nfs4_acls: Use correct type when checking ownerGID

uid and gid are members of the same union so this makes no difference,
but for type correctness and readability use the gid to check for
ownerGID.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

nfs4_acls: Use switch/case for checking idmap type

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

nfs4_acls: Use sids_to_unixids to lookup uid or gid

This is the newer API to lookup id mappings and will make it easier to
add to the IDMAP_TYPE_BOTH case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

test_nfs4_acls: Add test for mapping from DACL to NFS4 ACL with IDMAP_TYPE_BOTH

When id mappings use IDMAP_TYPE_BOTH, the NFSv4 ACL mapping code is not
aware whether a particular entry is for a user or a group. The
underlying assumption then is that is should not matter, as both the ACL
mapping maps everything to NFSv4 ACL group entries and the user's token
will contain gid entries for the groups.

Add a testcase to verify that when mapping from DACLS to NFSv4 ACL
entries with IDMAP_TYPE_BOTH, all entries are mapped as expected.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

test_nfs4_acls: Add test for mapping from NFS4 ACL to DACL with IDMAP_TYPE_BOTH

When id mappings use IDMAP_TYPE_BOTH, the NFSv4 ACL mapping code is not
aware whether a particular entry is for a user or a group. The
underlying assumption then is that is should not matter, as both the ACL
mapping maps everything to NFSv4 ACL group entries and the user's token
will contain gid entries for the groups.

Add a testcase to verify that when mapping from NFSv4 ACL entries to
DACLs with IDMAP_TYPE_BOTH, all entries are mapped as expected.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

test_nfs4_acls: Add test for mapping from NFS4 to DACL in config mode special

The mapping code between NFSv4 ACLs and security descriptors still has
the deprecated config setting "nfs4:mode = special". This should not be
used as it has security problems: All entries matching owner or group
are mapped to "special owner" or "special group", which can change its
meaning when being inherited to a new file or directory with different
owner and owning group.

This mode should eventually be removed, but as long as it still exists
add testcases to verify the expected behavior. This patch adds the
testcase for "nfs4:mode = special" when mapping from the NFS4 ACL to the
DACL in the security descriptor.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

test_nfs4_acls: Add test for mapping from DACL to NFS4 ACL with config special

The mapping code between NFSv4 ACLs and security descriptors still has
the deprecated config setting "nfs4:mode = special". This should not be
used as it has security problems: All entries matching owner or group
are mapped to "special owner" or "special group", which can change its
meaning when being inherited to a new file or directory with different
owner and owning group.

This mode should eventually be removed, but as long as it still exists
add testcases to verify the expected behavior. This patch adds the
testcase for "nfs4:mode = special" when mapping from the DACL in the
security descriptor to the NFSv4 ACL.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

test_nfs4_acls: Add test for matching DACL entries for acedup

The NFSv4 mapping code has a config option nfs4:acedup for the mapping
path from DACLs to NFSv4 ACLs. Part of this codepath is detecting
duplicate ACL entries. Add a testcase with different ACL entries and
verify that only exactly matching entries are detected as duplicates and
treated accordingly.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

test_nfs4_acls: Add test for acedup settings

The NFSv4 ACL mapping code has a setting nfs4:acedup. Depending on the
setting, when mapping from DACLs to NFSv4 ACLs, duplicate ACL entries
are either merged, ignored or rejected. Add a testcase that has
duplicate ACL entries and verify the expected behavior for all possible
settings of the nfs4:acedup option.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

test_nfs4_acls: Add test for 'map full control' option

"map full control" when enabled adds the DELETE_CHILD permission, when
all other permissions are present. This allows Windows clients to
display the "FULL CONTROL" permissions.

Add a testcase that verifies this mapping when mapping from NFSv4 ACL to
the DACL in the security descriptor. Also verify that switching the
option off disables this behavior.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

test_nfs4_acls: Add test for mapping from NFS4 to DACL CREATOR entries

Add testcase for mapping from NFSv4 ACL entries for "special owner" and
"special group" to DACL entries in the security descriptor. Each NFSv4
entry here with INHERIT_ONLY maps directly to a CREATOR OWNER or CREATOR
GROUP entry in the DACL. Entries without INHERIT_ONLY map to the CREATOR
entry and an additional explicit entry granting permission on the
current object.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

test_nfs4_acls: Add test for mapping CREATOR entries to NFS4 ACL entries

Add testcase for mapping DACL entries CREATOR OWNER and CREATOR GROUP
with inheritance flag in the security descriptor to NFSv4 "special
owner" and "special group" entries. This is the correct mapping for
these entries as inheriting "special owner" and "special group" grants
permissions to the actual owner and owning group of the new file or
directory, similar to what CREATOR entries do.

The other side is that CREATOR entries without any inheritance flags do
not make sense, so these are not mapped to NFSv4 ACL entries.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

test_nfs4_acls: Add test for mapping from DACL to special NFS4 ACL entries

Add testcase for mapping from entries in the DACL security descriptor to
"special" entries in the NFSv4 ACL. Verify that the WORLD well-known SID
maps to "everyone" in the NFSv4 ACL. Verify that the "Unix NFS" SID is
ignored, as there is no meaningful mapping for this entry. Verify that
SID entries matching the owner or group are mapped to "special owner"
or "special group", but only if no inheritance flags are used. "special
owner" and "special group" with inheritance flags have the meaning of
CREATOR OWNER and CREATOR GROUP and will be tested in another testcase.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

test_nfs4_acls: Add test for mapping of special NFS4 ACL entries to DACL entries

In addition to entries for users and groups, NFSv4 ACLs have the concept
of entries for "special" entries. Only the "owner", "group" and
"everyone" entries are currently used in the ACL mapping.

Add a testcase that verifies the mapping from NFSv4 "special" entries to
the DACL in the security descriptor. Verify that only "owner", "group"
and "everyone" are mapped and all other "special" entries are ignored.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

test_nfs4_acls: Add test for mapping permissions from DACL to NFS4 ACL

Add testcase for mapping the permission flags from the DACL in the
Security Descriptor to a NFSv4 ACL. The mapping is straight-forward as
the same permission bits exist for Security Descriptors and NFSv4 ACLs.
In addition, the code also maps from the generic DACL permissions to a
set of NFSv4 permissions, also verify this mapping.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

test_nfs4_acls: Add test for mapping permissions from NFS4 ACL to DACL

Add testcase for mapping permissions from the NFSv4 ACL to DACL in the
security descriptor. The mapping is simple as each permission bit exists
on both sides.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

test_nfs4_acls: Add test for flags mapping from DACL to NFS4 ACL

Add testcase for the mapping of inheritance flags from the DACL in the
security descriptor to the NFSv4 ACL. The mapping is different for files
and directories as some inheritance flags should not be present for
files. Also other flags are not mapped at all, verify this behavior.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

test_nfs4_acls: Add test for flags mapping from NFS4 ACL to DACL

Add testcase for the mapping of inheritance flags when mapping from a
NFSv4 ACL to a DACL in the security descriptor. The mapping is different
between files and directories, as some inheritance flags should never be
present for files. Some defined flags like SUCCESSFUL_ACCESS are also
not mapped at this point, also verify this behavior.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

test_nfs4_acls: Add tests for mapping of ACL types

Add testcases for mapping the type field (ALLOW or DENY) between NFSv4
ACLs and security descriptors.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

test_nfs4_acls: Add tests for mapping of empty ACLs

This is a fairly simple test that ensures the mapping of empty ACLs
(without any ACL entries) is always done the same way.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

selftest: Start implementing unit test for nfs4_acls

Existing smbtorture tests set and query ACLs through SMB, only working
with the DACLs in the Security Descriptors, but never check the NFSv4
ACL representation. This patch introduces a unit test to verify the
mapping between between Security Descriptors and NFSv4 ACLs. As the
mapping code queries id mappings, the id mapping cache is first primed
with the mappings used by the tests and those mappings are removed again
during teardown.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

nfs4_acls: Remove fsp from smbacl4_win2nfs4

Only the information whether the ACL is for a file or a directory is
required. Replacing the fsp with a flag is clearer and allows for unit
testing of the mapping functions.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Revert "nfs4acl: Fix owner mapping with ID_TYPE_BOTH"

This reverts commit 5d4f7bfda579cecb123cfb1d7130688f1d1c98b7.

That patch broke the case with ID_TYPE_BOTH where a file is owned by a
group (e.g. using autorid and having a file owned by
BUILTIN\Administrators). In this case, the ACE entry for the group gets
mapped a to a user ACL entry and the group no longer has access (as in
the user's token the group is not mapped to a uid).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14032

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

dcerpc: use anon creds for unknown transport

Otherwise we get a segfault when the NULL creds are dereferenced in cli_credentials_is_anonymous()

 $  python3 -c"from samba.dcerpc.dnsserver import dnsserver; d = dnsserver('addc')"

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jul 22 23:37:57 UTC 2019 on sn-devel-184

s4/auth/py: avoid null deref with bad python arguments

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4/gensec/py: avoid null deref with bad python arguments

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3/smbd/py: avoid null deref with bad python arguments

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3/libsmb/py: avoid null deref with bad python arguments

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4/auth/pygensec: don't segfault when reporting bad types

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

auth/pycreds/encrypt_netr_crypt_password: don't pretend arg is optional

The "|O" signature is saying the password argument is optional, which
makes no sense in terms of the funxtion and immediately leads to a
TypeError (or until last commit, segfault). Removing the "|" leaves it
with a TypeError, but it is better worded and faster.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

auth/pycreds/encrypt_netr_crypt_password: don't segfault

Non-talloc objects were treated as talloc objects, to no good effect

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pysecurity: use unsigned int, not int to approximate uint32_t

the "I" flag for unsigned int has been available since Python 2.3

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pycredentials.h: use import to ensure python type correctness

Because we include pyrpc_util.h, pycredentials doesn't need its own
PyStringFromStringOrNull().

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

auth/pycredentials: always check self is a Credentials object

This prevents a segfault with

    credentials.Credentials.guess(x)

where x is not a Credentials object.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4/rpc/py_security: don't deref NULL for invalid values

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4/py_dsdb: avoid NULL deref in set_domain_sid()

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli/pysecurity: use pytalloc_get_name to avoid NULL deref

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

talloc: Release talloc 2.3.0

* add pytalloc_get_name() to safely access te talloc name in Python bindings
* Use a new minor version to allow talloc updates in the 4.11 release stream

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz

talloc/py_util: remove tautologically dead code

Being careful is good and all, but if we don't trust the

       static PyTypeObject *type = NULL;

two lines up, we need to reconsider our entire software universe.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

talloc: pytalloc_get_checked_type: survive non-talloc objects

If the python object is not a talloc object, we will end up
with a NULL pointer. We weren't checking for that properly

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

talloc: add pytalloc_get_name() helper

In several places we go

   talloc_get_name(pytalloc_get_ptr(py_obj))

which is a certain NULL derefernce if py_obj is not a talloc object.

This is a helper function that chooses to say "non-talloc object"
rather than crash.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/py-segfault: add messaging.deregister()

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

py segfault test: registry.open_hive

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:rpc_server: Call server exit routines in sigterm handler

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Jul 22 18:04:53 UTC 2019 on sn-devel-184

s3:rpc_server: Call epmapper RPC shutdown function from server exit routines

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Call fsrvp RPC shutdown function from server exit routines

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Call server exit routines in sigterm handler

The exit server routines already call rpc shutdown functions

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Improve debug messages

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server:spoolssd: Move socket creation to its own function

The function also handles the registration in the endpoint mapper.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Return NTSTATUS in is_known_pipename function

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Make make_external_rpc_pipe_p and np_proxy_state private

This function and struct is not used outside rpc_ncacn_np.c

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Check pointer before dereference

The debug message dereference the pointer, but as close_policy_by_pipe
is called from pipes_struct destructor it may be not initialized yet if
an error occur in the initialization code.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Rename dcesrv_handle struct

The name conflicts with the S4 name.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Unify RPC client disconnect and termination functions

These functions are used by endpoint mapper to delete the endpoints
when a NCALRPC connection from an external daemon is lost and by
preforked childs to accept the next client as soon as the current
connection terminates. We can use the same function for both purposes.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:spoolss: Set remote and local address for accepted connections

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Return NTSTATUS in make_internal_rpc_pipe_p

Also make it static as it is not used outside rpc_ncacn_np.c

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Set debug class in all rpc server related files

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Initialize auxiliary variable checked in error path

The auxiliary variable is checked in the function's exit code so reset
it after each usage.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:prefork: Allow to associate private data with listening socket

Prepare for merger RPC server codebase, where it will be necessary to
stablish an association between the listening socket and the
dcesrv_endpoint that the socket is serving.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Remove named_pipe_client struct and use dcerpc_ncacn_conn

Now NCACN_NP connections run the same loop as NCACN_IP_TCP and NCALRPC
connections.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Check remote address supplied to dcerpc_ncacn_accept

Check if the supplied tsocket_address is valid before changing the
talloc chunk parent to the ncacn_conn struct.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Make dcerpc_ncacn_packet_process public

In preparation to remove the named_pipe_client struct, this function
will be set as tevent callback from rpc_ncacn_np.c

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Add a function to initialize the dcerpc_ncacn_conn struct

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Split dcerpc_ncacn_accept to deal with tstream_npa

In preparation to remove the named_pipe_client struct split the function
if two parts and build the tstream context as soon as possible, as it
will take care of closing the socket when the tstream_context is freed.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Add termination function and data to dcerpc_ncacn_conn

In preparation to remove the named_pipe_client structure, this function
will be called from ncacn_conn destructor passing the private data pointer
as argument. It is mainly used by preforked childs in "process model" to
attend the next client as soon as the previous client ends the connection.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:rpc_server: Move dcerpc_ncanc_conn to header file

Next commits will remove named_pipe_client and dcerpc_ncacn_connection
will be used in its place. It has to be moved to a header file as it
will be used by functions in rpc_server.c and rpc_ncacn_np.c.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:rpc_server: Set dcerpc_ncacn_connection destructor

And call disconnection callback from there if it is set.
Additionally change named_pipe_termination_fn to have * in typedef.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:epmapper: Rename conflicting struct

Rename an epmapper internal struct which will conflict when merging s3
and s4 rpc servers.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3-prefork: Add header inclusion guards

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:rpc_server: Return NTSTATUS in rpc_ep_setup and setup functions

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Fix hidden strict aliasing issues

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>

lib:tsocket: New function to build a tsocket_context from samba_address

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:utils: New struct to fix strict aliasing issues with sockets API

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:rpc_server: Fix code formatting and improve debug messages

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Set the endpoint name to "IP" on ncacn_ip_tcp listener

This matchs what lsasd and mdssd does.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:spoolss: Exit if fork call fails

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Use talloc_zero for dcerpc_ncacn_listen_state

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Use new debug macros in dcesrv_setup_ncalrpc_socket

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Return NTSTATUS for dcesrv_setup_ncalrpc_socket

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Rename setup_dcerpc_ncalrpc_socket

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Use new debug macros in dcesrv_setup_ncacn_ip_tcp_socket

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Return NTSTATUS for dcesrv_setup_ncacn_ip_tcp_socket

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Rename setup_dcerpc_ncacn_tcpip_socket

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Rename rpc_create_tcpip_sockets

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Rename dcerpc_ncacn_tcpip_listener

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Use new debug macros for dcesrv_create_ncacn_ip_tcp_socket

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Return NTSTATUS for dcesrv_create_ncacn_ip_tcp_socket

Additionally to the fd number, check the port number has been correctly
assigned. This check was performed by the callers of this function.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Rename create_tcpip_socket

Additionally move function declaration from proto.h to rpc_server.h

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: simplify the error checking of create_tcpip_socket() callers

create_tcpip_socket() never returns a valid fd and left port as 0.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:rpc_server: Rename named_pipe_listener

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Switch to new debug macros for dcesrv_setup_ncacn_np_socket

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Return NTSTATUS for dcesrv_setup_ncacn_np_socket

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Rename setup_named_pipe_socket

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Switch to new debug macros for dcesrv_create_ncacn_np_socket

Additionally messages are improved.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Return NTSTATUS for dcesrv_create_ncacn_np_socket

The 'fd' state struct member is initialized after allocation because it
is checked in the error path.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Rename create_named_pipe_socket

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Rename dcerpc_ncalrpc_listener

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Switch to new debug macros for dcesrv_create_ncalrpc_socket

Additionally new debug messages are added and the existing ones improved.

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Return NTSTATUS for dcesrv_create_ncalrpc_socket

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:rpc_server: Rename create_dcerpc_ncalrpc_socket

Signed-off-by: Samuel Cabrero <scabrero@suse.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>