[SCM] Samba Shared Repository - branch v4-10-test updated

Karolin Seeger kseeger at samba.org
Fri Aug 23 13:27:03 UTC 2019


The branch, v4-10-test has been updated
       via  52f6e7cd578 vfs_glusterfs: Enable profiling for file system operations
       via  a5fe60748c9 undoguidx: blackbox test
       via  fc4d63d657e undoduididx: Add "or later" to warning about using tools from Samba 4.8
       via  718cfd14198 sambaundoguididx: fix for -s
       via  45f05dc5363 sambaundoguididx: Add flags=ldb.FLG_DONT_CREATE_DB and port to Python3
       via  4861e7acf57 s4/scripting: MORE py3 compatible print functions
       via  fe99db5c349 ldb: Release ldb 1.5.6
       via  ded3ef299c7 ldb: ldbdump key and pack format version comments
       via  f74bea537bc ldb: baseinfo pack format check on init
       via  abf29c23941 ldb: Fix segfault parsing new pack formats
       via  237bebf28e1 ldb: test for parse errors
       via  ea4371d020d vfs_gpfs: Implement special case for denying owner access to ACL
       via  13195dff232 vfs_gpfs: Move mapping from generic NFSv ACL to GPFS ACL to separate function
       via  0ec7ac3eb18 docs: Remove gpfs:merge_writeappend from vfs_gpfs manpage
       via  b1eb79b9ccc vfs_gpfs: Remove merge_writeappend parameter
       via  37eebf44451 nfs4_acls: Use correct owner information for ACL after owner change
       via  cf26e075382 nfs4_acls: Add test for merging duplicates when mapping from NFS4 ACL to DACL
       via  1a9b67dbafc nfs4_acls: Remove duplicate entries when mapping from NFS4 ACL to DACL
       via  a10f9e6b461 nfs4_acls: Rename smbacl4_fill_ace4 function
       via  e637a2213e5 nfs4_acls: Add additional owner entry when mapping to NFS4 ACL with IDMAP_TYPE_BOTH
       via  6996ae8fd6b nfs4_acls: Remove redundant pointer variable
       via  e64fee96fa2 nfs4_acls: Remove redundant logging from smbacl4_fill_ace4
       via  8eb5b3964ad nfs4_acls: Move adding of NFS4 ACE to ACL to smbacl4_fill_ace4
       via  5a384b89fd6 nfs4_acls: Move smbacl4_MergeIgnoreReject function
       via  af3d3b02bbc nfs4_acls: Remove i argument from smbacl4_MergeIgnoreReject
       via  8f9b1a92f28 nfs4_acls: Add missing braces in smbacl4_win2nfs4
       via  e9b2e353778 nfs4_acls: Add helper function for checking INHERIT flags.
       via  5095221e8df nfs4_acls: Use correct type when checking ownerGID
       via  f321f066d19 nfs4_acls: Use switch/case for checking idmap type
       via  8acc4979817 nfs4_acls: Use sids_to_unixids to lookup uid or gid
       via  ab0443b684e test_nfs4_acls: Add test for mapping from DACL to NFS4 ACL with IDMAP_TYPE_BOTH
       via  b3485711137 test_nfs4_acls: Add test for mapping from NFS4 ACL to DACL with IDMAP_TYPE_BOTH
       via  753f986f514 test_nfs4_acls: Add test for mapping from NFS4 to DACL in config mode special
       via  db82829628f test_nfs4_acls: Add test for mapping from DACL to NFS4 ACL with config special
       via  348d662474a test_nfs4_acls: Add test for matching DACL entries for acedup
       via  a37db7d7494 test_nfs4_acls: Add test for acedup settings
       via  5b591773bcc test_nfs4_acls: Add test for 'map full control' option
       via  74cf7490384 test_nfs4_acls: Add test for mapping from NFS4 to DACL CREATOR entries
       via  c437f74a6d3 test_nfs4_acls: Add test for mapping CREATOR entries to NFS4 ACL entries
       via  060d32a223a test_nfs4_acls: Add test for mapping from DACL to special NFS4 ACL entries
       via  4ab8b0eb754 test_nfs4_acls: Add test for mapping of special NFS4 ACL entries to DACL entries
       via  b99bf6e4638 test_nfs4_acls: Add test for mapping permissions from DACL to NFS4 ACL
       via  95138d57872 test_nfs4_acls: Add test for mapping permissions from NFS4 ACL to DACL
       via  8d378ce76c6 test_nfs4_acls: Add test for flags mapping from DACL to NFS4 ACL
       via  248f8f2de5a test_nfs4_acls: Add test for flags mapping from NFS4 ACL to DACL
       via  c1e2f6d9ed8 test_nfs4_acls: Add tests for mapping of ACL types
       via  bfed986cd00 test_nfs4_acls: Add tests for mapping of empty ACLs
       via  fe19ee91c22 selftest: Start implementing unit test for nfs4_acls
       via  6ce0e2aa39e nfs4_acls: Remove fsp from smbacl4_win2nfs4
       via  8c1ae65b581 Revert "nfs4acl: Fix owner mapping with ID_TYPE_BOTH"
       via  836e7ef2078 Add PrimaryGroupId to group array in DC response
       via  cbd749ec05f selftest: check for PrimaryGroupId in DC returned group array
       via  5d48bbd8c53 selftest: remote_pac: s/s2u4self/s4u2self/g
       via  505297b3909 vfs:glusterfs_fuse: build only if we have setmntent()
       via  f7058626876 vfs:glusterfs_fuse: ensure fileids are constant across nodes
      from  baafb6fc060 VERSION: Bump version up to 4.10.8...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test


- Log -----------------------------------------------------------------
commit 52f6e7cd5787e885ca1ca9163075948f8e0ee5fb
Author: Anoop C S <anoopcs at redhat.com>
Date:   Mon Aug 5 10:45:01 2019 +0530

    vfs_glusterfs: Enable profiling for file system operations
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14093
    
    Signed-off-by: Anoop C S <anoopcs at redhat.com>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Tue Aug 20 19:25:28 UTC 2019 on sn-devel-184
    
    Autobuild-User(v4-10-test): Karolin Seeger <kseeger at samba.org>
    Autobuild-Date(v4-10-test): Fri Aug 23 13:26:29 UTC 2019 on sn-devel-144

commit a5fe60748c9a353f0165f85a0621af7885541a47
Author: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Date:   Thu May 23 13:21:19 2019 +1200

    undoguidx: blackbox test
    
    This test confirms that running undoguididx causes all GUID keys to be
    replaced with DN keys at the KV level
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13978
    
    Signed-off-by: Aaron Haslett <aaronhaslett at catalyst.net.nz>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Garming Sam <garming at catalyst.net.nz>
    (backport from commit 74d15c9bf76f0a2fb5fa7b7b1d80971d10c4fe45,
    ab376a97c972d2d5ebfb912ed90664c787860dc8 and 56400153c8c7052fe319f273c30c6d59556102dc)
    
    ab376a97c972d2d5ebfb912ed90664c787860dc8 was:
    
    selftest: Specifically remove files generated by provision
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
    
    56400153c8c7052fe319f273c30c6d59556102dc was:
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>

commit fc4d63d657e32a0f488722a79d7b9e1180682af2
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Wed May 29 16:36:00 2019 +1200

    undoduididx: Add "or later" to warning about using tools from Samba 4.8
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13978
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Garming Sam <garming at catalyst.net.nz>
    (cherry picked from commit 09f2a187b3d8c161e2c11588499b3256a9dbcc95)

commit 718cfd141984a87c9eeceb158f547e06e7f19ca0
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon May 20 16:29:10 2019 +1200

    sambaundoguididx: fix for -s
    
    Quick fix running this script with -s instead of -H. samdb_url() returns
    a url with a protocol prefix, which causes issues further down in the
    script.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13978
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Garming Sam <garming at catalyst.net.nz>
    (cherry picked from commit 40ca8ed5a152ae7c5ec039649c09a037a20a4143)

commit 45f05dc5363c46540c80370dc3168ba88c18a4ca
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Mon May 20 16:29:10 2019 +1200

    sambaundoguididx: Add flags=ldb.FLG_DONT_CREATE_DB and port to Python3
    
    In py3 we need to add an extra str() around the returned ldb value to
    enable .split() to be used.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13978
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed By: Noel Power <npower at samba.org>
    
    Autobuild-User(master): Noel Power <npower at samba.org>
    Autobuild-Date(master): Thu May 23 14:25:52 UTC 2019 on sn-devel-184
    
    (cherry picked from commit 1a9da378a1505daff498be6d6355debd73526a1a)

commit 4861e7acf57fef679c58f13fd17fa631ab0926d7
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date:   Sat Mar 9 13:48:29 2019 +1300

    s4/scripting: MORE py3 compatible print functions
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13978
    
    Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    (cherry picked from commit 561b654bc5bc2f5e614c5c2ab378193ca94d481a)

commit fe99db5c349209a02ac169b9e57f1c6a75573af1
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Tue Jul 16 17:53:47 2019 +1200

    ldb: Release ldb 1.5.6
    
    * Fix segfault parsing new pack formats or invalid packed data (bug 13959)
    * Check for new pack formats during startup (bug 13977)
    * Making ldbdump print out pack format info and keys so we have
      low level visibility for testing in python (for bug 13978)
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13959
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>

commit ded3ef299c76f9e94df6350cb34e0f9751ffff40
Author: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Date:   Mon May 20 16:19:51 2019 +1200

    ldb: ldbdump key and pack format version comments
    
    For testing we need to know the actual KV level key of records and each
    record's pack format version. This patch makes ldbdump add comments with
    that info. We will parse it out in python tests.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13978
    
    Signed-off-by: Aaron Haslett <aaronhaslett at catalyst.net.nz>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
    
    Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
    Autobuild-Date(master): Wed May 22 05:58:17 UTC 2019 on sn-devel-184
    
    (cherry picked from commit a666a99e4dc594bc153cd26b24cddd547c1cc750)

commit f74bea537bc5519151d0ee406969b94b2b32392d
Author: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Date:   Fri May 10 18:10:51 2019 +1200

    ldb: baseinfo pack format check on init
    
    We will be adding a new packing format in forthcoming commits and there
    may be more versions in the future. We need to make sure the database
    contains records in a format we know how to read and write.
    Done by fetching the @BASEINFO record and reading the first 4
    bytes which contain the packing format version.
    
    NOTE: Configure with --abi-check-disable to build this commit. This
    patch is part of a set of LDB ABI changes, and the version update is
    done on the last commit.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13977
    
    Signed-off-by: Aaron Haslett <aaronhaslett at catalyst.net.nz>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Gary Lockyer <gary at catalyst.net.nz>
    (backported from commit 474e55523224430781ed22aa2d0c8a474306e794)

commit abf29c23941d91355d89c239a1578d9f3b95328d
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Wed May 22 16:38:08 2019 +1200

    ldb: Fix segfault parsing new pack formats
    
    We need to check for the errors given by ldb_unpack() et al by preserving
    the error code from kv_ctx->parser() called by tdb_parse_record() in
    ltdb_parse_record().
    
    Otherwise we will silently accept corrupt records and segfault later.
    
    Likewise new pack formats will confuse the parser but not be
    detected except by the incomplete struct ldb_message.
    
    With this patch, the user will see a message like:
    
     Invalid data for index  DN=@BASEINFO
    
     Failed to connect to 'st/ad_dc/private/sam.ldb' with backend 'tdb': Unable to load ltdb cache records for backend 'ldb_tdb backend'
     Failed to connect to st/ad_dc/private/sam.ldb - Unable to load ltdb cache records for backend 'ldb_tdb backend'
    
    This can be refined in the future by a specific check for
    pack format versions in a higher caller, but this much is
    needed regardless to detect corrupt records.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13959
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Garming Sam <garming at catalyst.net.nz>
    (cherry picked from commit a3101b9704f554a350493553336cbbbd7d4ae02e)

commit 237bebf28e1f030978de130099362907fabcbd1c
Author: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Date:   Tue May 28 17:22:10 2019 +1200

    ldb: test for parse errors
    
    Parse errors aren't passed up correctly by the tdb backend. This
    patch modifies a test to expose the issue, next patch will fix it.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13959
    
    Signed-off-by: Aaron Haslett <aaronhaslett at catalyst.net.nz>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Garming Sam <garming at catalyst.net.nz>
    (cherry picked from commit 2de0aebed60b8e83508f50e5391ede618ce0e595)

commit ea4371d020d931ae0898e6a88907bba50576d228
Author: Christof Schmitt <cs at samba.org>
Date:   Tue Jul 9 13:39:55 2019 -0700

    vfs_gpfs: Implement special case for denying owner access to ACL
    
    In GPFS, it is not possible to deny ACL or attribute access through a
    SPECIAL_OWNER entry. The best that can be done is mapping this to a
    named user entry, as this one can at least be stored in an ACL. The same
    cannot be done for inheriting SPECIAL_OWNER entries, as these represent
    CREATOR OWNER entries, and the limitation of not being able to deny
    owner access to ACL or attributes remains.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit c1770ed96fd3137f45d584ba9328333d5505e3af)

commit 13195dff23268201b05c9057795a53fc08b1bb5f
Author: Christof Schmitt <cs at samba.org>
Date:   Tue Jul 9 13:08:35 2019 -0700

    vfs_gpfs: Move mapping from generic NFSv ACL to GPFS ACL to separate function
    
    This is not functional change. It cleans up the code a bit and makes
    expanding this codepath in a later patch easier.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit fbf3a090a9ec94262b2924461cc1d6336af9919c)

commit 0ec7ac3eb18cf653afb0bdf0a9b8cbfd268ca34f
Author: Christof Schmitt <cs at samba.org>
Date:   Wed Jul 10 11:06:19 2019 -0700

    docs: Remove gpfs:merge_writeappend from vfs_gpfs manpage
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 8bd79ecc37376dbaa35606f9c2777653eb3d55e3)

commit b1eb79b9ccc0ec0dddf3a9815380fe9d509b6ffc
Author: Christof Schmitt <cs at samba.org>
Date:   Tue Jul 9 12:04:35 2019 -0700

    vfs_gpfs: Remove merge_writeappend parameter
    
    All supported GPFS versions now support setting WRITE and APPEND in the
    ACLs independently. Remove this now unused parameter to simplify the
    code.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 0aca678fcf1788a76cf0ff11399211c795aa7d2f)

commit 37eebf44451a008948a562836096edcfff5065ca
Author: Christof Schmitt <cs at samba.org>
Date:   Wed Jul 17 15:29:06 2019 -0700

    nfs4_acls: Use correct owner information for ACL after owner change
    
    After a chown, the cached stat data is obviously no longer valid. The
    code in smb_set_nt_acl_nfs4 checked the file correctly, but did only use
    a local buffer for the stat data. So later checks of the stat buffer
    under the fsp->fsp_name->st would still see the old information.
    
    Fix this by removing the local stat buffer and always update the one
    under fsp->fsp_name->st.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 86f7af84f04b06ed96b30f936ace92aa0937be06)

commit cf26e0753829a10a98644a826dda77083206ad22
Author: Christof Schmitt <cs at samba.org>
Date:   Wed Jul 10 13:14:32 2019 -0700

    nfs4_acls: Add test for merging duplicates when mapping from NFS4 ACL to DACL
    
    The previous patch introduced merging of duplicates on the mapping path
    from NFS4 ACL entries to DACL entries. Add a testcase to verify the
    expected behavior of this codepath.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 1a137a2f20c2f159c5feaef230a2b85bb9fb23b5)

commit 1a9b67dbafc8f9534ca0a6e455d4f3a0f56d83a4
Author: Christof Schmitt <cs at samba.org>
Date:   Tue Jul 2 15:08:11 2019 -0700

    nfs4_acls: Remove duplicate entries when mapping from NFS4 ACL to DACL
    
    The previous patch added an additional entry for IDMAP_TYPE_BOTH. When
    mapping back to a DACL, there should be no additional entry. Add a loop
    that will check and remove entries that are exact duplicates.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 9c88602128592ddad537bf70cbe3c51f0b2cebe5)

commit a10f9e6b461cded9b8900979b0ff10531c4af16d
Author: Christof Schmitt <cs at samba.org>
Date:   Thu Jul 18 11:49:29 2019 -0700

    nfs4_acls: Rename smbacl4_fill_ace4 function
    
    As this function now maps the ACE and also adds it to the NFSv4 ACE,
    change the name to better describe its behavior.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 169812943de23cf2752289c63331d786b0b063bd)

commit e637a2213e5bd99da53314b9493ecaf86cf8f5de
Author: Christof Schmitt <cs at samba.org>
Date:   Wed Jul 17 10:49:47 2019 -0700

    nfs4_acls: Add additional owner entry when mapping to NFS4 ACL with IDMAP_TYPE_BOTH
    
    With IDMAP_TYPE_BOTH, all entries have to be mapped to group entries.
    In order to have the file system reflect the owner permissions in the
    POSIX modebits, create a second entry for the user. This will be mapped
    to the "special owner" entry.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit b796119e2df38d1935064556934dd10da6f3d339)

commit 6996ae8fd6b14c9937a4a603509b99087b22a153
Author: Christof Schmitt <cs at samba.org>
Date:   Tue Jul 16 15:56:12 2019 -0700

    nfs4_acls: Remove redundant pointer variable
    
    The previous patch introduced a pointer to a local variable to reduce
    the amount of lines changed. Remove that pointer and adjust all usage
    accordingly.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit aa4644193635d846c2e08e8c1e7b512e8009c2ef)

commit e64fee96fa287268cfc6643d17498251f4ea4dd3
Author: Christof Schmitt <cs at samba.org>
Date:   Tue Jul 16 15:50:36 2019 -0700

    nfs4_acls: Remove redundant logging from smbacl4_fill_ace4
    
    Logging flags in case they do not match seems unnecessary. Other log
    messages should show the flags as well.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 7ab0003ffc098247c3ee3962d7061f2af5a2d00e)

commit 8eb5b3964ad871723df86f8039a0d89a777935a7
Author: Christof Schmitt <cs at samba.org>
Date:   Tue Jul 16 15:30:36 2019 -0700

    nfs4_acls: Move adding of NFS4 ACE to ACL to smbacl4_fill_ace4
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit abb58b17599bd3f9a06037e208dcc5033c7fdd8b)

commit 5a384b89fd675818b57db33e5c41fe4296052582
Author: Christof Schmitt <cs at samba.org>
Date:   Tue Jul 16 15:20:25 2019 -0700

    nfs4_acls: Move smbacl4_MergeIgnoreReject function
    
    This static function will be called earlier in later patches.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 3499d97463110f042415d917160bc2743805a544)

commit af3d3b02bbc83471aab93ee48894cd90d7c8591b
Author: Christof Schmitt <cs at samba.org>
Date:   Mon Jul 15 14:43:01 2019 -0700

    nfs4_acls: Remove i argument from smbacl4_MergeIgnoreReject
    
    This is only used for logging of a rejected ACL, but does not provide
    additional useful information. Remove it to simplify the function a bit.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 44790721e4f2c6ee6f46de7ac88123ce1a9f6e39)

commit 8f9b1a92f2876c455916fb0cf598c81744ddd2c0
Author: Christof Schmitt <cs at samba.org>
Date:   Tue Jul 2 13:20:44 2019 -0700

    nfs4_acls: Add missing braces in smbacl4_win2nfs4
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit ba73d2363d93a376ba4947963c9de45a7e683f02)

commit e9b2e35377819feb63238e1467a59087e3374f73
Author: Christof Schmitt <cs at samba.org>
Date:   Wed Jun 26 13:20:17 2019 -0700

    nfs4_acls: Add helper function for checking INHERIT flags.
    
    This avoids some code duplication. Do not make this static, as it will
    be used in a later patch.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032
    
    Signed-off-by: Christof Schmit <cs at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 336e8668c1cc3682cb3c198eb6dc49baf522a79a)

commit 5095221e8dfef0f00fc440ddb25bd8f68b9997c8
Author: Christof Schmitt <cs at samba.org>
Date:   Tue Jun 25 15:21:06 2019 -0700

    nfs4_acls: Use correct type when checking ownerGID
    
    uid and gid are members of the same union so this makes no difference,
    but for type correctness and readability use the gid to check for
    ownerGID.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 3b3d722ce579c19c7b08d06a3adea275537545dc)

commit f321f066d197c1104014b275b22cf29ead99e61b
Author: Christof Schmitt <cs at samba.org>
Date:   Mon Jul 15 13:15:32 2019 -0700

    nfs4_acls: Use switch/case for checking idmap type
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit f198a0867e71f248d4887ab0b6f2832123b16d11)

commit 8acc497981773391e192401354e4ff4644632fb5
Author: Christof Schmitt <cs at samba.org>
Date:   Wed Jun 26 13:24:16 2019 -0700

    nfs4_acls: Use sids_to_unixids to lookup uid or gid
    
    This is the newer API to lookup id mappings and will make it easier to
    add to the IDMAP_TYPE_BOTH case.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit d9a2ff559e1ad953141b1118a9e370496f1f61fa)

commit ab0443b684e5b7f7a93bdee8e6abcef833e1a1be
Author: Christof Schmitt <cs at samba.org>
Date:   Tue Jul 2 13:04:44 2019 -0700

    test_nfs4_acls: Add test for mapping from DACL to NFS4 ACL with IDMAP_TYPE_BOTH
    
    When id mappings use IDMAP_TYPE_BOTH, the NFSv4 ACL mapping code is not
    aware whether a particular entry is for a user or a group. The
    underlying assumption then is that is should not matter, as both the ACL
    mapping maps everything to NFSv4 ACL group entries and the user's token
    will contain gid entries for the groups.
    
    Add a testcase to verify that when mapping from DACLS to NFSv4 ACL
    entries with IDMAP_TYPE_BOTH, all entries are mapped as expected.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 38331b00521ef764893a74add01758f14567d901)

commit b34857111373ae69725dc9355e96c031a76a7cc6
Author: Christof Schmitt <cs at samba.org>
Date:   Tue Jul 2 12:50:42 2019 -0700

    test_nfs4_acls: Add test for mapping from NFS4 ACL to DACL with IDMAP_TYPE_BOTH
    
    When id mappings use IDMAP_TYPE_BOTH, the NFSv4 ACL mapping code is not
    aware whether a particular entry is for a user or a group. The
    underlying assumption then is that is should not matter, as both the ACL
    mapping maps everything to NFSv4 ACL group entries and the user's token
    will contain gid entries for the groups.
    
    Add a testcase to verify that when mapping from NFSv4 ACL entries to
    DACLs with IDMAP_TYPE_BOTH, all entries are mapped as expected.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 86480410aec1d2331c65826a13f909492165a291)

commit 753f986f514a7892c0a66b40686eec1eb1c576d6
Author: Christof Schmitt <cs at samba.org>
Date:   Tue Jul 2 12:23:02 2019 -0700

    test_nfs4_acls: Add test for mapping from NFS4 to DACL in config mode special
    
    The mapping code between NFSv4 ACLs and security descriptors still has
    the deprecated config setting "nfs4:mode = special". This should not be
    used as it has security problems: All entries matching owner or group
    are mapped to "special owner" or "special group", which can change its
    meaning when being inherited to a new file or directory with different
    owner and owning group.
    
    This mode should eventually be removed, but as long as it still exists
    add testcases to verify the expected behavior. This patch adds the
    testcase for "nfs4:mode = special" when mapping from the NFS4 ACL to the
    DACL in the security descriptor.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 829c5ea99685c0629fd67ed0528897534ff35b36)

commit db82829628f6d6ad919cddf53364c9e8593913e9
Author: Christof Schmitt <cs at samba.org>
Date:   Tue Jul 2 12:16:08 2019 -0700

    test_nfs4_acls: Add test for mapping from DACL to NFS4 ACL with config special
    
    The mapping code between NFSv4 ACLs and security descriptors still has
    the deprecated config setting "nfs4:mode = special". This should not be
    used as it has security problems: All entries matching owner or group
    are mapped to "special owner" or "special group", which can change its
    meaning when being inherited to a new file or directory with different
    owner and owning group.
    
    This mode should eventually be removed, but as long as it still exists
    add testcases to verify the expected behavior. This patch adds the
    testcase for "nfs4:mode = special" when mapping from the DACL in the
    security descriptor to the NFSv4 ACL.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 7ae06d96eb59722154d30e21949f9dba4f2f0bc6)

commit 348d662474ace4fb4323d0e0456fcc7e13b6bbbc
Author: Christof Schmitt <cs at samba.org>
Date:   Tue Jul 2 12:09:04 2019 -0700

    test_nfs4_acls: Add test for matching DACL entries for acedup
    
    The NFSv4 mapping code has a config option nfs4:acedup for the mapping
    path from DACLs to NFSv4 ACLs. Part of this codepath is detecting
    duplicate ACL entries. Add a testcase with different ACL entries and
    verify that only exactly matching entries are detected as duplicates and
    treated accordingly.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit f55cdf42a14f314102f2e13cb06d4db48c08ad4b)

commit a37db7d7494c24a2cfd093bd845243ef7df6cedb
Author: Christof Schmitt <cs at samba.org>
Date:   Tue Jul 2 12:07:36 2019 -0700

    test_nfs4_acls: Add test for acedup settings
    
    The NFSv4 ACL mapping code has a setting nfs4:acedup. Depending on the
    setting, when mapping from DACLs to NFSv4 ACLs, duplicate ACL entries
    are either merged, ignored or rejected. Add a testcase that has
    duplicate ACL entries and verify the expected behavior for all possible
    settings of the nfs4:acedup option.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 9671bf2b9f055012057620207624aa2f4ea6833e)

commit 5b591773bcc0e632753646163aaf4d675a78e460
Author: Christof Schmitt <cs at samba.org>
Date:   Tue Jul 2 12:02:58 2019 -0700

    test_nfs4_acls: Add test for 'map full control' option
    
    "map full control" when enabled adds the DELETE_CHILD permission, when
    all other permissions are present. This allows Windows clients to
    display the "FULL CONTROL" permissions.
    
    Add a testcase that verifies this mapping when mapping from NFSv4 ACL to
    the DACL in the security descriptor. Also verify that switching the
    option off disables this behavior.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 30677df4dac4ebfcf4e3198db33f14be37948197)

commit 74cf74903842af3eb174f24bb059b646692276b1
Author: Christof Schmitt <cs at samba.org>
Date:   Tue Jul 2 11:57:45 2019 -0700

    test_nfs4_acls: Add test for mapping from NFS4 to DACL CREATOR entries
    
    Add testcase for mapping from NFSv4 ACL entries for "special owner" and
    "special group" to DACL entries in the security descriptor. Each NFSv4
    entry here with INHERIT_ONLY maps directly to a CREATOR OWNER or CREATOR
    GROUP entry in the DACL. Entries without INHERIT_ONLY map to the CREATOR
    entry and an additional explicit entry granting permission on the
    current object.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 3c9cda0f6d80258ef0c2a80d6e24dfb650fea1b1)

commit c437f74a6d3bb7c04c20bd631984210292056477
Author: Christof Schmitt <cs at samba.org>
Date:   Tue Jul 2 11:55:59 2019 -0700

    test_nfs4_acls: Add test for mapping CREATOR entries to NFS4 ACL entries
    
    Add testcase for mapping DACL entries CREATOR OWNER and CREATOR GROUP
    with inheritance flag in the security descriptor to NFSv4 "special
    owner" and "special group" entries. This is the correct mapping for
    these entries as inheriting "special owner" and "special group" grants
    permissions to the actual owner and owning group of the new file or
    directory, similar to what CREATOR entries do.
    
    The other side is that CREATOR entries without any inheritance flags do
    not make sense, so these are not mapped to NFSv4 ACL entries.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit bfcc19b705f83bdd5cf665fd4daf43e7eae997a9)

commit 060d32a223ad06265aefb85e4b1242dff820a4b6
Author: Christof Schmitt <cs at samba.org>
Date:   Tue Jul 2 11:53:15 2019 -0700

    test_nfs4_acls: Add test for mapping from DACL to special NFS4 ACL entries
    
    Add testcase for mapping from entries in the DACL security descriptor to
    "special" entries in the NFSv4 ACL. Verify that the WORLD well-known SID
    maps to "everyone" in the NFSv4 ACL. Verify that the "Unix NFS" SID is
    ignored, as there is no meaningful mapping for this entry. Verify that
    SID entries matching the owner or group are mapped to "special owner"
    or "special group", but only if no inheritance flags are used. "special
    owner" and "special group" with inheritance flags have the meaning of
    CREATOR OWNER and CREATOR GROUP and will be tested in another testcase.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 1f1fa5bde2c76636c1beec39c21067b252ea10be)

commit 4ab8b0eb75465ccf74eaa7368a9f542f2c2fe966
Author: Christof Schmitt <cs at samba.org>
Date:   Tue Jul 2 11:46:23 2019 -0700

    test_nfs4_acls: Add test for mapping of special NFS4 ACL entries to DACL entries
    
    In addition to entries for users and groups, NFSv4 ACLs have the concept
    of entries for "special" entries. Only the "owner", "group" and
    "everyone" entries are currently used in the ACL mapping.
    
    Add a testcase that verifies the mapping from NFSv4 "special" entries to
    the DACL in the security descriptor. Verify that only "owner", "group"
    and "everyone" are mapped and all other "special" entries are ignored.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit f86148948c7f89307a34e31f6ddede6923149d34)

commit b99bf6e4638860a80f669bffa38b775cb70910c3
Author: Christof Schmitt <cs at samba.org>
Date:   Tue Jul 2 11:35:34 2019 -0700

    test_nfs4_acls: Add test for mapping permissions from DACL to NFS4 ACL
    
    Add testcase for mapping the permission flags from the DACL in the
    Security Descriptor to a NFSv4 ACL. The mapping is straight-forward as
    the same permission bits exist for Security Descriptors and NFSv4 ACLs.
    In addition, the code also maps from the generic DACL permissions to a
    set of NFSv4 permissions, also verify this mapping.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit e4840e680744bd860beedeb5123704c3c0d6a4d7)

commit 95138d5787280e23e2f87286225f2b99f28e324e
Author: Christof Schmitt <cs at samba.org>
Date:   Tue Jul 2 11:33:29 2019 -0700

    test_nfs4_acls: Add test for mapping permissions from NFS4 ACL to DACL
    
    Add testcase for mapping permissions from the NFSv4 ACL to DACL in the
    security descriptor. The mapping is simple as each permission bit exists
    on both sides.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 1767027b44a9e4ebd865022e3f8abb0c72bf15c6)

commit 8d378ce76c601f4828b586ae64215dd9055d24a7
Author: Christof Schmitt <cs at samba.org>
Date:   Tue Jul 2 11:30:12 2019 -0700

    test_nfs4_acls: Add test for flags mapping from DACL to NFS4 ACL
    
    Add testcase for the mapping of inheritance flags from the DACL in the
    security descriptor to the NFSv4 ACL. The mapping is different for files
    and directories as some inheritance flags should not be present for
    files. Also other flags are not mapped at all, verify this behavior.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit bccd2612761e26ee2514935d56927b2c0c000859)

commit 248f8f2de5ac797479f7d6c4d32ed874a852d360
Author: Christof Schmitt <cs at samba.org>
Date:   Tue Jul 2 11:28:31 2019 -0700

    test_nfs4_acls: Add test for flags mapping from NFS4 ACL to DACL
    
    Add testcase for the mapping of inheritance flags when mapping from a
    NFSv4 ACL to a DACL in the security descriptor. The mapping is different
    between files and directories, as some inheritance flags should never be
    present for files. Some defined flags like SUCCESSFUL_ACCESS are also
    not mapped at this point, also verify this behavior.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 16eb61a900c6749c2554d635ce2dd903f5de1704)

commit c1e2f6d9ed83d071d673967b247061d86b8f2247
Author: Christof Schmitt <cs at samba.org>
Date:   Tue Jul 2 11:25:33 2019 -0700

    test_nfs4_acls: Add tests for mapping of ACL types
    
    Add testcases for mapping the type field (ALLOW or DENY) between NFSv4
    ACLs and security descriptors.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit dd5934797526ebb4c6f3027a809401dad3abf701)

commit bfed986cd0068dc9a2a744515de834b4c4a3a1cc
Author: Christof Schmitt <cs at samba.org>
Date:   Tue Jul 2 11:23:40 2019 -0700

    test_nfs4_acls: Add tests for mapping of empty ACLs
    
    This is a fairly simple test that ensures the mapping of empty ACLs
    (without any ACL entries) is always done the same way.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 00f494b25f4e1d1aecf6191523e30f20a90b1e4f)

commit fe19ee91c22b8f0ea39e97c0ecff0ce5d945ae85
Author: Christof Schmitt <cs at samba.org>
Date:   Tue Jul 2 11:22:13 2019 -0700

    selftest: Start implementing unit test for nfs4_acls
    
    Existing smbtorture tests set and query ACLs through SMB, only working
    with the DACLs in the Security Descriptors, but never check the NFSv4
    ACL representation. This patch introduces a unit test to verify the
    mapping between between Security Descriptors and NFSv4 ACLs. As the
    mapping code queries id mappings, the id mapping cache is first primed
    with the mappings used by the tests and those mappings are removed again
    during teardown.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 8fb906a1860452a320c79ac87917a97303729c19)

commit 6ce0e2aa39ec7d8d8ed4373be58d8ddb2962e99d
Author: Christof Schmitt <cs at samba.org>
Date:   Tue Jun 11 16:15:10 2019 -0700

    nfs4_acls: Remove fsp from smbacl4_win2nfs4
    
    Only the information whether the ACL is for a file or a directory is
    required. Replacing the fsp with a flag is clearer and allows for unit
    testing of the mapping functions.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit a06486bb110d04a90b66a0bca4b1b600ef3c0ebf)

commit 8c1ae65b581b201438346734976c015b6f2eb236
Author: Christof Schmitt <cs at samba.org>
Date:   Fri Jun 7 12:55:32 2019 -0700

    Revert "nfs4acl: Fix owner mapping with ID_TYPE_BOTH"
    
    This reverts commit 5d4f7bfda579cecb123cfb1d7130688f1d1c98b7.
    
    That patch broke the case with ID_TYPE_BOTH where a file is owned by a
    group (e.g. using autorid and having a file owned by
    BUILTIN\Administrators). In this case, the ACE entry for the group gets
    mapped a to a user ACL entry and the group no longer has access (as in
    the user's token the group is not mapped to a uid).
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032
    
    Signed-off-by: Christof Schmitt <cs at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 42bd3a72a2525aa8a918f4bf7067b30ce8e0e197)

commit 836e7ef2078bcc1d195a3c57dbd16c8e60920fd2
Author: Isaac Boukris <iboukris at gmail.com>
Date:   Wed Apr 3 19:45:02 2019 +0300

    Add PrimaryGroupId to group array in DC response
    
    This is a simplified version of the original patch by:
    Felix Botner <botner at univention.de>
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=11362
    
    Pair-Programmed-With: Stefan Metzmacher <metze at samba.org>
    
    Signed-off-by: Isaac Boukris <iboukris at gmail.com>
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    
    Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
    Autobuild-Date(master): Wed Jul  3 13:52:55 UTC 2019 on sn-devel-184
    
    (cherry picked from commit 2ae75184fcb5dc90602aeef113d4c13540073324)

commit cbd749ec05f1895004cd8bb7d43fbcc73a044ab7
Author: Isaac Boukris <iboukris at gmail.com>
Date:   Fri May 31 17:22:50 2019 +0300

    selftest: check for PrimaryGroupId in DC returned group array
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=11362
    
    Signed-off-by: Isaac Boukris <iboukris at gmail.com>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    (cherry picked from commit 3700998419738caa1ca8672fbf5dbaccaaa498fa)

commit 5d48bbd8c530b98fe0ca5b5ff66b6756433e4cca
Author: Isaac Boukris <iboukris at gmail.com>
Date:   Fri May 31 20:02:30 2019 +0300

    selftest: remote_pac: s/s2u4self/s4u2self/g
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=11362
    
    Signed-off-by: Isaac Boukris <iboukris at gmail.com>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    (cherry picked from commit 60afe949c3e664f81c9b0db9c54f701aa2874a5e)

commit 505297b3909f9240f9b4385f253d3ca87c0e3305
Author: Michael Adam <obnox at samba.org>
Date:   Thu Aug 1 00:47:29 2019 +0200

    vfs:glusterfs_fuse: build only if we have setmntent()
    
    FreeBSD and other platforms that don't have setmntent() and friends can
    not compile this module. This patch lets changes the build to only
    compile this module if the setmntent() function is found.
    
    This is the a follow-up fix to the actual fix for bug #13972.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13972
    
    Signed-off-by: Michael Adam <obnox at samba.org>
    Reviewed-by: Amitay Isaacs <amitay at gmail.com>
    
    Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
    Autobuild-Date(master): Thu Aug  1 09:49:04 UTC 2019 on sn-devel-184

commit f705862687681f6e9923c9e8d60c7f6827420982
Author: Michael Adam <obnox at samba.org>
Date:   Sat May 18 11:28:54 2019 +0200

    vfs:glusterfs_fuse: ensure fileids are constant across nodes
    
    Instead of adding a new gluster-specific mode to the fileid module,
    this patches provides a fileid algorithm as part of the glusterfs_fuse
    vfs module. This can not be configured further, simply adding the
    glusterfs_fuse vfs module to the vfs objects configuration will enable
    the new fileid mode.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13972
    
    Signed-off-by: Michael Adam <obnox at samba.org>
    Signed-off-by: Guenther Deschner <gd at samba.org>
    
    Autobuild-User(master): Günther Deschner <gd at samba.org>
    Autobuild-Date(master): Sat Jul 13 22:54:56 UTC 2019 on sn-devel-184

-----------------------------------------------------------------------

Summary of changes:
 auth/auth_sam_reply.c                              |    8 +-
 docs-xml/manpages/vfs_glusterfs_fuse.8.xml         |    8 +
 docs-xml/manpages/vfs_gpfs.8.xml                   |   20 -
 lib/ldb/ABI/{ldb-1.5.1.sigs => ldb-1.5.6.sigs}     |    1 +
 ...yldb-util-1.1.10.sigs => pyldb-util-1.5.6.sigs} |    0
 ...-util-1.1.10.sigs => pyldb-util.py3-1.5.6.sigs} |    0
 lib/ldb/common/ldb_pack.c                          |   23 +-
 lib/ldb/include/ldb_module.h                       |    9 +
 lib/ldb/ldb_key_value/ldb_kv.c                     |    2 +
 lib/ldb/ldb_key_value/ldb_kv.h                     |    1 +
 lib/ldb/ldb_key_value/ldb_kv_cache.c               |   37 +
 lib/ldb/ldb_tdb/ldb_tdb.c                          |    8 +-
 lib/ldb/tests/ldb_kv_ops_test.c                    |   23 +
 lib/ldb/tools/ldbdump.c                            |   24 +
 lib/ldb/wscript                                    |    2 +-
 python/samba/tests/blackbox/undoguididx.py         |  107 ++
 source3/modules/nfs4_acls.c                        |  361 ++--
 source3/modules/nfs4_acls.h                        |    2 +
 source3/modules/test_nfs4_acls.c                   | 1898 ++++++++++++++++++++
 source3/modules/vfs_glusterfs.c                    |  336 +++-
 source3/modules/vfs_glusterfs_fuse.c               |  193 +-
 source3/modules/vfs_gpfs.c                         |  121 +-
 source3/modules/wscript_build                      |    5 +
 source3/selftest/tests.py                          |    4 +
 source3/wscript                                    |    4 +-
 source4/scripting/bin/autoidl                      |   19 +-
 source4/scripting/bin/fullschema                   |    9 +-
 source4/scripting/bin/get-descriptors              |    9 +-
 source4/scripting/bin/minschema                    |   47 +-
 source4/scripting/bin/sambaundoguididx             |   28 +-
 source4/scripting/bin/smbstatus                    |   19 +-
 source4/scripting/devel/addlotscontacts            |    4 +-
 source4/scripting/devel/crackname                  |   10 +-
 source4/scripting/devel/getncchanges               |    8 +-
 source4/selftest/tests.py                          |    2 +
 source4/torture/rpc/remote_pac.c                   |  114 +-
 36 files changed, 3088 insertions(+), 378 deletions(-)
 copy lib/ldb/ABI/{ldb-1.5.1.sigs => ldb-1.5.6.sigs} (99%)
 copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util-1.5.6.sigs} (100%)
 copy lib/ldb/ABI/{pyldb-util-1.1.10.sigs => pyldb-util.py3-1.5.6.sigs} (100%)
 create mode 100644 python/samba/tests/blackbox/undoguididx.py
 create mode 100644 source3/modules/test_nfs4_acls.c


Changeset truncated at 500 lines:

diff --git a/auth/auth_sam_reply.c b/auth/auth_sam_reply.c
index bd695151dc0..b5b6362dc93 100644
--- a/auth/auth_sam_reply.c
+++ b/auth/auth_sam_reply.c
@@ -89,7 +89,7 @@ static NTSTATUS auth_convert_user_info_dc_sambaseinfo(TALLOC_CTX *mem_ctx,
 	sam->groups.count = 0;
 	sam->groups.rids = NULL;
 
-	if (user_info_dc->num_sids > 2) {
+	if (user_info_dc->num_sids > PRIMARY_GROUP_SID_INDEX) {
 		size_t i;
 		sam->groups.rids = talloc_array(mem_ctx, struct samr_RidWithAttribute,
 						user_info_dc->num_sids);
@@ -97,7 +97,7 @@ static NTSTATUS auth_convert_user_info_dc_sambaseinfo(TALLOC_CTX *mem_ctx,
 		if (sam->groups.rids == NULL)
 			return NT_STATUS_NO_MEMORY;
 
-		for (i=2; i<user_info_dc->num_sids; i++) {
+		for (i=PRIMARY_GROUP_SID_INDEX; i<user_info_dc->num_sids; i++) {
 			struct dom_sid *group_sid = &user_info_dc->sids[i];
 			if (!dom_sid_in_domain(sam->domain_sid, group_sid)) {
 				/* We handle this elsewhere */
@@ -451,6 +451,10 @@ NTSTATUS make_user_info_dc_netlogon_validation(TALLOC_CTX *mem_ctx,
 	}
 
 	for (i = 0; i < base->groups.count; i++) {
+		/* Skip primary group, already added above */
+		if (base->groups.rids[i].rid == base->primary_gid) {
+			continue;
+		}
 		user_info_dc->sids[user_info_dc->num_sids] = *base->domain_sid;
 		if (!sid_append_rid(&user_info_dc->sids[user_info_dc->num_sids], base->groups.rids[i].rid)) {
 			return NT_STATUS_INVALID_PARAMETER;
diff --git a/docs-xml/manpages/vfs_glusterfs_fuse.8.xml b/docs-xml/manpages/vfs_glusterfs_fuse.8.xml
index b9f7f42c6f2..f2aa624353e 100644
--- a/docs-xml/manpages/vfs_glusterfs_fuse.8.xml
+++ b/docs-xml/manpages/vfs_glusterfs_fuse.8.xml
@@ -48,6 +48,14 @@
 		case of an exisiting filename.
 	</para>
 
+	<para>
+		Furthermore, this module implements a substitute file-id
+		mechanism. The default file-id mechanism is not working
+		correctly for gluster fuse mount re-exports, so in order to
+		avoid data loss, users exporting gluster fuse mounts with
+		Samba should enable this module.
+	</para>
+
 	<para>
 		This module can be combined with other modules, but it
 		should be the last module in the <command>vfs objects</command>
diff --git a/docs-xml/manpages/vfs_gpfs.8.xml b/docs-xml/manpages/vfs_gpfs.8.xml
index 15e7bcf9d77..2a9af57d661 100644
--- a/docs-xml/manpages/vfs_gpfs.8.xml
+++ b/docs-xml/manpages/vfs_gpfs.8.xml
@@ -204,26 +204,6 @@
 		</varlistentry>
 		<varlistentry>
 
-		<term>gpfs:merge_writeappend = [ yes | no ]</term>
-		<listitem>
-		<para>
-		GPFS ACLs doesn't know about the 'APPEND' right.
-		This option lets Samba map the 'APPEND' right to 'WRITE'.
-		</para>
-
-		<itemizedlist>
-		<listitem><para>
-		<command>yes(default)</command> - map 'APPEND' to 'WRITE'.
-		</para></listitem>
-		<listitem><para>
-		<command>no</command> - do not map 'APPEND' to 'WRITE'.
-		</para></listitem>
-		</itemizedlist>
-		</listitem>
-
-		</varlistentry>
-		<varlistentry>
-
 		<term>gpfs:acl = [ yes | no ]</term>
 		<listitem>
 		<para>
diff --git a/lib/ldb/ABI/ldb-1.5.1.sigs b/lib/ldb/ABI/ldb-1.5.6.sigs
similarity index 99%
copy from lib/ldb/ABI/ldb-1.5.1.sigs
copy to lib/ldb/ABI/ldb-1.5.6.sigs
index 0c1234f1c97..9bf06ce6e93 100644
--- a/lib/ldb/ABI/ldb-1.5.1.sigs
+++ b/lib/ldb/ABI/ldb-1.5.6.sigs
@@ -269,6 +269,7 @@ ldb_transaction_start: int (struct ldb_context *)
 ldb_unpack_data: int (struct ldb_context *, const struct ldb_val *, struct ldb_message *)
 ldb_unpack_data_only_attr_list: int (struct ldb_context *, const struct ldb_val *, struct ldb_message *, const char * const *, unsigned int, unsigned int *)
 ldb_unpack_data_only_attr_list_flags: int (struct ldb_context *, const struct ldb_val *, struct ldb_message *, const char * const *, unsigned int, unsigned int, unsigned int *)
+ldb_unpack_get_format: int (const struct ldb_val *, uint32_t *)
 ldb_val_dup: struct ldb_val (TALLOC_CTX *, const struct ldb_val *)
 ldb_val_equal_exact: int (const struct ldb_val *, const struct ldb_val *)
 ldb_val_map_local: struct ldb_val (struct ldb_module *, void *, const struct ldb_map_attribute *, const struct ldb_val *)
diff --git a/lib/ldb/ABI/pyldb-util-1.1.10.sigs b/lib/ldb/ABI/pyldb-util-1.5.6.sigs
similarity index 100%
copy from lib/ldb/ABI/pyldb-util-1.1.10.sigs
copy to lib/ldb/ABI/pyldb-util-1.5.6.sigs
diff --git a/lib/ldb/ABI/pyldb-util-1.1.10.sigs b/lib/ldb/ABI/pyldb-util.py3-1.5.6.sigs
similarity index 100%
copy from lib/ldb/ABI/pyldb-util-1.1.10.sigs
copy to lib/ldb/ABI/pyldb-util.py3-1.5.6.sigs
diff --git a/lib/ldb/common/ldb_pack.c b/lib/ldb/common/ldb_pack.c
index 448c577ae1b..286803f0b41 100644
--- a/lib/ldb/common/ldb_pack.c
+++ b/lib/ldb/common/ldb_pack.c
@@ -33,12 +33,6 @@
 
 #include "ldb_private.h"
 
-/* change this if the data format ever changes */
-#define LDB_PACKING_FORMAT 0x26011967
-
-/* old packing formats */
-#define LDB_PACKING_FORMAT_NODN 0x26011966
-
 /* use a portable integer format */
 static void put_uint32(uint8_t *p, int ofs, unsigned int val)
 {
@@ -229,7 +223,7 @@ int ldb_unpack_data_only_attr_list_flags(struct ldb_context *ldb,
 	size_t remaining;
 	size_t dn_len;
 	unsigned int i, j;
-	unsigned format;
+	uint32_t format;
 	unsigned int nelem = 0;
 	size_t len;
 	unsigned int found = 0;
@@ -247,7 +241,10 @@ int ldb_unpack_data_only_attr_list_flags(struct ldb_context *ldb,
 		goto failed;
 	}
 
-	format = pull_uint32(p, 0);
+	if (ldb_unpack_get_format(data, &format) != LDB_SUCCESS) {
+		errno = EIO;
+		goto failed;
+	}
 	message->num_elements = pull_uint32(p, 4);
 	p += 8;
 	if (nb_elements_in_db) {
@@ -504,6 +501,16 @@ failed:
 	return -1;
 }
 
+int ldb_unpack_get_format(const struct ldb_val *data,
+			  uint32_t *pack_format_version)
+{
+	if (data->length < 4) {
+		return LDB_ERR_OPERATIONS_ERROR;
+	}
+	*pack_format_version = pull_uint32(data->data, 0);
+	return LDB_SUCCESS;
+}
+
 /*
  * Unpack a ldb message from a linear buffer in ldb_val
  *
diff --git a/lib/ldb/include/ldb_module.h b/lib/ldb/include/ldb_module.h
index c73fc37f3aa..8c47082690b 100644
--- a/lib/ldb/include/ldb_module.h
+++ b/lib/ldb/include/ldb_module.h
@@ -561,11 +561,20 @@ int ldb_unpack_data_only_attr_list_flags(struct ldb_context *ldb,
 					 unsigned int flags,
 					 unsigned int *nb_elements_in_db);
 
+int ldb_unpack_get_format(const struct ldb_val *data,
+			  uint32_t *pack_format_version);
+
 #define LDB_UNPACK_DATA_FLAG_NO_DATA_ALLOC   0x0001
 #define LDB_UNPACK_DATA_FLAG_NO_DN           0x0002
 #define LDB_UNPACK_DATA_FLAG_NO_VALUES_ALLOC 0x0004
 #define LDB_UNPACK_DATA_FLAG_NO_ATTRS        0x0008
 
+/* In-use packing formats */
+#define LDB_PACKING_FORMAT 0x26011967
+
+/* Old packing formats */
+#define LDB_PACKING_FORMAT_NODN 0x26011966
+
 /**
  Forces a specific ldb handle to use the global event context.
 
diff --git a/lib/ldb/ldb_key_value/ldb_kv.c b/lib/ldb/ldb_key_value/ldb_kv.c
index 31bdfb532f2..87ed37bd5a8 100644
--- a/lib/ldb/ldb_key_value/ldb_kv.c
+++ b/lib/ldb/ldb_key_value/ldb_kv.c
@@ -1902,6 +1902,8 @@ int ldb_kv_init_store(struct ldb_kv_private *ldb_kv,
 
 	ldb_kv->sequence_number = 0;
 
+	ldb_kv->pack_format_version = LDB_PACKING_FORMAT;
+
 	ldb_kv->pid = getpid();
 
 	ldb_kv->module = ldb_module_new(ldb, ldb, name, &ldb_kv_ops);
diff --git a/lib/ldb/ldb_key_value/ldb_kv.h b/lib/ldb/ldb_key_value/ldb_kv.h
index cbc5213c765..c31973a39da 100644
--- a/lib/ldb/ldb_key_value/ldb_kv.h
+++ b/lib/ldb/ldb_key_value/ldb_kv.h
@@ -53,6 +53,7 @@ struct ldb_kv_private {
 	unsigned int connect_flags;
 
 	unsigned long long sequence_number;
+	uint32_t pack_format_version;
 
 	/* the low level tdb seqnum - used to avoid loading BASEINFO when
 	   possible */
diff --git a/lib/ldb/ldb_key_value/ldb_kv_cache.c b/lib/ldb/ldb_key_value/ldb_kv_cache.c
index c39273fb097..a795b5352fb 100644
--- a/lib/ldb/ldb_key_value/ldb_kv_cache.c
+++ b/lib/ldb/ldb_key_value/ldb_kv_cache.c
@@ -393,6 +393,13 @@ int ldb_kv_cache_reload(struct ldb_module *module)
 	ldb_kv_cache_free(module);
 	return ldb_kv_cache_load(module);
 }
+static int get_pack_format_version(struct ldb_val key,
+				   struct ldb_val data,
+				   void *private_data)
+{
+	uint32_t *v = (uint32_t *) private_data;
+	return ldb_unpack_get_format(&data, v);
+}
 
 /*
   load the cache records
@@ -409,6 +416,8 @@ int ldb_kv_cache_load(struct ldb_module *module)
 	const struct ldb_schema_attribute *a;
 	bool have_write_txn = false;
 	int r;
+	uint32_t pack_format_version;
+	struct ldb_val key;
 
 	ldb = ldb_module_get_ctx(module);
 
@@ -433,6 +442,34 @@ int ldb_kv_cache_load(struct ldb_module *module)
 	if (r != LDB_SUCCESS) {
 		goto failed;
 	}
+
+	key = ldb_kv_key_dn(module, baseinfo, baseinfo_dn);
+	if (!key.data) {
+		goto failed_and_unlock;
+	}
+
+	/* Read packing format from first 4 bytes of @BASEINFO record */
+	r = ldb_kv->kv_ops->fetch_and_parse(ldb_kv, key,
+					    get_pack_format_version,
+					    &pack_format_version);
+
+	if (r != LDB_ERR_NO_SUCH_OBJECT) {
+		if (r != LDB_SUCCESS) {
+			goto failed_and_unlock;
+		}
+
+		/* Make sure the database has the right format */
+		if (pack_format_version != ldb_kv->pack_format_version) {
+			ldb_debug(ldb, LDB_DEBUG_ERROR,
+				  "Unexpected packing format. "
+				  "Expected: %#010x, Got: %#010x",
+				  pack_format_version,
+				  ldb_kv->pack_format_version);
+			goto failed_and_unlock;
+		}
+	}
+
+	/* Now fetch the whole @BASEINFO record */
 	r = ldb_kv_search_dn1(module, baseinfo_dn, baseinfo, 0);
 	if (r != LDB_SUCCESS && r != LDB_ERR_NO_SUCH_OBJECT) {
 		goto failed_and_unlock;
diff --git a/lib/ldb/ldb_tdb/ldb_tdb.c b/lib/ldb/ldb_tdb/ldb_tdb.c
index 812ddd3e389..51507f5aae1 100644
--- a/lib/ldb/ldb_tdb/ldb_tdb.c
+++ b/lib/ldb/ldb_tdb/ldb_tdb.c
@@ -242,6 +242,7 @@ struct kv_ctx {
 	int (*parser)(struct ldb_val key,
 		      struct ldb_val data,
 		      void *private_data);
+	int parser_ret;
 };
 
 static int ltdb_traverse_fn_wrapper(struct tdb_context *tdb,
@@ -350,7 +351,8 @@ static int ltdb_parse_record_wrapper(TDB_DATA tdb_key,
 		.data = tdb_data.dptr,
 	};
 
-	return kv_ctx->parser(key, data, kv_ctx->ctx);
+	kv_ctx->parser_ret = kv_ctx->parser(key, data, kv_ctx->ctx);
+	return kv_ctx->parser_ret;
 }
 
 static int ltdb_parse_record(struct ldb_kv_private *ldb_kv,
@@ -374,7 +376,9 @@ static int ltdb_parse_record(struct ldb_kv_private *ldb_kv,
 
 	ret = tdb_parse_record(
 	    ldb_kv->tdb, key, ltdb_parse_record_wrapper, &kv_ctx);
-	if (ret == 0) {
+	if (kv_ctx.parser_ret != LDB_SUCCESS) {
+		return kv_ctx.parser_ret;
+	} else if (ret == 0) {
 		return LDB_SUCCESS;
 	}
 	return ltdb_err_map(tdb_error(ldb_kv->tdb));
diff --git a/lib/ldb/tests/ldb_kv_ops_test.c b/lib/ldb/tests/ldb_kv_ops_test.c
index d6a4dc058e5..bd9f3ee5ffb 100644
--- a/lib/ldb/tests/ldb_kv_ops_test.c
+++ b/lib/ldb/tests/ldb_kv_ops_test.c
@@ -202,6 +202,17 @@ static int parse(struct ldb_val key,
 	return LDB_SUCCESS;
 }
 
+/*
+ * Parse function that just returns the int we pass it.
+ */
+static int parse_return(struct ldb_val key,
+		        struct ldb_val data,
+		        void *private_data)
+{
+	int *rcode = private_data;
+	return *rcode;
+}
+
 /*
  * Test that data can be written to the kv store and be read back.
  */
@@ -224,6 +235,7 @@ static void test_add_get(void **state)
 	};
 
 	struct ldb_val read;
+	int rcode;
 
 	int flags = 0;
 	TALLOC_CTX *tmp_ctx;
@@ -261,6 +273,17 @@ static void test_add_get(void **state)
 	assert_int_equal(sizeof(value), read.length);
 	assert_memory_equal(value, read.data, sizeof(value));
 
+	/*
+	 * Now check that the error code we return in the
+	 * parse function is returned by fetch_and_parse.
+	 */
+	for (rcode=0; rcode<50; rcode++) {
+		ret = ldb_kv->kv_ops->fetch_and_parse(ldb_kv, key,
+						      parse_return,
+						      &rcode);
+		assert_int_equal(ret, rcode);
+	}
+
 	ret = ldb_kv->kv_ops->unlock_read(test_ctx->ldb->modules);
 	assert_int_equal(ret, 0);
 	talloc_free(tmp_ctx);
diff --git a/lib/ldb/tools/ldbdump.c b/lib/ldb/tools/ldbdump.c
index a466e4916db..09b4fe0a080 100644
--- a/lib/ldb/tools/ldbdump.c
+++ b/lib/ldb/tools/ldbdump.c
@@ -36,6 +36,26 @@ static struct ldb_context *ldb;
 bool show_index = false;
 bool validate_contents = false;
 
+static void print_data(TDB_DATA d)
+{
+	unsigned char *p = (unsigned char *)d.dptr;
+	int len = d.dsize;
+	while (len--) {
+		if (isprint(*p) && !strchr("\"\\", *p)) {
+			fputc(*p, stdout);
+		} else {
+			printf("\\%02X", *p);
+		}
+		p++;
+	}
+}
+
+static unsigned int pull_uint32(uint8_t *p)
+{
+       return p[0] | (p[1]<<8) | (p[2]<<16) | (p[3]<<24);
+}
+
+
 static int traverse_fn(TDB_CONTEXT *tdb, TDB_DATA key, TDB_DATA _dbuf, void *state)
 {
 	int ret, i, j;
@@ -79,6 +99,10 @@ static int traverse_fn(TDB_CONTEXT *tdb, TDB_DATA key, TDB_DATA _dbuf, void *sta
 		}
 	}
 
+	printf("# key: ");
+	print_data(key);
+	printf("\n# pack format: %#010x\n", pull_uint32(_dbuf.dptr));
+
 	if (!validate_contents || ldb_dn_is_special(msg->dn)) {
 		ldb_ldif_write_file(ldb, stdout, &ldif);
 		TALLOC_FREE(msg);
diff --git a/lib/ldb/wscript b/lib/ldb/wscript
index f8eabbf57c5..92975b9116d 100644
--- a/lib/ldb/wscript
+++ b/lib/ldb/wscript
@@ -1,7 +1,7 @@
 #!/usr/bin/env python
 
 APPNAME = 'ldb'
-VERSION = '1.5.5'
+VERSION = '1.5.6'
 
 import sys, os
 
diff --git a/python/samba/tests/blackbox/undoguididx.py b/python/samba/tests/blackbox/undoguididx.py
new file mode 100644
index 00000000000..b4e017935c1
--- /dev/null
+++ b/python/samba/tests/blackbox/undoguididx.py
@@ -0,0 +1,107 @@
+# Blackbox tests for sambaundoguididx
+#
+# Copyright (C) Catalyst IT Ltd. 2019
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+from __future__ import print_function
+from samba.tests import BlackboxTestCase
+import os
+import ldb
+import shutil
+from subprocess import check_output
+from samba.samdb import SamDB
+
+COMMAND = os.path.join(os.path.dirname(__file__),
+               "../../../../../source4/scripting/bin/sambaundoguididx")
+
+
+class DowngradeTest(BlackboxTestCase):
+    """Test that sambaundoguididx downgrades the samba database"""
+    backend = 'tdb'
+
+    def setUp(self):
+        super(DowngradeTest, self).setUp()
+
+        prov_cmd = "samba-tool domain provision " +\
+                   "--domain FOO --realm foo.example.com " +\
+                   "--targetdir {self.tempdir} " +\
+                   "--backend-store {self.backend} " +\
+                   "--host-name downgradetest " +\
+                   "--option=\"vfs objects=fake_acls xattr_tdb\""
+        prov_cmd = prov_cmd.format(self=self)
+        self.check_run(prov_cmd, "Provisioning for downgrade")
+
+        private_dir = os.path.join(self.tempdir, "private")
+        self.sam_path = os.path.join(private_dir, "sam.ldb")
+        self.ldb = ldb.Ldb(self.sam_path, options=["modules:"])
+
+        partitions = self.ldb.search(base="@PARTITION",
+                                       scope=ldb.SCOPE_BASE,
+                                       attrs=["partition"])
+        partitions = partitions[0]['partition']
+        partitions = [str(p).split(":")[1] for p in partitions]
+        self.dbs = [os.path.join(private_dir, p)
+                    for p in partitions]
+        self.dbs.append(self.sam_path)
+
+    def tearDown(self):
+        shutil.rmtree(os.path.join(self.tempdir, "private"))
+        shutil.rmtree(os.path.join(self.tempdir, "etc"))
+        shutil.rmtree(os.path.join(self.tempdir, "state"))
+        shutil.rmtree(os.path.join(self.tempdir, "bind-dns"))
+        shutil.rmtree(os.path.join(self.tempdir, "msg.lock"))
+        os.unlink(os.path.join(self.tempdir, "names.tdb"))
+        os.unlink(os.path.join(self.tempdir, "gencache.tdb"))
+        super(DowngradeTest, self).tearDown()
+
+    # Parse out the comments above each record that ldbdump produces
+    # containing pack format version and KV level key for each record.
+    # Return all GUID keys and DN keys (without @attrs)
+    def ldbdump_keys_pack_formats(self):
+        # Get all comments from all partition dbs
+        comments = []
+        for db in self.dbs:
+            dump = check_output(["bin/ldbdump", "-i", db])
+            dump = dump.decode("utf-8")
+            dump = dump.split("\n")
+            comments += [s for s in dump if s.startswith("#")]
+
+        guid_key_tag = "# key: GUID="
+        guid_keys = {c[len(guid_key_tag):] for c in comments
+                     if c.startswith(guid_key_tag)}
+
+        dn_key_tag = "# key: DN="


-- 
Samba Shared Repository



More information about the samba-cvs mailing list