s3:utils: Call gfree_all() before exit in smbget

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:utils: Call gfree_all() before exit in smbfilter

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:utils: Remove trailing white spaces in smbfilter.c

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:utils: Call gfree_all() before exit in smbcquotas

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:utils: Call gfree_all() before exit in smbcontrol

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:utils: Call gfree_all() before exit in smbcacls

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:utils: Call gfree_all() before exit in sharesec

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:utils: Call gfree_all() before exit in regedit

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:utils: Call gfree_all() before exit in pdbedit

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:utils: Call gfree_all() before exit in ntlm_auth

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:utils: Call gfree_all() before exit in net

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:rpc_server: Correctly reset DEVMODE bit

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Oct 25 21:40:33 UTC 2023 on atb-devel-224

python: getopt: HostOptions and other option groups inherit from samba OptionGroup class

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Oct 25 00:31:37 UTC 2023 on atb-devel-224

netcmd: auth policy: add OptionGroup classes for user, service and computer options

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python: netcmd: make use of HostOptions for claims and sites commands

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python: getopt: Add HostOptions to avoid need to manually add -H

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python: netcmd: make use of required flag on Option for claims commands

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python: getopt: implement required flag on options and OptionParser

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python: getopt: subclass OptionParser to populate option_class

The option_class needs to be set correctly for OptionGroups that use self.add_option

Override OptionParser `__init__` to change the default Option class to the samba one.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

netcmd: tests: stop checking for ERROR prefix from CommandError

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python: netcmd: remove OptionError alias to OptionValueError

The other methods in this file already raise optparse.OptionValueError
directly, except for two older ones.

They are using an alias which changes the name to OptionError, the
confusing part about this is that optparse.OptionError actually does
exist, so the incorrect alias needs to be removed.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python: netcmd: catch parent exception class OptParseError instead

This covers both OptionError and OptionValueError

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python: getopt: rename SambaOption to Option

 * Nothing uses SambaOption directly, everything imports it through samba.netcmd.Option
 * Avoid an unnecessary rename on import

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python: netcmd: parser class in getSamDB should set option_class

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python: netcmd: fix import grouping and sorting in base first

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python: netcmd: remove redundant Option subclass

Instead, just import SambaOption as Option, so all the existing commands don't need changing.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python: netcmd: SUPPRESS_HELP constant has no effect here

Where it is used, on a few options, the constant should be used
directly instead.

This means that in the following commit, the Option subclass of
SambaOption can be removed, as it will become redundant.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python: netcmd: dbcheck: fix import grouping and order

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python: netcmd: ntacl: fix import grouping and order

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python: tests: fix some hidden tab characters in tests.py

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python: add docstrings to Validator and ValidationError

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python: move Validator base class and ValidationError to getopt

It makes more sense for these to exist in the top package, because they are used by SambaOption.

validators.py can still exist in netcmd, just not the base class and exception.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python: getopt: move validators logic to parent class

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

netcmd: don't turn exception into CommandError in run_validators

It's the wrong place to do it.

Instead, let it raise the original exception, capture it in _run, and
call existing show_command_error method.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

netcmd: PEP8: minor whitespace fix, file did not pass PEP8

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

netcmd: move comment above class to docstring

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

netcmd: correctly pass Samba option class to OptionParser

On OptionGroups it will set option_class and then this gets used by self.add_option

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python: getopt: move SambaOption to the top of the file

This is needed for the next commit

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python: getopt: correctly group and sort imports

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python: getopt: update super calls to python3 style

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python: move comment for check_bytes to docstring

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python: PEP8 fixup whitespace in getopt.py first

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

netcmd: tests: make check_run and related methods classmethod for consistency

Before that only run_command was turned into a @classmethod, but not
the other related methods which were left unchanged, this made it
inconsistent.

Some of these methods need to be called from setUpTestData so they
really need to be @classmethod anyway.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests: minor indentation and whitespace fixes

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

smbtorture: add test for fruit:validate_afpinfo option

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Oct 24 22:30:06 UTC 2023 on atb-devel-224

vfs_fruit: add option fruit:validate_afpinfo = yes|no (default: yes)

Allows disabling validation of AfpInfo stream data. It seems in data migration
scenarios from other SMB servers to Samba with fruit, somehow such invalid
streams are present on the source SMB server and can't be copied to Samba.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s4:torture: Produce more output to help debug smb2.multichannel.bugs.bug_15346

Print the time (as reckoned by tevent) at which each ‘negprot done’ and
‘echo done’ message is produced, and print another message if one of the
requests times out.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15498

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Oct 24 15:51:40 UTC 2023 on atb-devel-224

lib/torture: Add torture_assert_size_*() macros

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15498

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>

lib/torture: Use portable format specifiers

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15498

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>

clang-format: sort alphabetically

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Oct 24 14:47:57 UTC 2023 on atb-devel-224

clang-format: tweak config to bring us closer to README.Coding.

I'm enabling "AllowAllArgumentsOnNextLine" because that's longstanding practice
with many many function calls like tevent_req_callback_data() and
tevent_req_data() and imho results in the most readable code at the place where
this is often seen (variable declartions with tevent_req_* stuff).

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:/winbindd: remove parse_domain_user_fstr

Last caller of parse_domain_user_fstr has been removed so
we can safely remove the function

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Tue Oct 24 13:47:16 UTC 2023 on atb-devel-224

s3/winbindd: use parse_domain_user instead of parse_domain_user_fstr

In canonicalize_username replace use of parse_domain_user_fstr
with parse_domain_user

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3/winbindd: replace use of parse_domain_user_fstr with parse_domain_user

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3/winbindd: replace parse_domain_user_fn with parse_domain_user

In winbindd_getgrnam_send use parse_domain_user instead of
parse_domain_user_fstr

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3/winbindd: use parse_domain_user instead of parse_domain_user_fstr

In winbindd_ccache_ntlm_auth replace use of parse_domain_user_fstr
with parse_domain_user

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3/winbindd: use parse_domain_user instead of parse_domain_user_fstr

in winbindd_getpwnam_send replace parse_domain_user_fstr with
parse_domain_user

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3/winbindd: use parse_domain_user_fstr instead of parse_domain_user

in winbindd_getgroups_send replace parse_domain_user_fstr
with parse_domain_user

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3/winbindd: Add new parse_domain_user function

Adds a new parse_domain_user function which doesn't use fstrings
but instead uses talloc allocated out strings (created from passed in
ctx)

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3/winbindd: rename parse_domain_user to parse_domain_user_fstr

prepare to port parse_domain_user function to not use fstrings.
rename function parse_domain_user (and all callers) to use
parse_domain_user_fstr

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3/winbindd: remove canonicalize_username_fstr

not longer any callers to canonicalize_username_fstr so it
can be removed

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3/winbindd: in winbindd_pam_chauthtok_send use canonicalize_username

replace use of canonicalize_username_fstr with canonicalize_username

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3/winbindd: in winbindd_pam_auth_send use canonicalize_username

replace use of canonicalize_username_fstr with canonicalize_username

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3/winbindd: in winbindd_pam_logoff_send use canonicalize_username

replace use of canonicalize_username_fstr with canonicalize_username

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3/winbindd: in winbindd_ccache_save use canonicalize_username

replace use of canonicalize_username_fstr with canonicalize_username

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3/winbindd: Add new canonicalize_username function

Add a mew canonicalize_username replacement function for
canonicalize_username_fstr which doesn't use fstrings but instead
uses talloc allocated strings

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3/winbindd: rename canonicalize_username to canonicalize_username_fstr

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3/winbind: Ensure parse_domain_user() can't write beyond the end of domain[]

fail if we try to write beyond the fstring boundry

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15467
Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

smb2_server: monitor connections with TEVENT_FD_ERROR

By asking for TEVENT_FD_ERROR we're able to fail early
when a connection to a client is broken.

In that case it does not make any sense to process
pending requests in the recv queue as it's not
possible to deliver the response to the client anyway.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Oct 24 10:32:56 UTC 2023 on atb-devel-224

s3:rpc_server: make use of tstream_bsd_fail_readv_first_error(true)

This avoids doing useless work in case the client connection
is already broken.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:rpc_server: make use of tstream_bsd_fail_readv_first_error(true)

This avoids doing useless work in case the client connection
is already broken.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:service_named_pipe: make use of tstream_bsd_fail_readv_first_error(true)

This avoids doing useless work in case the client connection
is already broken.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli/named_pipe_auth: let tstream_npa_existing_socket use tstream_bsd_fail_readv_first_error(true)

This avoids doing useless work in case the client connection
is already broken.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:wrepl_server: make use of tstream_bsd_fail_readv_first_error(true)

This avoids doing useless work in case the client connection
is already broken.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:libcli/wrepl: make use of tstream_bsd_fail_readv_first_error(false)

As a client we want recv pending responses even if the server
already closed the connection.

While tstream_bsd_fail_readv_first_error(false) is the default for
tstream_bsd, the wins replication protocol is special as it has
a way to switch server and client roles on an existing tcp connection.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:ntp_signd: make use of tstream_bsd_fail_readv_first_error(true)

This avoids doing useless work in case the client connection
is already broken.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:libsmb: the unexpected handler use tstream_bsd_fail_readv_first_error(true)

This avoids doing useless work in case the client connection
is already broken.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dns_server: make use of tstream_bsd_fail_readv_first_error(true)

This avoids doing useless work in case the client connection
is already broken.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:ldap_server: make use of tstream_bsd_fail_readv_first_error(true)

This avoids doing useless work in case the client connection
is already broken.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:kdc: make use of tstream_bsd_fail_readv_first_error(true)

This avoids doing useless work in case the client connection
is already broken.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

lib/tsocket: add tstream_bsd_fail_readv_first_error()

This gives the caller the option to fail immediately if
TEVENT_FD_ERROR appear even with pending bytes in the
recv queue.

Servers typically want to activate this in order to avoid
pointless work, while clients typically want to read
pending responses from the recv queue.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

lib/tsocket: make use of TEVENT_FD_ERROR in tstream_bsd_fde_handler()

This makes the logic introduced to fix bug #15202 simpler.

While developing this I noticed that a lot of callers
rely on the fact that they can read the pending bytes out
of the recv queue before EOF is reported.

So I changed the code handle TEVENT_FD_ERROR together with
TEVENT_FD_READ in a way that keep the existing callers happy.

In the next step we'll add a way to let callers opt-in in order
to fail immediately if TEVENT_FD_ERROR appears (even if there
are pending bytes remaining in the recv queue).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15202

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

lib/tsocket: let tstream_bsd_connect_send() use TEVENT_FD_ERROR instead of TEVENT_FD_READ

This mostly cosmetic, but now that we have TEVENT_FD_ERROR we should use it.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

lib/async_req: let writev_send/recv use TEVENT_FD_ERROR

Unless err_on_readability is true, we use TEVENT_FD_READ only
to detect errors. Now that we have TEVENT_FD_ERROR we should use it.

As a side effect it makes the code much simpler and clearer, as
we can directly map TEVENT_FD_ERROR to EPIPE.

In addition the err_on_readability=true case is now also
clearer, where we just map TEVENT_FD_READ to EPIPE.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

lib/async_req: let async_connect_send use TEVENT_FD_ERROR instead of TEVENT_FD_READ

This mostly cosmetic, but now that we have TEVENT_FD_ERROR we should use it.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

lib/tsocket: make use of samba_socket_sock_error()

This is nicer than calling getsockopt(state->fd, SOL_SOCKET, SO_ERROR)
directly.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

lib/tsocket: make use of samba_socket_poll_or_sock_error()

This is just a copy of the existing code...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

lib/util: add samba_socket_{poll,sock,poll_or_sock}_error()

These are copies of the static functions in lib/tsocket/tsocket_bsd.c,
which we will replace in the next commit.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:kdc: Add device to Authenticated Users for authentication policy evaluation

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Oct 24 01:59:32 UTC 2023 on atb-devel-224

s4:kdc: Add a flag indicating that the device should be added to Authenticated Users

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:kdc: Add device to default groups for authentication policy evaluation

This means that expressions like ‘Device_Member_of(WD)’ will now work,
as they should.

It *also* means that expressions like ‘Device_Member_of(NU)’ will work,
even though they shouldn’t. This is because we consider SID_NT_NETWORK
to be a default group.

Our new behaviour may be wrong, but at least it’s now consistent with
the behaviour of user‐relative expressions like ‘Member_of(WD)’ and
‘Member_of(NU)’.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:kdc: Add a flag indicating that the device should be added to the default groups

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:kdc: Make a copy of the device SIDs to be placed in the security token

We shall need to add extra SIDs on the end.

View with ‘git show -b’.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Test whether the device belongs to some default groups

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Work around Samba’s incorrect krbtgt principal handling

These tests fail only because they are using the ‘krbtgt@REALM’ form of
the krbtgt principal that Samba doesn’t handle correctly.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Remove unnecessary target_creds variables

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:kdc: Permit RODC‐issued evidence tickets for constrained delegation

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Oct 19 22:39:19 UTC 2023 on atb-devel-224

s4:kdc: Add flag to indicate the upper sixteen bits of the kvno are specified

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:kdc: Use HDB flag constants instead of SDB ones

These flags are passed to us by Heimdal, and so they are HDB flags, not
SDB flags.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:kdc: Always regard device info when the client performs RBCD

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>