git.samba.org - sfrench/samba-autobuild/.git/log

s3-spoolss: fix winreg_printer_ver_to_qword

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12285

We were reporting the OS minor number as the driver version number in all
GetDriver/EnumDriver calls.

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit a9a1a16cc8b87a84cdfa049ebd26bf4eac1b3618)

nsswitch: Also set h_errnop for nss_wins functions

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12269

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
(cherry picked from commit 382345126c56e26d3dbc319f1c7c1dae3c4fafc9)

nsswitch: Add missing arguments to wins gethostbyname*

The errno pointer argument is missing.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12269

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Jim McDonough <jmcd@samba.org>
(cherry picked from commit 124ae4e861f048fe015bff32ace4abff4d3e6c62)

s3/smbd: set FILE_ATTRIBUTE_DIRECTORY as necessary

Some VFS modules like GPFS will always return success from
SMB_VFS_GET_DOS_ATTRIBUTES() but only set a subset of the attributes. It
neither sets FILE_ATTRIBUTE_NORMAL nor FILE_ATTRIBUTE_DIRECTORY.

We already handle the case that the VFS stack returns with result==0 and
then add the FILE_ATTRIBUTE_NORMAL, regardless of the type of the
filesystem object. If we want to handle result==0 situation in the
SMB_VFS_GET_DOS_ATTRIBUTES() caller, then do it right by either setting
FILE_ATTRIBUTE_NORMAL or FILE_ATTRIBUTE_DIRECTORY.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12261

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep 16 00:34:43 CEST 2016 on sn-devel-144

(cherry picked from commit 2a2ac63975b8ff41ede8e93ef2b33148c89f185f)

gencache: Bail out of stabilize if we can not get the allrecord lock

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12045

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Sep 20 04:09:33 CEST 2016 on sn-devel-144

(cherry picked from commit b208499960eefef02d305a3bd59b03a7c2aafcac)

Revert "script/release.sh: use 8 byte gpg key ids"

This reverts commit 28d82306b720487ab93474171d91d318afff7b78.

VERSION: VERSION: Bump version up to 4.4.7...

and re-enable git snapshots.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

VERSION: Disable git snapshots for the 4.4.6 release.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

WHATSNEW: Add release notes for Samba 4.4.6.

Signed-off-by: Karolin Seeger <kseeger@samba.org>

ctdb-recovery-helper: Add missing initialisation of ban_credits

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12275

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit 6b93b57921fad40cb3601888154c2f73a75fd590)

Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Wed Sep 21 14:45:44 CEST 2016 on sn-devel-144

lib: poll_funcs : poll_funcs_context_slot_find can select the wrong slot to replace.

Look for an exact match first, before a free slot.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12272

Back-port from 085542fc93b3c603e8cda6e481e94d5fe2dfc669

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

lib/poll_funcs: free contexts in poll_funcs_state_destructor()

This ensures the destructors get called in the proper order.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12272

Back-port from c132b78c484c14d255a98567e90b934b73ebf8c2

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs_acl_xattr|tdb: enforced settings when ignore system acls=yes

When "ignore system acls" is set to "yes, we need to ensure filesystem
permission always grant access so that when doing our own access checks
we don't run into situations where we grant access but the filesystem
doesn't.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12181

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Aug 31 18:41:20 CEST 2016 on sn-devel-144

(cherry picked from commit b72287514cc78c9019db7385af4c9b9d94f60894)

docs: document vfs_acl_xattr|tdb enforced settings

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12181

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit cbe8f0d63b90e4380da35e9f9f5a05d8ccc2058b)

vfs_acl_common: use DBG_LEVEL and remove function prefixes in DEBUG statements

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit 11dddd59aa01195152199443bc26e3141f162c8f)

s4/torture: tests for vfs_acl_xattr default ACL styles

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit 946b93d0e3f6f23fa2325d7aaba4dc6f4cc17cb6)

vfs_acl_common: Windows style default ACL

Reintroduce Windows style default ACL, but this time as an optional
feature, not changing default behaviour.

Original bugreport that got reverted because it changed the default
behaviour: https://bugzilla.samba.org/show_bug.cgi?id=12028

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 0730cb7e1ce33dbc5fc48a7363204c1220400c68)

vfs_acl_xattr|tdb: add option to control default ACL style

Existing behaviour is "posix" style. Next commit will (re)add the
"windows" style. This commit doesn't change behaviour in any way.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit 26a9867ae1a9c69659252ce03c280c7c18a6c58f)

vfs_acl_common: check for ignore_system_acls before fetching filesystem ACL

If ignore_system_acls is set and we're synthesizing a default ACL, we
were fetching the filesystem ACL just to free it again. This change
avoids this.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit f46179ef7310959af095b0ea6234df7523d15457)

vfs_acl_common: move stat stuff to a helper function

Will be reused in the next commit when moving the
make_default_filesystem_acl() stuff to a different place.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit 10959698e20de381beec7ab532c8bdc32fa6401c)

vfs_acl_tdb|xattr: use a config handle

Better for performance and a subsequent commit will add one more option
where this will pay off.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit 61c3d2124fb1a180fae4c8c0b5ab5b32bd56c8ad)

vfs_acl_common: move the ACL blob validation to a helper function

No change in behaviour.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit 0de5a128cee90694979d074c2590ddbca0071e82)

vfs_acl_common: simplify ACL logic, cleanup and talloc hierarchy

No change in behaviour (hopefully! :-). This paves the way for moving
the ACL blob validation to a helper function in the next commit.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit 335527c647331148927feea2a7ae2f2c88986bc6)

vfs_acl_common: remove redundant NULL assignment

The variables are already set to NULL by TALLOC_FREE.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit e6f1254a00a6bf85b8d95bfbafef7d3e39ce1dde)

vfs_acl_common: rename pdesc_next to psd_fs

In most realistic cases the "next" VFS op will return the permissions
from the filesystem. This rename makes it explicit where the SD is
originating from. No change in behaviour.

This just paves the way for a later change that will simplify the whole
logic and talloc hierarchy.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit 9f79084f166208820f586c8e43e1e315d32cd5ce)

vfs_acl_common: rename psd to psd_blob in get_nt_acl_internal()

This makes it explicit where the SD is originating from. No change in
behaviour.

This just paves the way for a later change that will simplify the whole
logic and talloc hierarchy, therefor this also strictly renames the
occurences after the out label.

Logically, behind the out label, we're dealing with a variable that
points to what we're going to return, so the name psd_blob is
misleading, but I'm desperately trying to avoid logic changes in this
commit and therefor I'm just strictly renaming.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit 2367eea928593f12f8914f7e7ba613b1b15516de)

Revert "vfs_acl_xattr: objects without NT ACL xattr"

This reverts commit 961c4b591bb102751079d9cc92d7aa1c37f1958c.

Subsequent commits will add the same functionality as an optional
feature.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12177

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 590b80490c00587b5a4035856891e10defb654f6)

vfs_shadow_copy: handle non-existant files and wildcards

During path checking, the vfs connectpath_fn is called to
determine the share's root, relative to the file being
queried (for example, in snapshot file this may be other
than the share's "usual" root directory). connectpath_fn
must be able to answer this question even if the path does
not exist and its parent does exist. The convention in this
case is that this refers to a yet-uncreated file under the parent
and all queries are relative to the parent.

This also serves as a workaround for the case where connectpath_fn
has to handle wildcards, as with the case of SMB1 trans2 findfirst.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12172

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 25 05:35:29 CEST 2016 on sn-devel-144
(cherry picked from commit f41f439335efb352d03a842c370212a0af77262a)

selftest: test listing directories inside snapshots

Verify that directories are also listable.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12172

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 22c3982100a1d6bf67979a0659604942ef6f11f0)

selftest: check file readability in shadow_copy2 test

Add tests which verify that a snapshot file is readable
if and only if it its metadata can be retrieved. Also
verify (in most tests) that file is retrieved from the
correct snapshot.

Together with the existing test for number of previous
versions we can stat, this test checks that we can read
those files, and also that we cannot break out of a snapshot
if wide links are not allowed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12172

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 495b8177363bf1930f3afb373ad73caac022f353)

selftest: add content to files created during shadow_copy2 test

This will allow reading them and verifying we got the right version

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12172

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 523046080dd65607eacb901d58ee3b6e54de865e)

ctdb-ipalloc: Fix cumulative takeover timeout

Commit c40fc62642ff5ac49b75e9af49c299e33dbc9073 runs the IP allocation
algorithm after calculating the timeout offset. If the algorithm
takes a long time then there may be no attempt to release or take over
IPs.

Instead, reset the timeout just before the RELEASE_IP stage if an
early jump to IPREALLOCATED was not taken.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12161

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Thu Aug 18 12:36:37 CEST 2016 on sn-devel-144

(cherry picked from commit 626dcc9e493e2ac4fd502f75c7cb4d29f686f017)

ctdb-ipalloc: Use a cumulative timeout for takeover run stages

RELEASE_IP sometimes times out because killing TCP connections can
take a long time.

The aim of the takeover timeout is actually to limit the total amount
of time for an IP takeover run. So, calculate a combined timeout
offset once and use it for each of the RELEASE_IP, TAKEOVER_IP,
IPREALLOCATED stages. This gives RELEASE_IP more time to kill TCP
connections but still limits the total time.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12161

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit c40fc62642ff5ac49b75e9af49c299e33dbc9073)

smbd: Reset O_NONBLOCK on open files

See the comment inline :-)

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12268
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Simo <simo@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Sep 15 20:21:41 CEST 2016 on sn-devel-144

(cherry picked from commit e69b17d603e5f09ac1e7ee05fc1f5ad67288c484)

Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Mon Sep 19 13:44:01 CEST 2016 on sn-devel-144

ctdb-recovery: Terminate if recovery fails without any banning credits

In case of database recovery failure, if there are no banning credits
assigned, then the async computation is never terminated. The else
condition is missing in (max_credits >= NUM_RETRIES) check.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Fri Jun 24 09:56:23 CEST 2016 on sn-devel-144

(cherry picked from commit 600cec4d44a01391230a81efeece5155a97c8298)

ctdb-protocol: Fix marshalling for GET_DB_SEQNUM control request

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12259

Even though database id is 32-bit, it's sent on wire as 64-bits.
The database id is the first 32-bits on the wire. This needs fixing
eventually, but for now keep the same wire format.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit bdff6255af113827340adc3da609e127503d9ba5)

Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Fri Sep 16 12:39:00 CEST 2016 on sn-devel-144

s3/smbd: in call_trans2qfilepathinfo call lstat when dealing with posix pathnames

This might be an info level SMB_INFO_QUERY_ALL_EAS which is not covered
by INFO_LEVEL_IS_UNIX(). If smb_fname is a symlink we would then stat it
in POSIX context.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12256

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit b13b3c11054f918f18841186a6efc5dedd2ffd66)

ctdb-packaging: Fix systemd network dependency

https://www.freedesktop.org/wiki/Software/systemd/NetworkTarget/ says:

  network.target has very little meaning during start-up. [...]
  Whether any network interfaces are already configured when it is
  reached is undefined. [...]

  network-online.target is a target that actively waits until the
  ne[t]work is "up",

CTDB expects to be able to bind a socket to a node address and expects
interfaces for public IP addresses to exist.  CTDB also doesn't expect
time to jump, so also wait until time is synchronised.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12255

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Steve French <sfrench@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Tested-by: Steve French <sfrench@samba.org>
(cherry picked from commit 35dcaadc8ebc9ec80e04f1d2eee694ebc6914a31)

ctdb-daemon: Don't steal control structure before synchronous reply

If *async_reply isn't set then the calling code will reply to the
control and free the control structure.  In some places the control
structure pointer is stolen onto state before a synchronous exit due
to an error condition.  The error handling then frees state and
returns an error.  The calling code will access-after-free when trying
to reply to the control.

To make this easier to understand, the convention is that any
(immediate) error results in a synchronous reply to the control via an
error return code AND *async_reply not being set.  In this case the
control structure pointer should never be stolen onto state.  State is
never used for a synchronous reply, it is only ever used by a
callback.

Also initialise state->c to NULL so that any premature call to a
callback (e.g. in an immediate error path) is more obvious.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12180

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 9d975b860d52030a702723c70791c6a2829107c0)

Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Tue Sep 13 16:04:10 CEST 2016 on sn-devel-144

ctdb-daemon: Handle failure immediately, do housekeeping later

The callback should never be called before an immediate return.  The
callback might reply to a control and the caller of
ctdb_event_script_callback_v() may not have assigned/stolen the
pointer to control structure into the private data.  Therefore,
calling the callback can dereference an uninitialised pointer to the
control structure when attempting to reply.

An event script isn't being run until the child has been forked.  So
update relevant state and set the destructor after this.

If the child can't be forked then free the state and return with an
error.  The callback will not be called and the caller will process
the error correctly.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12180

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 582518c7e89b279e34147bdb0b04b73056fac048)

ctdb-daemon: Schedule running of callback if there are no event scripts

The callback should never be called before an immediate return.  The
callback might reply to a control and the caller of
ctdb_event_script_callback_v() may not have assigned/stolen the
pointer to control structure into the private data.  Therefore,
calling the callback can dereference an uninitialised pointer to the
control structure when attempting to reply.

ctdb_event_script_callback_v() must succeed when there are no event
scripts.  On success the caller will mark the call as asynchronous and
expect the callback to be called.  Given that it can't be called
before return then it needs to be scheduled.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12180

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 9076c44f35bf309b9e183bae98829f7154b93f33)

s3-util: Fix asking for username and password in smbget.

If the user specified the username in the URI with with:

smb://DOMAIN;user:secret@server/share

the tool should not prompt for the username nor the password.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12175

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit f5401ff3146aabc5fb2dac25e4856c6c3756c8f7)

ctdb-daemon: When releasing an IP, update PNN in callback

When an error occurs so an IP address is not released then the PNN in
the VNN is currently incorrectly updated.

Instead, update the PNN in the callback when the release is
successful. Also, explicitly update the PNN on redundant releases.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12158

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Sun Aug 21 22:45:33 CEST 2016 on sn-devel-144

(cherry picked from commit 6dc75c7d24325d2070eb7feab5399dbfda50da96)

ctdb-daemon: Rename takeover_callback_state -> release_ip_callback_state

Many years ago takeover_callback_state was used for both IP takeover
and release. Now it is only used when releasing an IP so rename it to
improve clarity.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12158

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 976a50af6f045765c7bf1961e26efc3cba17f3ba)

ctdb-daemon: Use release_ip_post() when releasing all IP addresses

This has the advantage of using common code. Also, if there was
previously a failed attempt to release the IP address as part of a
delete, then this will finish processing the delete.

Extra care needs to be taken when a VNN is actually deleted.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12158

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit d2a91394f55a2e0152bf470dac2608618db13b1f)

ctdb-daemon: Factor out new function release_ip_post()

This contains the cleanup that needs to be done after an IP address is
released from an interface.

state->vnn is set to the return value from release_ip_post(), which is
either the original VNN, or NULL if it was deleted. This allows
correct handling of the in-flight flag in the destructor for state.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12158

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 46c5136e4e4bd291cbb96395374c9b133f5d8ad8)

ctdb-daemon: Do not copy address for RELEASE_IP message

If there's an allocation failure then the implicit early return in
CTDB_NO_MEMORY_VOID() means that no reply is sent to the control.
ctdb_daemon_send_message() makes a copy of the data, so don't copy it
here and remove an unnecessary chance of failure.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12158

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit e653c8bb4a7bd712351a4ead3997c61b22c46f8d)

ctdb-daemon: Do not update the VNN state on RELEASE_IP failure

If RELEASE_IP fails then updating the VNN makes it inconsistent with
reality. Instead, log the failure and move on to the next IP
address.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12158

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit ca22373231918dab4e94cf1bab03253aadd61993)

ctdb-daemon: Try to release IP address even if interface is unknown

The "releaseip" event in 10.interface will determine the interface and
do the right thing.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12158

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 509491a868ed01bfc5a970bd36eea4b01130853a)

ctdb-takeover: Inform clients when dropping all IP addresses

CTDB releases all IPs in following cases: starting up, shutting down,
node gets banned, node does not come out of recovery for a long time.
Always inform samba when CTDB releases IP addresses.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12158

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit 00b9e76904bb1108e0f06d0dba4df89394d58252)

ctdb-takeover: Do not kill smbd processes on releasing IP

CTDB already notifies Samba with RELEASE_IP message. Samba can take
appropriate action based on that.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12158

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit b8272d835d6e5186568237cd8b7a2105884c0515)

idmap: centrally check that unix IDs returned by the idmap backends are in range

Note: in the long run, it might be good to move this kind of
exit check (before handing the result back to the client)
to the parent winbindd code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12155

Signed-off-by: Michael Adam <obnox@samba.org>
(Backported from master commit b2bf61307cffd8ff7b6fb9852c107ab763653119.)

idmap: don't generally forbid id==0 from idmap_unix_id_is_in_range()

If the range allows it, then id==0 should not be forbidden.
This seems to have been taken in from idmap_ldap when the
function was originally created.

See 634cd2e0451d4388c3e3f78239495cf595368b15 .
The other backends don't seem to have had that
extra check for id == 0.

The reasoning for this change is that the range check should
apply to all cases. If the range includes the 0, then it
should be possible to get it as result. In particular,
this way, the function becomes applicable also to the
passdb backend case, e.g. in a samba4-ad-dc setup where
the Admin gets uid == 0.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12155

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit c21976d4b1c604699299f2c0f768c1add93b349d)

smbd: allow reading files based on FILE_EXECUTE access right

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Aug 18 18:58:22 CEST 2016 on sn-devel-144

(backported from commit a6073e6130d39dac58f1e6ea9f41ec4ab34c3e29)

smbd: look only at handle readability for COPYCHUNK dest

This commits sets the stage for a change of behavior
in a later commit.

When checking FILE_READ_DATA on the COPYCHUNK dest handle,
only check the handle readability and not the extra right
that may have been added due to the FILE_EXECUTE right.

The check for FILE_READ_DATA always seemed strange for the
dest handle, which is not read. It turns out that in Windows,
this check is not done at the SMB layer, but at a lower layer
that processes the IOCTL request - the IOCTL code has bits
that specify what type of access check needs to be done.

Therefore, this lower layer is unaware of the SMB layer's
practice of granting READ access based on the FILE_EXECUTE
right, and it only checks the handle's readability.

This subtle difference has observable behavior - the
COPYCHUNK source handle can have FILE_EXECUTE right instead
of FILE_READ_DATA, but the dest handle cannot.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Tue Aug 16 15:21:03 CEST 2016 on sn-devel-144

(cherry picked from commit 3e42b69d5e1216b6af570a09d58040d281bbbf17)

s4-smbtorture: pin copychunk exec right behavior

Add tests that show copychunk behavior when the
source and dest handles have execute right instead
of read-data right.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit 5bf11f6f5b4dab4cba4b00674bcb76138fb55974)

seltest: allow opening files with arbitrary rights in smb2.ioctl tests

Separate file creation (which requires write access) from the
opening of the file for the test (which might be without write
access).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit 6ce0304eda4b464972defcecd591fab03428bd03)

seltest: implicit FILE_READ_DATA non-reporting

This test (passes against Windows Server 2012R2) shows
that the implicit FILE_READ_DATA that is added whenever
FILE_EXECUTE is granted, is not reported back when querying
the handle.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit 7dc9f582066d500bf57000891560610e8d2e208c)

s4-selftest: add test for read access check

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(backported from commit 55a9d35cabaea6e98211fc058b788cedf9b7b22a)

s4-selftest: add functions which create with desired access

Add functions which create a file or a directory with
specific desired access.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit 1b06acafa4e9ea91a50e5ed85da881187057da6e)

s4-smbtorture: use standard macros in smb2.read test

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12149

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
(cherry picked from commit 20b9a5bd74fafbca4b7cc7952c27033edcf0eeb8)

selftest: add tests for dfree with inherit owner enabled

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12145

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit b6931d5edc381d64ba0fbcd85538cd65e90a2560)

selftest: add definition of smbcacls to selftesthelpers.py

This facilitates cherry-picking of the next patch.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12145

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

selftest: refactor test_dfree_quota.sh - add share parameter

Add a share parameter to individual disk-free tests. This will
allow running tests on shares other than dfq share.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12145

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit f20d57eceacccb365892dec816cbe57e2ddda8b9)

smbd: use owner uid for free disk calculation if owner is inherited

If "inherit owner" is enabled, then new files created under a
directory shall consume the quota of the directory's owner, so
the free disk calculation should take that quota into account,
not the quota of the user creating the file.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12145

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(backported from commit ea73bcd87b6113f77ccda683d15b5a39003b8eaa)

smbd: get a valid file stat to disk_quotas

Most calls to disk_quotas originate at a state with an
open file descriptor. Pass the file's stat info down to
disk_quota, so that we can avoid extra stat's and the related
error handling.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12145

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit bd2ec88dca692c239397891bd35c9fa6b8e7b51a)

quotas: small cleanup

Remove an internal function from proto.h

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12145

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 3e6ea02d4258a782482eee9f9124c6a39b74a965)

s3: oplock: Fix race condition when closing an oplocked file.

We must send the 'oplock released' message whilst the lock
is held in the close path. Otherwise the messaged smbd can
race with the share mode delete.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12139

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit df83b17c60a08a27a7ddd1d88dc125e15b3ee06d)

smbd: oplock: Factor out internals of remove_oplock() into new remove_oplock_under_lock().

Allows this to be called elsewhere.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12139

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit cb394abe5206dd8ad8a68f157427991b259129a7)

smbd: oplock: Fixup debug messages inside remove_oplock().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12139

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit de7180151fc99893c4763882fecd9d2a623cd061)

gensec/spnego: work around missing server mechListMIC in SMB servers

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11994

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
Autobuild-User(master): Christian Ambach <ambi@samba.org>
Autobuild-Date(master): Fri Sep 2 18:10:44 CEST 2016 on sn-devel-144

(cherry picked from commit 9b45ba5cd53bd513eb777590815a0b8408af64e2)

dbcheck: Abandon dbcheck if we get an error during a transaction

Otherwise, anything that the transaction has already done to the DB will be left in the DB
even despite the failure. For example, if a fix wrote to the DB, but then failed a post-write
check, then the fix will not be unrolled.

This is because we do not have nested transactions in TDB.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12178

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Aug 29 12:46:21 CEST 2016 on sn-devel-144

(cherry picked from commit db32a0e5ea8f652857e45480cc31ecb1ef884c1a)

dsdb: Allow missing a mandatory attribute from a dbcheck fix

dbcheck of the rid pool (CN=RID Set) for another server will otherwise fail because
rIDNextRid is not replicated, and so it not present

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12178

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 9d0c869e36ba2f43fd2ed4cd090b48102d499bc8)

script/release.sh: use 8 byte gpg key ids

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep 2 22:05:33 CEST 2016 on sn-devel-144

(cherry picked from commit e0ef054fa94b0dd56ec7bf92ffea0a6d7609da56)

Autobuild-User(v4-4-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-4-test): Mon Sep 5 14:59:12 CEST 2016 on sn-devel-144

libgpo: Correctly use the 'server' parameter after parsing it out of the GPO path.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12135

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 2a8ccc0841184c2df9fc19f8452009b92071c115)

Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Tue Aug 16 16:26:28 CEST 2016 on sn-devel-144

s3: libsmb: Protect cli_connect_nb_send() from being passed a NULL hostname and dest_ss.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12135

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
(cherry picked from commit 27ebf64b347a770e0d1ad4f1db645cb1b8dd5861)

ldb-samba: Add "secret" as a value to hide in LDIF files

This is not secret or encrypted in LDAP, but is sensitive in secrets.ldb

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Wed May 11 07:17:38 CEST 2016 on sn-devel-144

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12154

(cherry picked from commit 15f191a2329d08b92111f71e22f8a28c8a39c193)

Autobuild-User(v4-4-test): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(v4-4-test): Tue Aug 16 09:53:00 CEST 2016 on sn-devel-144

samba-tool/ldapcmp: ignore differences of whenChanged

This is implicitly replicated, but may diverge on updates of non-replicated
attributes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12129

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Aug 8 17:34:24 CEST 2016 on sn-devel-144

(cherry picked from commit a0e60e96aa38407ded8d63650dcf8f39304c958a)

script/autobuild.py: include the branch name in the output

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Thu Aug 11 08:38:47 CEST 2016 on sn-devel-144

(cherry picked from commit 98d289d2e5162a23d15562b009d0edf20a55a56b)

autobuild: fix typo in autobuild success subject line

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Thu May 5 04:15:16 CEST 2016 on sn-devel-144

(cherry picked from commit 2fe2e662dba080536a0f6c5485514097dd74a65a)

autobuild: Return the last 50 log lines

This means that you don't have to deal with tars for quickly determining
the cause of a failure.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 3751ffbbe75524984a822d65f623a040ca79c8f7)

dbwrap_ctdb: treat empty records in ltdb as non-existing

When fetching records from remote ctdb nodes via ctdbd_parse() or in
db_ctdb_traverse(), we already check for tombstone records and skip
them. This was originally also done for the ltdb checks.

See also bug: https://bugzilla.samba.org/show_bug.cgi?id=10008
(commit 1cae59ce112ccb51b45357a52b902f80fce1eef1).

Commit 925625b52886d40b50fc631bad8bdc81970f7598 reverted part of the
patch of bug 10008 due to a deadlock it introduced.

This patch re-introduces the consistent treatment of empty records in
the ltdb but avoids the deadlock by correctly signalling
NT_STATUS_NOT_FOUND if an empty record is found authoritatively in
the ltdb and not calling ctdb in this case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12005

Pair-Programmed-With: Michael Adam <obnox@samba.org>

Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Aug 9 04:38:44 CEST 2016 on sn-devel-144

(backported from commit 25df582739918b7afd4e5497eaffe279e2d92cd1)

Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Wed Aug 10 12:42:51 CEST 2016 on sn-devel-144

s4/torture: add a test for ctdb-tombstrone-record deadlock

This tests for a possible deadlock between smbd and ctdb dealing with
ctdb tombstone records.

Commit 925625b52886d40b50fc631bad8bdc81970f7598 explains the deadlock in
more details and contains the fix. It's a fix for a regression
introduced by the patch for bug 10008 (1cae59ce112c).

If you ever want to use this test against that specific commit:

$ git checkout 925625b52886d40b50fc631bad8bdc81970f7598
$ git cherry-pick THIS_COMMIT

This should not deadlock on a ctdb cluster.

$ git revert 925625b52886d40b50fc631bad8bdc81970f7598

This will deadlock.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12005

Pair-Programmed-With: Michael Adam <obnox@samba.org>

Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
(cherry picked from commit b17e2f5c740fb081c007ed2e1c23138ffcba1469)

smbd: ignore ctdb tombstone records in fetch_share_mode_unlocked_parser()

dbwrap_parse_record() can return ctdb tombstone records from the lctdb,
ignore them.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12005

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
(cherry picked from commit 7147859c7afc1344e76485e2cbc286679110d96e)

ctdb-daemon: Fix CID 1125627 Resource leak (RESOURCE_LEAK)

Also fixes CID 1125628.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12110

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 940272d215049f5f5079aa926e69eae1985a4bfa)

ctdb-common: Fix CID 1125585 Dereference after null check (FORWARD_NULL)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12110

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit b4f23a7e95cd9c8fc4a6324d4ec5a2881eaec207)

ctdb-common: Fix CID 1125583 Dereference after null check (FORWARD_NULL)

This also fixes CID 1125584.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12110

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit bbf0b907cb04184515d0f5f09f14824df1c2e59f)

ctdb-common: Fix CID 1125581 Dereference after null check (FORWARD_NULL)

This also fixes CID 1125582.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12110

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 7ae3699831427725f12e0a26a0681e59f2fbb2d9)

ctdb-daemon: Fix CID 1363067 Resource leak (RESOURCE_LEAK)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12110

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit c6a7f680ce74d4a630fa9305d0a926cc1a4b3d2c)

ctdb-daemon: Fix CID 1363233 Resource leak (RESOURCE_LEAK)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12110

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 74aca5f4c671d9f15ae6c3a901978a1cf247dd6f)

ctdb-utils: Fix CID 1297451 Explicit null dereferenced (FORWARD_NULL)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12110

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit d46960f20e795cd4abc1c727705f77b2f0e0e564)

ctdb-common: Consistently use strlcpy() on interface names

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12110

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit aff33a59479cafcb1f24a07ff76383d47bb196b3)

ctdb-common: Fix CID 1125553 Buffer not null terminated (BUFFER_SIZE_WARNING)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12110

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
(cherry picked from commit 763f9c13f2998a8858e8a3ec013d166a3d429835)

ctdb-daemon: Fix CID 1364527/8/9: Null pointer dereferences (NULL_RETURNS)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12110

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit ed81e51cc1633cecfef05b84c0595418db8a384b)

ctdb-packaging: Move ctdb tests to libexec directory

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12104

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 87c38d5d741f5e58f643ad4f797c523c67bbab00)

Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Mon Aug 8 12:45:56 CEST 2016 on sn-devel-144

ctdb-waf: Move ctdb tests to libexec directory

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12104

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
(cherry picked from commit f9c85d04e9edb3af9479e9c83d5b1ec77b9c2ee2)

man: Wrong option for parameter ldap ssl in smb.conf man page

- "ldap ssl" does not accept the value "yes"
- Replaced "start_tls" with "start tls".

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12023

Signed-off-by: Marc Muehlfeld <mmuehlfeld@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 976be8fe39c78acfd3c2a23302d26cc262be0ae0)

Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Fri Aug 5 13:37:41 CEST 2016 on sn-devel-144

async_req: make async_connect_send() "reentrant"

Allow callers to pass in socket fds that where already passed to an
earlier call of async_connect_send(). Callers expect this behaviour and
it was working until 05d4dbda8357712cb81008e0d611fdb0e7239587 broke it.

The proper fix would be to change callers to close the fd and start from
scratch with a fresh socket.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12105

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Aug 4 05:03:21 CEST 2016 on sn-devel-144

(cherry picked from commit 9c6a4ea2788808bdcc7bfea798d838ea56c3b5ec)

vfs_acl_xattr: objects without NT ACL xattr

Even with "ignore system acls" set to "yes", for objects without NT ACL
xattr we use the underlying filesystem permissions to construct an NT
ACL. This can result in *very* unexpected permissions, eg:

- a directory with the following ACL:

$ ./bin/smbcacls -Uslow%pass //localhost/normal ""
REVISION:1
CONTROL:SR|DP
OWNER:SLOW\slow
GROUP:Unix Group\root
ACL:SLOW\slow:ALLOWED/0x0/FULL

So only one non-inheritable(!) ACE.

- creating a subdirectory:

$ ./bin/smbclient -Uslow%pass //localhost/normal -c "mkdir dir1"

- checking whether there's an ACL xattr:

$ getfattr -m "" /Volumes/normal/dir1
getfattr: Removing leading '/' from absolute path names
system.posix_acl_access
system.posix_acl_default
user.DOSATTRIB

So there isn't an ACL xattr, because there where no inheritable ACEs on
the parent folder.

- reading the new subdirectories ACL:

$ ./bin/smbcacls -Uslow%pass //localhost/normal "dir1"
REVISION:1
CONTROL:SR|DP
OWNER:SLOW\slow
GROUP:Unix Group\slow
ACL:SLOW\slow:ALLOWED/0x0/FULL
ACL:Unix Group\slow:ALLOWED/0x0/READ
ACL:Everyone:ALLOWED/0x0/READ
ACL:NT Authority\SYSTEM:ALLOWED/0x0/FULL

The ACES for "SLOW\slow", "Unix Group\slow" and "Everyone" are coming
from the underlying filesystem. This is the problem.

- Windows assigns the following ACL in this situation:

$ ./bin/smbcacls -UAdministrator%Passw0rd //10.10.10.14/data "dir"
REVISION:1
CONTROL:SR|PD|DI|DP
OWNER:VORDEFINIERT\Administratoren
GROUP:WIN2008R2\Domänen-Benutzer
ACL:WIN2008R2\Administrator:ALLOWED/0x0/FULL

$ ./bin/smbclient -UAdministrator%Passw0rd //10.10.10.14/data -c "mkdir dir\dir1"

$ ./bin/smbcacls -UAdministrator%Passw0rd //10.10.10.14/data "dir\dir1"
REVISION:1
CONTROL:SR|DI|DP
OWNER:VORDEFINIERT\Administratoren
GROUP:WIN2008R2\Domänen-Benutzer
ACL:VORDEFINIERT\Administratoren:ALLOWED/0x0/FULL
ACL:NT-AUTORITÄT\SYSTEM:ALLOWED/0x0/FULL

By changing make_default_filesystem_acl() to only adds user and system
ACE to the ACL of objects that lack an ACL xattr, we match Windows
behaviour:

$ ./bin/smbclient -Uslow%pass //localhost/normal -c "mkdir dir2"

$ ./bin/smbcacls -Uslow%pass //localhost/normal "dir2"
REVISION:1
CONTROL:SR|DP
OWNER:SLOW\slow
GROUP:Unix Group\slow
ACL:SLOW\slow:ALLOWED/0x0/FULL
ACL:NT Authority\SYSTEM:ALLOWED/0x0/FULL

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12028

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Jul 19 10:22:05 CEST 2016 on sn-devel-144

(cherry picked from commit 961c4b591bb102751079d9cc92d7aa1c37f1958c)

Autobuild-User(v4-4-test): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(v4-4-test): Thu Aug 4 14:49:18 CEST 2016 on sn-devel-144

s3/smbd: move make_default_filesystem_acl() to vfs_acl_common.c

This function is only used in vfs_acl_common.c and will be modified in
the next commit.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12028

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit afc2417b107af572081974ff9d013ddec890d31f)