c5abcc7d430d55be7e1)

commit 9349e689a865ca36acd379968d2cbd490772bc3b
Author: Jeremy Allison 
Date:   Fri Jan 17 13:49:48 2020 -0800

s3: lib: nmblib. Clean up and harden nmb packet processing.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14239
OSS-FUZZ: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20156
OSS-FUZZ: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20157

Credit to oss-fuzz.
No security implications.

Signed-off-by: Jeremy Allison 
Pair programmed with: Douglas Bagnall 
Reviewed-by: Douglas Bagnall 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Tue Jan 21 23:33:41 UTC 2020 on sn-devel-184

(cherry picked from commit ad236bb7590e423b4c69fe6028f2f3495977f48b)

---

Summary of changes:
 lib/util/util.c|  7 +--
 source3/libsmb/nmblib.c| 12 
 source4/torture/basic/delete.c |  4 
 3 files changed, 17 insertions(+), 6 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/util/util.c b/lib/util/util.c
index 3bdeded5c1b..0d9ffe5cb7b 100644
--- a/lib/util/util.c
+++ b/lib/util/util.c
@@ -353,9 +353,12 @@ _PUBLIC_ bool directory_create_or_exist(const char *dname,
old_umask = umask(0);
ret = mkdir(dname, dir_perms);
if (ret == -1 && errno != EEXIST) {
-   DBG_WARNING("mkdir failed on directory %s: %s\n",
+   int dbg_level = geteuid() == 0 ? DBGLVL_ERR : DBGLVL_NOTICE;
+
+   DBG_PREFIX(dbg_level,
+  ("mkdir failed on directory %s: %s\n",
dname,
-   strerror(errno));
+   strerror(errno)));
umask(old_umask);
return false;
}
diff --git a/source3/libsmb/nmblib.c b/source3/libsmb/nmblib.c
index 727939575a7..0681450bae2 100644
--- a/source3/libsmb/nmblib.c
+++ b/source3/libsmb/nmblib.c
@@ -192,10 +192,14 @@ static int parse_nmb_name(char *inbuf,int ofs,int length, 
struct nmb_name *name)
 
m = ubuf[offset];
 
-   if (!m)
-   return(0);
-   if ((m & 0xC0) || offset+m+2 > length)
-   return(0);
+   /* m must be 32 to exactly fill in the 16 bytes of the netbios name */
+   if (m != 32) {
+   return 0;
+   }
+   /* Cannot go past length. */
+   if (offset+m+2 > length) {
+   return 0;
+   }
 
memset((char *)name,'\0',sizeof(*name));
 
diff --git a/source4/torture/basic/delete.c b/source4/torture/basic/delete.c
index a8c4e3fa3f1..d14d5a55746 100644
--- a/source4/torture/basic/delete.c
+++ b/source4/torture/basic/delete.c
@@ -1865,6 +1865,10 @@ static bool deltest20(struct torture_context *tctx, 
struct smbcli_state *cli1, s
NTSTATUS status;
int ret;
 
+   if (geteuid() == 0) {
+   torture_skip(tctx, "This test doesn't work as user root.");
+   }
+
del_clean_area(cli1, cli2);
 
/* Test 20 -- non-empty directory hardest to get right... */

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-01-28 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  040e0051e2b VERSION: Bump version up to 4.11.7...
   via  f5fa58a4177 VERSION: Disable GIT_SNAPSHOT for the 4.11.6 release.
   via  9ec0da774e3 WHATSNEW: Add release notes for Samba 4.11.6.
  from  79e7d1328ea smbd: Fix the build with clang

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 040e0051e2b707aa744bccc536442d6497ce7024
Author: Karolin Seeger 
Date:   Tue Jan 28 11:13:25 2020 +0100

VERSION: Bump version up to 4.11.7...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger 

commit f5fa58a41774667a153dece74ed7e4a09689f0ad
Author: Karolin Seeger 
Date:   Tue Jan 28 11:09:48 2020 +0100

VERSION: Disable GIT_SNAPSHOT for the 4.11.6 release.

Signed-off-by: Karolin Seeger 

commit 9ec0da774e37fa1caae647f6d0bb5fc468e180b4
Author: Karolin Seeger 
Date:   Tue Jan 28 11:08:58 2020 +0100

WHATSNEW: Add release notes for Samba 4.11.6.

Signed-off-by: Karolin Seeger 

---

Summary of changes:
 VERSION  |  2 +-
 WHATSNEW.txt | 76 ++--
 2 files changed, 75 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index 0f54515c8b9..2ec627c3196 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=11
-SAMBA_VERSION_RELEASE=6
+SAMBA_VERSION_RELEASE=7
 
 
 # If a official release has a serious bug  #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 99272550643..6f635618bb2 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,75 @@
+   ==
+   Release Notes for Samba 4.11.6
+  January 28, 2020
+  ==
+
+
+This is the latest stable release of the Samba 4.11 release series.
+
+
+Changes since 4.11.5:
+-
+
+o  Douglas Bagnall 
+   * BUG 14209: pygpo: Use correct method flags.
+
+o  David Disseldorp 
+   * BUG 14216: vfs_ceph_snapshots: Fix root relative path handling.
+
+o  Torsten Fohrer 
+   * BUG 14209: Avoiding bad call flags with python 3.8, using METH_NOARGS
+ instead of zero.
+
+o  Fabrice Fontaine 
+   * BUG 14218: source4/utils/oLschema2ldif: Include stdint.h before cmocka.h.
+
+o  Björn Jacke 
+   * BUG 14122: docs-xml/winbindnssinfo: Clarify interaction with idmap_ad etc.
+
+o  Volker Lendecke 
+   * BUG 14251: smbd: Fix the build with clang.
+
+o  Gary Lockyer 
+   * BUG 14199: upgradedns: Ensure lmdb lock files linked.
+
+o  Anoop C S 
+   * BUG 14182: s3: VFS: glusterfs: Reset nlinks for symlink entries during
+ readdir.
+
+o  Andreas Schneider 
+   * BUG 14101: smbc_stat() doesn't return the correct st_mode and also the
+ uid/gid is not filled (SMBv1) file.
+   * BUG 14219: librpc: Fix string length checking in
+ ndr_pull_charset_to_null().
+
+o  Martin Schwenke 
+   * BUG 14227: ctdb-scripts: Strip square brackets when gathering connection
+ info.
+
+
+###
+Reporting bugs & Development Discussion
+###
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+==
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==
+
+
+Release notes for older releases follow:
+
+
==
Release Notes for Samba 4.11.5
   January 21, 2020
@@ -67,8 +139,8 @@ database (https://bugzilla.samba.org/).
 ==
 
 
-Release notes for older releases follow:
-
+--
+
 
==
Release Notes for Samba 4.11.4


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-01-27 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  79e7d1328ea smbd: Fix the build with clang
  from  bbacbd5f3f2 script/release.sh: make it possible to run from a git 
worktree

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 79e7d1328ea9d7495c0761f4b5058736c838d4c3
Author: Volker Lendecke 
Date:   Wed Jul 31 10:42:24 2019 +0200

smbd: Fix the build with clang

clang correctly complains that "close_fsp" is used uninitialized if
"get_posix_fsp" fails and we end up in "goto out;".

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14251

Signed-off-by: Volker Lendecke 
Reviewed-by: Jeremy Allison 
(cherry picked from commit a8a1ca3f83dce6d725392989cbc97271cbf52f4a)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Mon Jan 27 10:53:50 UTC 2020 on sn-devel-184

---

Summary of changes:
 source3/smbd/trans2.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/trans2.c b/source3/smbd/trans2.c
index b0616f15ade..8164c8fd213 100644
--- a/source3/smbd/trans2.c
+++ b/source3/smbd/trans2.c
@@ -4848,7 +4848,7 @@ static NTSTATUS smb_query_posix_acl(connection_struct 
*conn,
unsigned int size_needed = 0;
NTSTATUS status;
bool ok;
-   bool close_fsp;
+   bool close_fsp = false;
 
/*
 * Ensure we always operate on a file descriptor, not just


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-01-21 Thread Stefan Metzmacher 
The branch, v4-11-test has been updated
   via  bbacbd5f3f2 script/release.sh: make it possible to run from a git 
worktree
  from  c5f61b9dd0a VERSION: Bump version up to 4.11.6.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit bbacbd5f3f2f1fc624f057c6e30160fbcfbaba40
Author: Stefan Metzmacher 
Date:   Tue Jan 21 19:25:00 2020 +0100

script/release.sh: make it possible to run from a git worktree

.git is a regular file in that case.

Also check that script/release.sh is present as a relative path
to ensure we're called from the expected location.

Signed-off-by: Stefan Metzmacher 
(cherry picked from commit 648f94d2031c6e758bdf54089d1e710c265ca732)

---

Summary of changes:
 script/release.sh | 11 +--
 1 file changed, 9 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/script/release.sh b/script/release.sh
index b533e259440..6c3ba0d4add 100755
--- a/script/release.sh
+++ b/script/release.sh
@@ -17,14 +17,14 @@ 
CONF_UPLOAD_URL="samba-b...@download-master.samba.org:/home/data/ftp/pub"
 CONF_DOWNLOAD_URL="https://download.samba.org/pub;
 CONF_HISTORY_URL="https://www.samba.org;
 
-test -d ".git" || {
+test -d ".git" -o -r ".git" || {
echo "Run this script from the top-level directory in the"
echo "repository"
exit 1
 }
 
 usage() {
-   echo "Usage: release.sh  "
+   echo "Usage: script/release.sh  "
echo ""
echo "PRODUCT: ldb, talloc, tevent, tdb, samba-rc, samba-stable"
echo "COMMAND: fullrelease, create, push, upload, announce"
@@ -32,6 +32,13 @@ usage() {
return 0
 }
 
+test -x "script/release.sh" || {
+   usage
+   echo "Run this script from the top-level directory in the"
+   echo "repository: as 'script/release.sh'"
+   exit 1
+}
+
 check_args() {
local cmd="$1"
local got_args="$2"


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-01-21 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  c5f61b9dd0a VERSION: Bump version up to 4.11.6.
   via  5f735302220 Merge tag 'samba-4.11.5' into v4-11-test
   via  01a4dd8ea2b VERSION: Disable GIT_SNAPSHOT for the 4.11.5 release.
   via  16f159bdd2d WHATSNEW: Add release notes for Samba 4.11.5.
   via  a56fb1c0427 CVE-2019-19344 kcc dns scavenging: Fix use after free 
in dns_tombstone_records_zone
   via  0010822597d CVE-2019-14907 lib/util: Do not print the failed to 
convert string into the logs
   via  5884a973309 CVE-2019-14902 dsdb: Change basis of descriptor module 
deferred processing to be GUIDs
   via  da1d3a0c03c CVE-2019-14902 repl_meta_data: Set renamed = true (and 
so do SD inheritance) after any rename
   via  febccb4845e CVE-2019-14902 repl_meta_data: Fix issue where 
inherited Security Descriptors were not replicated.
   via  2cf368d0023 CVE-2019-14902 repl_meta_data: schedule SD propagation 
to a renamed DN
   via  dc1b30c8316 CVE-2019-14902 dsdb: Ensure we honour both 
change->force_self and change->force_children
   via  68a91b11e40 CVE-2019-14902 dsdb: Add comments explaining why SD 
propagation needs to be done here
   via  971247385a4 CVE-2019-14902 dsdb: Explain that 
descriptor_sd_propagation_recursive() is proctected by a transaction
   via  50498111ac0 selftest: Add test to confirm ACL inheritence really 
happens
   via  59a7bbe0c15 CVE-2019-14902 selftest: Add test for a special case 
around replicated renames
   via  6b6a993e6af CVE-2019-14902 selftest: Add test for replication of 
inherited security descriptors
   via  98761ff1b2e VERSION: Bump version up to 4.11.5...
  from  c5dee3fcee6 libsmbclient: If over SMB1 first try to do a posix stat 
on the file.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit c5f61b9dd0a0624ba91f1ee9277c653ebb38a3e6
Author: Karolin Seeger 
Date:   Tue Jan 21 11:02:17 2020 +0100

VERSION: Bump version up to 4.11.6.

Signed-off-by: Karolin Seeger 

commit 5f73530222071af7cf6d9fa044cde86217fec112
Merge: c5dee3fcee6 01a4dd8ea2b
Author: Karolin Seeger 
Date:   Tue Jan 21 11:01:42 2020 +0100

Merge tag 'samba-4.11.5' into v4-11-test

samba: tag release samba-4.11.5

---

Summary of changes:
 VERSION |   2 +-
 WHATSNEW.txt|  76 -
 lib/util/charset/convert_string.c   |  38 +--
 source4/dsdb/kcc/scavenge_dns_records.c |  51 ++-
 source4/dsdb/samdb/ldb_modules/acl_util.c   |   4 +-
 source4/dsdb/samdb/ldb_modules/descriptor.c | 291 +
 source4/dsdb/samdb/ldb_modules/repl_meta_data.c |  55 +++-
 source4/dsdb/samdb/samdb.h  |   2 +-
 source4/selftest/tests.py   |   5 +
 source4/torture/drs/python/repl_secdesc.py  | 400 
 10 files changed, 752 insertions(+), 172 deletions(-)
 create mode 100644 source4/torture/drs/python/repl_secdesc.py


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index 7bbd4754860..0f54515c8b9 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=11
-SAMBA_VERSION_RELEASE=5
+SAMBA_VERSION_RELEASE=6
 
 
 # If a official release has a serious bug  #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 830081446ab..99272550643 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,75 @@
+   ==
+   Release Notes for Samba 4.11.5
+  January 21, 2020
+  ==
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2019-14902: Replication of ACLs set to inherit down a subtree on AD
+ Directory not automatic.
+o CVE-2019-14907: Crash after failed character conversion at log level 3 or
+ above.   
+o CVE-2019-19344: Use after free during DNS zone scavenging in Samba AD DC.
+   
 
+   
 
+===
 
+Details
 
+===
 
+   
 
+o  CVE-2019-14902: 
   
+   The implementation of ACL

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-01-15 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  c5dee3fcee6 libsmbclient: If over SMB1 first try to do a posix stat 
on the file.
   via  e82e78b8747 s3:libsmb: Add a setup_stat_from_stat_ex() function
   via  8936e2d0274 s3:libsmb: Return a 'struct stat' buffer for 
SMBC_getatr()
   via  2db3606327f s3:libsmb: Add try_posixinfo to SMBSRV struct. Only 
enable for SMB1 with UNIX for now.
   via  fa22e5b6133 s3:libsmb: Generate the inode only based on the path 
component
   via  260d66aa0aa s3: libsmb: Move setting all struct stat fields into 
setup_stat().
   via  4eb710e3298 s3: libsmb: Move setting st->st_ino into setup_stat.
   via  463a2df2de7 s3: libsmb: Change generate_inode()/setup_stat() to 
modern coding standards.
  from  ee215ff101d ctdb-tests: Skip some tests that don't work with IPv6

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit c5dee3fcee618c471d6bec02340eddef5dd68855
Author: Andreas Schneider 
Date:   Mon Nov 25 11:11:13 2019 +0100

libsmbclient: If over SMB1 first try to do a posix stat on the file.

Disable in future, if server doesn't support this.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14101

Signed-off-by: Andreas Schneider 
Reviewed-by: Jeremy Allison 

Autobuild-User(master): Andreas Schneider 
Autobuild-Date(master): Thu Dec 19 15:44:25 UTC 2019 on sn-devel-184

(cherry picked from commit 8b04590e4d8f817ad6d194bb9d622c18734e3011)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Wed Jan 15 10:33:14 UTC 2020 on sn-devel-184

commit e82e78b8747110b73231fdc83e18a43a06f71404
Author: Andreas Schneider 
Date:   Mon Nov 25 11:10:49 2019 +0100

s3:libsmb: Add a setup_stat_from_stat_ex() function

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14101

Signed-off-by: Andreas Schneider 
Reviewed-by: Jeremy Allison 
(cherry picked from commit b3e3cb3bbd86a53b48ee009adf811d48dd50dc8b)

commit 8936e2d0274f5601f97e69aaaf2f92965dd00ddd
Author: Andreas Schneider 
Date:   Mon Nov 25 11:09:52 2019 +0100

s3:libsmb: Return a 'struct stat' buffer for SMBC_getatr()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14101

Signed-off-by: Andreas Schneider 
Reviewed-by: Jeremy Allison 
(cherry picked from commit 0fe9dc5219beaf605da9c7922053f7324507b50e)

commit 2db3606327fc4a1a19c294b87e8da6e2eb12e703
Author: Andreas Schneider 
Date:   Mon Nov 25 11:06:57 2019 +0100

s3:libsmb: Add try_posixinfo to SMBSRV struct. Only enable for SMB1 with 
UNIX for now.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14101

Signed-off-by: Andreas Schneider 
Reviewed-by: Jeremy Allison 
(cherry picked from commit bf9a3a7aa1913238ae2c997ce00369d0dbae3a08)

commit fa22e5b613345fb80f8ea47332139c328c550f5b
Author: Andreas Schneider 
Date:   Wed Dec 18 13:27:26 2019 +0100

s3:libsmb: Generate the inode only based on the path component

Currently we use the full smb url which includes also username and
password.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14101

Signed-off-by: Andreas Schneider 
Reviewed-by: Jeremy Allison 
(cherry picked from commit ea51a426e506bd6456814ecddcb63441859f9d89)

commit 260d66aa0aa9868a826c9e6e96b937e94da9a3fd
Author: Jeremy Allison 
Date:   Fri Oct 18 10:48:55 2019 -0700

s3: libsmb: Move setting all struct stat fields into setup_stat().

That way we only have one place where a struct stat is synthesised
for libsmbclient callers.

Signed-off-by: Jeremy Allison 
Reviewed-by: Andreas Schneider 
(cherry picked from commit 1f0715c0e5e6ff371e3b393a0b35222c8b6f49bc)

commit 4eb710e329827b4de9365fed8b02055e96d368cf
Author: Jeremy Allison 
Date:   Fri Oct 18 09:34:02 2019 -0700

s3: libsmb: Move setting st->st_ino into setup_stat.

Signed-off-by: Puran Chand 
Signed-off-by: Jeremy Allison 
Reviewed-by: Andreas Schneider 
(cherry picked from commit 7d3b4f47be0359b496087fc40f89b815c7958dd6)

commit 463a2df2de78f4110cb1b765293a94ebbd111658
Author: Jeremy Allison 
Date:   Fri Oct 18 09:24:38 2019 -0700

s3: libsmb: Change generate_inode()/setup_stat() to modern coding standards.

Change setup_stat() to be void. It doesn't return anything. Export
so it can be used by upcoming smbc_readdirplus2() call.

Remove unused SMBCCTX *context parameters.
Remove unused talloc_stackframe().

Signed-off-by: Puran Chand 
Signed-off-by: Jeremy Allison 
Reviewed-by: Andreas Schneider 
(cherry picked from commit d44a84295b46cc6c540a9730a615a59c1f22a277)

---

Summary of changes:
 source3/include/libsmb_internal.h |  22 +--
 source3/libsmb/libsmb_dir.c   |  31 -
 source3/libsmb/libsmb_file.c

[SCM] Samba Shared Repository - branch v4-11-test updated

2020-01-14 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  ee215ff101d ctdb-tests: Skip some tests that don't work with IPv6
   via  103d94566f1 ctdb-scripts: Strip square brackets when gathering 
connection info
   via  890513b5b3c librpc: Fix string length checking in 
ndr_pull_charset_to_null()
   via  1d28d27070a source4/utils/oLschema2ldif: include stdint.h before 
cmocka.h
   via  3889444e008 lib/ldb/tests: include stdint.h before cmocka.h
   via  67e429d86ae vfs_ceph_snapshots: fix root relative path handling
   via  54a028bd32b upgradedns: ensure lmdb lock files linked
   via  75d088aede5 test upgradedns: ensure lmdb lock files linked
   via  276a07d8eff docs-xml/winbindnssinfo: clarify interaction with 
idmap_ad etc.
  from  3659b26bcb4 s3: VFS: glusterfs: Reset nlinks for symlink entries 
during readdir

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit ee215ff101d6e3de23264fbbca9c9753a4751413
Author: Martin Schwenke 
Date:   Thu Nov 28 14:00:58 2019 +1100

ctdb-tests: Skip some tests that don't work with IPv6

See the comments added to the tests.

It may be possible to rewrite these so they do something sane for
IPv6... some other time.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14227
RN: Fix IPv6 issues (NFS connection tracking, tests)

Signed-off-by: Martin Schwenke 
Reviewed-by: Amitay Isaacs 

Autobuild-User(master): Amitay Isaacs 
Autobuild-Date(master): Fri Jan  3 00:00:55 UTC 2020 on sn-devel-184

(backported from commit 9edf15afc219a1a782ec1e4d29909361bbabc744)

Signed-off-by: Martin Schwenke 

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Tue Jan 14 10:28:01 UTC 2020 on sn-devel-184

commit 103d94566f15d2fdf880cfb5f654896c67d02a42
Author: Martin Schwenke 
Date:   Fri Dec 13 11:09:04 2019 +1100

ctdb-scripts: Strip square brackets when gathering connection info

ss added square brackets around IPv6 addresses in versions > 4.12.0
via commit aba9c23a6e1cb134840c998df14888dca469a485.  CentOS 7 added
this feature somewhere mid-release.  So, backward compatibility is
obviously needed.

As per the comment protocol/protocol_util.c should probably print and
parse such square brackets.  However, for backward compatibility the
brackets would have to be stripped in both places in
update_tickles()...  or added to the ss output when missing.  Best to
leave this until we have a connection tracking daemon.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14227

Signed-off-by: Martin Schwenke 
Reviewed-by: Amitay Isaacs 
(cherry picked from commit 693080abe4d8bec96280af5a6aa668251a98ec5d)

commit 890513b5b3cf8c8b14fc21c1f095b9d4a3f94e04
Author: Andreas Schneider 
Date:   Mon Dec 16 15:50:17 2019 +0100

librpc: Fix string length checking in ndr_pull_charset_to_null()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14219

Pair-Programmed-With: Guenther Deschner 
Signed-off-by: Guenther Deschner 
Signed-off-by: Andreas Schneider 
Reviewed-by: Andrew Bartlett 
(cherry picked from commit f11e207e01c52566c47e350ff240fe95392de0c3)

commit 1d28d27070a7ade82283dab11c9ef7cadfbf54fb
Author: Fabrice Fontaine 
Date:   Mon Dec 16 10:28:53 2019 +0100

source4/utils/oLschema2ldif: include stdint.h before cmocka.h

This fix the following build failure:

In file included from 
/home/fabrice/buildroot/output/host/opt/ext-toolchain/lib/gcc/mips64el-buildroot-linux-uclibc/5.5.0/include/stdint.h:9:0,
 from 
/home/fabrice/buildroot/output/host/mips64el-buildroot-linux-uclibc/sysroot/usr/include/inttypes.h:27,
 from ../../lib/replace/../replace/replace.h:64,
 from ../../source4/include/includes.h:23,
 from ../../source4/utils/oLschema2ldif/test.c:25:

/home/fabrice/buildroot/output/host/mips64el-buildroot-linux-uclibc/sysroot/usr/include/stdint.h:122:27:
 error: conflicting types for ‘uintptr_t’
 typedef unsigned long int uintptr_t;
   ^
In file included from ../../source4/utils/oLschema2ldif/test.c:23:0:

/home/fabrice/buildroot/output/host/mips64el-buildroot-linux-uclibc/sysroot/usr/include/cmocka.h:132:28:
 note: previous declaration of ‘uintptr_t’ was here
   typedef unsigned int uintptr_t;

Fixes:
 - 
http://autobuild.buildroot.org/results/9507739b3d5d51024ee9c60b74c2f85d5004e7e2

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14218

Signed-off-by: Fabrice Fontaine 
Reviewed-by: Uri Simchoni 
Reviewed-by: Andreas Schneider 

Autobuild-User(master): Andreas Schneider 
Autobuild-Date(master): Wed Dec 18 16:57:52 UTC 2019 on sn-devel-184

(cherry picked from commit

[SCM] Samba Shared Repository - branch v4-11-test updated

2019-12-19 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  3659b26bcb4 s3: VFS: glusterfs: Reset nlinks for symlink entries 
during readdir
   via  db5c0d6c05b Avoiding bad call flags with python 3.8, using 
METH_NOARGS instead of zero.
   via  a7505aabbe9 pygpo: use correct method flags
  from  5a75d981409 VERSION: Bump version up to 4.11.5...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 3659b26bcb4a3592534a88d1e59712bb272b0d92
Author: Anoop C S 
Date:   Tue Nov 12 19:58:43 2019 +0530

s3: VFS: glusterfs: Reset nlinks for symlink entries during readdir

On receiving an already initialized stat_ex buffer for readdir() call we
invoke readdirplus() GlusterFS API, an optimized variant of readdir(),
which then returns stat information along with dir entry result. But for
symlink entries we don't know if link or target info is needed. In that
case it is better to leave this decision back to caller by resetting
nlinks value inside stat information to make it invalid.

This was also preventing us from displaying msdfs link as directories
inside the share.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14182

Signed-off-by: Anoop C S 
Reviewed-by: Günther Deschner 
Reviewed-by: Jeremy Allison 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Tue Dec 17 21:53:07 UTC 2019 on sn-devel-184

(cherry picked from commit fca2d3e0d1fa5af59e7b729f7c1d126f7b81e149)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Thu Dec 19 09:52:17 UTC 2019 on sn-devel-184

commit db5c0d6c05b7d15ca0503642bb7741bf57d2d489
Author: Torsten Fohrer 
Date:   Sun Dec 15 16:58:40 2019 +0100

Avoiding bad call flags with python 3.8, using METH_NOARGS instead of zero.

(C) SBE network solutions GmbH

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14209

Signed-off-by: Torsten Fohrer 
Reviewed-by: Douglas Bagnall 
Reviewed-by: Ralph Boehme 

Autobuild-User(master): Ralph Böhme 
Autobuild-Date(master): Wed Dec 18 14:33:58 UTC 2019 on sn-devel-184

(cherry picked from commit f0eb1e623f76d3dbd0c22f96cabebd1041c147df)

commit a7505aabbe9710a0b025f40ffd5c4db1a6d78ed0
Author: Douglas Bagnall 
Date:   Tue Dec 3 11:17:26 2019 +1300

pygpo: use correct method flags

The METH_KEYWORDS argument must always be combined with METH_VARARGS.

In Python up to 3.7 this was checked at runtime, and as we had no callers to
get_unix_path() in Python we never noticed. In Python 3.8 it is checked at
import time, and everyone notices even if they aren't directly using GPOs.

Found and reported by Val Kulkov.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14209
Signed-off-by: Douglas Bagnall 
Reviewed-by: Andrew Bartlett 
(cherry picked from commit 12cccf3447333dfd4f5e437cd57ca5ec68724fdd)

---

Summary of changes:
 libgpo/pygpo.c  | 2 +-
 source3/modules/vfs_glusterfs.c | 5 -
 source4/auth/gensec/pygensec.c  | 2 +-
 3 files changed, 6 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/libgpo/pygpo.c b/libgpo/pygpo.c
index 581d20e0649..97bbb3ec528 100644
--- a/libgpo/pygpo.c
+++ b/libgpo/pygpo.c
@@ -118,7 +118,7 @@ out:
 static PyMethodDef GPO_methods[] = {
{"get_unix_path", PY_DISCARD_FUNC_SIG(PyCFunction,
  py_gpo_get_unix_path),
-   METH_KEYWORDS,
+   METH_VARARGS | METH_KEYWORDS,
NULL },
{NULL}
 };
diff --git a/source3/modules/vfs_glusterfs.c b/source3/modules/vfs_glusterfs.c
index 8827bf018ab..f23a8821add 100644
--- a/source3/modules/vfs_glusterfs.c
+++ b/source3/modules/vfs_glusterfs.c
@@ -564,7 +564,10 @@ static struct dirent *vfs_gluster_readdir(struct 
vfs_handle_struct *handle,
}
 
if (sbuf != NULL) {
-   smb_stat_ex_from_stat(sbuf, );
+   SET_STAT_INVALID(*sbuf);
+   if (!S_ISLNK(stat.st_mode)) {
+   smb_stat_ex_from_stat(sbuf, );
+   }
}
 
END_PROFILE(syscall_readdir);
diff --git a/source4/auth/gensec/pygensec.c b/source4/auth/gensec/pygensec.c
index b2c1e9c279a..c866180edb3 100644
--- a/source4/auth/gensec/pygensec.c
+++ b/source4/auth/gensec/pygensec.c
@@ -678,7 +678,7 @@ static PyMethodDef py_gensec_security_methods[] = {
"S.have_feature()\n Return True if GENSEC negotiated a 
particular feature." },
{ "set_max_update_size",  (PyCFunction)py_gensec_set_max_update_size, 
METH_VARARGS,
"S.set_max_update_size(max_size) \n Some mechs can fragment 
update packets, needs to be use before the mech is started." },
-   { "max_update_size",

[SCM] Samba Shared Repository - branch v4-11-test updated

2019-12-16 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  5a75d981409 VERSION: Bump version up to 4.11.5...
   via  a3e0dc33741 VERSION: Disable GIT_SNAPSHOT for the 4.11.4 release.
  from  36da9ac22d8 s3: smbd: Only set xconn->smb1.negprot.done = true 
after supported_protocols[protocol].proto_reply_fn() succeeds.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 5a75d9814091631001be8d7d8ccec66ea6380cfb
Author: Karolin Seeger 
Date:   Mon Dec 16 15:54:00 2019 +0100

VERSION: Bump version up to 4.11.5...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger 

commit a3e0dc33741044f68788796fe669b6a5f0004ea7
Author: Karolin Seeger 
Date:   Mon Dec 16 15:53:05 2019 +0100

VERSION: Disable GIT_SNAPSHOT for the 4.11.4 release.

Signed-off-by: Karolin Seeger 

---

Summary of changes:
 VERSION  |  2 +-
 WHATSNEW.txt | 85 ++--
 2 files changed, 84 insertions(+), 3 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index cb2725e300c..7bbd4754860 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=11
-SAMBA_VERSION_RELEASE=4
+SAMBA_VERSION_RELEASE=5
 
 
 # If a official release has a serious bug  #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 8bafa38b47c..830081446ab 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,84 @@
+   ==
+   Release Notes for Samba 4.11.4
+  December 16, 2019
+  ==
+
+
+This is the latest stable release of the Samba 4.11 release series.
+
+
+Changes since 4.11.3:
+-
+
+o  Jeremy Allison 
+   * BUG 14161: s3: libsmb: Ensure SMB1 cli_qpathinfo2() doesn't return an 
inode
+ number.
+   * BUG 14174: s3: utils: smbtree. Ensure we don't call cli_RNetShareEnum()
+ on an SMB1 connection.
+   * BUG 14176: NT_STATUS_ACCESS_DENIED becomes EINVAL when using SMB2 in
+ SMBC_opendir_ctx.
+   * BUG 14189: s3: smbd: SMB2 - Ensure we use the correct session_id if
+ encrypting an interim response.
+   * BUG 14205: Prevent smbd crash after invalid SMB1 negprot.
+
+o  Ralph Boehme 
+   * BUG 13745: s3:printing: Fix %J substition.
+   * BUG 13925: s3: Remove now unneeded call to cmdline_messaging_context().
+   * BUG 14069: Incomplete conversion of former parametric options.
+   * BUG 14070: Fix sync dosmode fallback in async dosmode codepath.
+   * BUG 14171: vfs_fruit returns capped resource fork length.
+
+o  Isaac Boukris 
+   * BUG 14116: libnet_join: Add SPNs for additional-dns-hostnames entries.
+
+o  Volker Lendecke 
+   * BUG 14211: smbd: Increase a debug level.
+
+o  Stefan Metzmacher 
+   * BUG 14153: Prevent azure ad connect from reporting discovery errors:
+ reference-value-not-ldap-conformant.
+
+o  Christof Schmitt 
+   * BUG 14179: krb5_plugin: Fix developer build with newer heimdal system
+ library.
+
+o  Andreas Schneider 
+   * BUG 14168: replace: Only link libnsl and libsocket if requrired.
+
+o  Martin Schwenke 
+   * BUG 14175: ctdb: Incoming queue can be orphaned causing communication
+ breakdown.
+
+o  Uri Simchoni 
+   * BUG 13846: ldb: Release ldb 2.0.8. Cross-compile will not take
+ cross-answers or cross-execute.
+   * BUG 13856: heimdal-build: Avoid hard-coded /usr/include/heimdal in
+ asn1_compile-generated code.
+
+
+###
+Reporting bugs & Development Discussion
+###
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+==
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==
+
+
+Release notes for older releases follow:
+
+
==
Release Notes for Samba 4.11.3
   December 10, 2019
@@ -57,8 +138,8 @@ database (https://bugzilla.samba.org/).
 ==
 
 
-Release notes for older releases follow:

[SCM] Samba Shared Repository - branch v4-11-test updated

2019-12-13 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  36da9ac22d8 s3: smbd: Only set xconn->smb1.negprot.done = true 
after supported_protocols[protocol].proto_reply_fn() succeeds.
   via  cfa22afe0a7 python: tests. Add test for fuzzing smbd crash bug.
   via  5f8fef17042 s3: smbd: Ensure we exit if 
supported_protocols[protocol].proto_reply_fn() fails.
   via  e76ceea1deb s3: smbd: Change (*proto_reply_fn()) to return an 
NTSTATUS.
   via  ce67f60822e s3: smbd: Change reply_smb20xx() to return NTSTATUS.
   via  cff1d4c3421 s3: smbd: Ensure we exit on smbd_smb2_process_negprot() 
fail.
   via  0521333d477 s3: smbd: Allow smbd_smb2_process_negprot() to return 
NTSTATUS as it can fail.
   via  a7fa51a7a56 s3: smbd: SMB2 - Ensure we use the correct session_id 
if encrypting an interim response.
  from  b4fd49a46b2 VERSION: Bump version up to 4.11.4.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 36da9ac22d893219bfeff2e019b332716e4733ca
Author: Jeremy Allison 
Date:   Tue Nov 26 12:53:09 2019 -0800

s3: smbd: Only set xconn->smb1.negprot.done = true after 
supported_protocols[protocol].proto_reply_fn() succeeds.

Otherwise we can end up with negprot.done set, but
without smbXsrv_connection_init_tables() being called.

This can cause a client self-crash.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14205

Signed-off-by: Jeremy Allison 
Reviewed-by: Volker Lendecke 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Wed Dec  4 21:27:24 UTC 2019 on sn-devel-184

(cherry picked from commit 8db0c1bff6f42feabd2e4d9dfb13ae12cc29607b)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Fri Dec 13 12:30:57 UTC 2019 on sn-devel-184

commit cfa22afe0a77cd56f25b6b7aa93f36a790ed6deb
Author: Jeremy Allison 
Date:   Mon Dec 2 17:23:21 2019 -0800

python: tests. Add test for fuzzing smbd crash bug.

Mark knownfail for now.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14205

Signed-off-by: Jeremy Allison 
Reviewed-by: Andrew Bartlett 
(cherry picked from commit 46899ecf836d350c0c29b615869851da7d0ad6fb)

commit 5f8fef17042d9795b42b2d4c6ec7e1b6f2568be0
Author: Jeremy Allison 
Date:   Tue Nov 26 12:46:16 2019 -0800

s3: smbd: Ensure we exit if supported_protocols[protocol].proto_reply_fn() 
fails.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14205

Signed-off-by: Jeremy Allison 
Reviewed-by: Volker Lendecke 
(cherry picked from commit e84910d919e02feab2a297fccbbf95f333e32119)

commit e76ceea1debfcd5d530fe89dab1ebea27bc7ea60
Author: Jeremy Allison 
Date:   Tue Nov 26 12:43:25 2019 -0800

s3: smbd: Change (*proto_reply_fn()) to return an NTSTATUS.

That way the caller can know if the negprot really
succeeded or not.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14205

Signed-off-by: Jeremy Allison 
Reviewed-by: Volker Lendecke 
(cherry picked from commit f4caa4159bd3db5127e114718e606867348a4f47)

commit ce67f60822ea626df8e69022b139b20bc9637a3d
Author: Jeremy Allison 
Date:   Tue Nov 26 12:21:06 2019 -0800

s3: smbd: Change reply_smb20xx() to return NTSTATUS.

Not yet used.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14205

Signed-off-by: Jeremy Allison 
Reviewed-by: Volker Lendecke 
(cherry picked from commit 836219c479b047403d2b0839a6b92ad637dbaea0)

commit cff1d4c3421cbf56e128e5a57a9cc495a51a1f1f
Author: Jeremy Allison 
Date:   Tue Nov 26 12:17:29 2019 -0800

s3: smbd: Ensure we exit on smbd_smb2_process_negprot() fail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14205

Signed-off-by: Jeremy Allison 
Reviewed-by: Volker Lendecke 
(cherry picked from commit a2d81d77c111379cbb6bd732c717307974eace0a)

commit 0521333d47737c8e2af0883590fa5384dcd045c9
Author: Jeremy Allison 
Date:   Tue Nov 26 12:14:29 2019 -0800

s3: smbd: Allow smbd_smb2_process_negprot() to return NTSTATUS as it can 
fail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14205

Signed-off-by: Jeremy Allison 
Reviewed-by: Volker Lendecke 
(cherry picked from commit 868bc05cf5d575e20edcce241e3af1d0fa6d9824)

commit a7fa51a7a56236ffc29d65055ac42a5969299fc8
Author: Jeremy Allison 
Date:   Thu Nov 7 12:02:13 2019 -0800

s3: smbd: SMB2 - Ensure we use the correct session_id if encrypting an 
interim response.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14189

Signed-off-by: Jeremy Allison 
Reviewed-by: Stefan Metzmacher 
(cherry picked from commit eae1a45d09ef54dd6b59803eedca672ae9433902)

---

Summary of changes:
 python/samba/tests/smbd_fuzztest.py | 77 +
 selftest/tests.py

[SCM] Samba Shared Repository - branch v4-11-test updated

2019-12-10 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  b4fd49a46b2 VERSION: Bump version up to 4.11.4.
   via  e81ef10bbf5 Merge tag 'samba-4.11.3' into v4-11-test
   via  7fc8563c2f6 VERSION: Disable GIT_SNAPSHOT for the 4.11.3 release.
   via  a694a009147 WHATSNEW: Add release notes for Samba 4.11.3.
   via  1ccab20c59b CVE-2019-14870: mit-kdc: enforce delegation_not_allowed 
flag
   via  fbc1f000cf7 CVE-2019-14870: heimdal: enforce delegation_not_allowed 
in S4U2Self
   via  fc0127db4b9 CVE-2019-14870: heimdal: add S4U test for 
delegation_not_allowed
   via  fbd7a4c08fd samba-tool: add user-sensitive command to set 
not-delegated flag
   via  b69ee283de5 s4-torture: Reduce flapping in 
SambaToolDrsTests.test_samba_tool_replicate_local
   via  fae319523b0 CVE-2019-14861: Test to demonstrate the bug
   via  2318a4a7233 CVE-2019-14861: s4-rpc/dnsserver: Avoid crash in 
ldb_qsort() via dcesrv_DnssrvEnumRecords)
   via  67b41bd CVE-2019-14861: s4-rpc_server: Remove special case for 
@ in dns_build_tree()
   via  9324b7a9e4c CVE-2019-14861: s4-rpc/dnsserver: Confirm sort 
behaviour in dcesrv_DnssrvEnumRecords
   via  026fd23cf91 VERSION: Re-enable GIT_SNAPSHOT.
   via  dff88803584 VERSION: Bump version up to 4.11.3.
  from  91f39dbda15 smbd: Increase a debug level

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit b4fd49a46b245463eed45477fee9081e2e3c1e3a
Author: Karolin Seeger 
Date:   Tue Dec 10 10:26:08 2019 +0100

VERSION: Bump version up to 4.11.4.

Signed-off-by: Karolin Seeger 

commit e81ef10bbf5579e24a7eaa33a775d3da74dd6dd0
Merge: 91f39dbda15 7fc8563c2f6
Author: Karolin Seeger 
Date:   Tue Dec 10 10:25:47 2019 +0100

Merge tag 'samba-4.11.3' into v4-11-test

samba: tag release samba-4.11.3

---

Summary of changes:
 VERSION |   2 +-
 WHATSNEW.txt|  66 ++-
 python/samba/netcmd/user.py |  58 ++
 python/samba/tests/dcerpc/dnsserver.py  | 148 
 selftest/flapping.d/dnsserver   |   2 +
 source4/heimdal/kdc/krb5tgs.c   |  58 ++
 source4/kdc/mit_samba.c |   5 +
 source4/kdc/sdb_to_kdb.c|  17 +--
 source4/rpc_server/dnsserver/dcerpc_dnsserver.c |  21 ++--
 source4/rpc_server/dnsserver/dnsdata.c  |  28 ++---
 source4/rpc_server/dnsserver/dnsserver.h|   4 +-
 source4/selftest/tests.py   |   1 +
 source4/torture/drs/python/samba_tool_drs.py|   3 +-
 testprogs/blackbox/test_s4u_heimdal.sh  |  73 
 14 files changed, 418 insertions(+), 68 deletions(-)
 create mode 100644 selftest/flapping.d/dnsserver
 create mode 100755 testprogs/blackbox/test_s4u_heimdal.sh


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index e9cc49c7f77..cb2725e300c 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=11
-SAMBA_VERSION_RELEASE=3
+SAMBA_VERSION_RELEASE=4
 
 
 # If a official release has a serious bug  #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 8c6db3b3034..8bafa38b47c 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,65 @@
+   ==
+   Release Notes for Samba 4.11.3
+  December 10, 2019
+  ==
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2019-14861: Samba AD DC zone-named record Denial of Service in DNS
+ management server (dnsserver).
+o CVE-2019-14870: DelegationNotAllowed not being enforced in protocol 
transition
+ on Samba AD DC.
+
+
+===
+Details
+===
+
+o  CVE-2019-14861:
+   An authenticated user can crash the DCE/RPC DNS management server by 
creating
+   records with matching the zone name.
+
+o  CVE-2019-14870:
+   The DelegationNotAllowed Kerberos feature restriction was not being applied
+   when processing protocol transition requests (S4U2Self), in the AD DC KDC.
+
+For more details and workarounds, please refer to the security advisories.
+
+
+Changes since 4.11.2:
+-
+
+o  Andrew Bartlett 
+   * BUG 14138: CVE-2019-14861: Fix DNSServer RPC server crash.
+
+o  Isaac Boukris 
+   * BUG 14187: CVE-2019-14870: DelegationNotAllowed not being enforced.
+
+
+###
+Reporting bugs & Development Discussion
+###
+
+Please discuss this release on the samba-technical mailing list or by
+joining the

[SCM] Samba Shared Repository - branch v4-11-test updated

2019-12-04 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  91f39dbda15 smbd: Increase a debug level
   via  ec4381228f3 heimdal-build: avoid hard-coded /usr/include/heimdal in 
asn1_compile-generated code.
   via  c37b94fd0a7 ldb: Release ldb 2.0.8
   via  1c8ac011360 autobuild: harden samba-xc test suite
   via  b7894c151ab wafsamba: pass environment to cross-execute tests
   via  98dc227dce9 wafsamba: avoid pre-forking if cross-compilation is 
enabled
   via  e1a0813aa5c wafsamba: use test_args instead of exec_args to support 
cross-compilation
   via  b691110c267 waf: upgrade to 2.0.18
  from  70c829304e0 ctdb-tcp: Close inflight connecting TCP sockets after 
fork

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 91f39dbda151f6a2768b6e5eff59f931f303721f
Author: Volker Lendecke 
Date:   Tue Jul 9 20:04:03 2019 +0200

smbd: Increase a debug level

This is not a real error, it happens when the share mode record is not
around.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14211
Signed-off-by: Volker Lendecke 
Reviewed-by: Uri Simchoni 
(cherry picked from commit 4b05fe7ca73dae30807680f0e0401340bfb2c738)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Wed Dec  4 10:15:19 UTC 2019 on sn-devel-184

commit ec4381228f33f04362cd05bdba330ffc89c0e162
Author: Uri Simchoni 
Date:   Sun Oct 20 21:36:11 2019 +0300

heimdal-build: avoid hard-coded /usr/include/heimdal in 
asn1_compile-generated code.

This fixes a cross-compilation issue, as cross-compilers (rightly)
complain if host include directories are in the include path.

The fix is taken from buildroot 
(https://github.com/buildroot/buildroot/blob/8b11b96f41a6ffa76556c9bf03a863955871ee57/package/samba4/0006-heimdal_build-wscript_build-do-not-add-host-include-.patch)
 where it was applied by Bernd Kuhls .

This reverts some of 3fe2bfddda6149f6bf7402720226e9285f479fef, but
building Samba's bundled Heimdal with a system roken is not supported
anyway.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13856

Signed-off-by: Uri Simchoni 
Reviewed-by: Andrew Bartlett 

Autobuild-User(master): Andrew Bartlett 
Autobuild-Date(master): Sun Dec  1 10:22:01 UTC 2019 on sn-devel-184

(cherry picked from commit 27fc062d7ea2207242d5a2c9933f3de5fa206488)

commit c37b94fd0a7b24df93b664ad4c2d197c516c9dce
Author: Uri Simchoni 
Date:   Thu Nov 28 21:19:51 2019 +0200

ldb: Release ldb 2.0.8

* Upgrade waf to version 2.0.18 to match the rest of Samba 4.11.x

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13846

Signed-off-by: Uri Simchoni 

commit 1c8ac011360541bd0d1c3675ae8a99fd21dd5ab7
Author: Uri Simchoni 
Date:   Wed Oct 9 21:53:43 2019 +0300

autobuild: harden samba-xc test suite

Add more checks which directly test the behavior of
--cross-answers and --cross-execute.

Previous test tested things in a round-about way, checking
that running in all three modes (native, cross-execute,
cross-answers) yields the same result. It was vulnerable
to a degradation in which cross-compilation modes didn't
work at all and were running native tests, which is
what happened with the upgrade of waf.

The added tests check the following:
- That cross-excute with cross-answers sets the cross-answers file
- That the content of cross-answers file actually affects the build
  configuration
- That a missing line in cross-answers fails the build

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13846

Signed-off-by: Uri Simchoni 
Reviewed-by: Andrew Bartlett 

Autobuild-User(master): Uri Simchoni 
Autobuild-Date(master): Sun Oct 20 13:29:58 UTC 2019 on sn-devel-184

(cherry picked from commit 649d15bb969b6d27fd4554f49600366bb3df4712)

commit b7894c151ab2c10774a4cedde82b97fd5da26307
Author: Uri Simchoni 
Date:   Mon Oct 7 00:37:41 2019 +0300

wafsamba: pass environment to cross-execute tests

This can come in handy for cross-execute scripts in general, and
is particularly required by the samba-xc test for cross-answers /
cross-execute, because Samba sets LD_LIBRARY_PATH during rpath
checks, and the test program needs that in order to successfully
run.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13846

Signed-off-by: Uri Simchoni 
Reviewed-by: Andrew Bartlett 
(cherry picked from commit fdfd69840902f4b13db2a204a0ca87a578b61b85)

commit 98dc227dce980307ec58bd326b773e41272d4c98
Author: Uri Simchoni 
Date:   Mon Oct 7 00:37:31 2019 +0300

wafsamba: avoid pre-forking if cross-compilation is enabled

Waf supports pre-forking to run configuration tests, but this
doesn't play well with Samba's cross-compilation support, because
Samba

[SCM] Samba Shared Repository - branch v4-11-test updated

2019-11-19 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  70c829304e0 ctdb-tcp: Close inflight connecting TCP sockets after 
fork
   via  0b78c29a0fa ctdb-tcp: Drop tracking of file descriptor for incoming 
connections
   via  77deaadca8e ctdb-tcp: Avoid orphaning the TCP incoming queue
   via  bc152b8473a ctdb-tcp: Check incoming queue to see if incoming 
connection is up
   via  3e5b173ef44 gitlab-ci: Run samba-fileserver-heimdalkrb5
   via  7d7e6326493 bootstrap: Add heimdal-multidev for Debian and Ubuntu
   via  af83d6adf94 autobuild: Add test for build with system heimdal 
library
   via  ce4ab72c01f krb5_plugin: Fix developer build with newer heimdal 
system library
   via  060ff2dd504 krb5_plugin: Use C99 initializer
   via  95f267704e7 selftest: system-heimdal: workaround upstream "host" 
canon bug
   via  83299928bbf wscript: Fix build with system heimdal
   via  9010e9f373e s3: libsmb: Ensure return from net_share_enum_rpc() 
sets cli->raw_status on error.
  from  78ead63dbff s3: utils: smbtree. Ensure we don't call 
cli_RNetShareEnum() on an SMB1 connection.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 70c829304e0d24c228bde79a6dd6597e7e2e185a
Author: Volker Lendecke 
Date:   Thu Nov 7 15:26:01 2019 +0100

ctdb-tcp: Close inflight connecting TCP sockets after fork

Commit c68b6f96f26 changed the talloc hierarchy such that outgoing TCP 
sockets
while sitting in the async connect() syscall are not freed via
ctdb_tcp_shutdown() anymore, they are hanging off a longer-running 
structure.
Free this structure as well.

If an outgoing TCP socket leaks into a long-running child process (possibly 
the
recovery daemon), this connection will never be closed as seen by the
destination node. Because with recent changes incoming connections will not 
be
accepted as long as any incoming connection is alive, with that socket leak
into the recovery daemon we will never again be able to successfully 
connect to
the node that is affected by this leak. Further attempts to connect will be
discarded by the destination as long as the recovery daemon keeps this 
socket
alive.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14175
RN: Avoid communication breakdown on node reconnect

Signed-off-by: Martin Schwenke 
Signed-off-by: Volker Lendecke 
Reviewed-by: Amitay Isaacs 
(cherry picked from commit a6d99d9e5c5bc58e6d56be7a6c1dbc7c8d1a882f)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Tue Nov 19 13:21:18 UTC 2019 on sn-devel-184

commit 0b78c29a0fa091d54871cac084e9673605ae6a4e
Author: Martin Schwenke 
Date:   Tue Oct 29 17:28:22 2019 +1100

ctdb-tcp: Drop tracking of file descriptor for incoming connections

This file descriptor is owned by the incoming queue.  It will be
closed when the queue is torn down.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14175

Signed-off-by: Martin Schwenke 
Reviewed-by: Amitay Isaacs 
(cherry picked from commit bf47bc18bb8a94231870ef821c0352b7a15c2e28)

commit 77deaadca8e8dbc3c92ea16893099c72f6dc874e
Author: Martin Schwenke 
Date:   Tue Oct 29 15:29:11 2019 +1100

ctdb-tcp: Avoid orphaning the TCP incoming queue

CTDB's incoming queue handling does not check whether an existing
queue exists, so can overwrite the pointer to the queue.  This used to
be harmless until commit c68b6f96f26664459187ab2fbd56767fb31767e0
changed the read callback to use a parent structure as the callback
data.  Instead of cleaning up an orphaned queue on disconnect, as
before, this will now free the new queue.

At first glance it doesn't seem possible that 2 incoming connections
from the same node could be processed before the intervening
disconnect.  However, the incoming connections and disconnect occur on
different file descriptors.  The queue can become orphaned on node A
when the following sequence occurs:

1. Node A comes up
2. Node A accepts an incoming connection from node B
3. Node B processes a timeout before noticing that outgoing the queue is 
writable
4. Node B tears down the outgoing connection to node A
5. Node B initiates a new connection to node A
6. Node A accepts an incoming connection from node B

Node A processes then the disconnect of the old incoming connection
from (2) but tears down the new incoming connection from (6).  This
then occurs until the originally affected node is restarted.

However, due to the number of outgoing connection attempts and
associated teardowns, this induces the same behaviour on the
corresponding incoming queue on all nodes that node A attempts to
connect to.  Therefore, other nodes become affected and need to be
restarted too.

[SCM] Samba Shared Repository - branch v4-11-test updated

2019-11-08 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  ce18ef9e545 lib/adouble: pass filesize to ad_unpack()
   via  c00a8959b6f lib/adouble: drop ad_data reallocate logic
   via  1fa47717494 vfs_fruit: README.Coding fix: multi-line if expression
   via  d47b2cb8a22 vfs_fruit: fix a long line
   via  fb118393f39 torture: expand test "vfs.fruit.resource fork IO" to 
check size
   via  8c5e4161fa4 s3:smbd: Fix sync dosmode fallback in async dosmode 
codepath
   via  eacdde195ac s3:smbd: Incomplete conversion of former parametric 
options
   via  098ddd6fe4e s3: remove now unneeded call to 
cmdline_messaging_context()
   via  ac3cb59fd4f s3:dbwrap: initialize messaging before getting the ctdb 
connection
  from  b30b3073f9c libnet_join: add SPNs for additional-dns-hostnames 
entries

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit ce18ef9e54530a96d33a4ec842bd599a4a51a7b8
Author: Ralph Boehme 
Date:   Thu Oct 24 17:15:18 2019 +0200

lib/adouble: pass filesize to ad_unpack()

ad_unpack() needs the filesize, not the capped IO size we're using in the 
caller
to read up to "size" bystem from the ._ AppleDouble file.

This fixes a regression introduced by 
bdc257a1cbac7e8c73a084b618ba642476807483
for bug 13968.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14171
RN: vfs_fruit returns capped resource fork length

Signed-off-by: Ralph Boehme 
Reviewed-by: Stefan Metzmacher 

Autobuild-User(master): Ralph Böhme 
Autobuild-Date(master): Wed Oct 30 14:52:34 UTC 2019 on sn-devel-184

(backported from commit f3df83a2c346d945487a27a9d258ee6331ea7dbb)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Fri Nov  8 13:52:49 UTC 2019 on sn-devel-184

commit c00a8959b6ff474478a40469cd5ea367c7037be4
Author: Ralph Boehme 
Date:   Fri Oct 25 15:21:32 2019 +0200

lib/adouble: drop ad_data reallocate logic

Simply set the buffer size to AD_XATTR_MAX_HDR_SIZE. When reading the
AppleDouble file, read up to AD_XATTR_MAX_HDR_SIZE from the file.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14171

Signed-off-by: Ralph Boehme 
Reviewed-by: Stefan Metzmacher 
(backported from commit 9a3da6bebcdb924ca2027337544d79ac2088677e)

commit 1fa47717494f63413c1fe6a1e348605bdc2a17f3
Author: Ralph Boehme 
Date:   Thu Oct 24 17:26:08 2019 +0200

vfs_fruit: README.Coding fix: multi-line if expression

Also remove a TAB.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14171

Signed-off-by: Ralph Boehme 
Reviewed-by: Stefan Metzmacher 
(backported from commit baaaf59e948df625b01fa8b6317ab5c3babb4e8f)

commit d47b2cb8a224a7133d47ff0df78abe172480b144
Author: Ralph Boehme 
Date:   Thu Oct 24 17:17:28 2019 +0200

vfs_fruit: fix a long line

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14171

Signed-off-by: Ralph Boehme 
Reviewed-by: Stefan Metzmacher 
(backported from commit f0c8ac47a4608eabeae334d39885aab98198b753)

commit fb118393f39a2111b75180d035d3082334ccf8f3
Author: Ralph Boehme 
Date:   Fri Oct 25 15:41:40 2019 +0200

torture: expand test "vfs.fruit.resource fork IO" to check size

Reveals a bug where the resource fork size is capped at 65454 bytes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14171

Signed-off-by: Ralph Boehme 
Reviewed-by: Stefan Metzmacher 
(cherry picked from commit b63069db9fb6efb33b7b917cd5b0ee06b0da9cdc)

commit 8c5e4161fa4e6cf0cfc8e1c45dc09e82de27685d
Author: Ralph Boehme 
Date:   Mon Aug 5 11:11:14 2019 +0200

s3:smbd: Fix sync dosmode fallback in async dosmode codepath

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14070
RN: Fix sync dosmode fallback in async dosmode codepath

Signed-off-by: Ralph Boehme 
Reviewed-by: Volker Lendecke 

Autobuild-User(master): Ralph Böhme 
Autobuild-Date(master): Tue Aug  6 15:40:18 UTC 2019 on sn-devel-184

(cherry picked from commit 5d4aa6e867044e6b58b45acde32ac35e1d0a7765)

commit eacdde195ac595bce9b35febb13b9723851fbb41
Author: Ralph Boehme 
Date:   Mon Aug 5 10:59:22 2019 +0200

s3:smbd: Incomplete conversion of former parametric options

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14069
RN: Incomplete conversion of former parametric options

Signed-off-by: Ralph Boehme 
Reviewed-by: Volker Lendecke 
(backported from commit ea17bd5539eb0be7a446b99c8b6baa4aa1ab273f)

commit 098ddd6fe4e7d95cba6fa50749479f5243f671e9
Author: Ralph Boehme 
Date:   Sat May 4 12:12:48 2019 +0200

s3: remove now unneeded call to cmdline_messaging_context()

This was only needed as dbwrap_open() had a bug where it asked for the ctdb
connection before initializing messaging. The previous commit fixed that so 
we
can now safely remove

[SCM] Samba Shared Repository - branch v4-11-test updated

2019-11-05 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  b30b3073f9c libnet_join: add SPNs for additional-dns-hostnames 
entries
   via  35da7673e88 docs-xml: add "additional dns hostnames" smb.conf option
   via  526ad3a904a libnet_join_set_machine_spn: simplify adding uniq spn 
to array
   via  3f9a9b95dd1 libnet_join_set_machine_spn: simplify memory handling
   via  2e7683c937e libnet_join_set_machine_spn: improve style and make a 
bit room for indentation
   via  0b3503a436a libnet_join: build dnsHostName from netbios name and 
lp_dnsdomain()
   via  79c2fd908d4 s4:dirsync: fix interaction of dirsync and extended_dn 
controls
   via  b62705398d1 s4:tests/dirsync: add tests for dirsync with extended_dn
  from  2958016c30a replace: Only link libnsl and libsocket if requrired

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit b30b3073f9c0aa052b354385b2878f9a17756bee
Author: Isaac Boukris 
Date:   Fri Sep 13 10:56:10 2019 +0300

libnet_join: add SPNs for additional-dns-hostnames entries

and set msDS-AdditionalDnsHostName to the specified list.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116

Signed-off-by: Isaac Boukris 
Reviewed-by: Ralph Boehme 
Reviewed-by: Alexander Bokovoy 

Autobuild-User(master): Ralph Böhme 
Autobuild-Date(master): Fri Oct 25 10:43:08 UTC 2019 on sn-devel-184

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Tue Nov  5 13:57:30 UTC 2019 on sn-devel-184

commit 35da7673e882dfc16e95bbfa1bea49ee837d33a5
Author: Isaac Boukris 
Date:   Tue Sep 17 21:38:07 2019 +0300

docs-xml: add "additional dns hostnames" smb.conf option

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116

Signed-off-by: Isaac Boukris 
Reviewed-by: Ralph Boehme 
Reviewed-by: Alexander Bokovoy 

commit 526ad3a904ad9d18219cc5d06313cfa2318fc2ef
Author: Isaac Boukris 
Date:   Wed Sep 18 23:15:57 2019 +0300

libnet_join_set_machine_spn: simplify adding uniq spn to array

and do not skip adding a fully qualified spn to netbios-aliases
in case a short spn already existed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116

Signed-off-by: Isaac Boukris 
Reviewed-by: Ralph Boehme 
Reviewed-by: Alexander Bokovoy 

commit 3f9a9b95dd1f128817a979e8687b480d6dc9cab1
Author: Isaac Boukris 
Date:   Wed Sep 18 21:29:47 2019 +0300

libnet_join_set_machine_spn: simplify memory handling

and avoid a possible memory leak when passing null to
add_string_to_array() as mem_ctx.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116

Signed-off-by: Isaac Boukris 
Reviewed-by: Ralph Boehme 
Reviewed-by: Alexander Bokovoy 

commit 2e7683c937e05085770e88cf48288f0404c28092
Author: Isaac Boukris 
Date:   Wed Sep 18 20:00:34 2019 +0300

libnet_join_set_machine_spn: improve style and make a bit room for 
indentation

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116

Signed-off-by: Isaac Boukris 
Reviewed-by: Ralph Boehme 
Reviewed-by: Alexander Bokovoy 

commit 0b3503a436a37a3e67eed7ce66351a172005c57a
Author: Isaac Boukris 
Date:   Fri Aug 30 00:22:15 2019 +0300

libnet_join: build dnsHostName from netbios name and lp_dnsdomain()

This make the join process much more reliable, and avoids "Constraint
violation" error when the fqdn returned from getaddrinfo has already
got assigned an SPN.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14116

Signed-off-by: Isaac Boukris 
Reviewed-by: Ralph Boehme 
Reviewed-by: Alexander Bokovoy 

commit 79c2fd908d4eed3fafc76c0635bfad61f293fb8c
Author: Stefan Metzmacher 
Date:   Fri Oct 4 14:57:40 2019 +0200

s4:dirsync: fix interaction of dirsync and extended_dn controls

Azure AD connect reports discovery errors:
  reference-value-not-ldap-conformant
for attributes member and manager.
The key is that it sends the LDAP_SERVER_EXTENDED_DN_OID without
an ExtendedDNRequestValue blob, which means the flag value should
be treated as 0 and the HEX string format should be used.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14153
RN: Prevent azure ad connect from reporting discovery errors:
reference-value-not-ldap-conformant

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Andrew Bartlett 

Autobuild-User(master): Andrew Bartlett 
Autobuild-Date(master): Thu Oct 24 11:06:58 UTC 2019 on sn-devel-184

(cherry picked from commit d0f566c4ad32d69a1cf896e2dde56fc2489bb7fc)

commit b62705398d13bdad54e5abb65a23fa0d94c3571d
Author: Stefan Metzmacher 
Date:   Tue Oct 22 12:12:32 2019 +0200

s4:tests/dirsync: add tests for dirsync with extended_dn

This demonstrates a problems that the extended_dn returned
by the dirsync module always uses the

[SCM] Samba Shared Repository - branch v4-11-test updated

2019-11-04 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  2958016c30a replace: Only link libnsl and libsocket if requrired
   via  4aa37b8e722 s3: torture: Ensure SMB1 cli_qpathinfo2() doesn't 
return an inode number.
   via  509f11547f3 s3: libsmb: Ensure SMB1 cli_qpathinfo2() doesn't return 
an inode number.
  from  e704eee3083 VERSION: Bump version up to 4.11.3.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 2958016c30a8d9f80a45b64e91a20d8ebf995d85
Author: Andreas Schneider 
Date:   Mon Oct 21 17:08:08 2019 +0200

replace: Only link libnsl and libsocket if requrired

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14168

Signed-off-by: Andreas Schneider 
Reviewed-by: Alexander Bokovoy 

Autobuild-User(master): Andreas Schneider 
Autobuild-Date(master): Wed Oct 23 08:23:13 UTC 2019 on sn-devel-184

(cherry picked from commit 263bec1b8d0744da73dd92e4a361fb7430289ab3)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Mon Nov  4 09:31:23 UTC 2019 on sn-devel-184

commit 4aa37b8e722d0ee7c7417b33ea62e7a66151a867
Author: Jeremy Allison 
Date:   Thu Oct 17 12:41:08 2019 -0700

s3: torture: Ensure SMB1 cli_qpathinfo2() doesn't return an inode number.

Piggyback on existing tests, ensure we don't regress on:

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14161

Signed-off-by: Jeremy Allison 
Reviewed-by: Andreas Schneider 
(cherry picked from commit 8e55a8562951924e4b1aad5a6d67fc8b309590c1)

commit 509f11547f3eee151e16f14a17c58d193cf81993
Author: Jeremy Allison 
Date:   Thu Oct 17 11:39:02 2019 -0700

s3: libsmb: Ensure SMB1 cli_qpathinfo2() doesn't return an inode number.

The info level it uses doesn't return that, previously we
were using the field that is returned as the EA size as
the inode number (which is usually zero, so the code in
libsmbclient would then synthesize an inode number from
a hash of the pathname, which is all it can do for SMB1).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14161

Signed-off-by: Jeremy Allison 
Reviewed-by: Andreas Schneider 
(cherry picked from commit d495074ee27a5f528d5156a69800ee58d799b1eb)

---

Summary of changes:
 lib/replace/wscript   | 36 +-
 source3/libsmb/clirap.c   | 10 +-
 source3/torture/torture.c | 49 +--
 3 files changed, 87 insertions(+), 8 deletions(-)


Changeset truncated at 500 lines:

diff --git a/lib/replace/wscript b/lib/replace/wscript
index 240d730cbee..56e2a22de49 100644
--- a/lib/replace/wscript
+++ b/lib/replace/wscript
@@ -190,10 +190,35 @@ def configure(conf):
 conf.CHECK_TYPE_IN('sig_atomic_t', 'signal.h', 
define='HAVE_SIG_ATOMIC_T_TYPE')
 conf.CHECK_FUNCS('sigsetmask siggetmask sigprocmask sigblock sigaction 
sigset')
 
-conf.CHECK_FUNCS_IN('''inet_ntoa inet_aton inet_ntop inet_pton connect 
gethostbyname
-   getaddrinfo getnameinfo freeaddrinfo gai_strerror 
socketpair''',
-'socket nsl', checklibc=True,
-headers='sys/socket.h netinet/in.h arpa/inet.h 
netdb.h')
+# Those functions are normally available in libc
+if not conf.CHECK_FUNCS('''
+inet_ntoa
+inet_aton
+inet_ntop
+inet_pton
+connect
+gethostbyname
+getaddrinfo
+getnameinfo
+freeaddrinfo
+gai_strerror
+socketpair''',
+headers='sys/socket.h netinet/in.h arpa/inet.h 
netdb.h'):
+conf.CHECK_FUNCS_IN('''
+inet_ntoa
+inet_aton
+inet_ntop
+inet_pton
+connect
+gethostbyname
+getaddrinfo
+getnameinfo
+freeaddrinfo
+gai_strerror
+socketpair''',
+'socket nsl',
+headers='sys/socket.h netinet/in.h arpa/inet.h 
netdb.h')
+conf.DEFINE('REPLACE_REQUIRES_LIBSOCKET_LIBNSL', 1)
 
 conf.CHECK_FUNCS('memset_s memset_explicit')
 
@@ -836,6 +861,7 @@ def build(bld):
 extra_libs = ''
 if bld.CONFIG_SET('HAVE_LIBBSD'): extra_libs += ' bsd'
 if bld.CONFIG_SET('HAVE_LIBRT'): extra_libs += ' rt'
+if bld.CONFIG_SET('REPLACE_REQUIRES_LIBSOCKET_LIBNSL'): extra_libs += ' 
socket

[SCM] Samba Shared Repository - branch v4-11-test updated

2019-10-29 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  e704eee3083 VERSION: Bump version up to 4.11.3.
   via  685c2d56a25 Merge tag 'samba-4.11.2' into v4-11-test
   via  df2b97d12e6 VERSION: Disable GIT_SNAPSHOT for the 4.11.2 release.
   via  3815f9bfda8 WHATSNEW: Add release notes for Samba 4.11.2.
   via  e33b8c56510 CVE-2019-14847 dsdb: Correct behaviour of 
ranged_results when combined with dirsync
   via  4087d16945f CVE-2019-14847 dsdb: Demonstrate the correct 
interaction of ranged_results style attributes and dirsync
   via  b3a71bf847e CVE-2019-14833 dsdb: send full password to check 
password script
   via  e0e8830b88e CVE-2019-14833: Use utf8 characters in the unacceptable 
password
   via  914c985e66a CVE-2019-10218 - s3: libsmb: Protect SMB2 client code 
from evil server returned names.
   via  07df3dfa6bf CVE-2019-10218 - s3: libsmb: Protect SMB1 client code 
from evil server returned names.
   via  193d6f5e8cc VERSION: Bump version up to 4.11.2...
  from  7b8309398be VERSION: Bump version up to 4.11.2...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit e704eee3083658f7dcdd4238295f8e0b229a1688
Author: Karolin Seeger 
Date:   Tue Oct 29 11:10:52 2019 +0100

VERSION: Bump version up to 4.11.3.

Signed-off-by: Karolin Seeger 

commit 685c2d56a25f54c22bfb1a00f1c49386667b9998
Merge: 7b8309398be df2b97d12e6
Author: Karolin Seeger 
Date:   Tue Oct 29 11:10:20 2019 +0100

Merge tag 'samba-4.11.2' into v4-11-test

samba: tag release samba-4.11.2

---

Summary of changes:
 VERSION |  2 +-
 WHATSNEW.txt| 78 -
 selftest/target/Samba4.pm   |  2 +-
 source3/libsmb/cli_smb2_fnum.c  |  7 +++
 source3/libsmb/clilist.c| 75 
 source3/libsmb/proto.h  |  3 +
 source4/dsdb/common/util.c  | 30 --
 source4/dsdb/samdb/ldb_modules/dirsync.c| 11 ++--
 source4/dsdb/samdb/ldb_modules/ranged_results.c | 25 +++-
 source4/dsdb/tests/python/dirsync.py| 26 +
 10 files changed, 241 insertions(+), 18 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index fbc941686eb..e9cc49c7f77 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=11
-SAMBA_VERSION_RELEASE=2
+SAMBA_VERSION_RELEASE=3
 
 
 # If a official release has a serious bug  #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 2e61702b71b..8c6db3b3034 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,77 @@
+   ==
+   Release Notes for Samba 4.11.2
+  October 29, 2019
+  ==
+
+
+This is a security release in order to address the following defects:
+
+o CVE-2019-10218: Client code can return filenames containing path separators. 
 
+o CVE-2019-14833: Samba AD DC check password script does not receive the full
+ password.
+o CVE-2019-14847: User with "get changes" permission can crash AD DC LDAP 
server
+ via dirsync.
+
+===
+Details
+===
+
+o  CVE-2019-10218:
+   Malicious servers can cause Samba client code to return filenames containing
+   path separators to calling code.
+
+o  CVE-2019-14833:
+   When the password contains multi-byte (non-ASCII) characters, the check
+   password script does not receive the full password string.
+
+o  CVE-2019-14847:
+   Users with the "get changes" extended access right can crash the AD DC LDAP
+   server by requesting an attribute using the range= syntax.
+
+For more details and workarounds, please refer to the security advisories.
+
+
+Changes since 4.11.1:
+-
+
+o  Jeremy Allison 
+   * BUG 14071: CVE-2019-10218 - s3: libsmb: Protect SMB1 and SMB2 client code
+ from evil server returned names.
+
+o  Andrew Bartlett 
+   * BUG 12438: CVE-2019-14833: Use utf8 characters in the unacceptable
+ password.
+   * BUG 14040: CVE-2019-14847 dsdb: Correct behaviour of ranged_results when
+ combined with dirsync.
+
+o  Björn Baumbach 
+   * BUG 12438: CVE-2019-14833 dsdb: Send full password to check password
+ script.
+
+
+###
+Reporting bugs & Development Discussion
+###
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality

[SCM] Samba Shared Repository - branch v4-11-test updated

2019-10-18 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  7b8309398be VERSION: Bump version up to 4.11.2...
   via  be4cb417135 VERSION: Disable GIT_SNAPSHOT for Samba 4.11.1.
   via  ad617f2f294 WHATSNEW: Add release notes for Samba 4.11.1.
  from  7f5334a92c4 s3:libsmb: Link libsmb against pthread

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 7b8309398beab679cd4068da497661ce33616edc
Author: Karolin Seeger 
Date:   Fri Oct 18 11:03:16 2019 +0200

VERSION: Bump version up to 4.11.2...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger 

commit be4cb417135af09fcf076a92bc8b7e02310a2383
Author: Karolin Seeger 
Date:   Fri Oct 18 11:02:36 2019 +0200

VERSION: Disable GIT_SNAPSHOT for Samba 4.11.1.

Signed-off-by: Karolin Seeger 

commit ad617f2f2944b25528e947c09fc86dcd2b62cf70
Author: Karolin Seeger 
Date:   Fri Oct 18 11:02:06 2019 +0200

WHATSNEW: Add release notes for Samba 4.11.1.

Signed-off-by: Karolin Seeger 

---

Summary of changes:
 VERSION  |  2 +-
 WHATSNEW.txt | 86 
 2 files changed, 87 insertions(+), 1 deletion(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index 137edf08bba..fbc941686eb 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=11
-SAMBA_VERSION_RELEASE=1
+SAMBA_VERSION_RELEASE=2
 
 
 # If a official release has a serious bug  #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index d573bb65819..2e61702b71b 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,89 @@
+   ==
+   Release Notes for Samba 4.11.1
+  October 18, 2019
+  ==
+
+
+This is the latest stable release of the Samba 4.11 release series.
+
+
+Changes since 4.11.0:
+-
+
+o  Michael Adam 
+   * BUG 14141: getpwnam and getpwuid need to return data for ID_TYPE_BOTH
+ group.
+
+o  Jeremy Allison 
+   * BUG 14094: smbc_readdirplus() is incompatible with smbc_telldir() and
+ smbc_lseekdir().
+   * BUG 14152: s3: smbclient: Stop an SMB2-connection from blundering into
+ SMB1-specific calls.
+
+o  Ralph Boehme 
+   * BUG 14137: Fix stale file handle error when using mkstemp on a share.
+
+o  Isaac Boukris 
+   * BUG 14106: Fix spnego fallback from kerberos to ntlmssp in smbd server.
+   * BUG 14140: Overlinking libreplace against librt and pthread against every
+ binary or library causes issues.
+
+o  Günther Deschner 
+   * BUG 14130: s3-winbindd: Fix forest trusts with additional trust 
attributes.
+   * BUG 14134: auth/gensec: Fix non-AES schannel seal.
+
+o  Amitay Isaacs 
+   * BUG 14147: Deleted records can be resurrected during recovery.
+
+o  Björn Jacke 
+   * BUG 14136: Fix uncaught exception in classicupgrade.
+   * BUG 14139: fault.c: Improve fault_report message text pointing to our 
wiki.
+
+o  Bryan Mason 
+   * BUG 14128: s3:client: Use DEVICE_URI, instead of argv[0], for Device URI.
+
+o  Stefan Metzmacher 
+   * BUG 14124: pam_winbind with krb5_auth or wbinfo -K doesn't work for users
+ of trusted domains/forests.
+
+o  Mathieu Parent 
+   * BUG 14131: Remove 'pod2man' as it is no longer needed.
+
+o  Andreas Schneider 
+   * BUG 13884: Joining Active Directory should not use SAMR to set the
+ password.
+   * BUG 14140: Overlinking libreplace against librt and pthread against every
+ binary or library causes issues.
+   * BUG 14155: 'kpasswd' fails when built with MIT Kerberos.
+
+o  Martin Schwenke 
+   * BUG 14129: Exit code of ctdb nodestatus should not be influenced by 
deleted
+ nodes.
+
+
+###
+Reporting bugs & Development Discussion
+###
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+==
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+==
+
+
+Release notes for older releases follow:
+
+
==
Release Notes for Samba 4.11.0

[SCM] Samba Shared Repository - branch v4-11-test updated

2019-10-16 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  7f5334a92c4 s3:libsmb: Link libsmb against pthread
   via  6902275b6f3 nsswitch: Link stress-nss-libwbclient against pthread
   via  41e658f446a s3:libads: Do not turn on canonicalization flag for MIT 
Kerberos
   via  c191a37848b lib:krb5_wrap: Do not create a temporary file for 
MEMORY keytabs
   via  0d292ca72a3 spnego: fix server handling of no optimistic exchange
   via  f3a02fdf780 python/tests/gensec: add spnego downgrade python tests
   via  9c4cb9ba956 python/tests/gensec: make it possible to add knownfail 
tests for gensec.update()
   via  425ac58f58c selftest: add tests for no optimistic spnego exchange
   via  27982255d64 spnego: add client option to omit sending an optimistic 
token
   via  7e40d859283 selftest: s3: add a test for spnego downgrade from krb5 
to ntlm
   via  5a6fed646c6 s3:libsmb: Do not check the SPNEGO neg token for KRB5
   via  88abbea5065 spnego: ignore server mech_types list
   via  c79e3957191 s3:smbd: add a comment explaining the File-ID semantics 
when a file is created
   via  f9803360061 s3:smbd: ensure a created stream picks up the File-ID 
from the basefile
   via  8f44a25e2a6 s3:lib: add is_named_stream()
   via  c48a5c6b8c9 s3:lib: use strequal_m() in 
is_ntfs_default_stream_smb_fname()
   via  42bc7f28e1a s3:lib: implement logic directly in 
is_ntfs_default_stream_smb_fname()
   via  23b4938c18a s3:lib: expand a comment with the function doc for 
is_ntfs_stream_smb_fname
   via  d7a2e7c3390 s3:lib: factor out stream name asserts to helper 
function
   via  2ef4d9883f4 s3:lib: assert stream_name is NULL for POSIX paths
   via  2da0f65cd91 s3:lib: rework a return expression into an if block
   via  2d62bd58db9 s3:smbd: when storing DOS attribute call dos_mode() 
beforehand
   via  459acf2728a s3:smbd: change the place where we call dos_mode() when 
processing SMB2_CREATE
   via  2204788e596 torture:smb2: add a File-ID test on directories
   via  f5c8dea0ae7 torture:smb2: extend test for File-IDs
   via  fc0efd56d05 auth/gensec: fix non-AES schannel seal
   via  8f4603fdc4e libcli/auth: add test for gensec_schannel code
   via  8d426b146e7 testprogs: Add test for 'net ads join createcomputer='
   via  440c8890798 s3:libads: Just change the machine password if account 
already exists
   via  8fa84176dbc s3:libnet: Improve debug messages
   via  86e86cddcb5 s3:libads: Fix creating machine account using LDAP
   via  e0be43a863b s3:libads: Don't set supported encryption types during 
account creation
   via  8cc6e035b6e s3:libads: Fix detection if acount already exists in 
ads_find_machine_count()
   via  023a59d4262 s3:libads: Use a talloc_asprintf in 
ads_find_machine_acct()
   via  96ee2408f5c s3:libads: Cleanup error code paths in 
ads_create_machine_acct()
   via  2fa6dc27f37 s3:libnet: Require sealed LDAP SASL connections for 
joining
   via  90566a8ef44 s3:libads: Use ldap_add_ext_s() in ads_gen_add()
   via  adfcddc6815 testprogs: Fix failure count in test_net_ads.sh
   via  2ce14ef46a5 s3: smbclient: Stop an SMB2-connection from blundering 
into SMB1-specific calls.
   via  e8cba5a8a88 ctdb-vacuum: Process all records not deleted on a 
remote node
  from  42d530b0dbc winbind: provide passwd struct for group sid with 
ID_TYPE_BOTH mapping (again)

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 7f5334a92c4a378f88c0ee8c5fde46dd087a9dc0
Author: Isaac Boukris 
Date:   Tue Oct 15 17:01:48 2019 +0300

s3:libsmb: Link libsmb against pthread

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14140

Signed-off-by: Isaac Boukris 
Reviewed-by: Andreas Schneider 
Reviewed-by: Alexander Bokovoy 
(cherry picked from commit 7259197bf716f8b81dea74beefe6ee3b1239f172)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Wed Oct 16 20:39:04 UTC 2019 on sn-devel-184

commit 6902275b6f3c337a4ba5d1fea3f1e0f81fa34a4a
Author: Isaac Boukris 
Date:   Tue Oct 15 13:52:42 2019 +0300

nsswitch: Link stress-nss-libwbclient against pthread

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14140

Signed-off-by: Isaac Boukris 
Reviewed-by: Andreas Schneider 
Reviewed-by: Alexander Bokovoy 
(cherry picked from commit d473f1e38c2822746030516269b4d70032cf9b2e)

commit 41e658f446adaf4a373ece4fbb1d009a69a293dc
Author: Andreas Schneider 
Date:   Wed Oct 9 16:32:47 2019 +0200

s3:libads: Do not turn on canonicalization flag for MIT Kerberos

This partially reverts 303b7e59a286896888ee2473995fc50bb2b5ce5e.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14155

Pair-Programmed-With: Isaac Boukris 

Signed-off-by: Andreas Schneider 
Signed-off-by: Isaac Boukris

[SCM] Samba Shared Repository - branch v4-11-test updated

2019-10-02 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  42d530b0dbc winbind: provide passwd struct for group sid with 
ID_TYPE_BOTH mapping (again)
   via  4a43d8b996b selftest: Test ID_TYPE_BOTH with idmap_rid module
   via  0182ccfd22b waf:replace: Do not link against libpthread if not 
necessary
   via  b5dfe882ecb third_party: Link uid_wrapper against pthread
   via  48cd645d1d8 third_party: Link nss_wrapper against pthread
   via  62f0ce14a1b third_party: Only link cmocka against librt if really 
needed
   via  82c9a6c4b0a pthreadpool: Only link pthreadpool against librt if we 
have to
   via  7ec980b991f replace: Only link against librt if really needed
   via  4709a848c55 s3:waf: Do not check for nanosleep() as we don't use it 
anywhere
   via  a89e8588449 s3-winbindd: fix forest trusts with additional trust 
attributes.
   via  75702977dde fault.c: improve fault_report message text pointing to 
our wiki
   via  fcb247f4147 selftest/Samba3.pm: use "winbind use krb5 enterprise 
principals = yes" for ad_member
   via  f836385629c selftest/Samba3.pm: use "winbind scan trusted domains = 
no" for ad_member
   via  f0f2ce68e45 selftest/tests.py: test pam_winbind for trusts domains
   via  e3760d6e3a3 selftest: Export TRUST information in the ad_member 
target environment
   via  2290dfe49bf selftest/tests.py: test pam_winbind with a lot of 
username variations
   via  e7b84754510 selftest/tests.py: test pam_winbind with krb5_auth
   via  cfee9031720 selftest/tests.py: prepare looping over pam_winbindd 
tests
   via  8aae6dd753b test_pam_winbind.sh: allow different pam_winbindd 
config options to be specified
   via  913c79d2e06 tests/pam_winbind.py: allow upn names to be used in 
USERNAME with an empty DOMAIN value
   via  5583d045a25 tests/pam_winbind.py: turn pypamtest.PamTestError into 
a failure
   via  e8c701673a8 s3:winbindd: implement the "winbind use krb5 enterprise 
principals" logic
   via  82fb0291f1f docs-xml: add "winbind use krb5 enterprise principals" 
option
   via  9de64feb1ec krb5_wrap: let smb_krb5_parse_name() accept enterprise 
principals
   via  2fd31d85701 s3:libads: ads_krb5_chg_password() should always use 
the canonicalized principal
   via  5d9961e6454 s4:auth: kinit_to_ccache() should always use the 
canonicalized principal
   via  d3d951f4240 krb5_wrap: smb_krb5_kinit_password_ccache() should 
always use the canonicalized principal
   via  35e3f1a4054 s3:libads/kerberos: always use the canonicalized 
principal after kinit
   via  5628c4ffd32 s3:libsmb: let cli_session_creds_prepare_krb5() update 
the canonicalized principal to cli_credentials
   via  7ed22554470 s3:libsmb: avoid wrong debug message in 
cli_session_creds_prepare_krb5()
   via  f5ea5a5e2a5 s3:libads: let kerberos_kinit_password_ext() return the 
canonicalized principal/realm
   via  2ba8997d006 s4:auth: use the correct client realm in 
gensec_gssapi_update_internal()
   via  ed3ac77dc22 nsswitch: add logging to wbc_auth_error_to_pam_error() 
for non auth errors
   via  fa63860f7b1 s3/libads: clang: Fix Value stored to 'canon_princ' is 
never read
  from  18963e909d7 classicupgrade: fix a a bytes-like object is required, 
not 'str' error

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 42d530b0dbc1b1389b393c648357de31e4c11e9f
Author: Michael Adam 
Date:   Fri Jan 11 10:44:30 2019 +0100

winbind: provide passwd struct for group sid with ID_TYPE_BOTH mapping 
(again)


https://git.samba.org/?p=samba.git;a=commitdiff;h=394622ef8c916cf361f8596dba4664dc8d6bfc9e
originally introduced the above feature.

This functionality was undone as part of "winbind: Restructure get_pwsid"

https://git.samba.org/?p=samba.git;a=commitdiff;h=bce19a6efe11980933531f0349c8f5212419366a
I think that this semantic change was accidential.

This patch undoes the semantic change and re-establishes the
functionality.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14141

Signed-off-by: Michael Adam 
Reviewed-by: Christof Schmitt 
Reviewed-by: Stefan Metzmacher 

Autobuild-User(master): Christof Schmitt 
Autobuild-Date(master): Fri Sep 27 17:25:29 UTC 2019 on sn-devel-184

(cherry picked from commit 63c9147f8631d73b52bdd36ff407e0361dcf5178)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Wed Oct  2 11:06:20 UTC 2019 on sn-devel-184

commit 4a43d8b996b1ce444596ed41a686be5ae526113d
Author: Christof Schmitt 
Date:   Wed Sep 25 17:19:27 2019 -0700

selftest: Test ID_TYPE_BOTH with idmap_rid module

ID_TYPE_BOTH means that each user and group has two mappings, a uid and
gid. In addition the calls to getpwent, getpwuid, getgrent and getgrgid
always return some information, so that uid

[SCM] Samba Shared Repository - branch v4-11-test updated

2019-09-24 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  18963e909d7 classicupgrade: fix a a bytes-like object is required, 
not 'str' error
  from  d42c7ffa6cb pod2man is no longer needed

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 18963e909d75785b27ea2fd0323fa8514b3e3198
Author: Björn Jacke 
Date:   Sat Sep 21 13:24:59 2019 +0200

classicupgrade: fix a a bytes-like object is required, not 'str' error

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14136

Signed-off-by: Bjoern Jacke 
Reviewed-by: Björn Baumbach 

Autobuild-User(master): Björn Jacke 
Autobuild-Date(master): Mon Sep 23 12:58:20 UTC 2019 on sn-devel-184

(cherry picked from commit 465e518d6cc200eefa38643e720ce64e53abac2e)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Tue Sep 24 18:30:08 UTC 2019 on sn-devel-184

---

Summary of changes:
 python/samba/upgrade.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


Changeset truncated at 500 lines:

diff --git a/python/samba/upgrade.py b/python/samba/upgrade.py
index 12555b7994e..8511bed2868 100644
--- a/python/samba/upgrade.py
+++ b/python/samba/upgrade.py
@@ -474,7 +474,7 @@ def upgrade_from_samba3(samba3, logger, targetdir, 
session_info=None,
 ldappass = secrets_db.get_ldap_bind_pw(ldapuser)
 if ldappass is None:
 raise ProvisioningError("ldapsam passdb backend detected but no 
LDAP Bind PW found in secrets.tdb for user %s.  Please point this tool at the 
secrets.tdb that was used by the previous installation.")
-ldappass = ldappass.strip('\x00')
+ldappass = ldappass.decode('utf-8').strip('\x00')
 ldap = True
 else:
 ldapuser = None


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-11-test updated

2019-09-20 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  d42c7ffa6cb pod2man is no longer needed
   via  361f4f5d247 ctdb-tools: Stop deleted nodes from influencing ctdb 
nodestatus exit code
   via  4d41dc32653 s3:client:Use DEVICE_URI, instead of argv[0],for Device 
URI
  from  d702f662901 s3/4: libsmbclient test. Test using 
smbc_telldir/smbc_lseekdir with smbc_readdir/smbc_readdirplus/smbc_getdents.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit d42c7ffa6cbd90d0e777e39b12eda5c69e186a2f
Author: Mathieu Parent 
Date:   Wed Sep 18 03:15:47 2019 +

pod2man is no longer needed

Since e24e344d0da58013fd5fa404529fe1d25ef403bf.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14131

Signed-off-by: Mathieu Parent 
Reviewed-by: Martin Schwenke 
Reviewed-by: Andrew Bartlett 
(cherry picked from commit 8df123e7f7cb591f6673ccffefffc30b946f1a5b)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Fri Sep 20 21:13:55 UTC 2019 on sn-devel-184

commit 361f4f5d24721d54558144a5905657d5cc7281a3
Author: Martin Schwenke 
Date:   Tue Aug 13 21:42:15 2019 +1000

ctdb-tools: Stop deleted nodes from influencing ctdb nodestatus exit code

Deleted nodes should simply be ignored.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14129
RN: Stop deleted nodes from influencing ctdb nodestatus exit code

Signed-off-by: Martin Schwenke 
Reviewed-by: Amitay Isaacs 
(cherry picked from commit 32b5ceb31936ec5447362236c1809db003561d29)

commit 4d41dc32653bd1ae7d87dcd5779c3586ae6561d3
Author: Bryan Mason 
Date:   Mon Sep 16 12:35:06 2019 -0700

s3:client:Use DEVICE_URI, instead of argv[0],for Device URI

CUPS sanitizes argv[0] by removing username/password, so use
DEVICE_URI environment variable first.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14128

Signed-off-by: Bryan Mason 
Reviewed-by: Alexander Bokovoy 
Reviewed-by: Andreas Schneider 

Autobuild-User(master): Andreas Schneider 
Autobuild-Date(master): Wed Sep 18 12:31:11 UTC 2019 on sn-devel-184

(cherry picked from commit d65b17c3f7f9959ed95b03cc09e020d7387b7931)

---

Summary of changes:
 ctdb/tools/ctdb.c |  8 +++-
 pidl/wscript  |  1 -
 source3/client/smbspool.c | 16 +---
 3 files changed, 16 insertions(+), 9 deletions(-)


Changeset truncated at 500 lines:

diff --git a/ctdb/tools/ctdb.c b/ctdb/tools/ctdb.c
index 2cc72eedc76..6a15b61ccd1 100644
--- a/ctdb/tools/ctdb.c
+++ b/ctdb/tools/ctdb.c
@@ -5611,7 +5611,13 @@ static int control_nodestatus(TALLOC_CTX *mem_ctx, 
struct ctdb_context *ctdb,
 
ret = 0;
for (i=0; inum; i++) {
-   ret |= nodemap->node[i].flags;
+   uint32_t flags = nodemap->node[i].flags;
+
+   if ((flags & NODE_FLAGS_DELETED) != 0) {
+   continue;
+   }
+
+   ret |= flags;
}
 
return ret;
diff --git a/pidl/wscript b/pidl/wscript
index 01b71bd8b27..d1b8278990a 100644
--- a/pidl/wscript
+++ b/pidl/wscript
@@ -34,7 +34,6 @@ def configure(conf):
 
 # yapp is used for building the parser
 conf.find_program('yapp', var='YAPP')
-conf.find_program('pod2man', var='POD2MAN')
 
 def build(bld):
 
diff --git a/source3/client/smbspool.c b/source3/client/smbspool.c
index ad988eb0df9..36f7f67ca94 100644
--- a/source3/client/smbspool.c
+++ b/source3/client/smbspool.c
@@ -256,13 +256,15 @@ main(int argc,/* I - Number of 
command-line arguments */
 
/*
 * Find the URI ...
-*/
-   if (dev_uri == NULL) {
-   env = getenv("DEVICE_URI");
-   if (env != NULL && env[0] != '\0') {
-   dev_uri = env;
-   }
-   }
+ *
+ * The URI in argv[0] is sanitized to remove username/password, so
+ * use DEVICE_URI if available. Otherwise keep the URI already
+ * discovered in argv.
+ */
+env = getenv("DEVICE_URI");
+if (env != NULL && env[0] != '\0') {
+  dev_uri = env;
+}
 
if (dev_uri == NULL) {
fprintf(stderr,


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-11-test updated

2019-09-18 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  d702f662901 s3/4: libsmbclient test. Test using 
smbc_telldir/smbc_lseekdir with smbc_readdir/smbc_readdirplus/smbc_getdents.
   via  411eb45f2c9 s3: libsmbclient: Fix smbc_lseekdir() to work with 
smbc_readdirplus().
   via  a70eee31213 s3: libsmbclient: Ensure SMBC_getdents_ctx() also 
updates the readdirplus pointers.
   via  0fbd2c08b54 s3: libsmbclient: Ensure SMBC_readdirplus_ctx() also 
updates the readdir pointers.
   via  a0342e92f3a s3: libsmbclient: Ensure SMBC_readdir_ctx() also 
updates the readdirplus pointers.
  from  872e03c2dc8 VERSION: Bump version up to 4.11.1...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit d702f66290159d72c8f3c5d08ec9e9f23772611f
Author: Jeremy Allison 
Date:   Mon Aug 26 11:22:35 2019 -0700

s3/4: libsmbclient test. Test using smbc_telldir/smbc_lseekdir with 
smbc_readdir/smbc_readdirplus/smbc_getdents.

Ensure that for file access you can mix any of these
three access methods for directory entries and the
returned names/structs stay in sync across telldir/seekdir
changes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14094

Signed-off-by: Jeremy Allison 
Reviewed-by: Ralph Böhme 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Tue Sep  3 17:31:29 UTC 2019 on sn-devel-184

(cherry picked from commit 3355601fe8541994cc41f5ed800aab9b6a2294f4)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Wed Sep 18 13:51:56 UTC 2019 on sn-devel-184

commit 411eb45f2c9b9019d8a54c3c7092a3c0fc515e15
Author: Jeremy Allison 
Date:   Mon Aug 26 10:18:28 2019 -0700

s3: libsmbclient: Fix smbc_lseekdir() to work with smbc_readdirplus().

If returning files the dir_list and the dirplus_list have exactly the same
entries, we just need to keep the next pointers in sync on seek.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14094

Signed-off-by: Jeremy Allison 
Reviewed-by: Ralph Böhme 
(cherry picked from commit 0d9b1645499ce12a79a137d3482434aa5d2eb47c)

commit a70eee31213189d9cf0e4b40d14e2c301ef4f2c8
Author: Jeremy Allison 
Date:   Mon Aug 26 10:07:32 2019 -0700

s3: libsmbclient: Ensure SMBC_getdents_ctx() also updates the readdirplus 
pointers.

If we are returning file entries, we
have a duplicate list in dirplus.

Update dirplus_next also so readdir and
readdirplus are kept in sync.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14094

Signed-off-by: Jeremy Allison 
Reviewed-by: Ralph Böhme 
(cherry picked from commit 754cec7756b2ddb1cfcc3984265f01cb366beb76)

commit 0fbd2c08b548bd2588de960a5475ed5fc2de9bf7
Author: Jeremy Allison 
Date:   Mon Aug 26 10:02:47 2019 -0700

s3: libsmbclient: Ensure SMBC_readdirplus_ctx() also updates the readdir 
pointers.

If we are returning file entries, we
have a duplicate list in dir_list.

Update dir_next also so readdir and
readdirplus are kept in sync.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14094

Signed-off-by: Jeremy Allison 
Reviewed-by: Ralph Böhme 
(cherry picked from commit 3d82b7d11cd7b78adc6b3642e64e3a8f251de869)

commit a0342e92f3a25fbf15ab0f3ad3f05e597726be81
Author: Jeremy Allison 
Date:   Mon Aug 26 09:54:06 2019 -0700

s3: libsmbclient: Ensure SMBC_readdir_ctx() also updates the readdirplus 
pointers.

If we are returning file entries, we
have a duplicate list in dirplus.

Update dirplus_next also so readdir and
readdirplus are kept in sync.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14094

Signed-off-by: Jeremy Allison 
Reviewed-by: Ralph Böhme 
(cherry picked from commit 4bca8e097f5a909c628daa4dbfa932ddc1725ebc)

---

Summary of changes:
 source3/libsmb/libsmb_dir.c | 102 ++---
 source3/selftest/tests.py   |   3 +-
 source4/torture/libsmbclient/libsmbclient.c | 340 
 3 files changed, 418 insertions(+), 27 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/libsmb/libsmb_dir.c b/source3/libsmb/libsmb_dir.c
index 886aa626509..df606c4adfe 100644
--- a/source3/libsmb/libsmb_dir.c
+++ b/source3/libsmb/libsmb_dir.c
@@ -1174,6 +1174,17 @@ SMBC_readdir_ctx(SMBCCTX *context,
 
 dir->dir_next = dir->dir_next->next;
 
+   /*
+* If we are returning file entries, we
+* have a duplicate list in dirplus.
+*
+* Update dirplus_next also so readdir and
+* readdirplus are kept in sync.
+*/
+   if (dir->dirplus_list != NULL) {
+   dir->dirplus_next = dir->dirplus_next->next;
+   }
+
TALLOC_FREE(frame);
 return dirp;
 }

[SCM] Samba Shared Repository - branch v4-11-test updated

2019-09-17 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  872e03c2dc8 VERSION: Bump version up to 4.11.1...
   via  d60cf580825 VERSION: Bump version up to 4.11.0...
   via  e0886709582 WHATSNEW: Add release notes for Samba 4.11.0.
  from  4f2bbe2ed1d VERSION: Bump version up to 4.11.0rc5...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 872e03c2dc859759fe17228068701865023b16b5
Author: Karolin Seeger 
Date:   Tue Sep 17 10:03:08 2019 +0200

VERSION: Bump version up to 4.11.1...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger 

commit d60cf580825819f11de9e50ec4c4ce591d695ad9
Author: Karolin Seeger 
Date:   Tue Sep 17 10:02:02 2019 +0200

VERSION: Bump version up to 4.11.0...

and disable GIT_SNAPSHOT for the 4.11.0 release.

Signed-off-by: Karolin Seeger 

commit e0886709582a12b37cec4299172570169f986056
Author: Karolin Seeger 
Date:   Tue Sep 17 10:00:54 2019 +0200

WHATSNEW: Add release notes for Samba 4.11.0.

Signed-off-by: Karolin Seeger 

---

Summary of changes:
 VERSION  |  4 ++--
 WHATSNEW.txt | 17 ++---
 2 files changed, 12 insertions(+), 9 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index e3cbecc1d16..137edf08bba 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=11
-SAMBA_VERSION_RELEASE=0
+SAMBA_VERSION_RELEASE=1
 
 
 # If a official release has a serious bug  #
@@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE=
 # e.g. SAMBA_VERSION_RC_RELEASE=1  #
 #  ->  "3.0.0rc1"  #
 
-SAMBA_VERSION_RC_RELEASE=5
+SAMBA_VERSION_RC_RELEASE=
 
 
 # To mark SVN snapshots this should be set to 'yes'#
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 74d1de4c021..d573bb65819 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,12 +1,11 @@
-Release Announcements
-=
+   ==
+   Release Notes for Samba 4.11.0
+ September 17, 2019
+  ==
 
-This is the fourth release candidate of Samba 4.11.  This is *not*
-intended for production environments and is designed for testing
-purposes only.  Please report any defects via the Samba bug reporting
-system at https://bugzilla.samba.org/.
 
-Samba 4.11 will be the next version of the Samba suite.
+This is the first stable release of the Samba 4.11 release series.
+Please read the release notes carefully before upgrading.
 
 
 UPGRADING
@@ -368,6 +367,10 @@ smb.conf changes
   encrypt passwords  Deprecated
 
 
+CHANGES SINCE 4.11.0rc4
+===
+
+
 CHANGES SINCE 4.11.0rc3
 ===
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-11-test updated

2019-09-11 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  4f2bbe2ed1d VERSION: Bump version up to 4.11.0rc5...
   via  b788d502cd1 VERSION: Disable GIT_SNAPSHOT for the 4.11.0rc4 release.
   via  70906342a77 WHATSNEW: Add release notes for Samba 4.11.0rc4.
   via  76eab3e6bc9 WHATSNEW: Remove paragraph about rejoining DCs.
  from  d887047aa0c vfs: restore stat fields in vfs_stat_fsp()

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 4f2bbe2ed1d8d90c4c3311a8b77e1f695e66bea4
Author: Karolin Seeger 
Date:   Tue Sep 10 13:19:03 2019 +0200

VERSION: Bump version up to 4.11.0rc5...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger 

commit b788d502cd187d1d71310ab9384e0b2445062491
Author: Karolin Seeger 
Date:   Tue Sep 10 13:00:53 2019 +0200

VERSION: Disable GIT_SNAPSHOT for the 4.11.0rc4 release.

Signed-off-by: Karolin Seeger 

commit 70906342a77e431e0ea5b482b9f35aa26a5d64bc
Author: Karolin Seeger 
Date:   Tue Sep 10 09:19:32 2019 +0200

WHATSNEW: Add release notes for Samba 4.11.0rc4.

Signed-off-by: Karolin Seeger 

commit 76eab3e6bc9631437719bf9a7fbabb8e77ceb20a
Author: Karolin Seeger 
Date:   Tue Sep 10 13:02:12 2019 +0200

WHATSNEW: Remove paragraph about rejoining DCs.

Signed-off-by: Karolin Seeger 

---

Summary of changes:
 VERSION  |  2 +-
 WHATSNEW.txt | 46 --
 2 files changed, 41 insertions(+), 7 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index ae98c26560f..e3cbecc1d16 100644
--- a/VERSION
+++ b/VERSION
@@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE=
 # e.g. SAMBA_VERSION_RC_RELEASE=1  #
 #  ->  "3.0.0rc1"  #
 
-SAMBA_VERSION_RC_RELEASE=4
+SAMBA_VERSION_RC_RELEASE=5
 
 
 # To mark SVN snapshots this should be set to 'yes'#
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 904db5fefc3..74d1de4c021 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,7 +1,7 @@
 Release Announcements
 =
 
-This is the third release candidate of Samba 4.11.  This is *not*
+This is the fourth release candidate of Samba 4.11.  This is *not*
 intended for production environments and is designed for testing
 purposes only.  Please report any defects via the Samba bug reporting
 system at https://bugzilla.samba.org/.
@@ -33,11 +33,6 @@ When either upgrading or downgrading, users should also 
avoid making any
 database modifications between installing the new Samba packages and starting
 the samba executable.
 
-Note that when moving between major Samba releases in general, we recommend
-that the AD DC is rejoined to the domain. Using this approach avoids the need
-to explicitly downgrade the database manually. For more details, see:
-https://wiki.samba.org/index.php/Upgrading_a_Samba_AD_DC
-
 SMB1 is disabled by default
 ---
 
@@ -373,6 +368,45 @@ smb.conf changes
   encrypt passwords  Deprecated
 
 
+CHANGES SINCE 4.11.0rc3
+===
+
+o  Douglas Bagnall 
+   * BUG 14049: ldb: Don't try to save a value that isn't there.
+   * ldb_dn: Free dn components on explode failure.
+   * ldb: Do not allow adding a DN as a base to itself.
+
+o  Andrew Bartlett 
+   * ldb: Release ldb 2.0.7.
+   * BUG 13695: ldb: Correct Pigeonhole principle validation in
+ ldb_filter_attrs().
+   * BUG 14049: Fix ldb dn crash.
+   * BUG 14117: Deprecate "lanman auth = yes" and "encrypt passwords = no".
+
+o  Ralph Boehme 
+   * BUG 14038: Fix compiling ctdb on older systems lacking POSIX robust
+ mutexes.
+   * BUG 14121: smbd returns bad File-ID on filehandle used to create a file or
+ directory.
+
+o  Poornima G 
+   * BUG 14098: vfs_glusterfs: Use pthreadpool for scheduling aio operations.
+
+o  Stefan Metzmacher 
+   * BUG 14055: Add the target server name of SMB 3.1.1 connections as a hint 
to
+ load balancers or servers with "multi-tenancy" support.
+   * BUG 14113: Fix byte range locking bugs/regressions.
+
+o  Swen Schillig 
+   * ldb: Fix mem-leak if talloc_realloc fails.
+
+o  Evgeny Sinelnikov 
+   * BUG 14007: Fix join with don't exists machine account.
+
+o  Martin Schwenke 
+   * BUG 14085: ctdb-recoverd: Only check for LMASTER nodes in the VNN map.
+
+
 CHANGES SINCE 4.11.0rc2
 ===
 


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-11-test updated

2019-09-10 Thread Stefan Metzmacher 
The branch, v4-11-test has been updated
   via  d887047aa0c vfs: restore stat fields in vfs_stat_fsp()
   via  b4aaa612d33 s3:vfs: streamline vfs_stat_fsp()
   via  b14dd975c75 s3: replace fsp_stat() with vfs_stat_fsp()
   via  cb09104951c s3:lib: add update_stat_ex_from_saved_stat()
   via  4930920648a vfs_catia: stat info may have been updated, make sure 
to return changes
   via  d47f8ca1a76 s3:smbd: ensure to update the File-ID in struct 
smb_filename
   via  6dfeecf345c s3:lib: round itime to NTTIME resolution in 
make_file_id_from_itime()
   via  cca34da443e lib: add round_timespec_to_nttime()
   via  0318b68675d s4:torture: add a file-id related test
  from  02ccbe08a53 s3:ldap: Fix join with don't exists machine account

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit d887047aa0c2489d1d6251ffcb9ce083e86866e1
Author: Ralph Boehme 
Date:   Mon Sep 9 08:08:06 2019 +0200

vfs: restore stat fields in vfs_stat_fsp()

This ensures we preserve btime, itime and File-ID.

As the Durable Handles code calls vfs_stat_fsp() in the DH disconnect 
function,
previously the btime was lost and NOT stored in the cookie. With this 
change the
cookie will store the correct btime (and iflags), which requires us to call
dos_mode() in the reconnect function to ensure we pass
vfs_default_durable_reconnect_check_stat().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14121

Signed-off-by: Ralph Boehme 
Reviewed-by: Stefan Metzmacher 

Autobuild-User(master): Ralph Böhme 
Autobuild-Date(master): Tue Sep 10 20:22:21 UTC 2019 on sn-devel-184

(cherry picked from commit 95655fe683d499d93f3844ed72ad332ef64adb96)

Autobuild-User(v4-11-test): Stefan Metzmacher 
Autobuild-Date(v4-11-test): Tue Sep 10 22:29:08 UTC 2019 on sn-devel-184

commit b4aaa612d33caf51b44830d75997d4ad93b7740d
Author: Ralph Boehme 
Date:   Mon Sep 9 08:03:53 2019 +0200

s3:vfs: streamline vfs_stat_fsp()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14121

Signed-off-by: Ralph Boehme 
Reviewed-by: Stefan Metzmacher 
(cherry picked from commit e00e78cfeda99bd5374eff8fb4ba84873e4e46b7)

commit b14dd975c754be30d247591190bec5db3f305245
Author: Ralph Boehme 
Date:   Mon Sep 9 07:57:34 2019 +0200

s3: replace fsp_stat() with vfs_stat_fsp()

Both functions do the same, they differ just in the type of the returned 
result.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14121

Signed-off-by: Ralph Boehme 
Reviewed-by: Stefan Metzmacher 
(cherry picked from commit ab03394969f8a4c748aea7d0d8ed37f9ced6cc30)

commit cb09104951cdefba991464e486c536b06356fd25
Author: Ralph Boehme 
Date:   Fri Aug 30 14:49:47 2019 +0200

s3:lib: add update_stat_ex_from_saved_stat()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14121

Signed-off-by: Ralph Boehme 
Reviewed-by: Stefan Metzmacher 
(cherry picked from commit ac18730f10ce96a607a3a07e1360b522ebf72f38)

commit 4930920648ad6879a72c77d79508025478dcbaa2
Author: Ralph Boehme 
Date:   Fri Aug 30 14:48:57 2019 +0200

vfs_catia: stat info may have been updated, make sure to return changes

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14121

Signed-off-by: Ralph Boehme 
Reviewed-by: Stefan Metzmacher 
(cherry picked from commit 4e4c97f53acc7006f1dc6b6812bb0e156db5)

commit d47f8ca1a769571dae73081cda6a01812c1a256c
Author: Ralph Boehme 
Date:   Fri Aug 30 14:48:40 2019 +0200

s3:smbd: ensure to update the File-ID in struct smb_filename

Initialize the File-ID in fsp->fsp_name->st, any subsequent metadata fetch 
on
this file-handle needs this, eg QFID SMB2 Create-Context or GETINFO SMB
requests.

It would be nice if SMB_VFS_SET_DOS_ATTRIBUTE() would do this, 
unfortunately it
gets a const struct smb_filename.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14121

Signed-off-by: Ralph Boehme 
Reviewed-by: Stefan Metzmacher 
(cherry picked from commit 3483b75fed8985bd2968bbf8c85985107115fba8)

commit 6dfeecf345c0a009fff6b233241156eff3160467
Author: Ralph Boehme 
Date:   Mon Sep 9 11:12:08 2019 +0200

s3:lib: round itime to NTTIME resolution in make_file_id_from_itime()

The rounding is needed because when a file is created via eg an SMB2 CREATE
request, we need to calculate the correct File-ID for the QFID 
Create-Context or
for a subsequent GETINFO SMB request on the same file-handle.

Any later metadata request that received the File-ID will do so by going 
through
dos_mode() -> ... -> parse_dos_attribute_blob(), where the File-ID will be
calculated from the on-disk itime which has NTTIME resolution.

As long as that is the only available itime backend, I'm rounding itime 
inside

[SCM] Samba Shared Repository - branch v4-11-test updated

2019-09-10 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  02ccbe08a53 s3:ldap: Fix join with don't exists machine account
  from  be42cfafee0 s3:selftest: add delay_inject:brl_lock_windows testing

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 02ccbe08a53e385460d17b54bbabee5a362e1a5b
Author: Evgeny Sinelnikov 
Date:   Wed Jul 31 23:17:20 2019 +0400

s3:ldap: Fix join with don't exists machine account

Add check for requested replies of existing machine object during join
machine to domain. This solves regression fail during join with error:
"None of the information to be translated has been translated."

https://bugzilla.samba.org/show_bug.cgi?id=14007

Reviewed-by: Guenther Deschner 
Reviewed-by: Alexander Bokovoy 
Reviewed-by: Stefan Metzmacher 

Autobuild-User(master): Günther Deschner 
Autobuild-Date(master): Wed Sep  4 17:02:37 UTC 2019 on sn-devel-184

(cherry picked from commit ad4ef1657e9b2a088a3bfadcce196cfcceead1dc)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Tue Sep 10 09:13:15 UTC 2019 on sn-devel-184

---

Summary of changes:
 source3/libads/ldap.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index 4f3d43b02b1..2110390b65f 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -2121,13 +2121,14 @@ ADS_STATUS ads_create_machine_acct(ADS_STRUCT *ads,
}
 
ret = ads_find_machine_acct(ads, , machine_escaped);
-   ads_msgfree(ads, res);
-   if (ADS_ERR_OK(ret)) {
+   if (ADS_ERR_OK(ret) && ads_count_replies(ads, res) == 1) {
DBG_DEBUG("Host account for %s already exists.\n",
machine_escaped);
ret = ADS_ERROR_LDAP(LDAP_ALREADY_EXISTS);
+   ads_msgfree(ads, res);
goto done;
}
+   ads_msgfree(ads, res);
 
new_dn = talloc_asprintf(ctx, "cn=%s,%s", machine_escaped, org_unit);
samAccountName = talloc_asprintf(ctx, "%s$", machine_name);


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-11-test updated

2019-09-09 Thread Stefan Metzmacher 
The branch, v4-11-test has been updated
   via  be42cfafee0 s3:selftest: add delay_inject:brl_lock_windows testing
   via  9bf1c5c3e48 vfs_delay_inject: add support for brl_[un]lock_windows()
   via  ec21e68912d s3:locking: add brl_req_guid() and brl_req_mem_ctx() 
helper functions
   via  74527a20584 s3:smb2_lock: handle NT_STATUS_RETRY from the VFS 
backend
   via  a1117587afb s3:blocking: handle NT_STATUS_RETRY from the VFS backend
   via  c8086b8873b s3:blocking: make use of smbd_smb1_do_locks_try() in 
smbd_smb1_do_locks_send()
   via  5e9d294a045 s3:blocking: call smbd_smb1_do_locks_setup_timeout() 
also in smbd_smb1_do_locks_try()
   via  11e489b0789 s3:blocking: fix the fsp->blocked_smb1_lock_reqs 
handling
   via  333026209a8 s3:blocking: do the timeout calculation before calling 
dbwrap_watched_watch_send()
   via  f479c7bc03a s3:blocking: split out 
smbd_smb1_do_locks_setup_timeout()
   via  9f46f3b0e72 s3:blocking: use timeval_expired(>endtime) to 
stop processing
   via  d857b21d4fe s4:torture/raw: add multilock6 test
   via  a037ebbc347 s4:torture/raw: add multilock5 test
   via  cc9afc3dac2 s4:torture/raw: add multilock4 test
   via  6bd411aad81 s4:torture/raw: add multilock3 test
   via  da765a062aa s4:torture/raw: improvements for multilock2
   via  c4d7c186aca s3:smb2_lock: add retry for POSIX locks
   via  061b60353d7 s4:torture/smb2: add smb2.samba3misc.localposixlock1
   via  00fc583960f s3:smb2_lock: make use of smbd_smb2_lock_try() in 
smbd_smb2_lock_send()
   via  1fb82e04d02 s3:smb2_lock: let smbd_smb2_lock_try() explicitly check 
for the retry condition
   via  c4ab0c85022 s3:smb2_lock: error out early in smbd_smb2_lock_send()
   via  5e156be97a3 s3:smb2_lock: split smbd_smb2_lock_retry() into _try() 
and _retry()
   via  e5385142987 s3:smb2_lock: move from 'blocking' to 'state->blocking'
   via  8b3a50609f4 s3:brlock: always return LOCK_NOT_GRANTED instead of 
FILE_LOCK_CONFLICT
   via  b56bb2ac59d s3:blocking: maintain state->deny_status
   via  85b9b5f04fd s4:torture/raw: assert to get LOCK_NOT_GRANTED in 
torture_samba3_posixtimedlock()
   via  1fd0a52e672 s3:blocking: use dynamic posix lock wait intervals
   via  e91bae2bdb1 s3:blocking: Remove bug reproducer from a few commits 
ago
   via  2c31c9d365d s3:blocking: fix posix lock retry
   via  6b23f24ee38 s3:blocking: move from 'timeout' to 
'smbd_smb1_do_locks_state->timeout'
   via  b381f4b314c s3:blocking: split smbd_smb1_do_locks_retry() into 
_try() and _retry()
   via  841fceae680 s3:blocking: demonstrate the posix lock retry fails
   via  ffdb166e49f s3:torture: convert LOCK9 into LOCK9A and LOCK9B
   via  0742879bd8d s3:torture: fix the timeout alarm handling on LOCK9
   via  75e07d48594 s3:blocking: remove unused timeval_brl_min()
   via  f73b670b4db s3:locking: add share_mode_wakeup_waiters() helper 
function
   via  244ad1210cc s3:locking: add/split out byte_range_{valid,overlap}() 
helper functions
   via  80a04a4e19a s3:smb2_lock: call change_to_user_by_fsp() when 
dbwrap_watched_watch* finishes
   via  728e29d84ca s3:blocking: call change_to_user_by_fsp() when 
dbwrap_watched_watch* finishes
  from  d01dbe68cdf libcli/smb: send SMB2_NETNAME_NEGOTIATE_CONTEXT_ID

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit be42cfafee057993d038f7d476d094c53b00b57e
Author: Stefan Metzmacher 
Date:   Tue Aug 20 15:53:59 2019 +0200

s3:selftest: add delay_inject:brl_lock_windows testing

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14113

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Volker Lendecke 

Autobuild-User(master): Stefan Metzmacher 
Autobuild-Date(master): Mon Sep  9 15:42:45 UTC 2019 on sn-devel-184

(cherry picked from commit 2b43ce6704ecf035e6734337a2dea3458153a4b2)

Autobuild-User(v4-11-test): Stefan Metzmacher 
Autobuild-Date(v4-11-test): Mon Sep  9 17:19:11 UTC 2019 on sn-devel-184

commit 9bf1c5c3e48ff905eec6f9ee469f1067b4105d42
Author: Stefan Metzmacher 
Date:   Mon Aug 19 18:22:38 2019 +0200

vfs_delay_inject: add support for brl_[un]lock_windows()

This demonstrates the two ways to handle the retry:
- smb layer retry => plock->context.smblctx = UINT64_MAX
- vfs backend retry => plock->context.smblctx = 0

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14113

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Volker Lendecke 
(cherry picked from commit c2503a5c68e967054ab84ca0d8ce693200c2e002)

commit ec21e68912d2c9b1f4c3aa57d9b34db038a6b66c
Author: Stefan Metzmacher 
Date:   Thu Aug 8 19:26:28 2019 +0200

s3:locking: add brl_req_guid() and brl_req_mem_ctx() helper functions

This allows the vfs backend to detect a retry and keep state between
the

[SCM] Samba Shared Repository - branch v4-11-test updated

2019-09-09 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  d01dbe68cdf libcli/smb: send SMB2_NETNAME_NEGOTIATE_CONTEXT_ID
   via  bff4ee33420 libcli/smb: add new COMPRESSION and NETNAME negotiate 
context ids
  from  11c2b21b97d ctdb: fix compilation on systems with glibc robust 
mutexes

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit d01dbe68cdfcd873f53c02c9529a944bf209c58f
Author: Stefan Metzmacher 
Date:   Thu Jul 25 14:38:26 2019 +0200

libcli/smb: send SMB2_NETNAME_NEGOTIATE_CONTEXT_ID

Note: Unlike the current documentation, the utf16 string
is not null-terminated, that matches Windows Server 1903
as a client.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14055
RN: Add the target server name of SMB 3.1.1 connections
as a hint to load balancers or servers with "multi-tenancy"
support.

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Aurelien Aptel 
(cherry picked from commit 21f6cece543dd791e0f4636458bfe9819823420c)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Mon Sep  9 12:03:55 UTC 2019 on sn-devel-184

commit bff4ee33420557c6b80646a94de926d4f4c0f24d
Author: Stefan Metzmacher 
Date:   Thu Jul 25 14:37:31 2019 +0200

libcli/smb: add new COMPRESSION and NETNAME negotiate context ids

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14055

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Aurelien Aptel 
(cherry picked from commit e10b90f33bb812600886656a1124e2d434416563)

---

Summary of changes:
 libcli/smb/smb2_constants.h |  2 ++
 libcli/smb/smbXcli_base.c   | 17 +
 2 files changed, 19 insertions(+)


Changeset truncated at 500 lines:

diff --git a/libcli/smb/smb2_constants.h b/libcli/smb/smb2_constants.h
index 3dd462cdd69..1430f02689c 100644
--- a/libcli/smb/smb2_constants.h
+++ b/libcli/smb/smb2_constants.h
@@ -131,6 +131,8 @@
 /* Types of SMB2 Negotiate Contexts - only in dialect >= 0x310 */
 #define SMB2_PREAUTH_INTEGRITY_CAPABILITIES 0x0001
 #define SMB2_ENCRYPTION_CAPABILITIES0x0002
+#define SMB2_COMPRESSION_CAPABILITIES   0x0003
+#define SMB2_NETNAME_NEGOTIATE_CONTEXT_ID   0x0005
 
 /* Values for the SMB2_PREAUTH_INTEGRITY_CAPABILITIES Context (>= 0x310) */
 #define SMB2_PREAUTH_INTEGRITY_SHA512   0x0001
diff --git a/libcli/smb/smbXcli_base.c b/libcli/smb/smbXcli_base.c
index 2f5fac08128..c9b396106ae 100644
--- a/libcli/smb/smbXcli_base.c
+++ b/libcli/smb/smbXcli_base.c
@@ -4770,6 +4770,8 @@ static struct tevent_req 
*smbXcli_negprot_smb2_subreq(struct smbXcli_negprot_sta
if (state->conn->max_protocol >= PROTOCOL_SMB3_10) {
NTSTATUS status;
struct smb2_negotiate_contexts c = { .num_contexts = 0, };
+   uint8_t *netname_utf16 = NULL;
+   size_t netname_utf16_len = 0;
uint32_t offset;
DATA_BLOB b;
uint8_t p[38];
@@ -4802,6 +4804,21 @@ static struct tevent_req 
*smbXcli_negprot_smb2_subreq(struct smbXcli_negprot_sta
return NULL;
}
 
+   ok = convert_string_talloc(state, CH_UNIX, CH_UTF16,
+  state->conn->remote_name,
+  strlen(state->conn->remote_name),
+  _utf16, _utf16_len);
+   if (!ok) {
+   return NULL;
+   }
+
+   status = smb2_negotiate_context_add(state, ,
+   SMB2_NETNAME_NEGOTIATE_CONTEXT_ID,
+   netname_utf16, netname_utf16_len);
+   if (!NT_STATUS_IS_OK(status)) {
+   return NULL;
+   }
+
status = smb2_negotiate_context_push(state, , c);
if (!NT_STATUS_IS_OK(status)) {
return NULL;


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-11-test updated

2019-09-06 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  11c2b21b97d ctdb: fix compilation on systems with glibc robust 
mutexes
   via  04867f4c513 WHATSNEW: Add entry for deprecation of "lanman auth" 
and "encrypt passwords = no"
   via  f1d2b5eba72 docs: Deprecate "encrypt passwords = no"
   via  116f8cfe304 docs: Deprecate "lanman auth = yes"
  from  bc0d16c9d8e ldb: Release ldb 2.0.7

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 11c2b21b97d2d8fcd46c7e3ac8005e940869bc51
Author: Ralph Boehme 
Date:   Fri Jul 12 10:49:13 2019 +0200

ctdb: fix compilation on systems with glibc robust mutexes

On older systems like SLES 11 without POSIX robust mutexes, but with glib 
robust
mutexes where all the functions are available but have a "_np" suffix,
compilation fails in:

ctdb/tests/src/test_mutex_raw.c.239.o: In function `worker':
/root/samba-4.10.6/bin/default/../../ctdb/tests/src/test_mutex_raw.c:129: 
undefined reference to `pthread_mutex_consistent'
ctdb/tests/src/test_mutex_raw.c.239.o: In function `main':
/root/samba-4.10.6/bin/default/../../ctdb/tests/src/test_mutex_raw.c:285: 
undefined reference to `pthread_mutex_consistent'
/root/samba-4.10.6/bin/default/../../ctdb/tests/src/test_mutex_raw.c:332: 
undefined reference to `pthread_mutexattr_setrobust'
/root/samba-4.10.6/bin/default/../../ctdb/tests/src/test_mutex_raw.c:363: 
undefined reference to `pthread_mutex_consistent'
collect2: ld returned 1 exit status

This could be fixed by using libreplace system/threads.h instead of 
pthreads.h
directly, but as there has been a desire to keep test_mutex_raw.c 
standalone and
compilable without other external depenencies then libc and libpthread, 
make the
tool developer build only. This should get the average user over the cliff.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14038
RN: Fix compiling ctdb on older systems lacking POSIX robust mutexes

Signed-off-by: Ralph Boehme 
Reviewed-by: Martin Schwenke 
(cherry picked from commit f5388f97792ac2d7962950dad91aaf8ad49bceaa)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Fri Sep  6 08:19:44 UTC 2019 on sn-devel-184

commit 04867f4c513c70313f71c59ed3131307c0d1c4dc
Author: Andrew Bartlett 
Date:   Thu Sep 5 16:12:10 2019 +1200

WHATSNEW: Add entry for deprecation of "lanman auth" and "encrypt passwords 
= no"

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14117

Signed-off-by: Andrew Bartlett 

commit f1d2b5eba72df50f98860557e3d3523b1e82f625
Author: Andrew Bartlett 
Date:   Thu Sep 5 11:19:10 2019 +1200

docs: Deprecate "encrypt passwords = no"

This feature is only available for SMB1 and we need to warn users that this
is going away soon, and allow the removal in a future release under our 
rules
for parameter deprecation.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14117

Signed-off-by: Andrew Bartlett 
Reviewed-by: Garming Sam 
(cherry picked from commit 8d0d99a4d78ba408bb45e2d693049025e60e277a)

commit 116f8cfe3041676264f2bfa2ca43d6266cb326ab
Author: Andrew Bartlett 
Date:   Thu Sep 5 11:23:22 2019 +1200

docs: Deprecate "lanman auth = yes"

This feature is only available for SMB1 and we need to warn users that this
is going away soon, and allow the removal in a future release under our 
rules
for parameter deprecation.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14117

Signed-off-by: Andrew Bartlett 
Reviewed-by: Garming Sam 

Autobuild-User(master): Andrew Bartlett 
Autobuild-Date(master): Thu Sep  5 04:04:18 UTC 2019 on sn-devel-184

(cherry picked from commit 1006f7abe8980d2c01c181db93225353ce494b3a)

---

Summary of changes:
 WHATSNEW.txt  | 14 ++
 ctdb/wscript  |  2 +-
 docs-xml/smbdotconf/security/encryptpasswords.xml |  8 
 docs-xml/smbdotconf/security/lanmanauth.xml   |  9 +
 4 files changed, 32 insertions(+), 1 deletion(-)


Changeset truncated at 500 lines:

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index eece43fcd9e..904db5fefc3 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -68,6 +68,18 @@ in the following years. If you have a strong requirement for 
SMB1
 (except for supporting old Linux Kernels), please file a bug
 at https://bugzilla.samba.org and let us know about the details.
 
+LanMan and plaintext authentication deprecated
+--
+
+The "lanman auth" and "encrypt passwords" parameters are deprecated
+with this release as both are only applicable to SMB1 and are quite
+insecure.  NTLM, NTLMv2 and Kerberos authentication are unaffected, as
+"encrypt

[SCM] Samba Shared Repository - branch v4-11-test updated

2019-09-04 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  bc0d16c9d8e ldb: Release ldb 2.0.7
   via  9392ee7d290 ldb: Extend the ldb_dn_explode test matrix
   via  e019f3a6aac ldb: Do not read beyond the end of the extended DN 
component when printing
   via  9b0c3051783 ldb: Add test with == true or false to boolean if 
statements in ldb_dn_explode()
   via  1bc9476be79 ldb: Rework all pointer NULL tests to use Samba's 
normal style
   via  0f993c094ea ldb: add some dn explode tests
   via  c71c51dda00 ldb: don't try to save a value that isn't there
   via  61a039cc21d ldb: Call TALLOC_FREE(filtered_msg->elements) on 
ldb_filter_attrs() failure
   via  11427be15ed ldb: use TALLOC_FREE() over talloc_free() in 
ldb_filter_attrs()
   via  9c677a274d4 ldb: Correct Pigeonhole principle validation in 
ldb_filter_attrs()
   via  57f00784ffa ldb: Fix mem-leak if talloc_realloc fails
   via  7cf6afba656 ldb_dn: free dn components on explode failure
   via  0358b3f9bc1 ldb: do not allow adding a DN as a base to itself
   via  0e96b2cb506 vfs_glusterfs: Use pthreadpool for scheduling aio 
operations
   via  8b680d30979 ctdb-recoverd: Fix typo in previous fix
   via  20c4d212472 ctdb-tests: Clear deleted record via recovery instead 
of vacuuming
   via  9063f5dde3f ctdb-tests: Strengthen volatile DB traverse test
   via  a03443efef6 ctdb-recoverd: Only check for LMASTER nodes in the VNN 
map
   via  4a5c554508b ctdb-tests: Don't retrieve the VNN map from target node 
for notlmaster
   via  7e004230708 ctdb-tests: Handle special cases first and return
   via  e876b1e8562 ctdb-tests: Inline handling of recovered and notlmaster 
statuses
   via  6efb59affb2 ctdb-tests: Drop unused node statuses frozen/unfrozen
   via  a279b888346 ctdb-tests: Reformat node_has_status()
  from  96961348432 VERSION: Bump verison up to 4.11.0rc4...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit bc0d16c9d8eacd254552ff28726a2ba5f2a1c8c0
Author: Andrew Bartlett 
Date:   Wed Aug 28 17:44:52 2019 +1200

ldb: Release ldb 2.0.7

* Robustness improvements against duplicate attributes in ldb_filter_attrs()
  (bug 13695)
* Robustness improvements against invalid string DN values (bug 14049)

Signed-off-by: Andrew Bartlett 

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Wed Sep  4 10:24:56 UTC 2019 on sn-devel-184

commit 9392ee7d29081118afd2dfd531946cbdcaba729d
Author: Andrew Bartlett 
Date:   Tue Aug 27 13:16:50 2019 +1200

ldb: Extend the ldb_dn_explode test matrix

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049

Signed-off-by: Andrew Bartlett 
Reviewed-by: Gary Lockyer 
(cherry picked from commit 10058bcfa16d5029e61252d64d142a8aab9ec296)

commit e019f3a6aac62460ee9768fec4001e00f00f8096
Author: Andrew Bartlett 
Date:   Tue Aug 27 13:16:18 2019 +1200

ldb: Do not read beyond the end of the extended DN component when printing

The print functions used in Samba NULL terminate, but do not assume they 
will

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049

Signed-off-by: Andrew Bartlett 
Reviewed-by: Gary Lockyer 
(cherry picked from commit a8a3cef3a768aaff01227dd7b229fb7b3aef926f)

commit 9b0c30517834da57a436ac6a0bad1fa2c6173849
Author: Andrew Bartlett 
Date:   Thu Aug 22 11:09:55 2019 +1200

ldb: Add test with == true or false to boolean if statements in 
ldb_dn_explode()

This is beyond the normal level of clarity we expect in Samba, and is of 
course
rudundent, but this is a complex routine that has confusing tests, some of
pointers and some of boolean state values.

This tries to make the code as clear as possible pending a more 
comprehensive
rewrite.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049

Signed-off-by: Andrew Bartlett 
Reviewed-by: Gary Lockyer 
(cherry picked from commit 52bd2dde5ae809ecc115f7087e367327f4771e73)

commit 1bc9476be79b994a3a9b0618f23f176e399c5aaa
Author: Andrew Bartlett 
Date:   Thu Aug 22 10:59:07 2019 +1200

ldb: Rework all pointer NULL tests to use Samba's normal style

Also avoid if () without braces

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049

Signed-off-by: Andrew Bartlett 
Reviewed-by: Gary Lockyer 
(cherry picked from commit 3f290e95c2c133eb2c983ecc984d3dff4809f3d3)

commit 0f993c094ea242934766761389cecd5ecfd14a37
Author: Douglas Bagnall 
Date:   Thu Jul 25 12:09:16 2019 +1200

ldb: add some dn explode tests

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14049

Signed-off-by: Douglas Bagnall 
Reviewed-by: Andrew Bartlett 
Reviewed-by: Gary Lockyer 
(cherry picked from commit a097ddf65ce56dcd2e0b072b6dd78f512a77a9da)

commit

[SCM] Samba Shared Repository - branch v4-11-test updated

2019-09-03 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  96961348432 VERSION: Bump verison up to 4.11.0rc4...
   via  c1d9e02d06a VERSION: Disable GIT_SNAPSHOT for the 4.11.0rc3 release.
   via  f04985fe9b5 WHATSNEW: Add release notes for Samba 4.11.0rc3.
   via  efd6d670997 CVE-2019-10197: smbd: split 
change_to_user_impersonate() out of change_to_user_internal()
   via  a6ff560aa13 CVE-2019-10197: test_smbclient_s3.sh: add regression 
test for the no permission on share root problem
   via  7b39df0f144 CVE-2019-10197: selftest: make fsrvp_share its own 
independent subdirectory
   via  d690f6f3c4d CVE-2019-10197: smbd: make sure we reset 
current_user.{need,done}_chdir in become_root()
   via  ae9bdef5c8a CVE-2019-10197: smbd: make sure that 
change_to_user_internal() always resets current_user.done_chdir
   via  bcfb7749869 CVE-2019-10197: smbd: separate out impersonation debug 
info into a new function.
  from  aa3ad5c451f WHATSNEW: BIND9_FLATFILE / rndc command deprecated

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 96961348432cd1171b99ea2d8e64d4bc9d897f72
Author: Karolin Seeger 
Date:   Tue Sep 3 13:13:47 2019 +0200

VERSION: Bump verison up to 4.11.0rc4...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger 

commit c1d9e02d06a158f637475ffeca7a6c3f2fb1d773
Author: Karolin Seeger 
Date:   Tue Sep 3 13:12:53 2019 +0200

VERSION: Disable GIT_SNAPSHOT for the 4.11.0rc3 release.

Signed-off-by: Karolin Seeger 

commit f04985fe9b54824fb61683c67065da2fdb8f2e1a
Author: Karolin Seeger 
Date:   Tue Sep 3 13:12:16 2019 +0200

WHATSNEW: Add release notes for Samba 4.11.0rc3.

Signed-off-by: Karolin Seeger 

commit efd6d670997eff81c94b1ece3814b1da2c3705cb
Author: Stefan Metzmacher 
Date:   Thu Jul 11 17:02:15 2019 +0200

CVE-2019-10197: smbd: split change_to_user_impersonate() out of 
change_to_user_internal()

This makes sure we always call chdir_current_service() even
when we still impersonated the user. Which is important
in order to run the SMB* request within the correct working directory
and only if the user has permissions to enter that directory.

It makes sure we always update conn->lastused_count
in chdir_current_service() for each request.

Note that vfs_ChDir() (called from chdir_current_service())
maintains its own cache and avoids calling SMB_VFS_CHDIR()
if possible.

It means we still avoid syscalls if we get a multiple requests
for the same session/tcon tuple.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Ralph Boehme 

commit a6ff560aa134fb4fa5ceaba83d29aae0bc398f4d
Author: Stefan Metzmacher 
Date:   Tue Jul 16 15:40:38 2019 +0200

CVE-2019-10197: test_smbclient_s3.sh: add regression test for the no 
permission on share root problem

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035

Signed-off-by: Stefan Metzmacher 

commit 7b39df0f1449024c8b9f2954a63f0b265c4269e8
Author: Stefan Metzmacher 
Date:   Tue Jul 30 17:16:59 2019 +0200

CVE-2019-10197: selftest: make fsrvp_share its own independent subdirectory

The next patch will otherwise break the fsrvp related tests.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035

Signed-off-by: Stefan Metzmacher 

commit d690f6f3c4d82a5ff887df40e2a60a1828eb87eb
Author: Stefan Metzmacher 
Date:   Tue Jun 18 14:04:08 2019 +0200

CVE-2019-10197: smbd: make sure we reset current_user.{need,done}_chdir in 
become_root()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035

Signed-off-by: Stefan Metzmacher 

commit ae9bdef5c8a2dea2efca6295799a42ba01c3b98d
Author: Stefan Metzmacher 
Date:   Thu Jul 11 17:01:29 2019 +0200

CVE-2019-10197: smbd: make sure that change_to_user_internal() always 
resets current_user.done_chdir

We should not leave current_user.done_chdir as true if we didn't call
chdir_current_service() with success.

This caused problems in when calling vfs_ChDir() in pop_conn_ctx() when
chdir_current_service() worked once on one share but later failed on another
share.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Ralph Boehme 

commit bcfb7749869241a6a85fedca551ae6a4a4dec4fc
Author: Jeremy Allison 
Date:   Fri Jul 12 12:10:35 2019 -0700

CVE-2019-10197: smbd: separate out impersonation debug info into a new 
function.

Will be called on elsewhere on successful impersonation.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14035

Signed-off-by: Jeremy Allison 
Reviewed-by: Ralph Boehme 
Reviewed-by: Stefan Metzmacher 

---

Summary of changes:

[SCM] Samba Shared Repository - branch v4-11-test updated

2019-08-28 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  aa3ad5c451f WHATSNEW: BIND9_FLATFILE / rndc command deprecated
   via  d61fac0cbe4 docs: Deprecate "rndc command" for Samba 4.11
   via  a9d0e0b7bae ctdb-daemon: Make node inactive in the NODE_STOP control
   via  f454db8d960 ctdb-daemon: Drop unused function 
ctdb_local_node_got_banned()
   via  a93c591a11a ctdb-daemon: Switch banning code to use 
ctdb_node_become_inactive()
   via  09397389958 ctdb-daemon: Factor out new function 
ctdb_node_become_inactive()
   via  240ad91944d ctdb-tcp: Mark node as disconnected if incoming 
connection goes away
   via  adb19f17cd1 ctdb-tcp: Only mark a node connected if both directions 
are up
   via  6668733c306 ctdb-tcp: Create outbound queue when the connection 
becomes writable
   via  1ef2ffbab86 ctdb-tcp: Use TALLOC_FREE()
   via  bf39d0cff16 ctdb-tcp: Move incoming fd and queue into struct 
ctdb_tcp_node
   via  4cf26ff2ec3 ctdb-tcp: Rename fd -> out_fd
   via  0b4a99c22f5 ctdb-daemon: Add function ctdb_ip_to_node()
   via  53b0fd2216d vfs:glusterfs_fuse: build only if we have setmntent()
   via  d8ba147db50 vfs:glusterfs_fuse: ensure fileids are constant across 
nodes
  from  c6d784debd8 vfs_glusterfs: Enable profiling for file system 
operations

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit aa3ad5c451f38659c1131b20756ad81a903654cb
Author: Andrew Bartlett 
Date:   Fri Aug 23 21:13:22 2019 +1200

WHATSNEW: BIND9_FLATFILE / rndc command deprecated

Signed-off-by: Andrew Bartlett 

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Wed Aug 28 10:48:10 UTC 2019 on sn-devel-184

commit d61fac0cbe4abe1f90da6aea695690ccdb757765
Author: Andrew Bartlett 
Date:   Sat Aug 17 06:59:33 2019 +1200

docs: Deprecate "rndc command" for Samba 4.11

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14092

Signed-off-by: Andrew Bartlett 
Reviewed-by: Andreas Schneider 
(cherry picked from commit 561e0986ac96c842239b4e8c6509e05c836707b7)

commit a9d0e0b7bae9005d56222e5952f9fec66cb8f491
Author: Martin Schwenke 
Date:   Mon Aug 19 21:48:04 2019 +1000

ctdb-daemon: Make node inactive in the NODE_STOP control

Currently some of this is supported by a periodic check in the
recovery daemon's main_loop(), which notices the flag change, sets
recovery mode active and freezes databases.  If STOP_NODE returns
immediately then the associated recovery can complete and the node can
be continued before databases are actually frozen.

Instead, immediately do all of the things that make a node inactive.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14087
RN: Stop "ctdb stop" from completing before freezing databases

Signed-off-by: Martin Schwenke 
Reviewed-by: Amitay Isaacs 

Autobuild-User(master): Amitay Isaacs 
Autobuild-Date(master): Tue Aug 20 08:32:27 UTC 2019 on sn-devel-184

(cherry picked from commit e9f2e205ee89f4f3d6302cc11b4d0eb2efaf0f53)

commit f454db8d960bce78e492cdec344257a2ee094514
Author: Martin Schwenke 
Date:   Tue Aug 20 11:29:42 2019 +1000

ctdb-daemon: Drop unused function ctdb_local_node_got_banned()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14087

Signed-off-by: Martin Schwenke 
Reviewed-by: Amitay Isaacs 
(cherry picked from commit 91ac4c13d8472955d1f04bd775ec4b3ff8bf1b61)

commit a93c591a11a9b19f4f5df87c76e3b2f3f7404339
Author: Martin Schwenke 
Date:   Mon Aug 19 21:52:57 2019 +1000

ctdb-daemon: Switch banning code to use ctdb_node_become_inactive()

There's no reason to avoid immediately setting recovery mode to active
and initiating freeze of databases.

This effectively reverts the following commits:

  d8f3b490bbb691c9916eed0df5b980c1aef23c85
  b4357a79d916b1f8ade8fa78563fbef0ce670aa9

The latter is now implemented using a control, resulting in looser
coupling.

See also the following commit:

  f8141e91a693912ea1107a49320e83702a80757a

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14087

Signed-off-by: Martin Schwenke 
Reviewed-by: Amitay Isaacs 
(cherry picked from commit 0f5f7b7cf4e970f3f36c5e0b3d09e710fe90801a)

commit 093973899580c2fd1a95d067ff695388b7bdc4f8
Author: Martin Schwenke 
Date:   Mon Aug 19 21:47:03 2019 +1000

ctdb-daemon: Factor out new function ctdb_node_become_inactive()

This is a superset of ctdb_local_node_got_banned() so will replace
that function, and will also be used in the NODE_STOP control.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14087

Signed-off-by: Martin Schwenke 
Reviewed-by: Amitay Isaacs 
(cherry picked from commit a42bcaabb63722411bee52b80cbfc795593defbc)

commit 240ad91944d617d33b85aaeeed2a57ecf1ce9c67

[SCM] Samba Shared Repository - branch v4-11-test updated

2019-08-26 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  c6d784debd8 vfs_glusterfs: Enable profiling for file system 
operations
   via  53f828969d0 vfs_glusterfs: initialize st_ex_file_id, st_ex_itime 
and st_ex_iflags
   via  900cc33accf vfs_default: use correct flag in vfswrap_fs_file_id
   via  756bea42e0c ctdb-tools: Drop 'o' option from getopts command
   via  80bd467affb ldb: Release ldb 2.0.6
   via  d819a1c2050 ldb: Free memory when repacking database
   via  18fb5fb911d ldb: Log the partition we're repacking
   via  1c2f1bd04ab ldb: Log pack format in user-friendly way
   via  6de3d8f7ce0 ldb: Change pack format defines to enum
   via  b99fff86ebb ldb: Move where we update the pack format version
   via  70726f2dfba ldb: Always log when the database pack format changes
   via  b3987205fe2 downgradedatabase: installing script
   via  309ec3b63c5 downgradedatabase: Add man-page documentation
   via  a1b3796b564 downgradedatabase: rename to samba_downgrade_db
   via  7a8f68f6150 tests: Avoid hardcoding relative filepath
   via  be508cda25d downgradedatabase: comply with samba.tests.source
   via  d18896d1998 vfs_gpfs: Implement special case for denying owner 
access to ACL
   via  39495b14cdd vfs_gpfs: Move mapping from generic NFSv ACL to GPFS 
ACL to separate function
   via  90ddc22ea55 docs: Remove gpfs:merge_writeappend from vfs_gpfs 
manpage
   via  7c90ecdb15c vfs_gpfs: Remove merge_writeappend parameter
   via  d186689038c nfs4_acls: Use correct owner information for ACL after 
owner change
   via  77052fbc65a nfs4_acls: Add test for merging duplicates when mapping 
from NFS4 ACL to DACL
   via  78d426fb0d4 nfs4_acls: Remove duplicate entries when mapping from 
NFS4 ACL to DACL
   via  7d40b00bac8 nfs4_acls: Rename smbacl4_fill_ace4 function
   via  8ac9c1f75f3 nfs4_acls: Add additional owner entry when mapping to 
NFS4 ACL with IDMAP_TYPE_BOTH
   via  01e913caf03 nfs4_acls: Remove redundant pointer variable
   via  b3aad3426a8 nfs4_acls: Remove redundant logging from 
smbacl4_fill_ace4
   via  693aa2dbfc8 nfs4_acls: Move adding of NFS4 ACE to ACL to 
smbacl4_fill_ace4
   via  d806dba002c nfs4_acls: Move smbacl4_MergeIgnoreReject function
   via  428579d3fde nfs4_acls: Remove i argument from 
smbacl4_MergeIgnoreReject
   via  d5965e3a43f nfs4_acls: Add missing braces in smbacl4_win2nfs4
   via  6661fecf267 nfs4_acls: Add helper function for checking INHERIT 
flags.
   via  e08f9b24097 nfs4_acls: Use correct type when checking ownerGID
   via  b1b8e37881f nfs4_acls: Use switch/case for checking idmap type
   via  6d88ab39e8e nfs4_acls: Use sids_to_unixids to lookup uid or gid
   via  0313f1552f9 test_nfs4_acls: Add test for mapping from DACL to NFS4 
ACL with IDMAP_TYPE_BOTH
   via  7d73c37ae7b test_nfs4_acls: Add test for mapping from NFS4 ACL to 
DACL with IDMAP_TYPE_BOTH
   via  2de4919e8a3 test_nfs4_acls: Add test for mapping from NFS4 to DACL 
in config mode special
   via  d3a9648eb63 test_nfs4_acls: Add test for mapping from DACL to NFS4 
ACL with config special
   via  4022997f030 test_nfs4_acls: Add test for matching DACL entries for 
acedup
   via  490d13557a4 test_nfs4_acls: Add test for acedup settings
   via  31d60e8cf2c test_nfs4_acls: Add test for 'map full control' option
   via  61002278b80 test_nfs4_acls: Add test for mapping from NFS4 to DACL 
CREATOR entries
   via  4e46dbc7749 test_nfs4_acls: Add test for mapping CREATOR entries to 
NFS4 ACL entries
   via  aa466a0104d test_nfs4_acls: Add test for mapping from DACL to 
special NFS4 ACL entries
   via  dda9e525c55 test_nfs4_acls: Add test for mapping of special NFS4 
ACL entries to DACL entries
   via  368c370dc2f test_nfs4_acls: Add test for mapping permissions from 
DACL to NFS4 ACL
   via  014ae431e64 test_nfs4_acls: Add test for mapping permissions from 
NFS4 ACL to DACL
   via  ec532e3ed55 test_nfs4_acls: Add test for flags mapping from DACL to 
NFS4 ACL
   via  c1eb8ec5c33 test_nfs4_acls: Add test for flags mapping from NFS4 
ACL to DACL
   via  4120b8dcbe8 test_nfs4_acls: Add tests for mapping of ACL types
   via  526da3f215a test_nfs4_acls: Add tests for mapping of empty ACLs
   via  88b0461ca0d selftest: Start implementing unit test for nfs4_acls
   via  9e82d8ae7fa nfs4_acls: Remove fsp from smbacl4_win2nfs4
   via  72d79334a53 Revert "nfs4acl: Fix owner mapping with ID_TYPE_BOTH"
  from  ea38596181c VERSION: Bump version up to 4.11.0rc3...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit c6d784debd8a9f9e576397a628de1e581aa7adbc
Author: Anoop C S 
Date:   Mon Aug 5 10:45:01 2019 +0530

vfs_glusterfs: Enable profiling for file system operations

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14093

[SCM] Samba Shared Repository - branch v4-11-test updated

2019-08-21 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  ea38596181c VERSION: Bump version up to 4.11.0rc3...
   via  521240aa372 VERSION: Disable GIT_SNAPSHOT for the 4.11.0rc2 release.
  from  c14427253e8 tdb: Release tdb 1.4.2

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit ea38596181c8e64f87019d7cfa48b0e0dc225e70
Author: Karolin Seeger 
Date:   Wed Aug 21 12:36:23 2019 +0200

VERSION: Bump version up to 4.11.0rc3...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger 

commit 521240aa3728d61e8b768c6e5f20146afaf97e2f
Author: Karolin Seeger 
Date:   Wed Aug 21 12:34:58 2019 +0200

VERSION: Disable GIT_SNAPSHOT for the 4.11.0rc2 release.

Signed-off-by: Karolin Seeger 

---

Summary of changes:
 VERSION | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index c70b521219c..67ae2000ebf 100644
--- a/VERSION
+++ b/VERSION
@@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE=
 # e.g. SAMBA_VERSION_RC_RELEASE=1  #
 #  ->  "3.0.0rc1"  #
 
-SAMBA_VERSION_RC_RELEASE=2
+SAMBA_VERSION_RC_RELEASE=3
 
 
 # To mark SVN snapshots this should be set to 'yes'#


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-11-test updated

2019-08-21 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  c14427253e8 tdb: Release tdb 1.4.2
   via  afd6b77bb84 tdb: Inline the common part of tdb_oob
   via  3325a4d4146 tdb: Speed up tdb_oob()
   via  6312223d6e6 tdb: Introduce tdb_oob()
   via  fab20658b9a tdb: Rename tdb_oob() to tdb_notrans_oob()
  from  38876ad4ef4 smbtorture: extend rpc.lsa to lookup machine over 
forest-wide LookupNames

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit c14427253e8cb4aab951ded527258e6f67fc4452
Author: Stefan Metzmacher 
Date:   Tue Aug 20 14:55:27 2019 +0200

tdb: Release tdb 1.4.2

* Build fixes
* Improve the performance by inlining the tdb_oob() checks

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Ralph Boehme 

Autobuild-User(master): Stefan Metzmacher 
Autobuild-Date(master): Tue Aug 20 14:45:41 UTC 2019 on sn-devel-184

(cherry picked from commit 60cba7b3a17104da1543d59609f50c6638880dd1)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Wed Aug 21 09:57:08 UTC 2019 on sn-devel-184

commit afd6b77bb849bdcfa30513626c61a7aade7d88e2
Author: Volker Lendecke 
Date:   Sun Aug 4 18:26:05 2019 +0200

tdb: Inline the common part of tdb_oob

When you set

in tdbtorture.c to make it more similar to locking.tdb use,

bin/tdbtorture -m -n 1 -l 10 -s

becomes twice as fast. This is a pretty extreme case, but all other
tests that I did improve significantly as well.

Signed-off-by: Volker Lendecke 
Reviewed-by: Jeremy Allison 
(cherry picked from commit f5735e2c666a5a494131c1d25f7ba5c7fbeae923)

commit 3325a4d4146d5793b1ae6a7b7a502c52a489ac59
Author: Volker Lendecke 
Date:   Sun Aug 4 12:18:19 2019 +0200

tdb: Speed up tdb_oob()

This is common between both implementations of tdb_oob(). It's
faster if we don't have to dereference function pointers.

Signed-off-by: Volker Lendecke 
Reviewed-by: Jeremy Allison 
(cherry picked from commit 897bffa8166f643eb9063a848bb0c02455663317)

commit 6312223d6e609d629dfc7914d62bf80ced584c6b
Author: Volker Lendecke 
Date:   Sun Aug 4 12:15:14 2019 +0200

tdb: Introduce tdb_oob()

Initially just encapsulate the pointer dereferences

Signed-off-by: Volker Lendecke 
Reviewed-by: Jeremy Allison 
(cherry picked from commit 5a388453e0cb038fa3ed5fb46f972470f7793566)

commit fab20658b9a4d04e2eab89d95b6eb7e04187424d
Author: Volker Lendecke 
Date:   Sun Aug 4 12:10:03 2019 +0200

tdb: Rename tdb_oob() to tdb_notrans_oob()

tdb_oob() will become a public function encapsulating the pointer
dereferences.

Signed-off-by: Volker Lendecke 
Reviewed-by: Jeremy Allison 
(cherry picked from commit 885ba572efaac6c20388b8e119315c837e8f5236)

---

Summary of changes:
 lib/tdb/ABI/{tdb-1.3.17.sigs => tdb-1.4.2.sigs} |  0
 lib/tdb/common/check.c  |  6 ++---
 lib/tdb/common/freelist.c   |  2 +-
 lib/tdb/common/io.c | 33 -
 lib/tdb/common/open.c   |  6 ++---
 lib/tdb/common/rescue.c |  4 +--
 lib/tdb/common/tdb_private.h| 13 ++
 lib/tdb/common/transaction.c|  7 +-
 lib/tdb/common/traverse.c   |  3 +--
 lib/tdb/test/run-3G-file.c  |  2 +-
 lib/tdb/wscript |  2 +-
 11 files changed, 53 insertions(+), 25 deletions(-)
 copy lib/tdb/ABI/{tdb-1.3.17.sigs => tdb-1.4.2.sigs} (100%)


Changeset truncated at 500 lines:

diff --git a/lib/tdb/ABI/tdb-1.3.17.sigs b/lib/tdb/ABI/tdb-1.4.2.sigs
similarity index 100%
copy from lib/tdb/ABI/tdb-1.3.17.sigs
copy to lib/tdb/ABI/tdb-1.4.2.sigs
diff --git a/lib/tdb/common/check.c b/lib/tdb/common/check.c
index 3a5c8b8ba94..d7741f6b2f9 100644
--- a/lib/tdb/common/check.c
+++ b/lib/tdb/common/check.c
@@ -94,7 +94,7 @@ static bool tdb_check_record(struct tdb_context *tdb,
 off, rec->next));
goto corrupt;
}
-   if (tdb->methods->tdb_oob(tdb, rec->next, sizeof(*rec), 0))
+   if (tdb_oob(tdb, rec->next, sizeof(*rec), 0))
goto corrupt;
 
/* Check rec_len: similar to rec->next, implies next record. */
@@ -112,7 +112,7 @@ static bool tdb_check_record(struct tdb_context *tdb,
goto corrupt;
}
/* OOB allows "right at the end" access, so this works for last rec. */
-   if (tdb->methods->tdb_oob(tdb, off, sizeof(*rec)+rec->rec_len, 0))
+   if (tdb_oob(tdb, off, sizeof(*rec)+rec->rec_len, 0))
goto corrupt;
 
/* Check tailer. */
@@ -362,7 +362,7 @@ _PUBLIC_ int tdb_check(struct tdb_context *tdb,

[SCM] Samba Shared Repository - branch v4-11-test updated

2019-08-19 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  38876ad4ef4 smbtorture: extend rpc.lsa to lookup machine over 
forest-wide LookupNames
   via  60d22232734 lookup_name: allow own domain lookup when flags == 0
   via  8dfa63d9f72 torture/rpc/lsa: allow testing different lookup levels
   via  428ecb5f4e2 WHATSNEW: Fix some minor formatting issues.
  from  62e65124e9d smbd: Fix use-after-free from exit_server_common()

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 38876ad4ef46fc3cf6a12329236918a87c2e2c65
Author: Alexander Bokovoy 
Date:   Sat Aug 10 11:53:12 2019 +0300

smbtorture: extend rpc.lsa to lookup machine over forest-wide LookupNames

Add a simple test to resolve DOMAIN\MACHINE$ via LSA LookupNames3
using LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 level. This level would pass
zero lookup flags to lookup_name().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14091

Signed-off-by: Alexander Bokovoy 
Reviewed-by: Andreas Schneider 

Autobuild-User(master): Alexander Bokovoy 
Autobuild-Date(master): Wed Aug 14 13:07:42 UTC 2019 on sn-devel-184

(cherry picked from commit 4d276a93fc624dc04d880f5b4157f272d3555be6)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Mon Aug 19 12:36:22 UTC 2019 on sn-devel-184

commit 60d222327343599d13643ee54e041cd65373a7eb
Author: Alexander Bokovoy 
Date:   Thu Aug 1 15:48:58 2019 +0300

lookup_name: allow own domain lookup when flags == 0

In 2007, we've added support for multiple lookup levels for LSA
LookupNames family of calls. However, forest-wide lookups, as described
in MS-LSAT 2.2.16, never worked because flags passed to lookup_name()
were always set to zero, expecting at least default lookup on a DC to
apply. lookup_name() was instead treating zero flags as 'skip all
checks'.

Allow at least own domain lookup in case domain name is the same.
This should allow FreeIPA DC to respond to LSA LookupNames3 calls from a
trusted AD DC side.

For the reference, below is a request Windows Server 2016 domain
controller sends to FreeIPA domain controller when attempting to look up
a user from a trusted forest root domain that attemps to login to the
domain controller. Notice the level in the lsa_LookupNames3 call and
resulting flags in lookup_name().

[2019/08/03 07:14:24.156065,  1, pid=23639, effective(967001000, 
967001000), real(967001000, 0), class=rpc_parse] 
../../librpc/ndr/ndr.c:471(ndr_print_function_debug)
   lsa_LookupNames3: struct lsa_LookupNames3
  in: struct lsa_LookupNames3
  handle   : *
  handle: struct policy_handle
  handle_type  : 0x (0)
  uuid : 
004c---455d-3018575c
  num_names: 0x0001 (1)
  names: ARRAY(1)
  names: struct lsa_String
  length   : 0x000a (10)
  size : 0x000c (12)
  string   : *
  string   : 'XS\ab'
  sids : *
  sids: struct lsa_TransSidArray3
  count: 0x (0)
  sids : NULL
  level: 
LSA_LOOKUP_NAMES_UPLEVEL_TRUSTS_ONLY2 (6)
  count: *
  count: 0x (0)
  lookup_options   : 
LSA_LOOKUP_OPTION_SEARCH_ISOLATED_NAMES (0)
  client_revision  : LSA_CLIENT_REVISION_2 (2)
[2019/08/03 07:14:24.156189,  6, pid=23639, effective(967001000, 
967001000), real(967001000, 0), class=rpc_srv] 
../../source3/rpc_server/rpc_handles.c:339(find_policy_by_hnd_internal)
  Found policy hnd[0] [] 00 00 00 00 4C 00 00 00   00 00 00 00 45 5D 30 
18   L... E]0.
  [0010] 57 5C 00 00W\..
[2019/08/03 07:14:24.156228,  4, pid=23639, effective(967001000, 
967001000), real(967001000, 0)] ../../source3/smbd/sec_ctx.c:215(push_sec_ctx)
  push_sec_ctx(967001000, 967001000) : sec_ctx_stack_ndx = 2
[2019/08/03 07:14:24.156246,  4, pid=23639, effective(967001000, 
967001000), real(967001000, 0)] ../../source3/smbd/uid.c:552(push_conn_ctx)
  push_conn_ctx(0) : conn_ctx_stack_ndx = 0
[2019/08/03 07:14:24.156259,  4, pid=23639, effective(967001000, 
967001000), real(967001000, 0)] 
../../source3/smbd/sec_ctx.c:319(set_sec_ctx_internal)
  setting sec ctx (0, 0) - sec_ctx_stack_ndx = 2

[SCM] Samba Shared Repository - branch v4-11-test updated

2019-08-07 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  62e65124e9d smbd: Fix use-after-free from exit_server_common()
   via  6b4c51d0c94 WHATSNEW: Add link to 2012 Windows compatibility wiki 
page
   via  02352ebbef6 WHATSNEW: Make it clearer how the AD database changes 
will affect users
   via  97a742fe761 tests/drs_no_dns: Check dbcheck and ldapcmp pass
   via  c7a5694f4f8 tests: Add samba_upgradedns to the list of possible cmds
   via  8a09ea3c70f netcmd: Allow drs replicate --local to create partitions
   via  816053b7bba join: Use a specific attribute order for the DsAddEntry 
nTDSDSA object
   via  636f7dedd40 tests/ldap: Use TLDAP to check the extended DN return
   via  a1d0ce447e7 tests/tldap: Actually check the paging return code
   via  23f8a8ee71b tldap: Paged searches fail when they get to the end
   via  dd36cafdb96 tldap: Make memcpy of no controls safe
   via  b95186a5332 ldap_server: Regression in 
0559430ab6e5c48d6e853fda0d8b63f2e149015c
   via  122d7afb50e WHATSNEW: document new debug encryption smb.conf param
   via  98051741ea5 WHATSNEW: add CephFS Snapshot Integration section
   via  f2c40f4d41a gp_inf: Read/write files with a UTF-16LE BOM in 
GptTmpl.inf
   via  29fa37b717c partition: reversing partition unlocking
   via  6877eabea8f partition: correcting lock ordering
  from  1c64a2e37b6 WHATSNEW: preview release -> release candidate

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 62e65124e9d720d5dd27d822e7a25df24ea9f81b
Author: Volker Lendecke 
Date:   Wed Jul 31 14:17:02 2019 +0200

smbd: Fix use-after-free from exit_server_common()

We need to keep the smbXsrv_connection structures around until all
pending requests have had their chance to clean up behind them. If you
look at srv_send_smb(), it's exactly prepared already to just drop
anything on the floor when the transport has been declared dead:

if (!NT_STATUS_IS_OK(xconn->transport.status)) {
/*
 * we're not supposed to do any io
 */
return true;
}

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14064

Signed-off-by: Volker Lendecke 
Reviewed-by: Stefan Metzmacher 

Autobuild-User(master): Stefan Metzmacher 
Autobuild-Date(master): Thu Aug  1 15:39:13 UTC 2019 on sn-devel-184

(cherry picked from commit c226dc6e8a18343031829c35552e557903593daf)

Autobuild-User(v4-11-test): Karolin Seeger 
Autobuild-Date(v4-11-test): Wed Aug  7 12:53:51 UTC 2019 on sn-devel-184

commit 6b4c51d0c94a34ccd310f4c0e470f043407659d6
Author: Tim Beale 
Date:   Mon Jul 29 10:35:23 2019 +1200

WHATSNEW: Add link to 2012 Windows compatibility wiki page

There's now a lot more info on the wiki on Windows 2012 compatibility,
and how the schema is just a small part of overall compatibility.
Link to this wiki page from the WHATSNEW, so users can read more about
this.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14057

Signed-off-by: Tim Beale 

commit 02352ebbef6dd5669cb28369a3c7e7579c796384
Author: Tim Beale 
Date:   Mon Jul 29 10:14:06 2019 +1200

WHATSNEW: Make it clearer how the AD database changes will affect users

The release notes currently just have a brief mention of a new LDB pack
format. They don't really cover how this change will actually affect AD
users when upgrading (or more specifically downgrading) with v4.11.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14057

Signed-off-by: Tim Beale 

commit 97a742fe7617d153e38aac5ad6c887c79a6e2447
Author: Garming Sam 
Date:   Wed Jul 24 14:53:33 2019 +1200

tests/drs_no_dns: Check dbcheck and ldapcmp pass

When joining a DC without DNS partitions, make sure that the alternate
flow of creating them afterwards results in a database with everything
that is necessary.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14051
RN: Allow a DC join without DNS partitions, to add them later

Signed-off-by: Garming Sam 
Reviewed-by: Andrew Bartlett 
(cherry picked from commit 35c54007e6183829d9d85a24b3bd95f469739ad3)

commit c7a5694f4f81676f89969464645c9ff021680eb2
Author: Garming Sam 
Date:   Wed Jul 24 15:13:43 2019 +1200

tests: Add samba_upgradedns to the list of possible cmds

This will be used to test the replication scenario with no DNS partitions

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14051

Signed-off-by: Garming Sam 
Reviewed-by: Andrew Bartlett 
(cherry picked from commit 7d2875bd70cf727730be8dc705bfd01eac6f)

commit 8a09ea3c70f95a577ed42123ebe8d3ab26f2c39d
Author: Garming Sam 
Date:   Wed Jul 24 15:18:40 2019 +1200

netcmd: Allow drs replicate --local to create partitions

Currently, neither the

[SCM] Samba Shared Repository - branch v4-11-test updated

2019-07-09 Thread Karolin Seeger 
The branch, v4-11-test has been updated
   via  1c64a2e37b6 WHATSNEW: preview release -> release candidate
  from  ac9740a0966 VERSION: Bump version up to 4.11.0rc2...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit 1c64a2e37b695fcae9f64dea6f82c6fcadc990c4
Author: Karolin Seeger 
Date:   Tue Jul 9 12:21:10 2019 +0200

WHATSNEW: preview release -> release candidate

Signed-off-by: Karolin Seeger 

---

Summary of changes:
 WHATSNEW.txt | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)


Changeset truncated at 500 lines:

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index c0d13d20d6b..b07e9eba778 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,7 +1,7 @@
 Release Announcements
 =
 
-This is the first preview release of Samba 4.11.  This is *not*
+This is the second release candidate of Samba 4.11.  This is *not*
 intended for production environments and is designed for testing
 purposes only.  Please report any defects via the Samba bug reporting
 system at https://bugzilla.samba.org/.


-- 
Samba Shared Repository

[SCM] Samba Shared Repository - branch v4-11-test updated

2019-07-09 Thread Stefan Metzmacher 
The branch, v4-11-test has been updated
   via  ac9740a0966 VERSION: Bump version up to 4.11.0rc2...
  from  2da294048fc VERSION: Disable GIT_SNAPSHOT for the 4.11.0rc1 
release...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-11-test


- Log -
commit ac9740a0966c42ce08e92737fa0b8e476cdd490b
Author: Stefan Metzmacher 
Date:   Tue Jul 9 12:03:38 2019 +0200

VERSION: Bump version up to 4.11.0rc2...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Stefan Metzmacher 

---

Summary of changes:
 VERSION | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index e9931834e6c..c70b521219c 100644
--- a/VERSION
+++ b/VERSION
@@ -87,7 +87,7 @@ SAMBA_VERSION_PRE_RELEASE=
 # e.g. SAMBA_VERSION_RC_RELEASE=1  #
 #  ->  "3.0.0rc1"  #
 
-SAMBA_VERSION_RC_RELEASE=1
+SAMBA_VERSION_RC_RELEASE=2
 
 
 # To mark SVN snapshots this should be set to 'yes'#
@@ -99,7 +99,7 @@ SAMBA_VERSION_RC_RELEASE=1
 # e.g. SAMBA_VERSION_IS_SVN_SNAPSHOT=yes   #
 #  ->  "3.0.0-SVN-build-199"   #
 
-SAMBA_VERSION_IS_GIT_SNAPSHOT=no
+SAMBA_VERSION_IS_GIT_SNAPSHOT=yes
 
 
 # This is for specifying a release nickname#


-- 
Samba Shared Repository