s3:modules: Fix code spelling

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:modules: Remove fruit:ressource option with incorrect spelling

The plan was to remove it in 4.7. I think it is safe to remove it with
4.19.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:modules: Remove trailing white spaces of README.nfs4acls.txt

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:modules: Remove trailing white spaces of vfs_hpuxacl.c

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:locking: Fix code spelling

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:librpc: Fix code spelling

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

wscript: Fix code spelling

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

examples: Remove outdated validchars

I don't think we even look into this anymore and have other tests in
place.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

example: Remove outdated config files from tridge

I don't think he still runs Windows 95 ...

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:rpc_server:netlogon: generate FAULT_INVALID_TAG for invalid netr_LogonGetCapabilities levels

This is important as Windows clients with KB5028166 seem to
call netr_LogonGetCapabilities with query_level=2 after
a call with query_level=1.

An unpatched Windows Server returns DCERPC_NCA_S_FAULT_INVALID_TAG
for query_level values other than 1.
While Samba tries to return NT_STATUS_NOT_SUPPORTED, but
later fails to marshall the response, which results
in DCERPC_FAULT_BAD_STUB_DATA instead.

Because we don't have any documentation for level 2 yet,
we just try to behave like an unpatched server and
generate DCERPC_NCA_S_FAULT_INVALID_TAG instead of
DCERPC_FAULT_BAD_STUB_DATA.
Which allows patched Windows clients to keep working
against a Samba DC.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15418

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Jul 17 07:35:09 UTC 2023 on atb-devel-224

s4:rpc_server:netlogon: generate FAULT_INVALID_TAG for invalid netr_LogonGetCapabilities levels

This is important as Windows clients with KB5028166 seem to
call netr_LogonGetCapabilities with query_level=2 after
a call with query_level=1.

An unpatched Windows Server returns DCERPC_NCA_S_FAULT_INVALID_TAG
for query_level values other than 1.
While Samba tries to return NT_STATUS_NOT_SUPPORTED, but
later fails to marshall the response, which results
in DCERPC_FAULT_BAD_STUB_DATA instead.

Because we don't have any documentation for level 2 yet,
we just try to behave like an unpatched server and
generate DCERPC_NCA_S_FAULT_INVALID_TAG instead of
DCERPC_FAULT_BAD_STUB_DATA.
Which allows patched Windows clients to keep working
against a Samba DC.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15418

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:torture/rpc: let rpc.schannel also check netr_LogonGetCapabilities with different levels

The important change it that we expect DCERPC_NCA_S_FAULT_INVALID_TAG
for unsupported query_levels, we allow it to work with servers
with or without support for query_level=2.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15418

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

netlogon.idl: add support for netr_LogonGetCapabilities response level 2

We don't have any documentation about this yet, but tests against
a Windows Server 2022 patched with KB5028166 revealed that
the response for query_level=2 is exactly the same as
for querey_level=1.

Until we know the reason for query_level=2 we won't
use it as client nor support it in the server, but
we want ndrdump to work.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15418

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:libsmb: Fix code spelling

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jul 13 06:34:01 UTC 2023 on atb-devel-224

s3:libads: Fix code spelling

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>

s3:lib: Fix code spelling

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>

s3:include: Fix code spelling

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>

s3:include: Remove trailing whitepaces in MacExtensions.h

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>

python:tests: Fix code spelling

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>

python: Fix code spelling

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>

examples: Fix code spelling

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>

examples: Make codespell happy

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>

configure: ensure sizeof(int) >= 4

There are multiple places we make this assumption. For example, in
source3/lib/tldap.c, we have this line

      if (ld->msgid == 2147483647) {

where ld->msgid is an int. And in librpc/idl/security.idl we have
several lines like:

      const int SEC_MASK_GENERIC        = 0xF0000000;

In lib/replace/inet_pton.c and inet_ntop.c we have

  /*
   * WARNING: Don't even consider trying to compile this on a system where
   * sizeof(int) < 4.  sizeof(int) > 4 is fine; all the world's not a VAX.
   */

but no attempt to enforce that as far as I can see, until now.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 11 22:44:15 UTC 2023 on atb-devel-224

docs-xml: Fix script idmap backend documentation

This was clearly copied from the tdb2 backend and incompletely edited.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon Jul 10 23:47:12 UTC 2023 on atb-devel-224

docs-xml: Tweak autorid idmap backend documentation

The name of the placeholder is misleading.  It certainly isn't per
domain, so we might as well indicate that it is per range.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Andreas Schneider <asn@samba.org>

docs-xml: Fix rid idmap backend documentation

The statement just above the example says the example demonstrates the
use of the base_rid parameter.  It doesn't, so fix this.

Also fix a typo.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Andreas Schneider <asn@samba.org>

smbd: don't leak the fsp if close_file_smb() fails

This can happen if DELETE-ON-CLOSE is set, but the deletion fails for some
reason.

The bug was introduced by 1808e5c133474eabc9d3cf91c2a92ec4d92d9fdd.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15417

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jul 10 21:32:32 UTC 2023 on atb-devel-224

ctdb-server: Avoid logging a count of 0 resent calls

This fixes a little thinko in commit
80de84d36e9c29d9506976f991560fb5dde99471, where this was overlooked.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
Autobuild-User(master): Amitay Isaacs <amitay@samba.org>
Autobuild-Date(master): Mon Jul 10 15:15:06 UTC 2023 on atb-devel-224

ctdb-tools: Switch tickle ACK sending message to INFO level

DEBUG level logging in ctdb_killtcp is very noisy.  The most important
messages when debugging are those for tickle ACKs and TCP RSTs.  TCP
RSTs are already logged at INFO level, so promote tickle ACKs to INFO
level too.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-tools: Fix a typo in a log message

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reported-by: Ulrich Sibiller <ulrich.sibiller@atos.net>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

ctdb-logging: Really make NOTICE the default debug level

NOTICE level debug messages in common/run_event.c are not logged by
default.

Currently eventd ends up using ERROR, since this is specified as
LOGGING_LOG_LEVEL_DEFAULT.  It doesn't inherit the debug level from
ctdbd and only uses NOTICE level when interactive.

Change the real logging default to NOTICE and use it everywhere.

Followups might be:

* Remove the default_log_level argument to logging_conf_init()
* Kick eventd to update debug level when "ctdb setdebug" is used

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>

librpc/nbt: Avoid reading invalid member of union

WACK packets use the ‘data’ member of the ‘nbt_rdata’ union, but they
claim to be a different type — NBT_QTYPE_NETBIOS — than would normally
be used with that union member. This means that if rr_type is equal to
NBT_QTYPE_NETBIOS, ndr_push_nbt_res_rec() has to guess which type the
structure really is by examining the data member. However, if the
structure is actually of a different type, that union member will not be
valid and accessing it will invoke undefined behaviour.

To fix this, eliminate all the guesswork and introduce a new type,
NBT_QTYPE_WACK, which can never appear on the wire, and which indicates
that although the ‘data’ union member should be used, the wire type is
actually NBT_QTYPE_NETBIOS.

This means that as far as NDR is concerned, the ‘netbios’ member of the
‘nbt_rdata’ union will consistently be used for all NBT_QTYPE_NETBIOS
structures; we shall no longer access the wrong member of the union.

Credit to OSS-Fuzz.

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38480

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15019

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Fri Jul  7 01:14:06 UTC 2023 on atb-devel-224

librpc:ndr: Fix overflow in ndr_push_expand

If ‘size’ was equal to UINT32_MAX, the expression ‘size+1’ could
overflow to zero.

This could result in inadequate memory being allocated, which could
cause ndr_pull_compression_xpress_huff_raw_chunk() to overflow memory
with zero bytes.

Credit to OSS-Fuzz.

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57728

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15415

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

s3:rpc_server: Fix double blackslash issue in dfs path

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15400

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jul  5 20:24:35 UTC 2023 on atb-devel-224

s3:rpc_server: Initialize consumedcnt to 0 in _dfs_GetInfo()

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s3:tests: Add rpcclient 'dfsgetinfo' test

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15400

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: call exit_server_cleanly() to avoid panicking

The parent smdb forwards SIGTERM to its process group in order to kill all
children like the scavenger. This happens from a function registered via
atexit() which means the signal forwarding is happening very briefly before the
main smbd process exits. When exiting the pipe between smbd and scavenger is
closed which triggers a file event in the scavenger.

However, due to kernel sheduling it is possible that the file descriptor event
is received before the signal, where we call exit_server() which call
smb_panic() at the end.

Change the exit to exit_server_cleanly() and just log this event at level 2
which we already do.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15275

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul  5 13:14:08 UTC 2023 on atb-devel-224

s3:winbindd: let winbind_samlogon_retry_loop() fallback to NT_STATUS_NO_LOGON_SERVERS

When we were not able to get a valid response from any DC we should
report NT_STATUS_NO_LOGON_SERVERS with authoritative = 1.

This matches what windows does. In a chain of transitive
trusts the ACCESS_DENIED/authoritative=0 is not propagated,
instead NT_STATUS_NO_LOGON_SERVERS/authoritative=1 is
passed along the chain if there's no other DC is available.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

s3:winbindd: make use of reset_cm_connection_on_error() in winbind_samlogon_retry_loop()

Note this is more than a simple invalidate_cm_connection() as it may set
domain->conn.netlogon_force_reauth = true, which is important in order
to recover from NT_STATUS_RPC_SEC_PKG_ERROR errors.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

s3:winbindd: let winbind_samlogon_retry_loop() always start with authoritative = 1

Otherwise we could treat a local problem as non-authoritative.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

s3:winbindd: make use of reset_cm_connection_on_error() for winbindd_lookup_{names,sids}()

Note this is more than a simple invalidate_cm_connection() as it may set
domain->conn.netlogon_force_reauth = true.

This is not strictly needed as the callers call
reset_cm_connection_on_error() via reconnect_need_retry().
But it might avoid one roundtrip.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

s3:winbindd: call reset_cm_connection_on_error() in wb_cache_query_user_list()

This is mostly for consistency, every remote call should call
reset_cm_connection_on_error(). Note this is more than
a simple invalidate_cm_connection() as it may set
domain->conn.netlogon_force_reauth = true.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

ctdb-tests: Run ShellCheck on event-script unit test support scripts

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Jul  5 12:16:57 UTC 2023 on atb-devel-224

ctdb-tests: Avoid ShellCheck warnings

These are all trivial, so handle them in bulk.

* Change code to avoid (approximately sorted by frequency):

  SC2004 $/${} is unnecessary on arithmetic variables.
  SC2086 Double quote to prevent globbing and word splitting.
  SC2162 read without -r will mangle backslashes.
  SC2254 Quote expansions in case patterns to match literally rather than as a glob.
  SC2154 (warning): <variable> is referenced but not assigned.
  SC3037 (warning): In POSIX sh, echo flags are undefined.
  SC2016 (info): Expressions don't expand in single quotes, use double quotes for that.
  SC2069 (warning): To redirect stdout+stderr, 2>&1 must be last (or use '{ cmd > file; } 2>&1' to clarify).
  SC2124 (warning): Assigning an array to a string! Assign as array, or use * instead of @ to concatenate.
  SC2166 (warning): Prefer [ p ] && [ q ] as [ p -a q ] is not well defined.
  SC2223 (info): This default assignment may cause DoS due to globbing. Quote it.

* Locally disable checks:

  SC2034 (warning): <variable> appears unused. Verify use (or export if used externally).
  SC2086 (info): Double quote to prevent globbing and word splitting. [once]
  SC2120 (warning): <function> references arguments, but none are ever passed.
  SC2317 (info): Command appears to be unreachable. Check usage (or ignore if invoked indirectly).

While touching reads for SC2162, switch unused variables to "_"
instead of "_x", which seems to be preferred by ShellCheck.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Andreas Schneider <asn@samba.org>

ctdb-tests: Avoid ShellCheck warning SC2059

  SC2059 (info): Don't use variables in the printf format string. Use printf '..%s..' "$foo".

Move the format string to the function and just parameterise the share
type.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Andreas Schneider <asn@samba.org>

ctdb-tests: Avoid ShellCheck warnings SC2046, SC2005

In ./tests/UNIT/eventscripts/scripts/local.sh line 328:
echo $(ctdb ifaces -X | awk -F'|' 'FNR > 1 {print $2}')
             ^-- SC2046 (warning): Quote this to prevent word splitting.
             ^-- SC2005 (style): Useless echo? Instead of 'echo $(cmd)', just use 'cmd'.

Use xargs to get output on 1 line.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Andreas Schneider <asn@samba.org>

ctdb-tests: Drop unreachable code

This generates ShellCheck warnings:

In ./tests/UNIT/eventscripts/scripts/60.nfs.sh line 412:
if [ -n "$service_check_cmd" ]; then
                                 ^----------------^ SC2031 (info): service_check_cmd was modified in a subshell. That change might be lost.

In ./tests/UNIT/eventscripts/scripts/60.nfs.sh line 413:
if eval "$service_check_cmd"; then
                                         ^----------------^ SC2031 (info): service_check_cmd was modified in a subshell. That change might be lost.

service_check_cmd will never be set here because it is only set in a
sub-shell in rpc_set_service_failure_response().

This reverts some of commit 713ec217507d2f0d5f516efc45c8cd8773fccc14.

If testcases requiring use of service_check_cmd are later added then
this will need to be redone properly.  This would probably start by
renaming this function nfs_iterate_rpc_test().

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Andreas Schneider <asn@samba.org>

ctdb-tests: Reformat with "shfmt -w -p -i 0 -fn"

Best reviewed with "git show -w".

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Andreas Schneider <asn@samba.org>

ctdb-tests: Drop unused test code for tunables

This is unused since loading tunables was moved to ctdbd.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Andreas Schneider <asn@samba.org>

ctdb-tests: Avoid ShellCheck warning SC2086

  SC2086 Double quote to prevent globbing and word splitting.

Apparently ShellCheck is more picky about some of these than it used
to be.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Andreas Schneider <asn@samba.org>

ctdb-scripts: Avoid ShellCheck warnings SC2317, SC2086

New in ShellCheck 0.9.0:

  SC2317 (info): Command appears to be unreachable. Check usage (or ignore if invoked indirectly).

Also:

  SC2086 (info): Double quote to prevent globbing and word splitting.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Andreas Schneider <asn@samba.org>

ctdb-tools: Avoid ShellCheck warning SC2317

New in ShellCheck 0.9.0:

  SC2317 (info): Command appears to be unreachable. Check usage (or ignore if invoked indirectly).

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:libads: re-initialize num_requests to 0 for cldap_ping_list retries

Commit 8132edf119757ee91070facffef016c93de9c2a6 introduced a retry loop
arround cldap_multi_netlogon(), but it forgot to reset num_requests to 0
for the retries.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15416

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jul  5 11:17:43 UTC 2023 on atb-devel-224

s3-net: no secrets access required when processing a ODJ provisioning

It should be possible to call "net offlinejoin provision" as non-root,
no access to secrets.tdb required in that case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15414

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Jul  5 09:23:22 UTC 2023 on atb-devel-224

s3:include: Fix code spelling

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jul  5 07:32:15 UTC 2023 on atb-devel-224

s4:client: Fix code spelling

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>

s3:auth: Use new debug macros for logging

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>

s3:auth: Fix code spelling

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>

selftest: Fix code spelling

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>

script: Fix code spelling

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>

python:tests: Fix code spelling

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>

libcli/smb: Remove unused fallback case for ALLOW_GNUTLS_AEAD_CIPHER_ENCRYPTV2_AES_GCM

We now require a GnuTLS version that is not impacted for AES-GCM
(fixed in 3.6.11, we require 3.6.13).

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jul  4 07:42:35 UTC 2023 on atb-devel-224

build: We don't need SEEKDIR_RETURNS_VOID

We don't call seekdir() in source3 anymore

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Jul  3 20:40:05 UTC 2023 on atb-devel-224

lib: Move IO_REPARSE_TAG_NFS subtypes to toplevel

They should be generally available

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

lib: Translate ENXIO to NT_STATUS_ILLEGAL_FUNCTION

ENXIO is returned when trying to openat() a unix domain socket or a
FIFO without anything at the other end. [MS-ERREF] has
ILLEGAL_FUNCTION as "The specified handle is not open to the server
end of the named pipe.", which comes pretty close to me.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Fix a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

error_inject: Reduce indentation with an early return

Review with "git show -b"

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

torture4: Fix an error message

The fsctl is called FSCTL_SET_ZERO_DATA

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

tests: Enable a few tests for FreeBSD

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Save 76 bytes of .text

Probably not really measurable, but as this is a pretty frequently
accessed table, maybe this saves us some cache misses. And it's very
cheap to get :-)

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Avoid a direct reference to smb_messages[]

That's what we have smb_fn_name() for

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbclient3: Use talloc_asprintf(), no explicit SAFE_FREE required

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

utils3: Remove the "split_tokens" utility

This is not tested as far as I can see, and as this is explicity meant
as a testing utility I think we can live without it.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

wb_dsgetdcname: don't use stack variables for async code

This is not really a problem because we call ndr_push from
with a _send() function, but still we leave dangling pointers
arround...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Jacke <bjacke@samba.org>
Autobuild-User(master): Björn Jacke <bjacke@samba.org>
Autobuild-Date(master): Sun Jul  2 17:42:56 UTC 2023 on atb-devel-224

wb_dsgetdcname: log also the domain name for failures

Signed-off-by: Björn Jacke <bjacke@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

wb_dsgetdcname.c: move common message to higher log level

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

wb_dsgetdcname.c: don't use statis log level numbers

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tallocmsg.c: move info log message to appropriate level

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

garbage_collect_tombstone.c: use DBG* macros instead of static numeric log levels

Some log levels changed slightly because the macros don't cover all the
previously used levels.

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

garbage_collect_tombstones.c: move info log message to appropriate level

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

winbindd_cache.c: use DBG* macros instead of static log level numbers

Some log levels changed slightly because the macros don't cover all the
previously used levels.

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

winbindd_cache.c: move some some notice messages from ERR to NOTICE level

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

winbindd_cache: adjust some debug levels to more appropriate severities

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

build: Remove unused check for SHA1_Update and SHA1_RENAME_NEEDED

I can not find the code that required this, even in the history.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jun 30 14:59:46 UTC 2023 on atb-devel-224

Remove redundant check and fallback for AES CMAC 128 as we now require GnuTLS 3.6.13

This allows us to remove a lot of conditionally compiled code and so
know with more certainly that our tests are covering our code-paths.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

crypto: Remove aesni-intel accelerated AES crypto functions

These will shortly be unused as we will rely on GnuTLS for all AES cryptography
now that we require GnuTLS 3.6.13

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Remove rudundent check and fallback for AES CFB8 as we now require GnuTLS 3.6.13

This allows us to remove a lot of conditionally compiled code and so
know with more certaintly that our tests are covering our codepaths.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Remove rudundent check/workaround for buggy GnuTLS 3.5.2 as we now require GnuTLS 3.6.13

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Remove rudundent check for gnutls_pkcs7_get_embedded_data_oid as we now require GnuTLS 3.6.13

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Remove check for gnutls_set_default_priority_append as it unused

This became unused with d30865014569f4b9a1261d9f0c40bc4fc98f883e

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

crypto: Rely on GnuTLS 3.6.13 and gnutls_pbkdf2()

This removes a lot of inline #ifdef and means this feature is always tested.

We can do this as we have chosen GnuTLS 3.6.13 as the new minimum version.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

build: Set minimum required GnuTLS version to 3.6.13

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

smbd: Merge openat_pathref_fsp_nosymlink() into _internal()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Jun 30 11:43:46 UTC 2023 on atb-devel-224

smbd: Factor out create_open_symlink_err()

3 times talloc_zero() and read_symlink_reparse() makes a nice separate
function.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

smbd: Remove "atname" from smbd_dirptr_get_entry()'s mode_fn

Unused.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

smbd: Rewrite smbd_dirptr_get_entry()

Move filtering of entries, in particular symlinks, fully into
smbd_dirptr_get_entry(). Before, this was hidden in magic code inside
openat_pathref_fsp() and the mode_fn()s. Changing anything file open
code led to changes in very distant code paths because of unforeseen
consequences to directory listing. This change centralizes the
decision what directory entries to show into
smbd_dirptr_get_entry(). It uses openat_pathref_fsp_nosymlink()
without any symlink magic. It might need some tweaking when we also
want to show other special files, but this will hopefully be easier.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

smbd: Factor out full_path_from_dirfsp_at_basename()

Will use this logic in the next patch

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

smbd: Introduce dir_fname helper var in smbd_dirptr_get_entry()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

smbd: Modernize two DEBUG statements

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

smbd: Pass name and stat_ex to dos_mode_msdfs()

We'll use it in a place without a smb_fname soon.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>