wip setup logfile

wip: add odj_ops

fixup WKSSVC_JOIN_FLAGS_DOMAIN_JOIN_IF_JOINED handling

wip start collect_group_policies()

fixup gpo_connect()

Revert "libgpo: Remove unused code"

This reverts commit c40e354fe1fde2adcb16f5df7539d8ba41bb902b.

Revert "s3-net: disable net_ads_gpo_apply() and net_ads_gpo_refresh()"

This reverts commit b2e418369b41dd1238d66a759545b0d8bc88bf74.

s3-libnetapi: add NetRequestProvisioningPackageInstall boilerplate

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-libnetapi: add NetRequestProvisioningPackageInstall to IDL

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-libnetapi: implement NetCreateProvisioningPackage_l

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

Revert "s3-libnetapi: do request smbconf modification in NetRequestOfflineDomainJoin()"

This reverts commit f1065601bc6122787bce6d310b9ab97c892cf674.

s3-libnetapi: do request smbconf modification in NetRequestOfflineDomainJoin()

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-libnetapi: add NetCreateProvisioningPackage example code

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-libnetapi: add NetCreateProvisioningPackage to api

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-libnetapi: add NetCreateProvisioningPackage boilerplate

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-libnetapi: add NetCreateProvisioningPackage to IDL

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s4-selftest: add net offlinejoin tests

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

docs: document "net offlinejoin" set of commands

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-net: add "net offlinejoin" command

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-libnetapi: add djoin tool

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-libnetapi: implement NetRequestOfflineDomainJoin_l

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-libnetapi: add NetRequestOfflineDomainJoin example code

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-libnetapi: add NetRequestOfflineDomainJoin to api

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-libnetapi: add NetRequestOfflineDomainJoin() boilerplate.

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-libnetapi: add NetRequestOfflineDomainJoin to IDL

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-libnetapi: implement NetProvisionComputerAccount_l

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-libnetapi: add NetProvisionComputerAccount example code

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-libnetapi: add NetProvisionComputerAccount to api.

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-libnetapi: add NetProvisionComputerAccount() boilerplate

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-libnetapi: add NetProvisionComputerAccount() to IDL

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-libnetapi: add netapi_save_file_ucs2() to example code

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-libnetapi: add netapi_read_file helper

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-libnetapi: add offline domain join related error codes (not WERRORs)

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-libnetapi: add missing NetJoinFlags for netapi

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-libnetapi: add libnetapi_set_logfile()

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-libnetapi: add libnetapi_get_use_kerberos()

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

re-run make libnetapi ....

s3-libnet_join: always check config correctness while joining offline

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-libnet_join: check for netbios name correctness as well

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-libnet_join: set netbios name as well when modification is requested

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-libnet_join: use dsgetonedcname to validate given DC

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-dsgetdcname: add dsgetonedcname()

The idea is to run the same DC validation steps as for dsgetdcname()
just omit the query list of DCs via DNS/netbios step but instead
validate a given DC right away.

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-libnet_join: use joinprov3 struct in libnet_DomainOfflineJoin()

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-libnet_join: add support for libnet_DomainOfflineJoin

libnet_DomainOfflineJoin will consume the provided offline domain join
blob and lay out libnet_Join information to properly store join metadata
in the local database.

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-dsgetdcname: return dcinfo also when delivering from the cache.

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-dsgetdcname: the returned dcinfo unc should always be prefixed

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-libnet_join: add request_offline_join flag

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-libnet_join: fully implement libnet_odj_compose_OP_JOINPROV3_PART

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-librpc: add ODJ_PROVISION_DATA pointer to libnet_JoinCtx

It will be used later to pass in offline domain join structs to serve
request offline domain join requests.

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-libnet_join: return account rid in libnet_JoinCtx

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-libnet_join: add libnet_odj_find_joinprov3()

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-libnet_join: add libnet_odj_find_win7blob to libnet_offline_join

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-libnet_join: add some libnet_JoinCtx-to-ODJ helpers

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-libnet_join: return the allocated netr_DsRGetDCNameInfo struct

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-rpc_client: add copy_netr_DsRGetDCNameInfo() helper

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-libnet_join: let libnetjoin return a netr_DsRGetDCNameInfo

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s3-libnet_join: add new provision_computer_account_only flag

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

s4-torture: add odj ndr testsuite

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

librpc: make sure the 4 byte _pad in ODJ_WIN7BLOB is never 0

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

librpc: more work on ODJ IDL

A lot of nested use of serialization stream pointers
([MS-RPCE] 2.2.6 Type Serialization Version 1).

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

librpc: add custom odj_switch_level_from_guid()

This function maintains an arbitrary mapping of GUID strings to
integers. This is required as only integers can be used as
discriminators for autogenerated ODJ unions.

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

librpc: compile ODJ idl

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

librpc: add "Offline Domain Join" (ODJ) IDL

This IDL is based on

https://github.com/MicrosoftDocs/win32/blob/docs/desktop-src/NetMgmt/odj-idl.md

and has been licensed by Microsoft under the terms of the MIT License.

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>

librpc/ndr: do not print strings when NDR_SECRET is used

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

WHATSNEW: samba-tool without ad-dc

Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): David Mulder <dmulder@samba.org>
Autobuild-Date(master): Thu Jul  8 14:43:11 UTC 2021 on sn-devel-184

selftest: Print dns_update_cache path into the logs

This sometimes get stuck in a loop and this may help debug it.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jul  8 12:44:49 UTC 2021 on sn-devel-184

lib/tsocket: Free subreq as soon as possible

This is not a memory leak as it is freed when the parent req's state is
freed, but will help in low memory situations.

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Jul  8 10:21:25 UTC 2021 on sn-devel-184

witness.idl: fix length calculation for witness_IPaddrInfoList

If r->num is 0, we should not dereference r->addr.

Using ndr_size_witness_IPaddrInfoList() also make this much simpler
and avoids the magic 12.

Credit Oss-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22175
REF: https://oss-fuzz.com/testcase-detail/5686294157197312

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14452

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>

torture/ndr: reproduce a problem with witness_AsyncNotify

Credit Oss-Fuzz

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=22175
REF: https://oss-fuzz.com/testcase-detail/5686294157197312

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14452

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>

torture/ndr: add more details to the test names

We can have more than one blob for a given idl function
and we should avoid using the same name for all of them.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14452

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>

torture/ndr: make check functions typesafe

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14452

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Samuel Cabrero <scabrero@samba.org>

libcli: Move map_errno_from_nt_status from s3 lib to common libcli

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:lib: Map ECANCELED to NT_STATUS_CANCELLED

Now map_nt_error_from_unix() returns the same value as
map_nt_error_from_unix_common().

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

auth:creds: Remove unused simple.c file

This code is tested by the cmocka unit test:
auth/credentials/tests/test_creds.c

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

lib:tdb: Fix a memory leak on error

Found by covscan.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

selftest: Add test for one-way trust wbinfo auth

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jul  7 15:01:22 UTC 2021 on sn-devel-184

selftest: fl2000dc: Add outgoing trust from fl2000dc to ad_dc

Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

selftest: Fix "outgoing" test in kinit_trust heimdal

Found by the test not failing in one-way trust.

Signed-off-by: Isaac Boukris <iboukris@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

testprogs: Show that DOM\user and REALM\user work for auth

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

testprogs: Rename TRUST_CREDS variables in test_trust_utils.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

selftest: Add the trusted domain realms to krb5.conf

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:tests: Fix wbinfo_lookuprids_cache test with system tdb-tools

If libtdb is used from the system, we should use those tools by default.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Add editorconfig config file

See https://editorconfig.org/ for details.

(neo)vim: https://github.com/editorconfig/editorconfig-vim
emacs:    https://github.com/editorconfig/editorconfig-emacs

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jul  7 05:54:16 UTC 2021 on sn-devel-184

tevent: bump the version number to 0.11.0

* Other minor build fixes.
* Add custom tag to events
* Add event trace api

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Pavel Březina <pbrezina@redhat.com>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

tevent: add event trace api

Adds new tracing API to trace fd, timer, signal and immediate events
on specific trace points: attach, before handler and dettach.

This can be used in combination with the event tag to keep track
of the currently executed event for purpose of debugging.

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Pavel Březina <pbrezina@redhat.com>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

tevent: add custom tag to events

Adds a new API to set and get an uint64_t tag on fd, timer, signal and
immediate events. This can be used to assign a unique and known id to
the event to allow easy tracking of such event.

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Pavel Březina <pbrezina@redhat.com>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

tevent: add support for cmocka unit tests

This adds a placeholder for new cmocka tests for tevent. Tests
are added in individual commits.

Signed-off-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

third_party:cmocka: Fix build when used in lib/tevent

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

smbXsrv_{open,session,tcon}: protect smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records

I saw systems with locking.tdb records being part of:
  ctdb catdb smbXsrv_tcon_global.tdb

It's yet unknown how that happened, but we should not panic in srvsvc_*
calls because the info0 pointer was NULL.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14752

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jul  6 11:08:43 UTC 2021 on sn-devel-184

testprogs: Consistantly use kinit -c $KRB5CCNAME

We want to be really clear which credentials cache we use.

The kerberos_kinit() shell function uses this internally.

-c is the common option between MIT and Heimdal, and is
equivilant to --cache

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jul  5 23:51:43 UTC 2021 on sn-devel-184

gensec_krb5: restore ipv6 support for kpasswd

We need to offer as much space we have in order to
get the address out of tsocket_address_bsd_sockaddr().

This fixes a regression in commit
43c808f2ff907497dfff0988ff90a48fdcfc16ef.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14750

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

printing: avoid crash in LPRng_time

If the string is too shhort we don't want to atoi() whatever is beyond
the end of it.

Found using Honggfuzz and the fuzz_parse_lpq_entry fuzzer.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jul  5 05:07:13 UTC 2021 on sn-devel-184

fuzz: add fuzz_parse_lpq_entry

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

fuzz: fix multiple comment headers

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

dns update: zero flags and reserved

This is the observed behaviour on Windows.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

dns_common_replace: do not leak

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

samba-tool: dns update rejects malformed addresses

Because neither filling out the struct will not necessarily tell you
you got it wrong, and the RPC could succeed in setting an arbitrary
wrong address (typically, an IPv6 address would set an A record to
"255.255.255.255").

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pydns: fix a comment in replace_by_dn()

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

ldb-samba: dns tombstone matching: constrict value length

We know the only values we want to see are uint32, ie < ~4 billion
(and real values will be 7 digits for hundreds of years).

We also know the caller (we have just checked) is a trusted system
session which won't be padding the thing with spaces. But if they do,
let's call them out.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

dns_server: free old zones when reloading

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>