gpo: Apply Group Policy Host Access configuration from VGP

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>

gpo: Test Group Policy Host Access Configuration for VGP

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: free open_rec state in remove_deferred_open_message_smb2_internal()

The lifetime of open_rec (struct deferred_open_record) ojects is the time
processing the SMB open request every time the request is scheduled, ie once we
reschedule we must wipe the slate clean. In case the request gets deferred
again, a new open_rec will be created by the schedule functions.

This ensures any timer-event tied to the open_rec gets cancelled and doesn't
fire unexpectedly.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14672
CI: https://gitlab.com/samba-team/samba/-/merge_requests/1843
RN: smbd panic when two clients open same file

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 18 18:04:09 UTC 2021 on sn-devel-184

smbd: cancel pending poll open timer in poll_open_done()

The retry of the open is scheduled below, avoid rescheduling it a second time in
the open retry timeout function.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14672
CI: https://gitlab.com/samba-team/samba/-/merge_requests/1843

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: reset dangling watch_req pointer in poll_open_done

We just freed subreq and a pointer to subreq is stored in open_rec->watch_req,
so we must invalidate the pointer.

Otherwise if the poll open timer fires it will do a

  TALLOC_FREE(open_rec->watch_req);

on the dangling pointer which may crash or do something worse like freeing some
other random talloc memory.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14672
CI: https://gitlab.com/samba-team/samba/-/merge_requests/1843

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s3: tests: Change logfile for printing expansion tests.

logfile=/tmp/$USER_printing_var_exp.log -> logfile="${SELFTEST_TMPDIR}/${USER}_printing_var_exp.log"

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Mar 18 02:57:08 UTC 2021 on sn-devel-184

third_party: Update socket_wrapper to version 1.3.3

This fixes a deadlock abort() when SOCKET_WRAPPER_KEEP_PCAP=1
is used.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14640

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Mar 17 23:53:04 UTC 2021 on sn-devel-184

py.join: remove unused untested get_naming_master

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Mar 17 18:23:04 UTC 2021 on sn-devel-184

samba-tool: domain tombstones expunge reminds on semi-noop

Sometimes people assume `samba-tool domain tombstones expunge` will
expunge tombstones, but in the general case it won't because it only
affects those that have reached the tombstone lifetime, but these are
likely to have already been deleted by the regularly scheduled task.
You need to set the tombstone lifetime to have much effect.

This patch doesn't change the behaviour, but it does warn the user
that they are probably doing nothing of significance.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>

pytests: dns_base: remove a py2 compat thing

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>

kcc: use py3 compatible sort in rarely visited branch

This won't have worked for some time, but nobody has complained,
because nobody uses DS_NTDSSETTINGS_OPT_IS_RAND_BH_SELECTION_DISABLED

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>

py3compat: remove obsolete comments

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>

py bindings: write 'bytes', not 'PY_DESC_PY3_BYTES'

Because it is shorter, clearer, and reduces py3compat.h

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>

py/provision: provision_become_dc(): remove unused arguments

The only caller is source4/param/provision.c, which doesn't supply these arguments,
and they aren't used inside the function.

This makes it just slightly less overwhelming

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>

py/provision: remove unused variable, thence import

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>

selftest/flapping: remove python[23] lines

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Mar 17 07:03:27 UTC 2021 on sn-devel-184

knownfail: remove python[23] lines

We no longer run any *python2* or *python3* specific tests, so
these knownfail lines are just clutter.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>

ldb: improve comments for ldb_module_connect_backend()

There is no flags argument.
There are more URI forms.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>

ldb/test/ldb_tdb: correct introductory comments

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>

pdb_samba_dsdb: remove #if 0 block

Doing nothng since 2011

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>

ldb.h: remove undefined async_ctx function signatures

These functions do not exist.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>

smb2_sesssetup: validate that sign_algo and encryption_cipher match on a session bind

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Mar 17 01:56:37 UTC 2021 on sn-devel-184

smb2_sesssetup: a session bind with a different user results in ACCESS_DENIED

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smb2_sesssetup: a bind dialect mismatch should always result in INVALID_PARAMETER

The ACCESS_DENIED errors happened as we didn't expected to signing
algo is attached to the session key. So our client calculated the
wrong signature.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smb2_sesssetup: only set NT_STATUS_MORE_PROCESSING_REQUIRED if a reauth can start

When the session is not valid on the current connection it should not be
possible to start a reauth.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smb2_sesssetup: don't shutdown a session on failure when it's not valid yet on the connection

If someone tries to operate on a session that is not yet valid on the
current connection and the current session setup fails, then we should
not shutdown the session.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smb2_server: fallback global session lookup if the session belongs to a different client

The key is that we need to have the signing key in order to pass the
signing checks and give the correct session bind error status.

This should fix the MultipleChannel_Negative_SMB2002 testcase
of the Windows Protocol Test Suite (FileServer).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reported-by: Jones Syue <jonessyue@qnap.com>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbXsrv_session: split out smbXsrv_session_remove_channel()

It will be needed in other places and makes the logic in
smbXsrv_session_disconnect_xconn_callback() much simpler.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14532
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s3:selftest: pass alice credentials to the smb2.session tests for ad_dc

This allows us to test session binds with different users.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s4:torture/smb2: add smb2.session.bind_{invalid_auth,different_user}

These demonstrate that a failing bind does not destroy
the existing session and binding with a different user results
in ACCESS_DENIED.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s4:torture: add a torture_user2_credentials() helper to pass additional credentials

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s4:torture/smb2: add smb2.session.bind_negative_{smb202,smb210,smb2to3,smb3to2,smb3to3}

'smb2.session.bind_negative_smb202' is similar to the MultipleChannel_Negative_SMB2002 test
from the Windows Protocol Test Suite.

It demonstrates that the server needs to do lookup
in the global session table in order to get the signing
and error code of invalid session setups correct.

In order to work out the details I've added more similar tests.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s4:torture/smb2: improve smb2.notify.invalid-reauth

This demonstrates that the session is gone after a failed reauth.
This is different compared to a failing session bind.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libcli/smb: make use of smb3_capabilities.encryption

This avoids a hardcoded list of possible ciphers.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s4:param: let lpcfg_smbcli_options() fill smb3_capabilities.ciphers

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s3:libsmb: fill in smb3_capabilities.ciphers

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libcli/smb: introduce struct smb3_encryption_capabilities

This will allow us to control the offered ciphers from the callers
later.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libcli/smb: pass smb3_capabilities to smbXcli_conn_create()

Passing NULL means use none.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s4:libcli/raw: add smb3_capabilities to struct smbcli_options

Currently this will be zeroed in lpcfg_smbcli_options(),
but will later allow advanced callers to pass values to
smbXcli_conn_create().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libcli/smb: introduce struct struct smb311_capabilities

This will be filled later with supported ciphers and other
things that can be negotiated in SMB >= 3.1.1.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libcli/smb: don't copy the key to a stack variable in smb2_signing_{encrypt,decrypt}_pdu()

The key size should always match now.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libcli/smb: no longer pass protocol to smb2_signing_{encrypt,decrypt}_pdu()

The cipher algorithm is already passed via
smb2_signing_key->chipher_algo_id.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libcli/smb: no longer pass protocol to smb2_signing_{sign,check}_pdu()

The signing algorithm is already passed via
smb2_signing_key->sign_algo_id.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libcli/smb: make smb2_signing_key_destructor static

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smb2_server: use struct smb2_signing_key for first_enc_key and last_sign_key

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: make use of smb2_signing_key_{copy,sign_create,cipher_create}() helpers

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libcli/smb: make use of smb2_signing_key_{copy,sign_create,cipher_create}() in smbXcli_base.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libcli/smb: add smb2_signing_key_{copy,sign_create,cipher_create}() helpers

These will simplify the callers a lot.
In important part is to also remember the sign and cipher algo ids.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smb2_negotiate: maintain xconn->smb2.server.sign_algo

This prepares the negotiation of signing algorithms in future.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libcli/smb: maintain smbXcli_conn.smb2.server.sign_algo

This prepares the negotiation of signing algorithms in future.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbXsrv_session: let smbXsrv_session_global_verify_record() use talloc_keep_secret() for keys

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smb2_sesssetup: use smb2_signing_derivations_fill_const_stack()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libcli/smb: make use of smb2_signing_derivations_fill_const_stack() smb2cli_session_set_session_key()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libcli/smb: add smb2_signing_derivations_fill_const_stack()

This will allow us to have the logic in one place only
in future.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libcli/smb: make use of smb2_signing_calc_signature() in smb2_signing_sign_pdu()

We only need to logic to calculate the signature once...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libcli/smb: assert that smb2_signing_{sign,check}_pdu() gets 2-4 iovec elements

We expect the following:

* SMB2 HDR
* SMB2 BODY FIXED
* (optional) SMB2 BODY DYN
* (optional) PADDING

Everything else is a bug.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libcli/smb: split out smb2_signing_calc_signature() from smb2_signing_check_pdu()

We only need one function to calculate the signature of an SMB2 packet.
And that only need the logic based on a gnutls_mac_algorithm_t once.

The next step will convert smb2_signing_sign_pdu() to also use
smb2_signing_calc_signature(). Doing that in a separate commit
should make sure we don't introduce a symetric bug.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libcli/smb: pass the length of the resulting key to smb2_key_derivation()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libcli/smb: prepare smb2_key_derivation() for keys larger than 16-bytes

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14512

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

selftest: fix cleanup of test_printing_var_exp.sh

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14668

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 16 22:08:10 UTC 2021 on sn-devel-184

Bug 9931: change pytalloc source to LGPL

pytalloc is currently GPL, while the rest of talloc is LGPL.

This situation arose because pytalloc was originally developed under
source4/scripting/python/, and moved into talloc proper with commit
0f043c197c473c801fc32c727194b5a2d6ae232f ("Move pytalloc to talloc
directory.", October 2008).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9931

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jelmer Vernooij <jelmer@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 16 18:17:43 UTC 2021 on sn-devel-184

fuzz:afl main: run the initialisation function

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>

fuzz: add a LLVMFuzzerInitialize() to all fuzzers

To compile the AFL binaries, we need every fuzzer to have a consistent
set of functions. Some fuzzers require the initialize function, so all
the rest must have an empty one.

AFL binaires are handy for testing the fuzz results in a less magical
environment than libfuzzer/honggfuzz give you.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>

fuzz:afl main: add a diagnostic message

LLVMFuzzerTestOneInput() NEVER returns non-zero, but if it does, we might as well
know what made it do so

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>

fuzz/afl main: don't treat fuzzer as fuzzee

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>

autobuild: fuzz: correctly spell AFL build option

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>

rpc_server: Fix a -Werror=format-truncation error

gcc gets this wrong, it believes %u can write up to
"2147483647" (2^31-1). Silence this with an easy patch.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

rpcclient: Fix a DBG msg: This is not dcerpc_winreg_int_openkey()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

winbindd: Improve a DEBUG message in sam_name_to_sid()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

rpcclient: Factor out cmd_set_auth()

sign, seal and packet did exactly the same wrt authentication

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

rpcclient: Convert binding-related commands to RPC_RTYPE_BINDING

Purely cosmetic at this point, will become useful soon

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

rpcclient: Add RPC_RTYPE_BINDING

Purely transport-related commands don't need the cli_state.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

rpcclient: Simplify do_cmd

Reduce indentation by an early "continue;", simplify if-expression

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

rpcclient: Avoid a few implicit NULL assignments

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

rpc_server: Initialize variables in get_md4pw()

My gcc complained at one point about uninitialized vars

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

rpc_server: Save roundtrips into samr for machine pwd changes

We already have the machine SID, no need to look it up again.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

auth3: Make it a bit easier to #include "source3/include/auth.h"

Avoid using "uchar" in source3/auth/proto.h, this is #defined in includes.h

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

auth3: Align integer types

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

lib: Remove init_names()

is_myname() looks at lp_* directly, nmbd maintains its own list: We don't
need the baroque loadparm handler anymore.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

nmbd: Move my_netbios_names() to nmbd

nmbd is the heaviest user of this. The only other user was
is_myname(), which is used in quite a few places in source3.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

lib: Unfold calls to my_netbios_names() in util_names.c

This will all go away in a few patches, this is an intermediate step.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

lib: Decouple is_myname() from init_names()

In a new binary I forgot "init_names()" in main and it crashed in
auth3. We should not have to call init_names() everywhere I guess.

The my_netbios_names() array is free of duplicates, but as we don't
expect more than a handful of netbios aliases this does not matter for
just checking existence of a name. And moreover, a properly configured
smb.conf doesn't have tons of dups in "netbios aliases" anyway.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

lib: Make pidfile_path_create() return the existing PID on conflict

Use F_GETLK to get the lock holder PID, this is more accurate than
reading the file contents: A conflicting process might not have
written its PID yet. Also, F_GETLK easily allows to do a retry if the
lock holder just died.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

librpc: Make "dcesrv_context->callbacks" a pointer

This structure just grew from 3 to 6 pointers, avoid making a copy of
this. All callers of dcesrv_init_context() have this as a static
struct in the C object, so a pointer to that won't change.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

torture: Make srv_cb static

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

rpc_server4: Make "srv_callbacks" static

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

librpc: Add "private_data" to struct dcesrv_context_callbacks

Not used right now, but we should never have callbacks without a
"private_data" pointer. Some of the callbacks could even today benefit
from this.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

printing: Move rap2jobid functions to their own file

This will make it easier to split out the spoolss functions later

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

printing: Introduce printer_list_printername_exists()

Replace pcap_printername_ok(). Slightly different semantics: If the
printer list db has a corrupted record, this is not detected.

Why this patch? pcap_printername_ok() is a simple wrapper around the
tdb accessing function, and this reduces a dependency on pcap.c

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

printing: Remove simple wrapper function pcap_printer_read_fn()

There's only one caller that was trivial to convert

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

lib: Use FIONREAD in wait_for_read_send/recv

ENOTSOCK looks ugly in straces...

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

tests: Fix a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

printing: Fix a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

winbind: Simplify winbindd_samr.c

talloc_stackframe() panics on failure

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s3: VFS: Remove vfs_tru64acl.[c|h]

Support was discontinued for the entire Tru64 OS on 31 December 2012.

Signed-off-by: Jeremy Allison <jra@samba.org>

VFS: glusterfs: Ensure vfs_gluster_fsetxattr() only uses an io fd for a handle based call.

Otherwise fall back to pathname based. This is the same as the
fallback used in vfs_default.c

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 12 20:38:03 UTC 2021 on sn-devel-184

VFS: glusterfs: Ensure vfs_gluster_flistxattr() only uses an io fd for a handle based call.

Otherwise fall back to pathname based. This is the same as the
fallback used in vfs_default.c

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

VFS: ceph: Ensure cephwrap_fsetxattr() only uses an io fd for a handle based call.

Otherwise fall back to pathname based. This is the same as the
fallback used in vfs_default.c

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

VFS: ceph: Ensure cephwrap_flistxattr() only uses an io fd for a handle based call.

Otherwise fall back to pathname based. This is the same as the
fallback used in vfs_default.c

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

smbd: call set_current_user_info() in smbd_become_authenticated_pipe_user()

The current_user_info is updated at the SMB level, but currently not at the RPC
level in the RPC impersonation function smbd_become_authenticated_pipe_user().

For RPC services running embedded this is not an issue as the SMB level
impersonation has already taken care of current_user_info, but for RPC services
running as external daemons, eg spoolssd, the omission of updating
current_user_info results in variable expansion of eg %U (username) to be
broken.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14668
MR: https://gitlab.com/samba-team/samba/-/merge_requests/1834
RN: %U variable expansion not working in spoolsd

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Mar 12 00:54:01 UTC 2021 on sn-devel-184