1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

8682 Commits

Author SHA1 Message Date
Douglas Bagnall
42f2d96f82 ldb-samba:ldif_handlers: ldif_read_objectSid(): free a thing on failure
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 01:33:29 +00:00
Douglas Bagnall
6722e80d1b ldb-samba: ldif-handlers: make ldif_comparison_objectSid() accurate
This function compares blobs that might be SID strings or might be SID
structures. Until now, if they were both (seemingly) strings, they were
compared as strings, otherwise if either was a string it was converted to
a structure blob, then the blobs were compared. This had two big problems:

1. There is variety in the way a SID can be stringified. For example,
   "s-1-02-3" means the same SID as "S-1-2-3", but those wouldn't compare
   equal.

2. SID comparison was crazily non-transitive. Consider the three values
     a = "S-1-2-3-4-5",
     b = "S-1-9-1",
     c = SID("S-1-11-1"), where c is a struct and the others are string.

   then we had,
     a < b, because the 5th character '2' < '9'.
     a > c, because when converted to a structure, the number of sub-auths
            is the first varying byte. a has 3, c has 0.
     b < c, because after the sub-auth count comes the id_auth value
            (big-endian, which doesn't matter in this case).

That made the function unreliable for sorting, AND for simple equality
tests. Also it leaked.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 01:33:29 +00:00
Douglas Bagnall
a9eaf8a3ab ldb: comment for ldb_dn_compare_base
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 01:33:29 +00:00
Douglas Bagnall
7ba6fcb936 lib/socket: rearrange iface_comp() to use NUMERIC_CMP
We rearrange rather than just replacing the subtraction, because that
would call ntohl() more than necessary, and I think the flow is a bit
clearer this way.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 01:33:29 +00:00
Douglas Bagnall
5fe488d515 ldb:dn: make ldb_dn_compare() self-consistent
We were returning -1 in all these cases:

   ldb_dn_compare(dn, NULL);
   ldb_dn_compare(NULL, dn);
   ldb_dn_compare(NULL, NULL);

which would give strange results in sort, where this is often used.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 01:33:29 +00:00
Douglas Bagnall
531f31df99 ldb:sort: generalise both-NULL check to equality check
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 01:33:29 +00:00
Douglas Bagnall
d4e69734c6 ldb:sort: check that elements have values
We assume no values is unlikely, since we have been dereferencing
->values[0] forever, with no known reports of trouble.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 01:33:29 +00:00
Douglas Bagnall
d785c1991c ldb:mod:sort: rearrange NULL checks
There are further changes coming here.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-23 01:33:29 +00:00
Jo Sutton
02d7ab13ee lib:crypto: Add more unit tests for GKDI functions
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-21 22:10:36 +00:00
Jo Sutton
5eea17a71b ldb: Check result of py_ldb_msg_keys()
Passing NULL into PyObject_GetIter() can cause a segmentation fault.

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-21 22:10:35 +00:00
Volker Lendecke
cc7c12e5d5 lib: Remove an obsolete comment
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Wed Apr 17 09:01:34 UTC 2024 on atb-devel-224
2024-04-17 09:01:34 +00:00
Volker Lendecke
28335cdb5d lib: Add fdopen_keepfd()
Capture the dup/fdopen pattern

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
2024-04-16 23:51:45 +00:00
Volker Lendecke
0baae61e42 lib: Give lib/util/util_file.c its own header file
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
2024-04-16 23:51:45 +00:00
Vinit Agnihotri
cfa846fa29 lib-interface: Add extra parameter 'options' to interface definition
Signed-off-by: Vinit Agnihotri<vagnihotri@ddn.com>
Reviewed-by: Martin Schwenke <mschwenke@ddn.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-16 23:51:45 +00:00
Christof Schmitt
7532c798d1 docs: Document new tdbdump -x option
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Christof Schmitt <cs@samba.org>
Autobuild-Date(master): Tue Apr 16 18:37:17 UTC 2024 on atb-devel-224
2024-04-16 18:37:17 +00:00
Christof Schmitt
1a55ee1107 tdb: Add test for tdbdump -x
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-16 17:32:34 +00:00
Christof Schmitt
5f5290c271 tdb: Add tdbdump option to output all data as hex values
This can be useful for debugging tdb databases, the hex output of the
key can be used for "net tdb" or ctdb commands.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-16 17:32:34 +00:00
Christof Schmitt
f6a47de2db tdb: Add test for tdbdump command
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-16 17:32:34 +00:00
Christof Schmitt
3d290e3152 tdb: Return failure as exit status from test_tdbbackup.sh
When this test is called from wscript, only the exit code is checked.
Track failures and return as non-zero exit code.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-16 17:32:34 +00:00
Jo Sutton
7b7fdfbce3 lib:crypto: Reformat source code
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-16 03:58:31 +00:00
Pavel Filipenský
75a4fbbf6a smbdotconf: Enable "winbind debug traceid" by default
The traceid debug header field is a useful feature, let's make it
default.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15631

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Mon Apr 15 18:47:41 UTC 2024 on atb-devel-224
2024-04-15 18:47:41 +00:00
Douglas Bagnall
21a071e486 ldb: reduce non-transitive comparisons in ldb_msg_element_compare()
We can still have inconsistent comparisons, because two elements with
the same number of values will always return -1 if they are unequal,
which means they will sort differently depending on the order in which
they are compared.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-10 22:56:33 +00:00
Douglas Bagnall
5c36bc8241 ldb: avoid non-transitive comparison in ldb_val_cmp()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-10 22:56:33 +00:00
Douglas Bagnall
e1519c3667 util:datablob: avoid non-transitive comparison in data_blob_cmp()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-10 22:56:33 +00:00
Douglas Bagnall
838c684702 ldb:attrib_handlers: ldb_comparison_binary uses NUMERIC_CMP()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-10 22:56:33 +00:00
Douglas Bagnall
f78b964cd8 ldb:attrib_handlers: ldb_comparison_Boolean uses NUMERIC_CMP()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-10 22:56:33 +00:00
Douglas Bagnall
997b72d79e util: charset:util_str: use NUMERIC_CMP in strncasecmp_m_handle
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-10 22:56:33 +00:00
Douglas Bagnall
6159b098cf lib/torture: add assert_int_{less,greater} macros
In some situations, like comparison functions for qsort, we don't care
about the actual value, just whethger it was greater or less than
zero.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-10 22:56:33 +00:00
Douglas Bagnall
f07ae69907 util:charset:codepoints: codepoint_cmpi warning about non-transitivity
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-10 22:56:33 +00:00
Douglas Bagnall
675fdeee3d util:charset:codepoints: condepoint_cmpi uses NUMERIC_CMP()
If these are truly unicode codepoints (< ~2m) there is no overflow,
but the type is defined as uint32_t.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-10 22:56:33 +00:00
Douglas Bagnall
d4ce8231f9 util:test: test_ms_fn_match_protocol_no_wildcard: allow -1
We have changed strcasecmp_m() to return -1 in a place where it used
to return -3. This upset a test, but it shouldn't have: the exact
value of the negative int is not guaranteed by the function.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-10 22:56:33 +00:00
Douglas Bagnall
f788a39999 util:charset:util_str: use NUMERIC_CMP in strcasecmp_m_handle
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-10 22:56:33 +00:00
Douglas Bagnall
a512759d7b torture:charset: test more of strcasecmp_m
We now test cases:

1. where the first string compares less
2. one of the strings ends before the other
3. the strings differ on a character other than the first.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-10 22:56:33 +00:00
Douglas Bagnall
dda0bb6fc7 torture:charset: use < and > assertions for strncasecmp_m
strncasecmp_m is supposed to return a negative, zero, or positive
number, not necessarily the difference between the codepoints in
the first  character that differs, which we have been asserting up to
now.

This fixes a knownfail on 32 bit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-10 22:56:33 +00:00
Douglas Bagnall
ac0a8cd92c torture:charset: use < and > assertions for strcasecmp_m
strcasecmp_m is supposed to return a negative, zero, or positive
number, depending on whether the first argument is less than, equal to,
or greater than the second argument (respectively).

We have been asserting that it returns exactly the difference between
the codepoints in the first character that differs.

This fixes a knownfail on 32 bit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-10 22:56:33 +00:00
Douglas Bagnall
09c98ff126 util:binsearch: user NUMERIC_CMP()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-10 22:56:33 +00:00
Douglas Bagnall
75e51bd99b ldb:ldb_dn: use safe NUMERIC_CMP in ldb_dn_compare()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-10 22:56:33 +00:00
Douglas Bagnall
5150b318f4 ldb:ldb_dn: use safe NUMERIC_CMP in ldb_dn_compare_base()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-10 22:56:33 +00:00
Douglas Bagnall
de1b94f79e ldb: add NUMERIC_CMP macro to ldb.h
In other places we tend to include tsort.h, which also has TYPESAFE_QSORT.

ldb.h already has TYPESAFE_QSORT, so it might as well have NUMERIC_CMP.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-10 22:56:33 +00:00
Douglas Bagnall
5ab93f48c5 util:tsort.h: add a macro for safely comparing numbers
In many places we use `return a - b;` in a comparison function. This can
be problematic if the comparison is used in a sort, as `a - b` is not
guaranteed to do what we expect. For example:

* if a and b are 2s-complement ints, a is INT_MIN and b is INT_MAX, then
  a - b = 1, which is wrong.

* if a and b are 64 bit pointers, a - b could wrap around many times in
  a cmp function returning 32 bit ints. (We do this often).

The issue is not just that a sort could go haywire.
Due to a bug in glibc, this could result in out-of-bounds access:

https://www.openwall.com/lists/oss-security/2024/01/30/7

(We have replicated this bug in ldb_qsort).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-10 22:56:33 +00:00
Douglas Bagnall
8b6a584170 lib/fuzzing/decode_ndr_X_crash: guess the pipe from filename
Usually we are dealing with a filename that tells you what the pipe is,
and there is no reason for this debug helper not to be convenient

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-10 22:56:33 +00:00
Douglas Bagnall
73e4f6026a ldb: avoid out of bounds read and write in ldb_qsort()
If a compare function is non-transitive (for example, if it evaluates
A > B and B > C, but A < C), this implementation of qsort could access
out-of-bounds memory. This was found in glibc's qsort by Qualys, and
their write-up for OSS-Security explains it very well:

 https://www.openwall.com/lists/oss-security/2024/01/30/7

An example of a non-transitive compare is one in which does this

 int cmp(const void *_a, const void *_b)
 {
        int a = *(int *)_a;
        int b = *(int *)_b;
        return a - b;
 }

which does the right thing when the magnitude of the numbers is small,
but which will go wrong if a is INT_MIN and b is INT_MAX. Likewise, if
a and b are e.g. uint32_t, the value can wrap when cast to int.

We have functions that are non-transitive regardless of subtraction.
For example, here (which is not used with ldb_qsort):

 int codepoint_cmpi(codepoint_t c1, codepoint_t c2)
        if (c1 == c2 ||
            toupper_m(c1) == toupper_m(c2)) {
                return 0;
        }
        return c1 - c2;
 }

The toupper_m() is only called on equality case. Consider {'a', 'A', 'B'}.
     'a' == 'A'
     'a' >  'B'  (lowercase letters come after upper)
     'A' <  'B'

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15569
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-10 22:56:33 +00:00
Douglas Bagnall
8ac18495ba pyldb: don't allow py_ldb_dn_copy() with the wrong pyldb
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-10 05:13:32 +00:00
Douglas Bagnall
345eb854c3 pyldb: add dn.copy() python method.
Sometimes you want to use a Dn object from one LDB with another LDB,
but this no longer works.

One way to do it is:

  new_dn = ldb.Dn(samdb, str(old_dn))

but with this, you can just:

  new_dn = old_dn.copy(samdb)

or, if you are putting it on a message which has a DN:

  msg.dn = old_dn.copy(msg.ldb)

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-10 05:13:32 +00:00
Douglas Bagnall
ed6d151c1b pyldb: add Message.ldb accessor
See the last commit for comments about how this is useful for
debugging.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-10 05:13:32 +00:00
Douglas Bagnall
8b6df2d0bc pyldb: add Dn.ldb accessor
This, and the next commit, might help in debugging when you see a
traceback that ends like this:

  File "/data/samba/samba/bin/samba_upgradeprovision", line 664, in add_missing_object
      delta.dn = dn
  RuntimeError: DN is from the wrong LDB

in this case you could force a solution with something like:

 delta.dn = ldb.dn(delta.ldb, str(dn))

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-10 05:13:32 +00:00
Douglas Bagnall
a95e6aa566 pyldb: add PyErr_internal_LDB_DN_OR_RAISE
This might be faster than the circuitous route.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-10 05:13:32 +00:00
Douglas Bagnall
d712c8d2ed pyldb: normalise name of pyldb_Message_Check
c.f. pyldb_MessageElement_Check, pyldb_Dn_Check.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-10 05:13:32 +00:00
Douglas Bagnall
72ad126ab7 ldb:pyldb: reorder structs for possible type-punning
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-10 05:13:32 +00:00
Douglas Bagnall
c39021a494 pyldb: py_ldb_msg_set_dn checks dn ldb equality
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2024-04-10 05:13:32 +00:00