TODO rtld_next_vsyscall

Revert "libnetapi.idl account/password"

This reverts commit bee4932a1b2ed7e0716061492c79db89c6dab6e5.

libnetapi.idl account/password

Revert "NOT NEEDED??? s3:winbindd: ldap_reconnect_need_retry() source3/winbindd/winbindd_reconnect_ads.c"

This reverts commit 5b7d69b233aba793269f54e3ff54d22e840cbc9e.

NOT NEEDED??? s3:winbindd: ldap_reconnect_need_retry() source3/winbindd/winbindd_reconnect_ads.c

source3/winbindd/winbindd_cm.c dcip_check_name_ads => ads_connect_anon

s3:winbindd: we don't need ads_kdestroy(WINBIND_CCACHE_NAME); anymore

Signed-off-by: Stefan Metzmacher <metze@samba.org>

s3:winbindd: make use of pdb_get_trust_credentials() in ads_cached_ldap_connection/ads_cached_connection_connect

This way we avoid ads_connect() and use ads_connect_creds() instead.
It also means we no longer use KRB5CCNAME/WINBIND_CCACHE_NAME.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

s3:winbindd: let ads_cached_connection() use ads_cached_ldap_connection()

The only thing we loose here is WINBINDD_PAM_AUTH_KRB5_RENEW_TIME,
but that's not really useful for machine passwords, which are always
available from local storage.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

s3:winbindd: split out ads_cached_ldap_connection()

This will be reused in ads_cached_connection() soon.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

s3:winbindd: let ads_idmap_cached_connection() pass wb_dom->name to ads_cached_connection_connect()

The value is the same, but it simplifies further changes.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

s3:winbindd: let ads_idmap_cached_connection() use the correct password the use auth_realm

Signed-off-by: Stefan Metzmacher <metze@samba.org>

s3:winbindd: introduce a creds_dom variable in ads_cached_connection_connect()

This way we can simplify the code a lot.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

s3:winbindd: let ads_cached_connection_connect() use realm = our_domain->alt_name

If lp_realm() has a useful value it means our primary domain has alt_name set,
so we can simplify the code.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

s3:winbindd: we don't need to copy realm in ads_idmap_cached_connection()

ads_cached_connection_connect() also handles auth_realm == NULL
and returns an error, so no need for an assert.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

s3:winbindd: try realm based SAF cache in ads_idmap_cached_connection()

s3:winbindd: move find_domain_from_name() further up in ads_idmap_cached_connection()

s3:winbindd: avoid allocating ads_struct on a stackframe

Allocating it first on the stackframe and them moving it
to a longterm context, leaks the stackframe.

So we first allocate it on the final memory context
and reparent it to the stackframe in order to
have it cleaned up correctly on error.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

libgpo/pygpo: make use of ads_connect_creds() and ads_connect_machine()

source3/libsmb/namequery_dc.c use ads_connect_anon

source3/printing/nt_printing_ads.c ads_connect_machine => ads_kdestroy("MEMORY:prtpub_cache");

cli_credentials_set_ccache() free_dccache => free_mccache (optional)

add ads_connect_machine()

source3/libads/ldap.c make use of ads_connect_anon() where possible

sq add ads_connect_anon()

sq source3/utils/net_ads.c use ads_connect_anon()

add ads_connect_anon()

SPLIT source3/utils/net_ads.c use ads_connect_creds()

libnet_connect_ads() make use of ads_connect_creds()

pass creds to libnet_connect_ads()

add ads_simple_creds

HACK debug net ads join libads machine libnet_join_connect_ads_machine() failing

sq ads_prepare_krb5

ads_legacy_creds ads->auth.ccache_name

ads_legacy_creds move cli_credentials_set_ccache last???

FIX ads_legacy_creds cli_credentials_set_ccache...

HACK/DEBUG/FIX ads_prepare_krb5

sq ads_prepare_krb5...

Revert "TODO source3/librpc/idl/libnet_join.idl only admin_credentials"

This reverts commit 6a62df55785aa3742ce48363105f74e737788a18.

ads_prepare_krb5...

NEEDED? ads_legacy_creds cli_credentials_set_ccache

ads_prepare_krb5...

kdc_db_ctx->disable_db_enumeration

net_ads_leave only creds

source3/utils/py_net.c creds

TODO source3/librpc/idl/libnet_join.idl only admin_credentials

source3/utils/net_ pass r->in.admin_credentials = c->creds

source3/librpc/idl/libnet_join.idl admin_credentials

s3:libads: split out ads_connect_creds() and call it with ads_legacy_creds()

s3:libads: let ads_sasl_spnego_bind() use cli_credentials_get_unparsed_name()

We should only operate on the creds structure and
avoid using ads->auth.{user_name,realm}.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

s3:libads: let ads_sasl_spnego_bind() reset krb5_state at the end

In future we'll pass in creds from the caller, so we better
restore the original krb5_state at the end of ads_sasl_spnego_bind().

Signed-off-by: Stefan Metzmacher <metze@samba.org>

s3:libads: let ads_sasl_spnego_bind() use cli_credentials_get_kerberos_state()

We should only operate on the creds structure and avoid ads->auth.flags

Signed-off-by: Stefan Metzmacher <metze@samba.org>

Revert "NEEDED? ads_legacy_creds cli_credentials_set_ccache"

This reverts commit 626ab9e5711c9e125cf4dbbf0f8f8702e3180348.

NEEDED? ads_legacy_creds cli_credentials_set_ccache

s3:libads: split out ads_legacy_creds()

This is just a temporary change until the highlevel caller
will pass in a cli_credentials structure and we'll get rid of
ads->auth.{user_name,realm,password}.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

lib/cmdline/cmdline.c legacy_s3_kerberos

s3:libads: remove unused server_blob argument to ads_sasl_spnego_gensec_bind()

With libads we always have a valid target_service and target_hostname.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

TODO: docs-xml/smbdotconf/security/clientusedefaultkrb5ccache.xml

fix python/samba/getopt.py

source3/script/tests/test_smbclient_krb5.sh STEP3

TODO-SPLIT add --use-default-krb5-ccache to select the default ccache

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15018

Signed-off-by: Stefan Metzmacher <metze@samba.org>

source3/script/tests/test_smbclient_krb5.sh STEP2

lib/cmdline/cmdline.c --use-krb5-ccache= needs to export KRB5CCNAME

source3/script/tests/test_smbclient_krb5.sh STEP 1

lib/cmdline: skip the password prompt if we have a valid krb5 ccache

Signed-off-by: Stefan Metzmacher <metze@samba.org>

lib/cmdline: only call cli_credentials_get_password_and_obtained if needed

Signed-off-by: Stefan Metzmacher <metze@samba.org>

lib/cmdline: move cli_credentials_set_cmdline_callbacks to the end of POPT_CALLBACK_REASON_POST

Signed-off-by: Stefan Metzmacher <metze@samba.org>

s3:libsmb: avoid exporting KRB5CCNAME in cli_session_creds_prepare_krb5()

It's no longer needed for the gse module.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

s3:gse: get an explicit ccache_name from creds and require a valid cache

Signed-off-by: Stefan Metzmacher <metze@samba.org>

s3:gse: avoid prompting for a password that we don't use in the end

Currently we rely on a valid default credential cache being available
and don't make use of the password.

In future we'll do a kinit on demand, but that's for another day.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

s3:libsmb: let cli_session_creds_prepare_krb5() kinit into a ccache on creds

This will allow the gse module to get an explicit ccache_name from creds
and we'll avoid using the KRB5CCNAME environment variable in the next
commits.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

s3:libsmb: avoid prompting for a password if we have a valid krb5 ccache

Signed-off-by: Stefan Metzmacher <metze@samba.org>

s3:client: avoid cli_credentials_get_password() to check for a specified password

Using cli_credentials_get_password_obtained() is more lightweight as
it avoids a possible password prompt.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

s3:libsmb: let cli_tree_connect_creds() only call cli_credentials_get_password() if needed

Only legacy protocols need a password for share level authentication,
so avoid triggering the password prompt for the common case.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

auth/credentials: add cli_credentials_get_ccache_name_obtained()

It's often good to know if a credential structure already has
a valid kerberos credential cache attached, without the side
effect of doing a kinit and prompt for a password.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

auth/credentials: add cli_credentials_get_password_obtained()

It's often useful to know if a password was already explicitly
specified without triggering the password callback function.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

s3:libsmb: remove unused spnego_parse_negTokenInit() function

Signed-off-by: Stefan Metzmacher <metze@samba.org>

s3:libsmb: libcli/auth/spnego.h is not needed in cliconnect.c

Signed-off-by: Stefan Metzmacher <metze@samba.org>

s3:libads: remove unused ADS_AUTH_SIMPLE_BIND code

We have other code to test simple binds.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

s3:libads: avoid changing ADS->server.workgroup

ads_find_dc() uses c_domain = ads->server.workgroup and
don't expect it to get out of scope deep in resolve_and_ping_dns().

The result are corrupted domain values in the debug output.

Valgrind shows this:

 Invalid read of size 1
    at 0x483EF46: strlen (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
    by 0x608BE94: __vfprintf_internal (vfprintf-internal.c:1688)
    by 0x609ED49: __vasprintf_internal (vasprintf.c:57)
    by 0x5D2EC0F: __dbgtext_va (debug.c:1860)
    by 0x5D2ED3F: dbgtext (debug.c:1881)
    by 0x4BFFB50: ads_find_dc (ldap.c:570)
    by 0x4C001F4: ads_connect (ldap.c:704)
    by 0x4C1DC12: ads_dc_name (namequery_dc.c:84)
  Address 0xb69f6f0 is 0 bytes inside a block of size 11 free'd
    at 0x483CA3F: free (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
    by 0x4BFF0AF: ads_try_connect (ldap.c:299)
    by 0x4BFF40E: cldap_ping_list (ldap.c:367)
    by 0x4BFF75F: resolve_and_ping_dns (ldap.c:468)
    by 0x4BFFA91: ads_find_dc (ldap.c:556)
    by 0x4C001F4: ads_connect (ldap.c:704)
    by 0x4C1DC12: ads_dc_name (namequery_dc.c:84)
  Block was alloc'd at
    at 0x483B7F3: malloc (in /usr/lib/x86_64-linux-gnu/valgrind/vgpreload_memcheck-amd64-linux.so)
    by 0x60B250E: strdup (strdup.c:42)
    by 0x4FF1492: smb_xstrdup (util.c:743)
    by 0x4C10E62: ads_init (ads_struct.c:148)
    by 0x4C1DB68: ads_dc_name (namequery_dc.c:73)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14981

Signed-off-by: Stefan Metzmacher <metze@samba.org>

s3:libads: directly use kerberos without asking the server

Every AD DC supports kerberos so we can just use it without
asking the server (in an untrusted way) if kerberos is supported.
So remove another useless roundtrip.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

s3:libads: use GSS-SPNEGO directly without asking for supportedSASLMechanisms

Every AD DC supports 'GSS-SPNEGO' and that's the only one we use anyway,
so remove an unused roundtrip.

Signed-off-by: Stefan Metzmacher <metze@samba.org>

librpc/nbt: Avoid reading invalid member of union

WACK packets use the ‘data’ member of the ‘nbt_rdata’ union, but they
claim to be a different type — NBT_QTYPE_NETBIOS — than would normally
be used with that union member. This means that if rr_type is equal to
NBT_QTYPE_NETBIOS, ndr_push_nbt_res_rec() has to guess which type the
structure really is by examining the data member. However, if the
structure is actually of a different type, that union member will not be
valid and accessing it will invoke undefined behaviour.

To fix this, eliminate all the guesswork and introduce a new type,
NBT_QTYPE_WACK, which can never appear on the wire, and which indicates
that although the ‘data’ union member should be used, the wire type is
actually NBT_QTYPE_NETBIOS.

This means that as far as NDR is concerned, the ‘netbios’ member of the
‘nbt_rdata’ union will consistently be used for all NBT_QTYPE_NETBIOS
structures; we shall no longer access the wrong member of the union.

Credit to OSS-Fuzz.

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=38480

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15019

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Fri Jul  7 01:14:06 UTC 2023 on atb-devel-224

librpc:ndr: Fix overflow in ndr_push_expand

If ‘size’ was equal to UINT32_MAX, the expression ‘size+1’ could
overflow to zero.

This could result in inadequate memory being allocated, which could
cause ndr_pull_compression_xpress_huff_raw_chunk() to overflow memory
with zero bytes.

Credit to OSS-Fuzz.

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=57728

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15415

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

s3:rpc_server: Fix double blackslash issue in dfs path

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15400

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jul  5 20:24:35 UTC 2023 on atb-devel-224

s3:rpc_server: Initialize consumedcnt to 0 in _dfs_GetInfo()

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s3:tests: Add rpcclient 'dfsgetinfo' test

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15400

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: call exit_server_cleanly() to avoid panicking

The parent smdb forwards SIGTERM to its process group in order to kill all
children like the scavenger. This happens from a function registered via
atexit() which means the signal forwarding is happening very briefly before the
main smbd process exits. When exiting the pipe between smbd and scavenger is
closed which triggers a file event in the scavenger.

However, due to kernel sheduling it is possible that the file descriptor event
is received before the signal, where we call exit_server() which call
smb_panic() at the end.

Change the exit to exit_server_cleanly() and just log this event at level 2
which we already do.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15275

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jul  5 13:14:08 UTC 2023 on atb-devel-224

s3:winbindd: let winbind_samlogon_retry_loop() fallback to NT_STATUS_NO_LOGON_SERVERS

When we were not able to get a valid response from any DC we should
report NT_STATUS_NO_LOGON_SERVERS with authoritative = 1.

This matches what windows does. In a chain of transitive
trusts the ACCESS_DENIED/authoritative=0 is not propagated,
instead NT_STATUS_NO_LOGON_SERVERS/authoritative=1 is
passed along the chain if there's no other DC is available.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

s3:winbindd: make use of reset_cm_connection_on_error() in winbind_samlogon_retry_loop()

Note this is more than a simple invalidate_cm_connection() as it may set
domain->conn.netlogon_force_reauth = true, which is important in order
to recover from NT_STATUS_RPC_SEC_PKG_ERROR errors.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

s3:winbindd: let winbind_samlogon_retry_loop() always start with authoritative = 1

Otherwise we could treat a local problem as non-authoritative.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

s3:winbindd: make use of reset_cm_connection_on_error() for winbindd_lookup_{names,sids}()

Note this is more than a simple invalidate_cm_connection() as it may set
domain->conn.netlogon_force_reauth = true.

This is not strictly needed as the callers call
reset_cm_connection_on_error() via reconnect_need_retry().
But it might avoid one roundtrip.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

s3:winbindd: call reset_cm_connection_on_error() in wb_cache_query_user_list()

This is mostly for consistency, every remote call should call
reset_cm_connection_on_error(). Note this is more than
a simple invalidate_cm_connection() as it may set
domain->conn.netlogon_force_reauth = true.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15413

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

ctdb-tests: Run ShellCheck on event-script unit test support scripts

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Jul  5 12:16:57 UTC 2023 on atb-devel-224

ctdb-tests: Avoid ShellCheck warnings

These are all trivial, so handle them in bulk.

* Change code to avoid (approximately sorted by frequency):

  SC2004 $/${} is unnecessary on arithmetic variables.
  SC2086 Double quote to prevent globbing and word splitting.
  SC2162 read without -r will mangle backslashes.
  SC2254 Quote expansions in case patterns to match literally rather than as a glob.
  SC2154 (warning): <variable> is referenced but not assigned.
  SC3037 (warning): In POSIX sh, echo flags are undefined.
  SC2016 (info): Expressions don't expand in single quotes, use double quotes for that.
  SC2069 (warning): To redirect stdout+stderr, 2>&1 must be last (or use '{ cmd > file; } 2>&1' to clarify).
  SC2124 (warning): Assigning an array to a string! Assign as array, or use * instead of @ to concatenate.
  SC2166 (warning): Prefer [ p ] && [ q ] as [ p -a q ] is not well defined.
  SC2223 (info): This default assignment may cause DoS due to globbing. Quote it.

* Locally disable checks:

  SC2034 (warning): <variable> appears unused. Verify use (or export if used externally).
  SC2086 (info): Double quote to prevent globbing and word splitting. [once]
  SC2120 (warning): <function> references arguments, but none are ever passed.
  SC2317 (info): Command appears to be unreachable. Check usage (or ignore if invoked indirectly).

While touching reads for SC2162, switch unused variables to "_"
instead of "_x", which seems to be preferred by ShellCheck.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Andreas Schneider <asn@samba.org>

ctdb-tests: Avoid ShellCheck warning SC2059

  SC2059 (info): Don't use variables in the printf format string. Use printf '..%s..' "$foo".

Move the format string to the function and just parameterise the share
type.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Andreas Schneider <asn@samba.org>

ctdb-tests: Avoid ShellCheck warnings SC2046, SC2005

In ./tests/UNIT/eventscripts/scripts/local.sh line 328:
echo $(ctdb ifaces -X | awk -F'|' 'FNR > 1 {print $2}')
             ^-- SC2046 (warning): Quote this to prevent word splitting.
             ^-- SC2005 (style): Useless echo? Instead of 'echo $(cmd)', just use 'cmd'.

Use xargs to get output on 1 line.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Andreas Schneider <asn@samba.org>

ctdb-tests: Drop unreachable code

This generates ShellCheck warnings:

In ./tests/UNIT/eventscripts/scripts/60.nfs.sh line 412:
if [ -n "$service_check_cmd" ]; then
                                 ^----------------^ SC2031 (info): service_check_cmd was modified in a subshell. That change might be lost.

In ./tests/UNIT/eventscripts/scripts/60.nfs.sh line 413:
if eval "$service_check_cmd"; then
                                         ^----------------^ SC2031 (info): service_check_cmd was modified in a subshell. That change might be lost.

service_check_cmd will never be set here because it is only set in a
sub-shell in rpc_set_service_failure_response().

This reverts some of commit 713ec217507d2f0d5f516efc45c8cd8773fccc14.

If testcases requiring use of service_check_cmd are later added then
this will need to be redone properly.  This would probably start by
renaming this function nfs_iterate_rpc_test().

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Andreas Schneider <asn@samba.org>

ctdb-tests: Reformat with "shfmt -w -p -i 0 -fn"

Best reviewed with "git show -w".

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Andreas Schneider <asn@samba.org>

ctdb-tests: Drop unused test code for tunables

This is unused since loading tunables was moved to ctdbd.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Andreas Schneider <asn@samba.org>

ctdb-tests: Avoid ShellCheck warning SC2086

  SC2086 Double quote to prevent globbing and word splitting.

Apparently ShellCheck is more picky about some of these than it used
to be.

Signed-off-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Andreas Schneider <asn@samba.org>