13 files changed, 117 insertions, 48 deletions

diff --git a/source3/lib/sessionid_tdb.c b/source3/lib/sessionid_tdb.c
index 2376fd4..54bb895 100644
--- a/source3/lib/sessionid_tdb.c
+++ b/source3/lib/sessionid_tdb.c
@@ -24,6 +24,7 @@
 #include "session.h"
 #include "util_tdb.h"
 #include "smbd/globals.h"
+#include "../libcli/security/session.h"
 
 struct sessionid_traverse_read_state {
 	int (*fn)(const char *key, struct sessionid *session,
@@ -48,11 +49,18 @@ static int sessionid_traverse_read_fn(struct smbXsrv_session_global0 *global,
 	};
 
 	if (session_info != NULL) {
+		enum security_user_level ul;
+
 		session.uid = session_info->unix_token->uid;
 		session.gid = session_info->unix_token->gid;
 		strncpy(session.username,
 			session_info->unix_info->unix_name,
 			sizeof(fstring)-1);
+
+		ul = security_session_user_level(session_info, NULL);
+		if (ul >= SECURITY_USER) {
+			session.authenticated = true;
+		}
 	}
 
 	strncpy(session.remote_machine,
diff --git a/source3/lib/util_tdb.c b/source3/lib/util_tdb.c
index d85f676..3c7c194 100644
--- a/source3/lib/util_tdb.c
+++ b/source3/lib/util_tdb.c
@@ -324,11 +324,11 @@ int tdb_data_cmp(TDB_DATA t1, TDB_DATA t2)
 		return 1;
 	}
 	if (t1.dptr == t2.dptr) {
-		return t1.dsize - t2.dsize;
+		return NUMERIC_CMP(t1.dsize, t2.dsize);
 	}
 	ret = memcmp(t1.dptr, t2.dptr, MIN(t1.dsize, t2.dsize));
 	if (ret == 0) {
-		return t1.dsize - t2.dsize;
+		return NUMERIC_CMP(t1.dsize, t2.dsize);
 	}
 	return ret;
 }
diff --git a/source3/libads/kerberos.c b/source3/libads/kerberos.c
index f76c566..6c6d23c 100644
--- a/source3/libads/kerberos.c
+++ b/source3/libads/kerberos.c
@@ -437,23 +437,23 @@ static char *get_kdc_ip_string(char *mem_ctx,
 	char *kdc_str = NULL;
 	char *canon_sockaddr = NULL;
 
-	SMB_ASSERT(pss != NULL);
-
-	canon_sockaddr = print_canonical_sockaddr_with_port(frame, pss);
-	if (canon_sockaddr == NULL) {
-		goto out;
-	}
+	if (pss != NULL) {
+		canon_sockaddr = print_canonical_sockaddr_with_port(frame, pss);
+		if (canon_sockaddr == NULL) {
+			goto out;
+		}
 
-	kdc_str = talloc_asprintf(frame,
-				  "\t\tkdc = %s\n",
-				  canon_sockaddr);
-	if (kdc_str == NULL) {
-		goto out;
-	}
+		kdc_str = talloc_asprintf(frame,
+					  "\t\tkdc = %s\n",
+					  canon_sockaddr);
+		if (kdc_str == NULL) {
+			goto out;
+		}
 
-	ok = sockaddr_storage_to_samba_sockaddr(&sa, pss);
-	if (!ok) {
-		goto out;
+		ok = sockaddr_storage_to_samba_sockaddr(&sa, pss);
+		if (!ok) {
+			goto out;
+		}
 	}
 
 	/*
@@ -704,7 +704,7 @@ bool create_local_private_krb5_conf_for_domain(const char *realm,
 		return false;
 	}
 
-	if (domain == NULL || pss == NULL) {
+	if (domain == NULL) {
 		return false;
 	}
 
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index b5139e5..d467079 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -275,12 +275,12 @@ static bool ads_fill_cldap_reply(ADS_STRUCT *ads,
 
 	/* Fill in the ads->config values */
 
+	ADS_TALLOC_CONST_FREE(ads->config.workgroup);
 	ADS_TALLOC_CONST_FREE(ads->config.realm);
 	ADS_TALLOC_CONST_FREE(ads->config.bind_path);
 	ADS_TALLOC_CONST_FREE(ads->config.ldap_server_name);
 	ADS_TALLOC_CONST_FREE(ads->config.server_site_name);
 	ADS_TALLOC_CONST_FREE(ads->config.client_site_name);
-	ADS_TALLOC_CONST_FREE(ads->server.workgroup);
 
 	if (!check_cldap_reply_required_flags(cldap_reply->server_type,
 					      ads->config.flags)) {
@@ -296,6 +296,13 @@ static bool ads_fill_cldap_reply(ADS_STRUCT *ads,
 		goto out;
 	}
 
+	ads->config.workgroup = talloc_strdup(ads, cldap_reply->domain_name);
+	if (ads->config.workgroup == NULL) {
+		DBG_WARNING("Out of memory\n");
+		ret = false;
+		goto out;
+	}
+
 	ads->config.realm = talloc_asprintf_strupper_m(ads,
 						       "%s",
 						       cldap_reply->dns_domain);
@@ -334,13 +341,6 @@ static bool ads_fill_cldap_reply(ADS_STRUCT *ads,
 		}
 	}
 
-	ads->server.workgroup = talloc_strdup(ads, cldap_reply->domain_name);
-	if (ads->server.workgroup == NULL) {
-		DBG_WARNING("Out of memory\n");
-		ret = false;
-		goto out;
-	}
-
 	ads->ldap.port = gc ? LDAP_GC_PORT : LDAP_PORT;
 	ads->ldap.ss = *ss;
 
diff --git a/source3/librpc/idl/ads.idl b/source3/librpc/idl/ads.idl
index 4f3a387..d10e5b4 100644
--- a/source3/librpc/idl/ads.idl
+++ b/source3/librpc/idl/ads.idl
@@ -59,6 +59,7 @@ interface ads
 
 	typedef [nopull,nopush] struct {
 		nbt_server_type flags; /* cldap flags identifying the services. */
+		string workgroup;
 		string realm;
 		string bind_path;
 		string ldap_server_name;
diff --git a/source3/libsmb/clidgram.c b/source3/libsmb/clidgram.c
index a45bdac..c87c870 100644
--- a/source3/libsmb/clidgram.c
+++ b/source3/libsmb/clidgram.c
@@ -349,7 +349,11 @@ struct tevent_req *nbt_getdc_send(TALLOC_CTX *mem_ctx,
 		return tevent_req_post(req, ev);
 	}
 
-	subreq = nb_packet_reader_send(state, ev, DGRAM_PACKET, -1,
+	subreq = nb_packet_reader_send(state,
+				       ev,
+				       global_nmbd_socket_dir(),
+				       DGRAM_PACKET,
+				       -1,
 				       state->my_mailslot);
 	if (tevent_req_nomem(subreq, req)) {
 		return tevent_req_post(req, ev);
diff --git a/source3/libsmb/dsgetdcname.c b/source3/libsmb/dsgetdcname.c
index 09a6e66..654893c 100644
--- a/source3/libsmb/dsgetdcname.c
+++ b/source3/libsmb/dsgetdcname.c
@@ -196,7 +196,29 @@ static NTSTATUS store_cldap_reply(TALLOC_CTX *mem_ctx,
 	/* FIXME */
 	r->sockaddr_size = 0x10; /* the w32 winsock addr size */
 	r->sockaddr.sockaddr_family = 2; /* AF_INET */
-	r->sockaddr.pdc_ip = talloc_strdup(mem_ctx, addr);
+	if (is_ipaddress_v4(addr)) {
+		r->sockaddr.pdc_ip = talloc_strdup(mem_ctx, addr);
+		if (r->sockaddr.pdc_ip == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+	} else {
+		/*
+		 * ndr_push_NETLOGON_SAM_LOGON_RESPONSE_EX will
+		 * fail with an ipv6 address.
+		 *
+		 * This matches windows behaviour in the CLDAP
+		 * response when NETLOGON_NT_VERSION_5EX_WITH_IP
+		 * is used.
+		 *
+		 * Windows returns the ipv4 address of the ipv6
+		 * server interface and falls back to 127.0.0.1
+		 * if there's no ipv4 address.
+		 */
+		r->sockaddr.pdc_ip = talloc_strdup(mem_ctx, "127.0.0.1");
+		if (r->sockaddr.pdc_ip == NULL) {
+			return NT_STATUS_NO_MEMORY;
+		}
+	}
 
 	ndr_err = ndr_push_struct_blob(&blob, mem_ctx, r,
 		       (ndr_push_flags_fn_t)ndr_push_NETLOGON_SAM_LOGON_RESPONSE_EX);
@@ -930,6 +952,11 @@ static NTSTATUS process_dc_netbios(TALLOC_CTX *mem_ctx,
 		name_type = NBT_NAME_PDC;
 	}
 
+	/*
+	 * It's 2024 we always want an AD style response!
+	 */
+	nt_version |= NETLOGON_NT_VERSION_AVOID_NT4EMUL;
+
 	nt_version |= map_ds_flags_to_nt_version(flags);
 
 	snprintf(my_acct_name,
diff --git a/source3/libsmb/libsmb_xattr.c b/source3/libsmb/libsmb_xattr.c
index dcb2f9e..a902341 100644
--- a/source3/libsmb/libsmb_xattr.c
+++ b/source3/libsmb/libsmb_xattr.c
@@ -121,7 +121,13 @@ ace_compare(struct security_ace *ace1,
          */
 
 	if (ace1->type != ace2->type) {
-		return ace2->type - ace1->type;
+		/*
+		 * ace2 and ace1 are reversed here, so that
+		 * ACCESS_DENIED_ACE_TYPE (1) sorts before
+		 * ACCESS_ALLOWED_ACE_TYPE (0), which is the order you
+		 * usually want.
+		 */
+		return NUMERIC_CMP(ace2->type, ace1->type);
         }
 
 	if (dom_sid_compare(&ace1->trustee, &ace2->trustee)) {
@@ -129,15 +135,15 @@ ace_compare(struct security_ace *ace1,
         }
 
 	if (ace1->flags != ace2->flags) {
-		return ace1->flags - ace2->flags;
+		return NUMERIC_CMP(ace1->flags, ace2->flags);
         }
 
 	if (ace1->access_mask != ace2->access_mask) {
-		return ace1->access_mask - ace2->access_mask;
+		return NUMERIC_CMP(ace1->access_mask, ace2->access_mask);
         }
 
 	if (ace1->size != ace2->size) {
-		return ace1->size - ace2->size;
+		return NUMERIC_CMP(ace1->size, ace2->size);
         }
 
 	return memcmp(ace1, ace2, sizeof(struct security_ace));
diff --git a/source3/libsmb/namequery.c b/source3/libsmb/namequery.c
index e6c0c7d..8f6a9b5 100644
--- a/source3/libsmb/namequery.c
+++ b/source3/libsmb/namequery.c
@@ -34,6 +34,7 @@
 #include "lib/gencache.h"
 #include "librpc/gen_ndr/dns.h"
 #include "lib/util/util_net.h"
+#include "lib/util/tsort.h"
 #include "lib/util/string_wrappers.h"
 
 /* nmbd.c sets this to True. */
@@ -644,7 +645,12 @@ static struct tevent_req *nb_trans_send(
 		return tevent_req_post(req, ev);
 	}
 
-	subreq = nb_packet_reader_send(state, ev, type, state->trn_id, NULL);
+	subreq = nb_packet_reader_send(state,
+				       ev,
+				       global_nmbd_socket_dir(),
+				       type,
+				       state->trn_id,
+				       NULL);
 	if (tevent_req_nomem(subreq, req)) {
 		return tevent_req_post(req, ev);
 	}
@@ -1082,8 +1088,15 @@ bool name_status_find(const char *q_name,
 }
 
 /*
-  comparison function used by sort_addr_list
-*/
+ * comparison function used by sort_addr_list
+ *
+ * This comparison is intransitive in sort if a socket has an invalid
+ * family (i.e., not IPv4 or IPv6), or an interface doesn't support
+ * the family. Say we have sockaddrs with IP versions {4,5,6}, of
+ * which 5 is invalid. By this function, 4 == 5 and 6 == 5, but 4 !=
+ * 6. This is of course a consequence of cmp() being unable to
+ * communicate error.
+ */
 
 static int addr_compare(const struct sockaddr_storage *ss1,
 			const struct sockaddr_storage *ss2)
@@ -1171,7 +1184,7 @@ static int addr_compare(const struct sockaddr_storage *ss1,
 			max_bits2 += 128;
 		}
 	}
-	return max_bits2 - max_bits1;
+	return NUMERIC_CMP(max_bits2, max_bits1);
 }
 
 /*
diff --git a/source3/libsmb/nmblib.c b/source3/libsmb/nmblib.c
index c90e92e..2297dd9 100644
--- a/source3/libsmb/nmblib.c
+++ b/source3/libsmb/nmblib.c
@@ -23,6 +23,12 @@
 #include "libsmb/nmblib.h"
 #include "lib/util/string_wrappers.h"
 
+const char *global_nmbd_socket_dir(void)
+{
+	return lp_parm_const_string(-1, "nmbd", "socket dir",
+				    get_dyn_NMBDSOCKETDIR());
+}
+
 static const struct opcode_names {
 	const char *nmb_opcode_name;
 	int opcode;
@@ -1229,8 +1235,10 @@ static unsigned char sort_ip[4];
 
 static int name_query_comp(unsigned char *p1, unsigned char *p2)
 {
-	return matching_len_bits(p2+2, sort_ip, 4) -
-		matching_len_bits(p1+2, sort_ip, 4);
+	int a = matching_len_bits(p1+2, sort_ip, 4);
+	int b = matching_len_bits(p2+2, sort_ip, 4);
+	/* reverse sort -- p2 derived value comes first */
+	return NUMERIC_CMP(b, a);
 }
 
 /****************************************************************************
diff --git a/source3/libsmb/nmblib.h b/source3/libsmb/nmblib.h
index 52600a4..5171a26 100644
--- a/source3/libsmb/nmblib.h
+++ b/source3/libsmb/nmblib.h
@@ -29,6 +29,8 @@
 
 /* The following definitions come from libsmb/nmblib.c  */
 
+const char *global_nmbd_socket_dir(void);
+
 void debug_nmb_packet(struct packet_struct *p);
 void put_name(char *dest, const char *name, int pad, unsigned int name_type);
 char *nmb_namestr(const struct nmb_name *n);
diff --git a/source3/libsmb/unexpected.c b/source3/libsmb/unexpected.c
index b81d379..10ceac7 100644
--- a/source3/libsmb/unexpected.c
+++ b/source3/libsmb/unexpected.c
@@ -26,12 +26,6 @@
 #include "lib/tsocket/tsocket.h"
 #include "lib/util/sys_rw.h"
 
-static const char *nmbd_socket_dir(void)
-{
-	return lp_parm_const_string(-1, "nmbd", "socket dir",
-				    get_dyn_NMBDSOCKETDIR());
-}
-
 struct nb_packet_query {
 	enum packet_type type;
 	size_t mailslot_namelen;
@@ -74,6 +68,7 @@ static void nb_packet_server_listener(struct tevent_context *ev,
 
 NTSTATUS nb_packet_server_create(TALLOC_CTX *mem_ctx,
 				 struct tevent_context *ev,
+				 const char *nmbd_socket_dir,
 				 int max_clients,
 				 struct nb_packet_server **presult)
 {
@@ -90,7 +85,7 @@ NTSTATUS nb_packet_server_create(TALLOC_CTX *mem_ctx,
 	result->max_clients = max_clients;
 
 	result->listen_sock = create_pipe_sock(
-		nmbd_socket_dir(), "unexpected", 0755);
+		nmbd_socket_dir, "unexpected", 0755);
 	if (result->listen_sock == -1) {
 		status = map_nt_error_from_unix(errno);
 		goto fail;
@@ -248,7 +243,7 @@ static void nb_packet_got_query(struct tevent_req *req)
 	ssize_t nread;
 	int err;
 
-	nread = tstream_read_packet_recv(req, talloc_tos(), &buf, &err);
+	nread = tstream_read_packet_recv(req, client, &buf, &err);
 	TALLOC_FREE(req);
 	if (nread < (ssize_t)sizeof(struct nb_packet_query)) {
 		DEBUG(10, ("read_packet_recv returned %d (%s)\n",
@@ -280,6 +275,8 @@ static void nb_packet_got_query(struct tevent_req *req)
 		}
 	}
 
+	TALLOC_FREE(buf);
+
 	client->ack.byte = 0;
 	client->ack.iov[0].iov_base = &client->ack.byte;
 	client->ack.iov[0].iov_len = 1;
@@ -333,7 +330,7 @@ static void nb_packet_client_read_done(struct tevent_req *req)
 	uint8_t *buf;
 	int err;
 
-	nread = tstream_read_packet_recv(req, talloc_tos(), &buf, &err);
+	nread = tstream_read_packet_recv(req, client, &buf, &err);
 	TALLOC_FREE(req);
 	if (nread == 1) {
 		DEBUG(10, ("Protocol error, received data on write-only "
@@ -495,6 +492,7 @@ static void nb_packet_reader_got_ack(struct tevent_req *subreq);
 
 struct tevent_req *nb_packet_reader_send(TALLOC_CTX *mem_ctx,
 					 struct tevent_context *ev,
+					 const char *nmbd_socket_dir,
 					 enum packet_type type,
 					 int trn_id,
 					 const char *mailslot_name)
@@ -530,7 +528,7 @@ struct tevent_req *nb_packet_reader_send(TALLOC_CTX *mem_ctx,
 		tevent_req_nterror(req, map_nt_error_from_unix(errno));
 		return tevent_req_post(req, ev);
 	}
-	rpath = talloc_asprintf(state, "%s/%s", nmbd_socket_dir(),
+	rpath = talloc_asprintf(state, "%s/%s", nmbd_socket_dir,
 			       "unexpected");
 	if (tevent_req_nomem(rpath, req)) {
 		return tevent_req_post(req, ev);
diff --git a/source3/libsmb/unexpected.h b/source3/libsmb/unexpected.h
index 270976b..4ae9b20 100644
--- a/source3/libsmb/unexpected.h
+++ b/source3/libsmb/unexpected.h
@@ -29,12 +29,14 @@ struct nb_packet_reader;
 
 NTSTATUS nb_packet_server_create(TALLOC_CTX *mem_ctx,
 				 struct tevent_context *ev,
+				 const char *nmbd_socket_dir,
 				 int max_clients,
 				 struct nb_packet_server **presult);
 void nb_packet_dispatch(struct nb_packet_server *server,
 			struct packet_struct *p);
 struct tevent_req *nb_packet_reader_send(TALLOC_CTX *mem_ctx,
 					 struct tevent_context *ev,
+					 const char *nmbd_socket_dir,
 					 enum packet_type type,
 					 int trn_id,
 					 const char *mailslot_name);