pidl: Use NDR_ZERO_STRUCT(P) macros

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13778

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 532ce0d20a8016c1270ea689de627da8aa4abfdd)

librpc:ndr: Add NDR_ZERO_STRUCT(P) macros

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13778

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 666802a3db3115ca09f3ffed58c8e4a8cabd65de)

librpc:ndr: Implement ndr_zero_memory()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13778

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 2a7086f1ac4ad91fb7cd958e9386abb996794ed1)

tldap: avoid more use after free errors

See the previous commit for an explanation. :)

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13776

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Feb  6 10:19:12 CET 2019 on sn-devel-144

(cherry picked from commit bf91ee0a9727cc392583fe84ad069204be758515)

tldap: avoid a use after free crash

I saw the following crash in tldap in the winbindd idmap child on a
member server after messing with the LDAP server on the DC:

0  0x00007f77ea9a307a in __GI___waitpid (pid=9815, stat_loc=stat_loc@entry=0x7ffe77569eb0, options=options@entry=0) at ../sysdeps/unix/sysv/linux/waitpid.c:29
1  0x00007f77ea91bfbb in do_system (line=<optimized out>) at ../sysdeps/posix/system.c:148
2  0x00007f77edd8c24b in smb_panic_s3 (why=0x7f77f08e6e88 "Bad talloc magic value - access after free") at ../source3/lib/util.c:828
3  0x00007f77f15afe85 in smb_panic (why=0x7f77f08e6e88 "Bad talloc magic value - access after free") at ../lib/util/fault.c:170
4  0x00007f77f08e2678 in talloc_abort (reason=0x7f77f08e6e88 "Bad talloc magic value - access after free") at ../lib/talloc/talloc.c:472
5  0x00007f77f08e268b in talloc_abort_access_after_free () at ../lib/talloc/talloc.c:477
6  0x00007f77f08e2710 in talloc_chunk_from_ptr (ptr=0x55da7605a020) at ../lib/talloc/talloc.c:494
7  0x00007f77f08e4a19 in _talloc_free (ptr=0x55da7605a020, location=0x7f77e181474d "../source3/lib/tldap.c:1918") at ../lib/talloc/talloc.c:1716
8  0x00007f77e180b65c in tldap_search_all_done (subreq=0x55da7605a020) at ../source3/lib/tldap.c:1918
9  0x00007f77f0af0fd0 in _tevent_req_notify_callback (req=0x55da7605a020, location=0x7f77e1813e50 "../source3/lib/tldap.c:47") at ../lib/tevent/tevent_req.c:125
10 0x00007f77f0af10a5 in tevent_req_finish (req=0x55da7605a020, state=TEVENT_REQ_USER_ERROR, location=0x7f77e1813e50 "../source3/lib/tldap.c:47") at ../lib/tevent/tevent_req.c:162
11 0x00007f77f0af1113 in _tevent_req_error (req=0x55da7605a020, error=9780923860630110289, location=0x7f77e1813e50 "../source3/lib/tldap.c:47") at ../lib/tevent/tevent_req.c:180
12 0x00007f77e180781a in tevent_req_ldap_error (req=0x55da7605a020, rc=...) at ../source3/lib/tldap.c:47
13 0x00007f77e180b2c4 in tldap_search_done (subreq=0x55da76058280) at ../source3/lib/tldap.c:1813
14 0x00007f77f0af0fd0 in _tevent_req_notify_callback (req=0x55da76058280, location=0x7f77e1813e50 "../source3/lib/tldap.c:47") at ../lib/tevent/tevent_req.c:125
15 0x00007f77f0af10a5 in tevent_req_finish (req=0x55da76058280, state=TEVENT_REQ_USER_ERROR, location=0x7f77e1813e50 "../source3/lib/tldap.c:47") at ../lib/tevent/tevent_req.c:162
16 0x00007f77f0af11cd in tevent_req_trigger (ev=0x55da760526c0, im=0x55da76058360, private_data=0x55da76058280) at ../lib/tevent/tevent_req.c:219
17 0x00007f77f0af0378 in tevent_common_loop_immediate (ev=0x55da760526c0) at ../lib/tevent/tevent_immediate.c:135
18 0x00007f77f0af8b8f in epoll_event_loop_once (ev=0x55da760526c0, location=0x7f77f0af92b0 "../lib/tevent/tevent_req.c:269") at ../lib/tevent/tevent_epoll.c:911
19 0x00007f77f0af5925 in std_event_loop_once (ev=0x55da760526c0, location=0x7f77f0af92b0 "../lib/tevent/tevent_req.c:269") at ../lib/tevent/tevent_standard.c:114
20 0x00007f77f0aef201 in _tevent_loop_once (ev=0x55da760526c0, location=0x7f77f0af92b0 "../lib/tevent/tevent_req.c:269") at ../lib/tevent/tevent.c:725
21 0x00007f77f0af1361 in tevent_req_poll (req=0x55da7605eed0, ev=0x55da760526c0) at ../lib/tevent/tevent_req.c:269
22 0x00007f77e180fec9 in tldap_gensec_bind (ctx=0x55da76051ec0, creds=0x55da76052250, target_service=0x7f77e18164b3 "ldap", target_hostname=0x55da7605d182 "dc1.sdom1.site", target_principal=0x0, lp_ctx=0x55da76052180, gensec_features=6) at ../source3/lib/tldap_gensec_bind.c:358
23 0x00007f77e1810d21 in idmap_ad_get_tldap_ctx (mem_ctx=0x55da76050510, domname=0x55da76051d50 "sdom1", pld=0x55da76050518) at ../source3/winbindd/idmap_ad.c:326
24 0x00007f77e1811056 in idmap_ad_context_create (mem_ctx=0x55da76059c00, dom=0x55da76059c00, domname=0x55da76051d50 "sdom1", pctx=0x7ffe7756a5f8) at ../source3/winbindd/idmap_ad.c:374
25 0x00007f77e18119c0 in idmap_ad_get_context (dom=0x55da76059c00, pctx=0x7ffe7756a640) at ../source3/winbindd/idmap_ad.c:554
26 0x00007f77e181275b in idmap_ad_sids_to_unixids (dom=0x55da76059c00, ids=0x55da760518a0) at ../source3/winbindd/idmap_ad.c:784
27 0x00007f77e1813217 in idmap_ad_sids_to_unixids_retry (dom=0x55da76059c00, ids=0x55da760518a0) at ../source3/winbindd/idmap_ad.c:947
28 0x000055da7459ce05 in _wbint_Sids2UnixIDs (p=0x7ffe7756a870, r=0x55da76050860) at ../source3/winbindd/winbindd_dual_srv.c:202
29 0x000055da7460aa5e in api_wbint_Sids2UnixIDs (p=0x7ffe7756a870) at default/librpc/gen_ndr/srv_winbind.c:391
30 0x000055da7459c7f4 in winbindd_dual_ndrcmd (domain=0x0, state=0x7ffe7756abb8) at ../source3/winbindd/winbindd_dual_ndr.c:369
31 0x000055da7459828c in child_process_request (child=0x55da74874bc0 <static_idmap_child>, state=0x7ffe7756abb8) at ../source3/winbindd/winbindd_dual.c:666
32 0x000055da7459ae58 in child_handler (ev=0x55da7602c2b0, fde=0x55da7603f8a0, flags=1, private_data=0x7ffe7756abb0) at ../source3/winbindd/winbindd_dual.c:1567
33 0x00007f77f0af85f1 in epoll_event_loop (epoll_ev=0x55da76048b00, tvalp=0x7ffe7756aab0) at ../lib/tevent/tevent_epoll.c:728
34 0x00007f77f0af8c29 in epoll_event_loop_once (ev=0x55da7602c2b0, location=0x55da74628b08 "../source3/winbindd/winbindd_dual.c:1766") at ../lib/tevent/tevent_epoll.c:930
35 0x00007f77f0af5925 in std_event_loop_once (ev=0x55da7602c2b0, location=0x55da74628b08 "../source3/winbindd/winbindd_dual.c:1766") at ../lib/tevent/tevent_standard.c:114
36 0x00007f77f0aef201 in _tevent_loop_once (ev=0x55da7602c2b0, location=0x55da74628b08 "../source3/winbindd/winbindd_dual.c:1766") at ../lib/tevent/tevent.c:725
37 0x000055da7459b9e9 in fork_domain_child (child=0x55da74874bc0 <static_idmap_child>) at ../source3/winbindd/winbindd_dual.c:1766
38 0x000055da74596e96 in wb_child_request_waited (subreq=0x0) at ../source3/winbindd/winbindd_dual.c:188
39 0x00007f77f0af0fd0 in _tevent_req_notify_callback (req=0x55da7604f820, location=0x7f77f0af90f8 "../lib/tevent/tevent_queue.c:355") at ../lib/tevent/tevent_req.c:125
40 0x00007f77f0af10a5 in tevent_req_finish (req=0x55da7604f820, state=TEVENT_REQ_DONE, location=0x7f77f0af90f8 "../lib/tevent/tevent_queue.c:355") at ../lib/tevent/tevent_req.c:162
41 0x00007f77f0af10cd in _tevent_req_done (req=0x55da7604f820, location=0x7f77f0af90f8 "../lib/tevent/tevent_queue.c:355") at ../lib/tevent/tevent_req.c:168
42 0x00007f77f0af0cc1 in tevent_queue_wait_trigger (req=0x55da7604f820, private_data=0x0) at ../lib/tevent/tevent_queue.c:355
43 0x00007f77f0af06f2 in tevent_queue_immediate_trigger (ev=0x55da7602c2b0, im=0x55da760466a0, private_data=0x55da76046580) at ../lib/tevent/tevent_queue.c:149
44 0x00007f77f0af0378 in tevent_common_loop_immediate (ev=0x55da7602c2b0) at ../lib/tevent/tevent_immediate.c:135
45 0x00007f77f0af8b8f in epoll_event_loop_once (ev=0x55da7602c2b0, location=0x55da74612630 "../source3/winbindd/winbindd.c:1803") at ../lib/tevent/tevent_epoll.c:911
46 0x00007f77f0af5925 in std_event_loop_once (ev=0x55da7602c2b0, location=0x55da74612630 "../source3/winbindd/winbindd.c:1803") at ../lib/tevent/tevent_standard.c:114
47 0x00007f77f0aef201 in _tevent_loop_once (ev=0x55da7602c2b0, location=0x55da74612630 "../source3/winbindd/winbindd.c:1803") at ../lib/tevent/tevent.c:725
48 0x000055da74561431 in main (argc=2, argv=0x7ffe7756c968) at ../source3/winbindd/winbindd.c:1803

subreq is a child of the state of req which will already be free by the
callback of req.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13776

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 9465292d4109f710f8fcd141a076f5c8278577bc)

s3:vfs: Correctly check if OFD locks should be enabled or not

Also the smb.conf options should only be checked once and a reload of
the config should not switch to a different locking mode.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13770

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Feb  9 03:43:50 CET 2019 on sn-devel-144

(cherry picked from commit 7ff94b18e2e39567ef7a208084cc5c914c39d3bd)

s3:vfs: Initialize pid to 0 in test_netatalk_lock()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13770

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 2ff2594b2bd878928cec30bc72a95a6d38bee154)

s4: torture: vfs_fruit. Change test_fruit_locking_conflict() to match the vfs_fruit working server code.

Originally added for BUG: https://bugzilla.samba.org/show_bug.cgi?id=13584
to demonstrate a lock order violation, this test
exposed problems in the mapping of SMB1/2 share modes
and open modes to NetATalk modes once we moved to OFD locks.

Change the test slightly (and add comments)
so it demonstrates working NetATalk share modes
on an open file.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13770

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Feb  8 23:26:46 CET 2019 on sn-devel-144

(cherry picked from commit 28990e4ba23695ecf264117efad90cc4e573302e)

s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility code.

This exhibited itself as a problem with OFD locks reported
as:

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13770

However, due to underlying bugs in the vfs_fruit
code the file locks were not being properly applied.

There are two problems in fruit_check_access().

Problem #1:

Inside fruit_check_access() we have:

flags = fcntl(fsp->fh->fd, F_GETFL);
..
if (flags & (O_RDONLY|O_RDWR)) {

We shouldn't be calling fcntl(fsp->fh->fd, ..) directly.
fsp->fh->fd may be a made up number from an underlying
VFS module that has no meaning to a system call.

Secondly, in all POSIX systems - O_RDONLY is defined as
*zero*. O_RDWR = 2.

Which means flags & (O_RDONLY|O_RDWR) becomes (flags & 2),
not what we actually thought.

Problem #2:

deny_mode is *not* a bitmask, it's a set of discrete values.

Inside fruit_check_access() we have:

if (deny_mode & DENY_READ) and also (deny_mode & DENY_WRITE)

However, deny modes are defined as:

/* deny modes */
define DENY_DOS 0
define DENY_ALL 1
define DENY_WRITE 2
define DENY_READ 3
define DENY_NONE 4
define DENY_FCB 7

so if deny_mode = DENY_WRITE, or if deny_mode = DENY_READ
then it's going to trigger both the if (deny_mode & DENY_READ)
*and* the (deny_mode & DENY_WRITE) conditions.

These problems allowed the original test test_netatalk_lock code to
pass (which was added for BUG: https://bugzilla.samba.org/show_bug.cgi?id=13584
to demonstrate the lock order violation).

This patch refactors the fruit_check_access()
code to be much simpler (IMHO) to understand.

Firstly, pass in the SMB1/2 share mode, not old
DOS deny modes.

Secondly, read all the possible NetAtalk locks
into local variables:

netatalk_already_open_for_reading
netatalk_already_open_with_deny_read
netatalk_already_open_for_writing
netatalk_already_open_with_deny_write

Then do the share mode/access mode checks
with the requested values against any stored
netatalk modes/access modes.

Finally add in NetATalk compatible locks
that represent our share modes/access modes
into the file, with an early return if we don't
have FILE_READ_DATA (in which case we can't
write locks anyway).

The patch is easier to understand by looking
at the completed patched fruit_check_access()
function, rather than trying to look at the
diff.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
(cherry picked from commit 3204dc66f6801a7c8c87c48f601e0ebdee9e3d40)

smbd: uid: Don't crash if 'force group' is added to an existing share connection.

smbd could crash if "force group" is added to a
share definition whilst an existing connection
to that share exists. In that case, don't change
the existing credentials for force group, only
do so for new connections.

Remove knownfail from regression test.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13690

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Jan 25 16:31:27 CET 2019 on sn-devel-144

(cherry picked from commit e37f9956c1f2416408bad048a4618f6366086b6a)

s3: tests: Add regression test for smbd crash on share force group change with existing connection.

Mark as known fail for now.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13690

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 7b21b4c1f538650f23ec77fb3c02fe1e224d89aa)

printing: check lp_load_printers() prior to pcap cache update

Avoid explicit and housekeeping timer triggered printcap cache updates
if lp_load_printers() is disabled.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13766

Signed-off-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Fri Feb  1 19:25:03 CET 2019 on sn-devel-144

(cherry picked from commit 6a77237c50dd258521f356af0b5dc9942dd5592e)

printing: drop pcap_cache_loaded() guard around load_printers()

Add the pcap_cache_loaded() check to load_printers() and return early
if it returns false. This simplifies callers in preparation for checking
lp_load_printers() in the printcap cache update code-path.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13766

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit 0ae7c3144a30910adb1e54cf46d54d42a1036839)

s3-smbd: use fruit:model string for mDNS registration

With this change we now allow to modify the icon to represent Samba in
Finder. Possible values are at least:

fruit:model = iMac
fruit:model = MacBook
fruit:model = MacPro
fruit:model = Xserve
fruit:model = RackMac

Prior to this change we only displayed the correct icon when a mac
client negotiated the apple create context over SMB.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13746

Based on proposed patch from Rouven WEILER <Rouven_Weiler@gmx.net>

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Jan 15 21:27:20 CET 2019 on sn-devel-144

(cherry picked from commit 538ce72f1b2fa78450e3b711e58bd0e238faf466)

ldb: Release ldb 1.5.3

* Avoid inefficient one-level searches (bug 13762)
* The test api.py should not rely on order of entries in dict (bug 13772)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13772

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(cherry picked from commit 5e716c0256a6bec92e7855ccfc077a328320f2ea)

Autobuild-User(v4-10-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-10-test): Wed Feb 13 16:24:32 CET 2019 on sn-devel-144

ldb: Add even more comments on what strict does to the list intersections

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
(cherry picked from commit e7f524fd2128aacb82e980652af8eb6fd275e1a8)

ldb: Rename variable

The old name confused me because it's not really related to the
one-level index at all. It's the result from evaluating the indexed
search specified in the ac->tree.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 57a565b2fd680fc1a34f4ab91c6f6314f68ef67f)

ldb: Elaborate on ldb_kv_search_indexed() comments

Disclaimer: this is based on my limited understanding of what the code
is doing.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 132600685b8c5d4964f20634cd7a64b14f41cfa7)

ldb: Remove comment that no longer makes sense

This comment was written before the GUID_index_attribute block of code
existed. So we now *do* load the index values and *do* check for a
strict intersect, so the comment is redundant.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 72928444823c5b18ac9ef98e7432c999d70aa571)

ldb: Avoid inefficient one-level searches

Commit 88ae60ed186c9 introduced a problem that made one-level
searches inefficient if there were a lot of child objects in the same
level, and the requested object didn't exist. Basically, it ignored the
case where ldb_kv_index_dn() returned LDB_ERR_NO_SUCH_OBJECT, i.e. the
indexed lookup was successful, but didn't find a match. At which point,
there was no more processing we needed to do.

The behaviour after 88ae60ed186c9 was to fall-through and run the
ldb_kv_index_filter() function over *all* the children. This still
returned the correct result, but could be costly if there were a lot of
children.

The case 88ae60ed186c9 was trying to fix was where we could not do
an indexed search (e.g. trying to match on a 'attribute=*' filter). In
which case we want to ignore the LDB_ERR_OPERATIONS_ERROR and just run
ldb_kv_index_filter() over all the children. This is still more
efficient than the fallback of doing a full database scan.

This patch adds in a short-circuit for the NO_SUCH_OBJECT case, so we
can skip the unnecessary ldb_kv_index_filter() work.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13762

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 9a893f9613bd6440abd8e487d22a39ab5b82a7b9)

VERSION: Bump version up to 4.10.0rc2...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

VERSION: Diable GIT_SNAPSHOT for the 4.10.0rc2 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

WHATSNEW: Add release notes for Samba 4.10.0rc2.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

s3-vfs: Use ENOATTR in errno comparison for getxattr

* ENODATA is not defined in FreeBSD
* ENOATTR is defined to be a synonym for ENODATA in Linux
* In its absence Samba already defines ENOATTR to either
  ENODATA or ENOENT

Thus it is safe and correct to compare with ENOATTR rather
than ENODATA.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13774

Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 23 21:59:10 CET 2019 on sn-devel-144

(cherry picked from commit c99402724a65f4e1f8ed4dcd236a43e0603bef0a)

Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Tue Feb  5 23:59:06 CET 2019 on sn-devel-144

s3-vfs: add glusterfs_fuse vfs module.

This module only implements the get_real_filename function by accessing
a distinct extended attribute that is available over a glusterfs fuse
mount.

By implementing this vfs function users of a glusterfs fuse mount
achieve a much better performance in create based workloads where samba
then can avoid trying multiple case folding options to detect the real
filename.

Patch is based on an initial patch provided by
Poornima G <pgurusid@redhat.com>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13774

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Tue Jan 22 18:37:56 CET 2019 on sn-devel-144

(cherry picked from commit adffe0dcf002aa4721dc7897261895e3486d5271)

selftest:Samba4: use 'smbcontrol samba shutdown'

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Baumbach <bbaumbach@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jan 30 01:51:48 CET 2019 on sn-devel-144

(cherry picked from commit d03991f569b54ae0a11911b622107fbae701715d)

s4:server: add support for 'smbcontrol samba shutdown'

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Baumbach <bbaumbach@samba.org>
(cherry picked from commit 832776c0fcf7cc658c128765514755c2d15b06a6)

s4:server: avoid using pid=0 for the parent 'samba' process

It confuses the 'samba-tool processes' output and log messages.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Baumbach <bbaumbach@samba.org>
(cherry picked from commit 5bd7a8e5685caa09067745b108ef7e53e3108e97)

s4:messaging: add support 'smbcontrol <pid> debug/debuglevel'

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Baumbach <bbaumbach@samba.org>
(cherry picked from commit 3a0c1da432c53de234b54bac90a3fb84534994eb)

manpages/samba.7.xml: smbcontrol can also work with 'samba'

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13752

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Baumbach <bbaumbach@samba.org>
(cherry picked from commit 12b9adec3ff48f4356f9ff865891dc3c652ff86b)

libcli: dns: Change internal DNS_REQUEST_TIMEOUT from 2 to 10 seconds.

Should make us more robust when dealing with slow DNS servers.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13750

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jan 22 23:37:16 CET 2019 on sn-devel-144

(cherry picked from commit 36c42e6d629a0d4b0e5c60bdd68e08a8e60c477a)

python: dns_hub: Fix indentation of 'raise' on error.

Remove second socket.sendto().

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13750
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit dd231a16a338cfe63d12cadf0fc3e2ebe7cac828)

join: Throw CommandError instead of Exception for simple errors

Throwing an exception here still dumps out the Python stack trace, which
can be a little disconcerting for users.

In this case, the stack trace isn't going to really help at all (the
problem is pretty obvious), and it obscures the useful message
explaining what went wrong.

Throw a CommandError instead, which samba-tool will catch and display
more nicely.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13747

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Rowland Penny <rpenny@samba.org>
Reviewed-by: Jeremy Allison <rpenny@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 16 22:11:04 CET 2019 on sn-devel-144

(cherry picked from commit 9e4b08f4c384b8cae5ad853a7be7cf03e2749be5)

join: Fix TypeError when handling exception

When we can't resolve a domain name, we were inadvertently throwing a
TypeError whilst trying to output a helpful message. E.g.

ERROR(<class 'TypeError'>): uncaught exception - 'NTSTATUSError' object
does not support indexing

Instead of indexing the object, we want to index the Exception.args so
that we just display the string portion of the exception error.

The same problem is also present for the domain trust commands.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13747

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Rowland Penny <rpenny@samba.org>
Reviewed-by: Jeremy Allison <rpenny@samba.org>
(cherry picked from commit 3bb7808984c163a7bba66fb983411d1281589722)

vfs_glusterfs: Adapt to changes in libgfapi signatures

VFS module for GlusterFS fails to compile due to recent changes done to
some API signatures. Therefore adding missing arguments to those APIs
adapting to new signatures.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13330

Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Feb  3 17:00:33 CET 2019 on sn-devel-144

(cherry picked from commit 0e3eda5bab5ae9316a42725aea048fb350020ec7)

WHATSNEW: fix typo.

Guenther

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13757

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Noel Power <npower@samba.org>

WHATSNEW: Add missing parenthesis

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13757

Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Noel Power <npower@samba.org>

ctdb: Print locks latency in machinereadable stats

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13742
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jan 16 05:34:17 CET 2019 on sn-devel-144

(cherry picked from commit 193a0d6f01372604b925d1972591062a0bb2400f)

Autobuild-User(v4-10-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-10-test): Mon Feb  4 13:09:49 CET 2019 on sn-devel-144

WHATSNEW: Update for Bug 13676 changes in Samba 4.10

Although it's unlikely that users will be using the 'smb' Python
bindings, it's probably worth noting in the release notes that these
bindings will be deprecated in future releases.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>

netcmd: Try to improve domain backup error message

I ran this command as non-root by mistake and didn't find the error
message particularly helpful. Tweak the error message so it reminds the
user that they should be root. Also display the path we're looking for
the sam.ldb file in, to give them more clues.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Mon Jan 21 16:34:06 CET 2019 on sn-devel-144

(cherry picked from commit 10e54a095f005c0988a7e5e8a35cea6200197854)

tests: Run ntacls_backup tests against testenv with SMBv1 disabled

Just to prove that the NTACL backup works over SMBv2.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 7fb93eaca74ffe17bbe7255210dd3090afe8d5dc)

selftest: Give the backup testenvs a 'test1' share

The ntacls_backup tests use the test1 share, and we want to run them
against the restoredc (which has SMBv1 disabled).

The xattr.tdb file is needed for the backend_obj.wrap_getxattr() call
(in ntacls.py) to work.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit a310de2db13c02a602e74139cb47ea9a25628e01)

tests: Run GPO commands against testenv with SMBv1 disabled

Just to prove that they work across SMBv2.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit da33c2c4e4849f0985b08fbdc58cbd59b8426ec6)

ntacls: Pass correct use_ntvfs through to setntacl()

We were already checking the smb.conf to see if it uses the NTVFS file
server or the default smbd server. However, we weren't passing this
through to the setntacl() call.

This fixes the problem we noticed with 'samba-tool gpo aclcheck' failing
after a restore.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit f3fe96fc2e2d942b4a2e241777b5ee12b2295b97)

tests: Run samba_tool.gpo tests against backup testenvs

Run the GPO tests against the backup/restore testenvs.

Because the backup/restore preserves the NTACLs of the sysvol files,
running the GPO tests against the backup testenvs is a good sanity-
check. If fact it highlights that there is currently a problem with
restoring the GPO files - this shows up in 'samba-tool gpo aclcheck',
but we never noticed it until now.

NTACL backup works slightly different for offline backups, and rename
backups end up with more sysvol files, so run the tests against both
these envs.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 2a7372da7b84921b247cefc23d7003b8056d74a4)

s4:pysmb: Add error log that the s4 bindings are deprecated

We plan to delete the s4 SMB Python bindings in the next Samba release
after v4.10, but first give external consumers a heads-up, just in case
they are currently using the s4 bindings.

Note the auth_log tests still use the s4 bindings, but all user-facing
tools should now be updated to use the s3 bindings.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 6a29e63f32c0024587020fc1f92b3d1ecaa0afbc)

netcmd: Change GPO commands to use s3 SMB Py bindings

This means we can now use GPO commands on a DC that has SMBv1 disabled.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 08f1627cb3fa1c9ff7a0f74e32874d305647dc42)

s3:pylibsmb: Add FILE_READ_ATTRIBUTES access to .loadfile() API

Add FILE_READ_ATTRIBUTES when opening the file handle, as we need to
read the file's size.

The .loadfile() API can end up calling cli_qfileinfo_basic() to get the
file size. This can end up doing a 'FILE_ALL_INFORMATION' SMBv2 request
underneath, which the MS-SMB2 spec (section 3.3.5.20.1 Handling
SMB2_0_INFO_FILE) says the file handle must have FILE_READ_ATTRIBUTES
access granted.

I noticed this problem when running .loadfile() against the NTVFS
server.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 0304b08de5ba1b4a6e08568a559c52f7d9e943d3)

netcmd: Change SMB flags from s4 Py bindings to s3

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 345746ea5f4cca2620421ac0c8a649a596f5c19d)

s3:pylibsmb: Add .set_acl API to SMB py bindings

This is pretty similar code to py_smb_getacl(), except it's calling
cli_set_security_descriptor() instead of cli_query_security_descriptor()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit b982811b60521624f1f600841ffa05e306eb936a)

python/gpclass: Convert gpclass to use s3 SMB Python bindings

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 3b2e86bba1f6b22b144b07db454b842f0c0779ae)

s3:libsmb: Honor disable_netbios option in smbsock_connect_send

If disable_netbios is set, return before the tevent timer is triggered
to prevent outgoing netbios connections.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13727

Signed-off-by: Justin Stephenson <jstephen@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit c324f84a2fa25e29d2f7879fbcd35ce0e76a78f8)

VERSION: Bump version up to 4.10.0rc2...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(replaces commit 75106e05b42e5d4629aacfa941213745d9d6e819)

VERSION: Bump version up to 4.10.0rc1...

and disable GIT_SNAPSHOT for the release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(replaces commit 9537e5d2a14a35bcba659d679d2d156de6c678cc)

WHATSNEW: Add release note for Samba 4.10.0rc1.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(replaces commit 3f4bd61b8408f8d97817023f07de20746ce54f90)

ldb: version 1.5.2

* Build fixes
* dirsync: Allow arbitrary length cookies
  (bug #13686)
* The build uses python3 by default:
* --extra-python would take python2 now
* To build with python2 only use:
  PYTHON=python2 ./configure
  PYTHON=python2 make
  PYTHON=python2 make install

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Karolin Seeger <kseeger@samba.org>

tevent: version 0.9.38

* Deprecate tevent wrapper api again
* Build fixes
* The build uses python3 by default:
* --extra-python would take python2 now
* To build with python2 only use:
  PYTHON=python2 ./configure
  PYTHON=python2 make
  PYTHON=python2 make install

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Karolin Seeger <kseeger@samba.org>

talloc: version 2.1.15

* Deprecate talloc_set_memlimit() and talloc_autofree_context()
* Fix undefined behavior in talloc_memdup
* The build uses python3 by default:
* --extra-python would take python2 now
* To build with python2 only use:
  PYTHON=python2 ./configure
  PYTHON=python2 make
  PYTHON=python2 make install

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Karolin Seeger <kseeger@samba.org>

Merge remote-tracking branch 'origin/v4-10-test' into HEAD

This is a noop just to get the history of origin/v4-10-test
inline with master before the real 4.10.0rc1.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Revert "WHATSNEW: Add release note for Samba 4.10.0rc1."

This reverts commit 3f4bd61b8408f8d97817023f07de20746ce54f90.

Revert "VERSION: Bump version up to 4.10.0rc1..."

This reverts commit 9537e5d2a14a35bcba659d679d2d156de6c678cc.

Revert "VERSION: Bump version up to 4.10.0rc2..."

This reverts commit 75106e05b42e5d4629aacfa941213745d9d6e819.

addns: Async ads_dns_lookup_ns

Use dns_lookup_send/recv to get NS records

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Jan 15 11:16:00 CET 2019 on sn-devel-144

VERSION: Bump version up to 4.10.0rc2...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

VERSION: Bump version up to 4.10.0rc1...

and disable GIT_SNAPSHOT for the release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

WHATSNEW: Add release note for Samba 4.10.0rc1.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

addns: Async ads_dns_lookup_srv

Use dns_lookup_send/recv to get SRV records. This avoids synchronous libresolv
calls and provides the infrastructure to get dsgetdcname async.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

samba_dnsupdate: With dns_hub, we don't need resolv_wrap

Best viewed with git show -b

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

selftest: Use dns_hub's resolv.conf

Pass it as RESOLV_CONF envvar everywhere

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

selftest: Add dns_hub deps

All the DCs want the dns forwarder

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

selftest: setup_dns_hub

Start the central dns forwarder on interface 64

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

selftest: add central dns forwarder

This is a small DNS server that has hard redirects to the different domain
controllers based on domain names. This is required because future commits will
avoid calling into libresolv's code which resolv_wrapper takes care of.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libcli/dns: Add dns_res_rec_get_sockaddr

Pull the address from a res_rec if it's there

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libcli/dns: clidns must depend on ndr_standard, not on NDR_DNS

Otherwise we can't link this into other libraries

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libcli/dns: Make "clidns" a library

This will be linked into the SAMBA_LIBRARY "addns" in the next step. Because
the other user, "dnsserver_common", is also a library, we can't link this as a
subsystem anymore.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

dns_lookup: Let make test override the resolv.conf location

Make this a separate commit: That is the feature that libc unfortunately does
not give us.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libcli/dns: Add dns_lookup

Wrapper function to parse resolv.conf and talk to multiple nameservers. This is
the code where we might want to add a "working nameserver" cache. glibc always
looks at the first configured nameserver. If that's dead, glibc runs into a
timeout and only then asks the second one that might succeed. When more than
one dns query is to be performed, these timeouts add up.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libcli/dns: Add resolv.conf parsing

Right now this only looks at the nameserver setting. It is initally made for
asynchronous AD DC lookup routines, where we don't need the "search", "domain"
and other settings. When we convert general "net", "smbclient" and others to
use this, we might either add "domain" handling to this code or look at
something like c-ares which already does it.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

dns_update: samba_dnsupdate's exit code is not an errno

This avoids confusing messages, samba_dnsupdate returns the number of
failed updates

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

addns: Centralize siteless lookup fallback

We had the same logic 3 times, coalesce into one

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs_fileid: fix get_connectpath_ino

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13741

Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jan 15 04:13:15 CET 2019 on sn-devel-144

s3:smbd: perform impersonation in smb2_query_directory_fetch_write_time_done()

This is not strictly required, as we ne never trigger additional VFS
requests via this codepath. But for safety reasons ensure we're running
in the correct impersonation state.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jan 14 22:30:24 CET 2019 on sn-devel-144

s3:smbd: perform impersonation in smb2_query_directory_dos_mode_done()

This is needed as the callback might be called in an arbitrary
impersonation state.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s3:smbd: perform impersonation in dos_mode_at_vfs_get_dosmode_done()

This is needed as the callback might be called in an arbitrary
impersonation state.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs_default: use change_to_user_by_fsp() instead of change_to_user()

Cosmetic change.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs: perform impersonation in smb_vfs_call_getxattrat_done()

This is needed as the callback might be called in an arbitrary
impersonation state.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs: use struct initializer in smb_vfs_call_getxattrat_send()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs: perform impersonation in smb_vfs_call_get_dos_attributes_done()

This is needed as the callback might be called in an arbitrary
impersonation state.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs: use struct initializer in smb_vfs_call_get_dos_attributes_send

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

netcmd: Change domain backup commands to use s3 SMB Py bindings

This means we can now backup a DC that has SMBv1 disabled.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Tim Beale <timbeale@samba.org>
Autobuild-Date(master): Mon Jan 14 06:49:09 CET 2019 on sn-devel-144

tests: Change ntaclsbackup tests over to use s3 Py bindings

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

s3:pylibsmb: Add .get_acl() API to SMB py bindings

There is no obvious async-equivalent of cli_query_security_descriptor(),
so it will throw an error if anyone tries to use it in multi-threaded
mode. Currently only samba-tool and tests use the (s4) .get_acl() API,
both of which will be fine using the synchronous API.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13676

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

lib/ldb: Use new PYARG_ES format for parseTuple

While 'es' format works great for unicode (in python2) and
str (in python3) The behaviour with str (in python2) is unexpected.
In python2 the str type is (re-encoded) with the specified encoding.
In python2 the 'et' type would be a better match, that ensures 'str'
type is treated like it was with 's' (no reencoding) and unicode is
encoded with the specified encoding. However in python3 'et' allows
byte (or bytearray) params to be accepted (with no reencoding), we
don't want this. This patch adds a new PYARG_STR_UNI format code which
is a hybrid, in python2 it evaluates to 'et' and in python3 'es' and
so gives the desired behaviour for each python version.

Additionally remove the associated known fail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13616
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Sun Jan 13 03:53:00 CET 2019 on sn-devel-144

selftest: Enable ldb.python for PY3

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

lib/ldb/tests/python: Add test to pass utf8 encoded bytes to ldb.Dn

This test should demonstrate an error with the 'es' format in python
where a 'str' byte-string is passed (containing utf8 encoded bytes)
with some characters that cannot be decoded as ascii. The same
code if run in python3 should generate an error (needs string not
bytes)

Also Add knownfail for ldb.Dn passed utf8 encoded byte string
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

s4/libnet: use 'et' as format for ParseTuple with python2

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

python: use 'et' as format for ParseTuple with python2

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

auth/credentials: use 'et' as format for ParseTuple with python2

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

python: Add new compat PYARG_STR_UNI format

In python2 PYARG_STR_UNI evaluates to et which allows str type
(e.g bytes) pass through unencoded and accepts unicode objects
encoded as utf8
In python3 PYARG_STR_UNI evaluates to es which allows str type
encoded as named/specified encoding

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

python: Fix memory leak with ParseTuple (using 'es' format)

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>