examples/winexe: fix fetching return code of the remote command

ctrl_inbuf field is used to parse remote-side information. A typo was
there that tried to parse return code as "version 0x%x" whereas the
correct way to do it (tested on Windows 10) is to scan for "return_code
%x".

Signed-off-by: Yury Lunev <yury.lunev@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jul 28 18:01:16 UTC 2022 on sn-devel-184

s3: smbd: Convert reply_checkpath() to use filename_convert_dirfsp().

One less use of filename_convert().

This is the acid test of filename_convert_dirfsp() pathname error
handling.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Jul 28 16:34:54 UTC 2022 on sn-devel-184

s3: smbd: Convert call_trans2mkdir() to use filename_convert_dirfsp().

One less use of filename_convert().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

s3: smbd: Convert call_trans2open() to use filename_convert_dirfsp().

One less use of filename_convert().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

s3: smbd: Convert reply_rmdir() to use filename_convert_dirfsp().

One less use of filename_convert().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

s3: smbd: Convert reply_ctemp() to use filename_convert_dirfsp().

One less use of filename_convert().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

s3: smbd: Convert reply_mknew() to use filename_convert_dirfsp().

One less use of filename_convert().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

s3: smbd: Convert reply_open_and_X() to use filename_convert_dirfsp().

One less use of filename_convert().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

s3: smbd: Convert reply_open() to use filename_convert_dirfsp().

One less use of filename_convert().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

s3: smbd: Fix the error processing in filename_convert_dirfsp_nosymlink() to match unix_convert() 100%

We need this in order to pass:

samba3.raw.samba3badpath
raw.chkpath
samba3.base.chkpath

Now we can convert all the SMB1 reply_openXXX functions,
and reply_checkpath().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

s3: smbd: In filename_split_lcomp() ensure we never return a streamname if posix is set.

POSIX has no streams, even on the root of a directory.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

s3: smbd: Ensure we set fsp->file_id in openat_pathref_dirfsp_nosymlink().

This is a subtle one. The dirfsp returned by openat_pathref_dirfsp_nosymlink()
can be used inside open.c and passed to check_parent_access_fsp() to
check if a delete_on_close flag has been set on an existing "real"
open fsp. So the file_id must be correctly set in order for this
to work. Without it, samba3.base.delete fails in deltest20 when
we convert reply_open_and_X() to use filename_convert_dirfsp().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

s3:winbind: Implement dcerpc_samr_chgpasswd_user4 for PamAuthChangePassword

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jul 28 12:47:31 UTC 2022 on sn-devel-184

s3:libsmb: Add dcerpc_samr_chgpasswd_user4 to remote_password_change()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:test: Print the output to understand what was going wrong

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s4:libnet: Add support for samr_ChangePasswordUser4()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s4:libnet: Move code using RC4 into its own function

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s4:libnet: Remove unused code in libnet_ChangePassword_samr()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s4:torture: Add test for dcerpc_samr_ChangePasswordUser4

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Implement dcesrv_samr_ChangePasswordUser4()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:passdb: Correctly burn the plaintext_pw with samu_destroy()

memset() can be removed from the optimizer.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:passdb: Remove trailing whitespaces

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s4:rpc_server: Implement dcesrv_samr_ChangePasswordUser4()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s4:dsdb: Burn the memory of hashes returned by samdb_result_hashes()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s4:dsdb: Remove trailing whitespaces from util.c

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpcclient: Implement cmd chpasswd4

Manually tested against Windows Server 2022.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

docs-xml: Remove trailing whitespaces in rpcclient.1.xml

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_client: Implement dcerpc_samr_chgpasswd_user4()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_client: Fix trailing whitespaces in cli_samr.c

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

lib:util: Add generate_random_u64_range()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

lib:util: Remove trailing whitespaces in samba_util.h

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

lib:crypto: Add test for pbkdf2

This is just that we use the right parameters for gnutls_pbkdf2() and
reach the values from Windows.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

waf: Check for gnutls_pbkdf2()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s4:torture: Implement test for SAMR SetUserInfo(2) level 32

make test TESTS="samba4.rpc.samr.passwords"

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Implement SAMR SetUserInfo(2) level 32

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s4:rpc_server: Implement support for SetUserInfo(2) level 32

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s4:torture: Implement test for SAMR SetUserInfo(2) level 31

We can't apply this patch earlier as there are no individual tests we could
mark as knownfail. Reorganizing the whole test is a too big task for now.
However this test is working and also found some bugs.

make test TESTS="samba4.rpc.samr.passwords"

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Implement support for SAMR SetUserInfo level 31

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Remove obosolete copy_id26_to_sam_passwd()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Use copy_pwd_expired_to_sam_passwd() in set_user_info_26()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Add copy_pwd_expired_to_sam_passwd() for SAMR

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Set missing debug class for srv_samr_chgpasswd

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

libcli:auth: Add test for decode_pwd_string_from_buffer514()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

libcli:auth: Add decode_pwd_string_from_buffer514()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s4:rpc_server: Implement support for SAMR SetUserInfo(2) level 31

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s4:rpc_server: Add samr_set_password_aes()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s4:rpc_server: Add transaction for dcesrv_samr_SetUserInfo()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s4:rpc_server: Use sam_ctx consistently in dcesrv_samr_SetUserInfo()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Use a done goto label for dcesrv_samr_SetUserInfo()

This will be used in the following commits.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

libcli:auth: Add test for extract_pwd_blob_from_buffer514()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

libcli:auth: Add extract_pwd_blob_from_buffer514()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

libcli:auth: Implment a common create_pw_buffer_from_blob()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

libcli:auth: Use extract_pw_from_buffer() in decode_pw_buffer()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

libcli:auth: Keep data of extract_pw_from_buffer() secret

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpcclient: Implement setuserinfo2 level 31

Manually tested against Windows Server 2022.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpcclient: Encrypt the password buffers only if really needed

If we are in FIPS mode certain ciphers like RC4 are not available, so
we should make sure we do not call them. We will add AES support in the
next patch.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_client: Implement init_samr_CryptPasswordAES()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

samr.idl: Add samr_ChangePasswordUser4()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

samr:idl: add samr_SupportedFeatures for samr_Connect5()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

samr.idl: Add support for new AES encrypted password buffer

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

libcli:auth: Add test for encode_pwd_buffer514_from_str()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

libcli:auth: Add encode_pw_buffer_from_str()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

libcli:auth: Implement a generic encode_pwd_buffer_from_str()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

libcli:auth: Remove trailing spaces from proto.h

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

lib:crypto: Add test for samba_gnutls_aead_aes_256_cbc_hmac_sha512_decrypt()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

lib:crypto: Add samba_gnutls_aead_aes_256_cbc_hmac_sha512_decrypt()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

lib:crypto: Add test for samba_gnutls_aead_aes_256_cbc_hmac_sha512_encrypt()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

librpc:rpc: Add SAMR encryption and mac key salt definitions

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

lib:crypto: Implement samba_gnutls_aead_aes_256_cbc_hmac_sha512_encrypt()

This is for [MS-SAMR] 3.2.2.4 AES Cipher Usage

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

lib:replace: Add macros to burn data from memory

This will explicitly zero data from memory. This is guaranteed to be not
optimized away.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

lib:crypto: Merge wscript_build into wscript

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

lib:crypto: Merge wscript_configure into wscript

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

lib:crypto: Reformat wscript

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

ctdb-tests: Add tests for cluster mutex I/O timeout

Block the locker helper child by taking a lock on the 2nd byte of the
lock file.  This will cause a ping timeout if the process is blocked
for long enough.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Jul 28 11:10:54 UTC 2022 on sn-devel-184

ctdb-tests: Terminate event loop if lock is no longer held

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-mutex: Test the lock by locking a 2nd byte range

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-mutex: open() and fstat() when testing lock file

This makes a file descriptor available for other I/O.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-mutex: Factor out function fcntl_lock_fd()

Allows blocking mode and start offset to be specified.  Always locks a
1-byte range.

Make the lock structure static to avoid initialising the whole
structure each time.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-mutex: Handle pings from lock checking child to parent

The ping timeout is specified by passing an extra argument to the
mutex helper, representing the ping timeout in seconds.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-mutex: Do inode checks in a child process

In future this will allow extra I/O tests and a timeout in the parent
to (hopefully) release the lock if the child gets wedged.  For
simplicity, use tmon only to detect when either parent or child goes
away.  Plumbing a timeout for pings from child to parent will be done
later.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-mutex: Rename wait_for_lost to lock_io_check

This will be generalised to do more I/O-based checks.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-mutex: Rename recheck_time to recheck_interval

There will be more timeouts so clarify the intent of this one.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-mutex: Consistently use progname in error messages

To avoid error messages having ridiculously long paths, set progname
to basename(argv[0]).

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-tests: Add tests for trivial FD monitoring

tmon_ping_test covers complex 2-way interaction between processes
using tmon_ping_send(), including via a socketpair().  tmon_test
covers the more general functionality of tmon_send() but uses a
simpler 1-way harness with wide coverage.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-common: Add trivial FD monitoring abstraction

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-build: Link in backtrace support for ctdb_util_tests

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-build: Separate test backtrace support into separate subsystem

A convention when testing members of ctdb-util is to include the .c
file so that static functions can potentially be tested.  This means
that such tests can't be linked against ctdb-util or duplicate symbols
will be encountered.

ctdb-tests-common depends on ctdb-client, which depends in turn on
ctdb-util, so this can't be used to pull in backtrace support.
Instead, make ctdb-tests-backtrace its own subsystem.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-build: Sort sources in ctdb-util and ctdb_unit_tests

Also, rename ctdb_unit_tests to ctdb_util_tests.  The sorting makes
it clear that only items from ctdb-util are tested here.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-daemon: Fix printing of tickle ACKs

Commit f5a20377347aba18700d010d4201775fc83a0b1b arguably got this
back-to-front:

  2022-07-27T09:50:01.985857+10:00 testn1 ctdbd[17820]: ../../ctdb/server/ctdb_takeover.c:514 sending TAKE_IP for '10.0.1.173'
  2022-07-27T09:50:01.990601+10:00 testn1 ctdbd[17820]: Send TCP tickle ACK: 10.0.1.77:33004 -> 10.0.1.173:2049
  2022-07-27T09:50:01.991323+10:00 testn1 ctdb-takeover[19758]: TAKEOVER_IP 10.0.1.173 succeeded on node 0

Unfortunately there is an inconsistency somewhere in the connection
tracking code used for tickle ACKs, making this less than obvious.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Thu Jul 28 09:02:08 UTC 2022 on sn-devel-184

py/uptodateness: more details in missing dn report

This does not fix bug 15127, but it improves reporting.

https://bugzilla.samba.org/show_bug.cgi?id=15127

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jul 28 06:18:43 UTC 2022 on sn-devel-184

util/genrand: don't ignore errors in random number generation

In this case it is probably better to crash out.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15103

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3: smbd: Convert call_nt_transact_create() to use filename_convert_dirfsp().

One less use of filename_convert().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jul 27 17:49:51 UTC 2022 on sn-devel-184

s3: smbd: Inside filename_convert_dirfsp_nosymlink() ensure the returned smb_fname is always allocated off mem_ctx.

Without this, if we just return smb_fname_rel->fsp->fsp_name as the smb_fname
then we return something allocated off fsp (which itself is allocated off
the conn struct), not the passed in talloc_ctx.

Do this for both non-stream and stream returns.

This matters for two reasons.

1). If we error out after calling filename_convert_dirfsp()
but before getting to the code inside create_file_unixpath()
that takes ownership of the passed in smb_fname->fsp we will
leak the fsp as the destructor for smb_fname that closes the
fsp will never fire on return to the client, as smb_fname is
owned by smb_fname->fsp, not the talloc_tos() context.

2). Some uses of filename_convert() expect to be able
to TALLOC_FREE the returned smb_fname once they've successfully
called SMB_VFS_CREATE_FILE() as they consider the passed in smb_fname
no longer used. It would be nice to be able to just change
filename_convert() -> filename_convert_dirfsp() without
having to change the lifetime handling of smb_fname.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

s3: smbd: In openat_pathref_dirfsp_nosymlink() ensure we call fsp_smb_fname_link() to set smb_fname->fsp in the returned smb_fname.

Instead of just assigning smb_fname->fsp = fsp.

This makes the logic match that of openat_pathref_fullname() and parent_pathref()
when returning smb_fnames with associated pathref fsp's.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

CVE-2022-32742: s3: smbd: Harden the smbreq_bufrem() macro.

Fixes the raw.write.bad-write test.

NB. We need the two (==0) changes in source3/smbd/smb2_reply.c
as the gcc optimizer now knows that the return from
smbreq_bufrem() can never be less than zero.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15085

Remove knownfail.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): Jule Anger <janger@samba.org>
Autobuild-Date(master): Wed Jul 27 11:46:46 UTC 2022 on sn-devel-184

CVE-2022-32742: s4: torture: Add raw.write.bad-write test.

Reproduces the test code in:

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15085

Add knownfail.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

CVE-2022-2031 testprogs: Add test for short-lived ticket across an incoming trust

We ensure that the KDC does not reject a TGS-REQ with our short-lived
TGT over an incoming trust.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>

CVE-2022-2031 s4:kpasswd: Do not accept TGTs as kpasswd tickets

If TGTs can be used as kpasswd tickets, the two-minute lifetime of a
authentic kpasswd ticket may be bypassed. Furthermore, kpasswd tickets
are not supposed to be cached, but using this flaw, a stolen credentials
cache containing a TGT may be used to change that account's password,
and thus is made more valuable to an attacker.

Since all TGTs should be issued with a REQUESTER_SID PAC buffer, and
service tickets without it, we assert the absence of this buffer to
ensure we're not accepting a TGT.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>

CVE-2022-2031 s4:auth: Use PAC to determine whether ticket is a TGT

We use the presence or absence of a REQUESTER_SID PAC buffer to
determine whether the ticket is a TGT. We will later use this to reject
TGTs where a service ticket is expected.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>

CVE-2022-2031 auth: Add ticket type field to auth_user_info_dc and auth_session_info

This field may be used to convey whether we were provided with a TGT or
a non-TGT. We ensure both structures are zeroed out to avoid incorrect
results being produced by an uninitialised field.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15047
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15049

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>