s3: smbd: Add a dirfsp parameter to smbd_calculate_access_mask().

Not yet used. Currently always conn->cwd_fsp.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: smbd: Reformat users of smbd_calculate_access_mask().

Make new parameter addition clearer.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: smbd: Add a dirfsp parameter to check_parent_access().

Not yet used. Currently always conn->cwd_fsp.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: smbd: Reformat users of check_parent_access().

Make new parameter addition clearer.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: smbd: Add a dirfsp parameter to user_can_read_file().

Not yet used. Currently always conn->cwd_fsp.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: smbd: Reformat users of user_can_read_file().

Make new parameter addition clearer.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: smbd: Add a dirfsp parameter to smbd_check_access_rights().

Not yet used. Currently always conn->cwd_fsp.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: smbd: Reformat users of smbd_check_access_rights().

Make new parameter addition clearer.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: smbd: Add dirfsp parameter to can_write_to_file().

Not yet used. Currently always conn->cwd_fsp.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: smbd: Reformat users of can_write_to_file().

Make new parameter addition clearer.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: smbd: Add dirfsp parameter to user_can_write_file().

Not yet used. Currently always conn->cwd_fsp.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: smbd: Reformat caller of user_can_write_file().

Make new parameter addition clearer.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: smbd: Add dirfsp parameter to can_delete_file_in_directory().

Not yet used. Currently always conn->cwd_fsp.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: smbd: Reformat definition and callers of can_delete_file_in_directory().

Makes future addition of parameter easier to see.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

CVE-2020-10700: dsdb: Do not permit the ASQ control for the GUID search in paged_results

ASQ is a very strange control and a BASE search can return multiple results
that are NOT the requested DN, but the DNs pointed to by it!

Thanks to Andrei Popa <andrei.popa@next-gen.ro> for finding,
reporting and working with us to diagnose this issue!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14331

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Karolin Seeger <kseeger@samba.org>
Autobuild-Date(master): Mon May  4 10:14:28 UTC 2020 on sn-devel-184

CVE-2020-10700: ldb: Always use ldb_next_request() in ASQ module

We want to keep going down the module stack, and not start from the top again.

ASQ is above the ACL modules, but below paged_results and we do not wish to
re-trigger that work.

Thanks to Andrei Popa <andrei.popa@next-gen.ro> for finding,
reporting and working with us to diagnose this issue!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14331

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

CVE-2020-10700: dsdb: Add test for ASQ and ASQ in combination with paged_results

Thanks to Andrei Popa <andrei.popa@next-gen.ro> for finding,
reporting and working with us to diagnose this issue!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14331

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

CVE-2020-10704 libcli ldap: Check search request lengths.

Check the search request lengths against the limits passed to
ldap_decode.

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Mon May  4 04:40:10 UTC 2020 on sn-devel-184

CVE-2020-10704: libcli ldap_message: Add search size limits to ldap_decode

Add search request size limits to ldap_decode calls.

The ldap server uses the smb.conf variable
"ldap max search request size" which defaults to 250Kb.
For cldap the limit is hard coded as 4096.

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2020-10704: S4 ldap server: Limit request sizes

Check the size of authenticated and anonymous ldap requests and reject
them if they exceed the limits in smb.conf

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2020-10704: smb.conf: Add max ldap request sizes

Add two new smb.conf parameters to control the maximum permitted ldap
request size.

Adds:
   ldap max anonymous request size       default 250Kb
   ldap max authenticated request size   default 16Mb

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2020-10704: ldapserver tests: Limit search request sizes

Add tests to ensure that overly long (> 256000 bytes) LDAP search
requests are rejected.

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2020-10704: lib util asn1: Check parse tree depth

Check the current depth of the parse tree and reject the input if the
depth exceeds that passed to asn1_init

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2020-10704: libcli ldap: test recursion depth in ldap_decode_filter_tree

Add tests to check that ASN.1 ldap requests with deeply nested elements
are rejected.  Previously there was no check on the on the depth of
nesting and excessive nesting could cause a stack overflow.

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

CVE-2020-10704: lib util asn1: Add ASN.1 max tree depth

Add maximum parse tree depth to the call to asn1_init, which will be
used to limit the depth of the ASN.1 parse tree.

Credit to OSS-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=20454
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14334

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

smbd: use is_lease_stat_open() in delay_for_oplock()

This allows READ_CONTROL_ACCESS in the access mask as stat open if a file has
only leases.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14357

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Apr 30 21:10:43 UTC 2020 on sn-devel-184

smbd: add is_lease_stat_open()

This adds a leases specific stat opens access mask check function.

See also:

https://lists.samba.org/archive/cifs-protocol/2020-March/003409.html

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14357

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: rename is_stat_open() to is_oplock_stat_open()

Testing stat opens with with leases reveals that that the access mask

  SYNCHRONIZE_ACCESS | FILE_READ_ATTRIBUTES | FILE_WRITE_ATTRIBUTES

is specific to oplocks.

See also:

https://lists.samba.org/archive/cifs-protocol/2020-March/003409.html

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14357

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s4/torture: add a comprehensive "non-lease-break-trigger" access mask test case

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14357

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s4/torture: add a comprehensive "non-oplock-break-trigger" access mask test case

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14357

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s3: smbd: Add dirfsp parameter to check_access().

Not yet used.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Apr 30 09:11:56 UTC 2020 on sn-devel-184

s3: smbd: Reformat callers of check_access().

Makes it easier to see when we add the dirfsp
parameter.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: smbd: Make check_access() a simple wrapper around smbd_check_access_rights().

Now we call check_access_fsp() separately in the callers we don't need the fsp
parameter anymore.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: smbd: Reformat spacing for parameters of check_access().

Makes it easier to see the removal of the parameter next.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: smbd: Move the fsp check up one level from check_access().

This allows us to call check_access_fsp() directly when
we have an fsp, and to add in the dirfsp for relative
name access to check_access() in the next commit, making
it clear what it's for (and not confusing it with the
file fsp).

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: smbd: Cleanup - move the function get_nt_acl_no_snum() to it's user module.

Make static. It was only called from one place.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: smbd: Add a dirfsp parameter to directory_has_default_acl().

Not yet used, but will make it easier to move to SMB_VFS_GET_NT_ACL_AT()
later.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: smbd: Reformat uses of directory_has_default_acl().

Makes it easier to add a dirfsp parameter.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: smbd: Change is_visible_file() to take a directory handle not a name.

No change in functionality as the name is
easily retrieved from the directory handle
(it's always the name we opened the directory with)
and this will allow us to use the directory handle
fsp later.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: smbd: Reformat calls to is_visible_file() to one arg per line.

Will make it easier to see parameter change in a later commit.

No logic changes.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: VFS: snapper. Remove snapper_gmt_fget_nt_acl().

This fallback was only used for directories. Now we always
have a valid fd for directories it is no longer needed.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: VFS: ceph_snapshots. Remove duplicate definition of get_nt_acl_fn.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: VFS: ceph_snapshots. Remove ceph_snap_gmt_fget_nt_acl().

This fallback was only used for directories. Now we always
have a valid fd for directories it is no longer needed.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: VFS: shadow_copy2. SMB_VFS_FGET_NT_ACL() makes no sense in this module.

Once we have an open fsp we know we've gone through the pathname
translation.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: smbd: In posix_fget_nt_acl() remove the fall-back to path based operations.

Previously we'd do this for directory opens, but directory opens
now always have an open fd. stat opens don't have permissions
to read a security descriptor anyway.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3 rpc server: set on-wire handle type explicitly

Since wire_handle.handle_type is uint32_t, we can simply assign uint8_t
handle type to it without using SIVAL() macros. Further unify with s4
RPC server code flow.

Fixes CID 1462616
>>> CID 1462616:    (CONSTANT_EXPRESSION_RESULT)
>>> "(uint32_t)handle_type >> 16" is 0 regardless of the values of its operands. This occurs as a value.
284             SIVAL(&rpc_hnd->wire_handle.handle_type, 0 , handle_type);

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Thu Apr 30 07:09:55 UTC 2020 on sn-devel-184

smbd: remove unneeded parent_dir variable from mkdir_internal()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 29 18:16:02 UTC 2020 on sn-devel-184

smbd: convert inherit_from_dir arg of change_dir_owner_to_parent() to struct smb_filename

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: convert inherit_from_dir arg of change_file_owner_to_parent() to struct smb_filename

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: convert inherit_access_posix_acl() arg parent_dir to struct smb_filename

This also fixes a bug introduced by cea8e57eac2ed7b90a5c5d207bf392ff0546398e
where inherit_access_posix_acl() used the smb_fname->base_name instead of
inherit_from_dir in synthetic_smb_fname() to get an struct smb_filename of the
parent directory.

Nobody complained so far, fix it silently.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: convert parent_dir arg of open_file() to struct smb_filename

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: pass dirname as struct smb_filename to is_visible_file()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: realign is_visible_file() args one per line

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: copy twrp in cp_smb_filename()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: add previous version timestamp to struct smb_filename

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: pass struct smb_filename smb_fname_parent to unix_mode()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: pass struct smb_filename parent_dir to file_set_dosmode()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: align file_set_dosmode() args one per line

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: pass struct smb_filename to directory_has_default_acl()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: use parent_smb_fname() in check_reduced_name()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: use parent_smb_fname() in check_reduced_name_with_privilege()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: use parent_smb_fname() in smb_unix_mknod()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: use parent_smb_fname() in parent_dirname_compatible_open()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: use parent_smb_fname() in inherit_new_acl()

Note: has to rename the variable parent_smb_fname otherwise it conflicts with
the function name.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: use parent_smb_fname() in mkdir_internal()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: use parent_smb_fname() in open_file_ntcreate()

Prepares for converting a bunch of functions to struct smb_filename later.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: use parent_smb_fname() in non_widelink_open()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: use parent_smb_fname() in check_parent_access()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: use parent_smb_fname() in copy_internals()

Prepares for converting file_set_dosmode() to struct smb_filename.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: use parent_smb_fname() in unix_convert()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: use synthetic_smb_fname() in check_parent_exists()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: use parent_smb_fname() in can_delete_file_in_directory()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs_linux_xfs_sgid: use parent_smb_fname()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs_gpfs: use parent_smb_fname()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs_default: use parent_smb_fname()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs_ceph: use parent_smb_fname()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs_aio_pthread: use parent_smb_fname()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs_acl_common: use parent_smb_fname()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s3/lib: add parent_smb_fname()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

testprogs: Add client kerberos test

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Apr 29 11:53:41 UTC 2020 on sn-devel-184

s4:torture: Print account and authority name

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

docs-xml: Fix usernames in pam_winbind manpages

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14358

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Apr 29 09:44:55 UTC 2020 on sn-devel-184

samba-tool: fetch "no such subcommand" error and print error message

This patch especially improves the case where extra arguments are used.

Without this patch just the attributes are mentioned as invalid, if
samba-tool is called with an invalid/unknown subcommand.

Example without this patch:
  # samba-tool sites list --all
  Usage: samba-tool sites <subcommand>

  samba-tool sites: error: no such option: --all

This can be deceptive for users. Is looks like the "list" command
does not provide a "--all" option.

Example with this patch:
  # samba-tool sites list --all
  samba-tool sites: no such subcommand: list

  Usage: samba-tool sites <subcommand>
  (...)

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr 29 08:08:21 UTC 2020 on sn-devel-184

librpc: Provide clearer debug messages for malformed DCE/RPC bind

REF: https://lists.samba.org/archive/samba/2020-April/229334.html

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

s3: pass DCE RPC handle type to create_policy_hnd

Various RPC services expect policy handles of a specific type.

s3 RPC server did not allow to create policy handles with a specific
type while actually requiring that policy handle type itself in some
places.

Make sure we are able to specify the policy on-wire handle type when
creating the policy handle. The changes follow s4 DCE RPC server
implementation.

The original logic to always set on-wire handle type to 0 can be tracked
down to commit fdeea341ed1bae670382e45eb731db1b5838ad21 when we didn't
really know about differences in on-wire handle types.

All but LSA trusted domain RPC calls do not check the on-wire handle
type in s3 RPC server.

Fixes trusted domain operations when Samba RPC client attempts to call
s3 RPC server to perform lsa_lsaRSetForestTrustInformation in FreeIPA.
This fix is a pre-requisite for FreeIPA-FreeIPA forest trust.

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 28 22:55:29 UTC 2020 on sn-devel-184

s4:torture: Convert samba3.raw.mkdir test to smb2

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 888abcaf8ffbec45fc47520bd3f544e3aa6f58f2)

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 28 19:46:32 UTC 2020 on sn-devel-184

s4:torture: Convert samba4.base.tcon test to smb2

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit eb167bc43dbe196ef5b3bfd24160c72c74113dea)

Convert samba4.base.mangle test to smb2

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 9437b44668c9f7742d6d4fe0891ac4d9fda7c804)

Implement alt name query for smb2

Implements smb2_qpathinfo_alt_name() and
RAW_FILEINFO_SMB2_ALT_NAME_INFORMATION.

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 097df343ce21c8340aee7f42f233fe74b92b47e2)

Convert samba4.base.maximum_allowed to smb2

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit d9edfeea668362269d812f82b1957ed16ff56dd4)

Add SMB2 lsa helper routines

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 3763052c2a95ac9bd60f00458389a5245cf5d58d)

smbd: add missing done check from unix_convert_step_stat() refactoring

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

lib: Remove unused elements from ctdbd_connection

Nobody set them, only the destructor referenced them

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Apr 28 10:46:22 UTC 2020 on sn-devel-184

lib: Nobody sets ctdbd_connection->fde anymore, remove it

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

lib: Remove unused ctdbd_setup_fde() and callees

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

lib: Use ctdbd_req_send/recv in ctdb_parse_send/recv

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

torture3: Test ctdb_req_send/recv

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

lib: Add ctdbd_req_send/recv

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

lib: Add ctdbd_prep_hdr_next_reqid()

Preparation for generic ctdb_req_send/recv: No need to expose
ctdbd_next_reqid(), do basic preparations of a ctdb_req_header

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

lib: Add ctdbd_init_async_connection()

Prepare for ctdb_req_send/recv doing tevent_req based async ctdb
requests

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>