1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

137492 Commits

Author SHA1 Message Date
Stefan Metzmacher
2435ab1ad7 ldb_ildap: require ldb_get_opaque(ldb, "loadparm") to be valid
Without a valid loadparm_context we can't connect.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 23:50:33 +00:00
Stefan Metzmacher
8007569e9f s4:libcli/ldap: ldap4_new_connection() requires a valid lp_ctx
Otherwise we'll crash in a lot of places later.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 23:50:33 +00:00
Stefan Metzmacher
96e4a92f19 tests/segfault.py: make sure samdb.connect(url) has a valid lp_ctx
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 23:50:33 +00:00
Volker Lendecke
1cba9de144 Fix a few "might be uninitialized" errors
I've seen them with clang

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 23 19:02:10 UTC 2024 on atb-devel-224
2024-04-23 19:02:10 +00:00
Volker Lendecke
316579b502 smbd: Slightly simplify notifyd_send_delete()
Call messaging_send_iov() instead of messaging_send_iov_from().

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-04-23 17:53:36 +00:00
Volker Lendecke
190ae0796e smbd: Simplify smb_set_file_unix_link()
Avoid a call to parent_pathref, use the dirfsp that already exists

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-04-23 17:53:36 +00:00
Volker Lendecke
88921ac177 smbd: Simplify smb_q_posix_symlink()
Use the dirfsp from call_trans2qpathinfo(), avoid a call to parent_pathref()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-04-23 17:53:36 +00:00
Volker Lendecke
e35b3af2e8 smbd: Simplify call_trans2qpathinfo()
These days filename_convert_dirfsp() always returns a full fsp.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2024-04-23 17:53:36 +00:00
Stefan Metzmacher
daf6d371f3 s3:rpc_client: implement bind time feature negotiation
This is not strictly needed as we don't use any of the
optional features yet.

But it will make it easier to add bind time features we'll
actually use later.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Apr 23 17:29:55 UTC 2024 on atb-devel-224
2024-04-23 17:29:55 +00:00
Stefan Metzmacher
713a802257 s3:rpc_client: require DCERPC_BIND_ACK_RESULT_ACCEPTANCE for the negotiated presentation context
We should fail if we didn't get DCERPC_BIND_ACK_RESULT_ACCEPTANCE.

It's also not needed to require a single array element.

We already checked above that we have at least one.

The next patch will all bind time feature negotiation
and that means we'll have 2 array elements...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 16:23:38 +00:00
Stefan Metzmacher
6548ccb31b s3:rpc_client: pass struct rpc_pipe_client to check_bind_response()
This prepares adding bind time feature negotiation in the next commits.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 16:23:38 +00:00
Stefan Metzmacher
0cc0970d35 dcesrv_reply: we don't need to call dcerpc_set_frag_length() in dcesrv_fault_with_flags()
dcerpc_ncacn_push_auth() already calls dcerpc_set_frag_length().

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 16:23:38 +00:00
Stefan Metzmacher
2674df4cc0 s3:libsmb: let cli_tree_connect_creds() only call cli_credentials_get_password() if needed
Only legacy protocols need a password for share level authentication,
so avoid triggering the password prompt for the common case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15018

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue Apr 23 15:21:38 UTC 2024 on atb-devel-224
2024-04-23 15:21:38 +00:00
Stefan Metzmacher
aff2932c42 python/samba/getopt: don't prompt for a password for --use-krb5-ccache=...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15018

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-04-23 14:17:32 +00:00
Stefan Metzmacher
0ba9e5dacb lib/cmdline: only call cli_credentials_get_password_and_obtained if needed
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15018

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-04-23 14:17:32 +00:00
Stefan Metzmacher
994e12e8f7 lib/cmdline: move cli_credentials_set_cmdline_callbacks to the end of POPT_CALLBACK_REASON_POST
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15018

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-04-23 14:17:32 +00:00
Stefan Metzmacher
e2170431f1 s3:auth_generic: fix talloc_unlink() in auth_generic_set_creds()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-04-23 14:17:32 +00:00
Stefan Metzmacher
5af5bf2645 auth/credentials: don't call talloc_free(ccache_name) on callers memory
The internally allocated ccache_name has ccc as parent,
so we don't need to cleanup explicitly.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-04-23 14:17:32 +00:00
Stefan Metzmacher
d221f930ef auth/credentials: a temporary MEMORY ccache needs krb5_cc_destroy()
A simple krb5_cc_close() doesn't remove it from the global memory list.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-04-23 14:17:32 +00:00
Stefan Metzmacher
126357e2e7 lib/krb5_wrap: let smb_krb5_cc_get_lifetime() behave more like the heimdal krb5_cc_get_lifetime
If the ccache doesn't have a intial TGT the shortest lifetime of
service tickets should be returned.

This is needed in order to work with special ccaches used for
things like S2U4Self/S4U2Proxy tickets or other things
where the caller only wants to pass a single service ticket.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-04-23 14:17:32 +00:00
Stefan Metzmacher
e58f83d395 s3:libads: don't dump securityIdentifier and msDS-TrustForestTrustInfo as strings
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-04-23 14:17:32 +00:00
Stefan Metzmacher
e6f92edba6 s3:notify: don't log user_can_stat_name_under_fsp with level 0 for OBJECT_NAME_NOT_FOUND
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2024-04-23 14:17:32 +00:00
Douglas Bagnall
c49c48afe0 ldb:utf8: ldb_ascii_toupper() avoids real toupper()
If a non-lowercase ASCII character has an uppercase counterpart in
some locale, toupper() will convert it to an int codepoint. Probably
that codepoint is too big to fit in our char return type, so we would
truncate it to 8 bit. So it becomes an arbitrary mapping.

It would also behave strangely with a byte with the top bit set, say
0xE2. If char is unsigned on this system, that is 'â', which
uppercases to 'Â', with the codepoint 0xC2. That seems fine in
isolation, but remember this is ldb_utf8.c, and that byte was not a
codepoint but a piece of a long utf-8 encoding. In the more likely
case where char is signed, toupper() is being passed a negative
number, the result of which is undefined.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Apr 23 02:37:25 UTC 2024 on atb-devel-224
2024-04-23 02:37:25 +00:00
Douglas Bagnall
dca6b2d255 ldb:attrib_handlers: use ldb_ascii_toupper() in first loop
In a dotless-I locale, we might meet an 'i' before we meet a byte with
the high bit set, in which case we still want the ldb casefold
comparison.

Many ldb operations will do some case-folding before getting here, so
hitting this might be quite rare even in those locales.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15637

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 01:33:29 +00:00
Douglas Bagnall
078ecf486a ldb:pytests: test for Turkic i-dots in ldb_comparison_fold
In tr_TR and some other locales where the letter 'i' uppercases to
'İ', which is not ideal for LDB as we need certain strings like 'guid'
to casefold in the ASCII way.

In fixing https://bugzilla.samba.org/show_bug.cgi?id=15248) we solved
this problem in many cases, but for unindexed searches where the 'i'
is not the last character in the string. This test shows that.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15637

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 01:33:29 +00:00
Douglas Bagnall
a75c98ad68 ldb:attrib_handlers: make ldb_comparison_Boolean more consistent
This isn't supposed to be used for sorting, but it is hard to say it
won't be, so we might as well make it sort properly.

Following long-standing behaviour, we try to sort "FALSE" > "TRUE", by
length, then switch to using strncasecmp().

strncasecmp would sort the other way, so we swap the operands. This is
to make e.g. "TRUE\0" sort the same as "TRUE".

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 01:33:29 +00:00
Douglas Bagnall
7280c8e53f ldb-samba:ldif_handlers: dn_link_comparison: sort invalid DNs
If both DNs are invalid, we can say they are equal.

This means invalid or NULL DNs will sort to the end of the array,
before deleted DNs:

[ valid DNs, sorted | invalid/NULL DNs | deleted DNs, sorted ]

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 01:33:29 +00:00
Douglas Bagnall
341b8fb60e ldb-samba:ldif_handlers: dn_link_comparison leaks less
dn1 and dn2 can be invalid but still occupying memory.
(ldb_dn_validate(dn2) does contain a NULL check, but a lot more besides).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 01:33:29 +00:00
Douglas Bagnall
7035659256 ldb-samba:ldif_handlers: dn_link_comparison correctly sorts deleted objects
This changes the behaviour of the DN syntax .comparison_fn when being
used in a search, if the search key is a deleted DN.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 01:33:29 +00:00
Douglas Bagnall
11d5a80932 ldb-samba:ldif_handlers: dn_link_comparison semi-sorts invalid DNs
these tend to go to the end of the sorted array.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 01:33:29 +00:00
Douglas Bagnall
db963b1674 ldb-samba:ldif_handlers: dn_link_comparison semi-sorts deleted objects
We were always returning -1 for a deleted object, which works for an
equality test, but not a relative comparison.

This sorts deleted DNs toward the end of the list -- except when both
DNs are deleted. What should happen there is yet to be determined.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 01:33:29 +00:00
Douglas Bagnall
2d3b917d0a ldb-samba:ldif_handlers: extended_dn_read_Sid(): free on failure
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 01:33:29 +00:00
Douglas Bagnall
42f2d96f82 ldb-samba:ldif_handlers: ldif_read_objectSid(): free a thing on failure
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 01:33:29 +00:00
Douglas Bagnall
6722e80d1b ldb-samba: ldif-handlers: make ldif_comparison_objectSid() accurate
This function compares blobs that might be SID strings or might be SID
structures. Until now, if they were both (seemingly) strings, they were
compared as strings, otherwise if either was a string it was converted to
a structure blob, then the blobs were compared. This had two big problems:

1. There is variety in the way a SID can be stringified. For example,
   "s-1-02-3" means the same SID as "S-1-2-3", but those wouldn't compare
   equal.

2. SID comparison was crazily non-transitive. Consider the three values
     a = "S-1-2-3-4-5",
     b = "S-1-9-1",
     c = SID("S-1-11-1"), where c is a struct and the others are string.

   then we had,
     a < b, because the 5th character '2' < '9'.
     a > c, because when converted to a structure, the number of sub-auths
            is the first varying byte. a has 3, c has 0.
     b < c, because after the sub-auth count comes the id_auth value
            (big-endian, which doesn't matter in this case).

That made the function unreliable for sorting, AND for simple equality
tests. Also it leaked.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 01:33:29 +00:00
Douglas Bagnall
4af670384a s4:dsdb: fix spelling in comment
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 01:33:29 +00:00
Douglas Bagnall
a9eaf8a3ab ldb: comment for ldb_dn_compare_base
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 01:33:29 +00:00
Douglas Bagnall
6229feab74 s4:rpcsrv:samr: improve a comment in compare_msgRid
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 01:33:29 +00:00
Douglas Bagnall
7be535315a s4:rpcsrv:dnsserver: make dns_name_compare transitive with NULLs
Returning 0 on `(name1 == NULL || name2 == NULL)` made NULL equal to
everything, which confuses a sort (consider {A, B, NULL} where A > B,
but A == NULL == B).

The only caller is dnsserver_enumerate_records() which fails if it
finds a NULL in the sorted list. We make the happen more quickly by
sorting NULLs to the front.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 01:33:29 +00:00
Douglas Bagnall
31c322874b s3:libsmb:nmblib: use NUMERIC_CMP in status_compare
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 01:33:29 +00:00
Douglas Bagnall
7ba6fcb936 lib/socket: rearrange iface_comp() to use NUMERIC_CMP
We rearrange rather than just replacing the subtraction, because that
would call ntohl() more than necessary, and I think the flow is a bit
clearer this way.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 01:33:29 +00:00
Douglas Bagnall
acaa1323d0 gensec: sort_gensec uses NUMERIC_CMP
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 01:33:29 +00:00
Douglas Bagnall
75682e397b s3:rpc:wkssvc_nt: dom_user_cmp uses NUMERIC_CMP
usr->login_time is time_t, which is often bigger than int.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 01:33:29 +00:00
Douglas Bagnall
8317a61736 dsdb:schema: use NUMERIC_CMP in place of uint32_cmp
uint32_cmp (introduced in 0c362597c0
"fixed the sorting of schema attributes") was doing what NUMERIC_CMP
does, but it was adding an extra function call. This results in less
code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 01:33:29 +00:00
Douglas Bagnall
386216d4a1 s3:mod:vfs_vxfs: use NUMERIC_CMP in vxfs_ace_cmp
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 01:33:29 +00:00
Douglas Bagnall
8b2605a5d9 s3:mod:posixacl_xattr: use NUMERIC_CMP in posixacl_xattr_entry_compare
The first subtraction was between uint16_t, so is safe with 32 bit
int, but the second compared uint32_t, so was not safe.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 01:33:29 +00:00
Douglas Bagnall
9b73235d49 s3:brlock: use NUMERIC_CMP in #ifdef-zeroed lock_compare
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 01:33:29 +00:00
Douglas Bagnall
5fe488d515 ldb:dn: make ldb_dn_compare() self-consistent
We were returning -1 in all these cases:

   ldb_dn_compare(dn, NULL);
   ldb_dn_compare(NULL, dn);
   ldb_dn_compare(NULL, NULL);

which would give strange results in sort, where this is often used.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 01:33:29 +00:00
Douglas Bagnall
531f31df99 ldb:sort: generalise both-NULL check to equality check
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 01:33:29 +00:00
Douglas Bagnall
d4e69734c6 ldb:sort: check that elements have values
We assume no values is unlikely, since we have been dereferencing
->values[0] forever, with no known reports of trouble.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 01:33:29 +00:00
Douglas Bagnall
d785c1991c ldb:mod:sort: rearrange NULL checks
There are further changes coming here.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 01:33:29 +00:00