selftest: Test repushing an ntlmssp AUTHENTICATE_MESSAGE

This demonstrates a bug found by Douglas Bagnall using Hongfuzz and the new fuzz_ndr_X
fuzzer where the value() evaluatuion could segfault if it was made to follow a NULL
pointer.

This also demonstrates that the --base64 mode works on file inputs.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

selftest: Confirm that NDR bugs are fixed in DCOM code

Test input provided by Michael Hanselmann and found using Hongfuzz.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13875
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

pidl: check the size of pulled arrays of arrays

We were accidentally checking the memory just past the array instead of
checking each member.

This could have led to the size of some arrays not being checked.

Found by Michael Hanselmann using Honggfuzz and an fuzzer for Samba's
NDR layer.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13877

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

ndr_orpc: properly allocate empty DUALSTRINGARRAY

When there is no data we still need to allocate for the terminating NULL.

Found by Michael Hanselmann using Honggfuzz and an fuzzer for Samba's
NDR layer.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13875

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

selftest: Confirm that --base64-input and --input work and a PIDL bug is fixed.

The PIDL bug is in the handling of arrays of arrays.

Test input provided by Michael Hanselmann and found using Hongfuzz.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13875

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

python: Return the stdout when also checking error codes

This will aid in checking that ndrdump behaves as expected when
failing to parse

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

ndrdump: Still print --dump bytes after parse failure

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

ndrdump: Invert sense of --stop-on-parse-failure into --print-after-parse-failure

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

ndrdump: Return a different error code for ndr_pull() failures

This may assist in distinguishing between "runner" and "pull" failures.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

ndrdump: Allow for base64-encoded input in a file and on the command line

It has become customary to provide reproduction steps for fuzzing failures
in terms of an ndrdump command line.  This allows the input to be provided
as a argument or in a file rather than via base64 -d.  This makes reproducing
the issue easier as everything can be put in a plaintext bug report.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

ndrdump: Check for input decode failures

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

ndrdump: Add const

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

ndrdump: TALLOC_FREE() on each exit path to allow running with leak detection

This allows us to learn if there are other memory leaks not on the mem_ctx
during the processing of the packet.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

ndrdump: print structure name when failing to setup

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

ndrdump: Fix one more NTSTATUS rather than friendly ndr message

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

librpc: Unify packet dumping on ndr_pull() failure

There were two duplicate implementations of packet dumping just for the s4 RPC server!

This unifies them and makes them easier to find because they are not triggered
from the generated server stub any more.

The behaviour have unified on setting "dcesrv:stubs directory" and
being compiled with --enable-developer.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Nov 20 02:14:56 UTC 2019 on sn-devel-184

vfs_gpfs: Use update_stat_ex_create_time

Make the code a bit easier to read by avoiding direct access to the
statex struct.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Tue Nov 19 22:44:53 UTC 2019 on sn-devel-184

vfs_gpfs: Create fileid from filesystem metadata

MacOS SMB clients require that file ids are not quickly reused when
files are deleted and new files are created with the same name. Inode
numbers do not satisfy that requirement, as they will be quickly reused.

To address this problem, create a unique id from the available file
system specific metadata. As that id is larger than the available 64bit,
use a hash to generate a 64bit id for usage as fileid.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

vfs_gpfs: Use gpfs_fstat_x in vfs_gpfs_fget_dos_attributes

This is no functional change, but allows to use additional metadata
later on.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

vfs_gpfs: Use gpfs_stat_x in vfs_gpfs_get_dos_attributes

This is no functional change, but allows to use additional metadata
later on.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

gpfswrap: Add wrappers for gpfs_fstat_x and gpfs_stat_x

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

vfs: Fix CID 1455914 Unused value

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Nov 19 17:37:42 UTC 2019 on sn-devel-184

smbd: Fix CID 1455912 Logically dead code

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

winbind: Fix CID 1455915 Resource leak

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

librpc: Fix CID 1455913 Use after free

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

whatsnew: announce removal of DES encryption type in Kerberos

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14202

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Isaac Boukris <iboukris@samba.org>
Autobuild-Date(master): Tue Nov 19 16:12:39 UTC 2019 on sn-devel-184

heimdal: do not compile weak crypto

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14202

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

selftest: allow any kdc error in mitm-s4u2self test

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14202

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

selftest: mitm-s4u2self: use zlib for CRC32_checksum calc

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14202

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

machine_account_secrets: do not generate single DES keys

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14202

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

kerberos_keytab: do not add single DES keys to keytab

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14202

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

password_hash: do not generate single DES keys

Per RFC-6649 single DES enctypes should not be used.

MIT has retired single DES encryption types, see:
https://web.mit.edu/kerberos/krb5-1.12/doc/admin/advanced/retiring-des.html

As a workaround, store random keys instead, making the usage of signle DES
encryption types virtually impossible.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14202

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

kdc/db-glue: do not fetch single DES keys from db

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14202

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

kerberos: remove single DES enctypes from ENC_ALL_TYPES

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14202

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

selftest: exclude msDS-SupportedEncryptionType in ldapcmp

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14202

Pair-Programmed-With: Alexander Bokovoy <ab@samba.org>

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

selftest/remote_pac: remove test_PACVerify_workstation_des

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14202

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

ndr: Include the caller location in ndr_{pull,push}_error() messages

This should aid in debugging NDR parse failures.

Use the ABI bump to again exclude ndr_table_misc incorrectly
added in ABI 0.2.1.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Nov 19 14:47:46 UTC 2019 on sn-devel-184

witness.idl: Change array type in IDL for the print function

It is important that the generated print function checks r->messages
before de-referencing r->messages[num] as r->num can be non-zero
while r->messages is NULL.

There is not witness server in Samba and print functions are only
used during debugging and ndrdump in any case.

The change in the IDL does not change the header and the IDL
function is already nopull,nopush so only the print function changes.

Found by Douglas Bagnall using Honggfuzz and a new fuzzer for
Samba's NDR layer.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

utils: only compile test_oLschema2ldif if fmemopen exists

in the vein of da87fa998ab71328f30bcdf5b41aee8675aee48a

Signed-off-by: Robert Scott <code@humanleg.org.uk>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Nov 19 06:12:29 UTC 2019 on sn-devel-184

s4:lib:tls: Fix cert and privkey types

../../source4/lib/tls/tlscert.c:42:2: warning: ‘gnutls_x509_crt’ is
    deprecated [-Wdeprecated-declarations]
   42 |  gnutls_x509_crt cacrt, crt;
      |  ^~~~~~~~~~~~~~~
../../source4/lib/tls/tlscert.c:43:2: warning: ‘gnutls_x509_privkey’ is
    deprecated [-Wdeprecated-declarations]
   43 |  gnutls_x509_privkey key, cakey;
      |  ^~~~~~~~~~~~~~~~~~~

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli:auth: Remove unused E_md5hash()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:winbind: Replace E_md5hash() with GnuTLS calls

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:winbindd: Replace E_md5hash() with GnuTLS calls

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:rpc_server: Replace E_md5hash() with GnuTLS calls

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

build: add missing crypt dependency for auth4_unix

Commit dc5788056bc removed crypt library from replace.  This breaks the
build on fedora 30 ppc64.

  [2439/3956] Linking bin/default/source4/auth/ntlm/libauth4-samba4.so
  /usr/bin/ld: source4/auth/ntlm/auth_unix.c.5.o: in function `password_check':
  auth_unix.c:(.text+0x7e0): undefined reference to `crypt'

crypt library is required to build ntlm auth_unix.c.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Tue Nov 19 04:47:47 UTC 2019 on sn-devel-184

lib/fuzzing: Free memory after successful load in fuzz_tiniparser

Otherwise we have a memory leak and so fail the Google oss-fuzz check_build test.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Nov 18 21:02:52 UTC 2019 on sn-devel-184

lib/fuzzing: Avoid NULL pointer de-ref from 0-length input

fmemopen() does not like 0-length input.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

tevent: Release tevent 0.10.2

* Upgrade waf to version 2.0.18 to fix a cross-compilation issue

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13846

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Mon Nov 18 11:44:08 UTC 2019 on sn-devel-184

tdb: Release tdb 1.4.3

* Upgrade waf to version 2.0.18 to fix a cross-compilation issue.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13846

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

talloc: Release talloc 2.3.1

* Upgrade waf to 2.0.18 to fix a cross-compilation issue

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13846

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

ndrdump: avoid use after free

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Sun Nov 17 23:54:11 UTC 2019 on sn-devel-184

ndrdump: Use human-readable strings for NDR decode errors

These make much more sense than the NTSTATUS values they can be forced
to map to.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

selftest: Test fix for ndrdump of structures by number

This requires that misc.GUID not move in the IDL, so a comment is added.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14191

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

ndrdump: correctly find the public strict by number

We were finding a function that happened to have the same ordinal
number.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14191

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

librpc: Use the fact that file_save() now uses O_EXCL in dcerpc_log_packet()

This avoids a race with file_exist() and demostrates a better
way to use this function.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Nov 15 18:48:27 UTC 2019 on sn-devel-184

lib/util: change file_save_mode() to use O_EXCL

Almost all the callers are debug tools or developer debugging aids
and these callers clearly expect to create a new file.

Unchanged in behaviour is:
 - TLS certificate creation.  This already confirms the files do no exist
   prior to generation.

These will now no longer overwrite the given filename
 - net ads pac save
 - net eventlog export

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3-build: add missing gnutls dependency

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andreas Schneider <asn@samba.org>

third_party: Update nss_wrapper to version 1.1.7

This adds missing support for Address Sanitzer.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Nov 14 23:50:06 UTC 2019 on sn-devel-184

lib: Fix an error path memleak in schannel_get_creds_state()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs: Use dbwrap_delete() in acl_tdb_delete()

Use the wrapper function that's already available for exactly this
purpose.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs: Use dbwrap_store() in store_acl_blob_fsp()

Use the wrapper function that's already available for exactly this
purpose.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs: Use direct struct assignment in store_acl_blob_fsp()

2 lines less code

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

pidl: Handle obtaining objects from a fixed-size array

Previously we would assume the array head was the talloc context
however this is not the case if the array is a fixed size inline array
within the parent struct.

In that case the overall object's talloc context is the correct
context to reference.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Pair-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Thu Nov 14 17:36:49 UTC 2019 on sn-devel-184

pidl/python: allocate objects with ref pointers

Struct members that are marked as ref pointers need to have an object
allocated for them.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Noel Power <npower@samba.org>

pytests/segfault: pidl inline arrays

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>

pytests/segfaults: dcerpc ref elements segfault

These are just a couple of examples.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>

pytests: rpc echo should not segfault

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>

s4/rpc/dcerpc_connect: no crash on NULL dest_host

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>

ctdb-tests: Add tests for cmdline_add() api

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Nov 14 12:03:46 UTC 2019 on sn-devel-184

ctdb-common: Add api to add new section/commands to cmdline

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

ctdb-common: Change cmdline implementation to support multiple sections

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

ctdb-tests: Update cmdline tests for section name

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

ctdb-common: Add section to group commands in cmdline

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

ctdb-common: Generate usage message from cmdline_parse()

If any of the option parsing or command parsing fails, generate usage
message.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

libcli:auth Check return code of netlogon_creds_aes_encrypt()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Nov 14 09:25:36 UTC 2019 on sn-devel-184

libcli:auth: Check return code of netlogon_creds_step_crypt()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli:auth: Check return code of netlogon_creds_step()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:librpc: Check return code of netlogon_creds_client_authenticator()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli:auth: Check return code of netlogon_creds_client_authenticator()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

auth:pycreds: Check return code of netlogon_creds_client_authenticator()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli:auth: Return NTSTATUS for netlogon_creds_client_authenticator()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli:auth: Check return status of netlogon_creds_first_step()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli:auth: Check return status of netlogon_creds_init_64bit()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli:auth: Check return value of netlogon_creds_init_128bit()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:torture: Remove calls to gnutls_global_(de)init() in backupkey test

This is handled by the gnutls library constructor/destructor.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:lib: Remove gnutls_global_(de)init() from libtls

This is handled by the gnutls library constructor/destructor.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:rpc_server: Remove gnutls_global_(de)init()

This is done by the gnutls library constructor/destructor.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli:auth: Check return code of SMBOWFencrypt_ntv2()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli:auth: Return NTSTATUS for SMBOWFencrypt_ntv2()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli:auth: Check return codes of SMBsesskeygen_ntv2()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli:auth: Return NTSTATUS for SMBOWFencrypt_ntv2()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14195

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

librpc: Do not return an NDR table for a zero GUID

The source3 RPC server will do a lookup by GUID and should
not be returned a table for a zero GUID.

Thankfully such a pipe would also need to have been registered
but regardless this is not a determinsitic result so should
be avoided.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

ctdb-tcp: Simplify freeing of transport data on shutdown

The type-checking is superfluous and gets in the way of readability.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Thu Nov 14 03:45:44 UTC 2019 on sn-devel-184

ctdb-daemon: Rename ctdb_context private_data to transport_data

This gives a casual reader a useful clue.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-daemon: Rename ctdb_node private_data to transport_data

This gives a casual reader a useful clue.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-tcp: Close inflight connecting TCP sockets after fork

Commit c68b6f96f26 changed the talloc hierarchy such that outgoing TCP sockets
while sitting in the async connect() syscall are not freed via
ctdb_tcp_shutdown() anymore, they are hanging off a longer-running structure.
Free this structure as well.

If an outgoing TCP socket leaks into a long-running child process (possibly the
recovery daemon), this connection will never be closed as seen by the
destination node. Because with recent changes incoming connections will not be
accepted as long as any incoming connection is alive, with that socket leak
into the recovery daemon we will never again be able to successfully connect to
the node that is affected by this leak. Further attempts to connect will be
discarded by the destination as long as the recovery daemon keeps this socket
alive.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14175
RN: Avoid communication breakdown on node reconnect

Signed-off-by: Martin Schwenke <martin@meltin.net>
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

smbd: Make share_mode_do_locked() pass TDB_DATA instead of a record

No callback used (and should not use) the record directly, this is all
handled within share_mode_lock.c

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Nov 13 21:41:09 UTC 2019 on sn-devel-184

gitlab-ci: Run samba-fileserver-heimdalkrb5

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14179

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Wed Nov 13 19:14:25 UTC 2019 on sn-devel-184

bootstrap: Add heimdal-multidev for Debian and Ubuntu

This is required for testing the build with the
configure option --with-system-heimdalkrb5.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14179

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

autobuild: Add test for build with system heimdal library

The configure option --with-system-heimdalkrb5 requires --without-ad-dc.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14179

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>