libcli:security: add code to interpret conditional ACES

This doesn't actually *do* anything yet, for two reasons:

 1. conditional ACEs are not checked in the
    libcli/security/access_check.c functions (or anywhere else), and
    will be treated just as they are now, as unknown types.

 2. this file isn't mentioned in the wscript, so aren't compiled.

 We'll get to point 2 first.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli:security: add functions to decode and decode RA ACEs

Resource Attribute ACEs have similar syntactical components to
conditional ACEs -- enough so that it is worth reusing the same
functions, but not quite enough so that it is exactly simple.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli/security: add conditional ACE SDDL functions

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli:security: helpers for converting claim types

There are three different forms for claims, and we need to convert
between them.

For now, we are only going to be converting between conditional ACE
type and the CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 type used by
resource ACEs and in the security token, and later we will add the PAC
claim types.

It doesn't help that these all have incompatible definitions, but we
do our best.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli:security: outline for sddl_conditional_ace.c

This is to show where we're going to end up.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli/security: add stub of conditional ACE code.

This is just the outline of what will come, but first we'll add
conditional ACE SDDL decoding in sddl_conditional_ace.c

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli/security: find SDDL coda for RA and conditional ACEs

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli/security: whitespace repair in sddl.c

tabs not spaces.

It appears that my emacs got its configuration mixed up and was using
spaces.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

ndr_sec_helper: ace length should be multiple of 4

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

ndr_sec_helper: ndr_size_security_ace: do less work

Almost always the ACE has an `ignored` DATA_BLOB as the coda, and the
length of the coda is the length field of the blob, which is usually
zero.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

librpc:security.idl: add conditional ace coda

Conditional ACEs go into a DATA_BLOB just like the default ignored
coda, but we add a union field with a different name to preserve
sanity.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli/sec: reformat long line in wscript_build

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

librpc:security.idl: ace->coda can be resource attribute

And now we see why security_ace_coda was a union.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli/security: callback object aces are object aces

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli/security: use tabs in sec_ace_object()

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli/security: helper to find ACEs with meaningful codas

Only Resource Attribute ACEs and Conditional ACEs are expected to have
trailing data. Others sometimes might, but we don't care what it is.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli/security: helper to find resource attribute ACEs

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli/security: helper to find callback/conditional aces

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

security.idl: use sec_ace_object() in object switch

At some point sec_ace_object() is going to gain awareness of
SEC_ACE_TYPE_ACCESS_ALLOWED_CALLBACK_OBJECT and the like.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

security.idl: extend security token with device SIDs

A device has SIDs too, and a modern security token needs to know
them in order to interpret conditional expressions like
"Device_member_of".

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

testparm: Allow idmap ranges overlap for idmap_nss

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Sep 26 19:28:08 UTC 2023 on atb-devel-224

libsmb: Pass neg contexts through sync smbXcli_negprot_recv()

Looks much larger than it is, there's a lot of callers too feed NULL to.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Sep 25 19:59:17 UTC 2023 on atb-devel-224

libsmb: Make libsmb/clispnego.c static to libads/

It's only called there. The "+" part of this patch might not conform
to README.Coding because it's a literal cut&paste.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libcli: Correct guard #define

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

clifuse: Start implementing forget()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

clifuse: Use an empty array for holding the inode path

Cleaner these days.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

examples: Slightly modernize printfs in teststat

long long works, but it's a bit too specific now that we have intmax_t

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: Remove two #defines just used once

To me these two did not create clarity.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Modernize a few DBG statements

Changes on level from 4 to 3 in store_file_unix_basic().

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

examples: Use explicit SMBCCTX

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

lib: Avoid a tdb handle leak

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

lib: Modernize tdb_fetch_lifetime()

Just came across this, avoid mallocs.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: Remove unused cli_is_dos_error()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: Remove unused cli_dos_error()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: Eliminate a reader of cli->raw_status

At some point we should get rid of cli->raw_status.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: Remove SMBC_errno()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: Remove a call to SMBC_errno()

This involves converting cli_printjob_del() to NTSTATUS and thus
touches a few callers.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: Remove a call to SMBC_errno()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: Remove a call to SMBC_errno()

All returns from cacl_get() now explicitly set the errno.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: Remove unused cli_is_nt_error()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbclient: Save lines with talloc_asprintf_addbuf()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: Extend cli_mknod to create NFS reparse points

Tested smbclient mkfifo manually against W2k22, the Windows NFS server
reports this as FIFO.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Sep 25 18:08:01 UTC 2023 on atb-devel-224

libsmb: Remove reparse_symlink.c

Makes reparse_buffer_marshall static to reparse.c

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: Use reparse_data_buffer_marshall() in py_reparse_put()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: Use reparse_data_buffer_marshall() in cli_symlink_send()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: Factor out cli_create_reparse_point() from cli_symlink()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: Use reparse_data_buffer_marshall() in py_reparse_symlink_put()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: Add reparse_data_buffer_marshall()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbclient: Add mkfifo command

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: Add sync cli_mknod() for smbclient3's use

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s3:tests: Check if test_smbclient_kerberos.sh was successful

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Mon Sep 25 00:14:47 UTC 2023 on atb-devel-224

s3:tests: Fix syntax error in test_smbclient_kerberos.sh

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:tests: Fix init of samba_kdestroy in test_smbclient_kerberos.sh

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:tests: test_smbspool.sh should be calling smbspool_argv_wrapper

There is no variable named 'smbspool_argv_wrapper', the correct name is
'samba_argv_wrapper'. The smbspool_argv_wrapper was not called from this
test till now.

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Sun Sep 24 22:33:07 UTC 2023 on atb-devel-224

s3:tests: Fix smbspool_argv_wrapper.c

smbspool_argv_wrapper must copy also the last argument

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

conf: Remove "smb3 unix extensions" parameter

Always offer it, it's a client thing to ask for it or not.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Sep 21 17:43:23 UTC 2023 on atb-devel-224

ctdb-daemon: Call setproctitle_init()

Commit 19c82c19c009eefe975ae95c8b709fc93f5f4c39 changed the behaviour
of prctl_set_comment() so it now calls setproctitle(3bsd) by default.

In some Linux distributions (e.g. Rocky Linux 8.8), this results in
messages like this spamming the logs:

  ctdbd: setproctitle not initialized, please either call setproctitle_init() or link against libbsd-ctor.

Most Samba daemons seem to call setproctitle_init(), so do it here.

In the longer term CTDB should also switch to using lib/util's
process_set_title(), like the rest of Samba, for more flexible process
names.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15479

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Sep 21 00:46:50 UTC 2023 on atb-devel-224

smbd: Fix BZ15481

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15481

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 20 22:42:48 UTC 2023 on atb-devel-224

tests: Add reproducer for BZ15481

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15481

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s3: smbd: Ensure we remove any pending aio values for named pipes on forced shutdown.

Matches file and directory closes.

Remove knownfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15423

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Sep 20 02:43:18 UTC 2023 on atb-devel-224

s3: torture: Add a new SMB2 test: SMB2-PIPE-READ-ASYNC-DISCONNECT

Shows the server crashes if we open a named pipe, do an async read
and then disconnect.

Adds knownfail:

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15423

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: smbd: named pipe writes are async. Use the same logic as for named pipe transacts to avoid crashes on shutdown.

Noticed by Metze.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15423

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: smbd: named pipe reads are async. Use the same logic as for named pipe transacts to avoid crashes on shutdown.

Noticed by Metze.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15423

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: smbd: Add some DEVELOPER-only code to panic if the destructor for an aio_lnk is called and the associated fsp doesn't exist.

Make this DEVELOPER-only as it walks the entire open
file list on every file close (with associated aio).

This helps catch really subtle problems with orphaned
aio lnk structs.

Reproducer test case to follow.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15423

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: smbd: Now we have proved hardlink_internals() doesn't use src_dirfsp and dst_dirfsp, remove the parameters.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Sep 19 19:51:47 UTC 2023 on atb-devel-224

s3: smbd: hardlink_internals() never looks at src_dirfsp or dst_dirfsp.

Show this by sending NULL in all cases.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: smbd: Now we have shown dst_dirfsp is always NULL, remove the parameter from rename_internals().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: smbd: As rename_internals() calls rename_internals_fsp(), show we can pass dst_dirfsp as NULL here too.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: smbd: Now we've proved dst_dirfsp parameter is always NULL, remove the parameter from rename_internals_fsp().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: smbd: rename_internals_fsp() has to reopen the parent directory of the target as a pathref to check permissions.

So it never looks at any passed in dst_dirfsp.

Prove this by passing NULL.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

selftest: add some basic testing for the io_uring vfs module

We're now able to build it on all linux systems and
the ci runners have at least a 5.4 kernel. That's
all the current vfs_io_uring requires.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sun Sep 17 18:04:18 UTC 2023 on atb-devel-224

s3:param: Remove unused lp_set_cmdline()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Kalugin <pkalugin@inno.tech>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Sep 14 22:30:06 UTC 2023 on atb-devel-224

s3:client: Use lpcfg_set_cmdline()

This lp_set_cmdline() leaks memory and we want to get rid of it.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Kalugin <pkalugin@inno.tech>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:libsmb: Use lpcfg_set_cmdline()

Signed-off-by: Pavel Kalugin <pkalugin@inno.tech>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:netapi: Fix a leak in libnetapi_net_init()

Allow libnetapi_net_init() to be called more than once without
leaking libnetapi_ctx allocated on a previous call, which is
currently the case in the `net rpc` code.

Signed-off-by: Pavel Kalugin <pkalugin@inno.tech>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libnetapi: Use lpcfg_set_cmdline()

Replace lp_set_cmdline() with lpcfg_set_cmdline() in netapi.c.
For this purpose:
1. Add loadparm_context to the libnetapi_ctx because we need it
   in libnetapi_set_debuglevel() and libnetapi_set_logfile().
2. Move loadparm_context creation from libnetapi_net_init()
   to libnetapi_init() and add the lp_ctx parameter to the former.

Signed-off-by: Pavel Kalugin <pkalugin@inno.tech>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:utils: Use lpcfg_set_cmdline() in smbpasswd

Signed-off-by: Pavel Kalugin <pkalugin@inno.tech>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:torture: Use lpcfg_set_cmdline()

Signed-off-by: Pavel Kalugin <pkalugin@inno.tech>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:notifyd: Use lpcfg_set_cmdline()

Signed-off-by: Pavel Kalugin <pkalugin@inno.tech>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

build: Reduce heimdal_no_error_flags to a more minimal set

Heimdal does not seem to give as many errors as in the past, so we
can reduce the set of errors we ignore warnings for.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

build: Remove -Wno-error=missing-field-initializers from Heimdal build

This allows this warning (error) to be used in Samba for cases where a
non-designated initialiser is under-specified.  We can do this now as
the GCC versions we build on do not regard foo = {} as an error.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s4:dsdb: Fix comment

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:winbindd: Add zero digit to literal

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

dsgetdcname: Remove excess zero digits from literals

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

fsrvp.idl: Remove excess zero digit from literal

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Rename ‘client_claims’ to ‘claims_metadata’

This variable is used not only for client claims, but for device claims
as well.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:net: Check return value of data_blob_talloc()

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:kdc: Don’t prepend useless colon to MIT KDC logging messages

If we pass an empty string as the ‘whoami’ parameter, MIT’s logging
facilities will prepend a mysterious colon to the message. Printing
“mitkdc: ” ought at least to be more sensible, and perhaps more closely
to match our behaviour prior to commit
dd8138236bec3635c25e5b482b7a14faa0a9c36b.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:wrepl_server: Correctly read ‘type’ element

winsdb_message() stores this element as hexadecimal, which format
ldb_msg_find_attr_as_uint() cannot cope with. Permit this element to be
in either decimal or hexadecimal format.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

ldb: Prefer explicit initialization to ZERO_STRUCT()

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:kdc: Remove ks_is_tgs_principal()

This function is a near‐duplicate of smb_krb5_principal_is_tgs().

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

testprogs: Fix script usage lines

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:setup: Fix script usage line

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:selftest: Fix script usage lines

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:script: Fix script usage lines

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

nsswitch: Fix script usage

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

lib:krb5_wrap: Remove Heimdal‐only krb5_princ_component() implementation

This implementation is no longer called: using a variable of static
storage duration as a conduit for return values is only asking for
trouble.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:rpc_server: Switch to using smb_krb5_princ_component()

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:kdc: Switch to using smb_krb5_princ_component()

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dsdb: Switch to using smb_krb5_princ_component()

This function has the handy feature of being able to be called twice in
succession without mysteriously breaking your code. Now, doesn’t that
sound useful?

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>