[SCM] Samba Shared Repository - branch master updated

Andreas Schneider asn at samba.org
Tue Jun 4 23:32:03 UTC 2019


The branch, master has been updated
       via  843fbb1207e ctdb-scripts: Fix tcp_tw_recycle existence check
       via  b9b3acf23e3 ctdb:takeover: add better debugging when a client connects to a non public address
       via  3ce9069a65c ctdb:protocol_util: remove 'const' from allocated strings
       via  dbf3e81f7f0 docs: Improve documentation of "lanman auth" and "ntlm auth" connection
       via  046de055215 s3:modules: Put debug msg into the if clause checking the strings exists
       via  dc82866dd76 nsswitch: cppcheck: Fix ctunullpointer error
       via  a0ccec6291a lib/util/tests: clang fix Value stored to 'lines' is never read warning
       via  71e7b5d14e6 ctdb/server: cppcheck: fix shiftTooManyBitsSigned error
       via  edbef9e0403 s3/winbdind: cppcheck: fix nullPointerArithmetic error
       via  52cf237b1d4 s3/modules: cppcheck: Fix ctunullpointer error
       via  4d095bd052c lib/pthreadpool: cppcheck: Fix Memory leak
       via  e2ee3f89431 s3/rpcclient: cppcheck: Fix shiftTooManyBitsSigned error
       via  a497fa9bc3f s4/torture/unix: cppcheck: Fix shiftTooManyBitsSigned error
       via  43500e4134c s4/torture/smb2: cppcheck: Fix shiftTooManyBitsSigned error
       via  c8cdc016b4c s4/torture/smb2: cppcheck: Fix shiftTooManyBitsSigned error
       via  90a82a41cfd s4/torture/raw: cppcheck: Fix shiftTooManyBitsSigned error
       via  bb00a7e0188 s4/torture/raw: cppcheck: Fix shiftTooManyBitsSigned error
       via  f3f79a267ee nsswitch: cppcheck: Fix memleakOnRealloc errors
       via  9c7113a418c s4/smdb: cppcheck: fix nullPointer: Possible null pointer dereference warning.
       via  8c49cf70fc5 s4/smb_server/smb: cppcheck: Fix uninitvar & uninitStructMember errors
       via  bcc6b8c2492 s4/rpc_server/dnsserver: clang: fix Value stored to 'status' is never read
       via  2bed937e7fb s4/rpc_server/dnsserver: cppcheck: Fix Uninitialized variable error.
       via  05d0806e71b s4/ntvfs/cifs: cppcheck: squash nullPointer: Possible null pointer dereference
       via  0b6e37c9e80 s3:rpc_server:netlogon: simplify AUTH_TYPE_SCHANNEL check in netr_creds_server_step_check()
       via  fa5215ce5b9 s3:rpc_server:netlogon: don't require NEG_AUTHENTICATED_RPC in netr_ServerAuthenticate*()
       via  ead9b93ce5c s4:rpc_server:netlogon: don't require NEG_AUTHENTICATED_RPC in netr_ServerAuthenticate*()
      from  eb2e29c354c s3-smbcontrol: Replace && with || to declare variables in do_sleep()

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 843fbb1207ee7ac84f3282974b66b9290d8da0ac
Author: Rafael David Tinoco via samba-technical <samba-technical at lists.samba.org>
Date:   Sun Jun 2 23:44:15 2019 -0300

    ctdb-scripts: Fix tcp_tw_recycle existence check
    
    net.ipv4.tcp_tw_recycle has been removed from Linux 4.12 but, still,
    makes sense to check its existence. Unfortunately, current check does
    not test for the procfs file existence. This commit fixes the issue.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13984
    
    Signed-off-by: Rafael David Tinoco <rafaeldtinoco at ubuntu.com>
    Reviewed-by: Martin Schwenke <martin at meltin.net>
    Reviewed-by: Amitay Isaacs <amitay at gmail.com>
    
    Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
    Autobuild-Date(master): Tue Jun  4 23:31:24 UTC 2019 on sn-devel-184

commit b9b3acf23e3306ba5cfd1fd254250eef97793921
Author: Stefan Metzmacher <metze at samba.org>
Date:   Tue Apr 2 10:24:02 2019 +0200

    ctdb:takeover: add better debugging when a client connects to a non public address
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Martin Schwenke <martin at meltin.net>

commit 3ce9069a65c5e943c6eda38711f527a9a42c7b6b
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon May 27 12:31:51 2019 +0200

    ctdb:protocol_util: remove 'const' from allocated strings
    
    The caller should be able to call TALLOC_FREE() on the returned
    strings.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Martin Schwenke <martin at meltin.net>

commit dbf3e81f7f0b28c69dca004b32ea3a7344b0cad3
Author: Andrew Bartlett <abartlet at samba.org>
Date:   Sat Jun 1 09:04:48 2019 +1200

    docs: Improve documentation of "lanman auth" and "ntlm auth" connection
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13981
    
    Signed-off-by: Andrew Bartlett <abartlet at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 046de055215615697619452f9735cfad01fdbb03
Author: Andreas Schneider <asn at samba.org>
Date:   Mon Jun 3 11:00:01 2019 +0200

    s3:modules: Put debug msg into the if clause checking the strings exists
    
    error: '%s' directive argument is null [-Werror=format-overflow=]
    
    Signed-off-by: Andreas Schneider <asn at samba.org>
    Reviewed-by: Amitay Isaacs <amitay at gmail.com>

commit dc82866dd76c043f73a93cde061af730cc010695
Author: Noel Power <noel.power at suse.com>
Date:   Thu May 23 13:56:39 2019 +0000

    nsswitch: cppcheck: Fix ctunullpointer error
    
    Fixes
    
    nsswitch/pam_winbind.c:1379: error: ctunullpointer: Null pointer dereference: info <--[cppcheck]
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit a0ccec6291a219ded9b1a86ddaa18a61456699da
Author: Noel Power <noel.power at suse.com>
Date:   Thu May 23 13:52:50 2019 +0000

    lib/util/tests: clang fix Value stored to 'lines' is never read warning
    
    Fixes
    
    lib/util/tests/file.c:153:2: warning: Value stored to 'lines' is never read <--[clang]
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 71e7b5d14e65ced795a3d1a63891e94e284f2eb6
Author: Noel Power <noel.power at suse.com>
Date:   Thu May 23 13:15:58 2019 +0000

    ctdb/server: cppcheck: fix shiftTooManyBitsSigned error
    
    Fixes
    
    ctdb/server/ipalloc_lcp2.c:61: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit edbef9e0403482a66243d3aa8752804fa1666e43
Author: Noel Power <noel.power at suse.com>
Date:   Wed May 22 14:17:48 2019 +0000

    s3/winbdind: cppcheck: fix nullPointerArithmetic error
    
    Fixes
    
    source3/winbindd/winbindd_cache.c:4386: error: nullPointerArithmetic: Pointer addition with NULL pointer. <--[cppcheck]
    source3/winbindd/winbindd_cache.c:4400: error: nullPointerArithmetic: Pointer addition with NULL pointer. <--[cppcheck]
    source3/winbindd/winbindd_cache.c:1569:24: warning: Dereference of null pointer <--[clang]
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 52cf237b1d4a2f1d6f5541f3cdbcced95ff6f5ff
Author: Noel Power <noel.power at suse.com>
Date:   Wed May 22 14:07:44 2019 +0000

    s3/modules: cppcheck: Fix ctunullpointer error
    
    Fixes
    
    source3/modules/vfs_syncops.c:117: error: ctunullpointer: Null pointer dereference: smb_fname <--[cppcheck]
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 4d095bd052cbe55c05835275eec8d9f2cee7f02e
Author: Noel Power <noel.power at suse.com>
Date:   Wed May 22 13:16:19 2019 +0000

    lib/pthreadpool: cppcheck: Fix Memory leak
    
    Fixes
    
    lib/pthreadpool/tests.c:63: error: memleak: Memory leak: finished <--[cppcheck]
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit e2ee3f8943140df2e52c9778fe43feb544cda977
Author: Noel Power <noel.power at suse.com>
Date:   Wed May 22 13:15:19 2019 +0000

    s3/rpcclient: cppcheck: Fix shiftTooManyBitsSigned error
    
    Fixes
    
    source3/rpcclient/cmd_srvsvc.c:44: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit a497fa9bc3fd66230270fa6cfd1c5cfd535451e6
Author: Noel Power <noel.power at suse.com>
Date:   Wed May 22 13:10:47 2019 +0000

    s4/torture/unix: cppcheck: Fix shiftTooManyBitsSigned error
    
    Fixes
    
    source4/torture/unix/unix_info2.c:300: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 43500e4134cfa875d7ba71c2150760c97dded2c8
Author: Noel Power <noel.power at suse.com>
Date:   Wed May 22 13:07:28 2019 +0000

    s4/torture/smb2: cppcheck: Fix shiftTooManyBitsSigned error
    
    Fixes
    
    source4/torture/smb2/notify.c:974: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
    source4/torture/smb2/notify.c:994: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
    source4/torture/smb2/notify.c:1002: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
    source4/torture/smb2/notify.c:1011: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
    source4/torture/smb2/notify.c:1025: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
    source4/torture/smb2/notify.c:1040: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
    source4/torture/smb2/notify.c:1048: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
    source4/torture/smb2/notify.c:1062: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
    source4/torture/smb2/notify.c:1081: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
    source4/torture/smb2/notify.c:1096: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
    source4/torture/smb2/notify.c:1112: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
    source4/torture/smb2/notify.c:1125: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit c8cdc016b4c53109454f25ee675d083b556cc134
Author: Noel Power <noel.power at suse.com>
Date:   Wed May 22 12:03:36 2019 +0000

    s4/torture/smb2: cppcheck: Fix shiftTooManyBitsSigned error
    
    Fixes
    
    source4/torture/smb2/create.c:197: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
    source4/torture/smb2/create.c:234: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
    source4/torture/smb2/create.c:265: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 90a82a41cfd6981397aa5c4e4b462bf14e57cd66
Author: Noel Power <noel.power at suse.com>
Date:   Wed May 22 11:29:33 2019 +0000

    s4/torture/raw: cppcheck: Fix shiftTooManyBitsSigned error
    
    Fix
    
    source4/torture/raw/open.c:1009: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
    source4/torture/raw/open.c:1048: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit bb00a7e018800c6d70d9d0937183961c7af970b9
Author: Noel Power <noel.power at suse.com>
Date:   Wed May 22 11:24:43 2019 +0000

    s4/torture/raw: cppcheck: Fix shiftTooManyBitsSigned error
    
    Fix
    
    source4/torture/raw/notify.c:831: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
    source4/torture/raw/notify.c:838: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
    source4/torture/raw/notify.c:849: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
    source4/torture/raw/notify.c:861: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
    source4/torture/raw/notify.c:869: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
    source4/torture/raw/notify.c:882: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
    source4/torture/raw/notify.c:892: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
    source4/torture/raw/notify.c:903: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
    source4/torture/raw/notify.c:914: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
    source4/torture/raw/notify.c:929: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
    source4/torture/raw/notify.c:941: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
    source4/torture/raw/notify.c:951: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
    source4/torture/raw/notify.c:961: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
    source4/torture/raw/notify.c:972: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
    source4/torture/raw/notify.c:982: error: shiftTooManyBitsSigned: Shifting signed 32-bit value by 31 bits is undefined behaviour <--[cppcheck]
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit f3f79a267ee656f22df01e8a7bb9d4db64e78781
Author: Noel Power <noel.power at suse.com>
Date:   Wed May 22 11:09:41 2019 +0000

    nsswitch: cppcheck: Fix memleakOnRealloc errors
    
    Fixes the following errors
    
    nsswitch/nsstest.c:192: error: memleakOnRealloc: Common realloc mistake: 'buf' nulled but not freed upon failure <--[cppcheck]
    nsswitch/nsstest.c:230: error: memleakOnRealloc: Common realloc mistake: 'buf' nulled but not freed upon failure <--[cppcheck]
    nsswitch/nsstest.c:269: error: memleakOnRealloc: Common realloc mistake: 'buf' nulled but not freed upon failure <--[cppcheck]
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 9c7113a418ce169b486f86238643e2d03112410b
Author: Noel Power <noel.power at suse.com>
Date:   Wed May 22 10:57:53 2019 +0000

    s4/smdb: cppcheck: fix nullPointer: Possible null pointer dereference warning.
    
    Insert unreachable return to satisfy the following warnings
    
    source4/smbd/server.c:692: warning: nullPointer: Possible null pointer dereference: state <--[cppcheck]
    source4/smbd/server.c:694: warning: nullPointer: Possible null pointer dereference: state <--[cppcheck]
    source4/smbd/server.c:699: warning: nullPointer: Possible null pointer dereference: state <--[cppcheck]
    source4/smbd/server.c:758: warning: nullPointer: Possible null pointer dereference: state <--[cppcheck]
    source4/smbd/server.c:789: warning: nullPointer: Possible null pointer dereference: state <--[cppcheck]
    source4/smbd/server.c:849: warning: nullPointer: Possible null pointer dereference: state <--[cppcheck]
    source4/smbd/server.c:866: warning: nullPointer: Possible null pointer dereference: state <--[cppcheck]
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 8c49cf70fc519059b8606bc6432c69b2d5ec06ab
Author: Noel Power <noel.power at suse.com>
Date:   Wed May 22 10:32:15 2019 +0000

    s4/smb_server/smb: cppcheck: Fix uninitvar & uninitStructMember errors
    
    Fixes the following errors (note: existing code is safe the way it is
    currently all accesses to the structure are 'after' it is assigned)
    
    source4/smb_server/smb/negprot.c:447: error: uninitvar: Uninitialized variable: blob <--[cppcheck]
    source4/smb_server/smb/negprot.c:453: error: uninitStructMember: Uninitialized struct member: blob.data <--[cppcheck]
    source4/smb_server/smb/negprot.c:447: error: uninitStructMember: Uninitialized struct member: blob.length <--[cppcheck]
    source4/smb_server/smb/negprot.c:453: error: uninitStructMember: Uninitialized struct member: blob.length <--[cppcheck]
    source4/smb_server/smb/negprot.c:454: error: uninitStructMember: Uninitialized struct member: blob.length <--[cppcheck]
    source4/smb_server/smb/negprot.c:455: error: uninitStructMember: Uninitialized struct member: blob.length <--[cppcheck]
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit bcc6b8c2492b87fb4ac6bdb5075a5831d71bade8
Author: Noel Power <noel.power at suse.com>
Date:   Wed May 22 09:47:27 2019 +0000

    s4/rpc_server/dnsserver: clang: fix Value stored to 'status' is never read
    
    Fix the following warnings
    
    source4/rpc_server/dnsserver/dcerpc_dnsserver.c:1021: error: uninitvar: Uninitialized variable: answer_integer <--[cppcheck]
    source4/rpc_server/dnsserver/dcerpc_dnsserver.c:1723:4: warning: Value stored to 'status' is never read <--[clang]
                            status = dns_fill_records_array(tmp_ctx, NULL, DNS_TYPE_A,
                            ^        ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    source4/rpc_server/dnsserver/dcerpc_dnsserver.c:1881:4: warning: Value stored to 'status' is never read <--[clang]
                            status = dns_fill_records_array(tmp_ctx, NULL, DNS_TYPE_A,
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 2bed937e7fbb551bebfed3c76d7bf4317f72b425
Author: Noel Power <noel.power at suse.com>
Date:   Wed May 22 09:37:40 2019 +0000

    s4/rpc_server/dnsserver: cppcheck: Fix Uninitialized variable error.
    
    source4/rpc_server/dnsserver/dcerpc_dnsserver.c:715: error: uninitvar: Uninitialized variable: answer_integer <--[cppcheck]
    
    This error is benign and somewhat false because the code pointed to does
    not run (due to a different check) if answer_integer is not actually
    initialsed. It is easy to squash it though by just initialising the var.
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 05d0806e71b6c3c31e4457c239bd2a5886187bf4
Author: Noel Power <noel.power at suse.com>
Date:   Wed May 22 09:29:18 2019 +0000

    s4/ntvfs/cifs: cppcheck: squash nullPointer: Possible null pointer dereference
    
    Fix the following cppcheck warnings
    
    /home/samba/samba-pidl/source4/ntvfs/cifs/vfs_cifs.c:604: warning: nullPointer: Possible null pointer dereference: file <--[cppcheck]
    /home/samba/samba-pidl/source4/ntvfs/cifs/vfs_cifs.c:605: warning: nullPointer: Possible null pointer dereference: file <--[cppcheck]
    /home/samba/samba-pidl/source4/ntvfs/cifs/vfs_cifs.c:648: warning: nullPointer: Possible null pointer dereference: file <--[cppcheck]
    /home/samba/samba-pidl/source4/ntvfs/cifs/vfs_cifs.c:649: warning: nullPointer: Possible null pointer dereference: file <--[cppcheck]
    
    Signed-off-by: Noel Power <noel.power at suse.com>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 0b6e37c9e801435e094194dd60d9213b4868c3de
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon May 27 13:12:14 2019 +0200

    s3:rpc_server:netlogon: simplify AUTH_TYPE_SCHANNEL check in netr_creds_server_step_check()
    
    The gensec schannel module already asserts that at least
    AUTH_LEVEL_INTEGRITY is used.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13949
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit fa5215ce5b93fb032df341e718d7011e619f0916
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon May 27 12:38:43 2019 +0200

    s3:rpc_server:netlogon: don't require NEG_AUTHENTICATED_RPC in netr_ServerAuthenticate*()
    
    The domain join with VMWare Horizon Quickprep seems to use
    netr_ServerAuthenticate3() with just the NEG_STRONG_KEYS
    (and in addition the NEG_SUPPORTS_AES) just to verify a password.
    
    Note: NETLOGON_NEG_SCHANNEL is an alias to NEG_AUTHENTICATED_RPC.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13464 (maybe)
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13949
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit ead9b93ce5c2c67bbdb778232805d6d9e70112fc
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon May 27 12:38:43 2019 +0200

    s4:rpc_server:netlogon: don't require NEG_AUTHENTICATED_RPC in netr_ServerAuthenticate*()
    
    The domain join with VMWare Horizon Quickprep seems to use
    netr_ServerAuthenticate3() with just the NEG_STRONG_KEYS
    (and in addition the NEG_SUPPORTS_AES) just to verify a password.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13464 (maybe)
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=13949
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 ctdb/config/nfs-linux-kernel-callout            |  4 +-
 ctdb/protocol/protocol_util.c                   | 13 ++---
 ctdb/protocol/protocol_util.h                   | 10 ++--
 ctdb/server/ctdb_takeover.c                     | 58 +++++++++++++-------
 ctdb/server/ipalloc_lcp2.c                      |  2 +-
 docs-xml/smbdotconf/security/lanmanauth.xml     | 14 ++---
 docs-xml/smbdotconf/security/ntlmauth.xml       |  9 ++--
 lib/pthreadpool/tests.c                         |  6 +++
 lib/util/tests/file.c                           |  2 +-
 nsswitch/nsstest.c                              |  6 +++
 nsswitch/pam_winbind.c                          | 10 ++--
 source3/modules/vfs_ceph_snapshots.c            |  3 +-
 source3/modules/vfs_syncops.c                   | 12 +++--
 source3/rpc_server/netlogon/srv_netlog_nt.c     | 52 ++----------------
 source3/rpcclient/cmd_srvsvc.c                  |  2 +-
 source3/winbindd/winbindd_cache.c               |  6 ++-
 source4/ntvfs/cifs/vfs_cifs.c                   |  9 ++++
 source4/rpc_server/dnsserver/dcerpc_dnsserver.c | 11 +++-
 source4/rpc_server/netlogon/dcerpc_netlogon.c   | 15 ------
 source4/smb_server/smb/negprot.c                |  2 +-
 source4/smbd/server.c                           | 71 ++++++++++++++++++++++++-
 source4/torture/raw/notify.c                    |  4 +-
 source4/torture/raw/open.c                      |  5 +-
 source4/torture/smb2/create.c                   |  6 +--
 source4/torture/smb2/notify.c                   |  4 +-
 source4/torture/unix/unix_info2.c               |  2 +-
 26 files changed, 205 insertions(+), 133 deletions(-)


Changeset truncated at 500 lines:

diff --git a/ctdb/config/nfs-linux-kernel-callout b/ctdb/config/nfs-linux-kernel-callout
index def69a04649..71d8ecf8074 100755
--- a/ctdb/config/nfs-linux-kernel-callout
+++ b/ctdb/config/nfs-linux-kernel-callout
@@ -281,8 +281,8 @@ nfs_startup ()
     basic_stop "nfs" || true
     basic_start "nfs"
     _f="${PROCFS_PATH}/sys/net/ipv4/tcp_tw_recycle"
-    if [ "$_f" ] ; then
-	echo 1 >"$_f"
+    if [ -f "$_f" ] ; then
+	    echo 1 >"$_f"
     fi
 }
 
diff --git a/ctdb/protocol/protocol_util.c b/ctdb/protocol/protocol_util.c
index d120213b70a..f43afbc58d0 100644
--- a/ctdb/protocol/protocol_util.c
+++ b/ctdb/protocol/protocol_util.c
@@ -155,8 +155,9 @@ int ctdb_sock_addr_to_buf(char *buf, socklen_t buflen,
 	return 0;
 }
 
-const char *ctdb_sock_addr_to_string(TALLOC_CTX *mem_ctx,
-				     ctdb_sock_addr *addr, bool with_port)
+char *ctdb_sock_addr_to_string(TALLOC_CTX *mem_ctx,
+			       ctdb_sock_addr *addr,
+			       bool with_port)
 {
 	size_t len = 64;
 	char *cip;
@@ -493,9 +494,9 @@ int ctdb_connection_to_buf(char *buf, size_t buflen,
 	return 0;
 }
 
-const char *ctdb_connection_to_string(TALLOC_CTX *mem_ctx,
-				      struct ctdb_connection *conn,
-				      bool client_first)
+char *ctdb_connection_to_string(TALLOC_CTX *mem_ctx,
+				struct ctdb_connection *conn,
+				bool client_first)
 {
 	const size_t len = 128;
 	char *out;
@@ -612,7 +613,7 @@ int ctdb_connection_list_sort(struct ctdb_connection_list *conn_list)
 	return 0;
 }
 
-const char *ctdb_connection_list_to_string(
+char *ctdb_connection_list_to_string(
 	TALLOC_CTX *mem_ctx,
 	struct ctdb_connection_list *conn_list, bool client_first)
 {
diff --git a/ctdb/protocol/protocol_util.h b/ctdb/protocol/protocol_util.h
index a51cbcdda98..b01db8e9934 100644
--- a/ctdb/protocol/protocol_util.h
+++ b/ctdb/protocol/protocol_util.h
@@ -37,7 +37,7 @@ enum ctdb_event ctdb_event_from_string(const char *event_str);
  */
 int ctdb_sock_addr_to_buf(char *buf, socklen_t buflen,
 			  ctdb_sock_addr *addr, bool with_port);
-const char *ctdb_sock_addr_to_string(TALLOC_CTX *mem_ctx,
+char *ctdb_sock_addr_to_string(TALLOC_CTX *mem_ctx,
 				     ctdb_sock_addr *addr, bool with_port);
 int ctdb_sock_addr_from_string(const char *str,
 			       ctdb_sock_addr *addr, bool with_port);
@@ -57,16 +57,16 @@ bool ctdb_sock_addr_same(const ctdb_sock_addr *addr1,
 
 int ctdb_connection_to_buf(char *buf, size_t buflen,
 			   struct ctdb_connection * conn, bool client_first);
-const char *ctdb_connection_to_string(TALLOC_CTX *mem_ctx,
-				      struct ctdb_connection * conn,
-				      bool client_first);
+char *ctdb_connection_to_string(TALLOC_CTX *mem_ctx,
+				struct ctdb_connection * conn,
+				bool client_first);
 int ctdb_connection_from_string(const char *str, bool client_first,
 				struct ctdb_connection *conn);
 
 int ctdb_connection_list_add(struct ctdb_connection_list *conn_list,
 			     struct ctdb_connection *conn);
 int ctdb_connection_list_sort(struct ctdb_connection_list *conn_list);
-const char *ctdb_connection_list_to_string(
+char *ctdb_connection_list_to_string(
 	TALLOC_CTX *mem_ctx,
 	struct ctdb_connection_list *conn_list, bool client_first);
 int ctdb_connection_list_read(TALLOC_CTX *mem_ctx,
diff --git a/ctdb/server/ctdb_takeover.c b/ctdb/server/ctdb_takeover.c
index 424d0d6ff4a..d8dc1c34af5 100644
--- a/ctdb/server/ctdb_takeover.c
+++ b/ctdb/server/ctdb_takeover.c
@@ -1243,7 +1243,8 @@ int32_t ctdb_control_tcp_client(struct ctdb_context *ctdb, uint32_t client_id,
 	TDB_DATA data;
 	struct ctdb_client_ip *ip;
 	struct ctdb_vnn *vnn;
-	ctdb_sock_addr addr;
+	ctdb_sock_addr src_addr;
+	ctdb_sock_addr dst_addr;
 
 	/* If we don't have public IPs, tickles are useless */
 	if (ctdb->vnn == NULL) {
@@ -1252,36 +1253,54 @@ int32_t ctdb_control_tcp_client(struct ctdb_context *ctdb, uint32_t client_id,
 
 	tcp_sock = (struct ctdb_connection *)indata.dptr;
 
-	addr = tcp_sock->src;
-	ctdb_canonicalize_ip(&addr,  &tcp_sock->src);
-	addr = tcp_sock->dst;
-	ctdb_canonicalize_ip(&addr, &tcp_sock->dst);
+	src_addr = tcp_sock->src;
+	ctdb_canonicalize_ip(&src_addr,  &tcp_sock->src);
+	ZERO_STRUCT(src_addr);
+	memcpy(&src_addr, &tcp_sock->src, sizeof(src_addr));
+
+	dst_addr = tcp_sock->dst;
+	ctdb_canonicalize_ip(&dst_addr, &tcp_sock->dst);
+	ZERO_STRUCT(dst_addr);
+	memcpy(&dst_addr, &tcp_sock->dst, sizeof(dst_addr));
 
-	ZERO_STRUCT(addr);
-	memcpy(&addr, &tcp_sock->dst, sizeof(addr));
-	vnn = find_public_ip_vnn(ctdb, &addr);
+	vnn = find_public_ip_vnn(ctdb, &dst_addr);
 	if (vnn == NULL) {
-		switch (addr.sa.sa_family) {
+		char *src_addr_str = NULL;
+		char *dst_addr_str = NULL;
+
+		switch (dst_addr.sa.sa_family) {
 		case AF_INET:
-			if (ntohl(addr.ip.sin_addr.s_addr) != INADDR_LOOPBACK) {
-				DEBUG(DEBUG_ERR,("Could not add client IP %s. This is not a public address.\n", 
-					ctdb_addr_to_str(&addr)));
+			if (ntohl(dst_addr.ip.sin_addr.s_addr) == INADDR_LOOPBACK) {
+				/* ignore ... */
+				return 0;
 			}
 			break;
 		case AF_INET6:
-			DEBUG(DEBUG_ERR,("Could not add client IP %s. This is not a public ipv6 address.\n", 
-				ctdb_addr_to_str(&addr)));
 			break;
 		default:
-			DEBUG(DEBUG_ERR,(__location__ " Unknown family type %d\n", addr.sa.sa_family));
+			DEBUG(DEBUG_ERR,(__location__ " Unknown family type %d\n",
+			      dst_addr.sa.sa_family));
+			return 0;
 		}
 
+		src_addr_str = ctdb_sock_addr_to_string(client, &src_addr, false);
+		dst_addr_str = ctdb_sock_addr_to_string(client, &dst_addr, false);
+		DEBUG(DEBUG_ERR,(
+		      "Could not register TCP connection from "
+		      "%s to %s (not a public address) (port %u) "
+		      "(client_id %u pid %u).\n",
+		      src_addr_str,
+		      dst_addr_str,
+		      ctdb_sock_addr_port(&dst_addr),
+		      client_id, client->pid));
+		TALLOC_FREE(src_addr_str);
+		TALLOC_FREE(dst_addr_str);
 		return 0;
 	}
 
 	if (vnn->pnn != ctdb->pnn) {
 		DEBUG(DEBUG_ERR,("Attempt to register tcp client for IP %s we don't hold - failing (client_id %u pid %u)\n",
-			ctdb_addr_to_str(&addr),
+			ctdb_addr_to_str(&dst_addr),
 			client_id, client->pid));
 		/* failing this call will tell smbd to die */
 		return -1;
@@ -1291,7 +1310,7 @@ int32_t ctdb_control_tcp_client(struct ctdb_context *ctdb, uint32_t client_id,
 	CTDB_NO_MEMORY(ctdb, ip);
 
 	ip->ctdb      = ctdb;
-	ip->addr      = addr;
+	ip->addr      = dst_addr;
 	ip->client_id = client_id;
 	talloc_set_destructor(ip, ctdb_client_ip_destructor);
 	DLIST_ADD(ctdb->client_ip_list, ip);
@@ -1310,7 +1329,7 @@ int32_t ctdb_control_tcp_client(struct ctdb_context *ctdb, uint32_t client_id,
 	data.dptr = (uint8_t *)&t;
 	data.dsize = sizeof(t);
 
-	switch (addr.sa.sa_family) {
+	switch (dst_addr.sa.sa_family) {
 	case AF_INET:
 		DEBUG(DEBUG_INFO,("registered tcp client for %u->%s:%u (client_id %u pid %u)\n",
 			(unsigned)ntohs(tcp_sock->dst.ip.sin_port),
@@ -1324,7 +1343,8 @@ int32_t ctdb_control_tcp_client(struct ctdb_context *ctdb, uint32_t client_id,
 			(unsigned)ntohs(tcp_sock->src.ip6.sin6_port), client_id, client->pid));
 		break;
 	default:
-		DEBUG(DEBUG_ERR,(__location__ " Unknown family %d\n", addr.sa.sa_family));
+		DEBUG(DEBUG_ERR,(__location__ " Unknown family %d\n",
+		      dst_addr.sa.sa_family));
 	}
 
 
diff --git a/ctdb/server/ipalloc_lcp2.c b/ctdb/server/ipalloc_lcp2.c
index 565b58c9a0c..1146bb60f16 100644
--- a/ctdb/server/ipalloc_lcp2.c
+++ b/ctdb/server/ipalloc_lcp2.c
@@ -58,7 +58,7 @@ static uint32_t ip_distance(ctdb_sock_addr *ip1, ctdb_sock_addr *ip2)
 			/* Count number of leading zeroes.
 			 * FIXME? This could be optimised...
 			 */
-			while ((x & (1 << 31)) == 0) {
+			while ((x & ((uint32_t)1 << 31)) == 0) {
 				x <<= 1;
 				distance += 1;
 			}
diff --git a/docs-xml/smbdotconf/security/lanmanauth.xml b/docs-xml/smbdotconf/security/lanmanauth.xml
index a9e4f88b89f..97f2fb04dcb 100644
--- a/docs-xml/smbdotconf/security/lanmanauth.xml
+++ b/docs-xml/smbdotconf/security/lanmanauth.xml
@@ -24,16 +24,18 @@
     auth is re-enabled later on.
     </para>
 		
-    <para>Unlike the <command moreinfo="none">encrypt
-    passwords</command> option, this parameter cannot alter client
+    <para>Unlike the <parameter moreinfo="none">encrypt
+    passwords</parameter> option, this parameter cannot alter client
     behaviour, and the LANMAN response will still be sent over the
     network.  See the <command moreinfo="none">client lanman
     auth</command> to disable this for Samba's clients (such as smbclient)</para>
 
-    <para>If this option, and <command moreinfo="none">ntlm
-    auth</command> are both disabled, then only NTLMv2 logins will be
-    permited.  Not all clients support NTLMv2, and most will require
-    special configuration to use it.</para>
+    <para>This parameter is overriden by <parameter moreinfo="none">ntlm
+    auth</parameter>, so unless that it is also set to
+    <constant>ntlmv1-permitted</constant> or <constant>yes</constant>,
+    then only NTLMv2 logins will be permited and no LM hash will be
+    stored.  All modern clients support NTLMv2, and but some older
+    clients require special configuration to use it.</para>
 </description>
 
 <value type="default">no</value>
diff --git a/docs-xml/smbdotconf/security/ntlmauth.xml b/docs-xml/smbdotconf/security/ntlmauth.xml
index dceae44d81b..dd5dbaea117 100644
--- a/docs-xml/smbdotconf/security/ntlmauth.xml
+++ b/docs-xml/smbdotconf/security/ntlmauth.xml
@@ -19,11 +19,9 @@
     control NTLM authentiation for domain users, this must option must
     be configured on each DC.</para>
 
-    <para>By default with <command moreinfo="none">lanman
-    auth</command> set to <constant>no</constant> and
-    <command moreinfo="none">ntlm auth</command> set to
+    <para>By default with <command moreinfo="none">ntlm auth</command> set to
     <constant>ntlmv2-only</constant> only NTLMv2 logins will be
-    permited.  Most clients support NTLMv2 by default, but some older
+    permited.  All modern clients support NTLMv2 by default, but some older
     clients will require special configuration to use it.</para>
 
     <para>The primary user of NTLMv1 is MSCHAPv2 for VPNs and 802.1x.</para>
@@ -35,6 +33,9 @@
           <para><constant>ntlmv1-permitted</constant>
 	  (alias <constant>yes</constant>) - Allow NTLMv1 and above for all clients.</para>
 
+	  <para>This is the required setting for to enable the <parameter
+	  moreinfo="none">lanman auth</parameter> parameter.</para>
+
         </listitem>
 
         <listitem>
diff --git a/lib/pthreadpool/tests.c b/lib/pthreadpool/tests.c
index d57754603a2..08cb59ecf59 100644
--- a/lib/pthreadpool/tests.c
+++ b/lib/pthreadpool/tests.c
@@ -60,6 +60,7 @@ static int test_jobs(int num_threads, int num_jobs)
 	if (ret != 0) {
 		fprintf(stderr, "pthreadpool_pipe_init failed: %s\n",
 			strerror(ret));
+		free(finished);
 		return -1;
 	}
 
@@ -68,6 +69,7 @@ static int test_jobs(int num_threads, int num_jobs)
 		if (ret != 0) {
 			fprintf(stderr, "pthreadpool_pipe_add_job failed: "
 				"%s\n", strerror(ret));
+			free(finished);
 			return -1;
 		}
 	}
@@ -78,10 +80,12 @@ static int test_jobs(int num_threads, int num_jobs)
 		if (ret < 0) {
 			fprintf(stderr, "pthreadpool_pipe_finished_jobs "
 				"failed: %s\n", strerror(-ret));
+			free(finished);
 			return -1;
 		}
 		if ((ret != 1) || (jobid >= num_jobs)) {
 			fprintf(stderr, "invalid job number %d\n", jobid);
+			free(finished);
 			return -1;
 		}
 		finished[jobid] += 1;
@@ -91,6 +95,7 @@ static int test_jobs(int num_threads, int num_jobs)
 		if (finished[i] != 1) {
 			fprintf(stderr, "finished[%d] = %d\n",
 				i, finished[i]);
+			free(finished);
 			return -1;
 		}
 	}
@@ -99,6 +104,7 @@ static int test_jobs(int num_threads, int num_jobs)
 	if (ret != 0) {
 		fprintf(stderr, "pthreadpool_pipe_destroy failed: %s\n",
 			strerror(ret));
+		free(finished);
 		return -1;
 	}
 
diff --git a/lib/util/tests/file.c b/lib/util/tests/file.c
index ca0416e20e6..55c9d4cec9a 100644
--- a/lib/util/tests/file.c
+++ b/lib/util/tests/file.c
@@ -150,7 +150,7 @@ static bool test_file_lines_load(struct torture_context *tctx)
 				 strlen(TEST_DATA_EMPTY)),
 		       "saving file");
 
-	lines = file_lines_load(TEST_FILENAME, &numlines, 0, mem_ctx);
+	(void)file_lines_load(TEST_FILENAME, &numlines, 0, mem_ctx);
 
 	torture_assert_int_equal(tctx, numlines, 0, "Lines");
 
diff --git a/nsswitch/nsstest.c b/nsswitch/nsstest.c
index 6d92806cffc..e8c4306441d 100644
--- a/nsswitch/nsstest.c
+++ b/nsswitch/nsstest.c
@@ -188,9 +188,11 @@ static struct group *nss_getgrent(void)
 again:
 	status = _nss_getgrent_r(&grp, buf, buflen, &nss_errno);
 	if (status == NSS_STATUS_TRYAGAIN) {
+		char *oldbuf = buf;
 		buflen *= 2;
 		buf = (char *)realloc(buf, buflen);
 		if (!buf) {
+			SAFE_FREE(oldbuf);
 			return NULL;
 		}
 		goto again;
@@ -226,9 +228,11 @@ static struct group *nss_getgrnam(const char *name)
 again:
 	status = _nss_getgrnam_r(name, &grp, buf, buflen, &nss_errno);
 	if (status == NSS_STATUS_TRYAGAIN) {
+		char *oldbuf = buf;
 		buflen *= 2;
 		buf = (char *)realloc(buf, buflen);
 		if (!buf) {
+			SAFE_FREE(oldbuf);
 			return NULL;
 		}
 		goto again;
@@ -265,9 +269,11 @@ static struct group *nss_getgrgid(gid_t gid)
 again:
 	status = _nss_getgrgid_r(gid, &grp, buf, buflen, &nss_errno);
 	if (status == NSS_STATUS_TRYAGAIN) {
+		char *oldbuf = buf;
 		buflen *= 2;
 		buf = (char *)realloc(buf, buflen);
 		if (!buf) {
+			SAFE_FREE(oldbuf);
 			return NULL;
 		}
 		goto again;
diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c
index 0ba1955f007..7841377fdd6 100644
--- a/nsswitch/pam_winbind.c
+++ b/nsswitch/pam_winbind.c
@@ -1375,14 +1375,16 @@ static void _pam_set_data_string(struct pwb_context *ctx,
 static void _pam_set_data_info3(struct pwb_context *ctx,
 				const struct wbcAuthUserInfo *info)
 {
-	_pam_set_data_string(ctx, PAM_WINBIND_HOMEDIR,
+	if (info != NULL) {
+		_pam_set_data_string(ctx, PAM_WINBIND_HOMEDIR,
 			     info->home_directory);
-	_pam_set_data_string(ctx, PAM_WINBIND_LOGONSCRIPT,
+		_pam_set_data_string(ctx, PAM_WINBIND_LOGONSCRIPT,
 			     info->logon_script);
-	_pam_set_data_string(ctx, PAM_WINBIND_LOGONSERVER,
+		_pam_set_data_string(ctx, PAM_WINBIND_LOGONSERVER,
 			     info->logon_server);
-	_pam_set_data_string(ctx, PAM_WINBIND_PROFILEPATH,
+		_pam_set_data_string(ctx, PAM_WINBIND_PROFILEPATH,
 			     info->profile_path);
+	}
 }
 
 /**
diff --git a/source3/modules/vfs_ceph_snapshots.c b/source3/modules/vfs_ceph_snapshots.c
index 4183069a5c2..0012962ac97 100644
--- a/source3/modules/vfs_ceph_snapshots.c
+++ b/source3/modules/vfs_ceph_snapshots.c
@@ -500,9 +500,10 @@ static bool ceph_snap_gmt_strip_snapshot(struct vfs_handle_struct *handle,
 			memcpy(_stripped_buf + len_before_gmt, q, rest_len);
 		}
 		_stripped_buf[dst_len] = '\0';
+		DBG_DEBUG("GMT token in %s stripped to %s\n",
+			  name, _stripped_buf);
 	}
 	*_timestamp = timestamp;
-	DBG_DEBUG("GMT token in %s stripped to %s\n", name, _stripped_buf);
 	return 0;
 no_snapshot:
 	*_timestamp = 0;
diff --git a/source3/modules/vfs_syncops.c b/source3/modules/vfs_syncops.c
index f94588c60ed..0a51fdf6e7a 100644
--- a/source3/modules/vfs_syncops.c
+++ b/source3/modules/vfs_syncops.c
@@ -113,11 +113,13 @@ static void syncops_two_names(const char *name1, const char *name2)
  */
 static void syncops_smb_fname(const struct smb_filename *smb_fname)
 {
-	char *parent;
-	parent = parent_dir(NULL, smb_fname->base_name);
-	if (parent) {
-		syncops_sync_directory(parent);
-		talloc_free(parent);
+	char *parent = NULL;
+	if (smb_fname != NULL) {
+		parent = parent_dir(NULL, smb_fname->base_name);
+		if (parent != NULL) {
+			syncops_sync_directory(parent);
+			talloc_free(parent);
+		}
 	}
 }
 
diff --git a/source3/rpc_server/netlogon/srv_netlog_nt.c b/source3/rpc_server/netlogon/srv_netlog_nt.c
index a846a728f24..1bc5d62f979 100644
--- a/source3/rpc_server/netlogon/srv_netlog_nt.c
+++ b/source3/rpc_server/netlogon/srv_netlog_nt.c
@@ -926,7 +926,7 @@ NTSTATUS _netr_ServerAuthenticate3(struct pipes_struct *p,
 		srv_flgs |= NETLOGON_NEG_SUPPORTS_AES;
 	}
 
-	if (lp_server_schannel() != false) {
+	if (in_neg_flags & NETLOGON_NEG_SCHANNEL) {
 		srv_flgs |= NETLOGON_NEG_SCHANNEL;
 	}
 
@@ -967,17 +967,6 @@ NTSTATUS _netr_ServerAuthenticate3(struct pipes_struct *p,
 		goto out;
 	}
 
-	if ( (lp_server_schannel() == true) &&
-	     ((in_neg_flags & NETLOGON_NEG_SCHANNEL) == 0) ) {
-
-		/* schannel must be used, but client did not offer it. */
-		DEBUG(0,("%s: schannel required but client failed "
-			"to offer it. Client was %s\n",
-			fn, r->in.account_name));
-		status = NT_STATUS_ACCESS_DENIED;
-		goto out;
-	}
-
 	status = get_md4pw(&mach_pwd,
 			   r->in.account_name,
 			   r->in.secure_channel_type,
@@ -1071,36 +1060,6 @@ NTSTATUS _netr_ServerAuthenticate2(struct pipes_struct *p,
 	return _netr_ServerAuthenticate3(p, &a);
 }
 
-/*************************************************************************
- * If schannel is required for this call test that it actually is available.
- *************************************************************************/
-static NTSTATUS schannel_check_required(struct pipe_auth_data *auth_info,
-					const char *computer_name,
-					bool integrity, bool privacy)
-{
-	if (auth_info && auth_info->auth_type == DCERPC_AUTH_TYPE_SCHANNEL) {
-		if (!privacy && !integrity) {
-			return NT_STATUS_OK;
-		}
-
-		if ((!privacy && integrity) &&
-		    auth_info->auth_level == DCERPC_AUTH_LEVEL_INTEGRITY) {
-			return NT_STATUS_OK;
-		}
-
-		if ((privacy || integrity) &&
-		    auth_info->auth_level == DCERPC_AUTH_LEVEL_PRIVACY) {
-			return NT_STATUS_OK;
-		}
-	}
-
-	/* test didn't pass */
-	DEBUG(0, ("schannel_check_required: [%s] is not using schannel\n",
-		  computer_name));
-
-	return NT_STATUS_ACCESS_DENIED;
-}
-


-- 
Samba Shared Repository



More information about the samba-cvs mailing list