[SCM] Samba Shared Repository - branch v4-10-test updated

Karolin Seeger kseeger at samba.org
Tue Jun 18 12:29:23 UTC 2019


The branch, v4-10-test has been updated
       via  881793d52d9 vfs_fruit: change trigger points of AppleDouble conversion
       via  436356f8d00 vfs_fruit: add a forward declaration for ad_get()
       via  886ab13095e selftest: run vfs.fruit test against a share that deletes empty resource forks
       via  0dfaa70427e s4:torture/vfs/fruit: ensure test_adouble_conversion_wo_xattr() uses a non-emtpy resourcefork
       via  6dcec5e2536 s4:torture/vfs/fruit: ensure test_adouble_conversion() uses a non-emtpy resourcefork
       via  e0e1707d8fc registry: add a missing include
       via  16f3a73c1a7 samba-tool dns: use bytes for inet_ntop
       via  40ab50754d1 tests/samba-tool: test dns serverinfo/zoneinfo
       via  b78b7215658 docs: dfree command. Correct usage of dfree scripts.
       via  024d287cb9a lib: util: Finally remove possibilities of using sys_popen() unsafely.
       via  323fd6648e2 s3: lib: Rename all uses of file_pload_XXX -> file_ploadv_XXX.
       via  482219feb09 s3: lib: Remove file_pload_send().
       via  bcfdd137649 s3: winbind: Convert idmap to use file_ploadv_send().
       via  8f690bbc632 s3: lib: Add file_ploadv_send().
       via  681627eb0ef lib: util: Remove file_pload()
       via  1e94a68dcd6 s3: lib: Remove file_lines_pload().
       via  7bf8d14dbca s3: smbd: Convert sysquotas.c code to use file_lines_ploadv().
       via  4912e62ab03 s3: smbd: Convert print_svid code to use file_lines_ploadv().
       via  c477e2a57aa s3: smbd: Convert dfree code to use file_lines_ploadv().
       via  0f093e6bed1 s3: lib: util: Add file_lines_ploadv().
       via  59bf36ee256 lib: util: Add file_ploadv().
       via  7ce66c8ba7a lib: popen: Prepare to remove sys_popen().
       via  21b99870445 s3:util: Move static file_pload() function to lib/util
       via  d1cb288bda2 s3:util: Move popen wrappers to lib/util
       via  ebe505e7cf7 smbd: Fix a panic
       via  bec45189777 smbtorture: Add a test to make smbd panic
       via  9f7fc364715 smbd: Enable "smbd:suicide mode" for smb2
       via  def08d36e5b s3: winbind: Fix crash when invoking winbind idmap scripts.
       via  4406c829558 s3:loadparm: Ensure to truncate FS Volume Label at multibyte boundary
       via  643c75aa2d1 s4 dsdb: fix use after free in samldb_rename_search_base_callback
       via  6946f0690af s4 dsdb/repl_meta_data: fix use after free in dsdb_audit_add_ldb_value
       via  b6b9f49c25d s4 dsdb/repl_meta_data: allocate new extended DNs during ADD on a better context
       via  2e1b093ebff s3:smbspool: Use NTSTATUS return codes
       via  57f1c2d45a5 s3:smbspool: Add debug messages to kerberos_ccache_is_valid()
       via  d95b2ecab78 s3:smbspool: Always try to authenticate using Kerberos
       via  b8abd04cd64 s3:smbspool: Print the filename we failed to open
       via  4f3cb35623a s3:smbspool: Fallback to default ccache if KRB5CCNAME is not set
       via  1e4d726dae1 s3:smbspool: Use %u format specifier to print uid
       via  97c1b4d8808 s3:smbspool: Add debug for finding KRB5CCNAME
       via  819b364f889 s3:smbspool: Print the principal we use to authenticate with
       via  65bc340af6a s3:smbspool: Add the 'lp' group to the users groups
       via  79d0ad8b7da python/ntacls: we only need security.SEC_STD_READ_CONTROL in order to get the ACL
       via  36830a4e98d dsdb:samdb: schemainfo update with relax control
       via  d2d8caf45bc python/provision: use provision and relax controls for schema provision
       via  b97bba87d1e s4:provision: split out provision_self_join_modify_schema.ldif
       via  1711b155676 ldapcmp: ignore 'schemaInfo' if two domains are compared
       via  4ebeef8ef95 samdb: test for schemainfo update with relax control
       via  183d21bdc92 drsuapi.idl: add DRSUAPI_ATTID_schemaInfo
       via  7f1d37ab5bb dsdb/repl: we need to replicate the whole schema before we can apply it
      from  5508e9c8cb4 Merge tag 'samba-4.10.4' into v4-10-test

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-test


- Log -----------------------------------------------------------------
commit 881793d52d9a35d7cce814ae5f2cdf8273a7cfee
Author: Ralph Boehme <slow at samba.org>
Date:   Tue May 21 16:00:53 2019 +0200

    vfs_fruit: change trigger points of AppleDouble conversion
    
    This moves the trigger points where AppleDouble file conversion is run by
    ad_convert() from deep down the callchain in ad_read_rsrc_adouble() to high
    level VFS entry points.
    
    Currently ad_convert() will be triggered as part of open_file_ntcreate(...,
    "file:AFP_AfpResource", ...): after SMB_VFS_OPEN() has been called with O_CREAT,
    what created the file, we call SMB_VFS_FSTAT() on the just created
    filehandle. This ends up in ad_convert(), finds the resource fork empty and thus
    deletes the file.
    
    This commit moves calling of the conversion funtion to the high level VFS entry
    points where the converted metadata is needed:
    
    o for directory enumerations SMB_VFS_READDIR_ATTR() is called to fill in the
      repurposed fields in the directory entry metadata
    
    o obviously for SMB_VFS_CREATE_FILE() on an macOS stream
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13958
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit 78a4639b2d06cc69788861618d2e91945e142d2b)
    
    Autobuild-User(v4-10-test): Karolin Seeger <kseeger at samba.org>
    Autobuild-Date(v4-10-test): Thu Jun 13 13:55:35 UTC 2019 on sn-devel-144

commit 436356f8d00149f0b3fe0a510cd8aea21167786f
Author: Ralph Boehme <slow at samba.org>
Date:   Tue May 21 16:00:00 2019 +0200

    vfs_fruit: add a forward declaration for ad_get()
    
    Will be needed in the next commit.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13958
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit 4777d1163a7c18c89ce9be955903427a18134415)

commit 886ab13095e5b8114fba5c6d6e761aa1b27bab72
Author: Ralph Boehme <slow at samba.org>
Date:   Tue May 21 14:05:04 2019 +0200

    selftest: run vfs.fruit test against a share that deletes empty resource forks
    
    This reveals a bug in the AppleDouble conversion code: the conversion code that
    unlinks an empty resource fork AppleDouble sidecar file ("._file") gets
    triggered as part of open_file_ntcreate(..., "file:AFP_AfpResource", ...):
    
    after SMB_VFS_OPEN() has been called with O_CREAT, what created the file, we
    call SMB_VFS_FSTAT() on the just created filehandle. This ends up in
    ad_convert(), finds the resource fork empty and thus deletes the file.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13958
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit 8ed9b6b457923d2353d1d18838f4a278db48c6b9)

commit 0dfaa70427ed01265e82053f364f0745162b785b
Author: Ralph Boehme <slow at samba.org>
Date:   Tue May 21 18:39:52 2019 +0200

    s4:torture/vfs/fruit: ensure test_adouble_conversion_wo_xattr() uses a non-emtpy resourcefork
    
    This ensures the resource fork is not deleted as part of the AppleDouble file
    conversion for the option fruit:wipe_intentionally_left_blank_rfork=yes.
    
    This is currently not a problem in selftest, as we don't enable the option, but
    a subsequent commit will run all vfs.fruit tests against a share with this
    option enabled.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13958
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit bb5a457f2872a383b58d62981dade322fca9b283)

commit 6dcec5e2536cf814ef8cf60947ac202c6c9ef636
Author: Ralph Boehme <slow at samba.org>
Date:   Tue May 21 18:39:52 2019 +0200

    s4:torture/vfs/fruit: ensure test_adouble_conversion() uses a non-emtpy resourcefork
    
    This ensures the resource fork is not deleted as part of the AppleDouble file
    conversion for the option fruit:wipe_intentionally_left_blank_rfork=yes.
    
    This is currently not a problem in selftest, as we don't enable the option, but
    a subsequent commit will run all vfs.fruit tests against a share with this
    option enabled.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13958
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    (cherry picked from commit c3d28d49be3c7536d1ccfe8d00553ce72843f369)

commit e0e1707d8fc39e89073a435578b1fbb9466752b5
Author: Ralph Boehme <slow at samba.org>
Date:   Thu May 16 16:05:31 2019 +0200

    registry: add a missing include
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13840
    
    Signed-off-by: Ralph Boehme <slow at samba.org>
    Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
    Reviewed-by: Karolin Seeger <kseeger at samba.org>
    
    Autobuild-User(master): Ralph Böhme <slow at samba.org>
    Autobuild-Date(master): Mon May 27 14:29:36 UTC 2019 on sn-devel-184
    
    (cherry picked from commit e09053faf457f69ad9b5e6a34be43c947503575f)

commit 16f3a73c1a7d02d5984083ae53da10ae91477807
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date:   Fri May 24 09:58:12 2019 +1200

    samba-tool dns: use bytes for inet_ntop
    
    From Python's point of view, array.AddrArray is a list of byte-valued
    integers. In Python 3 we can convert directly using the likes of
    
             bytes(array.AddrArray[i].MaxSa[8:24])
    
    but in 4.10 we need to support both, so we use struct.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13965
    
    Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
    Reviewed-by: Noel Power <npower at samba.org>
    
    Autobuild-User(master): Noel Power <npower at samba.org>
    Autobuild-Date(master): Wed May 29 11:29:17 UTC 2019 on sn-devel-184

commit 40ab50754d1db8fc468cad04a0bf737f45895c0f
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date:   Wed May 29 13:38:12 2019 +1200

    tests/samba-tool: test dns serverinfo/zoneinfo
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13965
    
    Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
    Reviewed-by: Noel Power <npower at samba.org>

commit b78b7215658e7594ea345c85ec375252b04b4e00
Author: Jeremy Allison <jra at samba.org>
Date:   Sat May 18 11:41:56 2019 -0700

    docs: dfree command. Correct usage of dfree scripts.
    
    Add quotes to the sample scripts to prevent incorrect
    parameter usage.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Fri May 24 20:12:02 UTC 2019 on sn-devel-184
    
    (cherry picked from commit 77eabd74e9a28b1e6decf0890a9ef4c83fa002d4)

commit 024d287cb9ad4c81ed670ca57896dab01cdace43
Author: Jeremy Allison <jra at samba.org>
Date:   Sat May 18 11:40:26 2019 -0700

    lib: util: Finally remove possibilities of using sys_popen() unsafely.
    
    All code now uses sys_popenv() which is much
    harder to use incorrectly.
    
    Remove the extract_args() function that was the
    cause of possible issues.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 9fa95d5b45369acfdd38923e8618e94e5d04b07e)

commit 323fd6648e23fe7ac3758d12a264a2323013719f
Author: Ralph Boehme <slow at samba.org>
Date:   Fri May 24 19:08:10 2019 +0200

    s3: lib: Rename all uses of file_pload_XXX -> file_ploadv_XXX.
    
    Keep naming consistent across all usage.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit dbfa3cd186428c02589aa9093e868554b4c695d5)

commit 482219feb09221bb310e9921bc24cf0a2d89cc16
Author: Jeremy Allison <jra at samba.org>
Date:   Sat May 18 11:32:05 2019 -0700

    s3: lib: Remove file_pload_send().
    
    No longer used.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit d5c363d65d771c792523f2f3e526c90514212fc2)

commit bcfdd13764936c96cdb17a9be2861ddf98aebc41
Author: Jeremy Allison <jra at samba.org>
Date:   Sat May 18 11:25:01 2019 -0700

    s3: winbind: Convert idmap to use file_ploadv_send().
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 449d49946b295f574e1fed83b5a5ffbf1c1b1e30)

commit 8f690bbc63283a955648e24cfa5de9384174b118
Author: Jeremy Allison <jra at samba.org>
Date:   Sat May 18 11:18:19 2019 -0700

    s3: lib: Add file_ploadv_send().
    
    Not yet used. Preparing to remove file_pload_send()
    with this safer alternative.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 61054e53f53e5884902b566b1f9b454a3ff4741f)

commit 681627eb0efb3369b39b6e95b38ee1b69319d5c8
Author: Jeremy Allison <jra at samba.org>
Date:   Sat May 18 11:14:53 2019 -0700

    lib: util: Remove file_pload()
    
    No longer used.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit c5729ae44219ec81008040d4d50f0f5fdf254201)

commit 1e94a68dcd60fd0990b578522af80cbadadc9db8
Author: Jeremy Allison <jra at samba.org>
Date:   Sat May 18 11:10:40 2019 -0700

    s3: lib: Remove file_lines_pload().
    
    No longer used.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 02bc0ce9d22117b464bae47c5d09c45b4f7c2272)

commit 7bf8d14dbca16ff447d6805532fe9a7ab70d6b4f
Author: Jeremy Allison <jra at samba.org>
Date:   Sat May 18 11:08:15 2019 -0700

    s3: smbd: Convert sysquotas.c code to use file_lines_ploadv().
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 4a63e3b9659c8715d436c66dee8bf420e2ea89fb)

commit 4912e62ab036bfde19ece4d4641681b510fee0e3
Author: Jeremy Allison <jra at samba.org>
Date:   Thu May 16 22:18:40 2019 -0700

    s3: smbd: Convert print_svid code to use file_lines_ploadv().
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit f9ccf1cc3df13138a1a4b645c8190238ce011f04)

commit c477e2a57aace596c954de689fff0cf17a875a41
Author: Jeremy Allison <jra at samba.org>
Date:   Thu May 16 22:11:49 2019 -0700

    s3: smbd: Convert dfree code to use file_lines_ploadv().
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit d6453e1ffd92c7754862389a933a9fd9089ce518)

commit 0f093e6bed10ab0db8af2ce5b476e4ed6e83f3b8
Author: Jeremy Allison <jra at samba.org>
Date:   Thu May 16 22:10:51 2019 -0700

    s3: lib: util: Add file_lines_ploadv().
    
    Not yet used.
    
    Duplicate code to file_lines_pload() except uses vectored
    argument list. file_lines_pload() will be removed once all
    callers are converted.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 3b19412baedfffb7adc2a79471f5b17990259c31)

commit 59bf36ee25643c2ed443b778216bad6b42213674
Author: Jeremy Allison <jra at samba.org>
Date:   Thu May 16 21:56:13 2019 -0700

    lib: util: Add file_ploadv().
    
    Not yet used.
    
    Duplicate code to file_pload() except uses vectored
    argument list. file_pload() will be removed once all
    callers are converted.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 5c34fa0b85e4d9a3c5fd4fa0b39af4772ec023db)

commit 7ce66c8ba7ae12d098714b1848f6981f41b4553e
Author: Jeremy Allison <jra at samba.org>
Date:   Thu May 16 21:45:21 2019 -0700

    lib: popen: Prepare to remove sys_popen().
    
    Add sys_popenv(char * const argl[]) that uses a NULL
    terminated vector array of args. Change sys_popen() to
    split up its command string and call sys_popenv().
    
    Once all callers are converted to sys_popenv() we
    can remove sys_popen().
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit f20538de041eed1cadbabe2149b2b7cfcb779cb5)

commit 21b99870445e832628a8e0f8c0619c8098e8314c
Author: Aliaksei Karaliou <akaraliou at panasas.com>
Date:   Thu Dec 27 04:25:47 2018 -0500

    s3:util: Move static file_pload() function to lib/util
    
    file_pload() is static private function in Samba3 library, however it
    does not have any special dependencies and might be widely used as
    common function, so moving it into common samba-util library.
    
    Extra fix needed to enable easy back-port of code for:
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964
    
    Signed-off-by: Aliaksei Karaliou <akaraliou at panasas.com>
    Reviewed-by: Garming Sam <garming at catalyst.net.nz>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    (cherry picked from commit d21fc7d8b86b0cddc619ffe528d9cd93eeedbb0b)

commit d1cb288bda23a3bad943a66fe626c4fb3d45c91f
Author: Aliaksei Karaliou <akaraliou at panasas.com>
Date:   Thu Dec 27 04:18:28 2018 -0500

    s3:util: Move popen wrappers to lib/util
    
    When linked into Samba3 libraries, sys_popen()/sys_pclose()
    cannot be used in lower level libraries because of circular
    dependencies.
    
    This patch moves them into common samba-util library.
    
    Extra fix needed to enable easy back-port of code for:
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13964
    
    Signed-off-by: Aliaksei Karaliou <akaraliou at panasas.com>
    Reviewed-by: Garming Sam <garming at catalyst.net.nz>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    (cherry picked from commit 65ea3f2a461c0eeca7d14c4258eea52e19f0ed06)

commit ebe505e7cf72587640ef69bc04a0710f26bb90b9
Author: Volker Lendecke <vl at samba.org>
Date:   Tue May 21 15:26:55 2019 +0200

    smbd: Fix a panic
    
    Opening a file with a stale (smbd died) LEVEL_II oplock makes
    
    vfs_set_filelen-> ... ->contend_level2_oplocks_begin_default
    
    trigger the immediate leading to do_break_to_none. This goes through
    because fsp->oplock_type is not initialized yet, thus 0. Also,
    file_has_read_oplocks is still valid, because the smbd that has died
    could not clean up the brlock.tdb entry.
    
    Later in the code the exclusive oplock is granted, which is then found
    by do_break_to_none, making it panic.
    
    This patch just runs the direct FTRUNCATE instead of vfs_set_filelen.
    This means the contend_level2_oplock code is skipped.
    
    The relevant break (LEVEL_II to NONE) is now done in delay_for_oplock()
    with the nice effect of removing a comment that was very confusing to
    me.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13957
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    
    Autobuild-User(master): Ralph Böhme <slow at samba.org>
    Autobuild-Date(master): Wed May 22 20:09:29 UTC 2019 on sn-devel-184

commit bec45189777316ebf93d50c89d8b02ca46102660
Author: Volker Lendecke <vl at samba.org>
Date:   Tue May 21 14:53:46 2019 +0200

    smbtorture: Add a test to make smbd panic
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13957
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>

commit 9f7fc364715f8610572a4020a349297a6034533d
Author: Volker Lendecke <vl at samba.org>
Date:   Tue May 21 14:52:22 2019 +0200

    smbd: Enable "smbd:suicide mode" for smb2
    
    The next commit needs an smbd to just exit and leave data behind in the
    locking.tdb file. Don't make it harder to eventually phase out SMB1: Do
    the test in SMB2.
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13957
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>

commit def08d36e5bcf277adada2ce0e8bde694733912f
Author: Jeremy Allison <jra at samba.org>
Date:   Thu May 23 13:33:21 2019 -0700

    s3: winbind: Fix crash when invoking winbind idmap scripts.
    
    Previously the private context was caching a pointer to
    a string returned from lp_XXX(). This string can change
    on config file reload. Ensure the string is talloc_strup'ed
    onto the owning context instead.
    
    Reported by Heinrich Mislik <Heinrich.Mislik at univie.ac.at>
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13956
    
    Signed-off-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit a1f95ba5db6fc017fad35377fbf76c048f2dd8ab)

commit 4406c829558495a226eabf5c6c64953d39dd60c4
Author: Shyamsunder Rathi <shyam.rathi at nutanix.com>
Date:   Sun May 12 23:06:17 2019 -0700

    s3:loadparm: Ensure to truncate FS Volume Label at multibyte boundary
    
    For FS_VOLUME_INFO/FS_INFO operation, a maximum of 32 characters are
    sent back. However, since Samba chops off any share name with >32
    bytes at 32, it is possible that a multi-byte share name can get chopped
    off between a full character. This causes the string decoding for unicode
    failure which sends back NT_STATUS_ILLEGAL_CHARACTER (EILSEQ) to the client
    applications.
    
    On Windows, Notepad doesn't like it, and refuses to open a file in this
    case and fails with the following error:
    
      Invalid character. For multibyte character sets, only the leading byte is
      included without the trailing byte. For Unicode character sets, include
      the characters 0xFFFF and 0xFFFE.
    
    Proposed fix:
    - Find the last starting point of a multibyte codepoint if the character
      at 32nd byte is a subsequent byte of a MB codepoint.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13947
    
    Signed-off-by: Shyamsunder Rathi <shyam.rathi at nutanix.com>
    Reviewed-by: Hemanth Thummala <hemanth.thummala at nutanix.com>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    (cherry picked from commit 0fa490e8476a2a5020ff2c253167b8a9454e8b97)

commit 643c75aa2d10d432c1dcc1e3fa764ccf04683195
Author: Gary Lockyer <gary at catalyst.net.nz>
Date:   Tue May 14 13:10:22 2019 +1200

    s4 dsdb: fix use after free in samldb_rename_search_base_callback
    
    Fix use after free detected by AddressSanitizer
    
    AddressSanitizer: heap-use-after-free on address 0x60f0002b2738
                      at pc 0x7f89b1a213b5 bp 0x7ffce9528810 sp 0x7ffce9528800
                      READ of size 8 at 0x60f0002b2738 thread T0
        #0 0x7f89b1a213b4 in samldb_rename_search_base_callback
            ../../source4/dsdb/samdb/ldb_modules/samldb.c:4203
        #1 0x7f89d3a0db4a in ldb_module_send_entry
            ../../lib/ldb/common/ldb_modules.c:793
        #2 0x7f89b6f27356 in es_callback
            ../../source4/dsdb/samdb/ldb_modules/encrypted_secrets.c:1418
    
    Bug: https://bugzilla.samba.org/show_bug.cgi?id=13942
    
    Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    (cherry picked from commit b0cc6d217485c317b2138347216fac5d74684328)

commit 6946f0690af5d2a748c52c9f0fdc55d82d706f5a
Author: Gary Lockyer <gary at catalyst.net.nz>
Date:   Tue May 14 15:53:22 2019 +1200

    s4 dsdb/repl_meta_data: fix use after free in dsdb_audit_add_ldb_value
    
    Fix use after free detected by AddressSanitizer
    
    AddressSanitizer: heap-use-after-free on address 0x61400026a4a0
                      at pc 0x7fd555c52f12 bp 0x7ffed7231180 sp 0x7ffed7231170
                      READ of size 1 at 0x61400026a4a0 thread T0
        #0 0x7fd555c52f11 in ldb_should_b64_encode
           ../../lib/ldb/common/ldb_ldif.c:197
        #1 0x7fd539dc9417 in dsdb_audit_add_ldb_value
           ../../source4/dsdb/samdb/ldb_modules/audit_util.c:491
        #2 0x7fd539dc9417 in dsdb_audit_attributes_json
           ../../source4/dsdb/samdb/ldb_modules/audit_util.c:651
        #3 0x7fd539dc6a7e in operation_json
           ../../source4/dsdb/samdb/ldb_modules/audit_log.c:305
    
    The problem is that at the successful end of these functions
    el->values is overwritten with new_values.  However get_parsed_dns()
    points p->v at the supplied el and it effectively gets used
    as a working area by replmd_build_la_val().  So we must duplicate it
    because our caller only called ldb_msg_copy_shallow().
    
    The reason this matters is that the audit_log module is
    above repl_meta_data in the stack, and tries to log the
    ldb_message it saw after the reply (to include the error code).
    If that ldb_message is changed it is not only misleading,
    it can point to memory that has since gone away.
    
    In this case the memory for the full extended DN in the
    member attribute ended up on 'ac', a context lost by
    the time repl_meta_data has finished processing.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13941
    
    Signed-off-by: Gary Lockyer <gary at catalyst.net.nz>
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
    
    Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
    Autobuild-Date(master): Wed May 15 05:35:47 UTC 2019 on sn-devel-184
    
    (cherry picked from commit 0daa0ff921b270df9b794f02acbaa391c95cd89b)

commit b6b9f49c25d9ad34bc534d3d2187f1e5f0c7ef32
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Wed May 15 14:47:53 2019 +1200

    s4 dsdb/repl_meta_data: allocate new extended DNs during ADD on a better context
    
    Lower down in this function new_values is assigned over el->values and is
    filled in with the values of all the parsed DNs.  Therefore it is the natural
    talloc parent.
    
    This will allow el->values to be allocated on tmp_ctx in the next commit for
    a working area during the function call.
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
    (cherry picked from commit 4aa9924310287ff3b36618496fa6c707c615ad4c)

commit 2e1b093ebffa4be11e47fc5420b501cee489ed44
Author: Andreas Schneider <asn at samba.org>
Date:   Tue May 14 11:35:46 2019 +0200

    s3:smbspool: Use NTSTATUS return codes
    
    This allows us to simplify some code and return better errors.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13939
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    (cherry picked from commit d9af3dc02e98a3eb22441dfbdeddbaca0af078ea)

commit 57f1c2d45a50024909d49c0dac7f77057145ad42
Author: Andreas Schneider <asn at samba.org>
Date:   Thu May 16 18:24:32 2019 +0200

    s3:smbspool: Add debug messages to kerberos_ccache_is_valid()
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13939
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    (cherry picked from commit 93acd880801524c5e621df7b5bf5ad650f93cec3)

commit d95b2ecab78b1bd33177b59e7d1ad679b103d0c2
Author: Andreas Schneider <asn at samba.org>
Date:   Mon May 13 18:54:02 2019 +0200

    s3:smbspool: Always try to authenticate using Kerberos
    
    If username and password is given, then fallback to NTLM. However try
    kinit first. Also we correctly handle NULL passwords in the meantime and
    this makes it easier to deal with issues.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13939
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    (cherry picked from commit 3d719a1f85db8e423dc3a4116a2228961d5ac48d)

commit b8abd04cd641f110652405f73328f1370d994d9c
Author: Andreas Schneider <asn at samba.org>
Date:   Mon May 13 16:48:31 2019 +0200

    s3:smbspool: Print the filename we failed to open
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13939
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    (cherry picked from commit 281274572bcc3125fe6026a01ef7bf7ef584a0dd)

commit 4f3cb35623ada8d96a0d8c2a2303006de44f48e4
Author: Andreas Schneider <asn at samba.org>
Date:   Thu May 16 17:40:43 2019 +0200

    s3:smbspool: Fallback to default ccache if KRB5CCNAME is not set
    
    This could also support the new KCM credential cache storage.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13939
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    (cherry picked from commit 6bbdf69e406916107400e2cabdbc831e2a2bbee3)

commit 1e4d726dae17315a692c57b47266988a8298212d
Author: Andreas Schneider <asn at samba.org>
Date:   Thu May 16 17:10:57 2019 +0200

    s3:smbspool: Use %u format specifier to print uid
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13939
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    (cherry picked from commit be596ce3d2455bd49a8ebd311d8c764c37852858)

commit 97c1b4d880805a6d91723343a8c6658b268ad03f
Author: Andreas Schneider <asn at samba.org>
Date:   Thu May 16 14:25:00 2019 +0200

    s3:smbspool: Add debug for finding KRB5CCNAME
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13939
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    (cherry picked from commit 3632bfef25e471075886eb7aecddd4cc260db8ba)

commit 819b364f889d4ec329b771f21833e95dce11cac1
Author: Andreas Schneider <asn at samba.org>
Date:   Thu May 16 13:41:02 2019 +0200

    s3:smbspool: Print the principal we use to authenticate with
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13939
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    (cherry picked from commit 42492d547661cb7a98c237b32d42ee93de35aba5)

commit 65bc340af6afe393cca01e09a5afb4fe26eb33f2
Author: Andreas Schneider <asn at samba.org>
Date:   Mon May 13 16:55:49 2019 +0200

    s3:smbspool: Add the 'lp' group to the users groups
    
    This is required to access files in /var/spool/cups which have been
    temporarily created in there by CUPS.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13939
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Guenther Deschner <gd at samba.org>
    (cherry picked from commit 6086efb6808089c431e7307fa239924bfda1185b)

commit 79d0ad8b7daf7685a753e2f51b11db4ed61028c2
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Apr 26 17:07:20 2019 +0200

    python/ntacls: we only need security.SEC_STD_READ_CONTROL in order to get the ACL
    
    We should avoid security.SEC_FLAG_MAXIMUM_ALLOWED otherwise
    we may get NT_STATUS_SHARING_VIOLATION when we run
    'samba-tool domain backup online' against a Windows DC.
    Windows DCs have hidden folders for the NtFrs or Dfsr services,
    which are locked by the running service.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13917
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Ralph Boehme <slow at samba.org>
    (cherry picked from commit 15032ec6df1abbb53f1b1d5377aab369f83ae707)

commit 36830a4e98d88fcc9ed65e1937b5a67241df9772
Author: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Date:   Wed Apr 3 16:34:42 2019 +1300

    dsdb:samdb: schemainfo update with relax control
    
    Currently schema info's revision field isn't incremented if relax
    control is present.  This is so that no increment is done during
    provision, but we need the relax control in other situations where
    the increment is desired, so we should use the provision control instead
    to disable schema info update.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13799
    
    Signed-off-by: Aaron Haslett <aaronhaslett at catalyst.net.nz>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Garming Sam <garming at catalyst.net.nz>
    (cherry picked from commit b7c1752754da1e8a83a53670cf4a410ec6e9d7b7)

commit d2d8caf45bce1e35cd500bce67916ad8be8b103a
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Mar 8 11:28:42 2019 +0100

    python/provision: use provision and relax controls for schema provision
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13799
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Garming Sam <garming at catalyst.net.nz>
    (cherry picked from commit 7652439fa1aab92945f5540a43fc49568d446917)

commit b97bba87d1eee1c08b65cf7771c68df17d913123
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Mar 8 11:27:14 2019 +0100

    s4:provision: split out provision_self_join_modify_schema.ldif
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13799
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Garming Sam <garming at catalyst.net.nz>
    (cherry picked from commit 5ea84af2d69e0b3a2a801ea0cc3f4ffc66bf1764)

commit 1711b155676b9f1f4a4818a32ec8792fd9ba95fa
Author: Stefan Metzmacher <metze at samba.org>
Date:   Thu Feb 21 09:20:48 2019 +0100

    ldapcmp: ignore 'schemaInfo' if two domains are compared
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13799
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Garming Sam <garming at catalyst.net.nz>
    (cherry picked from commit b5b572d5f71e2b9783ddb25c21ac32904fbfd661)

commit 4ebeef8ef95cfd8455e493bb7af502154cc3834b
Author: Aaron Haslett <aaronhaslett at catalyst.net.nz>
Date:   Thu Apr 4 14:39:41 2019 +1300

    samdb: test for schemainfo update with relax control
    
    Currently schema info's revision field isn't incremented if relax
    control is present.  This is so that no increment is done during
    provision, but we need the relax control in other situations where the
    increment is desired.  This patch adds a failing test to expose the
    problem.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13799
    
    Signed-off-by: Aaron Haslett <aaronhaslett at catalyst.net.nz>
    Reviewed-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Garming Sam <garming at catalyst.net.nz>
    (cherry picked from commit e34abefb77729330cd48bc039c82b03fe545f8a9)

commit 183d21bdc928e5acb36cc4c4cd2d3d47df68fbf2
Author: Stefan Metzmacher <metze at samba.org>
Date:   Sat Feb 23 00:14:31 2019 +0100

    drsuapi.idl: add DRSUAPI_ATTID_schemaInfo
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13799
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Garming Sam <garming at catalyst.net.nz>
    (cherry picked from commit 140a6733a458d0afa20237a09ef4ee2546a83a8f)

commit 7f1d37ab5bb93d965c59304d9bd541a09f5ee666
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Feb 8 14:49:55 2019 +0000

    dsdb/repl: we need to replicate the whole schema before we can apply it
    
    Otherwise we may not be able to construct a working schema that's
    required to apply the changes.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=12204
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13713
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Garming Sam <garming at catalyst.net.nz>
    (cherry picked from commit 661dc4574110b0f13c127c8aa6ed0c385292b77c)

-----------------------------------------------------------------------

Summary of changes:
 docs-xml/smbdotconf/misc/dfreecommand.xml          |   6 +-
 lib/util/samba_util.h                              |   5 +
 {source3/lib => lib/util}/sys_popen.c              | 106 +---
 {source3/lib => lib/util}/sys_popen.h              |   2 +-
 lib/util/util_file.c                               |  48 ++
 lib/util/wscript_build                             |   4 +-
 librpc/idl/drsuapi.idl                             |   1 +
 python/samba/netcmd/dns.py                         |   5 +-
 python/samba/netcmd/ldapcmp.py                     |   2 +-
 python/samba/ntacls.py                             |   2 +-
 python/samba/provision/__init__.py                 |  25 +-
 python/samba/tests/samba_tool/dnscmd.py            |  26 +
 selftest/knownfail                                 |   1 +
 source3/client/smbspool.c                          | 323 ++++++----
 source3/client/smbspool_krb5_wrapper.c             | 101 ++-
 source3/lib/sysquotas.c                            | 126 +++-
 source3/lib/util_file.c                            |  94 +--
 source3/lib/util_file.h                            |  10 +-
 source3/modules/vfs_fruit.c                        |  65 +-
 source3/param/loadparm.c                           |  38 +-
 source3/printing/print_svid.c                      |  29 +-
 source3/registry/tests/test_regfio.c               |   1 +
 source3/selftest/tests.py                          |   1 +
 source3/smbd/dfree.c                               |  35 +-
 source3/smbd/open.c                                |  13 +-
 source3/smbd/smb2_server.c                         |  12 +
 source3/winbindd/idmap_script.c                    |  81 ++-
 source3/winbindd/idmap_tdb2.c                      |  22 +-
 source3/wscript_build                              |   2 +-
 source4/dsdb/repl/drepl_out_helpers.c              | 174 +++++-
 source4/dsdb/samdb/ldb_modules/repl_meta_data.c    |  38 +-
 source4/dsdb/samdb/ldb_modules/samldb.c            |   3 +-
 source4/dsdb/tests/python/dsdb_schema_info.py      |  15 +-
 source4/selftest/tests.py                          |   2 +-
 .../setup/provision_self_join_modify_config.ldif   |   5 -
 .../setup/provision_self_join_modify_schema.ldif   |   4 +
 source4/torture/smb2/oplock.c                      |  75 +++
 source4/torture/vfs/fruit.c                        | 686 ++++++++++++++++++++-
 38 files changed, 1734 insertions(+), 454 deletions(-)
 rename {source3/lib => lib/util}/sys_popen.c (64%)
 rename {source3/lib => lib/util}/sys_popen.h (95%)
 create mode 100644 source4/setup/provision_self_join_modify_schema.ldif


Changeset truncated at 500 lines:

diff --git a/docs-xml/smbdotconf/misc/dfreecommand.xml b/docs-xml/smbdotconf/misc/dfreecommand.xml
index a678bb44adf..a1eed4948a6 100644
--- a/docs-xml/smbdotconf/misc/dfreecommand.xml
+++ b/docs-xml/smbdotconf/misc/dfreecommand.xml
@@ -40,14 +40,16 @@
 	Where the script dfree (which must be made executable) could be:
 <programlisting format="linespecific"> 
 #!/bin/sh
-df $1 | tail -1 | awk '{print $(NF-4),$(NF-2)}'
+df "$1" | tail -1 | awk '{print $(NF-4),$(NF-2)}'
 </programlisting>
 	or perhaps (on Sys V based systems):
 <programlisting format="linespecific"> 
 #!/bin/sh
-/usr/bin/df -k $1 | tail -1 | awk '{print $3" "$5}'
+/usr/bin/df -k "$1" | tail -1 | awk '{print $3" "$5}'
 </programlisting>
 	Note that you may have to replace the command names with full path names on some systems.
+	Also note the arguments passed into the script should be quoted inside the script in case they
+	contain special characters such as spaces or newlines.
 	</para>
 
 	<para>
diff --git a/lib/util/samba_util.h b/lib/util/samba_util.h
index 11c95b5bfe3..d67cdc550d2 100644
--- a/lib/util/samba_util.h
+++ b/lib/util/samba_util.h
@@ -395,6 +395,11 @@ _PUBLIC_ int fdprintf(int fd, const char *format, ...) PRINTF_ATTRIBUTE(2,3);
  */
 bool file_compare(const char *path1, const char *path2);
 
+/*
+  load from a pipe into memory.
+ */
+char *file_ploadv(char * const argl[], size_t *size);
+
 /* The following definitions come from lib/util/util.c  */
 
 
diff --git a/source3/lib/sys_popen.c b/lib/util/sys_popen.c
similarity index 64%
rename from source3/lib/sys_popen.c
rename to lib/util/sys_popen.c
index 607e599cf3f..659e99ba736 100644
--- a/source3/lib/sys_popen.c
+++ b/lib/util/sys_popen.c
@@ -21,80 +21,9 @@
 #include "system/wait.h"
 #include "system/filesys.h"
 #include <talloc.h>
-#include "lib/sys_popen.h"
+#include "lib/util/sys_popen.h"
 #include "lib/util/debug.h"
 
-/**************************************************************************
- Extract a command into an arg list.
-****************************************************************************/
-
-static char **extract_args(TALLOC_CTX *mem_ctx, const char *command)
-{
-	char *trunc_cmd;
-	char *saveptr;
-	char *ptr;
-	int argcl;
-	char **argl = NULL;
-	int i;
-
-	if (!(trunc_cmd = talloc_strdup(mem_ctx, command))) {
-		DEBUG(0, ("talloc failed\n"));
-		goto nomem;
-	}
-
-	if(!(ptr = strtok_r(trunc_cmd, " \t", &saveptr))) {
-		TALLOC_FREE(trunc_cmd);
-		errno = EINVAL;
-		return NULL;
-	}
-
-	/*
-	 * Count the args.
-	 */
-
-	for( argcl = 1; ptr; ptr = strtok_r(NULL, " \t", &saveptr))
-		argcl++;
-
-	TALLOC_FREE(trunc_cmd);
-
-	if (!(argl = talloc_array(mem_ctx, char *, argcl + 1))) {
-		goto nomem;
-	}
-
-	/*
-	 * Now do the extraction.
-	 */
-
-	if (!(trunc_cmd = talloc_strdup(mem_ctx, command))) {
-		goto nomem;
-	}
-
-	ptr = strtok_r(trunc_cmd, " \t", &saveptr);
-	i = 0;
-
-	if (!(argl[i++] = talloc_strdup(argl, ptr))) {
-		goto nomem;
-	}
-
-	while((ptr = strtok_r(NULL, " \t", &saveptr)) != NULL) {
-
-		if (!(argl[i++] = talloc_strdup(argl, ptr))) {
-			goto nomem;
-		}
-	}
-
-	argl[i++] = NULL;
-	TALLOC_FREE(trunc_cmd);
-	return argl;
-
- nomem:
-	DEBUG(0, ("talloc failed\n"));
-	TALLOC_FREE(trunc_cmd);
-	TALLOC_FREE(argl);
-	errno = ENOMEM;
-	return NULL;
-}
-
 /**************************************************************************
  Wrapper for popen. Safer as it doesn't search a path.
  Modified from the glibc sources.
@@ -110,14 +39,19 @@ typedef struct _popen_list
 
 static popen_list *popen_chain;
 
-int sys_popen(const char *command)
+int sys_popenv(char * const argl[])
 {
 	int parent_end, child_end;
 	int pipe_fds[2];
 	popen_list *entry = NULL;
-	char **argl = NULL;
+	const char *command = argl[0];
 	int ret;
 
+	if (argl == NULL) {
+		errno = EINVAL;
+		return -1;
+	}
+
 	if (!*command) {
 		errno = EINVAL;
 		return -1;
@@ -125,8 +59,8 @@ int sys_popen(const char *command)
 
 	ret = pipe(pipe_fds);
 	if (ret < 0) {
-		DEBUG(0, ("sys_popen: error opening pipe: %s\n",
-			  strerror(errno)));
+		DBG_ERR("error opening pipe: %s\n",
+			  strerror(errno));
 		return -1;
 	}
 
@@ -135,24 +69,14 @@ int sys_popen(const char *command)
 
 	entry = talloc_zero(NULL, popen_list);
 	if (entry == NULL) {
-		DEBUG(0, ("sys_popen: malloc failed\n"));
-		goto err_exit;
-	}
-
-	/*
-	 * Extract the command and args into a NULL terminated array.
-	 */
-
-	argl = extract_args(NULL, command);
-	if (argl == NULL) {
-		DEBUG(0, ("sys_popen: extract_args() failed: %s\n", strerror(errno)));
+		DBG_ERR("talloc failed\n");
 		goto err_exit;
 	}
 
 	entry->child_pid = fork();
 
 	if (entry->child_pid == -1) {
-		DEBUG(0, ("sys_popen: fork failed: %s\n", strerror(errno)));
+		DBG_ERR("fork failed: %s\n", strerror(errno));
 		goto err_exit;
 	}
 
@@ -182,8 +106,8 @@ int sys_popen(const char *command)
 
 		ret = execv(argl[0], argl);
 		if (ret == -1) {
-			DEBUG(0, ("sys_popen: ERROR executing command "
-				  "'%s': %s\n", command, strerror(errno)));
+			DBG_ERR("ERROR executing command "
+			  "'%s': %s\n", command, strerror(errno));
 		}
 		_exit (127);
 	}
@@ -193,7 +117,6 @@ int sys_popen(const char *command)
 	 */
 
 	close (child_end);
-	TALLOC_FREE(argl);
 
 	/* Link into popen_chain. */
 	entry->next = popen_chain;
@@ -205,7 +128,6 @@ int sys_popen(const char *command)
 err_exit:
 
 	TALLOC_FREE(entry);
-	TALLOC_FREE(argl);
 	close(pipe_fds[0]);
 	close(pipe_fds[1]);
 	return -1;
diff --git a/source3/lib/sys_popen.h b/lib/util/sys_popen.h
similarity index 95%
rename from source3/lib/sys_popen.h
rename to lib/util/sys_popen.h
index 6807d3c5061..be437483626 100644
--- a/source3/lib/sys_popen.h
+++ b/lib/util/sys_popen.h
@@ -20,7 +20,7 @@
 #ifndef __LIB_SYS_POPEN_H__
 #define __LIB_SYS_POPEN_H__
 
-int sys_popen(const char *command);
+int sys_popenv(char * const argl[]);
 int sys_pclose(int fd);
 
 #endif
diff --git a/lib/util/util_file.c b/lib/util/util_file.c
index 29c0be91b6b..79276153015 100644
--- a/lib/util/util_file.c
+++ b/lib/util/util_file.c
@@ -24,6 +24,8 @@
 #include "system/filesys.h"
 #include <talloc.h>
 #include "lib/util/samba_util.h"
+#include "lib/util/sys_popen.h"
+#include "lib/util/sys_rw.h"
 #include "lib/util/debug.h"
 
 /**
@@ -395,3 +397,49 @@ bool file_compare(const char *path1, const char *path2)
 	talloc_free(mem_ctx);
 	return true;
 }
+
+/**
+ Load from a pipe into memory.
+**/
+char *file_ploadv(char * const argl[], size_t *size)
+{
+	int fd, n;
+	char *p = NULL;
+	char buf[1024];
+	size_t total;
+
+	fd = sys_popenv(argl);
+	if (fd == -1) {
+		return NULL;
+	}
+
+	total = 0;
+
+	while ((n = sys_read(fd, buf, sizeof(buf))) > 0) {
+		p = talloc_realloc(NULL, p, char, total + n + 1);
+		if (p == NULL) {
+		        DBG_ERR("failed to expand buffer!\n");
+			close(fd);
+			return NULL;
+		}
+		memcpy(p+total, buf, n);
+		total += n;
+	}
+
+	if (p != NULL) {
+		p[total] = 0;
+	}
+
+	/*
+	 * FIXME: Perhaps ought to check that the command completed
+	 * successfully (returned 0); if not the data may be
+	 * truncated.
+	 */
+	sys_pclose(fd);
+
+	if (size) {
+		*size = total;
+	}
+
+	return p;
+}
diff --git a/lib/util/wscript_build b/lib/util/wscript_build
index e3a004fa3c6..c6188ede58d 100644
--- a/lib/util/wscript_build
+++ b/lib/util/wscript_build
@@ -68,14 +68,14 @@ bld.SAMBA_LIBRARY('talloc_report',
                   )
 
 bld.SAMBA_SUBSYSTEM('samba-util-core',
-                    source='''data_blob.c util_file.c time.c
+                    source='''data_blob.c util_file.c sys_popen.c time.c
                               signal.c util.c idtree.c fault.c
                               substitute.c util_process.c util_strlist.c
                               strv_util.c bitmap.c select.c pidfile.c
                               become_daemon.c mkdir_p.c''',
                     deps='''time-basic samba-debug socket-blocking talloc
                             tevent execinfo pthread strv tini''',
-                    public_deps='systemd systemd-daemon',
+                    public_deps='systemd systemd-daemon sys_rw',
                     local_include=False)
 
 bld.SAMBA_LIBRARY('iov_buf',
diff --git a/librpc/idl/drsuapi.idl b/librpc/idl/drsuapi.idl
index cd90500faf5..448a58bcd1f 100644
--- a/librpc/idl/drsuapi.idl
+++ b/librpc/idl/drsuapi.idl
@@ -548,6 +548,7 @@ interface drsuapi
 		DRSUAPI_ATTID_objectCategory			= 0x0009030e,
 		DRSUAPI_ATTID_gPLink				= 0x0009037b,
 		DRSUAPI_ATTID_transportAddressAttribute		= 0x0009037f,
+		DRSUAPI_ATTID_schemaInfo			= 0x0009054e,
 		DRSUAPI_ATTID_msDS_Behavior_Version		= 0x000905b3,
 		DRSUAPI_ATTID_msDS_KeyVersionNumber		= 0x000906f6,
 		DRSUAPI_ATTID_msDS_NonMembers			= 0x00090701,
diff --git a/python/samba/netcmd/dns.py b/python/samba/netcmd/dns.py
index b7459a71acd..d9fda0b93cd 100644
--- a/python/samba/netcmd/dns.py
+++ b/python/samba/netcmd/dns.py
@@ -26,6 +26,7 @@ from socket import inet_ntop
 from socket import AF_INET
 from socket import AF_INET6
 import shlex
+import struct
 
 from samba import remove_dc
 from samba.samdb import SamDB
@@ -153,10 +154,10 @@ def dns_addr_array_string(array):
         return ret
     for i in range(array.AddrCount):
         if array.AddrArray[i].MaxSa[0] == 0x02:
-            x = "".join([chr(b) for b in array.AddrArray[i].MaxSa])[4:8]
+            x = struct.pack('4B', *array.AddrArray[i].MaxSa[4:8])
             addr = inet_ntop(AF_INET, x)
         elif array.AddrArray[i].MaxSa[0] == 0x17:
-            x = "".join([chr(b) for b in array.AddrArray[i].MaxSa])[8:24]
+            x = struct.pack('16B', *array.AddrArray[i].MaxSa[8:24])
             addr = inet_ntop(AF_INET6, x)
         else:
             addr = 'UNKNOWN'
diff --git a/python/samba/netcmd/ldapcmp.py b/python/samba/netcmd/ldapcmp.py
index 17c62928a55..6051b55b31a 100644
--- a/python/samba/netcmd/ldapcmp.py
+++ b/python/samba/netcmd/ldapcmp.py
@@ -460,7 +460,7 @@ class LDAPObject(object):
                 "msDs-masteredBy", "lastSetTime",
                 "ipsecNegotiationPolicyReference", "subRefs", "gPCFileSysPath",
                 "accountExpires", "invocationId", "operatingSystemVersion",
-                "oEMInformation",
+                "oEMInformation", "schemaInfo",
                 # After Exchange preps
                 "targetAddress", "msExchMailboxGuid", "siteFolderGUID"]
             #
diff --git a/python/samba/ntacls.py b/python/samba/ntacls.py
index 5bf646caf9f..82d950fbbc9 100644
--- a/python/samba/ntacls.py
+++ b/python/samba/ntacls.py
@@ -49,7 +49,7 @@ SECURITY_SECINFO_FLAGS = security.SECINFO_OWNER | \
 
 # SEC_FLAG_SYSTEM_SECURITY is required otherwise get Access Denied
 SECURITY_SEC_FLAGS = security.SEC_FLAG_SYSTEM_SECURITY | \
-                     security.SEC_FLAG_MAXIMUM_ALLOWED
+                     security.SEC_STD_READ_CONTROL
 
 
 class XattrBackendError(Exception):
diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py
index aa9ffc168b2..ea1caa37799 100644
--- a/python/samba/provision/__init__.py
+++ b/python/samba/provision/__init__.py
@@ -1193,11 +1193,16 @@ def setup_self_join(samdb, admin_session_info, names, fill, machinepass,
                 "DOMAIN_CONTROLLER_FUNCTIONALITY": str(
                     domainControllerFunctionality)})
 
-    # Setup fSMORoleOwner entries to point at the newly created DC entry
+        # Setup fSMORoleOwner entries to point at the newly created DC entry
+        setup_modify_ldif(samdb,
+                          setup_path("provision_self_join_modify_schema.ldif"), {
+                              "SCHEMADN": names.schemadn,
+                              "SERVERDN": names.serverdn,
+                          },
+                          controls=["provision:0", "relax:0"])
         setup_modify_ldif(samdb,
                           setup_path("provision_self_join_modify_config.ldif"), {
                               "CONFIGDN": names.configdn,
-                              "SCHEMADN": names.schemadn,
                               "DEFAULTSITE": names.sitename,
                               "NETBIOSNAME": names.netbiosname,
                               "SERVERDN": names.serverdn,
@@ -1412,16 +1417,20 @@ def fill_samdb(samdb, lp, names, logger, policyguid,
 
         # The LDIF here was created when the Schema object was constructed
         ignore_checks_oid = "local_oid:%s:0" % samba.dsdb.DSDB_CONTROL_SKIP_DUPLICATES_CHECK_OID
+        schema_controls = [
+            "provision:0",
+            "relax:0",
+            ignore_checks_oid
+        ]
+
         logger.info("Setting up sam.ldb schema")
-        samdb.add_ldif(schema.schema_dn_add,
-                       controls=["relax:0", ignore_checks_oid])
-        samdb.modify_ldif(schema.schema_dn_modify,
-                          controls=[ignore_checks_oid])
+        samdb.add_ldif(schema.schema_dn_add, controls=schema_controls)
+        samdb.modify_ldif(schema.schema_dn_modify, controls=schema_controls)
         samdb.write_prefixes_from_schema()
-        samdb.add_ldif(schema.schema_data, controls=["relax:0", ignore_checks_oid])
+        samdb.add_ldif(schema.schema_data, controls=schema_controls)
         setup_add_ldif(samdb, setup_path("aggregate_schema.ldif"),
                        {"SCHEMADN": names.schemadn},
-                       controls=["relax:0", ignore_checks_oid])
+                       controls=schema_controls)
 
     # Now register this container in the root of the forest
     msg = ldb.Message(ldb.Dn(samdb, names.domaindn))
diff --git a/python/samba/tests/samba_tool/dnscmd.py b/python/samba/tests/samba_tool/dnscmd.py
index 5e882972f46..e1459fee9ac 100644
--- a/python/samba/tests/samba_tool/dnscmd.py
+++ b/python/samba/tests/samba_tool/dnscmd.py
@@ -883,3 +883,29 @@ class DnsCmdTestCase(SambaToolCmdTest):
                 print(msg)
             self.fail("Failed to accept valid commands. %d total failures."
                       "Errors above." % num_failures)
+
+    def test_serverinfo(self):
+        for v in ['w2k', 'dotnet', 'longhorn']:
+            result, out, err = self.runsubcmd("dns",
+                                              "serverinfo",
+                                              "--client-version", v,
+                                              os.environ["SERVER"],
+                                              self.creds_string)
+            self.assertCmdSuccess(result,
+                                  out,
+                                  err,
+                                  "Failed to print serverinfo with "
+                                  "client version %s" % v)
+            self.assertTrue(out != '')
+
+    def test_zoneinfo(self):
+        result, out, err = self.runsubcmd("dns",
+                                          "zoneinfo",
+                                          os.environ["SERVER"],
+                                          self.zone,
+                                          self.creds_string)
+        self.assertCmdSuccess(result,
+                              out,
+                              err,
+                              "Failed to print zoneinfo")
+        self.assertTrue(out != '')
diff --git a/selftest/knownfail b/selftest/knownfail
index 7176e097eb2..1817db384e0 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -133,6 +133,7 @@
 ^samba4.smb2.oplock.exclusive9\(.*\)$
 ^samba4.smb2.oplock.brl3\(.*\)$ # samba 4 oplocks are a mess
 ^samba4.smb2.oplock.levelii500\(.*\)$ # samba 4 oplocks are a mess
+^samba4.smb2.oplock.levelii502\(.*\)$ # samba 4 oplocks are a mess
 ^samba4.smb2.oplock.brl1\(.*\)$ # samba 4 oplocks are a mess
 ^samba4.smb2.oplock.batch22\(.*\)$ # samba 4 oplocks are a mess
 ^samba4.smb2.oplock.batch19\(.*\)$ # samba 4 oplocks are a mess
diff --git a/source3/client/smbspool.c b/source3/client/smbspool.c
index 22071613677..ad988eb0df9 100644
--- a/source3/client/smbspool.c
+++ b/source3/client/smbspool.c
@@ -61,12 +61,27 @@
  * Local functions...
  */
 
-static int      get_exit_code(struct cli_state * cli, NTSTATUS nt_status);
+static int      get_exit_code(NTSTATUS nt_status);
 static void     list_devices(void);
-static struct cli_state *smb_complete_connection(const char *, const char *,
-	int, const char *, const char *, const char *, const char *, int, bool *need_auth);
-static struct cli_state *smb_connect(const char *, const char *, int, const
-	char *, const char *, const char *, const char *, bool *need_auth);
+static NTSTATUS
+smb_complete_connection(struct cli_state **output_cli,
+			const char *myname,
+			const char *server,
+			int port,
+			const char *username,
+			const char *password,
+			const char *workgroup,
+			const char *share,
+			int flags);
+static NTSTATUS


-- 
Samba Shared Repository



More information about the samba-cvs mailing list