libads: Fix CID 1356316 Uninitialized pointer read

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s3-auth: check for return code of cli_credentials_set_machine_account().

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Thu Mar 17 20:43:19 CET 2016 on sn-devel-144

s4-smb_server: check for return code of cli_credentials_set_machine_account().

We keep anonymous server_credentials structure in order to let
the rpc.spoolss.notify start it's test server.

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Günther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

s4:rpc_server: require access to the machine account credentials

Even a standalone server should be selfjoined.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

auth/gensec: split out a gensec_verify_dcerpc_auth_level() function

We only need this logic once.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

auth/gensec: make sure gensec_security_by_auth_type() returns NULL for AUTH_TYPE_NONE

ops->auth_type == 0, means the backend doesn't support DCERPC.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

s4:torture/rpc/schannel: don't use validation level 6 without privacy

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

s4:torture/rpc: correctly use torture_skip() for test_ManyGetDCName() without NCACN_NP

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

s4:torture/rpc/samlogon: use DCERPC_SEAL for netr_LogonSamLogonEx and validation level 6

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

s4:torture/rpc/samr: use DCERPC_SEAL in setup_schannel_netlogon_pipe()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

s4:torture/netlogon: add/use test_SetupCredentialsPipe() helper function

This create a schannel connection to netlogon, this makes the tests
more realistic.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

s3:test_rpcclient_samlogon.sh: test samlogon with schannel

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

s3:selftest: rpc.samr.passwords.validate should run with [seal] in order to be realistic

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

selftest: setup information of new samba.example.com CA in the client environment

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

selftest: set tls crlfile if it exist

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

selftest: use Samba::prepare_keyblobs() and use the certs from the new CA

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

selftest: add Samba::prepare_keyblobs() helper function

This copies the certificates from the samba.example.com CA if they
exist.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

selftest: mark commands in manage-CA-samba.example.com.sh as DONE

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

selftest: add CA-samba.example.com binary files (currently unused by Samba)

This patch can be skipped, when it causes problems with tools like 'patch'.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

selftest: add CA-samba.example.com (non-binary) files

The binary files will follow in the next, this allows the next
commit to be skipped as the binary files are not used by samba yet.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

selftest: add config and script to create a samba.example.com CA

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

selftest: add some helper scripts to mange a CA

This is partly based on the SmartCard HowTo from:
https://wiki.samba.org/index.php/Samba_AD_Smart_Card_Login

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

selftest: s!addc.samba.example.com!addom.samba.example.com!

It's confusing to have addc.samba.example.com as domain name
and addc.addc.samba.example.com as hostname.

We now have addom.samba.example.com as domain name
and addc.addom.samba.example.com as hostname.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

ctdb-tests: Add a utility to parse ctdb packets

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Thu Mar 17 13:56:41 CET 2016 on sn-devel-144

ctdb-protocol: Add protocol debug routines

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

ctdb-protocol: Check header is not null before copying

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>

mit-kdb: Add missing SDB_F_FOR_AS_REQ for AS requests

This correctly handles enterprise principals and ticket renewal.

Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Mar 17 07:57:49 CET 2016 on sn-devel-144

mit-kdb: Fix segfault in krb5kdc dereferencing an invalid pointer

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

mit-kdb: Add support for KDB version 8

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

mit-kdb: Add support for bad password count

This fixes the samba4.ldap.password_lockout.python test.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

mit-kdb: Restrict admin/changepw principal db_entry with some flags

Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

mit-kdb: Return 0 in kdb_samba_db_put_principal()

This allows the kadmin server to assume an update of a db_entry has
succeeded (while in fact the update_pwd call did the update already).

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

mit-kdb: Implement KDB function to change passwords

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

mit-kdb: Use calloc to initialize master keylists.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

mit-kdb: Add ks_get_admin_principal() and use it for kadmin users.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

mit-kdb: Add ks_create_principal().

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

mit-kdb: Do not allow to get a kadmin ticket as a client.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

mit-kdb: Add more ks_is_kadmin* functions.

Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

mit-kdb: Use calloc so both authdata elements are zeroed

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

mit-kdb: Do not overwrite the error code in failure case.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

mit-kdb: Add initial MIT KDB Samba driver

Signed-off-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Simo Sorce <idra@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pair-Programmed-With: Simo Sorce <idra@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

wscript: Build the KDC code if we have the AD DC build enabled

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

mit_samba: Setup logging to stdout

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

mit_samba: Add function for handling bad password count

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

mit_samba: Add functions to generate random password and salt.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

mit_samba: Add function to change the password

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

mit_samba: Add ks_is_tgs_principal()

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

mit_samba: Use talloc_zero in mit_samba_context_init().

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

mit_samba: Directly pass the principal and kflags

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

mit_samba: Make mit_samba a shim layer between Samba and KDB

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

mit_samba: Use sdb in the mit_samba plugin

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4-kdc: Introduce a simple sdb_kdb shim layer

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

wscript: detect if we have libkdb5 and kdb.h.

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

krb5-wrap: Use the principal returned by the KDC to create the ccache

We request a TGT in uppercase from the KDC. We turned on
canonicalization for that so the KDC returns the principal in lowercase
cause of this. As we use the uppercase prinicpal to create the ccache we
fail to find the tickets we need later because it is stored in the
incorrect case. You have to use the princial returned by the KDC here.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

smbd: fix use after free via conn->fsp_fi_cache

Some instrumentation of the the durable reconnect
code uncovered a problem in the fsp_new, fsp_free pair:

vfs_default_durable_reconnect():
  fsp_new() ==> this does DLIST_ADD(fsp->conn->sconn->files, fsp)
  if (fsp->oplock_type == LEASE_OPLOCK) {
    find_fsp_lease(fsp, &key, l) ==> this fills conn->fsp_fi_cache
    if (client guids not equal) {
      fsp_free(fsp) ==> this does DLIST_REMOVE(fsp->conn->sconn->files, fsp)
  }

so after this code we have the fsp_fi_cache still pointing to the
free'd memory. The next call to find_fsp_lease will use the cache
and hence access the freed memory.

The fix consists in invalidating the cache in fsp_free() instead
of just in its wrapper file_free().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11799

Pair-Programmed-With: Guenther Deschner <gd@samba.org>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Mar 17 04:31:10 CET 2016 on sn-devel-144

idmap_hash: only allow the hash module for default idmap config.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11786

This module only makes sense as the default idmap config
("idmap config * : backend = hash" ...)

Pair-Programmed-With: Guenther Deschner <gd@samba.org>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

idmap_hash: rename be_init() --> idmap_hash_initialize()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11786

Pair-Programmed-With: Guenther Deschner <gd@samba.org>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s3:winbindd:idmap: check loadparm in domain_has_idmap_config() helper as well.

Guenther

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11786

Pair-Programmed-With: Michael Adam <obnox@samba.org>

Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s3:winbindd:idmap_hash: skip domains that already have their own idmap configuration.

Check if the domain from the list is not already configured to use another idmap
backend. Not checking this makes the idmap_hash module map IDs for *all* domains
implicitly. This is quite dangeorous in multi-idmap-config setups.

Guenther

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11786

Pair-Programmed-With: Michael Adam <obnox@samba.org>

Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s3:winbindd:idmap: add domain_has_idmap_config() helper function.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11786

Pair-Programmed-With: Guenther Deschner <gd@samba.org>

Signed-off-by: Michael Adam <obnox@samba.org>
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

build: fix build when --without-quota specified

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11798

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: remove quota support for some ancient OSs

Remove quota support for SunOS4 and VxFS on Solaris 2

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

samba3.blackbox.smbclient_auth.plain: Add new regression test case.

Test case covers commit:
96a49d23a4caebefcea66cfb855fadbae12ccf7c

Test case covers segfault of smbclient binary when
client NTLMv2 auth = yes
client use spnego = no
client max protocol = NT1
options are used.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11793
RH BUG: http://bugzilla.redhat.com/show_bug.cgi?id=1271763

How to test:
$ make -j test TESTS="samba3.blackbox.smbclient_auth.plain"
RESULD: Should PASS
$ git revert 96a49d23a4caebefcea66cfb855fadbae12ccf7c
$ make -j test TESTS="samba3.blackbox.smbclient_auth.plain"
RESULT: Should FAIL
(and you can see segfault in dmesg)

Signed-off-by: Robin Hack <rhack@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Mar 16 18:29:10 CET 2016 on sn-devel-144

ldb-samba:wscript: python_samba__ldb depends on pyauth

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11789

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Mar 16 01:34:29 CET 2016 on sn-devel-144

s3:wscript: pylibsmb depends on pycredentials

The need for pytalloc-util was based on the fact that
pycredentials depends on pytalloc-util.

As pylibsmb only used pycredentials and not pytalloc-util directly,
we should depend on pycredentials.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11789

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

smbd: enable multi-channel if 'server multi channel support = yes' in the config

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Tue Mar 15 20:58:19 CET 2016 on sn-devel-144

param: add parameter "server multi channel support", defaults to off.

Guenther

Pair-Programmed-With: Michael Adam <obnox@samba.org>

Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3: vfs: vfs_xattr_tdb - cleanup. Remove unneeded variable "path".

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Tue Mar 15 11:45:19 CET 2016 on sn-devel-144

s3:vfs: Change get_acl_blob() to take a const smb_filename * parameter from const char *.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

s3:smbd: Change refuse_symlink() to take a const smb_filename * parameter from const char *.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

s3:smbd: Change get_ea_names_from_file() to take a const smb_filename * parameter from const char *.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

s3:smbd: Change get_ea_list_from_file_path() to take a const smb_filename * parameter from const char *.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

s3: smbd: Change canonicalize_ea_name() to take a const smb_filename * parameter from const char *.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

s3: smbd: Reformatting - remove unneeded const char *fname variable.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

s3:vfs: vfs_streams_xattr.c: Change walk_xattr_streams() to const struct smb_filename * from const char *.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

s3:vfs: vfs_streams_xattr.c - Remove duplicate code. This is exactly vfs_stat_smb_basename().

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

s3: vfs: vfs_solarisacl. refuse_symlink() means we can always use STAT here.

For a posix acl call on a symlink, we've already refused it.
For a Windows acl mapped call on a symlink, we want to follow
it.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

s3: vfs: vfs_hpuxacl. refuse_symlink() means we can always use STAT here.

For a posix acl call on a symlink, we've already refused it.
For a Windows acl mapped call on a symlink, we want to follow
it.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

build: mark explicit dependencies on pytalloc-util

All subsystems that include pytalloc.h need to link against
pytalloc-util.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11789

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Tue Mar 15 07:08:16 CET 2016 on sn-devel-144

build: improve comments in tests/oldquotas.c

Add comments to #else and #endif

Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar 15 02:18:15 CET 2016 on sn-devel-144

s3:vfs: Change smbacl4_GetFileOwner() to take const struct smb_filename * from const char *.

Preparing to remove vfs_stat_smb_basename() call.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <rb@sernet.de>

s3:smbd:vfs: Change posix_get_nt_acl() from const char * to const struct smb_filename *.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <rb@sernet.de>

s3:smbd:vfs: Change smb_get_nt_acl_nfs4() to take a const struct smb_filename *.

Push the struct further down closer to places that use
lp_posix_pathname() functions.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <rb@sernet.de>

s3:smbd: Fix build for vfs_aixacl2.c.

Missed conversion of get_nt_acl_fn from const char *
to const struct smb_filename *.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <rb@sernet.de>

s3: smbd: Remove the last lp_posix_pathnames() in the rename path.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <rb@sernet.de>

smbd:smb2: remove an unnecessary !! cast.

Casting to bool is done implcitly upon assignment.
Thanks to Ralph for pointing this out!

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Mon Mar 14 23:01:31 CET 2016 on sn-devel-144

s3:libnet:libnet_join: update msDS-SupportedEncryptionTypes (if required) with machine creds.

Guenther

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11755

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Guenther Deschner <gd@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Mar 14 19:38:48 CET 2016 on sn-devel-144

s3:libnet:libnet_join: fill in output enctypes and only modify when necessary.

Guenther

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11755

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:libnet:libnet_join: define list of desired encryption types only once.

Guenther

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11755

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:librpc:idl:libnet_join: add encryption types to libnet_JoinCtx.

Guenther

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11755

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:libnet:libnet_join: always try to create machineaccount via LDAP first.

Guenther

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11755

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:libads:ldap: fix ads_check_ou_dn to deal with account_ou not being initialized

Guenther

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11755

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:libads:ndr: add ADS_AUTH_USER_CREDS to ndr_print_ads_auth_flags()

Guenther

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11755

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:libads:ldap: print LDAP error message with log level 10.

Guenther

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11755

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

s3:libnet:libnet_join: prepare to allow connecting with machine creds.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11755

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Partly revert "s3:libads: setup the msDS-SupportedEncryptionTypes attribute on ldap_add"

This partly reverts commit 0c74d62524db376b6a3fac00c688be0cdffcaa80.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11755

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

tests: Allow alternative error code for backupkey test

It appears that incorrect decryption triggers a different error code,
causing a test which fails every now and again, as sometimes the invalid
data will parse as a SID, and so pass one of the checks.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Mon Mar 14 03:55:16 CET 2016 on sn-devel-144

dsdb/repl: Ensure we use the LOCAL attid value, not the remote one

The key here is that while this never was an issue for builtin schema,
nor for objects with an msDS-IntID used outside the schema partition,
additional attributes added and used in the schema partition were
incorrectly using the wrong attributeID value in the replPropertyMetaData.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11783

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sun Mar 13 23:29:14 CET 2016 on sn-devel-144

s4:torture/lsa: improve debug message

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

s3:winbindd: don't unclude two '\0' at the end of the domain list

This avoids a scary "trustdom_list_done: Got invalid trustdom response" message.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11782

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>