9 files changed, 154 insertions, 14 deletions

diff --git a/source4/libcli/clifile.c b/source4/libcli/clifile.c
index 2cf174060b..b76bdc015f 100644
--- a/source4/libcli/clifile.c
+++ b/source4/libcli/clifile.c
@@ -241,7 +241,7 @@ int smbcli_nt_create_full(struct smbcli_tree *tree, const char *fname,
 
 	open_parms.ntcreatex.level = RAW_OPEN_NTCREATEX;
 	open_parms.ntcreatex.in.flags = CreatFlags;
-	open_parms.ntcreatex.in.root_fid = 0;
+	open_parms.ntcreatex.in.root_fid.fnum = 0;
 	open_parms.ntcreatex.in.access_mask = DesiredAccess;
 	open_parms.ntcreatex.in.file_attr = FileAttributes;
 	open_parms.ntcreatex.in.alloc_size = 0;
diff --git a/source4/libcli/ldap/ldap_client.c b/source4/libcli/ldap/ldap_client.c
index d278f407dc..eb53276936 100644
--- a/source4/libcli/ldap/ldap_client.c
+++ b/source4/libcli/ldap/ldap_client.c
@@ -338,7 +338,9 @@ _PUBLIC_ struct composite_context *ldap_connect_send(struct ldap_connection *con
 		/* LDAPI connections are to localhost, so give the
 		 * local host name as the target for gensec's
 		 * DIGEST-MD5 mechanism */
-		conn->host = talloc_asprintf(conn, "%s.%s", lp_netbios_name(conn->lp_ctx),  lp_realm(conn->lp_ctx));
+		conn->host = talloc_asprintf(conn, "%s.%s",
+					     lp_netbios_name(conn->lp_ctx),
+					     lp_dnsdomain(conn->lp_ctx));
 		if (composite_nomem(conn->host, state->ctx)) {
 			return result;
 		}
@@ -403,7 +405,6 @@ static void ldap_connect_got_sock(struct composite_context *ctx,
 	talloc_steal(conn, conn->sock);
 	if (conn->ldaps) {
 		struct socket_context *tls_socket;
-		struct socket_context *tmp_socket;
 		char *cafile = lp_tls_cafile(conn->sock, conn->lp_ctx);
 
 		if (!cafile || !*cafile) {
diff --git a/source4/libcli/ldap/ldap_controls.c b/source4/libcli/ldap/ldap_controls.c
index aef775fab5..86493c81da 100644
--- a/source4/libcli/ldap/ldap_controls.c
+++ b/source4/libcli/ldap/ldap_controls.c
@@ -214,7 +214,7 @@ static bool decode_sd_flags_request(void *mem_ctx, DATA_BLOB in, void *_out)
 		return false;
 	}
 
-	if (!asn1_read_Integer(data, &(lsdfc->secinfo_flags))) {
+	if (!asn1_read_Integer(data, (int *) &(lsdfc->secinfo_flags))) {
 		return false;
 	}
 
@@ -248,7 +248,7 @@ static bool decode_search_options_request(void *mem_ctx, DATA_BLOB in, void *_ou
 		return false;
 	}
 
-	if (!asn1_read_Integer(data, &(lsoc->search_options))) {
+	if (!asn1_read_Integer(data, (int *) &(lsoc->search_options))) {
 		return false;
 	}
 
diff --git a/source4/libcli/raw/interfaces.h b/source4/libcli/raw/interfaces.h
index 13217158cb..af2158cc16 100644
--- a/source4/libcli/raw/interfaces.h
+++ b/source4/libcli/raw/interfaces.h
@@ -1356,6 +1356,7 @@ enum smb_open_level {
 	RAW_OPEN_T2OPEN,
 	RAW_OPEN_NTTRANS_CREATE, 
 	RAW_OPEN_OPENX_READX,
+	RAW_OPEN_NTCREATEX_READX,
 	RAW_OPEN_SMB2
 };
 
@@ -1400,6 +1401,9 @@ union smb_open {
 	case RAW_OPEN_OPENX_READX: \
 		file = &op->openxreadx.out.file; \
 		break; \
+	case RAW_OPEN_NTCREATEX_READX: \
+		file = &op->ntcreatexreadx.out.file; \
+		break; \
 	case RAW_OPEN_SMB2: \
 		file = &op->smb2.out.file; \
 		break; \
@@ -1414,7 +1418,7 @@ union smb_open {
 		enum smb_open_level level;
 		struct {
 			uint32_t flags;
-			uint32_t root_fid;
+			union smb_handle root_fid;
 			uint32_t access_mask;
 			uint64_t alloc_size;
 			uint32_t file_attr;
@@ -1619,6 +1623,54 @@ union smb_open {
 		} out;
 	} openxreadx;
 
+	/* chained NTCreateX/ReadX interface */
+	struct {
+		enum smb_open_level level;
+		struct {
+			uint32_t flags;
+			union smb_handle root_fid;
+			uint32_t access_mask;
+			uint64_t alloc_size;
+			uint32_t file_attr;
+			uint32_t share_access;
+			uint32_t open_disposition;
+			uint32_t create_options;
+			uint32_t impersonation;
+			uint8_t  security_flags;
+			/* NOTE: fname can also be a pointer to a
+			 uint64_t file_id if create_options has the
+			 NTCREATEX_OPTIONS_OPEN_BY_FILE_ID flag set */
+			const char *fname;
+
+			/* readx part */
+			uint64_t offset;
+			uint16_t mincnt;
+			uint32_t maxcnt;
+			uint16_t remaining;
+		} in;
+		struct {
+			union smb_handle file;
+			uint8_t oplock_level;
+			uint32_t create_action;
+			NTTIME create_time;
+			NTTIME access_time;
+			NTTIME write_time;
+			NTTIME change_time;
+			uint32_t attrib;
+			uint64_t alloc_size;
+			uint64_t size;
+			uint16_t file_type;
+			uint16_t ipc_state;
+			uint8_t  is_directory;
+
+			/* readx part */
+			uint8_t *data;
+			uint16_t remaining;
+			uint16_t compaction_mode;
+			uint16_t nread;
+		} out;
+	} ntcreatexreadx;
+
 #define SMB2_CREATE_FLAG_REQUEST_OPLOCK           0x0100
 #define SMB2_CREATE_FLAG_REQUEST_EXCLUSIVE_OPLOCK 0x0800
 #define SMB2_CREATE_FLAG_GRANT_OPLOCK             0x0001
diff --git a/source4/libcli/raw/rawfile.c b/source4/libcli/raw/rawfile.c
index 35d6b75c4d..b6849fef61 100644
--- a/source4/libcli/raw/rawfile.c
+++ b/source4/libcli/raw/rawfile.c
@@ -379,7 +379,7 @@ static struct smbcli_request *smb_raw_nttrans_create_send(struct smbcli_tree *tr
 	params = nt.in.params.data;
 
 	SIVAL(params,  0, parms->ntcreatex.in.flags);
-	SIVAL(params,  4, parms->ntcreatex.in.root_fid);
+	SIVAL(params,  4, parms->ntcreatex.in.root_fid.fnum);
 	SIVAL(params,  8, parms->ntcreatex.in.access_mask);
 	SBVAL(params, 12, parms->ntcreatex.in.alloc_size);
 	SIVAL(params, 20, parms->ntcreatex.in.file_attr);
@@ -564,7 +564,7 @@ _PUBLIC_ struct smbcli_request *smb_raw_open_send(struct smbcli_tree *tree, unio
 		SSVAL(req->out.vwv, VWV(1),0);
 		SCVAL(req->out.vwv, VWV(2),0); /* padding */
 		SIVAL(req->out.vwv,  7, parms->ntcreatex.in.flags);
-		SIVAL(req->out.vwv, 11, parms->ntcreatex.in.root_fid);
+		SIVAL(req->out.vwv, 11, parms->ntcreatex.in.root_fid.fnum);
 		SIVAL(req->out.vwv, 15, parms->ntcreatex.in.access_mask);
 		SBVAL(req->out.vwv, 19, parms->ntcreatex.in.alloc_size);
 		SIVAL(req->out.vwv, 27, parms->ntcreatex.in.file_attr);
@@ -616,6 +616,45 @@ _PUBLIC_ struct smbcli_request *smb_raw_open_send(struct smbcli_tree *tree, unio
 			SIVAL(req->out.vwv, VWV(10),parms->openxreadx.in.offset>>32);
 		}
 		break;
+
+	case RAW_OPEN_NTCREATEX_READX:
+		SETUP_REQUEST(SMBntcreateX, 24, 0);
+		SSVAL(req->out.vwv, VWV(0),SMB_CHAIN_NONE);
+		SSVAL(req->out.vwv, VWV(1),0);
+		SCVAL(req->out.vwv, VWV(2),0); /* padding */
+		SIVAL(req->out.vwv,  7, parms->ntcreatexreadx.in.flags);
+		SIVAL(req->out.vwv, 11, parms->ntcreatexreadx.in.root_fid.fnum);
+		SIVAL(req->out.vwv, 15, parms->ntcreatexreadx.in.access_mask);
+		SBVAL(req->out.vwv, 19, parms->ntcreatexreadx.in.alloc_size);
+		SIVAL(req->out.vwv, 27, parms->ntcreatexreadx.in.file_attr);
+		SIVAL(req->out.vwv, 31, parms->ntcreatexreadx.in.share_access);
+		SIVAL(req->out.vwv, 35, parms->ntcreatexreadx.in.open_disposition);
+		SIVAL(req->out.vwv, 39, parms->ntcreatexreadx.in.create_options);
+		SIVAL(req->out.vwv, 43, parms->ntcreatexreadx.in.impersonation);
+		SCVAL(req->out.vwv, 47, parms->ntcreatexreadx.in.security_flags);
+
+		smbcli_req_append_string_len(req, parms->ntcreatexreadx.in.fname, STR_TERMINATE, &len);
+		SSVAL(req->out.vwv, 5, len);
+
+		if (tree->session->transport->negotiate.capabilities & CAP_LARGE_FILES) {
+			bigoffset = true;
+		}
+
+		smbcli_chained_request_setup(req, SMBreadX, bigoffset ? 12 : 10, 0);
+
+		SSVAL(req->out.vwv, VWV(0), SMB_CHAIN_NONE);
+		SSVAL(req->out.vwv, VWV(1), 0);
+		SSVAL(req->out.vwv, VWV(2), 0);
+		SIVAL(req->out.vwv, VWV(3), parms->ntcreatexreadx.in.offset);
+		SSVAL(req->out.vwv, VWV(5), parms->ntcreatexreadx.in.maxcnt & 0xFFFF);
+		SSVAL(req->out.vwv, VWV(6), parms->ntcreatexreadx.in.mincnt);
+		SIVAL(req->out.vwv, VWV(7), parms->ntcreatexreadx.in.maxcnt >> 16);
+		SSVAL(req->out.vwv, VWV(9), parms->ntcreatexreadx.in.remaining);
+		if (bigoffset) {
+			SIVAL(req->out.vwv, VWV(10),parms->ntcreatexreadx.in.offset>>32);
+		}
+		break;
+
 	case RAW_OPEN_SMB2:
 		return NULL;
 	}
@@ -753,6 +792,41 @@ _PUBLIC_ NTSTATUS smb_raw_open_recv(struct smbcli_request *req, TALLOC_CTX *mem_
 			req->status = NT_STATUS_BUFFER_TOO_SMALL;
 		}
 		break;
+
+	case RAW_OPEN_NTCREATEX_READX:
+		SMBCLI_CHECK_MIN_WCT(req, 34);
+		parms->ntcreatexreadx.out.oplock_level =              CVAL(req->in.vwv, 4);
+		parms->ntcreatexreadx.out.file.fnum =                 SVAL(req->in.vwv, 5);
+		parms->ntcreatexreadx.out.create_action =             IVAL(req->in.vwv, 7);
+		parms->ntcreatexreadx.out.create_time =   smbcli_pull_nttime(req->in.vwv, 11);
+		parms->ntcreatexreadx.out.access_time =   smbcli_pull_nttime(req->in.vwv, 19);
+		parms->ntcreatexreadx.out.write_time =    smbcli_pull_nttime(req->in.vwv, 27);
+		parms->ntcreatexreadx.out.change_time =   smbcli_pull_nttime(req->in.vwv, 35);
+		parms->ntcreatexreadx.out.attrib =                   IVAL(req->in.vwv, 43);
+		parms->ntcreatexreadx.out.alloc_size =               BVAL(req->in.vwv, 47);
+		parms->ntcreatexreadx.out.size =                     BVAL(req->in.vwv, 55);
+		parms->ntcreatexreadx.out.file_type =                SVAL(req->in.vwv, 63);
+		parms->ntcreatexreadx.out.ipc_state =                SVAL(req->in.vwv, 65);
+		parms->ntcreatexreadx.out.is_directory =             CVAL(req->in.vwv, 67);
+
+		status = smbcli_chained_advance(req);
+		if (!NT_STATUS_IS_OK(status)) {
+			return status;
+		}
+
+		SMBCLI_CHECK_WCT(req, 12);
+		parms->ntcreatexreadx.out.remaining       = SVAL(req->in.vwv, VWV(2));
+		parms->ntcreatexreadx.out.compaction_mode = SVAL(req->in.vwv, VWV(3));
+		parms->ntcreatexreadx.out.nread = SVAL(req->in.vwv, VWV(5));
+		if (parms->ntcreatexreadx.out.nread >
+		    MAX(parms->ntcreatexreadx.in.mincnt, parms->ntcreatexreadx.in.maxcnt) ||
+		    !smbcli_raw_pull_data(&req->in.bufinfo, req->in.hdr + SVAL(req->in.vwv, VWV(6)),
+			                  parms->ntcreatexreadx.out.nread,
+			                  parms->ntcreatexreadx.out.data)) {
+			req->status = NT_STATUS_BUFFER_TOO_SMALL;
+		}
+		break;
+
 	case RAW_OPEN_SMB2:
 		req->status = NT_STATUS_INTERNAL_ERROR;
 		break;
diff --git a/source4/libcli/security/access_check.c b/source4/libcli/security/access_check.c
index 543b0f74c5..954c54c38b 100644
--- a/source4/libcli/security/access_check.c
+++ b/source4/libcli/security/access_check.c
@@ -125,9 +125,13 @@ NTSTATUS sec_access_check(const struct security_descriptor *sd,
 	    security_token_has_sid(token, sd->owner_sid)) {
 		bits_remaining &= ~(SEC_STD_WRITE_DAC|SEC_STD_READ_CONTROL|SEC_STD_DELETE);
 	}
-	if ((bits_remaining & SEC_STD_DELETE) &&
+	if ((bits_remaining & SEC_RIGHTS_PRIV_RESTORE) &&
 	    security_token_has_privilege(token, SEC_PRIV_RESTORE)) {
-		bits_remaining &= ~SEC_STD_DELETE;
+		bits_remaining &= ~(SEC_RIGHTS_PRIV_RESTORE);
+	}
+	if ((bits_remaining & SEC_RIGHTS_PRIV_BACKUP) &&
+	    security_token_has_privilege(token, SEC_PRIV_BACKUP)) {
+		bits_remaining &= ~(SEC_RIGHTS_PRIV_BACKUP);
 	}
 
 	if (sd->dacl == NULL) {
diff --git a/source4/libcli/security/object_tree.c b/source4/libcli/security/object_tree.c
index 8a90019a59..85b407913c 100644
--- a/source4/libcli/security/object_tree.c
+++ b/source4/libcli/security/object_tree.c
@@ -94,13 +94,13 @@ struct object_tree * get_object_tree_by_GUID(struct object_tree *root,
 /* Change the granted access per each ACE */
 
 void object_tree_modify_access(struct object_tree *root,
-			       uint32_t access)
+			       uint32_t access_mask)
 {
 	struct object_tree *p;
 	if (root){
-		root->remaining_access &= ~access;
+		root->remaining_access &= ~access_mask;
 	}
 
 	for (p = root->children; p != NULL; p = p->next)
-		object_tree_modify_access(p, access);
+		object_tree_modify_access(p, access_mask);
 }
diff --git a/source4/libcli/smb2/util.c b/source4/libcli/smb2/util.c
index 8602c91a9f..9b8d6887b1 100644
--- a/source4/libcli/smb2/util.c
+++ b/source4/libcli/smb2/util.c
@@ -220,3 +220,12 @@ int smb2_deltree(struct smb2_tree *tree, const char *dname)
 
 	return total_deleted;
 }
+
+/*
+  check if two SMB2 file handles are the same
+*/
+bool smb2_util_handle_equal(const struct smb2_handle h1,
+			    const struct smb2_handle h2)
+{
+	return (h1.data[0] == h2.data[0]) && (h1.data[1] == h2.data[1]);
+}
diff --git a/source4/libcli/smb_composite/appendacl.c b/source4/libcli/smb_composite/appendacl.c
index 69ed62a106..c1a964f151 100644
--- a/source4/libcli/smb_composite/appendacl.c
+++ b/source4/libcli/smb_composite/appendacl.c
@@ -254,7 +254,7 @@ struct composite_context *smb_composite_appendacl_send(struct smbcli_tree *tree,
 	if (state->io_open == NULL) goto failed;
 	
 	state->io_open->ntcreatex.level               = RAW_OPEN_NTCREATEX;
-	state->io_open->ntcreatex.in.root_fid = 0;
+	state->io_open->ntcreatex.in.root_fid.fnum    = 0;
 	state->io_open->ntcreatex.in.flags            = 0;
 	state->io_open->ntcreatex.in.access_mask      = SEC_FLAG_MAXIMUM_ALLOWED;
 	state->io_open->ntcreatex.in.file_attr        = FILE_ATTRIBUTE_NORMAL;