[SCM] Samba Shared Repository - branch v4-6-test updated

Karolin Seeger kseeger at samba.org
Wed Oct 25 10:50:03 UTC 2017


The branch, v4-6-test has been updated
       via  f8da4ab vfs_catia: Fix a potential memleak
       via  bd4d3fb vfs_catia: Fix a memory leak
       via  ff9c618 krb5_wrap: ADDRTYPE_INET6 is available in all supported MIT versions
       via  60f0e49 krb5_wrap: KRB5_ADDRESS_INET6 is not a define in Heimdal
       via  c7726ee s4/torture: vfs_fruit: test xattr unpacking
       via  d61101b s4/torture: vfs_fruit: replace AppleDouble data blob with xattr data
       via  cbddb21 vfs_fruit: on-access conversion of AppleDouble xattr data
       via  5fb403f vfs_fruit: static string fruit_catia_maps
       via  8e95870 vfs_fruit: pass path to ad_convert
       via  f42c878 vfs_fruit: unpack AppleDouble xattr header if present
       via  8d03598 vfs_fruit: allocate ad_data buffer up to AD_XATTR_MAX_HDR_SIZE bytes
       via  1e4051b vfs_fruit: add AppleDouble xattr structure definitions
       via  e414f60 vfs_fruit: fix ftruncating resource fork
       via  b866626 vfs_catia: factor out mapping functions
       via  afecdce ctdb-common: Ignore event scripts with multiple '.'s
       via  595f108 s3: VFS: Protect errno if sys_getwd() fails across free() call.
       via  42b064a s3: VFS: Ensure sys_getwd() doesn't leak memory on error on really old systems.
       via  9209c35 net: groupmap cleanup should not delete BUILTIN mappings
       via  c9fa0e9 ctdb-common: Do not queue a packet if queue does not have valid fd
       via  65af3ee ctdb-tests: Send broadcast to connected nodes, not configured nodes
       via  9de6540 ctdb-daemon: Send broadcast to connected nodes, not configured nodes
       via  eb47cdd lib: gpo: Put enforced GPOs at the end of the list.
       via  07c6394 lib: gpo: Fixes issue with GPOPTIONS_BLOCK_INHERITANCE.
       via  322add1 lib: gpo: Changes order to match GPO application order.
       via  3cd186f s3/smbd: use correct access in get_file_handle_for_metadata
       via  096a3f8 s3/smbd: fix access checks in set_ea_dos_attribute()
       via  88dfaf1 s3/smbd: README.Coding fixes in set_ea_dos_attribute
       via  18122f0 s3: spoolss: Fix GUID string format on GetPrinter info
       via  a68f0bc s3/mdssvc: missing assignment in sl_pack_float
       via  f5b02e3 s4/torture: add a test for rename change notification with inotify enabled
       via  b5b77ba selftest: run smb2.notify-inotify testsuite against fileserver
       via  d052058 selftest: enable kernel change notifications in the fileserver environment
       via  1dd367a messaging: Remove messaging_handler_send
       via  389f2b7 notifyd: Remove notifyd_handler_done
       via  bb6011f notifyd: Use messaging_register for MSG_SMB_NOTIFY_DB
       via  ab6743d notifyd: Use messaging_register for MSG_SMB_NOTIFY_GET_DB
       via  e4dd339 notifyd: Use messaging_register for MSG_SMB_NOTIFY_TRIGGER
       via  340cde8 notifyd: Use messaging_register for MSG_SMB_NOTIFY_REC_CHANGE
       via  0f63069 messaging: make messaging_rec_create public
       via  5549320 notifyd: Avoid an if-expression
       via  7cf36b2 notifyd: Consolidate two #ifdef CLUSTER into one
       via  ab91b0d notifyd: Only ask for messaging_ctdb_conn when clustering
       via  cbb4750 selftest: prevent interpretation of escape sequences in test_give_owner.sh
       via  8c79020 selftest: add some debugging to test_give_owner.sh
       via  f4c3b87 vfs_fake_acls: deny give-ownership
       via  ec87dad vfs_acl_common: fix take ownership vs give ownership
       via  52de163 vfs_acl_common: factor out a variable declaration
       via  da807fe s3/smbd/posix_acls: return correct status in try_chown
       via  839830f selftest: tests for change ownership on a file
       via  49e080c selftest: fix samba3.blackbox.inherit_owner.default test script test_inherit_owner.sh
       via  3044852 selftest: fix acl_xattr test script test_acl_xattr.sh
       via  bc55590 selftest: fix acl_xattr test: sn-devel unreliable gid
       via  7b72c6f selftest: fix acl_xattr test: group, not user
       via  f9f9687 selftest: fix acl_xattr test: changing owner
       via  da10d811 vfs/nfs4_acls: move special handling of SMB_ACE4_SYNCHRONIZE to vfs_zfsacl
       via  38c3352 s3/vfs: move ACE4_ADD_FILE/ACE4_DELETE_CHILD mapping from NFSv4 framework to vfs_zfsacl
       via  bda469e vfs_zfsacl: ensure zfs_get_nt_acl_common() has access to stat info
       via  7657bb6 vfs_zfsacl: pass smb_fname to zfs_get_nt_acl_common
      from  96a8f4c torture/ioctl: test set_compression(format_none)

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-6-test


- Log -----------------------------------------------------------------
commit f8da4ab0a0a8f1fb35ecd5b69426b3d86ed8c308
Author: Volker Lendecke <vl at samba.org>
Date:   Mon Oct 16 17:43:09 2017 +0200

    vfs_catia: Fix a potential memleak
    
    Together with the previous commit this fixes a memleak (twice) that
    happens when vfs_catia is loaded with no mappings defined.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13090
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    
    Autobuild-User(master): Ralph Böhme <slow at samba.org>
    Autobuild-Date(master): Tue Oct 17 18:53:48 CEST 2017 on sn-devel-144
    
    (cherry picked from commit f6d6af3b2d5efcd160c1e5e09778fb1129530be0)
    
    Autobuild-User(v4-6-test): Karolin Seeger <kseeger at samba.org>
    Autobuild-Date(v4-6-test): Wed Oct 25 12:49:20 CEST 2017 on sn-devel-144

commit bd4d3fba7fedc034d8259d62c6467abb01ba4291
Author: Volker Lendecke <vl at samba.org>
Date:   Tue Oct 17 11:28:36 2017 +0200

    vfs_catia: Fix a memory leak
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13090
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit e77b7aff86ab1cb603f59961f2f5689e4dc770ea)

commit ff9c618289f11bdfea2f6ff71e77a0fa7e66cdba
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Oct 9 12:50:35 2017 +0200

    krb5_wrap: ADDRTYPE_INET6 is available in all supported MIT versions
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13079
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Björn Jacke <bjacke at samba.org>
    (cherry picked from commit 96e471eecce91e6cd9b92d854a3c6ca10e0634f3)

commit 60f0e49349f5e76812cddc8985552786a85002e9
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Oct 9 12:50:35 2017 +0200

    krb5_wrap: KRB5_ADDRESS_INET6 is not a define in Heimdal
    
    All supported versions of Heimal already have KRB5_ADDRESS_INET6,
    so there's no need for an explicit check.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13079
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Björn Jacke <bjacke at samba.org>
    (cherry picked from commit 70146841272bc87c335bd24b736ba2c62efdfe06)

commit c7726ee0f504c89be45da55e9c091ea394ffeb8d
Author: Ralph Boehme <slow at samba.org>
Date:   Wed Oct 11 16:04:58 2017 +0200

    s4/torture: vfs_fruit: test xattr unpacking
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13076
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    
    Autobuild-User(master): Ralph Böhme <slow at samba.org>
    Autobuild-Date(master): Fri Oct 13 21:44:02 CEST 2017 on sn-devel-144
    
    (cherry picked from commit 5f52a0fbe8c9f52c6fed206fd5cd47bd0de867a1)

commit d61101b568511620cd41cd0c1f8b20e9997b5a63
Author: Ralph Boehme <slow at samba.org>
Date:   Mon Oct 9 16:18:18 2017 +0200

    s4/torture: vfs_fruit: replace AppleDouble data blob with xattr data
    
    The osx_adouble_w_xattr datablob is used to test conversion from sidecar
    ._ file metdata to Samba compatible ._ file.
    
    The previous data blob didn't contain xattr data, the new one does.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13076
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    (cherry picked from commit c5b25d40e1ab3906805538abdb8f07a934c629f7)

commit cbddb21c05423936b6e9aa6f58d4eec5b1201865
Author: Ralph Boehme <slow at samba.org>
Date:   Wed Oct 11 12:58:59 2017 +0200

    vfs_fruit: on-access conversion of AppleDouble xattr data
    
    This finally adds on-access conversion of xattr data stored in sidecar
    AppleDouble files.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13076
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    (backported from commit d7068324407a9a0b94d992b539631246e97c9098)

commit 5fb403f3b26cf830557bde369a720d97795cdffc
Author: Ralph Boehme <slow at samba.org>
Date:   Tue Oct 10 19:13:36 2017 +0200

    vfs_fruit: static string fruit_catia_maps
    
    In a later commit these will be used somewhere else too.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13076
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    (cherry picked from commit ce516a34972f51eda48c1536858d47dc230ea99a)

commit 8e958708c348023d09767cb5432a0c62d4ebdded
Author: Ralph Boehme <slow at samba.org>
Date:   Tue Oct 10 16:15:49 2017 +0200

    vfs_fruit: pass path to ad_convert
    
    This will be needed in a later commit when converting xattrs in sidecar
    AppleDouble files.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13076
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    (cherry picked from commit 386249eea3a13303744dbab88480e80790138329)

commit f42c87831373cb7b831cfaa498e776146dfb7623
Author: Ralph Boehme <slow at samba.org>
Date:   Tue Oct 10 16:06:33 2017 +0200

    vfs_fruit: unpack AppleDouble xattr header if present
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13076
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    (cherry picked from commit fb137d6070c8cd872a66a4628b0e392cf40c180e)

commit 8d0359810bbb7180499fad750ae56fcfd5b72a79
Author: Ralph Boehme <slow at samba.org>
Date:   Tue Oct 10 16:04:29 2017 +0200

    vfs_fruit: allocate ad_data buffer up to AD_XATTR_MAX_HDR_SIZE bytes
    
    This is in preperation of reading potential xattr header data from the
    AppleDouble file, not just reading a fixed amount of bytes.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13076
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    (backported from commit ab8d01959b906d0b2873357f836bff72d209ff98)

commit 1e4051b587d0ce1bbc3dca004509e1bca39a2020
Author: Ralph Boehme <slow at samba.org>
Date:   Tue Oct 10 16:03:13 2017 +0200

    vfs_fruit: add AppleDouble xattr structure definitions
    
    Reference:
    https://opensource.apple.com/source/xnu/xnu-4570.1.46/bsd/vfs/vfs_xattr.c
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13076
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    (cherry picked from commit b5a664e2580d8823f4f2d3e7e516b576317eb290)

commit e414f60181af04c9eecb7b33875ffcbb3aafbade
Author: Ralph Boehme <slow at samba.org>
Date:   Wed Oct 11 18:11:12 2017 +0200

    vfs_fruit: fix ftruncating resource fork
    
    fruit_ftruncate_rsrc_adouble() is called to effectively ftruncate() the
    ._ AppleDouble file to the requested size.
    
    The VFS function SMB_VFS_NEXT_FTRUNCATE() otoh would attempt to truncate
    to fsp *stream* in any way the next VFS module seems fit. As we know
    we're stacked with a streams module, the module will attempt to truncate
    the stream. So we're not truncating the ._ file.
    
    This went unnoticed as the AppleDouble file header contains the
    authorative resource fork size that was updated correctly.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13076
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    (cherry picked from commit 3d7932a33263514785fa3e95e2d5502bc02b4ea4)

commit b86662654a51baa523896aaafb3a9d9cdc6628a9
Author: Ralph Boehme <slow at samba.org>
Date:   Wed Oct 11 11:35:15 2017 +0200

    vfs_catia: factor out mapping functions
    
    This moves the core mapping functions to a seperate file and makes them
    global.
    
    string_replace_init_map() is called to parse a mapping in string and
    produce a mapping object that can then be passed to
    string_replace_allocate() to do the actual mapping of a string.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13076
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    (backported from commit f8bd63e19c8b1c063dd6f41b405d6864a9b546ff)

commit afecdce66c5e6fe592d7456ec7cf2334982e9bda
Author: Amitay Isaacs <amitay at gmail.com>
Date:   Thu Oct 12 14:42:59 2017 +1100

    ctdb-common: Ignore event scripts with multiple '.'s
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13070
    
    This avoids running event script copies left by a package manager.
    
    Signed-off-by: Amitay Isaacs <amitay at gmail.com>
    Reviewed-by: Martin Schwenke <martin at meltin.net>
    (cherry picked from commit 7720ca0729b127a93d78401aaf1341d79f9603a4)

commit 595f10815491c6d7c5aab7d00c5d2d12e328e09c
Author: Jeremy Allison <jra at samba.org>
Date:   Tue Oct 3 10:58:00 2017 -0700

    s3: VFS: Protect errno if sys_getwd() fails across free() call.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13069
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 4800ed3595513ce1e2f4edee36c35daafc63a3d5)

commit 42b064ad759789e3ab13a30e42517982ed172de6
Author: Jeremy Allison <jra at samba.org>
Date:   Tue Oct 3 10:37:55 2017 -0700

    s3: VFS: Ensure sys_getwd() doesn't leak memory on error on really old systems.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13069
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit fb9ce0685e5d46e3d7abf5fac07b4f626339a413)

commit 9209c3566d0bf180e3eea2dfed7c3fb19d577324
Author: Ralph Boehme <slow at samba.org>
Date:   Sat Sep 30 08:45:41 2017 +0200

    net: groupmap cleanup should not delete BUILTIN mappings
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13065
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    
    Autobuild-User(master): Volker Lendecke <vl at samba.org>
    Autobuild-Date(master): Mon Oct  2 15:17:00 CEST 2017 on sn-devel-144
    
    (cherry picked from commit 064e17c0d6934f685c075abe0cf4913fa20d3a94)

commit c9fa0e9615cc58ee102c1192c4c55fa3f952e15d
Author: Amitay Isaacs <amitay at gmail.com>
Date:   Fri Sep 29 14:23:24 2017 +1000

    ctdb-common: Do not queue a packet if queue does not have valid fd
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13056
    
    The only time a ctdb_queue is created without valid fd is when CTDB
    is trying to establish connections with other nodes in the cluster.
    All the other uses always create a ctdb_queue with valid fd.
    
    This avoids queueing up packets for dead nodes or nodes that are not
    running in the cluster and stops consuming memory.
    
    Signed-off-by: Amitay Isaacs <amitay at gmail.com>
    Reviewed-by: Martin Schwenke <martin at meltin.net>
    (cherry picked from commit ddd97553f0a8bfaada178ec4a7460d76fa21f079)

commit 65af3eeea5758ab7b786b8501d9d9b765ffc49af
Author: Amitay Isaacs <amitay at gmail.com>
Date:   Thu Sep 28 11:47:24 2017 +1000

    ctdb-tests: Send broadcast to connected nodes, not configured nodes
    
    https://bugzilla.samba.org/show_bug.cgi?id=13056
    
    Signed-off-by: Amitay Isaacs <amitay at gmail.com>
    Reviewed-by: Martin Schwenke <martin at meltin.net>
    (cherry picked from commit bf11bea5dbb589186a205fa1d81368cc89a6139b)

commit 9de654079cab93d467da5a7b4414b46da0562c60
Author: Amitay Isaacs <amitay at gmail.com>
Date:   Thu Sep 28 11:47:00 2017 +1000

    ctdb-daemon: Send broadcast to connected nodes, not configured nodes
    
    https://bugzilla.samba.org/show_bug.cgi?id=13056
    
    Database recovery takes care of attaching missing databases on all the nodes.
    
    Signed-off-by: Amitay Isaacs <amitay at gmail.com>
    Reviewed-by: Martin Schwenke <martin at meltin.net>
    (cherry picked from commit 70d306373e80eafe3a356c60a823a2577001d7d1)

commit eb47cdd8ee3e49763b928386b514862252bb4b2d
Author: Lutz Justen <ljusten at google.com>
Date:   Thu Sep 21 10:32:05 2017 -0700

    lib: gpo: Put enforced GPOs at the end of the list.
    
    Enforced GPOs should be applied on top of all non-enforced GPOs,
    so that they override policies set in non-enforced GPOs.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13046
    
    Signed-off-by: Lutz Justen <ljusten at google.com>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    
    Autobuild-User(master): Günther Deschner <gd at samba.org>
    Autobuild-Date(master): Sat Sep 23 05:25:19 CEST 2017 on sn-devel-144
    
    (cherry picked from commit 5f2576a9af4f3c33121ad2b27a621b5f3bb34374)

commit 07c6394d0289f0071175fcf9b7af0b604df6e06f
Author: Lutz Justen <ljusten at google.com>
Date:   Thu Sep 21 10:11:15 2017 -0700

    lib: gpo: Fixes issue with GPOPTIONS_BLOCK_INHERITANCE.
    
    GP links with the GPOPTIONS_BLOCK_INHERITANCE option set
    were blocking GPOs from the same link (i.e. an OU with
    the flag set would block its own GPOs). This patch makes
    sure the GPOs from the link are added to the list.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13046
    
    Signed-off-by: Lutz Justen <ljusten at google.com>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    (cherry picked from commit 69410c0a02f7b4d7d20eadf4b4fda8ea064e4a0e)

commit 322add14771f55c3cc7e5d0cc2fb2f56d32dee51
Author: Lutz Justen <ljusten at google.com>
Date:   Thu Sep 21 10:01:58 2017 -0700

    lib: gpo: Changes order to match GPO application order.
    
    The order of GPOs in a gpo_list generated by ads_get_gpo_list
    did not match the order of application. Since GPOs are pushed
    to the FRONT of gpo_list, GPOs have to be pushed in the opposite
    order of application. (Pushing to front is useful to get
    inheritance blocking right).
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13046
    
    Signed-off-by: Lutz Justen <ljusten at google.com>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    (cherry picked from commit 6a531773b841f6b713226d1166a1e7d4dbc9b282)

commit 3cd186fdd263ae0f7c761f6e0e558f0fad44b17e
Author: Ralph Boehme <slow at samba.org>
Date:   Tue Aug 29 16:08:06 2017 +0200

    s3/smbd: use correct access in get_file_handle_for_metadata
    
    All we want here is FILE_WRITE_ATTRIBUTES, not FILE_WRITE_DATA.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=12995
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Ralph Böhme <slow at samba.org>
    Autobuild-Date(master): Tue Oct 17 11:48:09 CEST 2017 on sn-devel-144
    
    (cherry picked from commit a3cc2fedab37134edd401b88087e20881c4ea18f)

commit 096a3f8fdd76fc045e338da96415ba26820e68f1
Author: Ralph Boehme <slow at samba.org>
Date:   Tue Aug 29 15:55:19 2017 +0200

    s3/smbd: fix access checks in set_ea_dos_attribute()
    
    We wanted to set the DOS attributes and failed with permission denied
    from the VFS/kernel/filesystem. Next thing we wanna do here is override
    this if either
    
    - "dos filemode = true" is set and the security descriptor gives the
      user write access or if
    
    - the stored security descriptor has FILE_WRITE_ATTRIBUTES
    
    The former was working, but the latter was not implemented at all.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=12995
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit 143d26283dad8422fba557de311c304f0093d647)

commit 88dfaf1e4be5ac66bf3fd82f953d3fd79a0a309f
Author: Ralph Boehme <slow at samba.org>
Date:   Thu Oct 12 15:41:01 2017 +0200

    s3/smbd: README.Coding fixes in set_ea_dos_attribute
    
    While I'm at it, some README.Coding fixes in set_ea_dos_attribute.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=12995
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit fbad64200e0199acb644d83073234b2f6c200fce)

commit 18122f007271f995c5ca2e167105cea6104abc81
Author: Samuel Cabrero <scabrero at suse.de>
Date:   Thu Sep 21 09:53:35 2017 +0200

    s3: spoolss: Fix GUID string format on GetPrinter info
    
    Fix regression introduced by commit a4157e7c5d75 which removed the braces
    around the printer GUID in the printer info level 7 structure.
    
    MS-RPRN section 2.2 says this protocol uses curly-braced GUIDs so printers
    are deleted from the directory by the domain controller's pruning service.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=12993
    
    Signed-off-by: Samuel Cabrero <scabrero at suse.de>
    Reviewed-by: David Disseldorp <ddiss at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Fri Oct  6 05:21:25 CEST 2017 on sn-devel-144
    
    (cherry picked from commit fc03049ca1721c25c6ad3d01cba2501af3f39b93)

commit a68f0bcaca652893ad3542d04ac6e8165ca88bff
Author: Ralph Boehme <slow at samba.org>
Date:   Sun Aug 27 19:22:38 2017 +0200

    s3/mdssvc: missing assignment in sl_pack_float
    
    Spotted by -Werror=maybe-uninitialized:
    
    ../source3/rpc_server/mdssvc/marshalling.c: In function ‘sl_pack_float’:
    ../source3/rpc_server/mdssvc/marshalling.c:171:11: error:
    ‘ieee_fp_union.w’ may be used uninitialized in this function
    [-Werror=maybe-uninitialized]
      offset = sl_push_uint64_val(buf, offset, bufsize, ieee_fp_union.w);
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=12991
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit 7b58c8f54499f01778bcbfc2ad21521ceed2dd57)

commit f5b02e3e63aacb3729c228244c6179a6d278c0d5
Author: Ralph Boehme <slow at samba.org>
Date:   Thu Jul 13 16:05:49 2017 +0200

    s4/torture: add a test for rename change notification with inotify enabled
    
    This is already fixed in master by
    5eccc2fd0072409f166c63e6876266f926411423~10..5eccc2fd0072409f166c63e6876266f926411423.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=12903
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Sat Aug 26 05:05:08 CEST 2017 on sn-devel-144
    
    (backported from commit 51f40a0e1d10069f55a5884ff1579e8f15f10a1e)

commit b5b77ba33e3ec1eb42488dbd9d838f36b1059686
Author: Ralph Boehme <slow at samba.org>
Date:   Thu Jul 13 16:04:50 2017 +0200

    selftest: run smb2.notify-inotify testsuite against fileserver
    
    Next commit adds the suite and a test.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=12903
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit 71a68d22a15d12c4038026dd065c54721ddc6723)

commit d052058b59d92793b4ee5feb60e16af4cda4e155
Author: Ralph Boehme <slow at samba.org>
Date:   Thu Jul 13 16:01:53 2017 +0200

    selftest: enable kernel change notifications in the fileserver environment
    
    This environment is currently not used for any test in the smb2
    testsuite, so this change doesn't affect any existing test.
    
    A subsequent commit will add a test for change notifications with kernel
    change notify enabled. It verifies a bug (this one) that only crops up
    in such a setup and causes rename events to get lost.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=12903
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (backported from commit fb8e0343ebebac322d545b54c33b3c1e7bcda393)

commit 1dd367ad2ae2c3405509fe4ec344711f514476c5
Author: Volker Lendecke <vl at samba.org>
Date:   Sat Jun 24 09:01:46 2017 +0200

    messaging: Remove messaging_handler_send
    
    This did not really take off, notifyd was the only user
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=12903
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Fri Jul  7 05:11:48 CEST 2017 on sn-devel-144
    
    (cherry picked from commit 5eccc2fd0072409f166c63e6876266f926411423)

commit 389f2b770b54ad589a0d1c886f494a5aaaa03787
Author: Volker Lendecke <vl at samba.org>
Date:   Sat Jun 24 08:57:18 2017 +0200

    notifyd: Remove notifyd_handler_done
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=12903
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit 197186a1fcc2c190fac9a16893234c337e6ec01c)

commit bb6011fac798f85f9860055b91e0347608867ac0
Author: Volker Lendecke <vl at samba.org>
Date:   Sat Jun 24 08:56:35 2017 +0200

    notifyd: Use messaging_register for MSG_SMB_NOTIFY_DB
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=12903
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit 9430fab61cb746e590db307af37219f8f29b7fd8)

commit ab6743d9e82b89d267ec6db4bbde9fccc6c34b07
Author: Volker Lendecke <vl at samba.org>
Date:   Sat Jun 24 08:48:45 2017 +0200

    notifyd: Use messaging_register for MSG_SMB_NOTIFY_GET_DB
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=12903
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit dc39bb45624f8d6859dadc3c9a9a85793a5a7d0d)

commit e4dd339ee070fe315d44d4c9db76c53a80cd3785
Author: Volker Lendecke <vl at samba.org>
Date:   Sat Jun 24 08:45:17 2017 +0200

    notifyd: Use messaging_register for MSG_SMB_NOTIFY_TRIGGER
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=12903
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit db15feb162326cb03fb06df24bcdafa5d5cb3087)

commit 340cde826e46564a6900feeb29a2b8a2f8d482c8
Author: Volker Lendecke <vl at samba.org>
Date:   Sat Jun 24 08:38:53 2017 +0200

    notifyd: Use messaging_register for MSG_SMB_NOTIFY_REC_CHANGE
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=12903
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit b6079af1c41481714ac981fdd19f89ee197b4200)

commit 0f63069d3b393b87c58d75b43c400731b33a73a3
Author: Volker Lendecke <vl at samba.org>
Date:   Sat Jun 24 08:38:19 2017 +0200

    messaging: make messaging_rec_create public
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=12903
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit 0c1e08b5901e54c70cf72c74837a8ed8cc77f0b8)

commit 5549320e2a18b54b9ae6ebcf6f21558921574945
Author: Volker Lendecke <vl at samba.org>
Date:   Wed Jul 5 09:37:14 2017 +0200

    notifyd: Avoid an if-expression
    
    Best reviewed with "git show -b -U10"
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=12903
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit b8dccd11ea3d43b9ee51811c1ce7d81b91a549ca)

commit 7cf36b273d3cde3bb32bb336576af5ca178e2af1
Author: Volker Lendecke <vl at samba.org>
Date:   Wed Jul 5 09:34:51 2017 +0200

    notifyd: Consolidate two #ifdef CLUSTER into one
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=12903
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit d0a7bccae9856aba44a057c09499aa0de6b21862)

commit ab91b0da007250b515ccbca7078fb793f2da31e5
Author: Volker Lendecke <vl at samba.org>
Date:   Fri Jun 16 15:20:22 2017 +0200

    notifyd: Only ask for messaging_ctdb_conn when clustering
    
    Without clustering, messaging_ctdb_conn will fail anyway.
    
    Review with "git show -b".
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=12903
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit 939576d968d1e0159456baf6dd1e3c454b98995a)

commit cbb47506e22d1bd5c9d855fa5705dee2597d9868
Author: Ralph Boehme <slow at samba.org>
Date:   Fri Oct 13 14:32:58 2017 +0200

    selftest: prevent interpretation of escape sequences in test_give_owner.sh
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    
    Autobuild-User(master): Ralph Böhme <slow at samba.org>
    Autobuild-Date(master): Sat Oct 14 06:02:50 CEST 2017 on sn-devel-144
    
    (cherry picked from commit 7abf0acef48cb585fa8e5666fd4c27692b9c8ae3)

commit 8c7902015947c4b1e678938e6fa953751229ddae
Author: Ralph Boehme <slow at samba.org>
Date:   Thu Oct 12 17:07:15 2017 +0200

    selftest: add some debugging to test_give_owner.sh
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Fri Oct 13 01:22:05 CEST 2017 on sn-devel-144
    
    (cherry picked from commit 156015aed0b5a72b2f7150beb5cdaffa32b554e5)

commit f4c3b8719f6d604fb46b034c92c77014ddc5f6c8
Author: Ralph Boehme <slow at samba.org>
Date:   Fri Oct 6 15:25:54 2017 +0200

    vfs_fake_acls: deny give-ownership
    
    Windows doesn't allow giving ownership away unless the user has
    SEC_PRIV_RESTORE privilege.
    
    This follows from MS-FSA 2.1.5.1, so it's a property of the filesystem
    layer, not the SMB layer. By implementing this restriction here, we can
    now have test for this restriction.
    
    Other filesystems may want to deliberately allow this behaviour --
    although I'm not aware of any that does -- therefor I'm putting in this
    restriction in the implementation of the chmod VFS function and not into
    the caller.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit 0666093cb0d820cc27a265c1f0a87bc76cd3c167)

commit ec87dadac0a2e9f4dd6de6333afbeb5113c27e13
Author: Ralph Boehme <slow at samba.org>
Date:   Wed Oct 4 22:27:24 2017 +0200

    vfs_acl_common: fix take ownership vs give ownership
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit 7e7afef819b4a858e6de48389c6f4fa7510cf5c6)

commit 52de1638198b76e9d253dbed2e3327049c96344d
Author: Ralph Boehme <slow at samba.org>
Date:   Wed Oct 4 12:51:29 2017 +0200

    vfs_acl_common: factor out a variable declaration
    
    Just some refactoring, no change in behaviour.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit e62f90a6d15626a2e20ba92f5cd552101ec4afe0)

commit da807feee7f83551f85b9b5d74a6337d9d39f891
Author: Ralph Boehme <slow at samba.org>
Date:   Wed Oct 4 15:45:54 2017 +0200

    s3/smbd/posix_acls: return correct status in try_chown
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit cc555be4d01c4140445bd30e16be3fe8343d3872)

commit 839830ff7bbb4c4d7f8078622fb6c32fb319527a
Author: Ralph Boehme <slow at samba.org>
Date:   Fri Oct 6 15:31:20 2017 +0200

    selftest: tests for change ownership on a file
    
    This test verifies that SEC_STD_WRITE_OWNER only effectively grants
    take-ownership permissions but NOT give-ownership. The latter requires
    SeRestorePrivilege privilege.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (backported from commit 4b2e171e6b90f9c3594ebb705a28c66b981c2bf5)

commit 49e080c32e085020c04a47eda3d6537359f5e081
Author: Ralph Boehme <slow at samba.org>
Date:   Sat Oct 7 09:11:56 2017 +0200

    selftest: fix samba3.blackbox.inherit_owner.default test script test_inherit_owner.sh
    
    Grant the test-user SeRestorePrivilege, this is needed for
    give-ownership operations. And then granting SeRestorePrivilege requires
    `net`, so add that as an additional argument to the script.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (backported from commit ff199d8e3ea7bd1ed12de8c39340ba640a2b83ca)

commit 3044852f02f48a962844fbb483569568d0431208
Author: Ralph Boehme <slow at samba.org>
Date:   Sun Oct 8 11:17:12 2017 +0200

    selftest: fix acl_xattr test script test_acl_xattr.sh
    
    The two "nt_affects_chgrp" tests called the wrong function so the
    function nt_affects_chgrp() was never run.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit 3aff6315097cc9db0216bc18aa793a996930b0f4)

commit bc555905652e1d8079576def238ce6ffabb95951
Author: Ralph Boehme <slow at samba.org>
Date:   Sun Oct 8 08:51:05 2017 +0200

    selftest: fix acl_xattr test: sn-devel unreliable gid
    
    The "nt_affects_chgrp" kept failing in a full autobuild on sn-devel
    because the actual gid of the created file as returned by smbclient -c
    getfacl was reliably the unix gid of my account. It should have been the
    mapped domusers group for the primary users "Domain Users"
    group. Running the test individually or even the full set of
    "samba3.blackbox" tests didn't trigger the error.
    
    Looks like an issue with vfs_fake_acls and vfs_xattr_tdb, but I wasn't
    able to track it down. As the test only really want to ensure that
    smbcacls -G set the gid to the requested value, just remove the check
    for the actual initial gid.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit ea0ea829f5af63ab9638e758631c3002cbb6b4ce)

commit 7b72c6f9064b6f610f5c692e899eb55b446f1428
Author: Ralph Boehme <slow at samba.org>
Date:   Sun Oct 8 11:13:46 2017 +0200

    selftest: fix acl_xattr test: group, not user
    
    In nt_affects_chgrp() check for domadmins *group*, not user. This didn't
    trigger an error as nt_affects_chgrp() isn't actually called, see next
    commit.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit 71a2d06a1e41a1c412c82e58b3966e14c29c6159)

commit f9f96877e55640dce4a858757abfa8b9dafffc0f
Author: Ralph Boehme <slow at samba.org>
Date:   Sun Oct 8 11:12:48 2017 +0200

    selftest: fix acl_xattr test: changing owner
    
    Don't give ownership to user "force_user" as user "$USERNAME", this
    would fail with NT_STATUS_INVALID_OWNER, instead just take ownership as
    user "force_user". Adding a corresponding ACE for "force_user" with FULL
    rights ensures this works.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=7933
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit 0f8de2dee5451c9791f96050f85e4f007bec2819)

commit da10d81167a82c7f98796755958f7cebfdde2217
Author: Ralph Boehme <slow at samba.org>
Date:   Wed Sep 6 16:28:10 2017 +0200

    vfs/nfs4_acls: move special handling of SMB_ACE4_SYNCHRONIZE to vfs_zfsacl
    
    Commit 99a74ff5e6a9f87ad7a650cb44e0f925f834b3a1 added special handling
    of SMB_ACE4_SYNCHRONIZE, always setting it in the access_mask when
    fabricating an ACL. While at the same time removing it from the
    access_mask when setting an ACL, but this is done direclty in
    vfs_zfsacl, not it the common code.
    
    Forcing SMB_ACE4_SYNCHRONIZE to be always set is only needed on ZFS, the
    other VFS modules using the common NFSv4 infrastructure should not be
    made victims of the special ZFS behaviour.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=7909
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit 4591a91c4aa9e631fb8696ed8f6e53343e773895)

commit 38c33525db560b3ecc07ce6b3f19dc18fa872c7c
Author: Ralph Boehme <slow at samba.org>
Date:   Wed Sep 6 16:56:47 2017 +0200

    s3/vfs: move ACE4_ADD_FILE/ACE4_DELETE_CHILD mapping from NFSv4 framework to vfs_zfsacl
    
    This was added in e6a5f11865a55e9644292ae92e4a4b5ec0662ccd to adopt the
    NFSv4 framework to follow ZFS permission rules. But this is the wrong
    place, other filesystems like GPFS do not allow deletion when the user
    has SEC_DIR_ADD_FILE.
    
    This patch therefor moves the change from the NFS4 framework into the
    ZFS module.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=6133
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Sat Sep  9 04:59:51 CEST 2017 on sn-devel-144
    
    (cherry picked from commit 4102697503691f3b2eadfcb98834bb66c669f3ab)

commit bda469eeb665534fd19653ea4fa61bca93a1d900
Author: Ralph Boehme <slow at samba.org>
Date:   Wed Sep 6 16:53:23 2017 +0200

    vfs_zfsacl: ensure zfs_get_nt_acl_common() has access to stat info
    
    We'll need this in the next commit.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=6133
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit bdc7fc62011cb1744f0246aea358b93e98caef38)

commit 7657bb6a4848a7d3aa2a9bf1b357beace54f0c6c
Author: Ralph Boehme <slow at samba.org>
Date:   Wed Sep 6 16:44:12 2017 +0200

    vfs_zfsacl: pass smb_fname to zfs_get_nt_acl_common
    
    This is in preperation of moving SMB_ACE4_ADD_FILE /
    SMB_ACE4_DELETE_CHILD mapping from the common NFSv4 framework into this
    module excusively.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=6133
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit a66572851b6163e56a80463316cc0a6879ffd3e5)

-----------------------------------------------------------------------

Summary of changes:
 ctdb/common/ctdb_io.c                              |   5 +
 ctdb/config/events.d/README                        |   4 +-
 ctdb/server/ctdb_eventd.c                          |   6 +
 ctdb/server/ctdb_ltdb_server.c                     |   5 +-
 ctdb/tests/src/cluster_wait.c                      |   2 +-
 lib/krb5_wrap/krb5_samba.c                         |   4 +-
 libgpo/gpo_ldap.c                                  | 221 +++++++-----
 selftest/target/Samba3.pm                          |   2 +
 source3/include/messages.h                         |  13 +-
 source3/lib/messages.c                             |  83 +----
 source3/lib/system.c                               |  11 +-
 source3/modules/nfs4_acls.c                        |  11 -
 source3/modules/string_replace.c                   | 178 ++++++++++
 .../passwd_proto.h => modules/string_replace.h}    |  26 +-
 source3/modules/vfs_acl_common.c                   |  18 +-
 source3/modules/vfs_catia.c                        | 170 ++-------
 source3/modules/vfs_fake_acls.c                    |  18 +
 source3/modules/vfs_fruit.c                        | 381 +++++++++++++++++++--
 source3/modules/vfs_zfsacl.c                       |  54 ++-
 source3/modules/wscript_build                      |   7 +-
 source3/rpc_server/mdssvc/marshalling.c            |   2 +
 source3/rpc_server/spoolss/srv_spoolss_nt.c        |  16 +-
 source3/script/tests/test_acl_xattr.sh             |  13 +-
 source3/script/tests/test_give_owner.sh            | 141 ++++++++
 source3/script/tests/test_inherit_owner.sh         |  17 +-
 source3/selftest/tests.py                          |  11 +-
 source3/smbd/dosmode.c                             |  33 +-
 source3/smbd/notifyd/notifyd.c                     | 244 +++++++------
 source3/smbd/posix_acls.c                          |   2 +-
 source3/smbd/server.c                              |   8 +-
 source3/utils/net_groupmap.c                       |   4 +-
 source4/torture/smb2/notify.c                      | 158 +++++++++
 source4/torture/smb2/smb2.c                        |   1 +
 source4/torture/vfs/fruit.c                        | 171 +++++++--
 34 files changed, 1462 insertions(+), 578 deletions(-)
 create mode 100644 source3/modules/string_replace.c
 copy source3/{utils/passwd_proto.h => modules/string_replace.h} (54%)
 create mode 100755 source3/script/tests/test_give_owner.sh


Changeset truncated at 500 lines:

diff --git a/ctdb/common/ctdb_io.c b/ctdb/common/ctdb_io.c
index 152d535..3e732e8 100644
--- a/ctdb/common/ctdb_io.c
+++ b/ctdb/common/ctdb_io.c
@@ -300,6 +300,11 @@ int ctdb_queue_send(struct ctdb_queue *queue, uint8_t *data, uint32_t length)
 	struct ctdb_queue_pkt *pkt;
 	uint32_t length2, full_length;
 
+	/* If the queue does not have valid fd, no point queueing a packet */
+	if (queue->fd == -1) {
+		return 0;
+	}
+
 	if (queue->alignment) {
 		/* enforce the length and alignment rules from the tcp packet allocator */
 		length2 = (length+(queue->alignment-1)) & ~(queue->alignment-1);
diff --git a/ctdb/config/events.d/README b/ctdb/config/events.d/README
index 11da702..69f5904 100644
--- a/ctdb/config/events.d/README
+++ b/ctdb/config/events.d/README
@@ -11,7 +11,9 @@ alphanumeric sort order.
 
 As a special case, any eventscript that ends with a '~' character will be
 ignored since this is a common postfix that some editors will append to
-older versions of a file.
+older versions of a file.  Similarly, any eventscript with multiple '.'s
+will be ignored as package managers can create copies with additional
+suffix starting with '.' (e.g. .rpmnew, .dpkg-dist).
 
 Only executable event scripts are run by CTDB.  Any event script that
 does not have execute permission is ignored.
diff --git a/ctdb/server/ctdb_eventd.c b/ctdb/server/ctdb_eventd.c
index 232711c..c9a9bf6 100644
--- a/ctdb/server/ctdb_eventd.c
+++ b/ctdb/server/ctdb_eventd.c
@@ -425,6 +425,12 @@ static int script_filter(const struct dirent *de)
 		return 0;
 	}
 
+	/* Ignore filenames with multiple '.'s */
+	ptr = index(&de->d_name[3], '.');
+	if (ptr != NULL) {
+		return 0;
+	}
+
 	return 1;
 }
 
diff --git a/ctdb/server/ctdb_ltdb_server.c b/ctdb/server/ctdb_ltdb_server.c
index 8ff9634..22a1ee8 100644
--- a/ctdb/server/ctdb_ltdb_server.c
+++ b/ctdb/server/ctdb_ltdb_server.c
@@ -1208,7 +1208,7 @@ int32_t ctdb_control_db_attach(struct ctdb_context *ctdb, TDB_DATA indata,
 	lockdown_memory(ctdb->valgrinding);
 
 	/* tell all the other nodes about this database */
-	ctdb_daemon_send_control(ctdb, CTDB_BROADCAST_ALL, tdb_flags,
+	ctdb_daemon_send_control(ctdb, CTDB_BROADCAST_CONNECTED, tdb_flags,
 				 persistent?CTDB_CONTROL_DB_ATTACH_PERSISTENT:
 						CTDB_CONTROL_DB_ATTACH,
 				 0, CTDB_CTRL_FLAG_NOREPLY,
@@ -1263,7 +1263,8 @@ int32_t ctdb_control_db_detach(struct ctdb_context *ctdb, TDB_DATA indata,
 		client = reqid_find(ctdb->idr, client_id, struct ctdb_client);
 		if (client != NULL) {
 			/* forward the control to all the nodes */
-			ctdb_daemon_send_control(ctdb, CTDB_BROADCAST_ALL, 0,
+			ctdb_daemon_send_control(ctdb,
+						 CTDB_BROADCAST_CONNECTED, 0,
 						 CTDB_CONTROL_DB_DETACH, 0,
 						 CTDB_CTRL_FLAG_NOREPLY,
 						 indata, NULL, NULL);
diff --git a/ctdb/tests/src/cluster_wait.c b/ctdb/tests/src/cluster_wait.c
index 1405738..ecd2efd 100644
--- a/ctdb/tests/src/cluster_wait.c
+++ b/ctdb/tests/src/cluster_wait.c
@@ -264,7 +264,7 @@ static void cluster_wait_join_unregistered(struct tevent_req *subreq)
 	msg.data.data = tdb_null;
 
 	subreq = ctdb_client_message_send(state, state->ev, state->client,
-					  CTDB_BROADCAST_ALL, &msg);
+					  CTDB_BROADCAST_CONNECTED, &msg);
 	if (tevent_req_nomem(subreq, req)) {
 		return;
 	}
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 6a863bd..6b92f59 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -150,7 +150,7 @@ bool smb_krb5_sockaddr_to_kaddr(struct sockaddr_storage *paddr,
 				krb5_address *pkaddr)
 {
 	memset(pkaddr, '\0', sizeof(krb5_address));
-#if defined(HAVE_IPV6) && defined(KRB5_ADDRESS_INET6)
+#ifdef HAVE_IPV6
 	if (paddr->ss_family == AF_INET6) {
 		pkaddr->addr_type = KRB5_ADDRESS_INET6;
 		pkaddr->address.length = sizeof(((struct sockaddr_in6 *)paddr)->sin6_addr);
@@ -183,7 +183,7 @@ bool smb_krb5_sockaddr_to_kaddr(struct sockaddr_storage *paddr,
 				krb5_address *pkaddr)
 {
 	memset(pkaddr, '\0', sizeof(krb5_address));
-#if defined(HAVE_IPV6) && defined(ADDRTYPE_INET6)
+#ifdef HAVE_IPV6
 	if (paddr->ss_family == AF_INET6) {
 		pkaddr->addrtype = ADDRTYPE_INET6;
 		pkaddr->length = sizeof(((struct sockaddr_in6 *)paddr)->sin6_addr);
diff --git a/libgpo/gpo_ldap.c b/libgpo/gpo_ldap.c
index 4533d61..fec0005 100644
--- a/libgpo/gpo_ldap.c
+++ b/libgpo/gpo_ldap.c
@@ -554,6 +554,7 @@ ADS_STATUS ads_get_gpo(ADS_STRUCT *ads,
 static ADS_STATUS add_gplink_to_gpo_list(ADS_STRUCT *ads,
 					 TALLOC_CTX *mem_ctx,
 					 struct GROUP_POLICY_OBJECT **gpo_list,
+					 struct GROUP_POLICY_OBJECT **forced_gpo_list,
 					 const char *link_dn,
 					 struct GP_LINK *gp_link,
 					 enum GPO_LINK_TYPE link_type,
@@ -561,11 +562,20 @@ static ADS_STATUS add_gplink_to_gpo_list(ADS_STRUCT *ads,
 					 const struct security_token *token)
 {
 	ADS_STATUS status;
-	int i;
-
-	for (i = 0; i < gp_link->num_links; i++) {
-
+	uint32_t count;
+
+	/*
+	 * Note: DLIST_ADD pushes to the front,
+	 * so loop from last to first to get the
+	 * order right.
+	 */
+	for (count = gp_link->num_links; count > 0; count--) {
+		/* NB. Index into arrays is one less than counter. */
+		uint32_t i = count - 1;
+		struct GROUP_POLICY_OBJECT **target_list = NULL;
 		struct GROUP_POLICY_OBJECT *new_gpo = NULL;
+		bool is_forced =
+			(gp_link->link_opts[i] & GPO_LINK_OPT_ENFORCED) != 0;
 
 		if (gp_link->link_opts[i] & GPO_LINK_OPT_DISABLED) {
 			DEBUG(10,("skipping disabled GPO\n"));
@@ -574,7 +584,7 @@ static ADS_STATUS add_gplink_to_gpo_list(ADS_STRUCT *ads,
 
 		if (only_add_forced_gpos) {
 
-			if (!(gp_link->link_opts[i] & GPO_LINK_OPT_ENFORCED)) {
+			if (!is_forced) {
 				DEBUG(10,("skipping nonenforced GPO link "
 					"because GPOPTIONS_BLOCK_INHERITANCE "
 					"has been set\n"));
@@ -617,7 +627,8 @@ static ADS_STATUS add_gplink_to_gpo_list(ADS_STRUCT *ads,
 		new_gpo->link = link_dn;
 		new_gpo->link_type = link_type;
 
-		DLIST_ADD(*gpo_list, new_gpo);
+		target_list = is_forced ? forced_gpo_list : gpo_list;
+		DLIST_ADD(*target_list, new_gpo);
 
 		DEBUG(10,("add_gplink_to_gplist: added GPLINK #%d %s "
 			"to GPO list\n", i, gp_link->link_names[i]));
@@ -716,17 +727,28 @@ static ADS_STATUS add_local_policy_to_gpo_list(TALLOC_CTX *mem_ctx,
 }
 
 /****************************************************************
- get the full list of GROUP_POLICY_OBJECTs for a given dn
+ Get the full list of GROUP_POLICY_OBJECTs for a given dn.
 ****************************************************************/
 
-ADS_STATUS ads_get_gpo_list(ADS_STRUCT *ads,
+static ADS_STATUS ads_get_gpo_list_internal(ADS_STRUCT *ads,
 			    TALLOC_CTX *mem_ctx,
 			    const char *dn,
 			    uint32_t flags,
 			    const struct security_token *token,
-			    struct GROUP_POLICY_OBJECT **gpo_list)
+			    struct GROUP_POLICY_OBJECT **gpo_list,
+			    struct GROUP_POLICY_OBJECT **forced_gpo_list)
 {
-	/* (L)ocal (S)ite (D)omain (O)rganizational(U)nit */
+	/*
+	 * Push GPOs to gpo_list so that the traversal order of the list matches
+	 * the order of application:
+	 * (L)ocal (S)ite (D)omain (O)rganizational(U)nit
+	 * For different domains and OUs: parent-to-child.
+	 * Within same level of domains and OUs: Link order.
+	 * Since GPOs are pushed to the front of gpo_list, GPOs have to be
+	 * pushed in the opposite order of application (OUs first, local last,
+	 * child-to-parent).
+	 * Forced GPOs are appended in the end since they override all others.
+	 */
 
 	ADS_STATUS status;
 	struct GP_LINK gp_link;
@@ -734,6 +756,7 @@ ADS_STATUS ads_get_gpo_list(ADS_STRUCT *ads,
 	bool add_only_forced_gpos = false;
 
 	ZERO_STRUCTP(gpo_list);
+	ZERO_STRUCTP(forced_gpo_list);
 
 	if (!dn) {
 		return ADS_ERROR_NT(NT_STATUS_INVALID_PARAMETER);
@@ -745,52 +768,54 @@ ADS_STATUS ads_get_gpo_list(ADS_STRUCT *ads,
 
 	DEBUG(10,("ads_get_gpo_list: getting GPO list for [%s]\n", dn));
 
-	/* (L)ocal */
-	status = add_local_policy_to_gpo_list(mem_ctx, gpo_list,
-					      GP_LINK_LOCAL);
-	if (!ADS_ERR_OK(status)) {
-		return status;
-	}
+	tmp_dn = dn;
 
-	/* (S)ite */
+	while ((parent_dn = ads_parent_dn(tmp_dn)) &&
+	       (!strequal(parent_dn, ads_parent_dn(ads->config.bind_path)))) {
 
-	/* are site GPOs valid for users as well ??? */
-	if (flags & GPO_LIST_FLAG_MACHINE) {
 
-		status = ads_site_dn_for_machine(ads, mem_ctx,
-						 ads->config.ldap_server_name,
-						 &site_dn);
-		if (!ADS_ERR_OK(status)) {
-			return status;
-		}
+		/* (O)rganizational(U)nit */
 
-		DEBUG(10,("ads_get_gpo_list: query SITE: [%s] for GPOs\n",
-			site_dn));
+		/* An account can be a member of more OUs */
+		if (strncmp(parent_dn, "OU=", strlen("OU=")) == 0) {
 
-		status = ads_get_gpo_link(ads, mem_ctx, site_dn, &gp_link);
-		if (ADS_ERR_OK(status)) {
+			DEBUG(10,("ads_get_gpo_list: query OU: [%s] for GPOs\n",
+				parent_dn));
 
-			if (DEBUGLEVEL >= 100) {
-				dump_gplink(&gp_link);
-			}
+			status = ads_get_gpo_link(ads, mem_ctx, parent_dn,
+						  &gp_link);
+			if (ADS_ERR_OK(status)) {
 
-			status = add_gplink_to_gpo_list(ads, mem_ctx, gpo_list,
-							site_dn, &gp_link,
-							GP_LINK_SITE,
+				if (DEBUGLEVEL >= 100) {
+					dump_gplink(&gp_link);
+				}
+
+				status = add_gplink_to_gpo_list(ads,
+							mem_ctx,
+							gpo_list,
+							forced_gpo_list,
+							parent_dn,
+							&gp_link,
+							GP_LINK_OU,
 							add_only_forced_gpos,
 							token);
-			if (!ADS_ERR_OK(status)) {
-				return status;
-			}
+				if (!ADS_ERR_OK(status)) {
+					return status;
+				}
 
-			if (flags & GPO_LIST_FLAG_SITEONLY) {
-				return ADS_ERROR(LDAP_SUCCESS);
+				/* block inheritance from now on */
+				if (gp_link.gp_opts &
+				    GPOPTIONS_BLOCK_INHERITANCE) {
+					add_only_forced_gpos = true;
+				}
 			}
-
-			/* inheritance can't be blocked at the site level */
 		}
+
+		tmp_dn = parent_dn;
+
 	}
 
+	/* reset dn again */
 	tmp_dn = dn;
 
 	while ((parent_dn = ads_parent_dn(tmp_dn)) &&
@@ -812,15 +837,10 @@ ADS_STATUS ads_get_gpo_list(ADS_STRUCT *ads,
 					dump_gplink(&gp_link);
 				}
 
-				/* block inheritance from now on */
-				if (gp_link.gp_opts &
-				    GPOPTIONS_BLOCK_INHERITANCE) {
-					add_only_forced_gpos = true;
-				}
-
 				status = add_gplink_to_gpo_list(ads,
 							mem_ctx,
 							gpo_list,
+							forced_gpo_list,
 							parent_dn,
 							&gp_link,
 							GP_LINK_DOMAIN,
@@ -829,58 +849,101 @@ ADS_STATUS ads_get_gpo_list(ADS_STRUCT *ads,
 				if (!ADS_ERR_OK(status)) {
 					return status;
 				}
+
+				/* block inheritance from now on */
+				if (gp_link.gp_opts &
+				    GPOPTIONS_BLOCK_INHERITANCE) {
+					add_only_forced_gpos = true;
+				}
 			}
 		}
 
 		tmp_dn = parent_dn;
 	}
 
-	/* reset dn again */
-	tmp_dn = dn;
-
-	while ((parent_dn = ads_parent_dn(tmp_dn)) &&
-	       (!strequal(parent_dn, ads_parent_dn(ads->config.bind_path)))) {
-
-
-		/* (O)rganizational(U)nit */
+	/* (S)ite */
 
-		/* An account can be a member of more OUs */
-		if (strncmp(parent_dn, "OU=", strlen("OU=")) == 0) {
+	/* are site GPOs valid for users as well ??? */
+	if (flags & GPO_LIST_FLAG_MACHINE) {
 
-			DEBUG(10,("ads_get_gpo_list: query OU: [%s] for GPOs\n",
-				parent_dn));
+		status = ads_site_dn_for_machine(ads, mem_ctx,
+						 ads->config.ldap_server_name,
+						 &site_dn);
+		if (!ADS_ERR_OK(status)) {
+			return status;
+		}
 
-			status = ads_get_gpo_link(ads, mem_ctx, parent_dn,
-						  &gp_link);
-			if (ADS_ERR_OK(status)) {
+		DEBUG(10,("ads_get_gpo_list: query SITE: [%s] for GPOs\n",
+			site_dn));
 
-				if (DEBUGLEVEL >= 100) {
-					dump_gplink(&gp_link);
-				}
+		status = ads_get_gpo_link(ads, mem_ctx, site_dn, &gp_link);
+		if (ADS_ERR_OK(status)) {
 
-				/* block inheritance from now on */
-				if (gp_link.gp_opts &
-				    GPOPTIONS_BLOCK_INHERITANCE) {
-					add_only_forced_gpos = true;
-				}
+			if (DEBUGLEVEL >= 100) {
+				dump_gplink(&gp_link);
+			}
 
-				status = add_gplink_to_gpo_list(ads,
+			status = add_gplink_to_gpo_list(ads,
 							mem_ctx,
 							gpo_list,
-							parent_dn,
+							forced_gpo_list,
+							site_dn,
 							&gp_link,
-							GP_LINK_OU,
+							GP_LINK_SITE,
 							add_only_forced_gpos,
 							token);
-				if (!ADS_ERR_OK(status)) {
-					return status;
-				}
+			if (!ADS_ERR_OK(status)) {
+				return status;
+			}
+
+			if (flags & GPO_LIST_FLAG_SITEONLY) {
+				return ADS_ERROR(LDAP_SUCCESS);
 			}
+
+			/* inheritance can't be blocked at the site level */
 		}
+	}
 
-		tmp_dn = parent_dn;
+	/* (L)ocal */
+	status = add_local_policy_to_gpo_list(mem_ctx, gpo_list,
+					      GP_LINK_LOCAL);
+	if (!ADS_ERR_OK(status)) {
+		return status;
+	}
+
+	return ADS_ERROR(LDAP_SUCCESS);
+}
+
+/****************************************************************
+ Get the full list of GROUP_POLICY_OBJECTs for a given dn, wrapper
+ around ads_get_gpo_list_internal() that ensures correct ordering.
+****************************************************************/
+
+ADS_STATUS ads_get_gpo_list(ADS_STRUCT *ads,
+			    TALLOC_CTX *mem_ctx,
+			    const char *dn,
+			    uint32_t flags,
+			    const struct security_token *token,
+			    struct GROUP_POLICY_OBJECT **gpo_list)
+{
+	struct GROUP_POLICY_OBJECT *forced_gpo_list = NULL;
+	ADS_STATUS status;
 
-	};
+	status = ads_get_gpo_list_internal(ads,
+					   mem_ctx,
+					   dn,
+					   flags,
+					   token,
+					   gpo_list,
+					   &forced_gpo_list);
+	if (!ADS_ERR_OK(status)) {
+		return status;
+	}
+	/*
+	 * Append |forced_gpo_list| at the end of |gpo_list|,
+	 * so that forced GPOs are applied on top of non enforced GPOs.
+	 */
+	DLIST_CONCATENATE(*gpo_list, forced_gpo_list);
 
 	return ADS_ERROR(LDAP_SUCCESS);
 }
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index b3bcc8a..66ac1e1 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -781,6 +781,8 @@ sub setup_fileserver($$)
 	push(@dirs,$tarmode_sharedir);
 
 	my $fileserver_options = "
+	kernel change notify = yes
+
 [lowercase]
 	path = $lower_case_share_dir
 	comment = smb username is [%U]
diff --git a/source3/include/messages.h b/source3/include/messages.h
index ea89383..0d98d21 100644
--- a/source3/include/messages.h
+++ b/source3/include/messages.h
@@ -141,18 +141,15 @@ struct tevent_req *messaging_read_send(TALLOC_CTX *mem_ctx,
 int messaging_read_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
 			struct messaging_rec **presult);
 
-struct tevent_req *messaging_handler_send(
-	TALLOC_CTX *mem_ctx, struct tevent_context *ev,
-	struct messaging_context *msg_ctx, uint32_t msg_type,
-	bool (*handler)(struct messaging_context *msg_ctx,
-			struct messaging_rec **rec, void *private_data),
-	void *private_data);
-int messaging_handler_recv(struct tevent_req *req);
-
 int messaging_cleanup(struct messaging_context *msg_ctx, pid_t pid);
 
 bool messaging_parent_dgm_cleanup_init(struct messaging_context *msg);
 
+struct messaging_rec *messaging_rec_create(
+	TALLOC_CTX *mem_ctx, struct server_id src, struct server_id dst,
+	uint32_t msg_type, const struct iovec *iov, int iovlen,
+	const int *fds, size_t num_fds);
+
 #include "librpc/gen_ndr/ndr_messaging.h"
 
 #endif
diff --git a/source3/lib/messages.c b/source3/lib/messages.c
index 69dfbf3..c70fb81 100644
--- a/source3/lib/messages.c
+++ b/source3/lib/messages.c
@@ -108,7 +108,7 @@ static void ping_message(struct messaging_context *msg_ctx,
 	messaging_send(msg_ctx, src, MSG_PONG, data);
 }
 
-static struct messaging_rec *messaging_rec_create(
+struct messaging_rec *messaging_rec_create(
 	TALLOC_CTX *mem_ctx, struct server_id src, struct server_id dst,
 	uint32_t msg_type, const struct iovec *iov, int iovlen,
 	const int *fds, size_t num_fds)
@@ -904,87 +904,6 @@ int messaging_read_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
 	return 0;
 }
 
-struct messaging_handler_state {
-	struct tevent_context *ev;


-- 
Samba Shared Repository



More information about the samba-cvs mailing list