VERSION: Disable GIT_SNAPSHOT for the 4.20.0rc2 release.

Signed-off-by: Jule Anger <janger@samba.org>

WHATSNEW: Add release notes for Samba 4.20.0rc2.

Signed-off-by: Jule Anger <janger@samba.org>

WHATSNEW: Explain new AD DC Claims, authentication policies and Silos

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15566

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(v4-20-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-20-test): Mon Feb 12 11:55:51 UTC 2024 on atb-devel-224

WHATSNEW: Add some information about new conditional aces feature

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15566

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

WHATSNEW: note "acl_claims evaluation" smb.conf option

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15566

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

ndr: ignore trailing bytes in ndr_pull_security_ace()

This returns the behaviour with ordinary ACEs to where it was with 4.19.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
(cherry picked from commit 0c1f421c107be3156b3f1db75aced24a1bca3d2f)

ndr: ndr_push_security_ace: calculate coda size once

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
(cherry picked from commit a72c198921f64f2502f543c7158762c64cb3074e)

ndr: avoid object ACE push overhead for non-object ACE

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
(cherry picked from commit ecb5da3e49283ca3a03dea81d22db4a081e192e4)

ndr: avoid object ACE pull overhead for non-object ACE

When an ACE is not an object ACE, which is common, setting the switch
value and attempting the object ACE GUID pull is just going to do
nothing, and we know that ahead of time. By noticing that we can save
a bit of time on a common operation.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
(cherry picked from commit fce4d51eb492a6fc807c6849cd4bd65ca7714509)

ndr: do not push ACE->coda.ignored blob

From 1e80221b2340de5ef5e2a17f10511bbc2c041163 (2008) until
c73034cf7c4392f5d3505319948bc84634c20fa5 (conditional ACEs, etc, 2023)
we had a manual ndr_pull_security_ace() that would discard trailing
bytes, which are those bytes that we now call the coda. The ACE types
that we handled then are those that end up with a coda.ignored data
blob.

With this we effectively restore the long-standing behaviour in the
event that we push and pull an ACE -- though now we discard the
ignored bytes on push rather than pull.

This change is not because the trailing bytes caused any problems (as
far as is known), but because it is much faster to not do the push.

It may be that such ACEs no longer occur.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
(cherry picked from commit 2a60ec98409b161cfeb4b51414ba61feb26c01b9)

ndr: mark invalid pull ndr_flags as unlikely

This might have little effect, but sometimes we see primatives like
ndr_pull_uint32() taking a few percent of the CPU time, and this is in
all those functions.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
(cherry picked from commit 4face258dee93dcd01dce71fcb7448b285ff4860)

ndr: skip talloc when pulling empty DATA_BLOB

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
(cherry picked from commit c2673b02a7a51761e8b6631eb0c0e7062cbbed7b)

ndr: ACE push avoids no-op coda pushes

We don't expect an ordinary ACE to have a non-empty coda, and we don't
really want to push it if it does, but for this patch we still will.

This will not change the data on the wire.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
(cherry picked from commit ee1b8ae04b10306c059174a5b4b637b080fe23fd)

ndr: make security_ace push manual

This will allow some optimisations; in this commit we just copy the
code.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
(cherry picked from commit dc08e7924c2e359afeb4b86f306868cad00189a0)

ndr: short-circuit ace coda if no bytes left

The overwhelmingly common case is that there are no bytes left, and
regardless of the ACE type we want to store an empty blob.

We know the blob will be empty if there are no bytes, so we don't need
to allocate a sub-ndr and tokens list and so forth.

This can save almost half the time of a security descriptor pull.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
(cherry picked from commit ac0c8ee01ea624e9c486251da2132710c2a43ddc)

ndr: shift ndr_pull_security_ace to manual code

This was manual until commit c73034cf7c4392f5d3505319948bc84634c20fa5
(a few months ago).

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
(cherry picked from commit 1e6a876c2cc4b3b54895dde879492e756bb9b963)

pidl: calculate subcontext_size only once per pull

For security_ace_coda in security.idl, the sub-context size is
involves a slightly non-trivial function call which returns a constant
value.

In all other cases, a constant expression is used, and this makes
no difference.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
(cherry picked from commit 9811762775b28e16035afb2c319b55c4bf3699d3)

perftest: ndr_pack runs in none environment

This is worth changing, because having a server running in the
background can only add noise to the results.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
(cherry picked from commit 5fa663766548eac2cc5932ae03d03b79ad1751b5)

perftest:ndr_pack: spin in do_nothing for a while

The idea was to get a less jittery idea of the underlying noise, but
ut is still almost instant. This I suppose is useful in indicating
that this much of the test has very little overhead.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
(cherry picked from commit 93e6ea4cff2cb6bd084db27139addeea06945ea5)

perftest:ndr_pack: use a valid dummy SID

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
(cherry picked from commit 2f68545087f25e5d4c7a7742d99527c7ebbd02ab)

perftest:ndr_pack_performance: remove irrelevant imports, options

This includes removing the ANCIENT_SAMBA switch for pre-4.3, as
nobody cares anymore and many tests would not run correctly anyway.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
(cherry picked from commit ceb5389260c4469a8f03ee884325ca981c18a36a)

perftest:ndr_pack: slightly reduce python overhead

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
(cherry picked from commit d25fe2447b553087f6285c80907ca5d0debcd827)

perftest: ndr_pack_performance gets more SD types

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
(cherry picked from commit e802611743a9b899c18d6eeaa0a46323b676c296)

perftest:ndr_pack: rename SD tests with object ACEs

We are looking at an optimisation for non-object ACEs, which
are more common, but these tests are overwhelmed by object
(OA) ACEs.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
(cherry picked from commit d5371f6bcd2fe991d08fcf2006ce62e6a7449ae9)

docs-xml: Build and install man page for wspsearch

Commit 49b6137f7c2244aeb3cf9b65fc9d46fcf0b8dc55 switched the default
to install `wspsearch` client from False to True but missed to build
and install the corresponding man page. Therefore adding wspsearch.1
to the list of man pages to be built and installed by default.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15565

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Tue Jan 30 14:38:58 UTC 2024 on atb-devel-224

(cherry picked from commit a48f8ae30775bb2dc07768c3df88968800f51470)

Autobuild-User(v4-20-test): Jule Anger <janger@samba.org>
Autobuild-Date(v4-20-test): Mon Feb  5 14:05:01 UTC 2024 on atb-devel-224

python:gp: Fix logging with gp

This allows enable INFO level logging with: `samba-gpupdate -d3`

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15558

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
(cherry picked from commit 145194071b10c4c1857f28fe79c57fd63ffab889)

VERSION: Bump version up to Samba 4.20.0rc2...

and re-enable GIT_SNAPSHOT.

Signed-off-by: Jule Anger <janger@samba.org>

VERSION: Disable GIT_SNAPSHOT for the Samba 4.20.0rc1 release.

Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

WHATSNEW: Up to Samba 4.20.0rc1.

Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

ldb: release 2.9.0 for use in Samba 4.20.x

- documentation fixes
- build with Python 3.12 (bug #15513)
- a lot of additional error checking in
  the python bindings
- minor code fixes

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15513

Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

tevent: release 0.16.1

- build with Python 3.12 (bug #15513)
- documentation fixes

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15513

Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

tdb: release 1.4.10

- build with Python 3.12 (bug #15513)
- documentation fixes
- minor build fixes

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15513

Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

talloc: release 2.4.2

- build with Python 3.12 (bug #15513)
- documentation fixes

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15513

Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

python:gp: Improve working of log messages to avoid confusion

We should not use the word "Failed". We are totally fine if we can't
connect to NDES in the meantime. This logs:

Try to get root or server certificates.
Unable to install root certificates (requires NDES).
Installing the server certificate only.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15559

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jan 29 10:37:29 UTC 2024 on atb-devel-224

python:gp: Log an error if update fails

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15559

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>

python:gp: Do not print an error if template already exists

We will get an exit status for duplicate in future:
https://www.pagure.io/certmonger/issue/269
We can't really fix that right now, as older version of certmonger
don't support the `-v` option.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15559

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>

python:gp: Do not print an error, if CA already exists

We will get an exit status for duplicate in future:
https://www.pagure.io/certmonger/issue/269
We can't really fix that right now, as older version of certmonger
don't support the `-v` option.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15559

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>

python:gp: Improve logging for certificate enrollment

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15559

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>

python:gp: Avoid path check for cepces-submit

find_cepces_submit() uses which(), which returns None if not found.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15559

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>

vfs_ceph: Use ceph_fdopendir() when available for SMB_VFS_FDOPENDIR

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Sat Jan 27 00:01:12 UTC 2024 on atb-devel-224

smb2_tcon: add "smb3 share cap:{CONTINUOUS AVAILABILITY,SCALE OUT,CLUSTER,ASYMMETRIC}" options

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jan 26 18:04:10 UTC 2024 on atb-devel-224

python:tests/rpcd_witness_samba_only: add tests for 'net witness force-response'

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

s3:utils: add 'net witness force-response'

This allows generating any possible AsyncNotify response
for the specified selection of witness registrations
from rpcd_witness_registration.tdb.

This can be used by developers to test the (windows)
client behavior to specific AsyncNotify responses.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

python:tests/rpcd_witness_samba_only: add tests for 'net witness force-unregister'

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

s3:utils: add 'net witness force-unregister'

This allows removing of the specified selection
of witness registrations from rpcd_witness_registration.tdb.

Any pending AsyncNotify will get WERR_NOT_FOUND.

Typically this triggers a clean re-registration on the client.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

python:tests/rpcd_witness_samba_only: add tests for 'net witness {client,share}-move'

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

s3:utils: add 'net witness client-move' and 'net witness share-move'

These can be used to generate CLIENT_MOVE or SHARE_MOVE message
to the specified selection of witness registrations from
rpcd_witness_registration.tdb

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

s3:rpc_server/witness: add handling of MSG_RPCD_WITNESS_REGISTRATION_UPDATE messages

This implements the server side features for the
'net witness [client-move,...]' commands in the end.

These are administrator driven notifications for the witness client.

RPCD_WITNESS_REGISTRATION_UPDATE_FORCE_RESPONSE and
RPCD_WITNESS_REGISTRATION_UPDATE_FORCE_UNREGISTER will be very useful
for later automated testing.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

s3:rpcd_witness.idl: add rpcd_witness_registration_updateB message definitions

This will be used for rpcd_witness_registration_updateB messages
in 'net witness [client-move,...]' commands later.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

messaging.idl: add MSG_RPCD_WITNESS_REGISTRATION_UPDATE

This will be used for rpcd_witness_registration_updateB messages
in 'net witness [client-move,...]' commands later.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

python:tests/rpcd_witness_samba_only: add tests for 'net witness list'

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

s3:utils: add 'net witness list' command

It lists the entries from the rpcd_witness_registration.tdb.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

s3:rpc_server/witness: let Register[Ex] store rpcd_witness_registration.tdb records

This will allow 'net witness list' to be implemented in the end.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

s3:rpcd_witness.idl: introduce definitions for rpcd_witness_registration.tdb records

A rpcd_witness_registration.tdb will be added shortly in order to
implement useful 'net witness [list,client-move,...]' commands
in the end.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

python/blackbox: add rpcd_witness_samba_only.py test

This tests the witness service and its interaction with
ctdb.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

python/tests: add TestCase.get_loadparm(s3=True) support

This will be used for tests with registry shares,
as the top level loadparm system doesn't support them.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

script/autobuild.py: also pass PYTHONPATH to make test of 'samba-ctdb'

Otherwise tests won't find the custom tdb python bindings

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

selftest/Samba: export CTDB_PREFIX in clusteredmember testenv

It means ctdb/tests/local_daemons.sh will be easily useable

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

selftest/Samba3: start samba_dcerpcd in clusteredmember

This enables the rpcd_witness to be available.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

selftest/Samba3: remove unused variable in setup_clusteredmember

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

selftest/Samba3: get NETBIOSNAME correct for clusteredmember

It was missed in commit
7598b9069d3b983f8eb3b89b8459ec993ee43c80

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

s3:rpc_server/witness: add implementation based on CTDB_SRVID_IPREALLOCATED and ctdbd_all_ip_foreach()

The design is relatively simple in the end:

- We use ctdbd_all_ip_foreach() in order to build an
  in memory list of interfaces(ip addresses) and
  record if:
  - they are currently available or not
  - if they node local or not

- The current list is would we use for the
  GetInterfaceList() call.

- Register[Ex] will create an in memory structure
  holding a queue for pending AsyncNotify requests.

- Unregister() will cancel pending AsyncNotify requests and
  let them return NOT_FOUND.

- CTDB_SRVID_IPREALLOCATED messages will cause we refresh
  with ctdbd_all_ip_foreach():
  - this will detect changes in the interface state
    and remove stale interfaces.
  - for each change the list of registrations is checked
    for a matching ip address and a RESOURCE_CHANGE
    will be scheduled in the queue of the registration,
    the started queue will trigger AsyncNotify responses

- We also register the connections with ctdb in order
  to give other nodes a chance to generate tickle-acks
  for the witness tcp connections.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

s3:rpc_server: add basic rpcd_witness template

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

s3:ctdbd_conn: add ctdbd_all_ip_foreach() helper

This can we used to traverse through all ip addresses ctdb knows
about.

The caller can select node ips and/or public ips.

This will we useful to monitor the addresses from a witness
service...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

s3:ctdbd_conn: split out ctdbd_control_get_nodemap()

This will simplify future changes...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

s3:ctdbd_conn: pass vnn to ctdbd_control_get_public_ips()

In future we also want to ask other nodes for their public_ips.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

witness.idl: make witness_interfaceList public to that ndr_print works in python

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

smbstatus: let --json include session.{creation,expiration,auth}_time

This is very useful in order to predict NETWORK_SESSION_EXPIRED
messages...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

vfs_ceph: Implement SMB_VFS_FSTATAT

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Fri Jan 26 16:56:59 UTC 2024 on atb-devel-224

source3/wscript: Announce deprecation of old Ceph version support

*at() variants for various libcephfs APIs were added with Ceph v17.x.
Any other version less than v17.x is soon to be considered EOL[1] which
we will now indicate with the help of a warning message during configure
time. Going further such a situation will result in disabling the module
altogether with the next major Samba version after v4.20.

[1] https://docs.ceph.com/en/latest/releases/#ceph-releases-index

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

vfs_ceph: Indicate a successful connection in logs

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

vfs_ceph: Fix a usage in comments

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

WHATSNEW: Add entry for new save/restore options for smbcacls

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Fri Jan 26 11:30:07 UTC 2024 on atb-devel-224

WHATSNEW: Add entry for wspsearch client utility

Signed-off-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3: Make build of wspsearch client enabled by default

Although wspsearch client is experimental it is probably better to
enable its building by default so it gets has some opportunity to be
used/tested by users.

Signed-off-by: Noel Power <noel.power@suse.com>

Revert "vfs_acl_xattr.c: prefer capabilities over become_root"

This reverts commit 0e3836e3961f2b7c39173ce1023d3c92addef630.

With capabilities preferred over become_root() we failed to achieve
the basic goal of storing NT ACLs in xattrs using vfs_acl_xattr. This
is due to the fact that apart from CAP_DAC_OVERRIDE it is manadatory
to have CAP_SYS_ADMIN for write access to xattrs from security
namespace[1]. Despite the option to configure the xattr name within
the module we should not anticipate and miss to consider xattrs from
security namespace which is far more protected even with our default
name "security.NTACL".

Theorotically we could make it work by adding another capability on
top of existing ones. But given the functions designed around this
area we may not be able to come up with a cleaner change which can
handle the fallback mechanism to become_root(). Any failure to set
the very first capability would put us in become_root() path where
further capabilities are mostly not required. Thus reverting to old
behaviour to always become_root() until we have a cleaner approach
to handle the fallback while modifying multiple capabilities at once.

[1] https://www.man7.org/linux/man-pages/man7/xattr.7.html

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

smbd: Some README.Coding in smbd_do_qfilepathinfo()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jan 24 00:35:33 UTC 2024 on atb-devel-224

samr_server: Modernize a DBG statement

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

samr_server: Avoid a DEBUGADD()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

lib: Simplify grant_privilege_bitmap()

ZERO_STRUCT on a uint64_t doesn't really make sense...

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

lib: Modernize (and fix) a DBG statement

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: Fix whitespace and a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

lib: Avoid 70k of r/w memory

This adds more .text than it strips .data, but .text is shared between
all processes, .data is copied.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

lib: Simplify hresult.c

Functions don't need a ; at the end.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s3:passdb: Fix memory leak caused by recursion of get_global_sam_sid()

Direct leak of 68 byte(s) in 1 object(s) allocated from:
    #0 0x7f4f39cdc03f in malloc (/lib64/libasan.so.8+0xdc03f) (BuildId: 3e1694ad218c99a8b1b69231666a27df63cf19d0)
    #1 0x7f4f36fbe427 in malloc_ ../../source3/lib/util_malloc.c:38
    #2 0x7f4f394b5e19 in pdb_generate_sam_sid ../../source3/passdb/machine_sid.c:90
    #3 0x7f4f394b5e19 in get_global_sam_sid ../../source3/passdb/machine_sid.c:211
    #4 0x7f4f394af366 in secrets_store_domain_sid ../../source3/passdb/machine_account_secrets.c:143
    #5 0x7f4f394b5eb5 in pdb_generate_sam_sid ../../source3/passdb/machine_sid.c:110
    #6 0x7f4f394b5eb5 in get_global_sam_sid ../../source3/passdb/machine_sid.c:211
    #7 0x7f4f394af366 in secrets_store_domain_sid ../../source3/passdb/machine_account_secrets.c:143
    #8 0x557a1f11d62c in net_setlocalsid ../../source3/utils/net.c:416
    #9 0x557a1f1c9972 in net_run_function ../../source3/utils/net_util.c:464
    #10 0x557a1f121129 in main ../../source3/utils/net.c:1372
    #11 0x7f4f34c281af in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jan 23 14:30:58 UTC 2024 on atb-devel-224

s3:libads: Fix memory leaks in ads_create_machine_acct()

Indirect leak of 291 byte(s) in 2 object(s) allocated from:
    #0 0x7fd77b6dc03f in malloc (/lib64/libasan.so.8+0xdc03f) (BuildId: 3e1694ad218c99a8b1b69231666a27df63cf19d0)
    #1 0x7fd77b094bc2 in __talloc_with_prefix ../../lib/talloc/talloc.c:783
    #2 0x7fd77b096034 in __talloc ../../lib/talloc/talloc.c:825
    #3 0x7fd77b096034 in __talloc_strlendup ../../lib/talloc/talloc.c:2454
    #4 0x7fd77b096034 in talloc_strdup ../../lib/talloc/talloc.c:2470
    #5 0x7fd779996633 in add_string_to_array ../../lib/util/util_strlist.c:504
    #6 0x7fd77b10c754 in ads_create_machine_acct ../../source3/libads/ldap.c:2662
    #7 0x7fd77b46705f in libnet_join_precreate_machine_acct ../../source3/libnet/libnet_join.c:390
    #8 0x7fd77b46705f in libnet_DomainJoin ../../source3/libnet/libnet_join.c:2852
    #9 0x7fd77b46705f in libnet_Join ../../source3/libnet/libnet_join.c:3036
    #10 0x55fb9788d91a in net_ads_join ../../source3/utils/net_ads.c:1853
    #11 0x55fb9793ab86 in net_join ../../source3/utils/net_join.c:45
    #12 0x55fb9793084f in net_run_function ../../source3/utils/net_util.c:454
    #13 0x55fb97889859 in main ../../source3/utils/net.c:1372
    #14 0x7fd7768281af in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

s3:passdb: Do not leak memory in pdb_tdb

==19938==ERROR: LeakSanitizer: detected memory leaks

Direct leak of 77 byte(s) in 1 object(s) allocated from:
    #0 0x7f7d482841f8 in strdup (/lib64/libasan.so.8+0x841f8) (BuildId: 3e1694ad218c99a8b1b69231666a27df63cf19d0)
    #1 0x7f7d47204846  (bin/shared/libsamba-util.so.0+0x4c846) (BuildId: 43b084eb9013442ac68eb1fc17649f142cbb0f94)
    #2 0x7f7d40b1d97a in pdb_init_tdbsam ../../source3/passdb/pdb_tdb.c:1361
    #3 0x7f7d4715f266  (bin/shared/libsamba-passdb.so.0+0x76266) (BuildId: 13d2858e2217592a22a4ee9203fef759d52df733)
    #4 0x7f7d4715f57a  (bin/shared/libsamba-passdb.so.0+0x7657a) (BuildId: 13d2858e2217592a22a4ee9203fef759d52df733)
    #5 0x7f7d47163700  (bin/shared/libsamba-passdb.so.0+0x7a700) (BuildId: 13d2858e2217592a22a4ee9203fef759d52df733)
    #6 0x55a9177d3853 in main ../../source3/smbd/server.c:1928
    #7 0x7f7d434281af in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

gp: Skip site GP list if no site is found

[MS-GPOL] 3.2.5.1.4 Site Search says if the site
search returns ERROR_NO_SITENAME, the GP site
search should be skipped.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15548

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Jan 23 11:20:35 UTC 2024 on atb-devel-224

gpo: Do not get templates list on first run

This is a visual fix and has no impact on functionality apart from
cleaner log messages.

The point of this is to get the list of supported templates in order to
compute a diff between the current applied templates and the updated
list, so we are able to unapply and reapply the policy in case there are
differences.

However this code path is executed on first applies as well, at which
point the root CA is not yet set up. This causes the
`get_supported_templates` call to fail, which is not a hard failure but
still pollutes the logs. In this case it's safe to avoid executing the
command as the policy will be applied regardless.

Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jan 22 16:48:57 UTC 2024 on atb-devel-224

gpo: Decode base64 root cert before importing

The reasoning behind this is described in the previous commit message,
but essentially this should either be wrapped in certificate blocks and
imported as PEM, or converted back to binary and imported as DER.

I've opted for the latter since it's how it used to work before it
regressed in 157335ee93e.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15557

Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

gpo: Test certificate policy without NDES

As of 8231eaf856b, the NDES feature is no longer required on Windows, as
cert auto-enroll can use the certificate from the LDAP request.

However, 157335ee93e changed the implementation to convert the LDAP
certificate to base64 due to it failing to cleanly convert to a string.

Because of insufficient test coverage I missed handling the part where
NDES is disabled or not reachable and the LDAP certificate was imported.
The call to load_der_x509_certificate now fails with an error because it
expects binary data, yet it receives a base64 encoded string.

This adds a test to confirm the issue.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15557

Signed-off-by: Gabriel Nagy <gabriel.nagy@canonical.com>
Reviewed-by: David Mulder <dmulder@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

smbd: use dirfsp and atname in open_directory()

On systems without /proc/fd support this avoid the expensive chdir()
logic in non_widelink_open(). open_file_ntcreate() already passes
dirfsp and atname to reopen_from_fsp(), it was just missed in the
conversion.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15549

Reviewed-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Jan 22 12:00:56 UTC 2024 on atb-devel-224

smbd: use safe_symlink_target_path() in symlink_target_below_conn()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15549

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

smbd: add a directory argument to safe_symlink_target_path()

Existing caller passes NULL, no change in behaviour. Prepares for
replacing symlink_target_below_conn() in open.c.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15549

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

smbd: pass symlink target path to safe_symlink_target_path()

Moves creating the symlink target path via symlink_target_path() to the
caller. This prepares for using this in non_widelink_open(), where it will
replace symlink_target_below_conn() with the same functionality.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15549

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

CI: disable /proc/fds and RESOLVE_NO_SYMLINK in samba-no-opath-build runner

This is a more sensible combination of missing Linux specific features:

- O_PATH
- openat2() with RESOLVE_NO_SYMLINKS
- somehow safely reopen an O_PATH file handle

Currently only O_PATH is disabled for these jobs, but that doesn't really match
and know OS.

The following list shows which features are available and used by Samba on a few
OSes:

        | O_PATH         | RESOLVE_NO_SYMLINKS | Safe reopen    | CI covered
--------|----------------|---------------------|----------------------------
        | Supported Used | Supported Used      | Supported Used |
============================================================================
Linux   | +         +    | +         +         | +         +    | +
FreeBSD | +         +    | + [1]     -         | + [2]     -    | -
AIX     | -         -    | -         -         | -         -    | +

So by also disabling RESOLVE_NO_SYMLINKS and Safe Reopen, we cover classic UNIX
systems like AIX.

[1] via open() flag O_RESOLVE_BENEATH
[2] via open() flag O_EMPTY_PATH

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15549

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

vfs_default: allow disabling /proc/fds and RESOLVE_NO_SYMLINK at compile time

This will be used in CI to have a gitlab runner without all modern Linux
features we make use of as part of path processing:

- O_PATH
- openat2() with RESOLVE_NO_SYMLINKS
- somehow safely reopen an O_PATH file handle

That gives what a classix UNIX like AIX or Solaris offers feature wise.

Other OSes support other combinations of those features, but we leave the
exersize of possibly adding more runners supporting those combinations to the
reader.

The following list shows which features are available and used by Samba on a few
OSes:

        | O_PATH         | RESOLVE_NO_SYMLINKS | Safe reopen    | CI covered
--------|----------------|---------------------|----------------------------
        | Supported Used | Supported Used      | Supported Used |
============================================================================
Linux   | +         +    | +         +         | +         +    | +
FreeBSD | +         +    | + [1]     -         | + [2]     -    | -
AIX     | -         -    | -         -         | -         -    | +

[1] via open() flag O_RESOLVE_BENEATH
[2] via open() flag O_EMPTY_PATH

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15549

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

autobuild: Run ad_member_idmap_nss tests as part of samba-admem

Those are currently running as part of the normal 'samba' target. It
makes more sense to run them togehter with the other ad_member tests.

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Pair-Programmed-With: Andreas Schneider <asn@samba.org>

Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Mon Jan 22 08:17:32 UTC 2024 on atb-devel-224

source3/lib: Properly log the change in capability

We used to log the following message for both adding and dropping
capability:

DBG_INFO("added capability %d\n", capability);

For better clarity indicate the change as "added" or "dropped"
based on available functional arguments.

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Christof Schmitt <cs@samba.org>
Autobuild-User(master): Anoop C S <anoopcs@samba.org>
Autobuild-Date(master): Sat Jan 20 18:43:10 UTC 2024 on atb-devel-224

winbindd: fix listing trusted domains with NT trusts

Commit e07f8901ec95aab8c36965000de185d99e642644 broke handling of NT4 domains
which lack a DNS domain names. As the dns_name is NULL, talloc_steal(dns_name)
returns NULL, which causes _wbint_ListTrustedDomains to return
NT_STATUS_NO_MEMORY.

To make things worse, at that point the new struct netr_DomainTrust is not yet
initialized correctly and the "out->count = n + 1" already increased the array
counter at the start of the loop without initializing it.

Later when NDR-pushing the result in dcesrv_call_dispatch_local(), the ndr_push() can
crash when accesssing the ununitialized values:

2023-12-08T14:07:42.759691+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: ===============================================================
2023-12-08T14:07:42.759702+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: INTERNAL ERROR: Signal 11: Segmentation fault in winbindd (wb[ADDOMAIN]) (domain child [ADDOMAIN]) pid 157227 (4.20.0pre1-DEVELOPERBUILD)
2023-12-08T14:07:42.759712+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: If you are running a recent Samba version, and if you think this problem is not yet fixed in the latest versions, please consider reporting this bug, see https://wiki.samba.org/index.php/Bug_Reporting
2023-12-08T14:07:42.759723+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: ===============================================================
2023-12-08T14:07:42.759730+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: PANIC (pid 157227): Signal 11: Segmentation fault in 4.20.0pre1-DEVELOPERBUILD
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: BACKTRACE: 36 stack frames:
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #0 bin/shared/private/libgenrand-samba4.so(log_stack_trace+0x1f) [0x7f1396acd441]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #1 bin/shared/private/libgenrand-samba4.so(smb_panic_log+0x20f) [0x7f1396acd3d5]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #2 bin/shared/private/libgenrand-samba4.so(smb_panic+0x18) [0x7f1396acd3f0]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #3 bin/shared/private/libgenrand-samba4.so(+0x2eb5) [0x7f1396acceb5]
92023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #4 bin/shared/private/libgenrand-samba4.so(+0x2eca) [0x7f1396acceca]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #5 /lib64/libc.so.6(+0x3dbb0) [0x7f139687abb0]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #6 bin/shared/private/libsamba-security-samba4.so(ndr_push_dom_sid2+0x2a) [0x7f13977e5437]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #7 bin/shared/libndr-standard.so.0(ndr_push_netr_DomainTrust+0x4ad) [0x7f1396deb64c]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #8 bin/shared/libndr-standard.so.0(ndr_push_netr_DomainTrustList+0x204) [0x7f1396dec7a9]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #9 bin/shared/private/libndr-samba4.so(+0x239bf9) [0x7f1397639bf9]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #10 winbindd: domain child [ADDOMAIN](winbind__op_ndr_push+0x5a) [0x55741e6857a8]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #11 bin/shared/libdcerpc-server-core.so.0(dcesrv_call_dispatch_local+0x49b) [0x7f1397be6219]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #12 winbindd: domain child [ADDOMAIN](winbindd_dual_ndrcmd+0x375) [0x55741e67a204]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #13 winbindd: domain child [ADDOMAIN](+0x9cf0d) [0x55741e674f0d]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #14 winbindd: domain child [ADDOMAIN](+0x9f792) [0x55741e677792]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #15 bin/shared/private/libtevent-samba4.so(tevent_common_invoke_fd_handler+0x121) [0x7f139802f816]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #16 bin/shared/private/libtevent-samba4.so(+0x19cef) [0x7f139803bcef]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #17 bin/shared/private/libtevent-samba4.so(+0x1a3dc) [0x7f139803c3dc]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #18 bin/shared/private/libtevent-samba4.so(+0x15b52) [0x7f1398037b52]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #19 bin/shared/private/libtevent-samba4.so(_tevent_loop_once+0x113) [0x7f139802e1db]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #20 winbindd: domain child [ADDOMAIN](+0xa03ca) [0x55741e6783ca]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #21 winbindd: domain child [ADDOMAIN](+0x9ba9c) [0x55741e673a9c]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #22 bin/shared/private/libtevent-samba4.so(_tevent_req_notify_callback+0xba) [0x7f139803194a]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #23 bin/shared/private/libtevent-samba4.so(+0xfadb) [0x7f1398031adb]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #24 bin/shared/private/libtevent-samba4.so(_tevent_req_done+0x25) [0x7f1398031b07]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #25 bin/shared/private/libtevent-samba4.so(+0xf125) [0x7f1398031125]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #26 bin/shared/private/libtevent-samba4.so(+0xe9cf) [0x7f13980309cf]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #27 bin/shared/private/libtevent-samba4.so(tevent_common_invoke_immediate_handler+0x207) [0x7f1398030343]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #28 bin/shared/private/libtevent-samba4.so(tevent_common_loop_immediate+0x37) [0x7f13980304b5]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #29 bin/shared/private/libtevent-samba4.so(+0x1a332) [0x7f139803c332]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #30 bin/shared/private/libtevent-samba4.so(+0x15b52) [0x7f1398037b52]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #31 bin/shared/private/libtevent-samba4.so(_tevent_loop_once+0x113) [0x7f139802e1db]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #32 winbindd: domain child [ADDOMAIN](main+0x1689) [0x55741e6b210a]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #33 /lib64/libc.so.6(+0x27b8a) [0x7f1396864b8a]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #34 /lib64/libc.so.6(__libc_start_main+0x8b) [0x7f1396864c4b]
2023-12-08T14:07:42.760443+00:00 localadmember.addom.samba.example.com log.winbindd[157227]:  #35 winbindd: domain child [ADDOMAIN](_start+0x25) [0x55741e63a045]
2023-12-08T14:07:42.760685+00:00 localadmember.addom.samba.example.com log.winbindd[157227]: smb_panic(): calling panic action [cd /data/git/samba/scratch3 && /data/git/samba/scratch3/selftest/gdb_backtrace 157227 ./bin/winbindd]

Deferring assignment of r->out.domains->array and r->out.domains->count to the
end of the function ensures we don't return inconsistent state in case of an
error.

Also, r->out.domains is already set by the NDR layer, no need to create and
assign a struct netr_DomainTrustList object.

Using talloc_move() ensures we don't leave dangling pointers. Better to crash
reliably on accessing NULL, then accessing some unknown memory via a wild
pointer. As talloc_move() can't fail, there's no need to check the return value.

And using a struct initializer ensures all members are properly initialized.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15533

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Sat Jan 20 14:23:51 UTC 2024 on atb-devel-224