IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
We were crashing earlier when calculating the length of NULL strings in
fixed size arrays (noticed while replying with an empty
spoolss_CorePrinterDriver struct within the spoolss_GetCorePrinterDrivers
call).
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Thanks to Trend Micro's Zero Day Initiative and Frederic Besler for finding
this vulnerability with a PoC and a good analysis.
Signed-off-by: Volker Lendecke <vl@samba.org>
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12409
GUID_from_data_blob() was relying on sscanf to parse strings, which was
slow and quite accepting of invalid GUIDs. Instead we directly read a
fixed number of hex bytes for each field.
This now passes the samba4.local.ndr.*.guid_from_string_invalid tests.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Wed Dec 14 08:55:42 CET 2016 on sn-devel-144
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Dec 1 05:53:43 CET 2016 on sn-devel-144
This allows processing of Windows Cabinet files (required for the MS-PAR
print protocol implementation)
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
This change makes automatic mapping for PAR->RPRN opcodes easier.
Guenther
Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
This allows us to allocate only the correct size, not a default of 1024 bytes
per push.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
We need to have two subcontexts to get the padding right,
the outer subcontext uses NDR_ROUND(_ndr_size, 8), while
the inner subcontext only uses _ndr_size.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
This commit moves the autogenerated ndr_{pull,push}_supplementalCredentialsSubBlob()
function to the handwritten librpc/ndr/ndr_drsblobs.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11441
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
This is often found in inner loops in the dsdb code, because LDB DNs often contain a GUID string
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Certain DNS clients fail TSIG record MAC validation if the TSIG record
contains compressed strings.
Windows DNS server behaviour seems to be to not send compressed names in
TKEY and TSIG records.
This patch ensures we conform to this behaviour.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This flag can be used to change marshalling behaviour with regard to
compression.
Example: DNS packets make use of so called DNS name compression which
means that for identical strings in a DNS packet, the second string is
replaced with a reference (an offset) to the first.
Setting this flag requests to turns off the marshalling compression.
This will be used in the next commit to prevent name compression in DNS
TSIG records.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11520
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This allows us to remove talloc() calls from GUID_from_ndr_blob().
To do this the struct ndr_pull is placed on the stack, and filled in there.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This is often a hot path, particularly with complex structures like
nt-acls.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Switch values currently only have a peek variant, instead of a retrieve
variant for getting their values. This can create performance issues
with complex structures as the token list simply grows longer.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
From RFC 1035:
3.3.14. TXT RDATA format
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
/ TXT-DATA /
+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
where:
TXT-DATA One or more <character-string>s.
TXT RRs are used to hold descriptive text. The semantics of the text
depends on the domain where it is found.
Each record contains an array of strings instead of just one string.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11128
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11686
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This allows public headers to not include samba_util.h, but rather
specific header files under lib/util.
Signed-Off-By: Jelmer Vernooij <jelmer@samba.org>
Reviewed-By: Andrew Bartlett <abartlet@samba.org>
Reviewed-By: Stefan Metzmacher <metze@samba.org>
That's much easier for the callers.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Dec 18 04:07:56 CET 2015 on sn-devel-144
Older Samba versions (<= 4.1) had a bug in the dcerpc_bind_nak
idl, see commit f73ef3028c.
Note: ndr_pull_dcerpc_bind_nak() was generated by pidl and
has been extended by the (_available == 0) check.
That's why we ignore the 80 char per line limit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11327
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 21 20:34:28 CEST 2015 on sn-devel-104
Windows uses a username of 'domain.example.com.' as username and we need to
return it that way in the NETLOGON_SAM_LOGON_RESPONSE_EX reply.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
ndr_print_bkrp_data_in_blob requires the level to be set in the
proper ndr->switch_list context.
Signed-off-by: Arvid Requate <requate@univention.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
This is in preparation for adding NETWORK_INTERFACE_INFO Ioctl smbtorture test
case. This data structure is described in MS-SMB2 Sec. 2.2.32.5
Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Anubhav Rakshit <anubhav.rakshit@gmail.com>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
This way we can alter the define depending on the generated code.
E.g python bindings won't have an 'ndr' struct available.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
domains with more then 10 subdomains are not so uncommon.
https://bugzilla.samba.org/show_bug.cgi?id=10439
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Thu Feb 13 16:30:50 CET 2014 on sn-devel-104
They can be used to parse a fragmented NDR byte stream.
ndr_pull_append() appends more data that can be processed
and ndr_pull_pop() removed already processed data.
This will be used to implement dcerpc pipes, where we can get
a verify large amount of pipe chunks, once we processed a chunk
we can forget about the related data, but we may need to keep some
bytes in order to get the alignment right.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
This will be usefull to try parsing DCERPC pipe chunks for
LIBNDR_FLAG_INCOMPLETE_BUFFER.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
If we pull a pipe chunk we need a way to check if we
have enough bytes to parse the complete chunk.
Setting ndr_pull->flags |= LIBNDR_FLAG_INCOMPLETE_BUFFER
would change NDR_ERR_BUFSIZE (and later maybe others)
into NDR_ERR_INCOMPLETE_BUFFER.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>
This extracts the dcerpc_sec_verification_trailer from the end
of an ndr_pull structure, it found it reduces ndr->data_size.
NDR_ERR_ALLOC is the only possible error, all other errors
are ignored and a trailer with command count = 0 is returned.
Pair-Programmed-With: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
See [MS-RPCE] 2.2.2.13 Verification Trailer for details.
Pair-Programmed-With: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Gregor Beck <gbeck@sernet.de>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This lets ndr_pull_subcontext_end() make sure that all
subcontext bytes are consumed otherwise it returns NDR_ERR_UNREAD_BYTES.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Previous implementation had a problem with NDR64 with uint32 and
uint3264 being in the wrong order
Signed-off-by: Matthieu Patou <mat@matws.net>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 30 10:16:02 CET 2013 on sn-devel-104
In 816e68f94f the display of unset bits has been
effectively disabled while only the check for 0 bits was supposed to be avoided
(because it creates the infite loop).
Guenther
Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Günther Deschner <gd@samba.org>
Autobuild-Date(master): Wed Oct 9 19:56:39 CEST 2013 on sn-devel-104
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Oct 2 15:02:07 CEST 2013 on sn-devel-104
It's much easier to look at hexdump -C style output than
a few thousand lines with 1 byte each.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Matthieu Patou <mat@matws.net>
This change addresses bug 9026.
There are 3 use cases for DATA_BLOB marshalling/unmarshalling:
1)
ndr_push_DATA_BLOB and ndr_pull_DATA_BLOB when called with
LIBNDR_FLAG_ALIGN* alignment flags set, are used to push/pull padding
bytes _only_. The length is determined by the alignment required and
the current ndr offset.
e.g. dcerpc.idl:
typedef struct {
...
[flag(NDR_ALIGN8)] DATA_BLOB _pad;
} dcerpc_request;
2)
When called with the LIBNDR_FLAG_REMAINING flag, all remaining bytes in
the ndr buffer are pushed/pulled.
e.g. dcerpc.idl:
typedef struct {
...
[flag(NDR_REMAINING)] DATA_BLOB stub_and_verifier;
} dcerpc_request;
3)
When called without alignment flags, push/pull a uint32 length _and_ a
corresponding byte array to/from the ndr buffer.
e.g. drsblobs.idl
typedef [public] struct {
...
DATA_BLOB data;
} DsCompressedChunk;
The fix for bug 8373 changed the definition of "alignment flags", such
that when called with LIBNDR_FLAG_NOALIGN ndr_push/pull_DATA_BLOB
behaves as (1: padding bytes) rather than (3: uint32 length + byte
array).
This breaks marshalling/unmarshalling for the following structures.
eventlog.idl:
typedef [flag(NDR_NOALIGN|NDR_PAHEX),public] struct {
...
DATA_BLOB sid;
...
} eventlog_Record_tdb;
ntprinting.idl:
typedef [flag(NDR_NOALIGN),public] struct {
...
DATA_BLOB *nt_dev_private;
} ntprinting_devicemode;
typedef [flag(NDR_NOALIGN),public] struct {
...
DATA_BLOB data;
} ntprinting_printer_data;
Signed-off-by: Günther Deschner <gd@samba.org>
This copes with the fact that r->sub_auths is a fixed-size array, not
an allocated pointer, and so will still have some bytes no filled in
if the sid did not have a MAX_SUB_AUTHS sub-authorities.
Andrew Bartlett
This reverts commit 2642f38588.
This is not needed anymore, as 035342c117
"Fix bug #8373 - Can't join XP Pro workstations to 3.6.1 DC." is
the more generic fix for the problem.
metze
Treat LIBNDR_FLAG_NOALIGN and LIBNDR_FLAG_REMAINING the same as the
other align flags - make them mutually exclusive.
Combined work from Metze, Günther and Jeremy.
The same as ndr_pull_charset(), however only perform character
conversion on bytes prior to and including the null terminator.
Signed-off-by: Jeremy Allison <jra@samba.org>
ndr_set_flag or's in the given flag (ALIGN4). At this point, ndr->flags
contains NOALIGN, which will persist. In ndr_push_DATA_BLOB NOALIGN overrides
everything else, so that the ALIGN4 is not respected.
Autobuild-User: Volker Lendecke <vlendec@samba.org>
Autobuild-Date: Fri Nov 18 09:33:37 CET 2011 on sn-devel-104
Windows returns multiple DNS_RPC_RECORDS structures, but there is
no well defined structure in [MS-DNSP] doc. Added hand-written
code to parse ndr.
Pair-Programmed-With: Andrew Tridgell <tridge@samba.org>
Signed-off-by: Andrew Tridgell <tridge@samba.org>
We have 3 different types of flags values in our NDR layer. We've
recently found bugs where these types of flags have been mixed up,
especially by people adding hand written ndr code for tricky
structures. We previously got away with this because (for example)
NDR_SCALARS and NDR_IN had the same value, so mixing up the two
concepts sometimes worked. Unfortunately it also led to bugs where we
didn't do what was expected, such as in our smbtorture ndr test suite,
where passing a ndr_flags value of zero led to only checking that two
empty structures were equal.
This changes the values of the NDR_IN|NDR_OUT and
NDR_SCALARS|NDR_BUFFERS values to be in different bit ranges, and adds
macros for checking the validity of passed in flags. A followup patch
modifies the ndr calls to use these macros, and pidl to generate
them. This should catch misuse of the APIs.
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
the two types of ndr flags were being mixed up, so NDR_BUFFERS was
being interpreted as LIBNDR_FLAG_NOALIGN
Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>
As discussed in 'CH_DISPLAY and gettext' on the samba-technical list:
http://lists.samba.org/archive/samba-technical/2011-June/078190.html
Setting this to a value other than 'unix charset' does not make sense,
as any system where the filesytem charset does not equal the terminal
charset will already have problems with programs as simple as 'ls'.
It also means that our output could not be pasted as our input in
interactive programs or onto our command line, as we never did
translate in the DISPLAY -> UNIX direction.
The d_printf() calls are retained in case we need to revisit this, and
to support display_set_stderr().
Andrew Bartlett
This is better than doing a strlen() on the string, as that huristic
only worked for ASCII strings.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Jun 1 01:42:22 CEST 2011 on sn-devel-104
Introduce a new flag, LIBNDR_FLAG_STR_RAW8, which indicates that libndr
should not attempt to convert the corresponding byte sequence, and place
the responsibility on the caller to do so later.
This is needed in cases where the string is known to be 8-bit and either
NULL terminated or of known length, but in an unspecified character set.
For example, when pulling PT_STRING8 properties from an exchange server
via libmapi + libndr, the codepage is neither known nor in the control
of the caller, and is determined by subsequent properties requested from
the server. Therefore the client would like to fetch all properties in
one large batch, and convert the resulting strings locally.
This commit also includes some (basic) tests of each of the flags'
respective behaviors with the ndr push/pull string functions, in a new
source4 torture test suite ndr.ndr_string.
Signed-off-by: Sean Finney <seanius@seanius.net>
Reduce the amount of duplicate code in ndr_pull_string by moving the
almost duplicate conversion calls and their corresponding NDR pulls and
checks to a single location. In the place of the removed calls is logic
allowing the conversion to be generalized, and and any specific
pulls/checks that do not apply to the general case.
This is similar to what has already been done in the switch statement
for ndr_push_string.
Signed-off-by: Sean Finney <seanius@seanius.net>
This changes auth_session_info_transport to just be a wrapper, rather
than a copy that has to be kept in sync.
As auth_session_info was already wrapped in python, this required
changes to the existing pyauth wrapper and it's users.
Andrew Bartlett
Makes these interfaces much harder to misuse and easier to ensure error
checking.
Autobuild-User: Jeremy Allison <jra@samba.org>
Autobuild-Date: Wed Mar 30 23:59:37 CEST 2011 on sn-devel-104
Turns out one of the *really* significant differences between
convert_string() in source4 and source3, is that the one in
source3 will return 0 for byte length converted when called
with dest_len = 0 whereas the one in source4 returns (size_t)-1
and sets errno to E2BIG.
Allow the ndr_string code to cope with the (arguably correct)
way that the source4 implementation works. This code only gets
excercised in the print spooler tests, which aren't run in source4,
which is why this bug has lasted for so long.
You don't want to know how long it took me to find this :-).
Jeremy.
we shouldn't accept bad multi-byte strings, it just hides problems
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Thu Mar 24 01:47:26 CET 2011 on sn-devel-104
This has 8 byte alignment, which is what was specified in pidl for
these types.
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Wed Mar 9 09:03:09 CET 2011 on sn-devel-104
This is not strictly needed, but it's good to have the logic
in common with the other Enum* calls.
This also allows us to play with the NDR_RELATIVE_REVERSE flag.
metze
These are mapped to uint64_t, which should be big enough. This is
proposed to be used for internal Samba representations, where it would
be more painful to convert all the callers to an uint64_t calling
convention.
Andrew Bartlett
all names are NUL terminated, but may have additional padding as well
Autobuild-User: Andrew Tridgell <tridge@samba.org>
Autobuild-Date: Tue Dec 21 03:26:26 CET 2010 on sn-devel-104
This fixes the calculation of needed space for destination unicode charset.
Autobuild-User: Michael Adam <obnox@samba.org>
Autobuild-Date: Wed Nov 3 23:28:07 UTC 2010 on sn-devel-104
This will reduce the noise from merges of the rest of the
libcli/security code, without this commit changing what code
is actually used.
This includes (along with other security headers) dom_sid.h and
security_token.h
Andrew Bartlett
Autobuild-User: Andrew Bartlett <abartlet@samba.org>
Autobuild-Date: Tue Oct 12 05:54:10 UTC 2010 on sn-devel-104
If we hit the case that the blob length is 32. The code goes to the end
of the function and generates a GUID with garbage.
So try to convert the blob to the GUID and return.
Will not harm anyone, is only used for rare short (2byte) relative pointers, and
relative_rap_convert is always 0 so far (as all init functions using struct
ndr_pull will zero the struct).
Guenther
This generates convenient unmarshalling routines for pulling out spoolss related
information out of ntprinters.tdb, ntforms.tdb and ntdrivers.tdb.
Guenther
We had a crash bug where a cached copy of a iconv convenience pointer
was used after being freed when loadparm asked for iconv to
reload. This could happen if a python module used a iconv based
function before loadparm was completed.
The fix is to ensure that any use of this pointer remains valid, by
reusing the pointer itself when it has already been initialised, but
filling in the child elements with the updated values.
When comparing two unsigned values you can't just subtract
them.
Imagine you are comparing: "uint32_t u1" and "uint32_t u2". If you use
"u1 - u2" and u2 is zero, then the signed integer result will depend
on the top bit of u1.
This error occurs in a few places in Samba. For DRS replication it
resulted in corrupt uptodateness vectors.
relative_short is like relative but instead of having the offset coded on 4 bytes
it's coded on 2 bytes. Such things happen in GET_DFS_REFERAL messages.
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Rather than have a repeat of the bugs we found at the plugfest where
hexidecimal strings must be in upper or lower case in particular
places, ensure that each caller chooses which case they want.
This reverts most of the callers back to upper case, as things were
before tridge's patch. The critical call in the extended DN code is
of course handled in lower case.
Andrew Bartlett