VERSION: Disable GIT_SNAPSHOTS for the 4.4.9 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

WHATSNEW: Add release notes for Samba 4.4.9.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

krb5_wrap: provide CKSUMTYPE_HMAC_SHA1_96_AES_*

MIT only defined this as CKSUMTYPE_HMAC_SHA1_96_AES128,
while Heimdal has CKSUMTYPE_HMAC_SHA1_96_AES_128.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit bb64c550ae19b08ad4e6d8d26f68c2474cb251e6)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12471
Patches for CVE-2016-2126 break build with MIT Kerberos

Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Tue Dec 20 15:58:07 CET 2016 on sn-devel-144

VERSION: Bump version up to 4.4.9...

and re-enable git snapshots.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

VERSION: Disable GIT_SNAPSHOTS for the 4.4.8 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Mon Dec 19 14:32:43 CET 2016 on sn-devel-144

s3: ntlm_auth: Don't corrupt the output stream with debug messages.

Calling programs expect to cleanly read from STDOUT.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12467

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 9fbd544b90c2b27985637a9bb3fa520f891f8696)

Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Thu Dec 15 12:21:27 CET 2016 on sn-devel-144

lib: security: se_access_check() incorrectly processes owner rights (S-1-3-4) DENY ace entries

Reported and proposed fix by Shilpa K <shilpa.krishnareddy@gmail.com>.

When processing DENY ACE entries for owner rights SIDs (S-1-3-4) the
code OR's in the deny access mask bits without taking into account if
they were being requested in the requested access mask.

E.g. The current logic has:

An ACL containining:

[0] SID: S-1-3-4
    TYPE: DENY
    MASK: WRITE_DATA
[1] SID: S-1-3-4
    TYPE: ALLOW
    MASK: ALLOW_ALL

prohibits an open request by the owner for READ_DATA - even though this
is explicitly allowed.

Furthermore a non-canonical ACL containing:

[0] SID: User SID 1-5-21-something
    TYPE: ALLOW
    MASK: READ_DATA

[1] SID: S-1-3-4
    TYPE: DENY
    MASK: READ_DATA

[2] SID: User SID 1-5-21-something
    TYPE: ALLOW
    MASK: WRITE_DATA

prohibits an open request by the owner for READ_DATA|WRITE_DATA - even
though READ_DATA is explicitly allowed in ACE no 0 and is thus already
filtered out of the "access-still-needed" mask when the deny ACE no 1 is
evaluated.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12466

Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 29b02cf22f3c0f2d556408e9e768d68c1efc3b96)

s3: smbd: Add missing permissions check on destination folder.

Based on code from Michael Zeis <mzeis.quantum@gmail.com>.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12460

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 91b591224ab7f8ea7b4594da9f61efef14353f7f)

s3: smbd: Make check_parent_access() available to rename code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12460

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit beb8a73e95e768565760f79c2a16586bafb4e58c)

s3: smbd: rename - missing early error exit if source and destination prefixes are different.

Noticed by Michael Zeis <mzeis.quantum@gmail.com>.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12460

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 2bfad1c9d3237ad8d174b7dc2d1e6e3c53fdb8dc)

manpages/vfs_fruit: add warning to fruit:resoure=stream

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12412

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Thu Dec  8 14:52:52 CET 2016 on sn-devel-144

manpages/vfs_fruit: fruit:resource option misspelling

Due to a misspelling in the option parser in all Samba versions up to
and including 4.5.1 this options must be given "fruit:ressource", ie
with two "s".

Samba 4.6 will accept both the correct the correct and the wrong
spelling, Samba 4.7 onwards will only accept the correct
spelling.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12412

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

printing: Fix building with CUPS version older than 1.7

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12183

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Karolin Seeger <kseeger@samba.org>

s3/smbd: fix the last resort check that sets the file type attribute

The rule is, a directory (with any other attributes) should always also
set FILE_ATTRIBUTE_DIRECTORY, a file should only set
FILE_ATTRIBUTE_NORMAL if no other attributes is set.

Iow, if a file contains any existing attributes (e.g. FILE_ATTRIBUTE_HIDDEN),
don't add in the FILE_ATTRIBUTE_NORMAL attribute.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12436

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat Nov 19 11:55:35 CET 2016 on sn-devel-144

(cherry picked from commit a0783e8dd966a0b2d24d2ca5baa6bed3fe5a7d5a)

Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Thu Dec  1 14:51:30 CET 2016 on sn-devel-144

nss_wins: Fix errno values for HOST_NOT_FOUND

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12269

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 08d1ac0e36339e97e4464f6a6724464b0a568347)

Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Wed Nov 30 15:50:43 CET 2016 on sn-devel-144

s4:torture: Fix cleanup of the secrets object in session_key test

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12433

The test is known to be failing if sealing is turned on in some
circumstances. In this case a secret is created and then the function
dcerpc_fetch_session_key() fails. The secret is not removed!

We use torturesecret-%08x with random() to fill in the number. Sometimes
it happens that random() returns a number we already used. So we end up
trying to create a secret for an entry which already exists and run
into a collision

This change makes sure we always cleanup behind us and do not leave
secret objects we created.

Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Nov 17 22:30:36 CET 2016 on sn-devel-144

(cherry picked from commit 9de04626c058563a6cf4c13e4f5399039e345ef5)

s4:torture: Normalizes names in session_key test

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12433

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 31d21de548d899f82fa7944767ad94e8aca8d96d)

s4:torture: Strip trailing whitespaces in session_key.c

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12433

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 80f7f568f8960c809756d5233c8f875db4ea07d6)

s4:torture: Add tortue test for AddPrinterDriverEx with COPY_FROM_DIRECTORY

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12415

Pair-Programmed-With: Guenther Deschner <gd@samba.org>

Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit b1ade58ffeb56a0238c820797905caa107b08265)

lib:torture: Make variables const

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12415

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 9c0f2576d8aa3dd95be1c5ddda2b10d891add0bc)

s3:spoolss: Add support for COPY_FROM_DIRECTORY in AddPrinterDriverEx

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12415

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 4d9f4bfc69a5899bdf91406dfb7efb70a530446c)

ctdb-recovery: Avoid NULL dereference in failure case

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12434

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Nov 21 12:26:04 CET 2016 on sn-devel-144

(cherry picked from commit 54e392b385728bba047404465207340a2e354ec6)

Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Tue Nov 22 13:32:29 CET 2016 on sn-devel-144

ctdb-locking: Reset real-time priority in lock helper

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12392

Earlier we were relying on SCHED_RESET_ON_FORK to reset the priority of lock
helper processes.  Since SCHED_RESET_ON_FORK support has been removed, the
scheduling priority of child processes created using vfork() need to be reset
explicitly in the helper processes.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Nov 18 10:18:27 CET 2016 on sn-devel-144

(cherry picked from commit 6c6d63c04497fdfdbe665508f2a503f2392dc526)

s4-torture: add spoolss_SetPrinter ndr test to validate secdesc_ptr

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11197

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 574dd65a8185c90828e49b295d89153bae1563bf)

Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Fri Nov 18 12:29:24 CET 2016 on sn-devel-144

spoolss: Use correct values for secdesc and devmode pointers

ULONG_PTR needs to be decoded as a uint3264 and not as a 'uint32 *'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11197

Guenther

Pair-Programmed-With: Andreas Schneider <asn@samba.org>

Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 73f664710a8c9b312a54d0cf41d2f4440c8b42eb)

build: Fix build with perl on debian sid.

build: Fix build with perl on debian sid.

It appears that "." is no longer in perl_inc

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12395
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Sat Oct 29 09:32:37 CEST 2016 on sn-devel-144

(cherry picked from commit da67acbcfe2167fce9c360a55416ab10e9537a2a)

Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Wed Nov 16 14:32:10 CET 2016 on sn-devel-144

ctdb-tests: Add tests for updated Debian style Samba start/stop

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12371

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Nov  7 08:01:28 CET 2016 on sn-devel-144

(cherry picked from commit 5c53d50784b2d7883f3e1d9ac48bb1fd56ba7f42)

ctdb-scripts: Fix Debian init in samba eventscript

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12371

Signed-off-by: Mathieu Parent <math.parent@gmail.com>
Signed-off-by: Stefan Kania <stefan@kania-online.de>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 385aef614034a3f32276e19312f089990e6dbb85)

s3: delete_streams: Don't jump to fail: - that resets state.

Signed-off-by: Jeremy Allison <jra@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12299

s3-printing: Allow printer names longer than 16 chars

Printers with long names are supported in the meantime. However we issue
a warning that if one printer exceeeds 15 chars we warn about it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12195

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 2611fd02a0a6a0a0a506df70fe1a1eb4a2e76062)

Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Mon Nov 14 15:56:11 CET 2016 on sn-devel-144

s3-printing: Correctly encode CUPS printer URIs

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12183

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit c160ae9afb222466c50ae170447a6a0805f7169f)

vfs:glusterfs: preallocate result for glfs_realpath

https://bugzilla.samba.org/show_bug.cgi?id=12404

This makes us independent of the allocation
method used inside glfs_realpath.

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Oct 22 00:28:41 CEST 2016 on sn-devel-144

(cherry picked from commit 92a0a56c3852726e0812d260e043957c879aefa4)

Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Tue Nov  8 15:35:20 CET 2016 on sn-devel-144

s3-winbind: Do not return NO_MEMORY if we have an empty user list

The domain child for the MACHINE ACCOUNT might fail with
NT_STATUS_NO_MEMORY because an emtpy user list is returned.

*pnum_info is already set to 0 at the beginngin so we should just
declare victory here!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12405

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit e714dc03e0ccf9ec17da6bacc1bcfcaea7518e22)

Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Fri Nov  4 15:18:16 CET 2016 on sn-devel-144

provision: Add support for BIND 9.11.x

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12366

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Oct 28 03:42:25 CEST 2016 on sn-devel-144

(cherry picked from commit 2959c8888d46902e140963ed4190d23a7609b8da)

Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Thu Nov  3 12:29:19 CET 2016 on sn-devel-144

dlz-bind: Add support for BIND 9.11.x

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12366

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit c8c330d5f4921aaca803b9ff571aacb0dde0c7bc)

dlz-bind: Set DNS_CLIENTINFO_VERSION based on BIND version

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12366

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit e63e51a2cfd89c5bb2c16b2521ffce864ca5b373)

dlz-bind: Fix initialization of DLZ_DLOPEN_AGE

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12366

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 370d6baaa60ca7aacab85852622cdca8bdb06d34)

dlz-bind: Fix preprocessor checks for BIND versions

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12366

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit fbafd2699b03902cbb7e5131ed7d345190798392)

ctdb-packaging: Move CTDB tests to /usr/local/share/ctdb/tests/

In time, other things will end up in /use/local/share/ctdb/.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12104

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit fd8e562069e3c01720be62069b7d58d14c10afd5)

Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Mon Oct 31 14:58:04 CET 2016 on sn-devel-144

s3:smbd: only pass UCF_PREP_CREATEFILE to filename_convert() if we may create a new file

This fixes a regression introduced by commit
f98d10af2a05f0261611f4cabdfe274cd9fe91c0
(smbd: Always use UCF_PREP_CREATEFILE for filename_convert calls to resolve a path for open)

The main problem was that Windows client seem to verify
the access to user.V2\ntuser.ini is rejected with NT_STATUS_ACCESS_DENIED,
using the machine credentials.

Passing UCF_PREP_CREATEFILE to filename_convert() triggers a code path
that implements a dropbox behaviour. A dropbox is a directory with only -wx permissions,
so get_real_filename fails with EACCESS, it needs to list the directory.
EACCESS is ignored with UCF_PREP_CREATEFILE.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10297

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 25 05:33:36 CEST 2016 on sn-devel-144

(cherry picked from commit 759416582c54a16aacbef0e0dfe4649bddff8c5e)

Revert "ctdb-common: Use SCHED_RESET_ON_FORK when setting SCHED_FIFO"

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12392

Feature SCHED_RESET_ON_FORK is completely broken on RHEL6 and RHEL7
distributions.  So do not rely on SCHED_RESET_ON_FORK for now.

This reverts commit 1be8564e553ce044426dbe7b3987edf514832940.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Tue Oct 25 11:28:28 CEST 2016 on sn-devel-144

(cherry picked from commit 71b69b0169dc6e2843325f1567f64b6acd43e6b8)

s3: vfs: streams_depot. Use conn->connectpath not conn->cwd.

conn->cwd can change over the life of the connection,
conn->connectpath remains static.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12387

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Mon Oct 24 23:52:48 CEST 2016 on sn-devel-144

(cherry picked from commit 1366385d1c3e9ac0556e954864e60e72f6906942)

ctdb-conn: add missing variable initialization

Avoid potential crash in TALLOC_FREE(hdr).

Signed-off-by: Ralph Wuerthner <ralph.wuerthner@de.ibm.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 4194c0797f78293fe48105ce5af70f36a3c233a8)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12372
ctdb: bad free in ctdbd_migrate()

VERSION: Bump version up to 4.4.8...

and re-enable git snapshots.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

VERSION: Disable GIT_SNAPSHOTS for the 4.4.8 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

WHATSNEW: Add release notes for Samba 4.4.8.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

CVE-2016-2126: auth/kerberos: only allow known checksum types in check_pac_checksum()

aes based checksums can only be checked with the
corresponding aes based keytype.

Otherwise we may trigger an undefined code path
deep in the kerberos libraries, which can leed to
segmentation faults.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12446

Signed-off-by: Stefan Metzmacher <metze@samba.org>

CVE-2016-2125: s4:gensec_gssapi: don't use GSS_C_DELEG_FLAG by default

This disabled the usage of GSS_C_DELEG_FLAG by default, as
GSS_C_DELEG_POLICY_FLAG is still used by default we let the
KDC decide if we should send delegated credentials to a remote server.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12445

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>

CVE-2016-2125: s3:gse: avoid using GSS_C_DELEG_FLAG

We should only use GSS_C_DELEG_POLICY_FLAG in order to let
the KDC decide if we should send delegated credentials to
a remote server.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12445

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>

CVE-2016-2125: s4:scripting: don't use GSS_C_DELEG_FLAG in nsupdate-gss

This is just an example script that's not directly used by samba,
but we should avoid sending delegated credentials to dns servers.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12445

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Simo Sorce <idra@samba.org>

CVE-2016-2123: Fix DNS vuln ZDI-CAN-3995

Thanks to Trend Micro's Zero Day Initiative and Frederic Besler for finding
this vulnerability with a PoC and a good analysis.

Signed-off-by: Volker Lendecke <vl@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12409

VERSION: Bump version up to 4.4.8...

and re-enable git snapshots.

Signed-off-by: Karolin Seeger <kseeger@samba.org>
(cherry picked from commit d6a814c770d5888e5340a5a677c5324c2fe734f8)

VERSION: Disable git snapshots for the 4.4.7 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

WHATSNEW: Add release notes for Samba 4.4.7.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

lib: Fix bug 12291

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12291

Back-ported from f92590d10aaf9a289b5f6aac8ffc79129b83a517 in master.

Signed-off-by: Jeremy Allison <jra@samba.org>
Autobuild-User(v4-4-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-4-test): Mon Oct 24 14:24:42 CEST 2016 on sn-devel-144

s3:libads: don't use MEMORY:ads_sasl_spnego_bind nor set "KRB5CCNAME"

Most callers just set "KRB5CCNAME", but leave ads->auth.ccache_name = NULL.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12369

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 13 00:35:21 CEST 2016 on sn-devel-144

(cherry picked from commit a5f895a53016af71db53967062728fec5bc307ca)

s3:libads: don't use MEMORY:ads_sasl_gssapi_do_bind nor set "KRB5CCNAME"

Most callers just set "KRB5CCNAME", but leave ads->auth.ccache_name = NULL.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12369

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 890b1bbdb8e965c4ff6e35214acc96ffbbff5dfd)

HEIMDAL:lib/krb5: destroy a memory ccache on reinit

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12369

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 2abc3710a8a63327a769ba0482c553ed274b2113)

s3-printing: fix migrate printer code (bug 8618)

Removed path from driver files.
We only need the basenames.
(cherry picked from commit d61993043fcb7676a58658476421f5f4ff1a3fea)
(cherry picked from commit 9f07ef2249dc21eab37cd5888623e6edc84b2b59)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=8618

Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct  5 19:19:39 CEST 2016 on sn-devel-144

(cherry picked from commit eb7555397fd4e9f66e041179aadff59f2a39d14f)

s3: cldap: cldap_multi_netlogon_send() fails with one bad IPv6 address.

Analysis by: Rebecca Gellman <rebecca@starfleet-net.co.uk>

Ignore cldap_socket_init() failure when sending
multiple cldap netlogon requests. Allow cldap_netlogon_send()
to catch the bad address and correctly return through a
tevent subreq.

Make sure cldap_search_send() copes with cldap parameter == NULL.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12381

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Oct 18 02:16:20 CEST 2016 on sn-devel-144

(cherry picked from commit 44a7040500d74551b48eba04f5d0bedb1ec35ba6)

s3-utils: Fix loading smb.conf in smbcquotas

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12364

Pair-Programmed-With: Uri Simchoni <uri@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit c7bcbd166d23b6ebcc2d968b76b0640b9a9beebb)

ctdb-scripts: Fix incorrect variable reference

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12362

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit eabeecb45322747d7daeb2a79ac213f17eb049da)

ctdb-scripts: Avoid dividing by zero in memory calculation

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12362

Don't do a percentage calculation for either memtotal or swaptotal if they
are zero.

Signed-off-by: Jose A. Rivera <jarrpa@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit bf3f22315a281fb44a5cd9b075b7915138145d6e)

s3/winbindd: using default domain with user@domain.com format fails

For example for samba client joined to a windows AD DC the following
commands fail if 'winbind use default domain = yes'
   getent passwd user@domain.com
   ssh -o user=user@domain.com localhost

The same commands succeed if the setting above has the default 'no' value

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12298

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Oct  3 23:37:44 CEST 2016 on sn-devel-144

(cherry picked from commit 7c786f89820dc1f8e2a7e8da1b80042dd69b7188)

Add a blackbox tests for id & getent to test domain@realm type credentials

Using domain@realm credentials has been problematic when
global conf setting "winbind use default domain" is enabled, this patch
creates a new s4member_dflt_domain environment (where
"winbind use default domain" is enabled) and runs getent & id against the
normal s4member & and new s4member_dflt_domain environments

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12298

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit ebfe3c85d0bbdf5d5f7459ddd61e3b44c3ec2bd3)

s3-lib: Fix %G substitution in AD member environment

If we are a domain member we should look up the user with the domain
name specified else it will only work if we have
'winbind use default domain' set.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12276

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 619ca5f63c47ff8b021692aaa756dcb0d883b8dd)

torture/ioctl: test compression responses when unsupported

Confirm that Samba matches Windows Server 2016 ReFS behaviour here.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12144

Reported-by: Nick Barrett
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct  6 06:14:34 CEST 2016 on sn-devel-144

(cherry picked from commit f6f6263f1f03db965b64b5d7858e44ab5ffb0aeb)

smbd/ioctl: match WS2016 ReFS get compression behaviour

ReFS doesn't support compression, but responds to get-compression FSCTLs
with a successful COMPRESSION_FORMAT_NONE response. set-compression
results in NT_STATUS_NOT_SUPPORTED.

This commit modifies Samba to match the ReFS behaviour, when run atop
a VFS that doesn't expose compression support.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12144

Reported-by: Nick Barrett
Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 7a1000222877cdbc8967122b9de29021a42f4c8a)

vfs_glusterfs: Fix a memory leak in connect path

Early return in case of failure to set snapdir-entry-path xlator option
leaks talloced tmp_ctx.

Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Oct  7 19:39:11 CEST 2016 on sn-devel-144

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12377

(cherry picked from commit 06281e8f1b912540a8cc2a79497b074dbe559d53)

spoolss: Fix caching of printername->sharename

time_mono() gives seconds since boot, gencache expects seconds since epoch.
With time_mono(), the values are always expired immediately.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12374

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Oct 13 13:48:52 CEST 2016 on sn-devel-144

s4:samba_spnupdate: do not attempt to parse log level, use parsed value

The log level parameter can contain debug class specific entries.
Do not attempt to parse this as int, but use the values that the
debugging system already parsed

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9945
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Wed Sep 14 23:15:18 CEST 2016 on sn-devel-144

(cherry picked from commit 064d24032398c8896da15246be81fdd4b1588e18)

python/join: do not attempt to parse log level, use parsed value

The log level parameter can contain debug class specific entries.
Do not attempt to parse this as int, but use the values that the
debugging system already parsed

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9945
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 92178f02bd09277f783eb68b476cfd1452c7f9ef)

python/drs_utils: do not attempt to parse log level, use parsed value

The log level parameter can contain debug class specific entries.
Do not attempt to parse this as int, but use the values that the
debugging system already parsed

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9945
Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit dd25aa129b6d799853312134628402f77b492eab)

tests/param add a test for LoadParm.log_level

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit fa56dbf6706872c5287eab082bb6ba7b5bd3ccd2)

s4:param add log_level function to retrieve log level in Python code

Signed-off-by: Christian Ambach <ambi@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 7ba50a200924119ac1a66759e4c1419ece03ba41)

glusterfs: Avoid tevent_internal.h

Günther confirmed it still compiles :-)

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sat Sep 24 23:41:56 CEST 2016 on sn-devel-144

(cherry picked from commit c60ea2c17814f9f7b55514e0d0a553accaa54b15)

s3: events. Move events.c to util_event.c

Remove all tevent internal code.

Everything is now stock tevent.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(similar to commit 4ed790ebbf474c4e4ef9b4f0f3aeca65118796df)

s3: server: s3_tevent_context_init() -> samba_tevent_context_init()

We can now remove source3/lib/events.c

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit fbfea52e1ce8f22d8d020a2bf3aebd1bc69faceb)

s3: winbind: Remove dump_event_list() calls.

If needed we can add this into actual tevent.

Preparing to remove source3/lib/events.c

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 72785309aa2d1bed7abc6dd7c6475ff0f78411da)

s3: nmbd: Final changeover to stock tevent for nmbd.

Removes unused references to fds array used for (removed)
poll call. Renames create_listen_pollfds() to
create_listen_array().

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 6e8bd13660d7795df429dbf852345124db38ea96)

s3: nmbd: Change over to using tevent functions from direct poll.

This will allow us to eventually remove source3/lib/events.c
dependency and make nmbd purely tevent based.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit b857bf9b3fa3a836647edc40ead92db7b782d367)

s3: nmbd: Add a talloc_stackframe().

We will use this to create real tevent timer and fd
events.

This will allow us to eventually remove source3/lib/events.c
dependency and make nmbd purely tevent based.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 36b67729a6fc8518da71944db3fac6d9236b9348)

s3: nmbd: Add (currently unused) timeout and fd handlers.

This will allow us to eventually remove source3/lib/events.c
dependency and make nmbd purely tevent based.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit cca25c8f75147873280464eaf2699ff449f609ad)

s3: nmbd: Now attrs array mirrors fd's array use it in preference.

This will allow us to eventually remove source3/lib/events.c
dependency and make nmbd purely tevent based.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 376e04656b6755d1a182430b39273a93495d00b2)

s3: nmbd: Ensure attrs array mirrors fd's array for dns.

This will allow us to eventually remove source3/lib/events.c
dependency and make nmbd purely tevent based.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 7f0717e751930cd5da029c1852ff9f61f95e40b7)

s3: nmbd: Add fd, triggered elements to struct socket_attributes.

Zero the attrs array on allocation, and mirror the fd's.

This will allow us to eventually remove source3/lib/events.c
dependency and make nmbd purely tevent based.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12283
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit d8ade0730797df22bfe28847e034eb6d116b0e00)

s3:nmbd: fix talloc_zero_array() check in nmbd_packets.c

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Sep 23 18:08:21 CEST 2016 on sn-devel-144

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12283

(cherry picked from commit 4470f01605a2f09b054550ee5a8f8d3b4ebc2098)

s3: winbind: Ensure we store name2sid with the correct cache sequence number.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11259

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 9f6fe5e2c54870abfff48c8a9d96e21bfec2425f)

s3: winbind: Trust name2sid mappings from the PAC.

Don't refresh sequence number in parent as the
mapping comes from a trusted DC.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11259

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit 1017b22f68e798a080e0738d3beecf008b2284ef)

s3: winbind: refresh_sequence_number is only ever called with 'false'.

Remove redundant parameter.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11259

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 32ae6721cf02412af3c5a82d5da4806f4d931bcd)

s3: auth: Use wbcAuthenticateUserEx to prime the caches.

Idea by Volker - use WBC_AUTH_USER_LEVEL_PAC to pass
the PAC to winbind from smbd on auth, this allows
winbind to prime the user info via netsamlogon_cache_store()
and the name2sid cache *before* smbd looks up the user.

Note that as this is merely a cache prime having
winbind not available is not an error.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11259

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 28 22:45:27 CEST 2016 on sn-devel-144

(cherry picked from commit ccfba2537d0ea081fbeeee0feecf8e2774850300)

s3: winbind: Make WBC_AUTH_USER_LEVEL_PAC prime the name2sid cache.

In addition to priming the netsamlogon cache.

This prevents a winbind AD-DC lookup for something
the PAC already told us.

Note we only do this in the case where the PAC successfully
passed signature verification.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11259

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
(cherry picked from commit cf0f28819e771d433af00b3532011de70112b1f8)

ctdb-scripts: ctdbd_wrapper should never remove the PID file

kill_ctdbd() kills the daemon and then removes the PID file.  This is
racy because a new daemon could write a new PID file in between the
kill and the removal.  Reversing these steps would be an improvement.

However, none of the places where kill_ctdbd() is called is a safe
place to remove the PID file.  There is always a chance that a new
daemon could start, write a new PID file and then kill_ctdbd() could
remove the new PID file.

ctdbd is able to overwrite a stale PID file by checking to see if it
is locked.

Therefore, entirely drop removal of the PID file from ctdbd_wrapper.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12287

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit 56d526c6ea3150a19dd0762b45d23a7c5f96d260)

Merge tag 'samba-4.4.6' into v4-4-test

samba: tag release samba-4.4.6

ctdb-daemon: Log when removing stale Unix domain socket

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12287

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Thu Sep 22 12:28:12 CEST 2016 on sn-devel-144

(cherry picked from commit 0ec01826d32019b06dd10bb9b6ea5232786d5699)

Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Fri Sep 23 15:24:11 CEST 2016 on sn-devel-144

ctdb-daemon: Drop attempt to connect to Unix domain socket

This was a weak attempt at exclusivity.  PID file creation now does
that properly.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12287

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 8eff9e96037627b1e4adf3ccc8da94ef8f0bad2a)

ctdb-daemon: Don't try to reopen TDB files

There aren't any open at this stage.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12287

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit d719a87fe021b0c704fc4b12ddfc0345fe3af146)

ctdb-daemon: Bind to Unix domain socket after PID file creation

No use touching the socket if PID file creation fails.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12287

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 1e501c77492d25b760c7b10849460ee6490f39dc)

ctdb-daemon: Use PID file abstraction

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12287

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 5148e02adb7b2ea34da9c826a682c1387773402b)

ctdb-common: Add routines to manage PID file

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12287

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit 97b6ac7f662d8de316ed520e038779e79bcdb7bc)