s3:tests: Plan test_smbspool_krb.sh for environment ad_member_fips

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Tue Oct 17 19:19:32 UTC 2023 on atb-devel-224

s3:tests: Add smbspool test using kerberos authentication: test_smbspool_krb.sh

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:tests: The correct name of shell variable is 'samba_smbspool_krb5'

There is no shell variable named 'smbspool_krb5'.

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

gitignore: add WAF lockfile

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15497

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christof Schmitt <christof.schmitt@us.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Oct 17 04:16:29 UTC 2023 on atb-devel-224

 build: Add 'make printversion' to provide version string

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15497

Signed-off-by: Christof Schmitt <christof.schmitt@us.ibm.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:kdc: Remove unused function int2SDBFlags()

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:kdc: Explicitly initialize SDBFlags structures

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:kdc: Make ‘struct user_info_dc’ members const

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dsdb: Check return value of ldb_msg_add_empty() (CID 1449667)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Fix ASN.1 source

It currently fails to compile.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Don’t expect groups if we’re expecting an error

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Fix tests that crash Windows

Expect an actual error code or an outcome, not CRASHES_WINDOWS.

I don’t know which error codes Windows might be expected to produce, so
I’ve chosen some that seem plausible.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Expect a status code with policy errors

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Don’t consider RODC‐issued tickets to be banned with RBCD

If we’re verifying that a ticket was permitted to be issued by an RODC,
and not trusting the group SIDs in the ticket, is there any reason to
ban its use with RBCD?

A client with a ticket issued by an RODC that happens to select a DC to
direct an RBCD request at should not have the request mysteriously fail.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

buildtools: Correctly raise exception

This avoids errors like the following:
‘RuntimeError: No active exception to reraise’

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

buildtools: Don’t call normpath() repeatedly

A non‐negligible fraction of the build process — especially for
incremental builds — is spent calling normpath() over and over again.

Make builds faster by not doing that.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:kdc: fix user2user tgs-requests for normal user accounts

User2User tgs requests use the session key of the additional
ticket instead of the long term keys based on the password.

In addition User2User also asserts that client and server
are the same account (cecked based on the sid).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15492

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Oct 16 15:38:12 UTC 2023 on atb-devel-224

third_party/heimdal kdc: introduce HDB_F_USER2USER_PRINCIPAL (import lorikeet-heimdal-202310152331 (commit a571340c9e1b75d4f5d96f08fcf9fd660d3ba3d4))

This allows HDB backends to do special handling for
User2User TGS-REQs. The main reason is to let
the HDB_F_GET_SERVER lookup to succeed even for
non-computer accounts. In Samba these are typically
not returned in HDB_F_GET_SERVER in order to avoid
generating tickets with the user password.

But for User2User the account password is not used,
so it is safe to return the server entry.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15492

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
[abartlet@samba.org Adapted to be an import from lorikeet-heimdal as requested]

tests/krb5/kdc_tgs_tests: add user2user tests using a normal user account

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15492

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2018-14628: python:descriptor: let samba-tool dbcheck fix the nTSecurityDescriptor on CN=Deleted Objects containers

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2018-14628: dbchecker: use get_deletedobjects_descriptor for missing deleted objects container

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2018-14628: s4:dsdb: remove unused code in dirsync_filter_entry()

This makes the next change easier to understand.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2018-14628: s4:setup: set the correct nTSecurityDescriptor on the CN=Deleted Objects container

This revealed a bug in our dirsync code, so we mark
test_search_with_dirsync_deleted_objects as knownfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2018-14628: python:provision: make DELETEDOBJECTS_DESCRIPTOR available in the ldif files

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2018-14628: python:descriptor: add get_deletedobjects_descriptor()

samba-tool drs clone-dc-database was quite useful to find
the true value of nTSecurityDescriptor of the CN=Delete Objects
containers.

Only the auto inherited SACL is available via a ldap search.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13595

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4/torture: fix exit status of raw.bench-lookup

Use correct value of 'result' when the test passes.

Signed-off-by: Oleg Kravtsov <oleg@tuxera.com>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Oct 16 02:01:17 UTC 2023 on atb-devel-224

gpdupate: Implement Drive Maps Client Side Extension

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

gpupdate: Test Drive Maps Client Side Extension

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tevent: version 0.16.0

- the epoll backend is no longer limited to 2 event handlers
  per low level fd.
- finally add support for TEVENT_FD_ERROR

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Oct 13 10:45:51 UTC 2023 on atb-devel-224

tevent: add support for TEVENT_FD_ERROR

After 12 years we finally got TEVENT_FD_ERROR support :-)

TEVENT_FD_WRITE event handlers never get errors reported
instead the event handler is silently disabled.
There are likely callers relying on that behavior, so
we are not able to chance it.

Now TEVENT_FD_WRITE can be used together with TEVENT_FD_ERROR
in order to get errors reported without waiting for TEVENT_FD_READ.

TEVENT_FD_ERROR can also be used alone in order to detect errors
on sockets in order to cleanup resources.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

tevent: add test_event_fd3

The tests the interaction of multiple event handlers on
the same low level fd.

It shows that poll and epoll backends behave in the
same fair way.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

tevent: add test_fd_speed3

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

tevent: let tevent_epoll.c use new generic mpx infrastructure

This allows any number of event handlers per low level fd.

It means the epoll backend behaves like the poll backend now.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

tevent: add tevent_common_fd_mpx infrastructure

Backends may require to map individual tevent_fd instances to
a single low level kernel state (e.g. for epoll).

This generic infrastructure adds helper functions using
a generic (sub)part of struct tevent_fd.

The new code will allow us to support more than 2 tevent_fd
instances per fd, which makes sure all backends can provide
a similar behavior. This will be important when we add
TEVENT_FD_ERROR as a 3rd kind of fd event.

The aim is to use this in order to replace the limited implementation
we already have in tevent_epoll.c.

As these helpers are typically called from within
'void tevent_fd_set_flags(struct tevent_fd *fde, uint16_t flags)'
there's no way to report errors. So in order avoid additional
error handling complexity the helpers try to avoid
any allocations which may fail. It also means the logic in
tevent_epoll.c doesn't have to change much.

These are implemented as static line functions in order to avoid
the function call overhead, which showed up in profiles of the
early implementation.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

tevent: split out a tevent_common_fd_disarm() helper

It means tevent_trace_fd_callback(TEVENT_EVENT_TRACE_DETACH)
is always called and similar future changes are only
needed in one place.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

ldb: sync DLIST_DEMOTE_SHORT() changes to include/dlinklist.h

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

lib/util: sync DLIST_DEMOTE_SHORT() changes to dlinklist.h

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

tevent: introduce DLIST_DEMOTE_SHORT()

It turns out that the overhead of DLIST_DEMOTE() implemented
as DLIST_REMOVE();DLIST_ADD_END(), is very high if the list
contains only 1 or 2 elements.

The next commits will make use of DLIST_DEMOTE_SHORT() for
multiplexing multiple tevent_fd structures for a single fd
and the most important and common case is a list with just
one element.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

wintest: Fix invalid escape sequences

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Oct 13 04:55:06 UTC 2023 on atb-devel-224

selftest: Use now() instead of utcnow()

utcnow() is deprecated and will be removed in a future version of Python.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:torture: Use assertEqual() instead of assertEquals()

assertEquals() was removed in Python 3.12.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dsdb:tests: Use loadTestsFromTestCase() instead of makeSuite()

makeSuite() is deprecated and will be removed in Python 3.13.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dsdb:tests: Fix assertion messages

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dsdb:tests: Remove unused variables

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dsdb:tests: Remove unused imports

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:script: Remove semicolons

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Fix assertion messages

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Use assertEqual() instead of assertEquals()

assertEquals() was removed in Python 3.12.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python:tests: Use now() instead of utcnow()

utcnow() is deprecated and will be removed in a future version of Python.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python:tests: Remove semicolons

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python:tests: Correct search expression

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python:tests: Fix comment

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python:tests: Fix exception message

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python:tests: Use assertEqual() instead of assertEquals()

assertEquals() was removed in Python 3.12.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python:subunit: Use now() instead of utcnow()

utcnow() is deprecated and will be removed in a future version of Python.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python:colour: Fix exception message

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

examples: Fix invalid escape sequences

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

examples: Don’t use deprecated method ‘has_key()’

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

buildtools: Remove semicolons

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4-torture: add another test to demonstrate identical functions

Create a spoolss_EnumPrinters request and send it to both endpoints and
verify they deliver identical replies.

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Oct 13 03:19:59 UTC 2023 on atb-devel-224

s3-iremotewinspool: check for correct object_uuid in dispatch fn.

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4-torture: add testcase to iremotewinspool suite to explore object_uuid handling

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3-iremotewinspool: properly map incoming PAR to RPRN requests.

Map the incoming iremotewinspool opnum to match the appropriate call in
the spoolss server in the pull path.

There is no 1:1 mapping in the opnums between the procols, only in the
corresponding functions.

Without doing the mapping we currently forward
e.g. winspool_AsyncOpenPrinter() to spoolss_EnumPrinters() leading to
all sorts of errors.

A correct mapping was in place earlier with an handsorted server call
table but it got removed with the rpc server rewrite.

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3-iremotewinspool: add PAR->RPRN mapping table

There is no 1:1 mapping between the opcodes but between the functions
(including _Ex and _2 naming extensions):

e.g.
winspool_AsyncOpenPrinter  (0x00) -> spoolss_OpenPrinterEx (0x45)
winspool_AsyncClosePrinter (0x14) -> spoolss_ClosePrinter  (0x1d)

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:rpc_server: Check return values of gnutls functions (CID 1452111)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:rpc_server: Check mkdir() return value (CID 1034649)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:ntvfs: Correctly acknowledge PVFS_FLAG_STRICT_SYNC flag (CID 241154)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:ntvfs: Remove dead code path

‘pending’ will never be NULL.

View with ‘git show -b’.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:ntvfs: Remove unneeded NULL check (CID 240771)

We’ve already dereferenced ‘pending’ in the init‐clause of the loop, and
won’t reassign it during the loop.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:messaging: Remove redundant code

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:libcli: Check return value of convert_string_talloc() (CID 1272839)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:libcli: Remove unnecessary casts

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dsdb: Don’t overwrite existing error code (CID 1445263)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dsdb: Log correct ldb error

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dsdb: Replace early ‘continue’ with ‘if’ statement (CID 1414738)

A ‘continue’ statement creates the misleading impression that this loop
executes more than once.

This also avoids ‘mem_ctx’ being leaked.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dsdb: Check return value of ldb_msg_add_empty() (CID 1272827)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dsdb: Fix unreachable code (CID 1435967)

Commit ede668e8e24c86f0836dfa5740e76d8aca1e0824 removed this condition
for some unexplained reason, causing the following code to become
unreachable.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dsdb: Remove unreachable code (CID 1034686)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dsdb: Check return code (CID 1444824/1444844)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dsdb: Permit forward link to be missing in linked_attributes_fix_forward_link()

We don’t care if a forward link is missing from an object being renamed
during the deletion process.

Nothing yet checks the value returned from this function, so there
should be no change in behaviour.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dsdb: Check whether ‘p’ is NULL before dereferencing it (CID 240875)

Commit 6baf7608dfc3517cb3798fc53db849f49c6d157a added a NULL check in
one place, but not everywhere ‘p’ was dereferenced.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dns_server: Check return value of ldb_transaction_commit() (CID 1034631)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dns_server: Merge similar code paths

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:auth: Remove event context on failure

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:auth: Fix resource leak (CID 1107222)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:utils: Check return value of cli_RNetServiceEnum() (CID 1273313)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:utils: Avoid integer overflow (CID 1035488)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

smb2_server: Check status codes (CID 1474441)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

smb2_server: Remove unreachable code (CID 1444981)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Revert "smbd: Fix CID 1504457 Resource leak"

We cannot free ‘enc’ — it may be a copy of ‘buffer’, in which parameter
both construct_reply_chain() and smb_request_done() pass arrays of
automatic storage duration!

Fixes CID 1505354.

This reverts commit a395f752f0748751d4ade533c41066903f26c2dd.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:smbd: Avoid integer overflow (CID 1035487)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:rpcclient: Do not pass uninitialized pointer to printf() (CID 1476170)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:nmbd: Remove redundant code (CID 1414756)

‘buf’ is reassigned a few lines down.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:modules: Initialize mask_permset (CID 1435850)

If this code had ever run, sys_acl_clear_perms() would have attempted to
write to some random address in memory. ‘mask_permset’ must be a valid
non‐NULL pointer.

Commit 9b79d5f2a2f8af75ef13bdc41d2dc296e19ba098 seems to have been a
previous attempt to fix this issue.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:modules: Remove unreachable code (CID 1508998)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:libsmb: Fix array traversal (CID 1034683)

Commit 033185e2a1b2892fe8dc74a18a38e5e13e08cb22 changed the sentinel
value to an empty character array, but failed to update the traversal
code to match.

Commit 48a453996ac161d7c7a7cb15a047e57cbdbb1e87 then tried to fix the
situation, but did not do so correctly.

Fix this code by forgetting about sentinel values altogether.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:libnet: Remove always‐false comparison (CID 241309)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Revert "s3:libads: Don’t do first loop iteration if ‘attr’ is NULL"

Fixes CID 1547073: Control flow issues (DEADCODE).

This reverts commit 184a48d65772f359bd81f83256daada8c9e500b3.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:lib: Rearrange preprocessor directives to avoid structurally dead code (CID 242032)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:client: Correctly call setgroups() (CID 1449449)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>