[SCM] Samba Shared Repository - branch v4-12-test updated

Karolin Seeger kseeger at samba.org
Mon Oct 26 14:43:03 UTC 2020


The branch, v4-12-test has been updated
       via  ae4d3932cfb docs: fix default value of spoolss:architecture
       via  c3c95e07443 winexe: add configure option to control whether to build it (default: auto)
       via  fd5ef942bad provision: BIND 9.17.x is not supported
       via  8a7fc998f09 provision: Add support for BIND 9.16.x
       via  7336a1c6755 bind9-dlz: Add support for BIND 9.16.x
       via  4ab29fb056a provision: BIND 9.15.x is not supported
       via  55d1f4e9f5e provision: Add support for BIND 9.14.x
       via  5400b928d42 bind9-dlz: Add support for BIND 9.14.x
       via  49eaec78a0b provision: BIND 9.13.x is not supported
       via  4cbeb5ca3c3 bind9-dlz: Bind 9.13.x switched to using bool as isc_boolean_t instead of int.
       via  d5933bfdee2 nsswitch/nsstest.c: Avoid nss function conflicts with glibc nss.h
       via  a127fb862b6 s4:dsdb:acl_read: Implement "List Object" mode feature
       via  66e64bf9a61 s4:dsdb:util: add dsdb_do_list_object() helper
       via  6073edb8c08 s4:dsdb:acl_read: defer LDB_ERR_NO_SUCH_OBJECT
       via  376fd7e1c0f s4:dsdb:acl_read: make use of aclread_check_object_visible() for the search base
       via  f6af56ad68a s4:dsdb:acl_read: fully set up 'struct aclread_context' before the search base acl check
       via  c1df795199c s4:dsdb:acl_read: introduce aclread_check_object_visible() helper
       via  1da871f7f24 s4:dsdb:tests: add AclVisibiltyTests
       via  62f7642b073 python/tests: add DynamicTestCase setUpDynamicTestCases() infrastructure
       via  3a1d5236678 ctdb-tests: Strengthen node state checking in ctdb disable/enable test
       via  3a4def14560 ctdb-recoverd: Drop unnecessary and broken code
       via  91a8a9a9850 ctdb-recoverd: Drop unnecessary code
      from  f4ce7990607 VERSION: Bump version up to 4.12.9...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-12-test


- Log -----------------------------------------------------------------
commit ae4d3932cfb107725ea052f9ac0dca8c9a52b162
Author: Björn Jacke <bjacke at samba.org>
Date:   Tue Oct 6 23:05:24 2020 +0200

    docs: fix default value of spoolss:architecture
    
    "Windows x64" is the default here since a couple of years already.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14522
    
    Signed-off-by: Bjoern Jacke <bjacke at samba.org>
    Reviewed-by: Jeremy Allison <jra at samba.org>
    
    Autobuild-User(master): Jeremy Allison <jra at samba.org>
    Autobuild-Date(master): Tue Oct  6 23:06:50 UTC 2020 on sn-devel-184
    
    (cherry picked from commit c587685dde2448d1f68ada47ce5ad42b02a118ce)
    
    Autobuild-User(v4-12-test): Karolin Seeger <kseeger at samba.org>
    Autobuild-Date(v4-12-test): Mon Oct 26 14:42:39 UTC 2020 on sn-devel-184

commit c3c95e0744331bce2fd69732c19f4f9ec3328425
Author: Günther Deschner <gd at samba.org>
Date:   Wed Mar 4 18:51:01 2020 +0100

    winexe: add configure option to control whether to build it (default: auto)
    
    Guenther
    
    Signed-off-by: Guenther Deschner <gd at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    
    Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
    Autobuild-Date(master): Mon Mar  9 16:27:21 UTC 2020 on sn-devel-184
    
    (cherry picked from commit 54c21a99e6ca54bdb963c70d322f6778b57a384f)

commit fd5ef942badd63cd21f267d73665c068f777140b
Author: Amitay Isaacs <amitay at gmail.com>
Date:   Mon Sep 14 09:45:50 2020 +1000

    provision: BIND 9.17.x is not supported
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14487
    
    Signed-off-by: Amitay Isaacs <amitay at gmail.com>
    Reviewed-by: Rowland Penny <rpenny at samba.org>
    
    Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
    Autobuild-Date(master): Thu Sep 24 05:55:43 UTC 2020 on sn-devel-184
    
    (cherry picked from commit 1bccc67ce7c6364a95fbfeb095938522671578a8)

commit 8a7fc998f0930145d74aa5e32ae67ae4bd996af0
Author: Amitay Isaacs <amitay at gmail.com>
Date:   Fri Sep 11 12:35:30 2020 +1000

    provision: Add support for BIND 9.16.x
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14487
    
    Signed-off-by: Amitay Isaacs <amitay at gmail.com>
    Reviewed-by: Rowland Penny <rpenny at samba.org>
    (cherry picked from commit 5b2ccb1c7cad5cded5dad37a18a7d42c1680b2f7)

commit 7336a1c67550281627b108a402b36c675c5247ce
Author: Amitay Isaacs <amitay at gmail.com>
Date:   Fri Sep 11 12:34:07 2020 +1000

    bind9-dlz: Add support for BIND 9.16.x
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14487
    
    Signed-off-by: Amitay Isaacs <amitay at gmail.com>
    Reviewed-by: Rowland Penny <rpenny at samba.org>
    (cherry picked from commit ca3c18a236dedfdfbf225dcfcd0418f1634d8759)

commit 4ab29fb056aebe4c6c6783e673a9f80f46c9e200
Author: Amitay Isaacs <amitay at gmail.com>
Date:   Mon Sep 14 09:45:04 2020 +1000

    provision: BIND 9.15.x is not supported
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14487
    
    Signed-off-by: Amitay Isaacs <amitay at gmail.com>
    Reviewed-by: Rowland Penny <rpenny at samba.org>
    (cherry picked from commit 4d09797652059c3ed5b2a4f94f2181ce14d39972)

commit 55d1f4e9f5ee1b0a57f86414f5e1698994a55b6c
Author: Amitay Isaacs <amitay at gmail.com>
Date:   Fri Sep 11 12:26:21 2020 +1000

    provision: Add support for BIND 9.14.x
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14487
    
    Signed-off-by: Amitay Isaacs <amitay at gmail.com>
    Reviewed-by: Rowland Penny <rpenny at samba.org>
    (cherry picked from commit 016c1174ef783990f93e348ee82f5c989c43cbbf)

commit 5400b928d426af5dc56234ce110a3871d88c015d
Author: Amitay Isaacs <amitay at gmail.com>
Date:   Fri Sep 11 12:24:51 2020 +1000

    bind9-dlz: Add support for BIND 9.14.x
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14487
    
    Signed-off-by: Amitay Isaacs <amitay at gmail.com>
    Reviewed-by: Rowland Penny <rpenny at samba.org>
    (cherry picked from commit a167a2154d4909e8e1f97d9f36d0e4c947f2d944)

commit 49eaec78a0b977663c84fd4c96fd7c6fc0a731d6
Author: Amitay Isaacs <amitay at gmail.com>
Date:   Mon Sep 14 09:44:10 2020 +1000

    provision: BIND 9.13.x is not supported
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14487
    
    Signed-off-by: Amitay Isaacs <amitay at gmail.com>
    Reviewed-by: Rowland Penny <rpenny at samba.org>
    (cherry picked from commit 95278618829227632b2bcb29fc272e600607ea41)

commit 4cbeb5ca3c387b9d893e729e339db1a9adbf03b4
Author: Amitay Isaacs <amitay at gmail.com>
Date:   Fri Sep 11 12:16:01 2020 +1000

    bind9-dlz: Bind 9.13.x switched to using bool as isc_boolean_t instead of int.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14487
    
    Signed-off-by: Amitay Isaacs <amitay at gmail.com>
    Reviewed-by: Rowland Penny <rpenny at samba.org>
    (cherry picked from commit cdb6c5d1eca1c0f6967941dbd1da07be6b53d302)

commit d5933bfdee2365c6b5745a3aca42a6d7a48eaf96
Author: Khem Raj <raj.khem at gmail.com>
Date:   Wed Jul 22 22:42:09 2020 -0700

    nsswitch/nsstest.c: Avoid nss function conflicts with glibc nss.h
    
    glibc 2.32 will define these varibles [1] which results in conflicts
    with these static function names, therefore prefix these function names
    with samba_ to avoid it
    
    [1] https://sourceware.org/git/?p=glibc.git;a=commit;h=499a92df8b9fc64a054cf3b7f728f8967fc1da7d
    
    Signed-off-by: Khem Raj <raj.khem at gmail.com>
    Reviewed-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: Noel Power <npower at samba.org>
    
    Autobuild-User(master): Noel Power <npower at samba.org>
    Autobuild-Date(master): Tue Jul 28 10:52:00 UTC 2020 on sn-devel-184
    
    (cherry picked from commit 6e496aa3635557b59792e469f7c7f8eccd822322)

commit a127fb862b6f9388f788c12ab390dbf8af0270c2
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Oct 13 12:43:39 2020 +0200

    s4:dsdb:acl_read: Implement "List Object" mode feature
    
    See [MS-ADTS] 5.1.3.3.6 Checking Object Visibility
    
    I tried to avoid any possible overhead for the common cases:
    
    - SEC_ADS_LIST (List Children) is already granted by default
    - fDoListObject is off by default
    
    Overhead is only added if the administrator turned on
    the fDoListObject feature and removed SEC_ADS_LIST (List Children)
    from a parent object.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14531
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
    
    Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
    Autobuild-Date(master): Wed Oct 21 08:48:02 UTC 2020 on sn-devel-184
    
    (cherry picked from commit 7223f6453b1b38c933c9480c637ffd06d9f39b97)

commit 66e64bf9a61525bd3b0eee111a9860349841fa6a
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Oct 6 11:21:34 2020 +0200

    s4:dsdb:util: add dsdb_do_list_object() helper
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14531
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
    (cherry picked from commit ffc0bdc6d49e88da1ee408956365da163ff3e1b2)

commit 6073edb8c08b14ed545abd39cf0d853686b9215e
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Oct 12 17:59:34 2020 +0200

    s4:dsdb:acl_read: defer LDB_ERR_NO_SUCH_OBJECT
    
    We may need to return child objects even if the base dn
    is invisible.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14531
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
    (cherry picked from commit e1529bedb2b6c8553e69a42537ac0cffd03af6d6)

commit 376fd7e1c0f0191e48732297d6062e98cbf78407
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Oct 6 15:10:33 2020 +0200

    s4:dsdb:acl_read: make use of aclread_check_object_visible() for the search base
    
    We should only have one place to do access checks.
    
    Use 'git show -w' to see the minimal diff.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14531
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
    (cherry picked from commit faff8e6c89777c38443e561235073c336cfb2e9c)

commit f6af56ad68a416e4d8e0ee374036a6fcbe36fe91
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Oct 6 15:10:33 2020 +0200

    s4:dsdb:acl_read: fully set up 'struct aclread_context' before the search base acl check
    
    This makes further change much easier.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14531
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
    (cherry picked from commit c4a3028de726d6708f57d02f9162a4d62d1b6ae7)

commit c1df795199c9e924a7214f7613e2b710e5a3ea16
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Oct 6 15:07:19 2020 +0200

    s4:dsdb:acl_read: introduce aclread_check_object_visible() helper
    
    In future this will do more than aclread_check_parent(),
    if we implement fDoListObject and SEC_ADS_LIST_OBJECT handling.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14531
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
    (cherry picked from commit d2dd7c2a5c1f8ee30f0f3b41f933d082b0c75f7c)

commit 1da871f7f24a0b285ef16ebfad9eae35b60649a4
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Oct 7 13:21:06 2020 +0200

    s4:dsdb:tests: add AclVisibiltyTests
    
    This tests a sorts of combinations in order to
    demonstrate the visibility of objects depending on:
    
    - with or without fDoListObject
    - with or without explicit DENY ACEs
    - A hierachy of objects with 4 levels from the base dn
    - SEC_ADS_LIST (List Children)
    - SEC_ADS_LIST_LIST_OBJECT (List Object)
    - SEC_ADS_READ_PROP
    - all possible scopes and basedns
    
    This demonstrates that NO_SUCH_OBJECT doesn't depend purely
    on the visibility of the base dn, it's still possible to
    get children returned und an invisible base dn.
    
    It also demonstrates the additional behavior with "List Object" mode.
    See [MS-ADTS] 5.1.3.3.6 Checking Object Visibility
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14531
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
    (cherry picked from commit 06d134406739e76b97273db3023855150dbaebbc)

commit 62f7642b073839f38fbbb4e97f6d15f672090444
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Apr 20 20:00:51 2020 +0200

    python/tests: add DynamicTestCase setUpDynamicTestCases() infrastructure
    
    This can be used in order to run a sepcific test (coded just once)
    with an autogenerated set of arguments.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14531
    
    Pair-Programmed-With: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
    (cherry picked from commit 80347deb544b38be6c6814e5d1b82e48ebe83fd1)

commit 3a1d5236678eb126d30b07602dd73d99b707aff8
Author: Martin Schwenke <martin at meltin.net>
Date:   Wed Sep 30 10:48:38 2020 +1000

    ctdb-tests: Strengthen node state checking in ctdb disable/enable test
    
    Check that the desired state is set on all nodes instead of just the
    test node.  This ensures that node flags have correctly propagated
    across the cluster.
    
    RN: Fix remaining ctdb disable/enable bug
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14513
    Signed-off-by: Martin Schwenke <martin at meltin.net>
    Reviewed-by: Amitay Isaacs <amitay at gmail.com>
    
    Autobuild-User(master): Amitay Isaacs <amitay at samba.org>
    Autobuild-Date(master): Tue Oct  6 04:32:06 UTC 2020 on sn-devel-184
    
    (cherry picked from commit b68105b8f7c20692d23d457f2777edcf44f12bb8)
    Signed-off-by: Martin Schwenke <martin at meltin.net>

commit 3a4def14560501db1fd226aa9ebd729b2b061542
Author: Martin Schwenke <martin at meltin.net>
Date:   Tue Jan 16 15:15:51 2018 +1100

    ctdb-recoverd: Drop unnecessary and broken code
    
    update_flags() has already updated the recovery master's canonical
    node map, based on the flags from each remote node, and pushed out
    these flags to all nodes.
    
    If i == j then the node map has already been updated from this remote
    node's flags, so simply drop this case.
    
    Although update_flags() has updated flags for all nodes, it did not
    update each node map in remote_nodemaps[] to reflect this.  This means
    that remote_nodemaps[] may contain inconsistent flags for some nodes
    so it should not be used to check consistency when i != j.
    
    Further, a meaningful difference in flags can only really occur if
    update_flags() failed.  In that case this code is never reached.
    
    These observations combine to imply that this whole loop should be
    dropped.
    
    This leaves potential sub-second inconsistencies due to out-of-band
    healthy/unhealthy flag changes pushed via CTDB_SRVID_PUSH_NODE_FLAGS.
    These updates could be dropped (takeover run asks each node for
    available IPs rather than making centralised decisions based on node
    flags) but for now they will be fixed in the next iteration of
    main_loop().
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14513
    Signed-off-by: Martin Schwenke <martin at meltin.net>
    Reviewed-by: Amitay Isaacs <amitay at gmail.com>
    (cherry picked from commit 4b01f54041dee469971f244e64064eed46de2ed5)

commit 91a8a9a98508aedf3d07bf83e5e53342fe74bdf5
Author: Martin Schwenke <martin at meltin.net>
Date:   Fri Jan 19 14:55:21 2018 +1100

    ctdb-recoverd: Drop unnecessary code
    
    This has already been done in update_flags().
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14513
    Signed-off-by: Martin Schwenke <martin at meltin.net>
    Reviewed-by: Amitay Isaacs <amitay at gmail.com>
    (cherry picked from commit 3ab52b528673e08caa66f00e963528c591a84fe1)

-----------------------------------------------------------------------

Summary of changes:
 ctdb/server/ctdb_recoverd.c                        |  61 ----
 .../failover/pubips.030.disable_enable.sh          |   4 +-
 .../smbdotconf/printing/spoolssarchitecture.xml    |   4 +-
 examples/winexe/wscript_build                      |   3 +-
 nsswitch/nsstest.c                                 |  16 +-
 python/samba/provision/sambadns.py                 |  17 +-
 python/samba/tests/__init__.py                     |  27 ++
 source3/wscript                                    |  17 ++
 source4/dns_server/dlz_minimal.h                   |  24 +-
 source4/dns_server/wscript_build                   |  20 ++
 source4/dsdb/samdb/ldb_modules/acl_read.c          | 185 +++++++++---
 source4/dsdb/samdb/ldb_modules/util.c              |  21 ++
 source4/dsdb/tests/python/acl.py                   | 321 ++++++++++++++++++++-
 source4/selftest/tests.py                          |   2 +-
 source4/setup/named.conf.dlz                       |   6 +
 15 files changed, 609 insertions(+), 119 deletions(-)


Changeset truncated at 500 lines:

diff --git a/ctdb/server/ctdb_recoverd.c b/ctdb/server/ctdb_recoverd.c
index f825427e7a3..856fcbb72c8 100644
--- a/ctdb/server/ctdb_recoverd.c
+++ b/ctdb/server/ctdb_recoverd.c
@@ -2667,67 +2667,6 @@ static void main_loop(struct ctdb_context *ctdb, struct ctdb_recoverd *rec,
 		}
 	}
 
-	/*
-	 * Update node flags obtained from each active node. This ensure we have
-	 * up-to-date information for all the nodes.
-	 */
-	for (j=0; j<nodemap->num; j++) {
-		if (nodemap->nodes[j].pnn == ctdb->pnn) {
-			continue;
-		}
-		if (nodemap->nodes[j].flags & NODE_FLAGS_INACTIVE) {
-			continue;
-		}
-		nodemap->nodes[j].flags = remote_nodemaps[j]->nodes[j].flags;
-	}
-
-	for (j=0; j<nodemap->num; j++) {
-		if (nodemap->nodes[j].pnn == ctdb->pnn) {
-			continue;
-		}
-		if (nodemap->nodes[j].flags & NODE_FLAGS_INACTIVE) {
-			continue;
-		}
-
-		/* verify the flags are consistent
-		*/
-		for (i=0; i<nodemap->num; i++) {
-			if (nodemap->nodes[i].flags & NODE_FLAGS_DISCONNECTED) {
-				continue;
-			}
-			
-			if (nodemap->nodes[i].flags != remote_nodemaps[j]->nodes[i].flags) {
-				DEBUG(DEBUG_ERR, (__location__ " Remote node:%u has different flags for node %u. It has 0x%02x vs our 0x%02x\n", 
-				  nodemap->nodes[j].pnn, 
-				  nodemap->nodes[i].pnn, 
-				  remote_nodemaps[j]->nodes[i].flags,
-				  nodemap->nodes[i].flags));
-				if (i == j) {
-					DEBUG(DEBUG_ERR,("Use flags 0x%02x from remote node %d for cluster update of its own flags\n", remote_nodemaps[j]->nodes[i].flags, j));
-					update_flags_on_all_nodes(
-					    rec,
-					    nodemap->nodes[i].pnn,
-					    remote_nodemaps[j]->nodes[i].flags);
-					ctdb_set_culprit(rec, nodemap->nodes[j].pnn);
-					do_recovery(rec, mem_ctx, pnn, nodemap, 
-						    vnnmap);
-					return;
-				} else {
-					DEBUG(DEBUG_ERR,("Use flags 0x%02x from local recmaster node for cluster update of node %d flags\n", nodemap->nodes[i].flags, i));
-					update_flags_on_all_nodes(
-						rec,
-						nodemap->nodes[i].pnn,
-						nodemap->nodes[i].flags);
-					ctdb_set_culprit(rec, nodemap->nodes[j].pnn);
-					do_recovery(rec, mem_ctx, pnn, nodemap, 
-						    vnnmap);
-					return;
-				}
-			}
-		}
-	}
-
-
 	/* count how many active nodes there are */
 	num_lmasters  = 0;
 	for (i=0; i<nodemap->num; i++) {
diff --git a/ctdb/tests/INTEGRATION/failover/pubips.030.disable_enable.sh b/ctdb/tests/INTEGRATION/failover/pubips.030.disable_enable.sh
index c0bb62d1991..0b8425b2556 100755
--- a/ctdb/tests/INTEGRATION/failover/pubips.030.disable_enable.sh
+++ b/ctdb/tests/INTEGRATION/failover/pubips.030.disable_enable.sh
@@ -21,10 +21,10 @@ select_test_node_and_ips
 
 echo "Disabling node $test_node"
 try_command_on_node 1 $CTDB disable -n $test_node
-wait_until_node_has_status $test_node disabled
+wait_until_node_has_status $test_node disabled 30 all
 wait_until_node_has_no_ips "$test_node"
 
 echo "Re-enabling node $test_node"
 try_command_on_node 1 $CTDB enable -n $test_node
-wait_until_node_has_status $test_node enabled
+wait_until_node_has_status $test_node enabled 30 all
 wait_until_node_has_some_ips "$test_node"
diff --git a/docs-xml/smbdotconf/printing/spoolssarchitecture.xml b/docs-xml/smbdotconf/printing/spoolssarchitecture.xml
index 1eccf9f58cf..dae73905663 100644
--- a/docs-xml/smbdotconf/printing/spoolssarchitecture.xml
+++ b/docs-xml/smbdotconf/printing/spoolssarchitecture.xml
@@ -8,6 +8,6 @@
 	architecture. Samba's spoolss print server architecture can be changed using
 	this parameter.</para>
 </description>
-<value type="default">Windows NT x86</value>
-<value type="example">Windows x64</value>
+<value type="default">Windows x64</value>
+<value type="example">Windows NT x86</value>
 </samba:parameter>
diff --git a/examples/winexe/wscript_build b/examples/winexe/wscript_build
index 43c09717e3d..559ed3fc706 100644
--- a/examples/winexe/wscript_build
+++ b/examples/winexe/wscript_build
@@ -106,4 +106,5 @@ if winexesvc_binaries != '':
                           LOADPARM_CTX
                           libsmb
                           msrpc3
-                      ''')
+                      ''',
+                      enabled=bld.env.build_winexe)
diff --git a/nsswitch/nsstest.c b/nsswitch/nsstest.c
index e8c4306441d..e2ee9fbf3af 100644
--- a/nsswitch/nsstest.c
+++ b/nsswitch/nsstest.c
@@ -137,7 +137,7 @@ static struct passwd *nss_getpwuid(uid_t uid)
 	return &pwd;
 }
 
-static void nss_setpwent(void)
+static void samba_nss_setpwent(void)
 {
 	NSS_STATUS (*_nss_setpwent)(void) =
 		(NSS_STATUS(*)(void))find_fn("setpwent");
@@ -152,7 +152,7 @@ static void nss_setpwent(void)
 	}
 }
 
-static void nss_endpwent(void)
+static void samba_nss_endpwent(void)
 {
 	NSS_STATUS (*_nss_endpwent)(void) =
 		(NSS_STATUS (*)(void))find_fn("endpwent");
@@ -290,7 +290,7 @@ again:
 	return &grp;
 }
 
-static void nss_setgrent(void)
+static void samba_nss_setgrent(void)
 {
 	NSS_STATUS (*_nss_setgrent)(void) =
 		(NSS_STATUS (*)(void))find_fn("setgrent");
@@ -305,7 +305,7 @@ static void nss_setgrent(void)
 	}
 }
 
-static void nss_endgrent(void)
+static void samba_nss_endgrent(void)
 {
 	NSS_STATUS (*_nss_endgrent)(void) =
 		(NSS_STATUS (*)(void))find_fn("endgrent");
@@ -402,7 +402,7 @@ static void nss_test_users(void)
 {
 	struct passwd *pwd;
 
-	nss_setpwent();
+	samba_nss_setpwent();
 	/* loop over all users */
 	while ((pwd = nss_getpwent())) {
 		printf("Testing user %s\n", pwd->pw_name);
@@ -424,14 +424,14 @@ static void nss_test_users(void)
 		printf("initgroups: "); nss_test_initgroups(pwd->pw_name, pwd->pw_gid);
 		printf("\n");
 	}
-	nss_endpwent();
+	samba_nss_endpwent();
 }
 
 static void nss_test_groups(void)
 {
 	struct group *grp;
 
-	nss_setgrent();
+	samba_nss_setgrent();
 	/* loop over all groups */
 	while ((grp = nss_getgrent())) {
 		printf("Testing group %s\n", grp->gr_name);
@@ -452,7 +452,7 @@ static void nss_test_groups(void)
 		printf("getgrgid: "); print_group(grp);
 		printf("\n");
 	}
-	nss_endgrent();
+	samba_nss_endgrent();
 }
 
 static void nss_test_errors(void)
diff --git a/python/samba/provision/sambadns.py b/python/samba/provision/sambadns.py
index ffdb2559979..4aa132abfa6 100644
--- a/python/samba/provision/sambadns.py
+++ b/python/samba/provision/sambadns.py
@@ -962,6 +962,8 @@ def create_named_conf(paths, realm, dnsdomain, dns_backend, logger):
         bind9_10 = '#'
         bind9_11 = '#'
         bind9_12 = '#'
+        bind9_14 = '#'
+        bind9_16 = '#'
         if bind_info.upper().find('BIND 9.8') != -1:
             bind9_8 = ''
         elif bind_info.upper().find('BIND 9.9') != -1:
@@ -972,8 +974,18 @@ def create_named_conf(paths, realm, dnsdomain, dns_backend, logger):
             bind9_11 = ''
         elif bind_info.upper().find('BIND 9.12') != -1:
             bind9_12 = ''
+        elif bind_info.upper().find('BIND 9.14') != -1:
+            bind9_14 = ''
+        elif bind_info.upper().find('BIND 9.16') != -1:
+            bind9_16 = ''
         elif bind_info.upper().find('BIND 9.7') != -1:
             raise ProvisioningError("DLZ option incompatible with BIND 9.7.")
+        elif bind_info.upper().find('BIND_9.13') != -1:
+            raise ProvisioningError("Only stable/esv releases of BIND are supported.")
+        elif bind_info.upper().find('BIND_9.15') != -1:
+            raise ProvisioningError("Only stable/esv releases of BIND are supported.")
+        elif bind_info.upper().find('BIND_9.17') != -1:
+            raise ProvisioningError("Only stable/esv releases of BIND are supported.")
         else:
             logger.warning("BIND version unknown, please modify %s manually." % paths.namedconf)
         setup_file(setup_path("named.conf.dlz"), paths.namedconf, {
@@ -983,8 +995,9 @@ def create_named_conf(paths, realm, dnsdomain, dns_backend, logger):
                     "BIND9_9": bind9_9,
                     "BIND9_10": bind9_10,
                     "BIND9_11": bind9_11,
-                    "BIND9_12": bind9_12
-
+                    "BIND9_12": bind9_12,
+                    "BIND9_14": bind9_14,
+                    "BIND9_16": bind9_16
                     })
 
 
diff --git a/python/samba/tests/__init__.py b/python/samba/tests/__init__.py
index 3f22eaa1c94..9d5128bab0e 100644
--- a/python/samba/tests/__init__.py
+++ b/python/samba/tests/__init__.py
@@ -63,10 +63,37 @@ BINDIR = os.path.abspath(os.path.join(os.path.dirname(__file__),
 
 HEXDUMP_FILTER = bytearray([x if ((len(repr(chr(x))) == 3) and (x < 127)) else ord('.') for x in range(256)])
 
+def DynamicTestCase(cls):
+    cls.setUpDynamicTestCases()
+    return cls
 
 class TestCase(unittest.TestCase):
     """A Samba test case."""
 
+    @classmethod
+    def generate_dynamic_test(cls, fnname, suffix, *args):
+        """
+        fnname is something like "test_dynamic_sum"
+        suffix is something like "1plus2"
+        argstr could be (1, 2)
+
+        This would generate a test case called
+        "test_dynamic_sum_1plus2(self)" that
+        calls
+        self._test_dynamic_sum_with_args(1, 2)
+        """
+        def fn(self):
+            getattr(self, "_%s_with_args" % fnname)(*args)
+        setattr(cls, "%s_%s" % (fnname, suffix), fn)
+
+    @classmethod
+    def setUpDynamicTestCases(cls):
+        """This can be implemented in order to call cls.generate_dynamic_test()
+        In order to implement autogenerated testcase permutations.
+        """
+        msg = "%s needs setUpDynamicTestCases() if @DynamicTestCase is used!" % (cls)
+        raise Exception(msg)
+
     def setUp(self):
         super(TestCase, self).setUp()
         test_debug_level = os.getenv("TEST_DEBUG_LEVEL")
diff --git a/source3/wscript b/source3/wscript
index 85466b493fa..6d5bd22ca49 100644
--- a/source3/wscript
+++ b/source3/wscript
@@ -63,6 +63,7 @@ def options(opt):
     opt.samba_add_onoff_option('cluster-support', default=False)
 
     opt.samba_add_onoff_option('regedit', default=None)
+    opt.samba_add_onoff_option('winexe', default=None)
 
     opt.samba_add_onoff_option('fake-kaserver',
                           help=("Include AFS fake-kaserver support"), default=False)
@@ -1782,6 +1783,22 @@ main() {
     if conf.CHECK_HEADERS('ftw.h') and conf.CHECK_FUNCS('nftw'):
         conf.env.build_mvxattr = True
 
+    conf.env.build_winexe = False
+    if not Options.options.with_winexe == False:
+        if conf.CONFIG_SET('HAVE_WINEXE_CC_WIN32') or conf.CONFIG_SET('HAVE_WINEXE_CC_WIN64'):
+            conf.env.build_winexe = True
+
+    if conf.env.build_winexe:
+        Logs.info("building winexe")
+    else:
+        if Options.options.with_winexe == False:
+            Logs.info("not building winexe (--without-winexe)")
+        elif Options.options.with_winexe == True:
+            Logs.error("mingw not available, cannot build winexe")
+            conf.fatal("mingw not available, but --with-winexe was specified")
+        else:
+            Logs.info("mingw not available, not building winexe")
+
     conf.CHECK_FUNCS_IN('DES_pcbc_encrypt', 'crypto')
     if Options.options.with_fake_kaserver == True:
         conf.CHECK_HEADERS('afs/param.h afs/stds.h', together=True)
diff --git a/source4/dns_server/dlz_minimal.h b/source4/dns_server/dlz_minimal.h
index 193904f4b2c..d991528d6ad 100644
--- a/source4/dns_server/dlz_minimal.h
+++ b/source4/dns_server/dlz_minimal.h
@@ -23,30 +23,47 @@
 #ifndef DLZ_MINIMAL_H
 #define DLZ_MINIMAL_H 1
 
+#include <stdint.h>
+#include <stdbool.h>
+
 #if defined (BIND_VERSION_9_8)
 # define DLZ_DLOPEN_VERSION 1
 #elif defined (BIND_VERSION_9_9)
 # define DLZ_DLOPEN_VERSION 2
 # define DNS_CLIENTINFO_VERSION 1
+# define ISC_BOOLEAN_AS_BOOL 0
 #elif defined (BIND_VERSION_9_10)
 # define DLZ_DLOPEN_VERSION 3
 # define DNS_CLIENTINFO_VERSION 1
+# define ISC_BOOLEAN_AS_BOOL 0
 #elif defined (BIND_VERSION_9_11)
 # define DLZ_DLOPEN_VERSION 3
 # define DNS_CLIENTINFO_VERSION 2
+# define ISC_BOOLEAN_AS_BOOL 0
 #elif defined (BIND_VERSION_9_12)
 # define DLZ_DLOPEN_VERSION 3
 # define DNS_CLIENTINFO_VERSION 2
+# define ISC_BOOLEAN_AS_BOOL 0
+#elif defined (BIND_VERSION_9_14)
+# define DLZ_DLOPEN_VERSION 3
+# define DNS_CLIENTINFO_VERSION 2
+#elif defined (BIND_VERSION_9_16)
+# define DLZ_DLOPEN_VERSION 3
+# define DNS_CLIENTINFO_VERSION 2
 #else
 # error Unsupported BIND version
 #endif
 
+#ifndef ISC_BOOLEAN_AS_BOOL
+#define ISC_BOOLEAN_AS_BOOL 1
+#endif
+
 #if DLZ_DLOPEN_VERSION > 1
 # define DLZ_DLOPEN_AGE 0
 #endif
 
 typedef unsigned int isc_result_t;
-#if DLZ_DLOPEN_VERSION == 1
+#if ISC_BOOLEAN_AS_BOOL == 1
 typedef bool isc_boolean_t;
 #else
 typedef int isc_boolean_t;
@@ -72,8 +89,13 @@ typedef uint32_t dns_ttl_t;
 #define ISC_R_FILENOTFOUND		38
 
 /* boolean values */
+#if ISC_BOOLEAN_AS_BOOL == 1
+#define ISC_TRUE	true
+#define ISC_FALSE	false
+#else
 #define ISC_TRUE	1
 #define ISC_FALSE	0
+#endif
 
 /* log levels */
 #define ISC_LOG_INFO		(-1)
diff --git a/source4/dns_server/wscript_build b/source4/dns_server/wscript_build
index 8a8466d096f..e97c85de44a 100644
--- a/source4/dns_server/wscript_build
+++ b/source4/dns_server/wscript_build
@@ -68,6 +68,26 @@ bld.SAMBA_LIBRARY('dlz_bind9_12',
                   deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
                   enabled=bld.AD_DC_BUILD_IS_ENABLED())
 
+bld.SAMBA_LIBRARY('dlz_bind9_14',
+                  source='dlz_bind9.c',
+                  cflags='-DBIND_VERSION_9_14',
+                  private_library=True,
+                  link_name='modules/bind9/dlz_bind9_14.so',
+                  realname='dlz_bind9_14.so',
+                  install_path='${MODULESDIR}/bind9',
+                  deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
+                  enabled=bld.AD_DC_BUILD_IS_ENABLED())
+
+bld.SAMBA_LIBRARY('dlz_bind9_16',
+                  source='dlz_bind9.c',
+                  cflags='-DBIND_VERSION_9_16',
+                  private_library=True,
+                  link_name='modules/bind9/dlz_bind9_16.so',
+                  realname='dlz_bind9_16.so',
+                  install_path='${MODULESDIR}/bind9',
+                  deps='samba-hostconfig samdb-common gensec popt dnsserver_common',
+                  enabled=bld.AD_DC_BUILD_IS_ENABLED())
+
 bld.SAMBA_LIBRARY('dlz_bind9_for_torture',
                   source='dlz_bind9.c',
                   cflags='-DBIND_VERSION_9_8',
diff --git a/source4/dsdb/samdb/ldb_modules/acl_read.c b/source4/dsdb/samdb/ldb_modules/acl_read.c
index 1e016b970ee..f3acf08c021 100644
--- a/source4/dsdb/samdb/ldb_modules/acl_read.c
+++ b/source4/dsdb/samdb/ldb_modules/acl_read.c
@@ -50,6 +50,11 @@ struct aclread_context {
 	bool added_objectClass;
 	bool indirsync;
 
+	bool do_list_object_initialized;
+	bool do_list_object;
+	bool base_invisible;
+	uint64_t num_entries;
+
 	/* cache on the last parent we checked in this search */
 	struct ldb_dn *last_parent_dn;
 	int last_parent_check_ret;
@@ -152,6 +157,100 @@ static int aclread_check_parent(struct aclread_context *ac,
 	return ret;
 }
 
+static int aclread_check_object_visible(struct aclread_context *ac,
+					struct ldb_message *msg,
+					struct ldb_request *req)
+{
+	uint32_t instanceType;
+	int ret;
+
+	/* get the object instance type */
+	instanceType = ldb_msg_find_attr_as_uint(msg,
+						 "instanceType", 0);
+	if (instanceType & INSTANCE_TYPE_IS_NC_HEAD) {
+		/*
+		 * NC_HEAD objects are always visible
+		 */
+		return LDB_SUCCESS;
+	}
+
+	ret = aclread_check_parent(ac, msg, req);
+	if (ret == LDB_SUCCESS) {
+		/*
+		 * SEC_ADS_LIST (List Children) alone
+		 * on the parent is enough to make the
+		 * object visible.
+		 */
+		return LDB_SUCCESS;
+	}
+	if (ret != LDB_ERR_INSUFFICIENT_ACCESS_RIGHTS) {
+		return ret;
+	}
+
+	if (!ac->do_list_object_initialized) {
+		/*
+		 * We only call dsdb_do_list_object() once
+		 * and only when needed in order to
+		 * check the dSHeuristics for fDoListObject.
+		 */
+		ac->do_list_object = dsdb_do_list_object(ac->module, ac, req);
+		ac->do_list_object_initialized = true;
+	}
+
+	if (ac->do_list_object) {
+		TALLOC_CTX *frame = talloc_stackframe();
+		struct ldb_dn *parent_dn = NULL;
+
+		/*
+		 * Here we're in "List Object" mode (fDoListObject=true).
+		 *
+		 * If SEC_ADS_LIST (List Children) is not
+		 * granted on the parent, we need to check if
+		 * SEC_ADS_LIST_OBJECT (List Object) is granted
+		 * on the parent and also on the object itself.
+		 *
+		 * We could optimize this similar to aclread_check_parent(),
+		 * but that would require quite a bit of restructuring,
+		 * so that we cache the granted access bits instead
+		 * of just the result for 'SEC_ADS_LIST (List Children)'.
+		 *
+		 * But as this is the uncommon case and
+		 * 'SEC_ADS_LIST (List Children)' is most likely granted
+		 * on most of the objects, we'll just implement what
+		 * we have to.
+		 */
+
+		parent_dn = ldb_dn_get_parent(frame, msg->dn);
+		if (parent_dn == NULL) {
+			TALLOC_FREE(frame);
+			return ldb_oom(ldb_module_get_ctx(ac->module));
+		}
+		ret = dsdb_module_check_access_on_dn(ac->module,
+						     frame,
+						     parent_dn,
+						     SEC_ADS_LIST_OBJECT,
+						     NULL, req);


-- 
Samba Shared Repository



More information about the samba-cvs mailing list