s3: libsmb: Add missing memory allocation fail checks in cli_ntcreate1_send().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>

s3: smbtorture3: Add test_smb1_qpathinfo() DFS test to run_smb1_dfs_operations().

Passes against Windows.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 14 18:37:06 UTC 2022 on sn-devel-184

s3: smbtorture3: Add test_smb1_ctemp() DFS test to run_smb1_dfs_operations().

NB. This passes against Windows, but SMBctemp is broken on a Windows DFS
share and always returns NT_STATUS_FILE_IS_A_DIRECTORY.

When we fix the Samba server to correctly process DFS
pathnames we'll have to change this test to understand
it's running against smbd and modify the expected behavior
to match a working server.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>

s3: smbtorture3: Add test_smb1_chkpath() DFS test to run_smb1_dfs_operations().

Passes against Windows.

Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off--by: Noel Power <npower@samba.org>

s3: smbtorture3: Add test_smb1_setatr() DFS test to run_smb1_dfs_operations().

Passes against Windows.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>

s3: smbtorture3: Add test_smb1_getatr() DFS test to run_smb1_dfs_operations().

Passes against Windows.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>

s3: smbtorture3: Add test_smb1_create() DFS test to run_smb1_dfs_operations().

Tests SMBcreate and SMBmknew.

Passes against Windows.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>

s3: smbtorture3: Add test_smb1_open() DFS test to run_smb1_dfs_operations().

Passes against Windows.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>

s3: smbtorture3: Add test_smb1_openx() DFS test to run_smb1_dfs_operations().

Passes against Windows.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>

s3: smbtorture3: Add test_smb1_nttrans_create() DFS test to run_smb1_dfs_operations().

Passes against Windows.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>

s3: smbtorture3: Add test_smb1_ntcreatex() DFS test to run_smb1_dfs_operations().

Passes against Windows.

Signed-off-by: Jeremy Allison <jra@samba.org>

s3: smbtorture3: Add test_smb1_rmdir() DFS test to run_smb1_dfs_operations().

Passes against Windows.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>

s3: smbtorture3: Add test_smb1_mkdir() DFS test to run_smb1_dfs_operations().

Passes against Windows.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>

s3: smbtorture3: Add an SMB1 operations torture tester.

Only tests SMB1unlink for now, but I will add other operations
later.

smbtorture3 test is: SMB1-DFS-OPERATIONS.

Passes fully against Windows. Adds knownfail for smbd.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>

s3: smbtorture3: Add a new test SMB2-NON-DFS-SHARE.

This one is tricky. It sends SMB2 DFS pathnames to a non-DFS
share, and sets the SMB2 flag FLAGS2_DFS_PATHNAMES in the SMB2
packet.

Windows will have non of it and (correctly) treats the pathnames
as local paths (they're going to a non-DFS share). Samba fails.

This proves the server looks as the share DFS capability to
override the flag in the SMB2 packet.

Passes against Windows. Added knownfail for Samba.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>

CVE-2021-20251 s3: Ensure bad password count atomic updates for SAMR AES password change

The bad password count is supposed to limit the number of failed login
attempt a user can make before being temporarily locked out, but race
conditions between processes have allowed determined attackers to make
many more than the specified number of attempts.  This is especially
bad on constrained or overcommitted hardware.

To fix this, once a bad password is detected, we reload the sam account
information under a user-specific mutex, ensuring we have an up to
date bad password count.

We also update the bad password count if the password is wrong, which we
did not previously do.

Derived from a similar patch to source3/auth/check_samsec.c by
Jeremy Allison <jra@samba.org>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Sep 13 00:08:07 UTC 2022 on sn-devel-184

CVE-2021-20251 s3:rpc_server: Split change_oem_password() call out of samr_set_password_aes()

Now samr_set_password_aes() just returns the new password in a similar
manner to check_oem_password(). This simplifies the logic for the
following change to recheck whether the account is locked out, and to
update the bad password count.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2021-20251 dsdb/common: Remove transaction logic from samdb_set_password()

All of its callers, where necessary, take out a transaction covering the
entire password set or change operation, so a transaction is no longer
needed here.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2021-20251 s4-rpc_server: Extend scope of transaction for ChangePasswordUser3

Now the initial account search is performed under the transaction,
ensuring the overall password change is atomic. We set DSDB_SESSION_INFO
to drop our privileges to those of the user before we perform the actual
password change, and restore them afterwards if we need to update the
bad password count.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2021-20251 s4-rpc_server: Use user privileges for SAMR password change

We don't (and shouldn't) need system prvileges to perform the password
change, so drop to the privileges of the user by setting
DSDB_SESSION_INFO. We need to reuse the same sam_ctx: creating a new one
with only user privileges would not work, because any database
modifications would be blocked by the transaction taken out on the
original context.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2021-20251 s4-rpc_server: Use authsam_search_account() to find the user

This helps the bad password and audit log handling code as it
allows assumptions to be made about the attributes found in
the variable "msg", such as that DSDB_SEARCH_SHOW_EXTENDED_DN
was used.

This ensures we can re-search on the DN via the embedded GUID,
which in in turn rename-proof.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:rpc_server: Use BURN_STR() to zero password

This ensures these calls are not optimised away.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli:auth: Keep passwords from convert_string_talloc() secret

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

lib:util: Check memset_s() error code in talloc_keep_secret_destructor()

Panic if memset_s() fails.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2021-20251 s3: Ensure bad password count atomic updates for SAMR password change

The bad password count is supposed to limit the number of failed login
attempt a user can make before being temporarily locked out, but race
conditions between processes have allowed determined attackers to make
many more than the specified number of attempts.  This is especially
bad on constrained or overcommitted hardware.

To fix this, once a bad password is detected, we reload the sam account
information under a user-specific mutex, ensuring we have an up to
date bad password count.

Derived from a similar patch to source3/auth/check_samsec.c by
Jeremy Allison <jra@samba.org>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2021-20251 s3: ensure bad password count atomic updates

The bad password count is supposed to limit the number of failed login
attempt a user can make before being temporarily locked out, but race
conditions between processes have allowed determined attackers to make
many more than the specified number of attempts.  This is especially
bad on constrained or overcommitted hardware.

To fix this, once a bad password is detected, we reload the sam account
information under a user-specific mutex, ensuring we have an up to
date bad password count.

Discovered by Nathaniel W. Turner.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2021-20251 s4:auth_winbind: Check return status of authsam_logon_success_accounting()

This may return an error if we find the account is locked out.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2021-20251 s4-rpc_server: Check badPwdCount update return status

If the account has been locked out in the meantime (indicated by
NT_STATUS_ACCOUNT_LOCKED_OUT), we should return the appropriate error
code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2021-20251 s4:kdc: Check badPwdCount update return status

If the account has been locked out in the meantime (indicated by
NT_STATUS_ACCOUNT_LOCKED_OUT), we should return the appropriate error
code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2021-20251 s4:kdc: Check return status of authsam_logon_success_accounting()

If we find that the user has been locked out sometime during the request
(due to a race), we will now return an error code.

Note that we cannot avoid the MIT KDC aspect of the issue by checking
the return status of mit_samba_zero_bad_password_count(), because
kdb_vftabl::audit_as_req() returning void means we cannot pass on the
result.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2021-20251 s4:kdc: Move logon success accounting code into existing branch

This simplifies the code for the following commit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2021-20251 s4:dsdb: Make badPwdCount update atomic

We reread the account details inside the transaction in case the account
has been locked out in the meantime. If it has, we return the
appropriate error code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2021-20251 s4:dsdb: Update bad password count inside transaction

Previously, there was a gap between calling dsdb_update_bad_pwd_count()
and dsdb_module_modify() where no transaction was in effect. Another
process could slip in and modify badPwdCount, only for our update to
immediately overwrite it. Doing the update inside the transaction will
help for the following commit when we make it atomic.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2021-20251 s4-auth: Pass through error code from badPwdCount update

The error code may be NT_STATUS_ACCOUNT_LOCKED_OUT, which we use in
preference to NT_STATUS_WRONG_PASSWORD.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2021-20251 auth4: Avoid reading the database twice by precaculating some variables

These variables are not important to protect against a race with
and a double-read can easily be avoided by moving them up the file
a little.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>

CVE-2021-20251 auth4: Inline samdb_result_effective_badPwdCount() in authsam_logon_success_accounting()

By bringing this function inline it can then be split out in a
subsequent commit.

Based on work by Gary Lockyer <gary@catalyst.net.nz>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>

CVE-2021-20251 auth4: Split authsam_calculate_lastlogon_sync_interval() out

authsam_calculate_lastlogon_sync_interval() is split out of authsam_update_lastlogon_timestamp()

Based on work by Gary Lockyer <gary@catalyst.net.nz>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>

CVE-2021-20251 auth4: Return only the result message and free the surrounding result

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>

CVE-2021-20251 auth4: Add missing newline to debug message on PSO read failure

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>

CVE-2021-20251 s4 auth: make bad password count increment atomic

Ensure that the bad password count is incremented atomically,
and that the successful logon accounting data is updated atomically.

Use bad password indicator (in a distinct TDB) to determine if to open a transaction

We open a transaction when we have seen the hint that this user
has recorded a bad password.  This allows us to avoid always
needing one, while not missing a possible lockout.

We also go back and get a transation if we did not take out
one out but we chose to do a write (eg for lastLogonTimestamp)

Based on patches by Gary Lockyer <gary@catalyst.net.nz>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>

CVE-2021-20251 auth4: Detect ACCOUNT_LOCKED_OUT error for password change

This is more specific than NT_STATUS_UNSUCCESSFUL, and for the SAMR
password change, matches the result the call to samdb_result_passwords()
would give.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2021-20251 s4 auth test: Unit tests for source4/auth/sam.c

cmocka unit tests for the authsam_reread_user_logon_data in
source4/auth/sam.c

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2021-20251 auth4: Reread the user record if a bad password is noticed.

As is, this is pointless, as we need a transaction to make this
any less of a race, but this provides the steps towards that goal.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>

CVE-2021-20251 s4 auth: Prepare to make bad password count increment atomic

To ensure that the bad password count is incremented atomically,
and that the successful logon accounting data is updated atomically,
without always opening a transaction, we will need to make a note
of all bad and successful passwords in a side-DB outside the
transaction lock.

This provides the functions needed for that and hooks them in
(future commits will handle errors and use the results).

Based on patches by Gary Lockyer <gary@catalyst.net.nz>

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>

CVE-2021-20251 auth4: split samdb_result_msds_LockoutObservationWindow() out

samdb_result_msds_LockoutObservationWindow() is split out of
samdb_result_effective_badPwdCount()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2021-20251 s4-rpc_server: Use authsam_search_account() to find the user

This helps the bad password and audit log handling code as it
allows assumptions to be made about the attributes found in
the variable "msg", such as that DSDB_SEARCH_SHOW_EXTENDED_DN
was used.

This ensures we can re-search on the DN via the embedded GUID,
which in in turn rename-proof.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>

CVE-2021-20251 tests/krb5: Add tests for password lockout race

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2021-20251 lib:crypto: Add Python functions for AES SAMR password change

These functions allow us to perform key derivation and AES256 encryption
in Python. They will be used in a following commit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2021-20251 lib:crypto: Add md4_hash_blob() for hashing data with MD4

This lets us access MD4, which might not be available in hashlib, from
Python. This function is used in a following commit for hashing a
password to obtain the verifier for a SAMR password change.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2021-20251 lib:crypto: Add des_crypt_blob_16() for encrypting data with DES

This lets us access single-DES from Python. This function is used in a
following commit for encrypting an NT hash to obtain the verifier for a
SAMR password change.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

lib:crypto: Use constant time memory comparison to check HMAC

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

lib:crypto: Check for overflow before filling pauth_tag array

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:torture: Zero samr_UserInfo union in password set test

If init_samr_CryptPasswordAES() does not fill the
u.info31.password.auth_data array completely, we may be comparing
uninitialised bytes.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

lib:crypto: Zero auth_tag array in encryption test

If samba_gnutls_aead_aes_256_cbc_hmac_sha512_encrypt() does not fill the
array completely, we may be comparing uninitialised bytes.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:rpc_server: Fix typo in error message

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3: smbtorture: In run_smb1_dfs_paths() ensure we're actually reading and testing crtimes from the filesystem.

Ensures crtime of the root of the share and a newly created
file crtime are different. Should help avoid mistakes like the
error fixed by the previous commit.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Mon Sep 12 16:21:23 UTC 2022 on sn-devel-184

s3: smbtorture3: Fix invalid tests for file identity.

The test SMB1-DFS-PATHS was using the file ino number
to check for file identity, fetching it using cli_qfileinfo_basic().

This works for SMB2, but the info level used by this for SMB1
(SMB_QUERY_FILE_ALL_INFO) doesn't return the ino number, so
all comparisons were succeeding as zero.

Change to using crtime (create time) for identity comparison
instead. This fix is mostly a rename of ino -> crtime, with
some changes around the tests and printf on error, but it
is easier to do in one go.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>

s4:kdc: Set Kerberos debug class for all KDC files

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Sep 12 03:27:55 UTC 2022 on sn-devel-184

docs-xml: some fixes and updates for ea and acl docs in smb.conf

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Fix spelling mistakes.

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Sep 12 02:29:32 UTC 2022 on sn-devel-184

tests/krb5: Add claims tests

Based on tests originally written by Stefan Metzmacher <metze@samba.org>

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Sep  9 01:11:05 UTC 2022 on sn-devel-184

tests/krb5: Allow specifying sname for getting service ticket

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Check claims buffers

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Add xpress (de)compression functions

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Add function for creating claims

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

krb5pac.idl: Add definitions for claims PAC buffers

The PAC device info definition comes from [MS-PAC] 2.12.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

claims.idl: Add claim type definitions

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

s4:kdc: Set kerberos debug class for kdc service

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Sep  8 23:34:15 UTC 2022 on sn-devel-184

selftest: Add Address Sanitizer suppressions

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

selftest: Create asan_options variable

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

selftest: Fix address sanitizer with python3

==9542==AddressSanitizer: failed to intercept 'crypt'
==9542==AddressSanitizer: failed to intercept 'crypt_r'

[..]

AddressSanitizer:DEADLYSIGNAL
=================================================================
==29768==ERROR: AddressSanitizer: SEGV on unknown address 0x000000000000 (pc 0x000000000000 bp 0x7ffcec4bf3c0 sp 0x7ffcec4beb58 T0)
==29768==Hint: pc points to the zero page.
==29768==The signal is caused by a READ memory access.
==29768==Hint: address points to the zero page.
    #0 0x0  (<unknown module>)
    #1 0x7f052cca4129 in crypt_crypt_impl /usr/src/debug/python310-core-3.10.6-3.1.x86_64/Modules/_cryptmodule.c:44

We would need to build python without --as-needed as we can't so that
we need to preload the library to avoid a segfault.

See also: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98669

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

selftest: Remove tailing whitspaces in selftest.pl

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

waf: Do not use as-needed if we build with Address Sanitizer

https://gcc.gnu.org/bugzilla/show_bug.cgi?id=98669

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:gensec: Do not link subsystems against dlopen() modules!

This is not a shared library. This only worked because we use
'--as-needed' as linker option.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pytest samba-tool forest: use runcmd

This is an example/test to show how runsublevelcmd() converts into
runcmd() whilst ensuring it works.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

make runcmd, runsubcmd, exact aliases

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pytest: samba-tool: coalesce run*cmd functions

We have had three different functions for resolving samba-tool commands,
depending on whether they are nested 1, 2, or n deep (where n could also
be 1 or 2). This API evolved around a separation of sub-command names and
options, so that the Command that was eventually found could be given the
right outf and errf.

Now we can just use the same outf and errf for all levels, and we can not
care about this distinction.

All these functions are now synonyms, and we keep them all for now for
backward-compatibility.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

samba-tool: binary uses samba_tool function

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pytest/samba-tool: entry function follows too logic

To further align the logic of the tool and the tests, we use
the same logic in the test function as in samba-tool.  In
effect, this means the function is even less likely to raise
an exception, rahter printing it out and returning an error code.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pytest/password-lockout: fix using samba_tool function

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pytest/samba_dnsupdate: fix using samba-tool function

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pytest/netcmd: fix for new samba-tool api

In this case we are skipping _resolve().

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

samba-tool: add a convenience function that does it all

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

samba-tool: command that has exception, shows exception

This will make a difference to the string printed in the cases that
call self.usage(), resulting in more specified usage for the
sub-command. It would also matter if the samba-tool sub-command had a
different .show_command_error() or .errf, but I don't think that
happens.

Note: usually command._run() will have caught and shown the exception,
returning -1.

We also rename away 'cmd' so we don't again imagine it is the command
we are running.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

samba-tool: _resolve() can set outf, errf

We catch output in outf and errf for testing, which we currently do
with

    cmd.outf = self.stringIO()
    cmd.errf = self.stringIO()

on the final resolved commands. But this does not catch the output of
the super-commands, of which we normally expect none. Using

    supercmd._resolve(*args, outf=self.stringIO(), errf=self.stringIO())

will redirect output all the way up the chain.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

samba-tool: more conventional usage of parser.parse_args

By default parse_args will use sys.argv[1:], which is to say the
command-line without the command name. We have always fed it the
equivalent of sys.argv, then trimmed the command off the result. That
was a bit silly.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

samba-tool: separate ._run() from command resolution

Prior to this commit, in super-commands, the first half of the _run()
is resolving what sub-command to run, and the second half is working
out what to print if that failed. Some issues with that are:

 * it looks a little bit complicated.

 * the tests can't use the tool's resolution code, because it runs
   immediately, while the tests first want to fiddle with self.outf
   and so on.

 * it makes it harder to subclass and override the resolution code, so
   instead we do strange things like where we subclass dict as in
   main.py.

So we split it into ._resolve() and ._run().

There are a few tests that break. We mark these as flapping, rather
than knownfail, so as to avoid going into extremely fine-grain filters
for tests that will be fixed within a few commits.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

samba-tool: do not crash on unimplemented .run()

The run() method is always called with arguments, so it crashes before
the NotImplementedError() is ever reached. That's OK, but this is better.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:libads: let cldap_ping_list() use cldap_multi_netlogon()

We have a list of ip addresses, so we can request them
all together under a single timeout, instead of asking
each ip with it's own timeout.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Sep  8 08:12:46 UTC 2022 on sn-devel-184

s3:libads: split out ads_fill_cldap_reply() out of ads_try_connect()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:modules - fix read of uninitialized memory

For loop accesses entry->next after entry
has been removed from list in glfs_clear_preopened().

Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep  7 19:40:17 UTC 2022 on sn-devel-184

ntlm_auth: Remove an unused #include

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

torture3: Pass NULL to ReadDirName

Do the necessary fstat manually

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Remove an unused variable

ReadDirName happily takes NULL for "sbuf"

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

torture3: Remove an unused variable

ReadDirName happily takes NULL for "sbuf"

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Remove unused variables

ReadDirName happily takes NULL for "sbuf"

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Shorten long lines

This code is young enough to justify a README.Coding patch, at least
IMO.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbtorture3: Avoid an "else"

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

ldb: Fix a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

ldb: Fix a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>