VERSION: Disable GIT_SNAPSHOT for the 4.15.6 release.

Signed-off-by: Jule Anger <janger@samba.org>

WHATSNEW: Add release notes for Samba 4.15.6.

Signed-off-by: Jule Anger <janger@samba.org>

s3: smbd: Fix our leases code to return the correct error in the non-dynamic share case.

We now return INVALID_PARAMETER when trying to open a
different file with a duplicate lease key on the same
(non-dynamic) share. This will enable us to pass another
Windows test suite leases test.

We now behave the same as Windows10.

Remove knownfail.d/smb2-lease-duplicateopen

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14737

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Feb 18 20:12:12 UTC 2022 on sn-devel-184

(cherry picked from commit 408be54323861c24b6377b804be4428cf45b471e)

Autobuild-User(v4-15-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-15-test): Mon Mar  7 14:34:46 UTC 2022 on sn-devel-184

s4: torture: Add new SMB2 lease test test_lease_duplicate_open().

Checks we return INVALID_PARAMETER when trying to open a
different file with a duplicate lease key on the same share.

Checked against Windows10. Currently fails against smbd
so add knownfail.d/smb2-lease-duplicateopen

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14737

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
(cherry picked from commit ca3896b6f8bbcad68f042720feceedfa29ddbd83)

s4: torture: Add new SMB2 lease test test_lease_duplicate_create().

Checks we return INVALID_PARAMETER when trying to create a
new file with a duplicate lease key on the same share.

Checked against Windows10. Samba already passes this
but we didn't have a test before.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14737

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: David Mulder <dmulder@suse.com>
(cherry picked from commit bf22548d11fe67ea3f4ec10dff81773d626e4703)

s3:trusts_utils: use a password length of 120 for machine accounts

This is important when we change the machine password against
an RODC that proxies the request to an RWDC.

An RODC using NetrServerPasswordSet2() to proxy PasswordUpdateForward via
NetrLogonSendToSam() ignores a return of NT_STATUS_INVALID_PARAMETER
and reports NT_STATUS_OK as result of NetrServerPasswordSet2().
This hopefully found the last hole in our very robust machine account
password handling logic inside of trust_pw_change().

The lesson is: try to be as identical to how windows works as possible,
everything else may use is untested code paths on Windows.

A similar problem was fixed by this commit:

    commit 609ca657652862fd9c81fd11f818efb74f72ff55
    Author: Joseph Sutton <josephsutton@catalyst.net.nz>
    Date:   Wed Feb 24 02:03:25 2021 +1300

        provision: Decrease the length of random machine passwords

        The current length of 128-255 UTF-16 characters currently causes
        generation of crypt() passwords to typically fail. This commit
        decreases the length to 120 UTF-16 characters, which is the same as
        that used by Windows.

        BUG: https://bugzilla.samba.org/show_bug.cgi?id=14621

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14984

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Feb 23 08:49:54 UTC 2022 on sn-devel-184

(cherry picked from commit 5e2386336c49fab46c1192db972af5da1e916b32)

upgradehelpers.py: add a comment to update_krbtgt_account_password()

The backend generates its own random krbtgt password values.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14984

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit ad0b5561b492dfa28acfc9604b2358bb8b490703)

provision: add a comment that the value of krbtgtpass is ignored in the backend

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14984

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 725c94d57d3d656bc94633dacbac683a4c11d3e6)

upgradehelpers.py: let update_machine_account_password() use 120 character passwords

We already changed provision to use 120 character passwords with commit
609ca657652862fd9c81fd11f818efb74f72ff55.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14984

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 6bb7c0f24918329804b7f4fb71908e8fab99e266)

provision: use 120 characters for the dns account password

We should use the same as for the computer account.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14984

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 3b91be36581de1007427d539daffdaa62752412d)

samba-tool/join_member: let py_net_join_member() choose the password

It means we'll let trust_pw_new_value() generate the password.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14984

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 59ac782452c4993274fa837256a8b9c5675e707b)

s3:py_net: allow machinepass=None to py_net_join_member()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14984

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(similar to commit 576bdb08c51c47c390cc390fbefdcfee275b7f0f)

s4/auth/simple_bind: correctly report TLS state

It went wrong in 366f8cf0903e3583fda42696df62a5337f22131f

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jan 26 12:39:52 UTC 2022 on sn-devel-184

(cherry picked from commit 309f1982263677045d407463eb19a2444c165a63)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14996

Autobuild-User(v4-15-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-15-test): Mon Mar  7 09:28:54 UTC 2022 on sn-devel-184

pytest:auth_log: expect TLS connections when using ldaps

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
(cherry picked from commit f37682747898591b37405f9e96a8135c15638637)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14996

smbd: Fix a use-after-free

stat_cache_lookup() allocates its result on top of talloc_tos().
filename_convert_smb1_search_path() creates a talloc_stackframe(),
which makes the names which were supposed to be allocated on the "ctx"
parameter of filename_convert_smb1_search_path() go away too
early. Reparent the results from stat_cache_lookup() properly.

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14989

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Mar  1 20:59:55 UTC 2022 on sn-devel-184

(cherry picked from commit 8c97743511e4d53f795f2469a28aabfb96da0dfa)

Autobuild-User(v4-15-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-15-test): Wed Mar  2 12:27:47 UTC 2022 on sn-devel-184

s4:sam: Don't use talloc_steal for msg attributes in authsam_make_user_info_dc()

This is most likely not a problem for the current callers,
but that it is unexpected and will likely cause problems with future
changes.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14993
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14995

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit f6fe86924c2ca756083d3628d5dbace0b12d06b0)

waf: re-add missing readlink test

this was another portability regression that came with the moving to waf

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13631

Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Feb 18 23:12:51 UTC 2022 on sn-devel-184

(cherry picked from commit 45cb14ac80889ac913f7f76dbfaebcb4d5ee14fd)

Autobuild-User(v4-15-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-15-test): Sun Feb 27 17:34:42 UTC 2022 on sn-devel-184

readlink test: inverse return code

We need to return 0 in case readlink is *broken* here - this is because our waf
CHECK_CODE function does only allow generating defines in case the test succeeds

BUG: https://bugzilla.samba.org/show_bug.cgi?id=13631

Signed-off-by: Bjoern Jacke <bj@sernet.de>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit e225ab70db0cc01454d319eaca5265d7e33f396c)

vfs_aixacl: add proper header file

BUG: https://bugzilla.samba.org/show_bug.cgi?id=7239

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 396c17160c19c6df43123074bf62268c6ed0f9e4)

wscript: s/default/required/ _static_modules for the acl modules

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14974

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 89e903985b6968c5becc69b757b23144b1aba66e)

acl: fix function arguments for AIX' and Solaris' sys_acl_get_fd()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14974

Signed-off-by: Bjoern Jacke <bjacke@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 183ab5ced8377b63ad07d2e810396d3b414f4a7d)

s3:winbind: Use the canonical principal name to renew the credentials

The principal name stored in the winbindd ccache entry might be an
enterprise principal name if enterprise principals are enabled. Use
the canonical name to renew the credentials.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14979

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 8246ccc23d064147412bb3475e6431a9fffc0d27)

Autobuild-User(v4-15-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-15-test): Sun Feb 27 10:31:47 UTC 2022 on sn-devel-184

s3:winbind: Store canonical principal and realm in ccache entry

They will be used later to refresh the tickets.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14979

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 0f4f330773d272b4d28ff3ba5a41bdd4ba569c8b)

s3:libads: Return canonical principal and realm from kerberos_return_pac()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14979

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 00b1f44a7e8f66976757535bcbc6bea97fb1c29f)

lib:krb5_wrap: Fix wrong debug message and use newer debug macro

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 1b5b4107a5081f15ba215f3025056d509fcfcf2a)

lib:krb5_wrap: Improve debug message and use newer debug macro

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit ed14513be055cc56eb39785323df2c538a813865)

s3:libads: Fix memory leak in kerberos_return_pac() error path

Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 3dbcd20de98cd28683a9c248368e5082b6388111)

docs-xml: Fix idmap_autorid documentation

What we want to avoid:

$ ./bin/testparm -s | grep "idmap config"
        idmap config * : rangesize = 10000
        idmap config * : range = 10000-19999
        idmap config * : backend = autorid

$ ./bin/wbinfo --name-to-sid BUILTIN/Administrators
S-1-5-32-544 SID_ALIAS (4)

$ ./bin/wbinfo --sid-to-gid S-1-5-32-544
10000

$ ./bin/wbinfo --name-to-sid ADDOMAIN/alice
S-1-5-21-4058748110-895691256-3682847423-1107 SID_USER (1)

$ ./bin/wbinfo --sid-to-gid S-1-5-21-984165912-589366285-3903095728-1107
failed to call wbcSidToGid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert sid S-1-5-21-984165912-589366285-3903095728-1107 to gid

If only one range is configured we are either not able to map users/groups
from our primary *and* the BUILTIN domain. We need at least two ranges to also
cover the BUILTIN domain!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14967

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit 7e5afd8f1f7e5cfab1a8ef7f4293ac465b7cd8de)

Autobuild-User(v4-15-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-15-test): Fri Feb 18 09:06:02 UTC 2022 on sn-devel-184

s3:utils: Add a testparm check for idmap autorid

What we want to avoid:

$ ./bin/testparm -s | grep "idmap config"
        idmap config * : rangesize = 10000
        idmap config * : range = 10000-19999
        idmap config * : backend = autorid

$ ./bin/wbinfo --name-to-sid BUILTIN/Administrators
S-1-5-32-544 SID_ALIAS (4)

$ ./bin/wbinfo --sid-to-gid S-1-5-32-544
10000

$ ./bin/wbinfo --name-to-sid ADDOMAIN/alice
S-1-5-21-4058748110-895691256-3682847423-1107 SID_USER (1)

$ ./bin/wbinfo --sid-to-gid S-1-5-21-984165912-589366285-3903095728-1107
failed to call wbcSidToGid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert sid S-1-5-21-984165912-589366285-3903095728-1107 to gid

If only one range is configured we are either not able to map users/groups
from our primary *and* the BUILTIN domain. We need at least two ranges to also
cover the BUILTIN domain!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14967

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit db6d4da3411a910e7ce45fe1fecfabf2864eb9f4)

s3:winbindd: Add a sanity check for the range

What we want to avoid:

$ ./bin/testparm -s | grep "idmap config"
        idmap config * : rangesize = 10000
        idmap config * : range = 10000-19999
        idmap config * : backend = autorid

$ ./bin/wbinfo --name-to-sid BUILTIN/Administrators
S-1-5-32-544 SID_ALIAS (4)

$ ./bin/wbinfo --sid-to-gid S-1-5-32-544
10000

$ ./bin/wbinfo --name-to-sid ADDOMAIN/alice
S-1-5-21-4058748110-895691256-3682847423-1107 SID_USER (1)

$ ./bin/wbinfo --sid-to-gid S-1-5-21-984165912-589366285-3903095728-1107
failed to call wbcSidToGid: WBC_ERR_DOMAIN_NOT_FOUND
Could not convert sid S-1-5-21-984165912-589366285-3903095728-1107 to gid

If only one range is configured we are either not able to map users/groups
from our primary *and* the BUILTIN domain. We need at least two ranges to also
cover the BUILTIN domain!

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14967

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
(cherry picked from commit fe84ae5547313e482ea0eba8ddca5b38a033dc8f)

smbd: Safeguards for getpwuid

Attempt to fix

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14900

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 929ccd3d1afb864ea715fa4d3d8af8f997e5d2aa)

Autobuild-User(v4-15-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-15-test): Tue Feb 15 08:57:55 UTC 2022 on sn-devel-184

s3:modules: Fix virusfilter_vfs_openat

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Feb 10 22:09:06 UTC 2022 on sn-devel-184

(cherry picked from commit 3f1c958f6fa9d2991185f4e281a377a295d09f9c)

Autobuild-User(v4-15-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-15-test): Mon Feb 14 11:35:40 UTC 2022 on sn-devel-184

s3:selftest: Add test for virus scanner

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit a25c714c34d3e00e0f3c29d2acfa98cf9cdbc544)

selftest: Fix trailing whitespace in Samba3.pm

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 547b4c595a8513a4be99177edbaa39ce43840f7a)

docs-xml:manpages: Document 'dummy' virusfilter and 'virusfilter:infected files'

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 2fd518e5cc63221c162c9b3f8526b9b7c9e34969)

s3:modules: Implement dummy virus scanner that uses filename matching

Bug: https://bugzilla.samba.org/show_bug.cgi?id=14971

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 9f34babec7c6aca3d91f226705d3b3996792e5f1)

selftest: Do not force -d0 for smbd/nmbd/winbindd

We have the env variable SERVER_LOG_LEVEL which allows you to change
the log level on the command line. If we force -d0 this will not work.

make test TESTS="samba" SERVER_LOG_LEVEL=10

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit 9693f7ea7383c6a51ab58b7c8255b30206f18a3b)

libcli/smb: let smb2_signing_decrypt_pdu() cope with gnutls_aead_cipher_decrypt() ptext_len bug

The initial implementation of gnutls_aead_cipher_decrypt() had a bug and
used:
    *ptext_len = ctext_len;
instead of:
    *ptext_len = ctext_len - tag_size;

This got fixed with gnutls 3.5.2.

As we only require gnutls 3.4.7 we need to cope with this...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14968

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Feb  2 18:29:08 UTC 2022 on sn-devel-184

(cherry picked from commit 735f3d7dde3daf5d0af2e8a1de60422b88663992)

Autobuild-User(v4-15-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-15-test): Sun Feb 13 10:12:22 UTC 2022 on sn-devel-184

libcli/smb: fix error checking in smb2_signing_decrypt_pdu() invalid ptext_len

When the ptext_size != m_total check fails, we call this:

   status = gnutls_error_to_ntstatus(rc, NT_STATUS_INTERNAL_ERROR);
   goto out;

As rc is 0 at that point we'll exit smb2_signing_decrypt_pdu()
with NT_STATUS_OK, but without copying the decrypted data
back into the callers buffer. Which leads to strange errors
in the caller.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14968

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 99182af4ab5a3413311e27c2a193e09babceb01c)

selftest/quick: add smb2.session

We run the quicktest on each linux distro as part of samba-o3 builds.

We should make sure smb2 signing/enctyption works on all of them
and all different system libraries.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14968

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 68e62962b08497da8359ddbe4324443818c05cd1)

s3/libads: ensure a sockaddr variable is correctly zero initialized

is_zero_addr() doesn't work with addresses that have been zero-initialized.

This fixes the logic added in c863cc2ba34025731a18ac735f714b5b888504da.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14674
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2354

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Feb  8 20:24:12 UTC 2022 on sn-devel-184

(cherry picked from commit 3ee690455eb963dedc7955b79316481387d4ac8c)

Autobuild-User(v4-15-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-15-test): Wed Feb  9 12:35:08 UTC 2022 on sn-devel-184

s3/libads: simplify storing existing ads->ldap.ss

We just need temporal storage for ads->ldap.ss, no need to store it as a struct
samba_sockaddr.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14674
MR: https://gitlab.com/samba-team/samba/-/merge_requests/2354

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
(cherry picked from commit c266ed40aeb1b1f59a1811cd4511e32e44a4a719)

s3: libsmb: Call cli_dfs_target_check() from cli_smb2_rename_send().

Strips off any DFS prefix from the target if passed in.

Remove knownfail selftest/knownfail.d/msdfs-rename.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Fri Feb  4 12:02:36 UTC 2022 on sn-devel-184

(cherry picked from commit b9b82f3611c56e837e9189f5275ae9a78e647262)

Autobuild-User(v4-15-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-15-test): Wed Feb  9 09:22:03 UTC 2022 on sn-devel-184

s3: libsmb: Call cli_dfs_target_check() from cli_cifs_rename_send().

Strips off any DFS prefix from the target if passed in.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit 4473aea926fe4ddd23a6e0913009bb1a0a1eaa90)

s3: libsmb: Call cli_dfs_target_check() from cli_smb1_rename_send().

Strips off any DFS prefix from the target if passed in.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit dd0317f6ecb572a80893405daa83e079dbcdf113)

s3: libsmb: Call cli_dfs_target_check() from cli_ntrename_internal_send().

Currently we don't pass MSDFS names as targets here, but a caller
may erroneously do this later, and for non-DFS names this is a no-op.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit cf3e5724422d8becd045542be196dfea6ac9ec2b)

s3: libsmb: Call cli_dfs_target_check() from cli_smb2_hardlink_send().

Currently we don't pass MSDFS names as targets here, but a caller
may erroneously do this later, and for non-DFS names this is a no-op.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit 4bdbe3c2fc0c35635474ae526896b28f55142aca)

s3: libsmb: Add cli_dfs_target_check() function.

Strips any DFS prefix from a target name that will be passed
to an SMB1/2/3 rename or hardlink call. Returns a pointer
into the original target name after the prefix. Not yet used.

If the incoming filename is *NOT* a DFS prefix, the
original filename is returned unchanged.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit 2abba0ea109d7a3a0b0cb4a7030293f70c2d9d8a)

s3: tests: Add a new test test_msdfs_rename() that does simple renames on MSDFS root shares.

We fail this on SMB2 for a subtle reason.

Our client code called from smbclient only sets the SMB2_HDR_FLAG_DFS flag
in the outgoing packet on the SMB2_CREATE call, and SMB2 rename does the
following operations:

SMB2_CREATE(src_path) // We set SMB2_HDR_FLAG_DFS here for a MSDFS share.
SMB2_SETINFO: SMB2_FILE_RENAME_INFO(dst_path). // We don't set SMB2_HDR_FLAG_DFS

However, from smbclient, dst_path is a MSDFS path but we don't set the flag,
so even though the rename code inside smbd will cope with a MSDFS path
(as used in the SMB1 SMBmv call) it fails as the correct flag isn't set.

Add knownfail selftest/knownfail.d/msdfs-rename.

Note we need to add the new test to "selftest/knownfail.d/smb1-tests"
as test_smbclient_s3.sh is run against the (ad_member|nt4_member)
environments first using NT1 (SMB1) protocol and then using SMB3,
but the (ad_member|nt4_member) environments don't support SMB1.
Seems a bit strange to me, but all the other SMB1 tests inside
test_smbclient_s3.sh have already been added to "selftest/knownfail.d/smb1-tests"
so just go with the test environment.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit 44cc9fb0e01b3635804f41e03f9b20afc3bfe36c)

s3: tests: Add a new test test_msdfs_hardlink() that does simple hardlinks on MSDFS root shares.

We pass this already as the cmd_hardlink in smbclient doesn't
do the DFS path conversion on the hardlink target. But it's
good to have the test.

Note we need to add the new test to "selftest/knownfail.d/smb1-tests"
as test_smbclient_s3.sh is run against the (ad_member|nt4_member)
environments first using NT1 (SMB1) protocol and then using SMB3,
but the (ad_member|nt4_member) environments don't support SMB1.
Seems a bit strange to me, but all the other SMB1 tests inside
test_smbclient_s3.sh have already been added to "selftest/knownfail.d/smb1-tests"
so just go with the test environment.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14169

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Noel Power <npower@samba.org>
(cherry picked from commit d7deb876053ef45313026b4dea9ee1b376153611)

lib: libsmbclient: Ensure cli_rename() always sets cli->raw_status.

Identical change as used in cli_unlink(), cli_mkdir(), cli_rmdir()
cli_chkpath() to ensure SMB2 calls correctly set raw_status for
libsmbclient uses.

Remove knownfail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14938

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Feb  2 21:50:31 UTC 2022 on sn-devel-184

(cherry picked from commit ca60f6350d566b7ecc822bcbb44fb65a1d150bbe)

Autobuild-User(v4-15-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-15-test): Fri Feb  4 08:09:02 UTC 2022 on sn-devel-184

s4: test: Add samba4.libsmbclient.rename test. Currently fails for SMB3.

Add knownfail.d/libsmbclient_rename

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14938

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
(cherry picked from commit 0ecc58858360bcc0181a02e52ada3e8327f97c5b)

pam_winbind: add new pwd_change_prompt option (defaults to off).

This change disables the prompt for the change of an expired password by
default (using the PAM_RADIO_TYPE mechanism if present).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=8691

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 20c85cc1da8d8c7f1932fbdd92128bb6dafad472)

VERSION: Bump version up to Samba 4.15.6...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Merge tag 'samba-4.15.5' into v4-15-test

samba: tag release samba-4.15.5

VERSION: Disable GIT_SNAPSHOT for the 4.15.5 release.

Signed-off-by: Jule Anger <janger@samba.org>

WHATSNEW: Add release notes for Samba 4.15.5.

Signed-off-by: Jule Anger <janger@samba.org>

CVE-2021-44141: s3: smbd: Inside rename_internals_fsp(), we must use vfs_stat() for existence, not SMB_VFS_STAT().

We need to take SMB1+POSIX into account here and do an LSTAT if it's
a POSIX name.

Remove knownfail.d/posix_sylink_rename

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

CVE-2021-44141: s3: torture: Add a test samba3.blackbox.test_symlink_rename.SMB1.posix that shows we still leak target info across a SMB1+POSIX rename.

Add a knownfail.d/posix_sylink_rename

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

CVE-2021-44141: s3: smbd: Fix a subtle bug in the error returns from filename_convert().

If filename_convert() fails to convert the path, we never call
check_name(). This means we can return an incorrect error code
(NT_STATUS_ACCESS_DENIED) if we ran into a symlink that points
outside the share to a non-readable directory. We need to make
sure in this case we always call check_name().

Remove knownfail.d/symlink_traversal.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

CVE-2021-44141: s3: smbd: Inside check_reduced_name() ensure we return the correct error codes when failing symlinks.

NT_STATUS_OBJECT_PATH_NOT_FOUND for a path component failure.
NT_STATUS_OBJECT_NAME_NOT_FOUND for a terminal component failure.

Remove:

samba3.blackbox.test_symlink_traversal.SMB1.posix
samba3.blackbox.smbclient_s3.*.Ensure\ widelinks\ are\ restricted\(.*\)
samba3.blackbox.smbclient_s3.*.follow\ symlinks\ \=\ no\(.*\)

in knownfail.d/symlink_traversal as we now pass these. Only one more fix
remaining to get rid of knownfail.d/symlink_traversal completely.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

CVE-2021-44141: s3: smbd: For SMB1+POSIX clients trying to open a symlink, always return NT_STATUS_OBJECT_NAME_NOT_FOUND.

Matches the error return from openat_pathref_fsp().

NT_STATUS_OBJECT_PATH_NOT_FOUND is for a bad component in a path, not
a bad terminal symlink.

Remove knownfail.d/simple_posix_open, we now pass.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

CVE-2021-44141: s3: torture: Change expected error return for samba3.smbtorture_s3.plain.POSIX.smbtorture.

Trying to open a symlink as a terminal component should return
NT_STATUS_OBJECT_NAME_NOT_FOUND, not NT_STATUS_OBJECT_PATH_NOT_FOUND.

Mark as knownfail.d/simple_posix_open until we fix the server.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

CVE-2021-44141: s3: torture: In test_smbclient_s3, change the error codes expected for test_widelinks() and test_nosymlinks() from ACCESS_DENIED to NT_STATUS_OBJECT_NAME_NOT_FOUND.

For SMB1/2/3 (minus posix) we need to treat bad symlinks
as though they don't exist.

Add to knwownfail.d/symlink_traversal

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

CVE-2021-44141: s3: torture: Add samba3.blackbox.test_symlink_traversal.SMB1.posix

Add to knownfail.d/symlink_traversal.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

CVE-2021-44141: s3: torture: Add samba3.blackbox.test_symlink_traversal.SMB1.

Add to knownfail.d/symlink_traversal.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

CVE-2021-44141: s3: torture: Add samba3.blackbox.test_symlink_traversal.SMB2.

Add to knownfail.d/symlink_traversal

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

CVE-2021-44141: s3: smbtorture3: Fix POSIX-BLOCKING-LOCK to actually negotiate SMB1+POSIX before using POSIX calls.

This must be done before doing POSIX calls on a connection.

Remove the final entry in knownfail.d/posix_infolevel_fails

    samba3.smbtorture_s3.plain.POSIX-BLOCKING-LOCK.smbtorture\(nt4_dc_smb1\)

And remove the file knownfail.d/posix_infolevel_fails itself.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

CVE-2021-44141: s3: tests: Fix the samba3.blackbox.acl_xattr test to actually negotiate SMB1+POSIX before using POSIX calls.

Remove the following entries in knownfail.d/posix_infolevel_fails.

    samba3.blackbox.acl_xattr.NT1.nt_affects_posix.*
    samba3.blackbox.acl_xattr.NT1.nt_affects_chown.*
    samba3.blackbox.acl_xattr.NT1.nt_affects_chgrp.*

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

CVE-2021-44141: s3: tests: Fix the samba3.blackbox.inherit_owner test to actually negotiate SMB1+POSIX before using POSIX calls.

Remove the following entry in knownfail.d/posix_infolevel_fails.

samba3.blackbox.inherit_owner.*.NT1.*verify.*unix\ owner.*

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

CVE-2021-44141: s4: torture: Fix unix.info2 test to actually negotiate SMB1+POSIX before using POSIX calls.

Cope with the minor difference in wildcard search return when
we're actually using SMB1+POSIX on the server (SMB1+POSIX treats
all directory search paths as wildcards).

Remove the following entries in knownfail.d/posix_infolevel_fails.

samba3.unix.info2.info2\(nt4_dc_smb1\)
        samba3.unix.info2.info2\(ad_dc_smb1\)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

CVE-2021-44141: s4: torture: Fix raw.search:test_one_file() by using the SMB1+POSIX connection for POSIX info levels.

Remove the following entry in knownfail.d/posix_infolevel_fails.

^samba3.raw.search.one\ file\ search.*

from knownfail.d/posix_infolevel_fails

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

CVE-2021-44141: s4: torture: raw.search: Add setup_smb1_posix(). Call it on the second connection in test_one_file().

Not yet used.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

CVE-2021-44141: s4: torture: In raw.search:test_one_file() add a second connection.

Change from torture_suite_add_1smb_test() to torture_suite_add_2smb_test().

Not yet used. We will need this to do SMB1+POSIX search calls on
a connection on which we have negotiated SMB1+POSIX.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

CVE-2021-44141: s3: smbclient: Give a message if we try and use any POSIX command without negotiating POSIX first.

Ensure we only use a POSIX command if POSIX is set up.
Issue the message: Command "posix" must be issued before the "XXXX" command can be used.
After the parameter parsing has been done.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

CVE-2021-44141: s3: smbd: Tighten up info level checks for SMB1+POSIX to make sure POSIX was negotiated first.

Add knownfail file

knownfail.d/posix_infolevel_fails

for tests that don't currently negotiate
SMB1+POSIX before using SMB1+POSIX calls.

These are:

samba3.smbtorture_s3.plain.POSIX-BLOCKING-LOCK.smbtorture\(nt4_dc_smb1\)
samba3.blackbox.acl_xattr.NT1.nt_affects_posix.*
samba3.blackbox.acl_xattr.NT1.nt_affects_chown.*
samba3.blackbox.acl_xattr.NT1.nt_affects_chgrp.*
samba3.blackbox.inherit_owner.*.NT1.*verify.*unix\ owner.*
samba3.unix.info2.info2\(nt4_dc_smb1\)
samba3.unix.info2.info2\(ad_dc_smb1\)
samba3.raw.search.one\ file\ search.*

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

CVE-2021-44141: s4: torture: In raw.search:test_one_file() remove the leading '\\' in the test filenames.

We'll soon be using this under SMB1+POSIX and neither Windows or POSIX
need a leading '\\' (and SMB1+POSIX sees the '\\' as part of the name).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

CVE-2021-44141: s4: torture: Fix raw.search:test_one_file() to use torture_result() instead of printf.

I think this test pre-dates torture_result.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

CVE-2021-44141: s3: smbd: Remove 'struct uc_state' name_has_wildcard element.

It is never set or looked at.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

CVE-2021-44141: s3: smbd: In unix_convert_step_stat() remove use of state->name_was_wildcard.

It can never be true.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

CVE-2021-44141: s3: smbd: In unix_convert_step() remove all use of 'state->name_was_wildcard'

We know it is never true.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

CVE-2021-44141: s3: smbd: In unix_convert() remove the now unneeded block indentation.

We removed the 'if (state->name_has_wildcard) {' clause, so
the block no longer needs indenting.

Best seen with git show -b.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

CVE-2021-44141: s3: smbd: In unix_convert(), remove all references to state->name_has_wildcard.

It is never set.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

CVE-2021-44141: s3: smbd: Inside unix_convert(), never set state->name_is_wildcard.

We error out immediately if it's set anyway.
Preparing to remove 'state->name_is_wildcard' structure element.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

CVE-2021-44141: s3: smbd: UCF_ALWAYS_ALLOW_WCARD_LCOMP 0x00000002 is no longer used.

Hurrah !

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

CVE-2021-44141: s3: smbd: We no longer need determine_path_error().

Now we don't have to consider wildcards just
return NT_STATUS_OBJECT_PATH_NOT_FOUND for
the cases we used to call it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

CVE-2021-44141: s3: smbd: Inside 'struct uc_state', remove allow_wcard_last_component.

This is never allowed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

CVE-2021-44141: s3: smbd: filename_convert() no longer deals with wildcards.

These are already errored out with NT_STATUS_OBJECT_NAME_INVALID
in the unix_convert() code.

Remove the check.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

CVE-2021-44141: s3: smbd: parse_dfs_path() can ignore wildcards.

If one is passed to filename_convert(), it will error out there
with NT_STATUS_OBJECT_NAME_INVALID.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

CVE-2021-44141: s3: smbd: Remove 'bool search_wcard_flag' from parse_dfs_path().

Never set.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

CVE-2021-44141: s3: smbd: dfs_path_lookup() no longer deals with wildcards.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

CVE-2021-44141: s3: smbd: Fix call_trans2findfirst() to use filename_convert_smb1_search_path().

filename_convert() no longer has to handle wildcards.
UCF_ALWAYS_ALLOW_WCARD_LCOMP is now unused.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

CVE-2021-44141: s3: smbd: Convert reply_search() to use filename_convert_smb1_search_path().

Cleans up this code path nicely !

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

CVE-2021-44141: s3: smbd: Add filename_convert_smb1_search_path() - deals with SMB1 search pathnames.

SMB1search and trans2 findfirst are unique in that
they are the only passed in pathnames that can contain
a terminal wildcard component.

Deal with these two special cases with this new function
that strips off the terminal wildcard and returns as
the mask, and pass the non-wildcard parent directory
component through the standard filename_convert().

Uses new helper function strip_gmt_from_raw_dfs().

When SMB1search and trans2 findfirst have been
converted to use this function, we can strip all
wildcard handling out of filename_convert() as
we now know it will only ever be given valid
pathnames.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

CVE-2021-44141: s3: smbd: Allow dfs_redirect() to return a TWRP token it got from a parsed pathname.

This one is subtle. If an SMB1 request has both a DFS path and a @GMT token,
the unix_convert() inside the DFS path processing will remove the @GMT
token, not allowing the subsequent unix_convert() inside filename_convert()
to see it. By returning it from dfs_redirect() we can ensure it's correctly
added to the smb_filename returned from filename_convert().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

CVE-2021-44141: s3: smbd: In dfs_path_lookup(). If we have a DFS path including a @GMT-token, don't throw away the twrp value when parsing the path.

Not yet used.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

CVE-2021-44141: s3: smbd: filename_convert() is now a one-to-one wrapper around filename_convert_internal().

Remove filename_convert() and rename filename_convert_internal() -> filename_convert().
Move the old DEBUG(..) statements to DBG_XXX() so they don't print the wrong name.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

CVE-2021-44141: s3: smbd: Remove now unused check_reduced_name_with_privilege().

We now only have one function that does this check (check_reduced_name()),
used everywhere.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

CVE-2021-44141: s3: smbd: Remove unused check_name_with_privilege().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>

CVE-2021-44141: s3: smbd: In filename_convert_internal(), remove call to check_name_with_privilege().

We now always pass NULL as struct smb_request *smbreq,
so this code path can never be taken.

Comment out check_name_with_privilege() as it's now
no longer used.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14911

Signed-off-by: Jeremy Allison <jra@samba.org>