s3: fix fcntl waf configure check

RN: Fix fcntl waf configure check
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14503

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Sep 21 07:26:54 UTC 2020 on sn-devel-184

CVE-2020-1472(ZeroLogon): s4 torture rpc: repeated bytes in client challenge

Ensure that client challenges with the first 5 bytes identical are
rejected.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Sep 18 14:13:17 UTC 2020 on sn-devel-184

CVE-2020-1472(ZeroLogon): s4 torture rpc: Test empty machine acct pwd

Ensure that an empty machine account password can't be set by
netr_ServerPasswordSet2

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

CVE-2020-1472(ZeroLogon): docs-xml: document 'server require schannel:COMPUTERACCOUNT'

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: log warnings about unsecure configurations

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Günther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: support "server require schannel:WORKSTATION$ = no"

This allows to add expections for individual workstations, when using "server schannel = yes".
"server schannel = auto" is very insecure and will be removed soon.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Günther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: refactor dcesrv_netr_creds_server_step_check()

We should debug more details about the failing request.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Günther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: log warnings about unsecure configurations

This should give admins wawrnings until they have a secure
configuration.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: support "server require schannel:WORKSTATION$ = no"

This allows to add expections for individual workstations, when using "server schannel = yes".
"server schannel = auto" is very insecure and will be removed soon.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: refactor dcesrv_netr_creds_server_step_check()

We should debug more details about the failing request.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: protect netr_ServerPasswordSet2 against unencrypted passwords

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Fix mem leak onto p->mem_ctx in error path of _netr_ServerPasswordSet2().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

CVE-2020-1472(ZeroLogon): s4:rpc_server/netlogon: protect netr_ServerPasswordSet2 against unencrypted passwords

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

CVE-2020-1472(ZeroLogon): libcli/auth: reject weak client challenges in netlogon_creds_server_init()

This implements the note from MS-NRPC 3.1.4.1 Session-Key Negotiation:

 7. If none of the first 5 bytes of the client challenge is unique, the
    server MUST fail session-key negotiation without further processing of
    the following steps.

It lets ./zerologon_tester.py from
https://github.com/SecuraBV/CVE-2020-1472.git
report: "Attack failed. Target is probably patched."

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

CVE-2020-1472(ZeroLogon): libcli/auth: add netlogon_creds_is_random_challenge() to avoid weak values

This is the check Windows is using, so we won't generate challenges,
which are rejected by Windows DCs (and future Samba DCs).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

CVE-2020-1472(ZeroLogon): s4:rpc_server:netlogon: make use of netlogon_creds_random_challenge()

This is not strictly needed, but makes things more clear.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

CVE-2020-1472(ZeroLogon): s3:rpc_server:netlogon: make use of netlogon_creds_random_challenge()

This is not strictly needed, but makes things more clear.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

CVE-2020-1472(ZeroLogon): libcli/auth: make use of netlogon_creds_random_challenge() in netlogon_creds_cli.c

This will avoid getting rejected by the server if we generate
a weak challenge.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

CVE-2020-1472(ZeroLogon): s4:torture/rpc: make use of netlogon_creds_random_challenge()

This will avoid getting flakey tests once our server starts to
reject weak challenges.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

CVE-2020-1472(ZeroLogon): libcli/auth: add netlogon_creds_random_challenge()

It's good to have just a single isolated function that will generate
random challenges, in future we can add some logic in order to
avoid weak values, which are likely to be rejected by a server.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14497

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>

nt_printing_ads: add missing printShareName attribute when publishing printers

Without printShareName attribute in LDAP, Windows doesn't list the pinters at all.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9771

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Sep 18 01:58:22 UTC 2020 on sn-devel-184

cli_winreg_spoolss: handle also printer sharename

BUG: https://bugzilla.samba.org/show_bug.cgi?id=9771

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

srv_spoolss_nt.c: fix wrong value in debug message

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

tests: Disable kerberos for weak crypto test

Otherwise the test fails because the client is authenticated using
spnego and gse_krb5, not triggering the weak crypto restrictions.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Sep 17 00:05:51 UTC 2020 on sn-devel-184

selftest: set pid directory in client's smb.conf

Set a pid file directory to avoid the following testparm error:

ERROR: pid directory /usr/local/samba/var/run does not exist

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

selftest: Create client directories in a loop

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

s3: libsmb: Cleanup - in internal_resolve_name() only write the out parameters on success.

All callers already correctly initialize them.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Tue Sep 15 11:33:35 UTC 2020 on sn-devel-184

s3: Remove struct ip_service.

                           ---------------
                          /               \
                         /      REST       \
                        /        IN         \
                       /        PEACE        \
                      /                       \
                      |                       |
                      |   struct ip_service   |
                      |                       |
                      |                       |
                      |       9 August        |
                      |   In the year of the  |
                      |        pandemic       |
                      |          2020         |
                     *|     *  *  *           | *
            _________)/\\_//(\/(/\)/\//\/\////|_)_______

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

s3: libsmb: namequery. Rename remove_duplicate_addrs2_sa() to remove_duplicate_addrs2()

It's now the only function.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

s3: libsmb: namequery.c: Remove unused remove_duplicate_addrs2().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

s3: libsmb: namequery.c: Remove now unused internal_resolve_name() wrapper.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

s3: libsmb: namequery.c: Remove now unused convert_ss2service().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

s3: libsmb: namequery.c: Remove now unused ip_service_to_samba_sockaddr().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

3: libsmb: namequery: Convert _internal_resolve_name() -> internal_resolve_name() returning talloced samba_sockaddr arrays.

Wrapper function internal_resolve_name() is now commented out,
along with the now unused ip_service_to_samba_sockaddr() and
convert_ss2service() functions.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

s3: libsmb: namequery: Add utility function sockaddr_array_to_samba_sockaddr_array().

Not yet used. Will help convert _internal_resolve_name() to internal_resolve_name().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

s3: libsmb: Rename prioritize_ipv4_list_sa() -> prioritize_ipv4_list() now it's the only use.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

s3: libsmb: Remove unused prioritize_ipv4_list().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

s3: libsmb: Tidy up the talloc heirarchy allocation in get_dc_list().

Always allocate the return_salist off the frame pointer.
Only talloc_move() to return ctx on successful return.

Cleans up a nasty else in the exit path that caused
problems in the past - we can now always TALLOC_FREE(return_salist)
without remembering if we need to return it.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

s3: libsmb: Convert get_dc_list() to call internal_resolve_name() not _internal_resolve_name().

prioritize_ipv4_list() is no longer used.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

s3: libsmb: Remove now unused internal functions ip_service_compare() and sort_service_list().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

s3: libsmb: Convert get_pdc_ip() to call internal_resolve_name() not _internal_resolve_name().

NB. sort_service_list() and ip_service_compare() are now no
longer used so comment them out for removal.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

s3: libsmb: Convert find_master_ip() to call internal_resolve_name() not _internal_resolve_name().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

s3: libsmb: Convert resolve_name_list() to call internal_resolve_name() not _internal_resolve_name().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

s3: libsmb: Convert resolve_name() to call internal_resolve_name() not _internal_resolve_name().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

s3: libsmb: Rename internal_resolve_name_sa() -> internal_resolve_name()

That's now the only external interface to it.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

s3: libsmb: Remove the internal_resolve_name() external interface.

Change the internal version from internal_resolve_name() -> _internal_resolve_name().
Only external caller calls internal_resolve_name_sa().

After this we can rename internal_resolve_name_sa() back to internal_resolve_name()
as all internal use in namequery.c is via _internal_resolve_name().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

s3: libsmb: Fix discover_dc_netbios() to call internal_resolve_name_sa().

All callers of internal_resolve_name() are now internal to namequery.c

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

s3: libsmb: Add internal_resolve_name_sa(). A wrapper for internal_resolve_name().

Not yet used. Now to fix the callers, and convert internal_resolve_name().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <jra@samba.org>

s3: libsmb: Add prioritize_ipv4_list_sa().

Re-arranges a samba_sockaddr array in IPv4 preference.

Not yet used so compiles but ifdef'ed out. Needed for conversion
of internal_resolve_name().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

3: torture: Use remove_duplicate_addrs2_sa() instead of remove_duplicate_addrs2() in LOCAL-remove_duplicate_addrs2 test.

Spoiler, still passes :-).

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

s3: libsmb: Add remove_duplicate_addrs2_sa() - uses samba_sockaddr.

Not yet used, will be used when we migrate internal_resolve_name()
to samba_sockaddr.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

s3: libsmb: Convert internal function get_dc_list() to return a samba_sockaddr array.

Callers now don't need to convert. Getting closer to making internal_resolve_name()
return samba_sockaddr array.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
`

s3: libsmb: Rename get_sorted_dc_list_sa() -> get_sorted_dc_list().

Everyone now uses samba_sockaddr arrays.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.com>

s3: libsmb: Remove get_sorted_dc_list(). No longer used.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

s3: libsmb: Remove last caller of get_sorted_dc_list() from rpc_dc_name().

Now only get_sorted_dc_list_sa() left.
Now we can remove get_sorted_dc_list() and rename
get_sorted_dc_list_sa() back to get_sorted_dc_list().

One more external user of struct ip_service gone.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

s3: winbind: Fix get_dcs() to use get_sorted_dc_list_sa().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

s3: libads: Rename cldap_ping_list_sa() -> cldap_ping_list().

The old cldap_ping_list() is now gone.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

s3: libads: Remove cldap_ping_list().

No longer used.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

s3: libads: Make resolve_and_ping_dns() use get_sorted_dc_list_sa().

We no longer use cldap_ping_list(), comment it out
for removal.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

s3: libads: Make resolve_and_ping_netbios() use get_sorted_dc_list_sa().

Now we use cldap_ping_list_sa() so uncomment it.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

s3: libads: Add an alternate version of cldap_ping_list() that takes an array of samba_sockaddrs.

Preparing for get_sorted_dc_list() returning such an array.
ifdef'ed out as not yet used.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

s3: utils: Make net_lookup_dc() use get_sorted_dc_list_sa().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

s3: libsmb: Add function get_sorted_dc_list_sa(). Returns samba_sockaddr array.

Now to fix callers.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

s3: libsmb: Rename get_kdc_list_sa() back to get_kdc_list().

The samba_sockaddr interface is now the only one.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

s3: libsmb: Remove get_kdc_list(). No more callers.

Next we can rename get_kdc_list_sa() -> get_kdc_list().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

s3: libads: Convert get_kdc_ip_string() to use get_kdc_list_sa().

No more callers of get_kdc_list().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

s3: utils: Make net_lookup_kdc() use get_kdc_list_sa().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

s3: libsmb: Add get_kdc_list_sa() returns samba_sockaddr array.

Not yet used, but uses the previous utility functions.
Now to convert the get_kdc_list() callers and remove
one more external use of ip_service.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

s3: libsmb: Add sort_sa_list() compare function. Not yet used.

Ready for when we start returning ordered samba_sockaddr arrays.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

s3: libsmb: Make sort_addr_list() and sort_service_list() take size_t counts.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

s3: libads: Use size_t counts inside cldap_ping_list().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

s3: libads: Reformat args to cldap_ping_list().

Pure reformatting.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

s3: libsmb: Make prioritize_ipv4_list() use size_t counts.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

s3: libsmb: Fix the count returns in discover_dc_netbios(), discover_dc_dns(), process_dc_dns() to return size_t * counts.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>

s3/libsmb: cleanup discover_dc_dns() Fix potential leak

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>

s3/libsmb: cleanup discover_dc_dns, only set out params on success

Signed-off-by: Noel Power <npower@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

lib: addns: Fix ads_dns_lookup_ns(), ads_dns_query_dcs(), ads_dns_query_gcs(), ads_dns_query_kdcs(), ads_dns_query_pdc() to return size_t *.

Easier to do all callers at once.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>

lib: addns: Fix ads_dns_lookup_srv() and functions to return size_t * num servers.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>

s3: libsmb: internal_resolve_name() - get rid of the icount variables.

Plus the paranoia check. Everything now uses size_t * returns.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>

s3: libsmb: Make resolve_ads() return a size_t * address count.

All resolve_XXXX() functions inside internal_resolve_name()
now use size_t and we can clean this up.

Signed-off-by: Jeremy Allison <jra@samba.org>
Signed-off-by: Noel Power<npower@samba.org>

s3: libsmb: Fix resolve_hosts() to return size_t * count of addresses.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>

s3: libsmb: cleanup resolve_hosts() - don't change return values on fail.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>

libcli: nbt: Fix resolve_lmhosts_file_as_sockaddr() to return size_t * count of addresses.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>

libcli: nbt: cleanup resolve_lmhosts_file_as_sockaddr() - don't change return values on fail.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>

s3: libsmb: Convert the WINS and broadcast name functions to return size_t * num addresses.

Have to do both at once as they are intimately related.
The uglyness inside internal_resolve_name() will go away
once all the resove_XXX() functions return size_t values.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>

s3/libsmb: Cleanup parse_node_status() only set out params on success

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Jeremy Allison <jra@samba.org>

s3: libsmb: Convert node_status_query() and associated functions and callers to expect a size_t * return.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>

winbind: Fix a memleak

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14388
Signed-off-by: Laurent Menase <laurent.menase@hpe.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Noel Power <noel.power@suse.com>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Sep 14 13:33:13 UTC 2020 on sn-devel-184

smbclient: Remove unused reference to extern override_logfile

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Sat Sep 12 07:53:56 UTC 2020 on sn-devel-184

lib: Make get_share_security_default static

Reviewed-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

s3:VFS: Remove function declaration for vfs_posixacl_init

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

waf: Only use gnutls_aead_cipher_encryptv2() for GnuTLS > 3.6.14

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14399

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Sep 11 08:27:26 UTC 2020 on sn-devel-184

bootstrap: Fix the spelling of README.md (again) and get a new GnuTLS

We re-run ./bootstrap/template.py --render to get a new GnuTLS on Fedora 32

This was missed with 7dc535995bbdb42b1b053c22acff5978cb5da516
and so caused e0e51632cf77be439ebcbcba025a42e8558fa824 to
break the sha1sum and so require 7077be01a3cc860ce1fcfafd9e5028829f0c1887
to fix it.

The sha1sum changes because we fixed the bug about the spelling of
README.md, which is helpful because otherwise we would not get a
new image.

This provides a GnuTLS 3.6.15 so that we still test using GnuTLS's
gnutls_aead_cipher_encryptv2() for the SMB encryption codepath.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14399

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

ctdb-daemon: Drop implementation of old-style database pull/push controls

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Fri Sep 11 06:29:32 UTC 2020 on sn-devel-184

ctdb-protocol: Drop marshalling functions for old-style database pull/push

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-protocol: Drop client functions for old-style database pull/push

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-client: Drop unused synchronous functions for database pull/push

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-recovery: Simplify database push function names

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-recovery: Drop unnecessary database push wrapper

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-recovery: Drop passing of capabilities into database pull

This is no longer necessary because the capability new style database
pull is assumed to always be available.

Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>