s3: smbd: Remove bool dfs_pathnames paramter from resolve_dfspath_wcard().

Start cleaning up the pathname parsing to move flags2 checks into UCF_FLAGS
function.

NB. This now only sets *ppath_contains_wcard inside resolve_dfspath_wcard()
if dfs_redirect() sets path_contains_wcard to true, which is a change
from the previous code which could potentially set *ppath_contains_wcard
to an uninitialized value if dfs_redirect() returned without setting
path_contains_wcard.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

s4:libcli/ldap: just use gensec_update() in ldap_bind_sasl()

We're in a blocking/sync call, we should avoid using nested event loops for
this. As far as I can see ldap_bind_sasl() is only called from command line
tools, which are ok to block.

Resolving this requires also resolving the general case in LDB, as that is the
API this is used from.  We would need ldb_connect_send() and ldb_connect_recv()
at a start.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon May 22 01:12:23 CEST 2017 on sn-devel-144

s4:libcli/smb2: make smb2_session_setup_spnego_* completely async

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:librpc: simplify dcerpc_connect_timeout_handler() logic

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:librpc: make use of gensec_update_send() in bind_auth_next_step()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:librpc: use gensec_update_send() in dcerpc_bind_auth_send()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:rpc_server: implement async AUTH3 using gensec_update_send/recv

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:rpc_server: implement async ALTER_CONTEXT using gensec_update_send/recv

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:rpc_server: implement async BIND using gensec_update_send/recv

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:rpc_server: remove unused dcesrv_auth_{bind_ack,auth3,alter_ack}()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:rpc_server: make use of dcesrv_auth_prepare_auth3() in dcesrv_auth3()

It means we also need to call gensec_update_ev() and dcesrv_auth_complete()
directly in dcesrv_auth3(). Doing that will make it easier to make dcesrv_auth3()
async in the next commits.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:rpc_server: make use of dcesrv_auth_prepare_alter_ack() in dcesrv_alter()

It means we also need to call gensec_update_ev() and dcesrv_auth_complete()
directly in dcesrv_alter(). Doing that will make it easier to make dcesrv_alter()
async in the next commits.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:rpc_server: make use of dcesrv_auth_prepare_bind_ack() in dcesrv_bind()

It means we also need to call gensec_update_ev() and dcesrv_auth_complete()
directly in dcesrv_bind(). Doing that will make it easier to make dcesrv_bind()
async in the next commits.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:rpc_server: make use of dcesrv_auth_reply() in dcesrv_alter()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:rpc_server: split out dcesrv_auth_reply() from dcesrv_bind()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:rpc_server: remove useless TALLOC_FREE(call->context) from dcesrv_bind()

This is not needed if we're terminating the connection anyway.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:rpc_server: split out dcesrv_auth_prepare_alter_ack()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:rpc_server: split out dcesrv_auth_prepare_auth3()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:rpc_server: split out dcesrv_auth_prepare_bind_ack()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:rpc_server: make use of dcesrv_auth_complete() in dcesrv_auth_auth3()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:rpc_server: prepare dcesrv_auth_complete() for AUTH3

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:rpc_server: make use of dcesrv_auth_complete() in dcesrv_auth_alter_ack()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:rpc_server: split out dcesrv_auth_complete() from dcesrv_auth_bind_ack()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:rpc_server: add wait_send/recv infrastructure

This will be used to implement async BIND/ALTER_CONTEXT/AUTH3
using gensec_update_send/recv.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:rpc_server: introduce call->ack_pkt and avoid pkt variable for the response on the stack

This will be needed when we use async authentication using gensec_update_send/recv.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:kdc: make use of gensec_update() in kpasswd_process()

This avoids using gensec_update_ev() with a nested event loop.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dlz_bind9: assert SPNEGO/KRB5 and use gensec_update()

This avoids using gensec_update_ev() with a nested event loop.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dns_server: use samba_server_gensec_krb5_start() and gensec_update() in dns_query.c

This avoids using gensec_update_ev() with a nested event loop.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:auth: add samba_server_gensec_krb5_start()

This will be used by the dns services to only allow
spnego/krb5. This makes sure the accepting backend
doesn't require any RPC or IPC communication for now.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:auth: split out a samba_server_gensec_start_settings() helper function

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

auth/gensec: make sure there's only one pending gensec_update_send() per context

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

auth/gensec: improve NT_STATUS_MORE_PROCESSING_REQUIRED logic in gensec_update_*()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

auth/gensec: avoid using a state->subreq pointer

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

auth/gensec: remove the sync update() hook from gensec_security_ops

Some backends still do some nested event context magic,
but that mapping between async and sync is done in these backends
and not in the core gensec code anymore.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

auth/spnego: add simple gensec_spnego_update_send/recv() wrapper functions

TODO: we still need to do the internals async.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

auth/ntlmssp: add implement gensec_ntlmssp_update_send/recv()

Currently only backend functions are sync functions, but that needs
to change in future.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

auth/ntlmssp: make gensec_ntlmssp_update() static

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

auth/ntlmssp: rename 'input' to 'in' in gensec_ntlmssp_update()

This matches all other gensec modules.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

auth/ntlmssp: remove unused variable from gensec_ntlmssp_update()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

auth/ntlmssp: avoid using NT_STATUS_NOT_OK_RETURN() in gensec_ntlmssp_update()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

auth/ntlmssp: remove mem_ctx=NULL handling from gensec_ntlmssp_update()

The caller is expected always pass a valid context and this fallback
was needed ages ago.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:gensec_krb5: add simple gensec_krb5_update_send/recv() wrapper functions

TODO: we still need to make the internal async.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:gensec_gssapi: add simple gensec_gssapi_update_send/recv() wrapper functions

TODO: we still need to make the internal async.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:gse: add simple gensec_gse_update_send/recv() wrapper functions

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:gensec/http_basic: add simple gensec_http_basic_update_send/recv() wrapper functions

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:gensec/http_ntlm: add implement gensec_http_ntlm_update_send/recv()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

auth/spnego: make sure a fatal error or the final success make the state as SPNEGO_DONE

This means any further gensec_update() will fail with
NT_STATUS_INVALID_PARAMETER.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

auth/spnego: let spnego.c use the new gensec_child_* helper functions

This means we no longer allow operations on a half finished authentication,
it's activated by gensec_child_ready().

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

auth/gensec: add gensec_child_* helper functions

They will be used to simplify the spnego backend
and maybe of some use for a future negoex backend.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

auth/gensec: reset existing context on gensec_start_mech()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

auth/gensec: make gensec_start_mech() static

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:rpc_server: simplify the GENSEC_FEATURE_SIGN_PKT_HEADER logic

We can directly check this after gensec_start_mech_by_authtype(),
the backend either supports it or not. There's nothing that
can change during the authentication phase.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:librpc: ask for GENSEC_FEATURE_SIGN_PKT_HEADER after the gensec_update() dance

Most features should be added before the update() dance, while
GENSEC_FEATURE_SIGN_PKT_HEADER needs to be after the dance on the client
side.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:rpc_server: move gensec_update() out of auth_generic_server_authtype_start*()

We let the caller use auth_generic_server_step() instead.
This allows us to request GENSEC_FEATURE_SIGN_PKT_HEADER before
starting the gensec_update() dance.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:cli_pipe: ask for GENSEC_FEATURE_SIGN_PKT_HEADER after the gensec_update() dance

Most features should be added before the update() dance, while
GENSEC_FEATURE_SIGN_PKT_HEADER needs to be after the dance on the client
side.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

auth/gensec: add some basic doxygen comments for gensec_{want,have}_feature()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

auth/spnego: always announce GENSEC_FEATURE_SIGN_PKT_HEADER support.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:gensec_gssapi: always announce GENSEC_FEATURE_SIGN_PKT_HEADER

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:gse: always announce GENSEC_FEATURE_SIGN_PKT_HEADER support.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

selftest: let fl2003dc use "dcesrv:header signing = no"

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:smb_server: avoid using gensec_update_ev() for the negotiate blob

Getting the SPNEGO mech type blob, we don't expect to block for
any network io, so we can also use gensec_update() which creates
a temporary event context.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:libsmb: don't rely on gensec_session_key() to work on an unfinished authentication

If smbXcli_session_is_guest() returns true, we should handle the authentication
as anonymous and don't touch the gensec context anymore.

Note that smbXcli_session_is_guest() always returns false, if signing is
required!

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

auth/gensec: call gensec_verify_features() also after update_recv() in gensec_update_ev()

This is no a real problem until now, because the only backends with update_send()/recv()
are "schannel" (which only supports AUTH_LEVEL_{INTEGRITY,PRIVACY}) and
"naclrpc_as_system" (which doesn't support any protection beside using unix
domain sockets).

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

auth/spnego: fix gensec_update_ev() argument order for the SPNEGO_FALLBACK case

This went unnoticed so long as we don't use -Wc++-compat
and gensec_update_ev() used the sync update() hook for all
NTLMSSP and Kerberos.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12788

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

selftest: Actually run python3 tests during the selftest

These previously only ran if the develper was using EXTRA_PYTHON in their
OS environment

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Sat May 20 02:26:33 CEST 2017 on sn-devel-144

python3:tests: Fix Python 3 test issues

- Forgotten text strings that should be binary
- Inverted PY3 condition

Signed-off-by: Petr Viktorin <pviktori@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python3: Use "y#" instead of "s#" for binary data in PyArg_ParseTuple

The "s#" format code for PyArg_ParseTupleAndKeywords and Py_BuildValue
converts a char* and size to/from Python str (with utf-8 encoding under
Python 3).
In some cases, we want bytes (str on Python 2, bytes on 3) instead. The
code for this is "y#" in Python 3, but that is not available in 2.

Introduce a PYARG_BYTES_LEN macro that expands to "s#" or "y#", and use
that in:
- credentials.get_ntlm_response (for input and output)
- ndr_unpack argument in PIDL generated code

Signed-off-by: Petr Viktorin <pviktori@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3: smbd: Fix open_files.idl to correctly ignore share_mode_lease *lease in share_mode_entry.

This is currently marked 'skip', which means it isn't stored in the
db, but printed out in ndr dump. However, this pointer can be invalid
if the lease_idx is set to 0xFFFFFFFF (invalid).

This is fixed up inside parse_share_modes(), but not until after
ndr_pull_share_mode_data() is called. If lease_idx == 0xFFFFFFFF
then ndr_print_share_mode_lease() prints an invalid value and
crashes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12793

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 18 03:01:40 CEST 2017 on sn-devel-144

selftest: enable alternate streams for fs_specific share

This ensures that the new "smb2.ioctl.copy-chunk streams" test passes
when run under selftest atop Btrfs.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s4/torture: vfs_fruit: test copy-chunk on streams

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12787

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

s4/torture: vfs_fruit: add src and dst path args to test_setup_copy_chunk

Just let the caller pass in the paths, no change in behaviour. A new
test in a subsequent commit will use it to pass paths to streams.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12787

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

s4/torture: smb2.ioctl: add copy-chunk test with stream to smb2.ioctl

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12787

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

s4/torture: smb2.ioctl: add src and dst path args to test_setup_copy_chunk

Just let the caller pass in the paths, no change in behaviour. A new
test in a subsequent commit will use it to pass paths to streams.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12787

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

lib/torture: add two more ndr assert macros

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12787

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

vfs_fruit: add pread_send/recv and pwrite_send/recv

This is needed to support copy-chunk of streams. vfs_default issues
calls to async pread and pwrite (send/recv versions) since
commit60e45a2d25401eaf9a15a86d19114670ccfde259.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12787

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

vfs_streams_xattr: add pread_send/recv and pwrite_send/recv

This is needed to support copy-chunk of streams. vfs_default issues
calls to async pread and pwrite (send/recv versions) since commit
60e45a2d25401eaf9a15a86d19114670ccfde259.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=12787

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: David Disseldorp <ddiss@samba.org>

lib: Update pam_wrapper to 1.0.4

* Fix build on OpenBSD
* Fix a resource leak

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libads: abstract out SASL wrapping code

Prepare for rebasing libads on top of libsmbldap.

To make libads using 'struct smbldap_state' instead of direct LDAP
structure, we need to abstract out libads logic from connection
handling. SASL wrapping does not really depend on availability of LDAP
handle and does not need direct access to ADS_STRUCT. As result, we'll
be able to move SASL wrapping code under smbldap once the latter is able
to pass settings that libads passes to the SASL wrapping.

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

SMB_INFO_ALLOCATION: return with UINT32_MAX rather than cutting at 4 bytes

An AIX cifs client queries SMB_INFO_ALLOCATION that has only 4 bytes to report
dfree and dsize. Return the max instead of random unexpeced numbers.

Signed-off-by: Peter Somogyi <psomogyi@hu.ibm.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May 17 05:49:46 CEST 2017 on sn-devel-144

winbindd: Give winbindd_ads.c its own header

Not necessary to compile all of winbind when playing with ads.h

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: proto.h does not need ads.h

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd/smb2_ioctl: check for NULL dst_fsp before use

...not after. CID #1409040.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed May 17 01:46:52 CEST 2017 on sn-devel-144

ldb-samba: Fix a possible NULL pointer dereference

CID: #1402566
CID: #1402567

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue May 16 16:45:43 CEST 2017 on sn-devel-144

s3:winbind: Use a talloc stackframe for rpc_query_user_list

CID #1401581

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

librpc:ndr: Set the length to 1 if we assign and empty string

CID #1399648

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

ctdb-tests: Use tighter pattern for matching expected output

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12792

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon May 15 08:08:10 CEST 2017 on sn-devel-144

ctdb-tests: Explicitly search for the specific log entry

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12792

... instead of expecting the last line to be the matching log entry.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

s4: nmblookup: Allocate event context off NULL instead of talloc_autofree_context().

It's already correctly freed on exit.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Sat May 13 21:01:25 CEST 2017 on sn-devel-144

s4: cifsdd: Allocate the event context off NULL, not talloc_autofree_context().

Ensure it's freed on exit paths.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s4: client: Allocate event context off struct smbclient_context *, not talloc_autofree_context().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

gensec: Add a TALLOC_CTX * to gensec_register().

Pass in the TALLOC_CTX * from the module init to remove
another talloc_autofree_context() use.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s4: ntvfs: Add a TALLOC_CTX * to sys_notify_register().

Pass in the TALLOC_CTX * from the module init to remove
another talloc_autofree_context() use.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s4: ntvfs: Add a TALLOC_CTX * to sys_lease_register().

Pass in the TALLOC_CTX * from the module init to remove
another talloc_autofree_context() use.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s4: ntvfs: Add a TALLOC_CTX * paramter to pvfs_acl_register()

Make use of the passed in TALLOC_CTX * from the init function
to remove a talloc_autofree_context() use.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s4: torture: Remove use of local variables that are simply mirroring popt_get_cmdline_credentials().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri May 12 00:37:29 CEST 2017 on sn-devel-144

s4: popt: Change from talloc_autofree_context() to NULL context.

Call popt_free_cmdline_credentials() on successful exit from torture.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s4: popt: Make cmdline_credentials static.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s4: popt: Global replace of cmdline_credentials -> popt_get_cmdline_credentials().

Add one use of popt_set_cmdline_credentials().
Fix 80 column limits when cmdline_credentials changes
to popt_get_cmdline_credentials().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s4: popt: Add set/get/free functions for cmdline_credentials.

Preparing to make this static instead of a global.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s4: Add TALLOC_CTX * to register_server_service().

Use the passed in context from callers. Remove one
talloc_autofree_context().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>