dbwrap_ctdb: Instrument chainunlock timing

We need an indication whether we run into the fcntl thundering
herd. fcntl unlock should be blindingly fast in the normal case. If it
takes longer than 5 milliseconds, warn. The timeout can be adapted by
setting

ctdb:unlock_warn_threshold = <number-of-milliseconds>

Reviewed-by: Christof Schmitt <cs@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>

ctdb_conn: Log long fetch_lock calls

With this patch, the number of fetch_lock attempts before dbwrap_ctdb
logs that it took x attempts to get a record is configurable with

net conf setparm global ctdb:migrate_attempts 10

This patch also adds

net conf setparm global ctdb:migrate_duration 5000

to trigger the same log message if it took longer than x milliseconds
to retrieve a record.

Reviewed-by: Christof Schmitt <cs@samba.org>
Signed-off-by: Volker Lendecke <vl@samba.org>

ctdb-daemon: Remove ctdb_fork_with_logging()

This function has been replaced with ctdb_vfork_with_logging().

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Jan 16 04:05:35 CET 2014 on sn-devel-104

ctdb-tests: Set CTDB_EVENT_HELPER when running with local daemons

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

ctdb-daemon: Remove unused code to run eventscripts

Eventscripts are now executed using a helper.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

ctdb-daemon: Replace ctdb_fork_with_logging with ctdb_vfork_with_logging (part 2)

Use ctdb_event_helper to run debug-hung-script.sh.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

ctdb-daemon: Replace ctdb_fork_with_logging with ctdb_vfork_with_logging (part 1)

Use ctdb_event_helper to run eventscripts.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

ctdb-daemon: Add helper process to execute event scripts

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

ctdb-daemon: Add ctdb_vfork_with_logging()

This will be used to spawn lightweight helper processes to run
eventscripts.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

ctdb-daemon: No need to call event scripts with CTDB_CALLED_BY_USER

This was added to support external monitoring using CTDB event scripts.
However, it was never used.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

ctdb-daemon: Deprecate RELOAD and STATUS events

These events have never been used.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

ctdb-common: mkdir_p should not try to create .

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

vfs/glusterfs: in case atime is not passed, set it to the current atime

The Linux CIFS client does not pass an updated atime when a write() is
done. This causes the vfs/glusterfs module to set the atime to -1 on the
Gluster backend, resulting in an atime far in the future (year 2106).

Signed-off-by: Niels de Vos <ndevos@redhat.com>
Reviewed-by: Ira Cooper <ira@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 15 21:31:30 CET 2014 on sn-devel-104

s3:dir - We now pass the previously spinning directory tests on ext4.

https://bugzilla.samba.org/show_bug.cgi?id=2662

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Jan 15 11:39:12 CET 2014 on sn-devel-104

s3:dir - Introduce a 64-bit directory offset <-> 32 bit wire offset map using memcache.

Should fix the DOS clients against 64-bit smbd's bug.

https://bugzilla.samba.org/show_bug.cgi?id=2662

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:dir - Add a new memcache type (non-talloc) - SMB1_SEARCH_OFFSET_MAP.

We will use this in mapping 64-bit directory offset
cookies to a 32-bit counter.

https://bugzilla.samba.org/show_bug.cgi?id=2662

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:dir - Map wire offsets to native directory cookies.

Take care of the special offsets.

https://bugzilla.samba.org/show_bug.cgi?id=2662

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:dir - Cope with fixed mapping of 'special' values.

https://bugzilla.samba.org/show_bug.cgi?id=2662

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3: dir - Introduce 32-bit wire versions of the 'special' values.

https://bugzilla.samba.org/show_bug.cgi?id=2662

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:dir - Introduce a function to map a directory cookie to a 32-bit wire cookie.

Make this an identity for now.

https://bugzilla.samba.org/show_bug.cgi?id=2662

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:dir - In the old SMB1 search code, rename offset to wire_offset to distinguish between wire and native offsets.

Rename uint32 type to correct uint32_t.

https://bugzilla.samba.org/show_bug.cgi?id=2662

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

smbd: Avoid duplicate debug header lines

This is what gets created in log.smbd: DEBUGLVL generates an empty
header line, CHECK_DEBUGLVL avoids this.

[2014/01/10 12:58:24.971658, 10, pid=2329, effective(1001, 1001), real(0, 0)] ../source3/smbd/smbXsrv_open.c:696(smbXsrv_open_global_store)
[2014/01/10 12:58:24.971690, 10, pid=2329, effective(1001, 1001), real(0, 0)] ../source3/smbd/smbXsrv_open.c:698(smbXsrv_open_global_store)

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 15 04:02:58 CET 2014 on sn-devel-104

s3: set native os according to Windows and NBT_ANNOUNCE_VERSION defines

When the native os in sessionsetup is "Unix" then broken Konica Minolta
printers refuse to talk to those CIFS servers. Other CIFS servers also announce
themselves with native os Windows. Let's do the same to improve
interoperability with broken devices like those printers from Konica Minolta.
Thanks to Daniel Hoffmann for finding and reporting this Konika printer
brokenness.

https://bugzilla.samba.org/show_bug.cgi?id=10168

Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbcontrol: fix NUM_CHILDREN message deregister

smbcontrol registers for MSG_SMB_NUM_CHILDREN response messages before
sending a MSG_SMB_TELL_NUM_CHILDREN request.
The same MSG_SMB_NUM_CHILDREN response message should be deregistered.

Signed-off-by: David Disseldorp <ddiss@samba.org>
Reviewed-by: Christof Schmit <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Revert "pam_winbind: fix segfault in pam_sm_authenticate()"

This reverts commit ec0f51b200d6e5b99bbd872e169621c17f33524c.

A more generic fix is now in use.

Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: David Disseldorp <ddiss@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jan 15 01:37:38 CET 2014 on sn-devel-104

pam_winbind: Do not honour require_membership_of in the acct module parameters

This needs a password to work, and it confuses users for it to appear to be valid here.

Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: David Disseldorp <ddiss@samba.org>

pam_winbind: Fix segfault caused by invalid configuration options

This is a better fix for 8564 and will allow ec0f51b200d6e5b99bbd872e169621c17f33524c to be reverted.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=8564

Pair-programmed-with: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: David Disseldorp <ddiss@samba.org>

lib/param: fix unix extensions setting to be consistent with s3 and docs

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@samba.org>

ntvfs: Remove CAP_UNIX from the ntvfs file server as it was never finished

Only some of the unix extensions where implemented, but this was enough
to caused the samba3.smbtorture_s3.plain(dc).LARGE_READX to fail when they
are enabled (as is the default in source3/param).

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Nadezhda Ivanova <nivanova@samba.org>

dfs: always call create_conn_struct with root privileges

This fixes a bug in dfs_samba4 identified by Daniel Müller.

create_conn_struct calls SMB_VFS_CONNECT which requires root privileges.
SMB_VFS_CONNECT in turn calls dfs_samba4_connect which connects to samdb.

Calls were made to this function without ever becoming root (notably via setup_dfs_referral)
which resulted in an error and the VFS connect failing. This happens when you have an active
directory domain controller with host msdfs = yes in smb.conf and dfs links in place.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Bjoern Baumbach <bb@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jan 10 20:11:03 CET 2014 on sn-devel-104

messaging: Fix a memleak (master only..)

Immediate tevents don't free themselves as timed events do :-)

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Jan 10 01:20:04 CET 2014 on sn-devel-104

messaging: Use talloc_pooled_object

... not as a speed improvement, it saves the second NULL check

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

messaging: Move the self-send logic out of messaging_tdb

This is not specific to tdb

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

messaging: Fix a memleak with clustering

We have to properly throw away unexpected messages that came in via ctdb

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s3-passdb: Fix string duplication to pointers.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Jan  9 22:35:25 CET 2014 on sn-devel-104

wbinfo: Fix a memory leak in wbinfo_ping_dc().

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

s3-libads: Fix memory leaks in ads_build_path().

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

lib: Fix strict-aliasing warning in md5 code.

If the compiler detects strict aliasing problems it isn't able to
optimize the code.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

group_mapping: Avoid a talloc

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jan  9 20:41:15 CET 2014 on sn-devel-104

samba:python - Py_RETURN_NONE remove compatibility code for releases < 2.4

http://www.python.org/doc//current/c-api/none.html

Reviewed-By: Jelmer Vernooij <jelmer@samba.org>
Autobuild-User(master): Matthias Dieter Wallnöfer <mdw@samba.org>
Autobuild-Date(master): Thu Jan  9 16:27:47 CET 2014 on sn-devel-104

s3: Avoid oplock break by storing timestamps with gpfs_set_times

The gpfs_set_times API call allows setting timestamps directly in GPFS
without going through the utime() call. Using this API call fixes an
unecessary oplock break when a client sends a SET_FILE_ALLOCATION_INFO
request and no other client has opened the file. The call to utime()
triggers the oplock break through the Linux kernel. Using the
gpfs_set_times call for updating the timestamp avoids the call to
utime() and the oplock break.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Thu Jan  9 00:04:48 CET 2014 on sn-devel-104

s3: winbindd: Move calling setup_domain_child() into add_trusted_domain().

Ensure it only gets called when a new domain is allocated
and added to the list.

This should fix problems with the previous logic where
setup_domain_child() was called in places where an existing
domain was returned.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10358

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan  8 20:46:55 CET 2014 on sn-devel-104

s3: winbindd: Move the logic of whether to set 'domain->primary' into add_trusted_domain().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10358

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

s4:rpc_server: remember the hdr_signing negotiation result in dcesrv_auth

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jan  8 18:37:22 CET 2014 on sn-devel-104

s4:rpc_server: use talloc_zero for struct dcesrv_connection

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s4:rpc_server: remove unused DCESRV_CALL_STATE_FLAG_HEADER_SIGNING

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

ndrdump: dump verification trailer

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

librpc/ndr: add ndr_pop_dcerpc_sec_verification_trailer()

This extracts the dcerpc_sec_verification_trailer from the end
of an ndr_pull structure, it found it reduces ndr->data_size.

NDR_ERR_ALLOC is the only possible error, all other errors
are ignored and a trailer with command count = 0 is returned.

Pair-Programmed-With: Gregor Beck <gbeck@sernet.de>

Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

librpc/rpc: simplify tevent_req_nterror() usage in binding_handle.c

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

libcli/auth: fix usage of an uninitialized variable in netlogon_creds_cli_check_caps()

If status is RPC_PROCNUM_OUT_OF_RANGE, result might be uninitialized.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

crypto: fix build on OS X

we also need to use the CC_MD5_CTX from CommonCrypto here instead of the MD5_CTX

Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Jan  8 08:12:29 CET 2014 on sn-devel-104

build: test the generic md5 function after importing it from hashlib

otherwise we used the one from md5 which lead to the following warning on SerNet-imini:

the md5 module is deprecated; use hashlib instead import md5

Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libgpo: apply some const.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jan  7 18:52:42 CET 2014 on sn-devel-104

libgpo: when running in verbose mode, printout the parsed PReg file.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

libgpo: only use libgpo/gpext/gpext.h where really needed.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

libgpo: allow to pass down a list of deleted GPOs in gpo_process_gpo_list().

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

libgpo: remove some unused code and remove that important FIXME note.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

libgpo: directly call gpext_process_extension() from gpo_process_gpo_list.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

libgpo: implement CSE filtering in gpext_process_extension().

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

libgpo: remove gpext_process_gpo_list_with_extension in favor of gpext_process_extension.

gpext_preocess_extension properly deals with GPO lists now.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

libgpo: remove extension_guid and snapin_guid (the tool guid) from the process callback.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

libgpo: allow to pass down deleted and changed gpo list to CSE plugins.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

libgpo/gpext: add new gpext_check_gpo_for_gpext_presence() helper function.

It will be used to inspect single members of a gpo list for the presence of a CSE guid.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

libgpo: add gpo_copy().

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

libgpo: make gpo_get_gp_ext_from_gpo public.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

libgpo: make gpo_process_a_gpo() static to the util code.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

libgpo: remove unused gp_registry_entry2 struct.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

libgpo: remove ads reference from dump calls and make them take const structs.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

libgpo: prefix some more calls with gpext_.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

libgpo: rename debug_gpext_header to gpext_debug_header.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

libgpo/CSE/scripts: fix a build warning.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3-registry: fix typo in DEBUG statement.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s4:netlogon: implement "allow nt4 crypto" and "reject md5 clients" features.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Jan  7 16:53:31 CET 2014 on sn-devel-104

s4:netlogon: don't generate a debug message for SEC_CHAN_NULL.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:netlogon: correctly calculate the negotiate_flags

We need to bit-wise AND the client and server flags.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

selftest/Samba4: use "allow nt4 crypto = yes" for testing

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

lib/param: add "reject md5 client" option, defaulting to false

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

lib/param: add "allow nt4 crypto" option, defaulting to false

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli/auth: remove unused netlogon_creds_cli_context_copy()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:rpc_client: finally remove unused rpc_pipe_client->netlogon_creds

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:rpc_client: remove unused rpccli_netlogon_sam_network_logon()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:rpc_client: remove unused rpccli_netlogon_sam_logon()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:rpc_client: remove unused rpccli_netlogon_setup_creds()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:rpc_client: remove unused rpccli_netlogon_set_trust_password()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:rpc_client: make cli_rpc_pipe_open_schannel() more flexible

It expects a messaging_context now
and returns a netlogon_creds_cli_context.

This way we can finally avoid having a rpc_pipe_client->netlogon_creds.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:winbindd: make use of rpccli_netlogon_network_logon()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:rpcclient: make use of rpccli_netlogon_password_logon() in the 'samlogon' cmd

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:rpcclient: remove optional auth_level parameter of the 'samlogon' cmd

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:rpcclient: give errors and clean up correctly after failing to obtain secret

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:rpcclient: make use of rpccli_{create,setup}_netlogon_creds()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:libnet: pass in struct netlogon_creds_cli_context from the caller.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:libsmb: remove unused trust_pw_find_change_and_store_it()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:winbindd: make use of trust_pw_change() in _wbint_ChangeMachineAccount()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:winbindd: make use of trust_pw_change() for periodic password changes

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:winbindd: use invalidate_cm_connection() to kill the netlogon connection

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:net_rpc: make use of trust_pw_change()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:rpcclient: make use of trust_pw_change()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:libsmb: add trust_pw_change()

This protects the password change using a domain specific g_lock,
so multiple parts 'net rpc', 'rpcclient', 'winbindd', 'wbinfo --change-secret'
even on multiple cluster nodes doesn't race anymore.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:net_rpc: add net_context->netlogon_creds

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:rpcclient: make use of rpcclient_netlogon_creds instead of cli->netlogon_creds

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>