python:tests/krb5: add netlogon.py

This adds tests for the application layer encryption used
based on the secure channel session key.

This will get tests for netr_ServerAuthenticateKerberos()
in order to explore its details.

This runs against Windows 2022 as well as Windows 2025 (preview)
using something like this:

SMB_CONF_PATH=/dev/null \
SERVER=172.31.9.118 DC_SERVER=w2022-118.w2022-l7.base \
DOMAIN="W2022-L7" REALM="W2022-L7.BASE" \
ADMIN_USERNAME="Administrator" ADMIN_PASSWORD="A1b2C3d4" \
STRICT_CHECKING=0 \python/samba/tests/krb5/netlogon.py

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

python:tests/krb5: avoid some problems when running against w2025 (preview) with STRICT_CHECKING=0

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

python:tests/krb5: remember the objectGUID of created accounts

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

pycredentials: add credentials.netlogon_creds_*() functions via py_module_methods

This makes it possible to explore the functions arround
netlogon_creds_CredentialState via python.

This allows us to write tests in order to explore
the details of netr_ServerAuthenticateKerberos().

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

pycredentials: add creds.[g|s]et_netlogon_creds()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

pycredentials: remove unused module methods

It's not useful to use the PyCredentials methods
also as module methods...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

pyrpc_util: fix error Exception message in py_check_dcerpc_type()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s4:rpc_server/netlogon: let dcesrv_netr_LogonSamLogon_base_reply handle encryption errors

This might be the better option when we implement
netr_ServerAuthenticateKerberos().

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

libcli/auth: let netlogon_creds_crypt_samlogon_validation handle generic info

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

tests/krb5: make use of conn.auth_info() in _test_samlogon()

In future we'll have KRB5 instead of SCHANNEL...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s4:pyrpc: add conn.auth_info()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

gensec: add GENSEC_FEATURE_NO_DELEGATION flag to avoid GSS_C_DELEG[_POLICY]_FLAG

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:cli_pipe: pass target_service to cli_rpc_pipe_open_with_creds()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:libads: add kerberos_kinit_passwords_ext() helper

This can check more than one password and is designed to
support getting a TGT for our machine account also falling
back to older passwords...

If we don't have a plaintext password it falls back to an nt_hash.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:libads: split out kerberos_kinit_generic_once()

This can be used to kinit with a keyblock later
and also a loop over multiple password generations will
be possible.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:libads: remove unused time_offset from kerberos_kinit_password()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:libads: let kerberos_kinit_password_ext() always initialize *ntstatus

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:libads: fix compiler warning in trust_pw_change()

../../source3/libads/trusts_util.c: In function ‘trust_pw_change’:
../../source3/libads/trusts_util.c:302:45: warning: dereferencing type-punned pointer might break strict-aliasing rules [-Wstrict-aliasing]
  302 |                                    (void **)&new_trust_pw_blob.data,

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:rpc_client: remember the local/remote ipv4 or ipv6 addresses

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:winbindd: remove useless lines in add_trusted_domains_dc()

add_trusted_domain() above already sets this...

Review with: git show -U15

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:winbindd: make use of samba_sockaddr in set_remote_addresses() to avoid warnings

../../source3/winbindd/winbindd_dual_ndr.c: In function ‘set_remote_addresses’:
../../source3/winbindd/winbindd_dual_ndr.c:467:51: warning: dereferencing type-punned pointer might break strict-aliasing rules [-Wstrict-aliasing]
  467 |         struct sockaddr *sar = (struct sockaddr *)&st;

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:winbindd: make use of samba_sockaddr add_one_dc_unique() to avoid warnings

../../source3/winbindd/winbindd_cm.c: In function ‘add_one_dc_unique’:
../../source3/winbindd/winbindd_cm.c:1172:48: warning: dereferencing type-punned pointer might break strict-aliasing rules [-Wstrict-aliasing]
 1172 |                             (struct sockaddr *)(void *)&(*dcs)[i].ss,

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:winbindd: let wb_dsgetdcname* normalize to dns names on an ad_dc

wb_dsgetdcname() is typically used by dcerpc_wbint_DsGetDcName_send()
from netr_DsRGetDCName* in the netlogon server, when domain members
try to ask for domain controllers of a trusted domain.

The domain might disabled netbios support, so we better try the
already dns name if available.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:utils: let net_rpc_testjoin() work for ad domains and no ipv4 address

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:libsmb: let discover_dc_netbios() return DOMAIN_CONTROLLER_NOT_FOUND

We may get NT_STATUS_NOT_FOUND when the name can't be resolved
and NT_STATUS_INVALID_ADDRESS if the system doesn't have ipv4
addresses...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

libcli/auth: return RESOURCE_REQUIREMENTS_CHANGED is the proposed flags changed

This will be important when we add support for netr_ServerAuthenticateKerberos().

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s4:torture/rpc: make use of creds->client_requested_flags

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s4:librpc/rpc: make use of creds_state->client_requested_flags

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

schannel.idl: change netlogon_creds_CredentialState layout for 4.22

This breaks compat with 4.21 and moves stuff out of
netlogon_creds_CredentialState_extra_info.

It also prepares support for netr_ServerAuthenticateKerberos()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Revert "libcli/auth: let netlogon_creds_cli_store_internal check netlogon_creds_CredentialState_legacy"

This reverts commit c3fa132fbe179bd4e1451240ce572ec791356a16.

We break the compat of the netlogon_creds_cli.tdb records compared to
4.21 with the next commits.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

libcli/auth: don't loose server_dns_domain in netlogon_creds_cli_context_global()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

netlogon.idl: add NetlogonTicketLogonInformation/NetlogonValidationTicketLogon

I have basic tests, which have shown that the payload is not
encrypted at application level.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

librpc/ndr: let ndr_print_bitmap_flag work for bitmap64bit values

Keep libndr at 6.0.0, this has not been released yet.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

python/ndr: allow print_secrets=True for ndr_print*

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

pidl/Python: allow ndr_print(print_secrets=True)

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

librpc/ndr: add ndr_print_{struct,union,function}_secret_string()

Keep libndr at 6.0.0, this has not been released yet.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

librpr/ndr: split out ndr_print_generic_string()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

netlogon.idl: use authservice("netlogon")

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

netlogon.idl: mark some structs as public so that ndr.ndr_deepcopy() works in python

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

samr/netlogon.idl: add [flag(NDR_SECRET)] in some more places

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:tests: Adapt winbind_call_depth_trace to depth=3

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Thu Dec  5 15:54:57 UTC 2024 on atb-devel-224

s3:tests: Make winbind_call_depth_trace to use global_inject.conf

To get the expected traces we need:

debug syslog format = no
log level = 10

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

libcli: Speed up sddl_decode_ace()

Factor out talloc-less sddl_transition_decode_sid()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Dec  3 09:03:01 UTC 2024 on atb-devel-224

libcli: Remove a special case

dom_sid_parse_endp does accept the lowercase "s" in "s-1-1-0".

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

libcli: Simplify sddl_decode_err_msg()

We have security_descriptor_initialise() for this

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

libcli: README.Coding for dom_sid routines

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

lib: Simplify security_descriptor_initialise() with a struct init

Rely no the default NULL init.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

libcli: Fix a signed/unsigned comparison warning

With this we compare pointers, not numbers

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon Dec  2 05:52:56 UTC 2024 on atb-devel-224

libcli: Use dom_sid_dup() instead of talloc_memdup()

We have specialized code for this, why not use it...

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

libcli: Apply a little const

Probably does not matter code-wise, but looks nicer to me.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

libcli: Fix a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

libcli: Fix whitespace

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

libcli: Avoid an unnecessary "else"

We return in the error case anyway

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

smbd: Modernize DEBUGs

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

smbd: Simplify smb_set_posix_lock()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

smbd: Simplify smb_file_position_information()

We've asserted fsp!=NULL in the caller

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

smbd: Simplify smb_file_position_information()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

smbd: Simplify smb_set_file_allocation_info()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

smbd: Simplify smb_set_file_allocation_info()

We've asserted fsp!=NULL in the caller

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

smbd: Simplify smb_set_info_standard()

We've asserted fsp!=NULL in the caller

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

smbd: Simplify smbd_smb2_query_directory_send()

We don't need to call strcmp() to find an empty string.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

smbd: Remove a pointless comment

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

pdbedit: Avoid a use of convert_time_t_to_uint32_t()

We should avoid converting time_t to 32 bit wherever possible

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

libndr: Apply const to the ndr_print_* functions's void *

ndr_print_fn_t has a const void *, so we can extend this to the
callers. Keep ABI at 6.0.0, 4.21 is 5.0.0 and 4.22 is not there yet.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

smbd: TALLOC_FREE(sd) where it was allocated

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

smbd: Avoid a cast

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

printing: Fix Coverity ID 1508942 Use of 32-bit time_t

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

printing: Fix Coverity ID 1509000 Use of 32-bit time_t

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

lib: Simplify smbconf_txt_load_file()

file_modtime() returns errno, so we can skip the racy file_exist()
call.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

lib: Move some R/W "data" segment to R/O "text"

Doesn't really matter for tests, but I just came across it.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

net: Fix Coverity ID 1509022 Use of 32-bit time_t

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

libndr: Fix Coverity ID 1509020 Use of 32-bit time_t

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

rpcclient: Fix Coverity ID 1509018 Use of 32-bit time_t

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

passdb: Fix Coverity ID 1509016 Use of 32-bit time_t

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

libsmb: Fix Coverity ID 1509012 Use of 32-bit time_t

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

pdb_ldap: Fix Coverity ID 1508985 Use of 32-bit time_t

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

s4:smbtorture: Fix samba3.smb.dir on btrfs

"If a file is removed from or added to the directory after the most recent call
to opendir() or rewinddir(), whether a subsequent call to readdir() returns
an entry for that file is unspecified."
https://pubs.opengroup.org/onlinepubs/009604599/functions/readdir.html

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Nov 29 15:10:13 UTC 2024 on atb-devel-224

s4:torture: Fix samba3.smb2.name-mangling on btrfs

If a file is removed from or added to the directory after the most recent call
to opendir() or rewinddir(), whether a subsequent call to readdir() returns
an entry for that file is unspecified."
https://pubs.opengroup.org/onlinepubs/009604599/functions/readdir.html

As it is unspecified, the different filesystems on Linux implement this
differently:

ext4:

./a.out
opendir(foo)
creat(foo/bar)
readdir() loop
  readdir entry: bar
  readdir entry: ..
  readdir entry: .
readdir() detected the newly created file `foo`

btrfs:

./a.out
opendir(foo)
creat(foo/bar)
readdir() loop
  readdir entry: .
  readdir entry: ..
readdir() did not detect the newly created file `foo`

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

libcli/auth: let netlogon_creds_copy() make use of ndr_deepcopy_struct()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Nov 28 13:53:25 UTC 2024 on atb-devel-224

librpc/ndr: add ndr_deepcopy_struct() helper

Keep libndr at 6.0.0, this has not been released yet.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

smbd: use fsctl_get_reparse_point() in smb3_file_posix_information_init()

This allows returning the POSIX type info from fsctl_get_reparse_point().

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Nov 27 19:32:45 UTC 2024 on atb-devel-224

smbd: move calling fsctl_get_reparse_tag() into smb3_file_posix_information_init()

This already fixes SMB2-GETINFO with POSIX infolevel to return the reparse tag
of reparse points.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

smbd: simplify smb3_file_posix_information_init()

The dos attributes are already setup by fdos_mode(). Still assert
FILE_ATTRIBUTE_REPARSE_POINT is correctly set just in case.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

smbd: fix DOS attributes for reparse points in fdos_mode()

Reparse have only FILE_ATTRIBUTE_REPARSE_POINT set, but never
FILE_ATTRIBUTE_NORMAL or FILE_ATTRIBUTE_DIRECTORY at the same time.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

tests: test POSIX file type on reparse point

Create a symlink reparse point over SMB2. Then query file info over SMB2 and
check the POSIX file type is correctly assigned in the POSIX info levels.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

tests: check reparse tag and POSIX file type from query-file with POSIX infolevel

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

tests: fix test teardown/cleanup of test_create_reparse_directory()

This kept failing in a local make test not being able to cleanup the test
directory in the *subsequent* test test_create_reparse_nonempty_directory().

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

tests: prepare reparsepoints.py for using POSIX on the SMB2 connection

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

tests: move wire_mode_to_unix() to libsmb.py

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

pylibsmb: implement getinfo level FSCC_FILE_POSIX_INFORMATION

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

smbd: rename SMB2_FS_POSIX_INFORMATION to FSCC_FS_POSIX_INFORMATION

Streamline the info-level defines. Also get rid of
SMB2_FS_POSIX_INFORMATION_INTERNAL which is not needed for an info-level that
is exclusive to SMB2.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

smbd: rename SMB2_FILE_POSIX_INFORMATION to FSCC_FILE_POSIX_INFORMATION

Streamline the info-level defines. Also get rid of
SMB2_FILE_POSIX_INFORMATION_INTERNAL which is not needed for an info-level that
is exclusive to SMB2.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

smbd: use NT_PASSTHROUGH_OFFSET in a few places

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

gitlab-ci: Fix building debian 32bit images

Trying to pull registry-1.docker.io/i386/debian:12...
Error: creating build container: choosing an image from manifest list
docker://registry-1.docker.io/i386/debian:12: no image found in image index for
architecture "amd64", variant "", OS "linux"

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Nov 27 16:32:07 UTC 2024 on atb-devel-224

gitlab-ci: Move to Fedora 41

Python 3.13 removed the `crypt` module. I can work around it on Fedora 41, but
we need to address this better sooner than later.

See also https://bugzilla.samba.org/show_bug.cgi?id=15756

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

selftest: Allow to use SHA1 with OpenSSL for selftest

This is needed for samba.tests.krb5.pkinit_tests with sha1.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

python: Fix length of Common Name x509 attribute

File "bin/python/samba/tests/krb5/pkinit_tests.py", line 1496, in
create_certificate
  x509.NameAttribute(NameOID.COMMON_NAME,
  ~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^
                     f'{cert_name}/emailAddress={cert_name}'),
                     ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib64/python3.13/site-packages/cryptography/x509/name.py",
line 152, in __init__
  raise ValueError(msg)
ValueError: Attribute's length must be >= 1 and <= 64, but it was 84

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

autobuild: Run the samba-minimal-smbd build jobs with -j 2

samba-minimal-smbd is now always the slowest job by many
minutes. There's no timeouts to be expected, so run them with nice -n
19.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Nov 26 12:38:17 UTC 2024 on atb-devel-224

libndr: Add overflow check to ndr_push_subcontext_end()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Nov 25 15:36:07 UTC 2024 on atb-devel-224

tests: Check symlinks are readable as reparse points

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Nov 22 11:05:33 UTC 2024 on atb-devel-224