s4 dsdb util: samdb_client_site_name clean up

* Initialise pointers to NULL
* replace talloc_free with TALLOC_FREE
* add goto exit to ensure memory deallocated correctly

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Feb 14 06:53:14 CET 2019 on sn-devel-144

s4 dsdb util: remove samdb_search_count

All the uses have been replaced with calls to dsdb_domain_count, so it
is no longer needed.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4 dsdb util: samdb_client_site_name use dsdb_domain_count

Replace the call to samdb_search_count with dsdb_domain_count. As this
is the only remaining caller of samdb_search_count, replacing it will
allow the removal of samdb_search_count.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4 rpc_server_samr: DomGeneralInformation use dsdb_domain_count

Use dsdb_domain_count instead of samdb_search_count to determine the
number of users, groups and aliases.  This gives a performance gain of
around 10%, reduces the total memory allocated and fixes the incorrect
count returned for aliases.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4 dsdb util: add dsdb_domain_count

This counts the number of objects that are in the domain,
provided a domain SID was supplied (otherwise it just
counts all the objects).

This routine avoids allocating memory for the full
result set by using a callback.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s2 decrpc samr: Add tests for QueryDomainInfo

Add tests for the number of domain users, groups and aliases returned by
QueryDomainInfo.

These tests revealed that the existing code was not checking the
returned elements to ensure they were part of the domain.

Signed-off-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

.gitlab-ci.yml: Make docker image name more explicit

The 'image' YAML tag implies a docker image, but for people who find
gitlab mysterious, let's make it blatantly obvious what we're doing
here.

+ added a comment
+ added 'DOCKER' to the variable names
+ removed 'BUILD', as we've now dropped this from all the job-names
+ tried to make the variable names consistent, both within the file and
WRT docker terminology

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Feb 14 03:51:21 CET 2019 on sn-devel-144

.gitlab-ci.yml: Include the actual command used by gitlab

Someone who finds gitlab mysterious will have no idea what $CI_JOB_NAME
should be, if they wanted to reproduce the autobuild job manually. It
should be trivial to include the actual command being run in the logs.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

.gitlab-ci.yml: Re-indent comments on test times

(some of these need to be updated, but for now improve the formatting)

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Tim Beale <timbeale@catalyst.net.nz>

.gitlab-ci.yml: Use .extends to avoid duplication of autobuild command

This should make our .gitlab-ci.yml file much less overwealming.

The downside is that $CI_JOB_NAME is printed rather than the job name
in the log, but the upside is that the names must now strictly match.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Tim Beale <timbeale@catalyst.net.nz>

.gitlab-ci.yml: Fix the registry as "registry.gitlab.com"

This is important as our team docker images are only in this registry, but
the .gitlab-ci.yml file is also run on other private GitLab hosts.

This partially undoes 8989916b5af6fed9c4c63035d4488583396b8c5a

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Tim Beale <timbeale@catalyst.net.nz>

.gitlab-ci.yml: add retries on runner_system_failure/stuck_or_timeout_failure

This hopefully avoids pipeline failures due too docker/runner
errors.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

.gitlab-ci*.yml: use 'extends: ' instead of YAML Anchors

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

.gitlab-ci*.yml: remove build_ prefixes

It's useless to see 'builf_samba_ad...' 7 times in the gitlab pipeline summary.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

.gitlab-ci.yml: print out more information in the before_script section

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

script/autobuild.py: add 'lsb_release -a' and 'mount' to system-info.txt

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

selftest:Samba4: wait for DNS names being registered

We can't reliable start tests without registered dns names.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

selftest:Samba4: report when samba is started and ready

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

samba_dnsupdate: make rodc_dns_update() more robust against timing problems

Without this we had an interesting race!

The messaging_dgm code caches connected datagram sockets based on the
destination pid for 1 second.

The fact that samba_dnsupdate constantly recreates its messaging
context (and the underlying datagram socket) means that we the winbindd
messaging context may get a stale connection. As a result sending any
message from winbindd back to samba_dnsupdate will result in
ECONNREFUSED.

That means the IRPC response from winbindd never reaches
samba_dnsupdate, which will then hit a timeout.

In turn samba_dnsupdate on the RODC times out.

This was a workaround for the problem, by having just one global
IRPC handle and thus just one messaging_dgm context.
The actual problem is solved a few commits before
("messages_dgm: Properly handle receiver re-initialization").
But we keep this as an performance optimization, which hopefully
means that the overall samba_dnsupdate is less likely to
timeout after the hardcoded 20 seconds.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

samba_dnsupdate: make it clear that opts.use_file is active and we're not using nsupdate

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

winbindd_irpc: remove unused winbind_DsrUpdateReadOnlyServerDnsRecords from wb_irpc_forward_state

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:setup: register ${NTDSGUID}._msdcs.${DNSFOREST} first in dns_update_list

After the A and AAAA records for the ${HOSTNAME} this is the most
important name.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

messages_dgm: Properly handle receiver re-initialization

This only properly covers the small-message nonblocking case. Covering
the large-message and the blocking case is a much larger effort assuming
we want to re-send the failed message if parts of the message has gone
through properly. Don't do that for now.

This was found by sanba_dnsupdate constantly recreating its irpc handle to
winbindd in the RODC case.

The messaging_dgm code cached connected datagram sockets based on the
destination pid for 1 second. Which means the IRPC responses from
winbindd are never delivered to samba_dnsupdate,
which will then hit a timeout.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13786

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

torture3: Extend read3 for the "messaging target re-inits" failure

Do ping_pong a hundred times, re-initializing the msg_ctx every time.

https://bugzilla.samba.org/show_bug.cgi?id=13786

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

messages_dgm: Use saved errno value

In this case this is just a cleanup, the value has just been set by
messaging_dgm_sendmsg. But as that already saves errno into a local
variable, use that.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13786

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

waf: Check for libnscd

The check was in the old autoconf, but not in waf. As the code is still
in source3/lib/util_nscd.c, add the check for libnscd to allow building
and using the code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13787

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Feb 13 17:58:33 CET 2019 on sn-devel-144

Make sure results from GetAttrString are decref'ed where needed

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett abartlet@samba.org
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Wed Feb 13 14:51:12 CET 2019 on sn-devel-144

Fix instances of PyDict_SetItem to decref the value

Although it would be better to use the BuildValue approach to
create the dictionares here, unfortunately the dictionaries created
here have key/values that are created dynamically (based on input params).

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett abartlet@samba.org

Fix mem leak with PyBytes_FromStringAndSize
Reviewed-by: Andrew Bartlett abartlet@samba.org

selftest: Only set clockskew to 5 seconds for MIT Kerberos

This was added in ac5427c6eba09134411f76a5e6f7e2643fa74eed as part of the MIT KDC
effort, but makes some tests much less reliable under high load.

As the Heimdal build does not need this, only specify for the MIT build.

Tested with an MIT AD DC build with:
 make test TESTS="samba3.raw.session samba3.smb2.session"

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Feb 13 05:49:43 CET 2019 on sn-devel-144

wafsamba/samba_utils.py: override symlink to allow force link

if bin is not empty and I have been sharing the samba tree into
a Vagrant environment and we run make, we get annoying linking error like this:

     File "~/samba/lib/tevent/wscript", line 130, in build
        installdir='python')
      File "./buildtools/wafsamba/wafsamba.py", line 745, in SAMBA_SCRIPT
        os.symlink(link_src, link_dst)
    FileExistsError: [Errno 17] File exists: '~/samba/lib/tevent/tevent.py' -> '~/samba/bin/default/../python/tevent.py'
    Makefile:7: recipe for target 'all' failed

Override the symlink method to allow force linking.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

selftest: Change backup/restore testenvs to use 1 prefork child

Recently the gitlab CI jobs were hitting memory resource limits and
using swap, which then caused test failures. The process model used in
the testenvs seemed to be contributing to this problem.

We can reduce the memory overhead of the restore/backup testenvs by
using 1 prefork child process instead of the default of 4 (kudos to
Garming for the idea). The tests run against these testenvs are basic
sanity-checks, rather than heavy-duty stress tests, so the number of
prefork workers shouldn't matter.

This is a bit of a tradeoff between testing the defaults that will
actually be used in production vs using limited resources efficiently on
shared CI runner machines.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

selftest: Use default 'prefork children' smb.conf setting

The default setting should be 4, so there should be no need to specify
this in the testenv smb.conf.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

ldb_dn: don't free a known NULL pointer

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

ldb_dn: remove unreachable code in dn_explode

Every time I look at this file, I spend a few minutes wondering how
these bits of code are ever run. Never again.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

replmd: move a if (ret) closer to ret source

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

dsdb: check NULL guid strings in la_fix_links

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

dsdb: linked attrs: check a talloc_new()

Also we can defer it past a thing that doesn't need or check for it.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

dsdb: make get_parsed_dns_trusted() a common helper function

We are already using it in two places, and are about to add a third.

The version in repl_meta_data.c did more work in the case that the
parsed_dns can't really be trusted to conform to the expected format;
this is now a wrapper called get_parsed_dns_trusted_fallback().

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

spelling of associated

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:utils: Add missing NULL check in rpc_fetch_domain_aliases()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Feb 13 00:52:25 CET 2019 on sn-devel-144

s3:locking: Add missing NULL check

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

CI: split out "samba-ad-dc-ntvfs[-py2]" test targets

Many AD tests currently use the "samba" target. Split out a new target
"samba-ad-dc-ntvfs" and have all tests that use the "ad_dc_ntvfs" env
use the new target. This should greatly speed up the runtime for the "samba"
target and avoid swapping.

This reduces the total CI time by ~ 55%, I got an autobuild and a gitlab
pipeline finished in just ~ 100 mins!

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Ralph Boehme <slow@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Feb 11 14:10:12 CET 2019 on sn-devel-144

dsdb/tests/vlv: use only one toplevel dn that is correctly cleaned up

Before "OU=vlvtestou2,%s" % (self.base_dn) was left behind after the
test.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

blackbox/dbcheck.sh: fix dbcheck_fix_one_way_links cleanup

Commit 35bfc62a31c9ad73449594ddd48f76f50e0abade changed
dbcheck to not regard old one-way-links as errors.

At that time the relavant trigger changed from
fix_all_string_dn_component_mismatch to
fix_all_old_dn_string_component_mismatch.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

selftest: improve debugging in dns_hub.py

We only print debug messages when the response is delayed by more than 2
seconds.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

selftest: Make dns_hub socket timeout match DNS_REQUEST_TIMEOUT

I was hitting the recv_packet = s.recv(2048, 0) exception because
the socket timeout was reached. We've seen it before, but it seemed more
common after changing the default process-model to prefork. This patch
makes the socket timeout used by the python code consistent with the C
code.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

docs-xml/smbdotconf: document export of SAMBA_CPS_{ACCOUNT,USER_PRINCIPAL,FULL}_NAME for check password script

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Feb 11 11:03:58 CET 2019 on sn-devel-144

s3:srv_samr_chgpasswd: export SAMBA_CPS_{ACCOUNT,USER_PRINCIPAL,FULL}_NAME for check password script

This is keep compatibility with the AD DC usage.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

selftest: require SAMBA_CPS_ACCOUNT_NAME in checkpassword_arg1.sh

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dsdb:util: export SAMBA_CPS_{ACCOUNT,USER_PRINCIPAL,FULL}_NAME for check password script

This allows the check password script to reject the username and other
things.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/user_check_password_script: add a test do disallow the username as password

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

selftest: make check password script more portable

We should not rely on Linux specific sed options.

grep -q also works on FreeBSD (tested on FreeBSD 12).

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:modules: Fix compilation of nfs41acl_xdr.c when building outside src

If the Samba build directory is outside its source directory, generation
of nfs41acl_xdr.c by rpcgen leads to improper include paths to nfs41acl.h.

This happens because rpcgen is designed to produce its generated file in the
same directory as the input template. If the build directory is not located
under the source directory, this relative path will be invalid and the header
will not be found.

Example:
 src dir is ~/samba-src
 bld dir is ~/samba-bld

rpcgen will use path ../../samba-src/source3/modules/nfs41acl.x
running from ~/samba-bld/default and nfs41acl_xdr.c will contain:
 #include "../../samba-src/source3/modules/nfs41acl.h"

This behaviour is fixed through an intermediate copy of the input file to
the build directory so that rpcgen receives the path as if located in src.

Also now we avoid generation of nfs41acl_xdr.c when HAVE_RPC_XDR_H is
not defined because it will not be used as part of the vfs_nfs4acl_xattr
module.

Signed-off-by: Aliaksei Karaliou <akaraliou@panasas.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:util: Move static file_pload() function to lib/util

file_pload() is static private function in Samba3 library, however it
does not have any special dependencies and might be widely used as
common function, so moving it into common samba-util library.

Signed-off-by: Aliaksei Karaliou <akaraliou@panasas.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:util: Move popen wrappers to lib/util

When linked into Samba3 libraries, sys_popen()/sys_pclose()
cannot be used in lower level libraries because of circular
dependencies.

This patch moves them into common samba-util library.

Signed-off-by: Aliaksei Karaliou <akaraliou@panasas.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

build: Don't generate kerberos_implementation.py if building without python

It is unnecessary to generate kerberos_implementation.py when python is
disabled.

Signed-off-by: Aliaksei Karaliou <akaraliou@panasas.com>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

build: Fixed usage of non-default path to WAFLOCK

If WAFLOCK environment variable is set, use it to override path
to WAF lock file in Samba build scripts.

Signed-off-by: Aliaksei Karaliou <akaraliou@panasas.com>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

dnsserver: Return access denied to the caller if the user was not a DNS admin

This is not a proper fix to match Windows, but at the very least, it
should be more obvious to users (using samba-tool for instance), that
the user needs to be given more access or that they should use the
administrator.

Windows seems to deny access altogether by returning a fault after they
have bound to the pipe and actually sent an operation.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13771

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

buildtools/wafsamba: Avoid decode when using python2

To avoid problematic type checking for 'str' types which fail
when result from str.decode is used.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13777

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libsmb,s3/smbd: dump SMB3+ session keys if debug parm is set

Use of previously added smb.conf global param.

Sample usage:

$ smbclient //localhost/scratch --option='debugencryption=yes' \
                                 -e -mSMB3 -U aaptel%aaptel -c quit
debug encryption: dumping generated session keys
Session Id    [0000] 26 48 BF FD 00 00 00 00                             &H......
Session Key   [0000] 63 D6 CA BC 08 C8 4A D2   45 F6 AE 35 AB 4A B3 3B   c.....J. E..5.J.;
Signing Key   [0000] 4E FE 35 92 AC 13 14 FC   C9 17 62 B1 82 20 A4 12   N.5..... ..b.. ..
App Key       [0000] A5 0F F4 8B 2F FB 0D FF   F2 BF EE 39 E6 6D F5 0A   ..../... ...9.m..
ServerIn Key  [0000] 2A 02 7E E1 D3 58 D8 12   4C 63 76 AE 59 17 5A E4   *.~..X.. Lcv.Y.Z.
ServerOut Key [0000] 59 F2 5B 7F 66 8F 31 A0   A5 E4 A8 D8 2F BA 00 38   Y.[.f.1. ..../..8

We can now simply pass -ouat:smb2_seskey_list:<sesid>,<seskey> to
wireshark or tshark:

$ tshark -ouat:smb2_seskey_list:2648BFFD00000000,63D6CABC08C84AD245F6AE35AB4AB33B \
          -Y smb2 -r capture.pcap -Tfields -e _ws.col.Info
Negotiate Protocol Response
Negotiate Protocol Request
Negotiate Protocol Response
Session Setup Request, NTLMSSP_NEGOTIATE
Session Setup Response, Error: STATUS_MORE_PROCESSING_REQUIRED, NTLMSSP_CHALLENGE
Session Setup Request, NTLMSSP_AUTH, User: WORKGROUP\aaptel
Session Setup Response
Tree Connect Request Tree: \\localhost\IPC$
Tree Connect Response
Decrypted SMB3;Ioctl Request FSCTL_DFS_GET_REFERRALS, File: \localhost\scratch
Decrypted SMB3;Ioctl Response, Error: STATUS_NOT_FOUND
Decrypted SMB3;Tree Disconnect Request
Decrypted SMB3;Tree Disconnect Response
Decrypted SMB3;Tree Connect Request Tree: \\localhost\scratch
Decrypted SMB3;Tree Connect Response
Decrypted SMB3;Tree Disconnect Request
Decrypted SMB3;Tree Disconnect Response

For more info on Wireshark decryption support see
https://wiki.samba.org/index.php/Wireshark_Decryption

Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Noel Power <npower@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Sat Feb  9 21:43:25 CET 2019 on sn-devel-144

docs-xml: add "debug encryption" global parm

Add debug option to dump in the log the session id & keys in smbd and
libsmb-based code for offline decryption.

Wireshark can make use of this to decrypt encrypted traffic.

Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Noel Power <npower@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

libcli: add getters for smb2 {signing,encryption,decryption} keys

Adds:
- smb2cli_session_signing_key()
- smb2cli_session_encryption_key()
- smb2cli_session_decryption_key()

Signed-off-by: Aurelien Aptel <aaptel@suse.com>
Reviewed-by: Noel Power <npower@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

s3:vfs: Correctly check if OFD locks should be enabled or not

Also the smb.conf options should only be checked once and a reload of
the config should not switch to a different locking mode.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Feb  9 03:43:50 CET 2019 on sn-devel-144

s3:vfs: Initialize pid to 0 in test_netatalk_lock()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s4: torture: vfs_fruit. Change test_fruit_locking_conflict() to match the vfs_fruit working server code.

Originally added for BUG: https://bugzilla.samba.org/show_bug.cgi?id=13584
to demonstrate a lock order violation, this test
exposed problems in the mapping of SMB1/2 share modes
and open modes to NetATalk modes once we moved to OFD locks.

Change the test slightly (and add comments)
so it demonstrates working NetATalk share modes
on an open file.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13770

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Feb  8 23:26:46 CET 2019 on sn-devel-144

s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility code.

This exhibited itself as a problem with OFD locks reported
as:

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13770

However, due to underlying bugs in the vfs_fruit
code the file locks were not being properly applied.

There are two problems in fruit_check_access().

Problem #1:

Inside fruit_check_access() we have:

flags = fcntl(fsp->fh->fd, F_GETFL);
..
if (flags & (O_RDONLY|O_RDWR)) {

We shouldn't be calling fcntl(fsp->fh->fd, ..) directly.
fsp->fh->fd may be a made up number from an underlying
VFS module that has no meaning to a system call.

Secondly, in all POSIX systems - O_RDONLY is defined as
*zero*. O_RDWR = 2.

Which means flags & (O_RDONLY|O_RDWR) becomes (flags & 2),
not what we actually thought.

Problem #2:

deny_mode is *not* a bitmask, it's a set of discrete values.

Inside fruit_check_access() we have:

if (deny_mode & DENY_READ) and also (deny_mode & DENY_WRITE)

However, deny modes are defined as:

/* deny modes */
define DENY_DOS 0
define DENY_ALL 1
define DENY_WRITE 2
define DENY_READ 3
define DENY_NONE 4
define DENY_FCB 7

so if deny_mode = DENY_WRITE, or if deny_mode = DENY_READ
then it's going to trigger both the if (deny_mode & DENY_READ)
*and* the (deny_mode & DENY_WRITE) conditions.

These problems allowed the original test test_netatalk_lock code to
pass (which was added for BUG: https://bugzilla.samba.org/show_bug.cgi?id=13584
to demonstrate the lock order violation).

This patch refactors the fruit_check_access()
code to be much simpler (IMHO) to understand.

Firstly, pass in the SMB1/2 share mode, not old
DOS deny modes.

Secondly, read all the possible NetAtalk locks
into local variables:

netatalk_already_open_for_reading
netatalk_already_open_with_deny_read
netatalk_already_open_for_writing
netatalk_already_open_with_deny_write

Then do the share mode/access mode checks
with the requested values against any stored
netatalk modes/access modes.

Finally add in NetATalk compatible locks
that represent our share modes/access modes
into the file, with an early return if we don't
have FILE_READ_DATA (in which case we can't
write locks anyway).

The patch is easier to understand by looking
at the completed patched fruit_check_access()
function, rather than trying to look at the
diff.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Böhme <slow@samba.org>

s4/registry/py: use unsigned ParseTuple format for unsigned value

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Fri Feb  8 17:09:51 CET 2019 on sn-devel-144

s4/messaging/py: use better format strings for variable types

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>

s4/librpc/py_misc: ParseTuple format should match actual types

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>

s3/libsmb/py: match input argument types with C types

If PyArg_ParseTupleAndKeywords() is given, say, an "H" format (meaning
unsigned short int) but the referenced variable is a plain unsigned
int, the top 16 bits of the variable will be left undefined. In that
case we should use an "I" format (and/or initialize the variable).

In many cases the change is fairly innocuous, such as when "i" and "I"
are mixed (for signed and unsigned ints respectively), but the
resulting write is the same size and probably gives the same result in
practice.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>

py_tevent: add_timer takes float argument

We were already using it that way.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Noel Power <npower@samba.org>

winbindd: Enhance xids2sids debugging

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Feb  8 13:30:32 CET 2019 on sn-devel-144

smbd: Avoid sending S-1-22- to winbind

Sending S-1-22-x to a typeless sids2xids call will make winbind prime
the reverse xids2sids cache, which is very likely the wrong mapping. Add
a check that avoids bothering the winbind pipe when it's clear this
can't work anyway.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>

winbind: Enhance xids2sids debugging

Print what was requested and returned

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>

torture4: Solaris cc can't deal with empty initializers

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>

build:docs: Get rid of hardcoded 'bin/default'

Build scripts for documentation still contain hardcoded path to build
destination rather than use proper final build path variables.

Signed-off-by: Aliaksei Karaliou <akaraliou@panasas.com>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>

build: Get rid of hardcoded 'bin/default' in includes

Removed occurrences of bin/default used in #include directive for
auto-generated headers residing in build directory.
Build system is capable of resolving path to such headers by itself
without extra hardcoded path to build directory.

Signed-off-by: Aliaksei Karaliou <akaraliou@panasas.com>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>

s4/scripting/bin: open unicode files with utf8 encoding and write unicode string

In files like `libcli/util/werror_err_table.txt` and `libcli/util/ntstatus_err_table.txt`,
there were unicode quote symbols at line 6:

    ...(“this documentation”)...

In `libcli/util/wscript_build`, it will run `gen_werror.py` and `gen_ntstatus.py`
to `open` above files, read content from them and write to other files.

When encoding not specified, `open` in both python 2/3 will guess encoding from locale.

When locale is not set, it defaults to POSIX or C, and then python will use
encoding `ANSI_X3.4-1968`.

So, on a system locale is not set, `make` will fail with encoding error
for both python 2 and 3:

    File "/home/ubuntu/samba/source4/scripting/bin/gen_werror.py", line 139, in main
        errors = parseErrorDescriptions(input_file, True, transformErrorName)
      File "/home/ubuntu/samba/source4/scripting/bin/gen_error_common.py", line 52, in parseErrorDescriptions
        for line in file_contents:
      File "/usr/lib/python3.5/encodings/ascii.py", line 26, in decode
        return codecs.ascii_decode(input, self.errors)[0]
    UnicodeDecodeError: 'ascii' codec can't decode byte 0xe2 in position 318: ordinal not in range(128)

In this case, we have to use `io.open` with `encoding='utf8'`.
However, then we got unicode strs and try to write them with other strs
into new file, which means the new file must also open with utf-8 and
all other strs have to be unicode, too.

Instead of prefix `u` to all strs, a more easier/elegant way is to enable
unicode literals for the python scripts, which we normally didn't do in samba.

Since both `gen_werror.py` and `gen_ntstatus.py` are bin scripts and no
other modules import them, it should be ok for this case.

Signed-off-by: Joe Guo <joeg@catalyst.net.nz>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Fri Feb  8 06:34:47 CET 2019 on sn-devel-144

lib/util: inline lib/util/util_runcmd.h again

samba_runcmd_state should not be exposed!

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Feb  8 02:54:20 CET 2019 on sn-devel-144

s4:dsdb:util: make use of samba_runcmd_export_stdin()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

lib/util: add samba_runcmd_export_stdin() helper function

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

docs-xml: "cluster addresses" dns registration

Bug 7871 added functionality to register smb.conf "cluster addresses"
when net ads dns register is called with clustering=yes, but the man
page was not updated. Add documentation for this behaviour.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): David Disseldorp <ddiss@samba.org>
Autobuild-Date(master): Thu Feb  7 21:33:15 CET 2019 on sn-devel-144

docs-xml: Update documentation for 'restrict anonymous' option

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Rowland Penny <rpenny@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

s3/lib/popt_common: use stack buffer in set_logfile()

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3/lib/popt_common: don't assume stackframe presence

popt_common_callback() should be leak-safe if a talloc stackframe isn't
available, as it's invoked early on.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

lib/debug: retain full string in state.prog_name global

setup_logging() retains a global pointer to the provided const string in
state.prog_name, which is later used in the debug_backend->reload()
callback.
Some setup_logging() callers, such as popt_common_callback(),
incorrectly assume that a dynamic buffer is safe to provide as a
prog_name parameter. Fix this by copying the entire string in
setup_logging().

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Clean up reference used with PyDict_Setxxx

PyDictSetxxx methods don't steal reference so if the items added
to the dictionary were created just for the purpose of inserting
into the dict then we need to decref them.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Thu Feb  7 17:17:46 CET 2019 on sn-devel-144

Cleanup (decref) some objects added to list.

PyList_Append doesn't steal references, so if the item created is
a temp object, created just to be added to the list we need to
 decref the item appended in order for it to be released.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

decref results of PyStr_FromString

Where we create temporary objects (which are added to containers)
these objects already get there ref count incremented. In this case
we need to decref those objects to ensure they are released.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

pidl: Fix Generated ndr python code to DECREF imported modules

Generated code calls Py_ImportModule but in all error returns
and also successful exit the code fails to decrement reference to
loaded modules in MODULE_INIT_FUNC function.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Cleanup references to module objects returned from PyImport_ImportModule

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Examine result of SetList (and prevent sending NULL to PyList_SetItem)

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Decrement references to python objects passed to Py_BuildValue

Py_BuildValue when processing format 'O' will
  'Pass a Python object untouched (except for its reference count,
   which is incremented by one'

Basically this means if you are using a new reference to a PyObject
to pass to BuildValue (to be used with the 'O' format) the reference
*isn't* stolen so you really do need to DECREF it in order to ensure
it gets cleaned up.

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

tldap: avoid more use after free errors

See the previous commit for an explanation. :)

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13776

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Feb  6 10:19:12 CET 2019 on sn-devel-144

tldap: avoid a use after free crash

I saw the following crash in tldap in the winbindd idmap child on a
member server after messing with the LDAP server on the DC:

0  0x00007f77ea9a307a in __GI___waitpid (pid=9815, stat_loc=stat_loc@entry=0x7ffe77569eb0, options=options@entry=0) at ../sysdeps/unix/sysv/linux/waitpid.c:29
1  0x00007f77ea91bfbb in do_system (line=<optimized out>) at ../sysdeps/posix/system.c:148
2  0x00007f77edd8c24b in smb_panic_s3 (why=0x7f77f08e6e88 "Bad talloc magic value - access after free") at ../source3/lib/util.c:828
3  0x00007f77f15afe85 in smb_panic (why=0x7f77f08e6e88 "Bad talloc magic value - access after free") at ../lib/util/fault.c:170
4  0x00007f77f08e2678 in talloc_abort (reason=0x7f77f08e6e88 "Bad talloc magic value - access after free") at ../lib/talloc/talloc.c:472
5  0x00007f77f08e268b in talloc_abort_access_after_free () at ../lib/talloc/talloc.c:477
6  0x00007f77f08e2710 in talloc_chunk_from_ptr (ptr=0x55da7605a020) at ../lib/talloc/talloc.c:494
7  0x00007f77f08e4a19 in _talloc_free (ptr=0x55da7605a020, location=0x7f77e181474d "../source3/lib/tldap.c:1918") at ../lib/talloc/talloc.c:1716
8  0x00007f77e180b65c in tldap_search_all_done (subreq=0x55da7605a020) at ../source3/lib/tldap.c:1918
9  0x00007f77f0af0fd0 in _tevent_req_notify_callback (req=0x55da7605a020, location=0x7f77e1813e50 "../source3/lib/tldap.c:47") at ../lib/tevent/tevent_req.c:125
10 0x00007f77f0af10a5 in tevent_req_finish (req=0x55da7605a020, state=TEVENT_REQ_USER_ERROR, location=0x7f77e1813e50 "../source3/lib/tldap.c:47") at ../lib/tevent/tevent_req.c:162
11 0x00007f77f0af1113 in _tevent_req_error (req=0x55da7605a020, error=9780923860630110289, location=0x7f77e1813e50 "../source3/lib/tldap.c:47") at ../lib/tevent/tevent_req.c:180
12 0x00007f77e180781a in tevent_req_ldap_error (req=0x55da7605a020, rc=...) at ../source3/lib/tldap.c:47
13 0x00007f77e180b2c4 in tldap_search_done (subreq=0x55da76058280) at ../source3/lib/tldap.c:1813
14 0x00007f77f0af0fd0 in _tevent_req_notify_callback (req=0x55da76058280, location=0x7f77e1813e50 "../source3/lib/tldap.c:47") at ../lib/tevent/tevent_req.c:125
15 0x00007f77f0af10a5 in tevent_req_finish (req=0x55da76058280, state=TEVENT_REQ_USER_ERROR, location=0x7f77e1813e50 "../source3/lib/tldap.c:47") at ../lib/tevent/tevent_req.c:162
16 0x00007f77f0af11cd in tevent_req_trigger (ev=0x55da760526c0, im=0x55da76058360, private_data=0x55da76058280) at ../lib/tevent/tevent_req.c:219
17 0x00007f77f0af0378 in tevent_common_loop_immediate (ev=0x55da760526c0) at ../lib/tevent/tevent_immediate.c:135
18 0x00007f77f0af8b8f in epoll_event_loop_once (ev=0x55da760526c0, location=0x7f77f0af92b0 "../lib/tevent/tevent_req.c:269") at ../lib/tevent/tevent_epoll.c:911
19 0x00007f77f0af5925 in std_event_loop_once (ev=0x55da760526c0, location=0x7f77f0af92b0 "../lib/tevent/tevent_req.c:269") at ../lib/tevent/tevent_standard.c:114
20 0x00007f77f0aef201 in _tevent_loop_once (ev=0x55da760526c0, location=0x7f77f0af92b0 "../lib/tevent/tevent_req.c:269") at ../lib/tevent/tevent.c:725
21 0x00007f77f0af1361 in tevent_req_poll (req=0x55da7605eed0, ev=0x55da760526c0) at ../lib/tevent/tevent_req.c:269
22 0x00007f77e180fec9 in tldap_gensec_bind (ctx=0x55da76051ec0, creds=0x55da76052250, target_service=0x7f77e18164b3 "ldap", target_hostname=0x55da7605d182 "dc1.sdom1.site", target_principal=0x0, lp_ctx=0x55da76052180, gensec_features=6) at ../source3/lib/tldap_gensec_bind.c:358
23 0x00007f77e1810d21 in idmap_ad_get_tldap_ctx (mem_ctx=0x55da76050510, domname=0x55da76051d50 "sdom1", pld=0x55da76050518) at ../source3/winbindd/idmap_ad.c:326
24 0x00007f77e1811056 in idmap_ad_context_create (mem_ctx=0x55da76059c00, dom=0x55da76059c00, domname=0x55da76051d50 "sdom1", pctx=0x7ffe7756a5f8) at ../source3/winbindd/idmap_ad.c:374
25 0x00007f77e18119c0 in idmap_ad_get_context (dom=0x55da76059c00, pctx=0x7ffe7756a640) at ../source3/winbindd/idmap_ad.c:554
26 0x00007f77e181275b in idmap_ad_sids_to_unixids (dom=0x55da76059c00, ids=0x55da760518a0) at ../source3/winbindd/idmap_ad.c:784
27 0x00007f77e1813217 in idmap_ad_sids_to_unixids_retry (dom=0x55da76059c00, ids=0x55da760518a0) at ../source3/winbindd/idmap_ad.c:947
28 0x000055da7459ce05 in _wbint_Sids2UnixIDs (p=0x7ffe7756a870, r=0x55da76050860) at ../source3/winbindd/winbindd_dual_srv.c:202
29 0x000055da7460aa5e in api_wbint_Sids2UnixIDs (p=0x7ffe7756a870) at default/librpc/gen_ndr/srv_winbind.c:391
30 0x000055da7459c7f4 in winbindd_dual_ndrcmd (domain=0x0, state=0x7ffe7756abb8) at ../source3/winbindd/winbindd_dual_ndr.c:369
31 0x000055da7459828c in child_process_request (child=0x55da74874bc0 <static_idmap_child>, state=0x7ffe7756abb8) at ../source3/winbindd/winbindd_dual.c:666
32 0x000055da7459ae58 in child_handler (ev=0x55da7602c2b0, fde=0x55da7603f8a0, flags=1, private_data=0x7ffe7756abb0) at ../source3/winbindd/winbindd_dual.c:1567
33 0x00007f77f0af85f1 in epoll_event_loop (epoll_ev=0x55da76048b00, tvalp=0x7ffe7756aab0) at ../lib/tevent/tevent_epoll.c:728
34 0x00007f77f0af8c29 in epoll_event_loop_once (ev=0x55da7602c2b0, location=0x55da74628b08 "../source3/winbindd/winbindd_dual.c:1766") at ../lib/tevent/tevent_epoll.c:930
35 0x00007f77f0af5925 in std_event_loop_once (ev=0x55da7602c2b0, location=0x55da74628b08 "../source3/winbindd/winbindd_dual.c:1766") at ../lib/tevent/tevent_standard.c:114
36 0x00007f77f0aef201 in _tevent_loop_once (ev=0x55da7602c2b0, location=0x55da74628b08 "../source3/winbindd/winbindd_dual.c:1766") at ../lib/tevent/tevent.c:725
37 0x000055da7459b9e9 in fork_domain_child (child=0x55da74874bc0 <static_idmap_child>) at ../source3/winbindd/winbindd_dual.c:1766
38 0x000055da74596e96 in wb_child_request_waited (subreq=0x0) at ../source3/winbindd/winbindd_dual.c:188
39 0x00007f77f0af0fd0 in _tevent_req_notify_callback (req=0x55da7604f820, location=0x7f77f0af90f8 "../lib/tevent/tevent_queue.c:355") at ../lib/tevent/tevent_req.c:125
40 0x00007f77f0af10a5 in tevent_req_finish (req=0x55da7604f820, state=TEVENT_REQ_DONE, location=0x7f77f0af90f8 "../lib/tevent/tevent_queue.c:355") at ../lib/tevent/tevent_req.c:162
41 0x00007f77f0af10cd in _tevent_req_done (req=0x55da7604f820, location=0x7f77f0af90f8 "../lib/tevent/tevent_queue.c:355") at ../lib/tevent/tevent_req.c:168
42 0x00007f77f0af0cc1 in tevent_queue_wait_trigger (req=0x55da7604f820, private_data=0x0) at ../lib/tevent/tevent_queue.c:355
43 0x00007f77f0af06f2 in tevent_queue_immediate_trigger (ev=0x55da7602c2b0, im=0x55da760466a0, private_data=0x55da76046580) at ../lib/tevent/tevent_queue.c:149
44 0x00007f77f0af0378 in tevent_common_loop_immediate (ev=0x55da7602c2b0) at ../lib/tevent/tevent_immediate.c:135
45 0x00007f77f0af8b8f in epoll_event_loop_once (ev=0x55da7602c2b0, location=0x55da74612630 "../source3/winbindd/winbindd.c:1803") at ../lib/tevent/tevent_epoll.c:911
46 0x00007f77f0af5925 in std_event_loop_once (ev=0x55da7602c2b0, location=0x55da74612630 "../source3/winbindd/winbindd.c:1803") at ../lib/tevent/tevent_standard.c:114
47 0x00007f77f0aef201 in _tevent_loop_once (ev=0x55da7602c2b0, location=0x55da74612630 "../source3/winbindd/winbindd.c:1803") at ../lib/tevent/tevent.c:725
48 0x000055da74561431 in main (argc=2, argv=0x7ffe7756c968) at ../source3/winbindd/winbindd.c:1803

subreq is a child of the state of req which will already be free by the
callback of req.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=13776

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

autobuild: Split backup/restore testenvs out into separate job

The samba-ad-dc-2 job was reaching its limits with the number of
testenvs and what the resource-limited CI machines can handle.
Samba processes were getting swapped out of memory, causing CI runs
to fail.

This patch splits the backup/restore testenv targets into a separate
autobuild job: samba-ad-dc-backup.

Signed-off-by: Tim Beale <timbeale@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Feb  5 12:23:31 CET 2019 on sn-devel-144

docs: Document DCEPRC binding string for rpcclient

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Feb  4 02:03:56 CET 2019 on sn-devel-144

vfs_glusterfs: Adapt to changes in libgfapi signatures

VFS module for GlusterFS fails to compile due to recent changes done to
some API signatures. Therefore adding missing arguments to those APIs
adapting to new signatures.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13330

Signed-off-by: Anoop C S <anoopcs@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Feb  3 17:00:33 CET 2019 on sn-devel-144

libcli: Solaris cc can't return void values

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>