[SCM] Samba Shared Repository - branch master updated

2017-03-02 Thread Jeremy Allison
The branch, master has been updated
   via  a52c7f4 torture3: Add test for smbd crash
   via  cf9acf9 smbd: Do an early exit on negprot failure
  from  1e0c79d s3: smbd: Restart reading the incoming SMB2 fd when the 
send queue is drained.

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit a52c7f4d52df6853f925e680eadefcdfdc7bea85
Author: Volker Lendecke 
Date:   Tue Feb 28 16:17:03 2017 +0100

torture3: Add test for smbd crash

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12610

Signed-off-by: Volker Lendecke 
Reviewed-by: Ralph Böhme 
Reviewed-by: Jeremy Allison 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Fri Mar  3 06:20:50 CET 2017 on sn-devel-144

commit cf9acf9a3da932fca115967eb3d9d9ed48fcbbfc
Author: Volker Lendecke 
Date:   Tue Feb 28 15:03:45 2017 +

smbd: Do an early exit on negprot failure

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12610

Signed-off-by: Volker Lendecke 
Reviewed-by: Ralph Böhme 
Reviewed-by: Jeremy Allison 

---

Summary of changes:
 source3/smbd/negprot.c| 21 +
 source3/torture/torture.c | 76 +++
 2 files changed, 91 insertions(+), 6 deletions(-)


Changeset truncated at 500 lines:

diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index cdde334..838ff45 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -723,17 +723,26 @@ void reply_negprot(struct smb_request *req)
break;
}
 
-   if(choice != -1) {
-   fstrcpy(remote_proto,supported_protocols[protocol].short_name);
-   reload_services(sconn, conn_snum_used, true);
-   supported_protocols[protocol].proto_reply_fn(req, choice);
-   DEBUG(3,("Selected protocol 
%s\n",supported_protocols[protocol].proto_name));
-   } else {
+   if (choice == -1) {
+   bool ok;
+
DBG_NOTICE("No protocol supported !\n");
reply_outbuf(req, 1, 0);
SSVAL(req->outbuf, smb_vwv0, choice);
+
+   ok = srv_send_smb(xconn, (char *)req->outbuf,
+ false, 0, false, NULL);
+   if (!ok) {
+   DBG_NOTICE("srv_send_smb failed\n");
+   }
+   exit_server_cleanly("no protocol supported\n");
}
 
+   fstrcpy(remote_proto,supported_protocols[protocol].short_name);
+   reload_services(sconn, conn_snum_used, true);
+   supported_protocols[protocol].proto_reply_fn(req, choice);
+   DEBUG(3,("Selected protocol 
%s\n",supported_protocols[protocol].proto_name));
+
DEBUG( 5, ( "negprot index=%d\n", choice ) );
 
/* We always have xconn->smb1.signing_state also for >= SMB2_02 */
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index 3062122..2c10ae8 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -11163,6 +11163,81 @@ static bool run_local_canonicalize_path(int dummy)
return true;
 }
 
+static bool run_ign_bad_negprot(int dummy)
+{
+   struct tevent_context *ev;
+   struct tevent_req *req;
+   struct smbXcli_conn *conn;
+   struct sockaddr_storage ss;
+   NTSTATUS status;
+   int fd;
+   bool ok;
+
+   printf("starting ignore bad negprot\n");
+
+   ok = resolve_name(host, &ss, 0x20, true);
+   if (!ok) {
+   d_fprintf(stderr, "Could not resolve name %s\n", host);
+   return false;
+   }
+
+   status = open_socket_out(&ss, 445, 1, &fd);
+   if (!NT_STATUS_IS_OK(status)) {
+   d_fprintf(stderr, "open_socket_out failed: %s\n",
+ nt_errstr(status));
+   return false;
+   }
+
+   conn = smbXcli_conn_create(talloc_tos(), fd, host, SMB_SIGNING_OFF, 0,
+  NULL, 0);
+   if (conn == NULL) {
+   d_fprintf(stderr, "smbXcli_conn_create failed\n");
+   return false;
+   }
+
+   status = smbXcli_negprot(conn, 0, PROTOCOL_CORE, PROTOCOL_CORE);
+   if (NT_STATUS_IS_OK(status)) {
+   d_fprintf(stderr, "smbXcli_negprot succeeded!\n");
+   return false;
+   }
+
+   ev = samba_tevent_context_init(talloc_tos());
+   if (ev == NULL) {
+   d_fprintf(stderr, "samba_tevent_context_init failed\n");
+   return false;
+   }
+
+   req = smb1cli_session_setup_nt1_send(
+   ev, ev, conn, 0, getpid(), NULL, 65503, 2, 1, 0, "", "",
+   data_blob_null, data_blob_null, 0x40,
+   "Windows 2000 2195", "Windows 2000 5.0");
+   if (req == NULL) {
+   d_fprintf(stderr, "smb1cli_session_setup_nt1_send failed\n");

[SCM] Samba Shared Repository - branch master updated

2017-03-02 Thread Ralph Böhme
The branch, master has been updated
   via  1e0c79d s3: smbd: Restart reading the incoming SMB2 fd when the 
send queue is drained.
   via  07af777 selftest: remove "ea support" from vfs_fruit-related setups.
   via  cbab5c6 vfs_fruit: drop "ea support" from the manpage
   via  5ef7bd3 testparm: remove check for "ea support" in fruit shares
   via  4bfd27b smbd: remove coupling between get_ea_names_from_file() and 
"ea support"
   via  fb95985 smbd: get_ea_list_from_file_path() - remove a duplicate 
statement
   via  abd8450 smbd: refuse_symlink() - do not fail if the file does not 
exist
  from  f9aaddc s3:winbindd: fix endless forest trust scan

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit 1e0c79ddb34be9a2b9fa92d35387c443c4a381ae
Author: Jeremy Allison 
Date:   Thu Mar 2 09:13:23 2017 -0800

s3: smbd: Restart reading the incoming SMB2 fd when the send queue is 
drained.

When the send queue grows greater than xconn->smb2.credits.max/16,
smbd_smb2_request_next_incoming() doesn't allocate a new request in 
state->req.

After smbd_smb2_io_handler() is called, it marks the fd not readable as
state->req == NULL, and never marks it readable again.

Fix by calling smbd_smb2_request_next_incoming() to restart
reads inside smbd_smb2_flush_send_queue() which drains the
send queue.

Reported by 

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12608

Signed-off-by: Jeremy Allison 
Reviewed-by: Ralph Boehme 

Autobuild-User(master): Ralph Böhme 
Autobuild-Date(master): Fri Mar  3 02:23:20 CET 2017 on sn-devel-144

commit 07af7774f3bd3574be0632284a6ea220b5fb3c76
Author: Uri Simchoni 
Date:   Thu Mar 2 13:02:25 2017 +0200

selftest: remove "ea support" from vfs_fruit-related setups.

Signed-off-by: Uri Simchoni 
Reviewed-by: Ralph Boehme 

commit cbab5c64966cafbfdc6dfe539b3d1c7ba21a4aae
Author: Uri Simchoni 
Date:   Thu Mar 2 12:59:16 2017 +0200

vfs_fruit: drop "ea support" from the manpage

Now that ea support is not required, drop that
comment from the man page.

Signed-off-by: Uri Simchoni 
Reviewed-by: Ralph Boehme 

commit 5ef7bd3b5b078702a9ef8ad92768c2d11b3214f5
Author: Uri Simchoni 
Date:   Thu Mar 2 12:56:25 2017 +0200

testparm: remove check for "ea support" in fruit shares

Now that ea support is not required for vfs_fruit, drop the
check that it's enabled in shares using vfs_fruit.

Signed-off-by: Uri Simchoni 
Reviewed-by: Ralph Boehme 

commit 4bfd27b077f0932c82cfe702bd4ba6628f75a526
Author: Uri Simchoni 
Date:   Thu Mar 2 08:39:56 2017 +0200

smbd: remove coupling between get_ea_names_from_file() and "ea support"

The "ea support" configuration variable determines whether smbd
should attempt to manipulate extended attributes via SMB protocol.
It does not pertain to the underlying storage and its support for
extended attributes.

get_ea_names_from_file() is being used also by vfs_streams_xattr -
a module which has nothing to do with client-visible extended
attributes. As such, vfs_streams_xattr should be able to operate
irrespective of the value of "ea support".

This patch moves the check for ea support to the callers.

Signed-off-by: Uri Simchoni 
Reviewed-by: Ralph Boehme 

commit fb95985a0325c660dd964b4132e292b9230ee097
Author: Uri Simchoni 
Date:   Thu Mar 2 08:49:54 2017 +0200

smbd: get_ea_list_from_file_path() - remove a duplicate statement

Signed-off-by: Uri Simchoni 
Reviewed-by: Ralph Boehme 

commit abd845082e4d377231129339d713e1b62a88a8a7
Author: Uri Simchoni 
Date:   Thu Mar 2 08:46:44 2017 +0200

smbd: refuse_symlink() - do not fail if the file does not exist

If the file does not exist, it is not a symlink. Current callers
use this function to see if extended attributes can be set / fetched.
Allow them to try and leave the error code at the discretion of the
VFS.

Signed-off-by: Uri Simchoni 
Reviewed-by: Ralph Boehme 

---

Summary of changes:
 docs-xml/manpages/vfs_fruit.8.xml |  3 ---
 selftest/target/Samba3.pm |  5 -
 source3/smbd/nttrans.c| 30 ++
 source3/smbd/smb2_server.c| 14 +-
 source3/smbd/trans2.c | 14 --
 source3/utils/testparm.c  |  6 --
 6 files changed, 39 insertions(+), 33 deletions(-)


Changeset truncated at 500 lines:

diff --git a/docs-xml/manpages/vfs_fruit.8.xml 
b/docs-xml/manpages/vfs_fruit.8.xml
index d209a22..fbe30d3 100644
--- a/docs-xml/manpages/vfs_fruit.8.xml
+++ b/docs-xml/manpages/vfs_fruit.8.xml
@@ -45,8 +45,6 @@
vfs_streams_xattr which must be loaded
together with vfs_fruit.
 
-

[SCM] Samba Shared Repository - branch master updated

2017-03-02 Thread Ralph Böhme
The branch, master has been updated
   via  f9aaddc s3:winbindd: fix endless forest trust scan
  from  ed42d6e s3:librpc: Handle gss_min in gse_get_client_auth_token() 
correctly

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit f9aaddcdd8f9ea648c9c5ea804f56ee3ff6c4c67
Author: Stefan Metzmacher 
Date:   Thu Mar 2 08:13:57 2017 +0100

s3:winbindd: fix endless forest trust scan

Commit 0392ebcd1d48e9f472f2148b85316a77d9cc953b effectively
disabled the enumeration of trusts in other forests.

The fixes for https://bugzilla.samba.org/show_bug.cgi?id=11691
changed the way we fill domain->domain_flags for domains
in other forests.

Commit fffefe72fcc62d9688b45f53a5327667dc0b2fe6 readded the
ability to enumerate trusts of other forests again, in order to
fix https://bugzilla.samba.org/show_bug.cgi?id=11830

Now we have the problem that multiple domains
(even outside of our forest) are considert to be
our forest root, as they have the following flags:
NETR_TRUST_FLAG_TREEROOT and NETR_TRUST_FLAG_IN_FOREST.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12605

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Ralph Boehme 

Autobuild-User(master): Ralph Böhme 
Autobuild-Date(master): Thu Mar  2 17:53:14 CET 2017 on sn-devel-144

---

Summary of changes:
 source3/winbindd/winbindd_ads.c  |  8 
 source3/winbindd/winbindd_util.c | 22 ++
 2 files changed, 30 insertions(+)


Changeset truncated at 500 lines:

diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index 05ef2ec..cde9099 100644
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -1133,6 +1133,14 @@ static NTSTATUS trusted_domains(struct winbindd_domain 
*domain,
}
TALLOC_FREE(parent);
 
+   /*
+* We need to pass the modified properties
+* to the caller.
+*/
+   trust->trust_flags = d.domain_flags;
+   trust->trust_type = d.domain_type;
+   trust->trust_attributes = d.domain_trust_attribs;
+
wcache_tdc_add_domain( &d );
ret_count++;
}
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index ffcb09d..ab6862d 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -342,6 +342,20 @@ static void trustdom_list_done(struct tevent_req *req)
char *p;
struct winbindd_tdc_domain trust_params = {0};
ptrdiff_t extra_len;
+   bool within_forest = false;
+
+   /*
+* Only when we enumerate our primary domain
+* or our forest root domain, we should keep
+* the NETR_TRUST_FLAG_IN_FOREST flag, in
+* all other cases we need to clear it as the domain
+* is not part of our forest.
+*/
+   if (state->domain->primary) {
+   within_forest = true;
+   } else if (domain_is_forest_root(state->domain)) {
+   within_forest = true;
+   }
 
res = wb_domain_request_recv(req, state, &response, &err);
if ((res == -1) || (response->result != WINBINDD_OK)) {
@@ -427,6 +441,14 @@ static void trustdom_list_done(struct tevent_req *req)
 
trust_params.trust_attribs = (uint32_t)strtoul(q, NULL, 10);
 
+   if (!within_forest) {
+   trust_params.trust_flags &= ~NETR_TRUST_FLAG_IN_FOREST;
+   }
+
+   if (!state->domain->primary) {
+   trust_params.trust_flags &= ~NETR_TRUST_FLAG_PRIMARY;
+   }
+
/*
 * We always call add_trusted_domain() cause on an existing
 * domain structure, it will update the SID if necessary.


-- 
Samba Shared Repository



autobuild[sn-devel-144]: intermittent test failure detected

2017-03-02 Thread autobuild
The autobuild test system (on sn-devel-144) has detected an intermittent 
failing test in 
the current master tree.

The autobuild log of the failure is available here:

   http://git.samba.org/autobuild.flakey.sn-devel-144/2017-03-02-1507/flakey.log

The samba build logs are available here:

   
http://git.samba.org/autobuild.flakey.sn-devel-144/2017-03-02-1507/samba.stderr
   
http://git.samba.org/autobuild.flakey.sn-devel-144/2017-03-02-1507/samba.stdout
  
The top commit at the time of the failure was:

commit 70923b7521786d59b76e651d566bbd61fea024cc
Author: Douglas Bagnall 
Date:   Fri Feb 24 11:58:33 2017 +1300

ndr: Use resizing array instead of linked lists (breaking ABI)

The ndr token code keeps a temporary store of tokens which are
referred to a small number of times (often once) before being
discarded. The access patterns are somewhat stack-like, with recently
placed tokens being accessed most often.

The old code kept these tokens in a linked list, which we replace with
a self-resizing array.

This keeps everything roughly the same in big-O terms, but makes it
all faster in practice by vastly reducing the amount of tallocing and
pointer-chasing.

The peak memory use is strictly reduced. On a 64 bit machine each core
token struct fits in 16 bytes (after padding) while the two pointers
used by the DLIST add another 16 bytes, so the overall list allocation
is the same as the peak 2n array allocation -- except in the list case
it is dwarfed by the talloc and malloc metadata overhead.

Before settling on the resized arrays, we tried red-black trees, which
are bound to be better for large ndr structures. As it happens, we
don't deal with large structures (the size of replication clumps is
limited to 400 objects) and the asymptotic benefits of the trees are
not realised in practice.

With luck you should find graphs comparing the performance of these
various techniques at:

https://www.samba.org/~dbagnall/perf-tests/ndr-token/

This necessarily breaks the ABI because the linked list implementation
was publicly exposed.

Signed-off-by: Douglas Bagnall 
Reviewed-by: Andrew Bartlett 

Autobuild-User(master): Andrew Bartlett 
Autobuild-Date(master): Thu Mar  2 08:38:22 CET 2017 on sn-devel-144



[SCM] Samba Shared Repository - branch v4-6-test updated

2017-03-02 Thread Karolin Seeger
The branch, v4-6-test has been updated
   via  7a29fe4 s3:winbind: work around coverity false positive.
   via  d4ac505 ctdb: Fix posible NULL deref in logging_init()
   via  002bfb9 s3:librpc: Fix OM_uint32 comparsion in if-clause
   via  7dddc61 s3:librpc: Make sure kt_curser and kt_entry are initialized
   via  3e5207d pam_winbind: Return if we do not have a domain
   via  efeb8b3 s3:lib: Do not segfault if username is NULL
   via  17463ee s3:torture: Fix uint64_t comparsion in if-clause
   via  f34ff6a s4:torture: Make sure handles are initialized
   via  33fdd9f ndrdump: Fix a possible NULL pointer dereference
   via  c240402 s3-vfs: Do not deref a NULL pointer in 
shadow_copy2_snapshot_to_gmt()
   via  c563d22 s4-kcc: Do not dereference a NULL pointer
   via  2281afd s4-torture: Use the correct variable type in 
torture_smb2_maxfid()
  from  f50fa9f VERSION: Bump version up to 4.6.0rc5...

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-6-test


- Log -
commit 7a29fe42da4365e54cb46c6b82eb936c1412d6f4
Author: Jeremy Allison 
Date:   Thu Feb 23 09:41:03 2017 -0800

s3:winbind: work around coverity false positive.

Signed-off-by: Jeremy Allison 
Reviewed-by: Andreas Schneider 

Autobuild-User(master): Jeremy Allison 
Autobuild-Date(master): Thu Feb 23 23:54:48 CET 2017 on sn-devel-144

(cherry picked from commit 2e09407c5b992db0da5ca3a6d1f38341dc42d070)

Autobuild-User(v4-6-test): Karolin Seeger 
Autobuild-Date(v4-6-test): Thu Mar  2 13:06:40 CET 2017 on sn-devel-144

commit d4ac5058958cfdadfce9d298d201a0dcb66cd611
Author: Andreas Schneider 
Date:   Thu Feb 16 17:38:41 2017 +0100

ctdb: Fix posible NULL deref in logging_init()

Found by covscan.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592

Signed-off-by: Andreas Schneider 
Reviewed-by: Jeremy Allison 
(cherry picked from commit 08e03fa7f5fdc7f988fbbb26929e8c5727f36c2e)

commit 002bfb9ec4d0103c1e8d7e0e3c976d326983e8be
Author: Andreas Schneider 
Date:   Fri Feb 17 09:49:39 2017 +0100

s3:librpc: Fix OM_uint32 comparsion in if-clause

Found by covscan.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592

Signed-off-by: Andreas Schneider 
Reviewed-by: Jeremy Allison 
(cherry picked from commit 8ac43e0e6ef9236a5c6d2c27ebe24171582c1d49)

commit 7dddc614fab21bd54214cada5320f899a26bd960
Author: Andreas Schneider 
Date:   Thu Feb 16 17:42:53 2017 +0100

s3:librpc: Make sure kt_curser and kt_entry are initialized

Found by covscan.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592

Signed-off-by: Andreas Schneider 
Reviewed-by: Jeremy Allison 
(cherry picked from commit 2f83cfdb90d687673cfc4be14cd66425fb7f3e76)

commit 3e5207d9f1cb07e13fd6ade7f51e22d25bfe6c86
Author: Andreas Schneider 
Date:   Fri Feb 17 11:53:52 2017 +0100

pam_winbind: Return if we do not have a domain

Found by covscan.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592

Signed-off-by: Andreas Schneider 
Reviewed-by: Jeremy Allison 
(cherry picked from commit 1df1d873c849f68a91d067c7049dda12c22e98c5)

commit efeb8b3a272c1b5190283682a0e74e426b7ccefd
Author: Andreas Schneider 
Date:   Fri Feb 17 10:08:17 2017 +0100

s3:lib: Do not segfault if username is NULL

Found by covscan.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592

Signed-off-by: Andreas Schneider 
Reviewed-by: Jeremy Allison 
(cherry picked from commit 9297ac44f7e0455bb74ee77ad8b68f2e8c4a070d)

commit 17463ee527cf1245704a448765f4bd89564ce961
Author: Andreas Schneider 
Date:   Fri Feb 17 09:45:33 2017 +0100

s3:torture: Fix uint64_t comparsion in if-clause

Found by covscan.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592

Signed-off-by: Andreas Schneider 
Reviewed-by: Jeremy Allison 
(cherry picked from commit 13690569ee5893e3dbd96f2b28a41a35e3da42ff)

commit f34ff6ae9ef97ce9338ce192cc16753bdbdc503d
Author: Andreas Schneider 
Date:   Thu Feb 16 17:52:41 2017 +0100

s4:torture: Make sure handles are initialized

The CHECK_STATUS macro might goto done which checks the values of the
handle so they should be initialized in this case.

Found by covscan.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592

Signed-off-by: Andreas Schneider 
Reviewed-by: Jeremy Allison 
(cherry picked from commit 8a1b998acb3592ad67bb72db79965bae436748ec)

commit 33fdd9f52a4045347c273a0ce8ba1d207e06772a
Author: Andreas Schneider 
Date:   Thu Feb 16 17:34:07 2017 +0100

ndrdump: Fix a possible NULL pointer dereference

Found by covscan.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592

Signed-off-by: Andreas Schneider 
Reviewed-by: Jeremy Allison 
(cherry p

[SCM] Samba Shared Repository - branch master updated

2017-03-02 Thread Andreas Schneider
The branch, master has been updated
   via  ed42d6e s3:librpc: Handle gss_min in gse_get_client_auth_token() 
correctly
   via  4194a67 gensec:spnego: Add debug message for the failed principal
  from  70923b7 ndr: Use resizing array instead of linked lists (breaking 
ABI)

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -
commit ed42d6e81f6c7cf4ed78b2bc9fcdf6c9d970ca55
Author: Andreas Schneider 
Date:   Mon Feb 27 17:18:15 2017 +0100

s3:librpc: Handle gss_min in gse_get_client_auth_token() correctly

This will make sure we correctly fall back to NTLMSSP.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12557

Pair-Programmed-With: Stefan Metzmacher 
Signed-off-by: Andreas Schneider 
Signed-off-by: Stefan Metzmacher 

Autobuild-User(master): Andreas Schneider 
Autobuild-Date(master): Thu Mar  2 12:41:40 CET 2017 on sn-devel-144

commit 4194a67c7efcb58ef2bb7efa1d1556d5fa0ce2e0
Author: Stefan Metzmacher 
Date:   Fri Jan 20 17:15:49 2017 +0100

gensec:spnego: Add debug message for the failed principal

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12557

Signed-off-by: Stefan Metzmacher 
Reviewed-by: Andreas Schneider 

---

Summary of changes:
 auth/gensec/spnego.c| 58 +
 source3/librpc/crypto/gse.c | 46 ++-
 2 files changed, 93 insertions(+), 11 deletions(-)


Changeset truncated at 500 lines:

diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c
index 4787892..f063f7b 100644
--- a/auth/gensec/spnego.c
+++ b/auth/gensec/spnego.c
@@ -511,10 +511,34 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct 
gensec_security *gensec_
NT_STATUS_EQUAL(nt_status, 
NT_STATUS_NO_LOGON_SERVERS) ||
NT_STATUS_EQUAL(nt_status, 
NT_STATUS_TIME_DIFFERENCE_AT_DC) ||
NT_STATUS_EQUAL(nt_status, 
NT_STATUS_CANT_ACCESS_DOMAIN_INFO)) {
-   /* Pretend we never started it (lets 
the first run find some incompatible demand) */
+   const char *next = NULL;
+   const char *principal = NULL;
+   int dbg_level = DBGLVL_WARNING;
+
+   if (all_sec[i+1].op != NULL) {
+   next = all_sec[i+1].op->name;
+   dbg_level = DBGLVL_NOTICE;
+   }
+
+   if (gensec_security->target.principal 
!= NULL) {
+   principal = 
gensec_security->target.principal;
+   } else if 
(gensec_security->target.service != NULL &&
+  
gensec_security->target.hostname != NULL)
+   {
+   principal = 
talloc_asprintf(spnego_state->sub_sec_security,
+   
"%s/%s",
+   
gensec_security->target.service,
+   
gensec_security->target.hostname);
+   } else {
+   principal = 
gensec_security->target.hostname;
+   }
+
+   DEBUG(dbg_level, ("SPNEGO(%s) creating 
NEG_TOKEN_INIT for %s failed (next[%s]): %s\n",
+ 
spnego_state->sub_sec_security->ops->name,
+ principal,
+ next, 
nt_errstr(nt_status)));
 
-   DEBUG(3, ("SPNEGO(%s) NEG_TOKEN_INIT 
failed: %s\n",
- 
spnego_state->sub_sec_security->ops->name, nt_errstr(nt_status)));
+   /* Pretend we never started it (lets 
the first run find some incompatible demand) */

talloc_free(spnego_state->sub_sec_security);
spnego_state->sub_sec_security = NULL;
continue;
@@ -619,8 +643,32 @@ static NTSTATUS gensec_spnego_create_negTokenInit(struct 
gensec_security *gensec
 
if (!NT_STATUS_EQUAL(nt_status, 
NT_STATUS_MORE_PROCESSING_REQUIRED) 
&& !NT_STATUS_IS_OK(nt_status)

[SCM] Socket Wrapper Repository - branch master updated

2017-03-02 Thread Andreas Schneider
The branch, master has been updated
   via  6e1a3b5 swrap: use proper blocks for early returns
   via  1de39d8 swrap: Add support for openat()
  from  68e1cbf Increase wait time during echo_server's pid-file check

https://git.samba.org/?p=socket_wrapper.git;a=shortlog;h=master


- Log -
commit 6e1a3b50fb344107f7cfbcef35a4cf10c1e12113
Author: Michael Adam 
Date:   Fri Sep 23 16:33:52 2016 +0200

swrap: use proper blocks for early returns

This is better to read and might reduce the
diff of later patches.

Signed-off-by: Michael Adam 
Reviewed-by: Andreas Schneider 

commit 1de39d82428fc6559ea5ea2d35187808020be9bf
Author: Andreas Schneider 
Date:   Thu Mar 2 09:56:29 2017 +0100

swrap: Add support for openat()

---

Summary of changes:
 src/socket_wrapper.c | 132 ---
 1 file changed, 115 insertions(+), 17 deletions(-)


Changeset truncated at 500 lines:

diff --git a/src/socket_wrapper.c b/src/socket_wrapper.c
index 3d468c3..1d94a89 100644
--- a/src/socket_wrapper.c
+++ b/src/socket_wrapper.c
@@ -438,6 +438,7 @@ typedef int (*__libc_getsockopt)(int sockfd,
 typedef int (*__libc_ioctl)(int d, unsigned long int request, ...);
 typedef int (*__libc_listen)(int sockfd, int backlog);
 typedef int (*__libc_open)(const char *pathname, int flags, mode_t mode);
+typedef int (*__libc_openat)(int dirfd, const char *path, int flags, ...);
 typedef int (*__libc_pipe)(int pipefd[2]);
 typedef int (*__libc_read)(int fd, void *buf, size_t count);
 typedef ssize_t (*__libc_readv)(int fd, const struct iovec *iov, int iovcnt);
@@ -501,6 +502,7 @@ struct swrap_libc_symbols {
SWRAP_SYMBOL_ENTRY(ioctl);
SWRAP_SYMBOL_ENTRY(listen);
SWRAP_SYMBOL_ENTRY(open);
+   SWRAP_SYMBOL_ENTRY(openat);
SWRAP_SYMBOL_ENTRY(pipe);
SWRAP_SYMBOL_ENTRY(read);
SWRAP_SYMBOL_ENTRY(readv);
@@ -876,6 +878,34 @@ static int libc_open(const char *pathname, int flags, ...)
return fd;
 }
 
+static int libc_vopenat(int dirfd, const char *path, int flags, va_list ap)
+{
+   long int mode = 0;
+   int fd;
+
+   swrap_bind_symbol_libc(openat);
+
+   mode = va_arg(ap, long int);
+
+   fd = swrap.libc.symbols._libc_openat.f(dirfd, path, flags, 
(mode_t)mode);
+
+   return fd;
+}
+
+#if 0
+static int libc_openat(int dirfd, const char *path, int flags, ...)
+{
+   va_list ap;
+   int fd;
+
+   va_start(ap, flags);
+   fd = libc_vopenat(dirfd, path, flags, ap);
+   va_end(ap);
+
+   return fd;
+}
+#endif
+
 static int libc_pipe(int pipefd[2])
 {
swrap_bind_symbol_libsocket(pipe);
@@ -2279,7 +2309,9 @@ static int swrap_pcap_get_fd(const char *fname)
 {
static int fd = -1;
 
-   if (fd != -1) return fd;
+   if (fd != -1) {
+   return fd;
+   }
 
fd = libc_open(fname, O_WRONLY|O_CREAT|O_EXCL|O_APPEND, 0644);
if (fd != -1) {
@@ -2332,7 +2364,9 @@ static uint8_t *swrap_pcap_marshall_packet(struct 
socket_info *si,
 
switch (type) {
case SWRAP_CONNECT_SEND:
-   if (si->type != SOCK_STREAM) return NULL;
+   if (si->type != SOCK_STREAM) {
+   return NULL;
+   }
 
src_addr  = &si->myname.sa.s;
dest_addr = addr;
@@ -2346,7 +2380,9 @@ static uint8_t *swrap_pcap_marshall_packet(struct 
socket_info *si,
break;
 
case SWRAP_CONNECT_RECV:
-   if (si->type != SOCK_STREAM) return NULL;
+   if (si->type != SOCK_STREAM) {
+   return NULL;
+   }
 
dest_addr = &si->myname.sa.s;
src_addr = addr;
@@ -2360,7 +2396,9 @@ static uint8_t *swrap_pcap_marshall_packet(struct 
socket_info *si,
break;
 
case SWRAP_CONNECT_UNREACH:
-   if (si->type != SOCK_STREAM) return NULL;
+   if (si->type != SOCK_STREAM) {
+   return NULL;
+   }
 
dest_addr = &si->myname.sa.s;
src_addr  = addr;
@@ -2374,7 +2412,9 @@ static uint8_t *swrap_pcap_marshall_packet(struct 
socket_info *si,
break;
 
case SWRAP_CONNECT_ACK:
-   if (si->type != SOCK_STREAM) return NULL;
+   if (si->type != SOCK_STREAM) {
+   return NULL;
+   }
 
src_addr  = &si->myname.sa.s;
dest_addr = addr;
@@ -2386,7 +2426,9 @@ static uint8_t *swrap_pcap_marshall_packet(struct 
socket_info *si,
break;
 
case SWRAP_ACCEPT_SEND:
-   if (si->type != SOCK_STREAM) return NULL;
+   if (si->type != SOCK_STREAM) {
+   return NULL;
+   }
 
dest_addr = &si-