[SCM] Samba Shared Repository - branch v4-10-stable updated

Karolin Seeger kseeger at samba.org
Wed May 22 10:27:38 UTC 2019


The branch, v4-10-stable has been updated
       via  8e479542e28 VERSION: Disable GIT_SNAPSHOT for the 4.10.4 release.
       via  def2c7dabc9 Merge 'origin/v4-10-stable' into the real 4.10.4 release
       via  fa9de54681b WHATSNEW: Add release notes for Samba 4.10.4.
       via  d6243acb3ac ctdb-common: Fix memory leak in run_proc
       via  0d4280abf98 ctdb-common: Fix memory leak
       via  32065a0772e ctdb-recoverd: Fix memory leak
       via  417a4d2c3cc vfs_ceph: fix cephwrap_flistxattr() debug message
       via  4c02823ab51 s3:smbspool: Fix regression printing with Kerberos credentials
       via  5c9489ba557 s3: SMB1: Don't allow recvfile on stream fsp's.
       via  198cb5b0550 s3:smbd: don't use recvfile on streams
       via  f7ffa7a007f s3:utils: If share is NULL in smbcacls, don't print it
       via  b0e862a64a7 s3:utils: If share is NULL in smbcquotas, don't print it
       via  601cb1d5726 s3:winbindd: Do not free db_path in idmap_tdb2 before we printed it
       via  5b6adbb0f05 ctdb:common: Do not print NULL if we don't get a sockpath
       via  b578a2df99f s4:torture: Do not free full_name before we printed it
       via  4113054a7ce lib:torture: Fix string comparison macros where we directly pass NULL
       via  a81f78ce4e4 s4:torture: Do not print NULL strings we just checked before
       via  b522ed38de1 s4:ntvfs: Do not free eadb before we printed an error
       via  405872948fa s3:rpc_server: Do not free the tdbname before we printed it
       via  4f0a4fac3de s4:auth: Fix debug statement in gensec_gssapi
       via  8542379bde8 s3 rpc_client: Fix Asan stack use after scope
       via  8a320aad332 ctdb-daemon: Never use 0 as a client ID
       via  6aa0fd8b7cd s4 lib socket: Ensure address string owned by parent struct
       via  385a36b7e7c nsswitch pam_winbind: Fix Asan use after free
       via  52ba5136f2f ctdb-tests: Fix logic error in simple ctdb reloadips test
       via  63a59de4f0f ctdb-tests: Make ctdb reloadips tests more reliable
       via  efb35a1a695 ctdb-tests: Capture output in $out on failure as well
       via  65bf14afd83 ctdb-tests: Remove old socket wrapper state directory during setup
       via  33739d55569 ctdb-tests: Actually restart if cluster doesn't become healthy
       via  0cdf5c6b5ce ctdb-tests: Don't clean up test var directory in autotest target
       via  3582e306606 ctdb-tests: Fix usage message
       via  b8cf1594a73 ctdb-tests: Wait to allow database attach/detach to take effect
       via  221da170256 ctdb-tests: Avoid bulk output in $out, prefer $outfile
       via  2044466dd3e ctdb-tests: Make try_command_on_node less error-prone
       via  8bb1726f6a7 ctdb-tests: Change sanity_check_output() to internally use $out
       via  c054f19fb37 ctdb-tests: Extend test to cover ctdb rddumpmemory
       via  8c9abb2749f ctdb-tools: Fix ctdb dumpmemory to avoid printing trailing NUL
       via  42b32da4160 smbd: implement SMB_FILE_NORMALIZED_NAME_INFORMATION handling
       via  5308f042e67 s4:torture/smb2: add smb2.getinfo.normalized test
       via  3205d032781 s4:libcli/raw: add RAW_FILEINFO_NORMALIZED_NAME_INFORMATION support
       via  07382f0765a smbd: allow case insensitive opens of named streams
       via  649dd7bce86 s4:torture/smb2: add smb2.stream.names3 test
       via  f4a603a9f32 s3: modules: ceph: use current working directory instead of share path
       via  de505618e60 s3:debug: enable logging for early startup failures
       via  c584a4b4dfb s3:debug: adjust indention
       via  c7f25b25d3a s3:debug: use struct initializer
       via  1fa6a46fa53 winbind: Fix overlapping id ranges
       via  24d39db5c37 selftest: Add trusted domain tests for idmap_ad
       via  3a46730f12e selftest: Pass trusted domain information to idmap_ad test
       via  c3c2f3707a0 selftest: Add idmap configuration for trusted domain for idmap_ad
       via  79c04524c38 selftest: Make trusted domain information available for idmap_ad environment
       via  28b5ff2ccf7 selftest: Use fl2008r2dc for ad_member_idmap_ad
       via  38746ec0a3e selftest: Add gid-to-sid lookup to idmap_ad test
       via  9c167fa8628 lib util debug: Increase format buffer to 4KiB
       via  2cc3b4c42c5 lib: Initialize getline() arguments
       via  d1962a5f527 pytests/dns: use 2.6 compatible syntax
       via  893ac2a6b20 netcmd: Fix passwordsettings --max-pwd-age command
       via  afc2243b478 netcmd: Add some timestamp conversion helper functions
       via  36da4c095de netcmd: Use python constant for -0x8000000000000000
       via  1efa1e01194 tests: Add test for setting min/maxPwdAge
       via  ea74b0eb2ef dbcheck: fix the err_empty_attribute() check
       via  b01e1e3376b winbind: Use domain name from lsa query for sid_to_name cache entry
       via  9034980420d winbind: Return queried domain name from name_to_sid
       via  b519cd2156d winbind: Query domain from winbind sam_name_to_sid
       via  af48878005a winbind: Query domain from winbind rpc name_to_sid
       via  2670fe83374 winbind: Query domain from msrpc name_to_sid
       via  b7f79137dcd nsswitch: Add testcase for checking output of wbinfo --sid-to-name
       via  2ad7a4a6477 VERSION: Bump version up to 4.10.4.
       via  c0a8bd3d66e Merge tag 'samba-4.10.3' into v4-10-test
       via  c7b67d3cb37 s3/vfs_glusterfs: Dynamically determine NAME_MAX
       via  3c027df87fe s3/vfs_glusterfs_fuse: Dynamically determine NAME_MAX
       via  faa61e3c878 docs/vfs_ceph: describe new ACL behaviour
       via  bd3c73e0861 vfs_ceph: explicitly enable libcephfs POSIX ACL support
       via  822df5a6dc1 smb2_server: grant all 8192 credits to clients
       via  d508ec61012 vfs_default: fix vfswrap_offload_write_send() NT_STATUS_INVALID_VIEW_SIZE check
       via  cfdec9a8563 vfs_default: fix DEBUG messages in vfswrap_offload_write_*_done()
       via  5d418910795 vfs_snapper: drop unneeded fstat handler
       via  94b7fcba46e smb2_tcon: avoid STATUS_PENDING completely on tdis
       via  0acd5de3532 smb2_sesssetup: avoid STATUS_PENDING completely on session logoff
       via  3e4d622e296 smb2_tcon: avoid STATUS_PENDING responses for tree connect
       via  914d7c53f4d smb2_sesssetup: avoid STATUS_PENDING responses for session setup
       via  d0f5c69b11a smb2_server: allow smbd_smb2_request_pending_queue(0) to avoid STATUS_PENDING
       via  690ba5dc876 s3:smbd: handle IO_REPARSE_TAG_DFS in SMB_FIND_FILE_FULL_DIRECTORY_INFO
       via  e23fdfe6730 ctdb-common: Avoid race between fd and signal events
       via  8f43d725d36 ctdb-daemon: Revert "We can not assume that just because we could complete a TCP handshake"
       via  182f329f541 torture: Add test for talloc size accounting in memcache
       via  1a82c4b9532 memcache: Increase size of default memcache to 512k
       via  43f3544e83f memcache: Properly track the size of talloc objects
       via  d4ea61f5615 memcache: Introduce struct for storing talloc pointer
       via  6baf1529a81 ctdb-scripts: Update statd-callout to try several configuration files
       via  12f6eae2c9a ctdb-scripts: Allow load_system_config() to take multiple alternatives
       via  53e76ab4a8c ctdb-tests: Update NFS test infrastructure to support systemd services
       via  80c6b7d3914 ctdb-scripts: Add systemd services to NFS call-out
       via  002beda318b ctdb-scripts: Start NFS quota service if defined
       via  ee78bddd083 ctdb-scripts: Stop/start mount/rquotad/status via NFS call-out
       via  aaf8b6a66c0 ctdb-scripts: Factor out nfs_load_config()
       via  b2aa818e4d8 ctdb-scripts: Add test variable CTDB_NFS_DISTRO_STYLE
       via  a1275fedd21 ctdb-scripts: Rename variable nfslock_service to nfs_lock_service
       via  63453eb3fb6 ctdb-scripts: Reindent some functions prior to making changes
       via  dda1c48a47c py/provision: fix for Python 2.6
       via  bdf59b416d2 s3-libnet_join: allow fallback to NTLMSSP auth in libnet_join
       via  f85efe206f9 s3-libnet_join: setup libnet join error string when AD connect fails
       via  05709dbaf2d s3-libnet_join: always pass down admin domain to ads layer
       via  837a141a4d9 s3:ldap: Leave add machine code early for pre-existing accounts
       via  78f308084f5 s3:libads: Make sure we can lookup KDCs which are not configured
       via  bd573b37c60 s3:libnet: Use more secure name for the JOIN krb5.conf
       via  936594d66b7 auth:creds: Prefer the principal over DOMAIN/username when using NTLM
       via  0b00c7a2d0a auth:ntlmssp: Add back CRAP ndr debug output
       via  2e96408eac8 s3:libnet: Fix debug message in libnet_DomainJoin()
       via  461090e0a12 s3:libsmb: Add some useful debug output to cliconnect
       via  ada3417c5cb s3:libads: Print more information when LDAP fails
       via  54571d3325f docs: Update smbclient manpage for --max-protocol
       via  cf323d769f0 VERSION: Bump version up to 4.10.3.
       via  ebf34098fa3 Merge tag 'samba-4.10.2' into v4-10-test
       via  61c4d715a73 VERSION: Bump version up to 4.10.2...
      from  8eb462bf914 Merge tag 'samba-4.10.3' into v4-10-stable

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-10-stable


- Log -----------------------------------------------------------------
commit 8e479542e28d3b52a940fc12c9e72d782d953d00
Author: Karolin Seeger <kseeger at samba.org>
Date:   Wed May 22 11:49:22 2019 +0200

    VERSION: Disable GIT_SNAPSHOT for the 4.10.4 release.
    
    Signed-off-by: Karolin Seeger <kseeger at samba.org>

commit def2c7dabc9d538587a39a3bf75605d8fd89b974
Merge: fa9de54681b 8eb462bf914
Author: Karolin Seeger <kseeger at samba.org>
Date:   Wed May 22 12:14:55 2019 +0200

    Merge 'origin/v4-10-stable' into the real 4.10.4 release
    
    Signed-off-by: Karolin Seeger <kseeger at samba.org>
    Signed-off-by: Stefan Metzmacher <metze at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 VERSION                                            |   2 +-
 WHATSNEW.txt                                       | 120 +++++++-
 auth/credentials/credentials.c                     |   2 +-
 auth/ntlmssp/ntlmssp_client.c                      |  32 +++
 ctdb/common/event_script.c                         |   3 +-
 ctdb/common/run_proc.c                             |  14 +-
 ctdb/common/sock_daemon.c                          |   2 +-
 ctdb/config/functions                              |  19 +-
 ctdb/config/nfs-checks.d/10.status.check           |   4 +-
 ctdb/config/nfs-checks.d/40.mountd.check           |   4 +-
 ctdb/config/nfs-checks.d/50.rquotad.check          |   4 +-
 ctdb/config/nfs-linux-kernel-callout               | 259 +++++++++++++----
 ctdb/config/statd-callout                          |   3 +-
 ctdb/server/ctdb_daemon.c                          |  48 +++-
 ctdb/server/ctdb_recoverd.c                        |   2 +-
 ctdb/tcp/tcp_connect.c                             |   3 +
 ctdb/tests/complex/11_ctdb_delip_removes_ip.sh     |  10 +-
 ctdb/tests/complex/18_ctdb_reloadips.sh            |  43 ++-
 ctdb/tests/complex/32_cifs_tickle.sh               |   7 -
 ctdb/tests/complex/36_smb_reset_server.sh          |  12 +-
 ctdb/tests/complex/37_nfs_reset_server.sh          |   4 +-
 ctdb/tests/complex/60_rogueip_releaseip.sh         |   2 +-
 ctdb/tests/complex/scripts/local.bash              |   5 +-
 ctdb/tests/eventscripts/scripts/60.nfs.sh          |  99 ++++++-
 ctdb/tests/local_daemons.sh                        |   1 +
 ctdb/tests/run_tests.sh                            |   2 +-
 ctdb/tests/scripts/integration.bash                |  72 +++--
 ctdb/tests/simple/02_ctdb_tunables.sh              |   6 +-
 ctdb/tests/simple/05_ctdb_listnodes.sh             |   5 +-
 ctdb/tests/simple/08_ctdb_isnotrecmaster.sh        |  10 +-
 ctdb/tests/simple/09_ctdb_ping.sh                  |   6 +-
 ctdb/tests/simple/11_ctdb_ip.sh                    |  14 +-
 ctdb/tests/simple/12_ctdb_getdebug.sh              |   3 +-
 ctdb/tests/simple/14_ctdb_statistics.sh            |   2 +-
 ctdb/tests/simple/15_ctdb_statisticsreset.sh       |  21 +-
 ctdb/tests/simple/18_ctdb_reloadips.sh             |  70 +++--
 ctdb/tests/simple/19_ip_takeover_noop.sh           |   4 +-
 ctdb/tests/simple/20_delip_iface_gc.sh             |  10 +-
 ctdb/tests/simple/21_ctdb_attach.sh                |  49 ++--
 ctdb/tests/simple/23_ctdb_moveip.sh                |  25 +-
 ctdb/tests/simple/24_ctdb_getdbmap.sh              |  10 +-
 ctdb/tests/simple/25_dumpmemory.sh                 |   9 +-
 ..._ctdb_config_check_error_on_unreachable_ctdb.sh |   6 +-
 ctdb/tests/simple/27_ctdb_detach.sh                |  71 +++--
 ctdb/tests/simple/35_ctdb_getreclock.sh            |   2 +-
 ctdb/tests/simple/51_message_ring.sh               |  14 +-
 ctdb/tests/simple/52_fetch_ring.sh                 |  14 +-
 ctdb/tests/simple/53_transaction_loop.sh           |   4 +-
 ctdb/tests/simple/54_transaction_loop_recovery.sh  |   4 +-
 ctdb/tests/simple/55_ctdb_ptrans.sh                |  12 +-
 .../simple/56_replicated_transaction_recovery.sh   |   4 +-
 ctdb/tests/simple/58_ctdb_restoredb.sh             |   8 +-
 ctdb/tests/simple/69_recovery_resurrect_deleted.sh |  10 +-
 ctdb/tests/simple/70_recoverpdbbyseqnum.sh         |   4 +-
 ctdb/tests/simple/71_ctdb_wipedb.sh                |   4 +-
 ctdb/tests/simple/72_update_record_persistent.sh   |   4 +-
 ctdb/tests/simple/75_readonly_records_basic.sh     |  24 +-
 ctdb/tests/simple/77_ctdb_db_recovery.sh           |   6 +-
 ctdb/tests/simple/79_volatile_db_traverse.sh       |   4 +-
 ctdb/tests/simple/80_ctdb_traverse.sh              |   2 +-
 ctdb/tests/simple/81_tunnel_ring.sh                |  14 +-
 ctdb/tests/simple/90_debug_hung_script.sh          |   6 +-
 ctdb/tools/ctdb.c                                  |  10 +-
 ctdb/wscript                                       |   2 +-
 docs-xml/manpages/smbclient.1.xml                  |   6 +-
 docs-xml/manpages/vfs_ceph.8.xml                   |  11 +
 docs-xml/smbdotconf/filename/maxstatcachesize.xml  |   2 +-
 lib/param/loadparm.c                               |   2 +-
 lib/torture/torture.h                              |   8 +-
 lib/util/debug.c                                   |   2 +-
 lib/util/debug_s3.c                                |  44 ++-
 lib/util/memcache.c                                |  54 +++-
 libcli/dns/resolvconf.c                            |   2 +-
 nsswitch/pam_winbind.c                             |   5 +
 nsswitch/tests/test_idmap_ad.sh                    | 137 ++++++++-
 nsswitch/tests/test_wbinfo_name_lookup.sh          |  15 +
 python/samba/dbchecker.py                          |   2 +-
 python/samba/netcmd/domain.py                      |  56 +++-
 python/samba/provision/__init__.py                 |   2 +-
 python/samba/tests/dns.py                          |   2 +-
 python/samba/tests/samba_tool/passwordsettings.py  |  38 +++
 selftest/knownfail                                 |   3 -
 selftest/target/Samba3.pm                          |  11 +-
 source3/client/smbspool.c                          |   2 +-
 source3/libads/kerberos.c                          |  12 +-
 source3/libads/ldap.c                              |  22 +-
 source3/libnet/libnet_join.c                       |  29 +-
 source3/libsmb/cliconnect.c                        |  13 +
 source3/modules/vfs_ceph.c                         |  20 +-
 source3/modules/vfs_default.c                      |  47 +++-
 source3/modules/vfs_glusterfs.c                    |  37 ++-
 source3/modules/vfs_glusterfs_fuse.c               |  32 ++-
 source3/modules/vfs_snapper.c                      |  19 --
 source3/param/loadparm.c                           |   2 +-
 source3/rpc_client/cli_netlogon.c                  |  13 +-
 source3/rpc_server/eventlog/srv_eventlog_nt.c      |   4 +-
 source3/selftest/tests.py                          |   2 +-
 source3/smbd/filename.c                            |  72 ++++-
 source3/smbd/reply.c                               |   4 +
 source3/smbd/smb2_getinfo.c                        |   9 +
 source3/smbd/smb2_server.c                         |  22 +-
 source3/smbd/smb2_sesssetup.c                      |  17 +-
 source3/smbd/smb2_tcon.c                           |  12 +-
 source3/smbd/trans2.c                              |  63 ++++-
 source3/torture/torture.c                          |  70 ++++-
 source3/utils/smbcacls.c                           |   4 +-
 source3/utils/smbcquotas.c                         |   4 +-
 source3/winbindd/idmap_tdb2.c                      |   4 +-
 source3/winbindd/wb_xids2sids.c                    |  12 +-
 source3/winbindd/winbindd.h                        |   1 +
 source3/winbindd/winbindd_ads.c                    |   3 +-
 source3/winbindd/winbindd_cache.c                  |   5 +-
 source3/winbindd/winbindd_msrpc.c                  |  15 +-
 source3/winbindd/winbindd_reconnect.c              |   5 +-
 source3/winbindd/winbindd_reconnect_ads.c          |   5 +-
 source3/winbindd/winbindd_rpc.c                    |  15 +-
 source3/winbindd/winbindd_rpc.h                    |   1 +
 source3/winbindd/winbindd_samr.c                   |  11 +
 source4/auth/gensec/gensec_gssapi.c                |   9 +-
 source4/lib/socket/socket_ip.c                     |   2 +-
 source4/libcli/raw/interfaces.h                    |  16 +-
 source4/libcli/raw/rawfileinfo.c                   |  11 +
 source4/libcli/raw/trans2.h                        |   1 +
 source4/ntvfs/ntvfs_generic.c                      |   2 +
 source4/ntvfs/posix/pvfs_qfileinfo.c               |   2 +
 source4/ntvfs/posix/vfs_posix.c                    |   2 +-
 source4/torture/gentest.c                          |   4 +
 source4/torture/rpc/drsuapi_cracknames.c           |   8 +-
 source4/torture/smb2/getinfo.c                     | 311 +++++++++++++++++++++
 source4/torture/smb2/streams.c                     | 115 ++++++++
 source4/torture/vfs/fruit.c                        |   2 +-
 131 files changed, 2192 insertions(+), 554 deletions(-)


Changeset truncated at 500 lines:

diff --git a/VERSION b/VERSION
index 2b49166b9c6..cddf98545d9 100644
--- a/VERSION
+++ b/VERSION
@@ -25,7 +25,7 @@
 ########################################################
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=10
-SAMBA_VERSION_RELEASE=3
+SAMBA_VERSION_RELEASE=4
 
 ########################################################
 # If a official release has a serious bug              #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 8472caa032c..21aef0c4960 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,119 @@
+                   ==============================
+                   Release Notes for Samba 4.10.4
+                            May 22, 2019
+                   ==============================
+
+
+This is the latest stable release of the Samba 4.10 release series.
+
+
+Changes since 4.10.3:
+---------------------
+
+o  Jeremy Allison <jra at samba.org>
+   * BUG 13938: s3: SMB1: Don't allow recvfile on stream fsp's.
+
+o  Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
+   * BUG 13882: py/provision: Fix for Python 2.6.
+
+o  Tim Beale <timbeale at catalyst.net.nz>
+   * BUG 13873: netcmd: Fix 'passwordsettings --max-pwd-age' command.
+
+o  Ralph Boehme <slow at samba.org>
+   * BUG 13938: s3:smbd: Don't use recvfile on streams.
+
+o  G√ľnther Deschner <gd at samba.org>
+   * BUG 13861: s3-libnet_join: 'net ads join' to child domain fails when using
+     "-U admin at forestroot".
+
+o  David Disseldorp <ddiss at samba.org>
+   * BUG 13896: vfs_ceph: Explicitly enable libcephfs POSIX ACL support.
+   * BUG 13940: vfs_ceph: Fix cephwrap_flistxattr() debug message.
+
+o  Amitay Isaacs <amitay at gmail.com>
+   * BUG 13895: ctdb-common: Avoid race between fd and signal events.
+   * BUG 13943: ctdb-common: Fix memory leak in run_proc.
+
+o  Volker Lendecke <vl at samba.org>
+   * BUG 13892: lib: Initialize getline() arguments.
+   * BUG 13903: winbind: Fix overlapping id ranges.
+
+o  Gary Lockyer <gary at catalyst.net.nz>
+   * BUG 13902: lib util debug: Increase format buffer to 4KiB.
+   * BUG 13927: nsswitch pam_winbind: Fix Asan use after free.
+   * BUG 13929: s4 lib socket: Ensure address string owned by parent struct.
+   * BUG 13936: s3 rpc_client: Fix Asan stack use after scope.
+
+o  Stefan Metzmacher <metze at samba.org>
+   * BUG 10097: s3:smbd: Handle IO_REPARSE_TAG_DFS in
+     SMB_FIND_FILE_FULL_DIRECTORY_INFO.
+   * BUG 10344: smb2_tcon: Avoid STATUS_PENDING completely on tdis.
+   * BUG 12845: smb2_sesssetup: avoid STATUS_PENDING responses for session
+     setup.
+   * BUG 13698: smb2_tcon: Avoid STATUS_PENDING completely on tdis.
+   * BUG 13796: smb2_sesssetup: avoid STATUS_PENDING responses for session
+     setup.
+   * BUG 13843: dbcheck: Fix the err_empty_attribute() check.
+   * BUG 13858: vfs_snapper: Drop unneeded fstat handler.
+   * BUG 13862: vfs_default: Fix vfswrap_offload_write_send()
+     NT_STATUS_INVALID_VIEW_SIZE check.
+   * BUG 13863: smb2_server: Grant all 8192 credits to clients.
+   * BUG 13919: smbd: Implement SMB_FILE_NORMALIZED_NAME_INFORMATION handling.
+
+o  Anoop C S <anoopcs at redhat.com>
+   * BUG 13872: s3/vfs_glusterfs: Dynamically determine NAME_MAX.
+
+o  Robert Sander <r.sander at heinlein-support.de>
+   * BUG 13918: s3: modules: ceph: Use current working directory instead of
+     share path.
+
+o  Christof Schmitt <cs at samba.org>
+   * BUG 13831: winbind: Use domain name from lsa query for sid_to_name cache
+     entry.
+   * BUG 13865: memcache: Increase size of default memcache to 512k.
+
+o  Andreas Schneider <asn at samba.org>
+   * BUG 13857: docs: Update smbclient manpage for "--max-protocol".
+   * BUG 13861: 'net ads join' to child domain fails when using
+     "-U admin at forestroot".
+   * BUG 13937: s3:utils: If share is NULL in smbcacls, don't print it.
+   * BUG 13939: s3:smbspool: Fix regression printing with Kerberos credentials.
+
+o  Martin Schwenke <martin at meltin.net>
+   * BUG 13860: ctdb-scripts: CTDB restarts failed NFS RPC services by hand,
+     which is incompatible with systemd.
+   * BUG 13888: ctdb-daemon: Revert "We can not assume that just because we
+     could complete a TCP handshake".
+   * BUG 13930: ctdb-daemon: Never use 0 as a client ID.
+   * BUG 13943: ctdb-common: Fix memory leak.
+
+o  Ralph Wuerthner <ralph.wuerthner at de.ibm.com>
+   * BUG 13904: s3:debug: Enable logging for early startup failures.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical IRC channel on irc.freenode.net.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the "Samba 4.1 and newer" product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
+
                    ==============================
                    Release Notes for Samba 4.10.3
                             May 14, 2019
@@ -49,8 +165,8 @@ database (https://bugzilla.samba.org/).
 ======================================================================
 
 
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
+
 
                    ==============================
                    Release Notes for Samba 4.10.2
diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index 4663185c979..7ef58d0752c 100644
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -1115,7 +1115,7 @@ _PUBLIC_ void cli_credentials_get_ntlm_username_domain(struct cli_credentials *c
 					      const char **username, 
 					      const char **domain) 
 {
-	if (cred->principal_obtained > cred->username_obtained) {
+	if (cred->principal_obtained >= cred->username_obtained) {
 		*domain = talloc_strdup(mem_ctx, "");
 		*username = cli_credentials_get_principal(cred, mem_ctx);
 	} else {
diff --git a/auth/ntlmssp/ntlmssp_client.c b/auth/ntlmssp/ntlmssp_client.c
index ab406a2c5be..8e49dcee5ea 100644
--- a/auth/ntlmssp/ntlmssp_client.c
+++ b/auth/ntlmssp/ntlmssp_client.c
@@ -342,6 +342,22 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
 		}
 	}
 
+	if (DEBUGLEVEL >= 10) {
+		struct CHALLENGE_MESSAGE *challenge =
+			talloc(ntlmssp_state, struct CHALLENGE_MESSAGE);
+		if (challenge != NULL) {
+			NTSTATUS status;
+			challenge->NegotiateFlags = chal_flags;
+			status = ntlmssp_pull_CHALLENGE_MESSAGE(
+					&in, challenge, challenge);
+			if (NT_STATUS_IS_OK(status)) {
+				NDR_PRINT_DEBUG(CHALLENGE_MESSAGE,
+						challenge);
+			}
+			TALLOC_FREE(challenge);
+		}
+	}
+
 	if (chal_flags & NTLMSSP_TARGET_TYPE_SERVER) {
 		ntlmssp_state->server.is_standalone = true;
 	} else {
@@ -702,6 +718,22 @@ NTSTATUS ntlmssp_client_challenge(struct gensec_security *gensec_security,
 		return nt_status;
 	}
 
+	if (DEBUGLEVEL >= 10) {
+		struct AUTHENTICATE_MESSAGE *authenticate =
+			talloc(ntlmssp_state, struct AUTHENTICATE_MESSAGE);
+		if (authenticate != NULL) {
+			NTSTATUS status;
+			authenticate->NegotiateFlags = ntlmssp_state->neg_flags;
+			status = ntlmssp_pull_AUTHENTICATE_MESSAGE(
+				out, authenticate, authenticate);
+			if (NT_STATUS_IS_OK(status)) {
+				NDR_PRINT_DEBUG(AUTHENTICATE_MESSAGE,
+						authenticate);
+			}
+			TALLOC_FREE(authenticate);
+		}
+	}
+
 	/*
 	 * We always include the MIC, even without:
 	 * av_flags->Value.AvFlags |= NTLMSSP_AVFLAG_MIC_IN_AUTHENTICATE_MESSAGE;
diff --git a/ctdb/common/event_script.c b/ctdb/common/event_script.c
index 8978d1452c0..8bdfdd0b5ca 100644
--- a/ctdb/common/event_script.c
+++ b/ctdb/common/event_script.c
@@ -117,7 +117,8 @@ int event_script_get_list(TALLOC_CTX *mem_ctx,
 	}
 
 	*out = script_list;
-	return 0;
+	ret = 0;
+	goto done;
 
 nomem:
 	ret = ENOMEM;
diff --git a/ctdb/common/run_proc.c b/ctdb/common/run_proc.c
index 97895b383b9..0c3c1de72fe 100644
--- a/ctdb/common/run_proc.c
+++ b/ctdb/common/run_proc.c
@@ -295,13 +295,22 @@ again:
 		proc->result.sig = WTERMSIG(status);
 	}
 
+	/* Confirm that all data has been read from the pipe */
+	if (proc->fd != -1) {
+		proc_read_handler(ev, proc->fde, 0, proc);
+		TALLOC_FREE(proc->fde);
+		proc->fd = -1;
+	}
+
+	DLIST_REMOVE(run_ctx->plist, proc);
+
 	/* Active run_proc request */
 	if (proc->req != NULL) {
 		run_proc_done(proc->req);
+	} else {
+		talloc_free(proc);
 	}
 
-	DLIST_REMOVE(run_ctx->plist, proc);
-
 	goto again;
 }
 
@@ -419,6 +428,7 @@ static void run_proc_done(struct tevent_req *req)
 	if (state->proc->output != NULL) {
 		state->output = talloc_steal(state, state->proc->output);
 	}
+	talloc_steal(state, state->proc);
 
 	tevent_req_done(req);
 }
diff --git a/ctdb/common/sock_daemon.c b/ctdb/common/sock_daemon.c
index e5e16f8af12..6298653f4ec 100644
--- a/ctdb/common/sock_daemon.c
+++ b/ctdb/common/sock_daemon.c
@@ -893,7 +893,7 @@ static void sock_daemon_run_socket_fail(struct tevent_req *subreq)
 		subreq, struct tevent_req);
 	struct sock_daemon_run_state *state = tevent_req_data(
 		req, struct sock_daemon_run_state);
-	const char *sockpath = NULL;
+	const char *sockpath = "INVALID";
 	int ret = 0;
 	bool status;
 
diff --git a/ctdb/config/functions b/ctdb/config/functions
index 7a47c9d8e79..1dc16532890 100755
--- a/ctdb/config/functions
+++ b/ctdb/config/functions
@@ -33,15 +33,16 @@ fi
 
 load_system_config ()
 {
-	if [ -z "$1" ] ; then
-		return
-	fi
-
-	if [ -f "${CTDB_SYS_ETCDIR}/sysconfig/$1" ]; then
-		. "${CTDB_SYS_ETCDIR}/sysconfig/$1"
-	elif [ -f "${CTDB_SYS_ETCDIR}/default/$1" ]; then
-		. "${CTDB_SYS_ETCDIR}/default/$1"
-	fi
+	for _i ; do
+
+		if [ -f "${CTDB_SYS_ETCDIR}/sysconfig/${_i}" ]; then
+			. "${CTDB_SYS_ETCDIR}/sysconfig/${_i}"
+			return
+		elif [ -f "${CTDB_SYS_ETCDIR}/default/${_i}" ]; then
+			. "${CTDB_SYS_ETCDIR}/default/${_i}"
+			return
+		fi
+	done
 }
 
 # load_script_options [ component script ]
diff --git a/ctdb/config/nfs-checks.d/10.status.check b/ctdb/config/nfs-checks.d/10.status.check
index dfa5c59117e..b8ce1e0ad0b 100644
--- a/ctdb/config/nfs-checks.d/10.status.check
+++ b/ctdb/config/nfs-checks.d/10.status.check
@@ -2,6 +2,6 @@
 version="1"
 restart_every=2
 unhealthy_after=6
-service_stop_cmd="killall -q -9 rpc.statd"
-service_start_cmd="rpc.statd ${STATD_HA_CALLOUT:+-H} $STATD_HA_CALLOUT ${STATD_HOSTNAME:+-n} $STATD_HOSTNAME ${STATD_PORT:+-p} $STATD_PORT ${STATD_OUTGOING_PORT:+-o} $STATD_OUTGOING_PORT"
+service_stop_cmd="$CTDB_NFS_CALLOUT stop status"
+service_start_cmd="$CTDB_NFS_CALLOUT start status"
 service_debug_cmd="program_stack_traces rpc.statd 5"
diff --git a/ctdb/config/nfs-checks.d/40.mountd.check b/ctdb/config/nfs-checks.d/40.mountd.check
index 56b3fd29512..bfe4c277ce9 100644
--- a/ctdb/config/nfs-checks.d/40.mountd.check
+++ b/ctdb/config/nfs-checks.d/40.mountd.check
@@ -2,6 +2,6 @@
 version="1"
 restart_every=2
 unhealthy_after=6
-service_stop_cmd="killall -q -9 rpc.mountd"
-service_start_cmd="rpc.mountd $RPCMOUNTDOPTS ${MOUNTD_PORT:+-p} $MOUNTD_PORT"
+service_stop_cmd="$CTDB_NFS_CALLOUT stop mountd"
+service_start_cmd="$CTDB_NFS_CALLOUT start mountd"
 service_debug_cmd="program_stack_traces rpc.mountd 5"
diff --git a/ctdb/config/nfs-checks.d/50.rquotad.check b/ctdb/config/nfs-checks.d/50.rquotad.check
index b7bd9d2c757..98bd8d98fce 100644
--- a/ctdb/config/nfs-checks.d/50.rquotad.check
+++ b/ctdb/config/nfs-checks.d/50.rquotad.check
@@ -2,6 +2,6 @@
 version="1"
 restart_every=2
 unhealthy_after=6
-service_stop_cmd="killall -q -9 rpc.rquotad"
-service_start_cmd="rpc.rquotad ${RQUOTAD_PORT:+-p} $RQUOTAD_PORT"
+service_stop_cmd="$CTDB_NFS_CALLOUT stop rquotad"
+service_start_cmd="$CTDB_NFS_CALLOUT start rquotad"
 service_debug_cmd="program_stack_traces rpc.rquotad 5"
diff --git a/ctdb/config/nfs-linux-kernel-callout b/ctdb/config/nfs-linux-kernel-callout
index 9b72446b44e..3d1dc63c590 100755
--- a/ctdb/config/nfs-linux-kernel-callout
+++ b/ctdb/config/nfs-linux-kernel-callout
@@ -12,20 +12,66 @@ set -e
 # hook for testing.
 nfs_exports_file="${CTDB_NFS_EXPORTS_FILE:-/var/lib/nfs/etab}"
 
-# Red Hat
-nfs_service="nfs"
-nfslock_service="nfslock"
-nfs_config="/etc/sysconfig/nfs"
+# As above, edit the default value below.  CTDB_NFS_DISTRO_STYLE is a
+# test variable only.
+nfs_distro_style="${CTDB_NFS_DISTRO_STYLE:-sysvinit-redhat}"
+
+case "$nfs_distro_style" in
+systemd-*)
+	# Defaults
+	nfs_service="nfs-server"
+	nfs_lock_service="rpc-statd"
+	nfs_mountd_service="nfs-mountd"
+	nfs_status_service="rpc-statd"
+	nfs_rquotad_service="rpc-rquotad"
+	nfs_config="/etc/sysconfig/nfs"
+	nfs_rquotad_config="" # Not use with systemd, restart via service
+
+	case "$nfs_distro_style" in
+	*-redhat|*-suse)
+		: # Defaults only
+		;;
+	*-debian)
+		nfs_rquotad_service="quotarpc"
+		;;
+	*)
+		echo "Internal error"
+		exit 1
+	esac
+	;;
 
-# SUSE
-#nfs_service="nfsserver"
-#nfslock_service=""
-#nfs_config="/etc/sysconfig/nfs"
+sysvinit-*)
+	# Defaults
+	nfs_service="nfs"
+	nfs_lock_service=""
+	nfs_mountd_service=""
+	nfs_status_service=""
+	nfs_rquotad_service=""
+	nfs_config="/etc/sysconfig/nfs"
+	nfs_rquotad_config="$nfs_config"
+
+	case "$nfs_distro_style" in
+	*-redhat)
+		nfs_lock_service="nfslock"
+		;;
+	*-suse)
+		nfs_service="nfsserver"
+		;;
+	*-debian)
+		nfs_service="nfs-kernel-server"
+		nfs_config="/etc/default/nfs-kernel-server"
+		nfs_rquotad_config="/etc/default/quota"
+		;;
+	*)
+		echo "Internal error"
+		exit 1
+	esac
+	;;
 
-# Debian
-#nfs_service="nfs-kernel-server"
-#nfslock_service=""
-#nfs_config="/etc/default/nfs-kernel-server"
+*)
+	echo "Internal error"
+	exit 1
+esac
 
 # Override for unit testing
 if [ -z "$PROCFS_PATH" ] ; then
@@ -46,50 +92,70 @@ EOF
     exit 1
 }
 
+##################################################
+
+nfs_load_config ()
+{
+	_config="${1:-${nfs_config}}"
+
+	if [ -r "$_config" ] ; then
+		. "$_config"
+	fi
+}
 
 ##################################################
 # Basic service stop and start
 
 basic_stop ()
 {
-    case "$1" in
+	case "$1" in
 	nfs)
-	    service "$nfs_service" stop
-	    if [ -n "$nfslock_service" ] ; then
-		service "$nfslock_service" stop
-	    fi
-	    ;;
-	nfslock)
-	    if [ -n "$nfslock_service" ] ; then
-		service "$nfslock_service" stop
-	    else
+		if [ -n "$nfs_rquotad_service" ] ; then
+			service "$nfs_rquotad_service" stop
+		fi
+
 		service "$nfs_service" stop
-	    fi
-	    ;;
+
+		if [ -n "$nfs_lock_service" ] ; then
+			service "$nfs_lock_service" stop
+		fi
+		;;
+	nfslock)
+		if [ -n "$nfs_lock_service" ] ; then
+			service "$nfs_lock_service" stop
+		else
+			service "$nfs_service" stop
+		fi
+		;;
 	*)
-	    usage
-    esac
+		usage
+	esac
 }
 
 basic_start ()
 {
-    case "$1" in
+	case "$1" in
 	nfs)
-	    if [ -n "$nfslock_service" ] ; then
-		service "$nfslock_service" start
-	    fi
-	    service "$nfs_service" start
-	    ;;
-	nfslock)
-	    if [ -n "$nfslock_service" ] ; then
-		service "$nfslock_service" start
-	    else
+		if [ -n "$nfs_lock_service" ] ; then


-- 
Samba Shared Repository



More information about the samba-cvs mailing list