s3: smbd: Remove unneeded NULL check inside msdfs_servicename_matches_connection().

This is now only called from is from parse_dfs_path(),
and for that we know conn is non-NULL.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: smbd: In create_junction() don't read hostname from parse_dfs_path_strict().

It isn't used anymore inside create_junction().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: smbd: In create_junction() remove hostname check. parse_dfs_path_strict() already does this.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: smbd: Change create_junction() to use parse_dfs_path_strict().

Note we no longer use allow_broken_path.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: smbd: Change get_referred_path() to use parse_dfs_path_strict().

Remove #ifdef's around parse_dfs_path_strict() as we're
now using it.

Note we no longer use allow_broken_path.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: smbd: Add a comment explaing why dfs_filename_convert() must continue to use parse_dfs_path().

libsmbclient libraries will always set the FLAGS2_DFS_PATHNAMES
bit when talking to a DFS share, but don't always canonicalize
the incoming pathname to a DFS one (see the code for cli_list()
that puts a non-DFS pathname into SMB2trans2_FindFirst for
example). This is a problem in our client libraries for both
SMB1 and SMB2+

As we still must cope with these older clients we must
keep the lenient parsing for DFS filenames sent over SMB1/2/3.

A future task - change the use of parse_dfs_path() in
dfs_filename_convert() to parse_dfs_path_strict() for SMB2
only and then try and get all our torture tests to pass.
This is not an easy fix (and would still break old clients
out there as well :-( ).

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: smbd: In dfs_filename_convert(), don't ask for hostname, sharename and then just free them.

Wastes a talloc/free.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: smbd: Add a new function parse_dfs_path_strict().

 #ifdef'ed out as not yet used. This will replace
parse_dfs_path() for all client sent names via
DFS RPC calls and for SMB_VFS_GET_DFS_REFERRALS().

The paths sent in these calls are guaranteed
to be of canonical form:

\SERVER\share\pathname.

Both for SMB1 and SMB2+ so we can be more strict
when parsing them.

 Checks DFS path starts with separator.
 Checks hostname is ours.
 Ensures servicename (share) is sent, and
    if so, terminates the name or is followed by
    \pathname.

Errors out if any checks fail.

Reserve parse_dfs_path() for DFS names sent
via "ordinary" SMB 1/2/3 calls where we must
be more lenient in parsing.

Note parse_dfs_path_strict() does not have
bool allow_broken_path or 'struct connection_struct'
as it will not be called from places that use
these.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

smbd: add missing check for IPC share for TRANS2_GET_DFS_REFERRAL

Cf MS-CIFS 3.3.5.58.11.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbXcli: Pass negotiate contexts through smbXcli_negprot_send/recv

We already don't allow setting max_credits in the sync wrapper, so
omit the contexts there as well.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 26 19:54:03 UTC 2022 on sn-devel-184

libsmb: Introduce helper var to cli_tree_connect_*_done()

README.Coding, makes it easier to debug

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: Remove cli_full_connection_creds_sess_start()

This contained very simple tevent_req logic, hiding that confused the
code for me when reading. Also, this change saves 3 lines...

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: Remove unused code

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: Remove map_fnum_to_smb2_handle() from cli_smb2_qpathinfo2()

Not used

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: Remove map_fnum_to_smb2_handle() from cli_smb2_getatr()

Not used

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: Correctly return ioctl error from cli_readlink()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: Save a few lines in cli_unix_extensions_version()

This is more recent style for sync wrappers

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: Add tevent_req_received() to cli_posix_readlink_recv()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

lib: Fix a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Modernize DBG statements in open_fake_file()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: Move static strings to the .text segment

We don't need to copy these to the stack, this saves 200 bytes of .text

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

examples: A tiny bit of README.Coding for teststat.c

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: Tab-indent SMBC_module_[init|terminate]()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: Fix a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: Slightly simplify SMBC_parse_path()

Don't manually duplicate the talloc_strndup() functionality

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Adapt np_[read|write]_send() to more recent tevent_req conventions

We usually don't do "goto post_status;" anymore

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

examples: Make libsmbclient samples look a *bit* less ugly

Remove trailing whitespace, indent to tabs. Yes, this introduces long
lines, but makes review with "git show -w" trivial.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Save a line with tevent_req_nomem()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

lib: Fix a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

dfs_server: Fix typos

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs: Fix a copy&paste error

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Adapt a call to setup_dfs_referral() to README.Coding

Makes it easier to handle in a debugger

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmbclient: Fix a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs_glusterfs: Implement SMB_VFS_FSTATAT

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Aug 26 17:33:15 UTC 2022 on sn-devel-184

vfs_glusterfs: Use glfs_fgetxattr() for SMB_VFS_GET_REAL_FILENAME_AT

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs_glusterfs: Use glfs_readlinkat() for SMB_VFS_READ_DFS_PATHAT

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs_glusterfs: Use glfs_symlinkat() for SMB_VFS_CREATE_DFS_PATHAT

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs_glusterfs: Use glfs_mknodat() for SMB_VFS_MKNODAT

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs_glusterfs: Use glfs_linkat() for SMB_VFS_LINKAT

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs_glusterfs: Use glfs_readlinkat() for SMB_VFS_READLINKAT

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs_glusterfs: Use glfs_symlinkat() for SMB_VFS_SYMLINKAT

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs_glusterfs: Use glfs_unlinkat() for SMB_VFS_UNLINKAT

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs_glusterfs: Use glfs_renameat() for SMB_VFS_RENAMEAT

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs_glusterfs: Use glfs_mkdirat() for SMB_VFS_MKDIRAT

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs_glusterfs: Use glfs_openat() for SMB_VFS_OPENAT

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

source3/wscript: Detect glusterfs-api with *at() calls support

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs_glusterfs: Accept fsp with const qualifier

This is in preparation to avoid any `const` qualifier being discarded
warning with future changes to various *_at() calls which has `const
file_struct` arguments.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15157

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

pyglue:generate_random_[machine]_password: ValueError for bad values

The actual range is 14 to 255 for machine passwords, and there is a
min <= max check for both.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Aug 26 08:59:28 UTC 2022 on sn-devel-184

pyglue: generate_random_[machine]_password: reject negative numbers

Other range errors (e.g. min > max) are caught in the wrapped
functions which returns EINVAL, so we don't recapitulate that logic
(see next commit though).

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>

pyglue: generate_random_bytes/str accept positive numbers only

We aren't yet able to generate negative numbers of random bytes.

Instead a request for -n bytes is implicitly converted into one for
SIZE_MAX - n bytes, which is typically very large. Memory exhaustion
seems a likely outcome.

With this patch callers will see a ValueError.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>

pyglue: check talloc buffer for random bytes

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>

pytest/segfault: abort for generate_random_bytes(-1)

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:passdb: Zero sensitive memory in lsa_secret_{set/get}_common()

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:passdb: Zero secrets_domain_info1_password created via secrets_domain_info_password_create()

Zero out these members of struct secrets_domain_info1_password:

DATA_BLOB cleartext_blob;
struct samr_Password nt_hash;
struct secrets_domain_info1_kerberos_key *keys;

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:passdb: Zero secrets_domain_info1_password created via secrets_fetch()

Zero out these members of struct secrets_domain_info1_password:

DATA_BLOB cleartext_blob;
struct samr_Password nt_hash;
struct secrets_domain_info1_kerberos_key *keys;

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:passdb: Zero local memory in secrets_domain_info_kerberos_keys()

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:passdb: Zero local memory in secrets_fetch()

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

lib:krb5: Change memset() to BURN_PTR_SIZE()

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:afs: Zero memory for afs_keyfile

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:net: Zero password in secrets_fetch_ipc_userpass() callers

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:passdb: Fix possible memory leak in secrets_fetch_ipc_userpass()

If domain or username are empty strings (""), we need to free them.

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:passdb: Zero password in secrets_fetch_ipc_userpass()

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:net: Fix trailing whitespace in net.c

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:passdb: Zero memory in pdb_set_pw_history()

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:passdb: Zero memory in pdb_set_plaintext_passwd()

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:passdb: s/BURN_PTR_SIZE/BURN_STR/ in samu_destroy()

This makes sure that strlen(user->plaintext_pw) is not called twice.

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:auth: Zero memory in sam_password_ok()

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:passdb: Zero memory for plaintext_pw from 'struct samu'

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:passdb: Fix whitespaces in pdb_get_set.c

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:passdb: Zero password in fetch_ldap_pw() callers

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:passdb: Zero password in fetch_ldap_pw()

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:passdb: Fix trailing whitespaces in pdb_ldap.c

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:lib: Fix trailing whitespaces in smbldap.c

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3: Zero memory of idmap_fetch_secret() users

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:passdb: Zero password in secrets_{fetch,store}_trusted_domain_password()

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:passdb: Zero memory using BURN_FREE_STR() in get_trust_pw_hash2()

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:passdb: Zero memory using BURN_FREE_STR() in secrets_fetch_or_upgrade_domain_info()

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:passdb: Zero memory using BURN_FREE() in secrets_fetch_trust_account_password_legacy() and secrets_fetch_domain_info1_by_key()

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:libsmb: Zero memory in trust_pw_change()

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:libads: Zero memory in ads_change_trust_account_password()

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

lib:util: Zero memory in generate_random_machine_password()

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

lib:replace: Add macro BURN_STR() to zero memory of a string

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

lib:util: Add BURN_FREE() and BURN_FREE_STR()

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:libsmb: Fix trailing whitespaces in trusts_util.c

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:libads: Fix trailing whitespaces in util.c

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:tests: Transfer test files into temporary directory

The presence of these two files is causing 'check-clean-tree' to fail.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Aug 25 17:56:31 UTC 2022 on sn-devel-184

s3:tests: Create test directory and file prior to revoking permissions

If 'chmod 0' is performed first, then we won't have the required
permissions for the subsequent 'mkdir' and 'touch', and they will fail.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>

ctdb-tests: Avoid shellcheck warnings

Mostly

  SC2086: Double quote to prevent globbing and word splitting.

Use ctdb_onnode() where it simplifies code.  No behaviour changes
intended.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Thu Aug 25 16:15:45 UTC 2022 on sn-devel-184

ctdb-tests: Simplify IP address checking

Use a new function and wait_until() to simplify.

get_test_ip_mask_and_iface() not needed here because
select_test_node_and_ips() sets $test_ip, and neither $mask nor $iface
is used.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-tests: Fix typos

These lines are just wrong:

  try_command_on_node -v $test_node "ip addr show to ${test_node}"
  if -n "$out"; then

The 2nd variable referenced should be $test_ip.  The 2nd line causes
"-n: command not found" because it is missing [] test command
brackets.

Both typos would probably make the test pass unconditionally.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-tests: Reformat script using shfmt -w -p -i 0 -fn

Whitespace changes only.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

python:tests: Allocate OID range for testing to avoid collisions

sid_strings.py used the same OID range as ldap_schema.py, which
occasionally led to test failures when the same OID was generated twice.
Using a different range, and making use of the expected RID if we have
it, should reduce the likelihood of collisions.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Aug 25 13:55:47 UTC 2022 on sn-devel-184

schema_samba4.ldif: Allocate previously added OIDs

DSDB_CONTROL_FORCE_ALLOW_VALIDATED_DNS_HOSTNAME_SPN_WRITE_OID was added
to source4/dsdb/samdb/samdb.h in commit
c2ab1f4696fa3f52918a126d0b37993a07f68bcb.

DSDB_EXTENDED_SCHEMA_LOAD was added in commit
1fd4cdfafaa6a41c824d1b3d76635bf3e446de0f.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

smbd: implement access checks for SMB2-GETINFO as per MS-SMB2 3.3.5.20.1

The spec lists the following as requiring special access:

- for requiring FILE_READ_ATTRIBUTES:

  FileBasicInformation
  FileAllInformation
  FileNetworkOpenInformation
  FileAttributeTagInformation

- for requiring FILE_READ_EA:

  FileFullEaInformation

All other infolevels are unrestricted.

We ignore the IPC related infolevels:

  FilePipeInformation
  FilePipeLocalInformation
  FilePipeRemoteInformation

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15153
RN: Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Aug 23 12:54:08 UTC 2022 on sn-devel-184

smbtorture: check required access for SMB2-GETINFO

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15153

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s4/libcli/smb2: avoid using smb2_composite_setpathinfo() in smb2_util_setatr()

smb2_composite_setpathinfo() uses SEC_FLAG_MAXIMUM_ALLOWED which can
have unwanted side effects like breaking oplocks if the effective access
includes [READ|WRITE]_DATA.

For changing the DOS attributes we only need SEC_FILE_WRITE_ATTRIBUTE. With this
change test_smb2_oplock_batch25() doesn't trigger an oplock break anymore.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15153

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

gitlab-ci: Add a shellcheck runner

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Mon Aug 22 21:30:09 UTC 2022 on sn-devel-184

testprogs: Fix shellcheck errors in upgradeprovision-oldrelease.sh

testprogs/blackbox/upgradeprovision-oldrelease.sh:134:103: error: Double
quote array expansions to avoid re-splitting elements. [SC2068]

testprogs/blackbox/upgradeprovision-oldrelease.sh:140:117: error: Double
quote array expansions to avoid re-splitting elements. [SC2068]

testprogs/blackbox/upgradeprovision-oldrelease.sh:145:105: error: Double
quote array expansions to avoid re-splitting elements. [SC2068]

testprogs/blackbox/upgradeprovision-oldrelease.sh:151:122: error: Double
quote array expansions to avoid re-splitting elements. [SC2068]

testprogs/blackbox/upgradeprovision-oldrelease.sh:156:110: error: Double
quote array expansions to avoid re-splitting elements. [SC2068]

testprogs/blackbox/upgradeprovision-oldrelease.sh:162:134: error: Double
quote array expansions to avoid re-splitting elements. [SC2068]

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>

testprogs: Fix shellcheck errors in test_wintest.sh

testprogs/blackbox/test_wintest.sh:15:97: error: Double quote array
expansions to avoid re-splitting elements. [SC2068]

testprogs/blackbox/test_wintest.sh:40:31: error: Double quote array
expansions to avoid re-splitting elements. [SC2068]

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>

testprogs: Fix shellcheck errors in test_weak_crypto_server.sh

testprogs/blackbox/test_weak_crypto_server.sh:59:65: error: Use braces
when expanding arrays, e.g. ${array[idx]} (or ${var}[.. to quiet).
[SC1087]

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>