1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Commit Graph

8316 Commits

Author SHA1 Message Date
Stefan Metzmacher
167f023586 lib/ldb: add LDB_CHANGETYPE_MODRDN support to ldb_ldif_to_pyobject()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-22 22:10:32 +00:00
Stefan Metzmacher
7055ec0a0b lib/ldb: add LDB_CHANGETYPE_DELETE support to ldb_ldif_to_pyobject()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-22 22:10:32 +00:00
Stefan Metzmacher
e24e7b9633 lib/ldb: re-order code in ldb_ldif_to_pyobject()
We don't allow MODRDN and DELETE for now as they
don't work as is anyway. We'll add these in the next steps.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-22 22:10:32 +00:00
Stefan Metzmacher
cc5df80152 lib/ldb: let ldb_ldif_parse_modrdn() handle names without 'rdn_name=' prefix
This is needed in order to process schema updates.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-22 22:10:32 +00:00
Joseph Sutton
211d19a04c ldb: Don't create error string if there is no error
We should only do this in the LDB_ERR_NO_SUCH_ATTRIBUTE case.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-22 18:40:31 +00:00
Stefan Metzmacher
9d8ff0d1e0 replace: add ARRAY_INSERT_ELEMENT() helper
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-03-22 15:01:32 +00:00
Stefan Metzmacher
9053862b89 lib/ldb-samba: let ldif_read_ntSecurityDescriptor() only try sddl if isupper()
Trying ndr_pull_security_descriptor on SDDL produces just strange
debug messages, which can cause confusion.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-03-22 15:01:32 +00:00
Andreas Schneider
795bab5629 lib:ldb: Correctly cast pointers for assert_string_equal()
This is a change in cmocka to avoid hiding possible errors.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Mar 15 07:53:54 UTC 2023 on atb-devel-224
2023-03-15 07:53:54 +00:00
Andrew Bartlett
cad96f59a0 lib/ldb: Avoid allocation and memcpy() for every wildcard match candidate
The value can be quite large, the allocation will take much
longer than the actual match and is repeated per candidate
record.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15331

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-03-14 06:16:30 +00:00
Andrew Bartlett
5a7a28cc45 tsocket: Increase tcp_user_timeout max_loops
Often, on rackspace GitLab CI runners, we get:

UNEXPECTED(failure): samba.unittests.tsocket_tstream.test_tstream_more_tcp_user_timeout_spin(none)
REASON: Exception: Exception: 0xf == 0xf
../../lib/tsocket/tests/test_tstream.c:405: error: Failure!

This allows us more spins before we fail the test.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15328
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-03-14 06:16:30 +00:00
Li Yuxuan
78635d55fb audit_logging: Use json_int_t instead of int for json_add_int value type
Functions like `add_lock_to_json` and `add_profile_item_to_json` pass
some values to `json_add_int` with `intmax_t` types. This may cause
arithmetic overflow when the value grows very fast, such as the
read_bytes profiling data.
Use `json_add_int` instead of `int` to avoid the overflow.

RN: Make json output show intmax_t value properly

Signed-off-by: Li Yuxuan <liyuxuan.darfux@bytedance.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Mar  9 21:33:43 UTC 2023 on atb-devel-224
2023-03-09 21:33:43 +00:00
Li Yuxuan
35aa7db641 audit_logging:tests: Add big_int test for json_add_int
Show that `json_add_int` can't handle value larger than int32 due to
overflow.

Add knownfail.

Signed-off-by: Li Yuxuan <liyuxuan.darfux@bytedance.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-09 20:38:31 +00:00
Dmitry Antipov
b3146763a4 lib:util: prefer mallinfo2() over mallinfo() if available
Prefer mallinfo2() with 'size_t' fields over deprecated
mallinfo() (with 'int' fields which may wrap around zero
and so be inaccurate on a 64-bit system) and move relevant
checks to lib/util/wscript_configure because mallinfo()
is not used beyond 'samba-util'.

Suggested-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Dmitry Antipov <dantipov@cloudlinux.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-09 20:38:31 +00:00
Volker Lendecke
bbcc9b326e lib: Add dump_data_addbuf()
Helper function to build up debug strings

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-09 18:10:33 +00:00
Volker Lendecke
e5d1527f74 lib: Move the dump_data_pw() prototype to the other dump_data_* ones
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-09 18:10:33 +00:00
Volker Lendecke
2ac2c05561 lib: Fix whitespace
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-09 18:10:33 +00:00
Joseph Sutton
d5f053711b ldb: Make ldb_msg_remove_attr O(n)
Previously it was O(n²).

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-08 04:39:32 +00:00
Björn Baumbach
36ed126f4c net: add new --dns-ttl option to specify the ttl of dns records
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-03 11:58:34 +00:00
Joseph Sutton
d2063568ce lib:cmdline: Fix typo
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-03 01:07:36 +00:00
Joseph Sutton
474674ac7d lib:pyldb: Throw error on invalid controls
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-03 01:07:36 +00:00
Joseph Sutton
207a212948 lib:ldb: Fix typo
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-03 01:07:36 +00:00
Amir Goldstein
cb9df8181e lib: add NTTIME_[U|m]SEC macros
Signed-off-by: Amir Goldstein <amir@ctera.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-01 19:55:32 +00:00
Douglas Bagnall
0eb459edd8 talloc: remove Python 2 #if clauses
Also fix an obsolete related comment.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Feb 17 14:52:26 UTC 2023 on atb-devel-224
2023-02-17 14:52:26 +00:00
baixiangcpp
206dcf7d42 lib:util: File descriptor being closed repeatedly.
In file_load()/file_lines_load(), the file's fd is obtained using
open(), and in fd_load() the fd is converted to a FILE* using
fdopen(). However, after fclose(), the fd is closed again using
close().

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15311
Signed-off-by: baixiangcpp baixiangcpp@gmail.com
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Feb 16 12:13:05 UTC 2023 on atb-devel-224
2023-02-16 12:13:05 +00:00
Andreas Schneider
8441c03ccf lib:ldb: Print a debug message in case we have a corrupted MDB
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Feb 15 09:05:56 UTC 2023 on atb-devel-224
2023-02-15 09:05:56 +00:00
Andreas Schneider
240c031e7f lib:ldb: Add the location to ldb_kv_parse_data_unpack() debug output
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-02-15 08:12:35 +00:00
Joseph Sutton
e20067c52d auth: Make more liberal use of SID index constants
Arrays of SIDs are handled not fully consistently throughout the
codebase. Sometimes SIDs in the first and second positions represent a
user and a primary group respectively; other times they don't mean
anything in particular. Using these index constants in situations of the
former sort can help to clarify our intent.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 00:03:39 +00:00
Andreas Schneider
ea723fb709 s3:modules: Ignore -Wunused-but-set-variable for autogenerated code
source3/modules/getdate.c:1192:9: error: variable 'yynerrs' set but not used
    [-Werror,-Wunused-but-set-variable]
    int yynerrs;
        ^

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-02-06 22:51:31 +00:00
Andreas Schneider
1379b0e13c lib:ldb-samba: Correctly handle search scope
lib/ldb-samba/ldb_ildap.c:482:47: error: implicit conversion from enumeration
    type 'enum ldb_scope' to different enumeration type 'enum ldap_scope'
    [-Werror,-Wenum-conversion]
                msg->r.SearchRequest.scope = req->op.search.scope;
                                           ~ ~~~~~~~~~~~~~~~^~~~~

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-02-06 22:51:31 +00:00
Douglas Bagnall
b2a2eeb6f9 tevent/pytevent: remove no-op define
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-03 02:27:32 +00:00
Douglas Bagnall
8f2f3b00c2 tevent/pytevent: remove py2 ifdefs
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-03 02:27:32 +00:00
Douglas Bagnall
c0ef6ca98b tdb/pytdb: remove useless HAVE_ITER non-flag
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-03 02:27:32 +00:00
Douglas Bagnall
f5555e0ee4 tdb/pytdb: remove py ifdefs
This already would not compile with Python 2, because Py_TPFLAGS_HAVE_ITER
is not defined

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-03 02:27:32 +00:00
Douglas Bagnall
38d0147f6a ldb/pyldb: remove py2 ifdefs
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-03 02:27:32 +00:00
Rob van der Linde
851127f5c9 Python: remove pydoctor
Removes:

* waf pydoctor
* waf wafdocs
* make pydoctor

There is no "make wafdocs" it only appears to be in wscript.

The reasoning being is these are broken and appear to not have been run for some time.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Feb  2 21:15:54 UTC 2023 on atb-devel-224
2023-02-02 21:15:54 +00:00
Stefan Metzmacher
d80f28b081 tevent: version 0.14.1
- Build fix for GNU/Hurd
- Build fix for Solaris, after removal
  of ports backend (bug #15298)

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Feb  2 18:27:08 UTC 2023 on atb-devel-224
2023-02-02 18:27:08 +00:00
Stefan Metzmacher
ae77854a44 tevent: remove the already removed tevent_port.c also from the build
This fixes a regression introduced by 147a317b7b.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15298

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-02-02 17:30:39 +00:00
Stefan Metzmacher
488aa22758 replace: remove unused configure checks for port_create()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15298

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-02-02 17:30:39 +00:00
Samuel Thibault
15b1afc917 replace: provide PIPE_BUF on GNU/Hurd
There is no hardcoded PIPE_BUF pipe limitation on GNU/Hurd, but POSIX
provides a minimum value that we can use.

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-02-02 17:30:39 +00:00
Jeremy Allison
7e0eb0f31a s3:lib: Change file_modtime() to return an error code and a struct timespec.
Removes need for external stat() code when checking for timechange.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jan 27 08:30:35 UTC 2023 on atb-devel-224
2023-01-27 08:30:35 +00:00
Michael Tokarev
96154a26fe spelling fixes for 4.18 (errror implemenation proces Controler)
One of changes is somewhat interesting, it is "tfork waiter proces"
process title in tfork.c. I wonder why no one noticed this before.
There's another similar process title in there, "tfork waiter process(%d)".
Hopefully no one does grep for "proces$" (and there's no reason to).

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Rowland Penny <rpenny@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jan 26 20:46:11 UTC 2023 on atb-devel-224
2023-01-26 20:46:11 +00:00
Pavel Filipenský
3b1b37b1cf debug: Call depth: Indent the debug text
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15287

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-01-26 14:10:36 +00:00
Pavel Filipenský
7ba3b1b09d debug: Call depth: Print ", depth=..." in the debug header
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15287

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-01-26 14:10:36 +00:00
Pavel Filipenský
e3e687b659 debug: Call depth: Interface
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15287

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-01-26 14:10:36 +00:00
Pavel Filipenský
13d2db0397 debug: Fix whitespaces in debug.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15287

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-01-26 14:10:36 +00:00
Andreas Schneider
ac0e844ea8 param: Use a higher time resolution for lp_file_list_changed()
It is possible that in our test environment one of the config 'include' files
change more than once per second. To avoid missing a file update we use a
higher time resolution than seconds.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-01-26 12:15:33 +00:00
Andreas Schneider
9440cb7322 lib:param: Remove trailing whitespaces from loadparm.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-01-26 12:15:33 +00:00
Andreas Schneider
fcf05b1d23 lib:util: Print data in ISO 8601 format
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-01-26 12:15:33 +00:00
Andreas Schneider
55a49527d6 lib:util: Remove trailing whitespaces from time.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-01-26 12:15:33 +00:00
Stefan Metzmacher
84f56f2b98 ldb: change the version to 2.8.0 for Samba 4.19
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jule Anger <janger@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jan 18 17:25:51 UTC 2023 on atb-devel-224
2023-01-18 17:25:51 +00:00
Stefan Metzmacher
f972b1ea06 ldb: version 2.7.0
* Support python 3.12
* Have python functions operating on DNs raise LdbError
* don't call comparison() directly in LDB_TYPESAFE_QSORT
* Use ldb_ascii_toupper() for case folding to support
  tr_TR.UTF-8 and other dotless i locales,
  see https://bugzilla.samba.org/show_bug.cgi?id=15248

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jule Anger <janger@samba.org>
2023-01-18 16:26:36 +00:00
Stefan Metzmacher
3c6d28ebae tevent: version 0.14.0
- Support python 3.12
- remove solaris port backend (it's not maintainable)
- make tevent_find_ops_byname() available for callers.
- allow the "standard" backend to be overloaded
- add interface for request/subrequest call depth tracking:
  - tevent_thread_call_depth_activate
  - tevent_thread_call_depth_deactivate
  - tevent_thread_call_depth_start
  - tevent_thread_call_depth_stop
  - tevent_thread_call_depth_reset_from_req

Note the changes to ABI/tevent-0.13.0.sigs only
revert the temporary changes made there...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2023-01-18 16:26:36 +00:00
Pavel Filipenský
c5d5ebb60d tevent: Call depth tracking
The change to lib/tevent/ABI/tevent-0.13.0.sigs will be reverted
in the commit for the 0.14.0 release...

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2023-01-18 16:26:36 +00:00
Stefan Metzmacher
07251f562c tevent: expose tevent_find_ops_byname() to callers
This makes it more flexible and allow a caller to overload
a tevent backend. Which will be used by Samba in order to
glue in io_uring support.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2023-01-18 16:26:36 +00:00
Stefan Metzmacher
ab49d9ee4e tevent: allow the "standard" backend to be overloaded
We'll export tevent_find_ops_byname() soon and will allow
the context_init() function of backends to find that standard ops
and hand over to standard_ops->context_init().

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2023-01-18 16:26:36 +00:00
Stefan Metzmacher
147a317b7b tevent: remove solaris port backend
There's no way to verify changes we would have to do tevent_port.c,
as we don't have access to a solaris build machine.

So better use the poll backend instead. In performance critical code
we typically don't deal with a lot of file descriptors so the impact
should be fairly minimal.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2023-01-18 16:26:36 +00:00
Stefan Metzmacher
620ad8af46 tevent: remove unused register_backend() from python bindings
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2023-01-18 16:26:36 +00:00
Stefan Metzmacher
eb05fe87bf tevent: remove unused tevent_liboop.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2023-01-18 16:26:36 +00:00
Pavel Filipenský
77c828e124 tevent: Fix trailing whitespaces in tevent.c
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2023-01-18 16:26:36 +00:00
Stefan Metzmacher
f6a6d917e1 tevent: use samba_tevent_set_debug() in testsuite.c
Note testsuite.c is only used in Samba's smbtorture as
'smbtorture //a/b local.event'

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2023-01-18 16:26:36 +00:00
Stefan Metzmacher
96e4be0a79 lib/util: install a tevent_abort callback using smb_panic()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2023-01-18 16:26:36 +00:00
Stefan Metzmacher
eab796a4f9 tdb: version 1.4.8
* Support python 3.12

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jule Anger <janger@samba.org>
2023-01-18 16:26:36 +00:00
Stefan Metzmacher
5224ed98ee talloc: version 2.4.0
* Add talloc_asprintf_addbuf()
* Support python 3.12

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jule Anger <janger@samba.org>
2023-01-18 16:26:36 +00:00
Björn Baumbach
8fbadada8c lib/tsocket: fix a typo in the tsocket guide doc
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Björn Baumbach <bb@sernet.de>
Autobuild-Date(master): Tue Jan 17 18:23:18 UTC 2023 on sn-devel-184
2023-01-17 18:23:18 +00:00
Joseph Sutton
ae6e76c082 lib/compression: Fix length check
Put the division on the correct side of the inequality.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-01-10 20:22:32 +00:00
Joseph Sutton
cbe6fb38ec lib/tfork: Don't overwrite 'ret' in cleanup phase
The cleanup phase of tfork_create() saves errno prior to calling
functions that might modify it, with the intention of restoring it
afterwards. However, the value of 'ret' is accidentally overwritten. It
will always be equal to 0, and hence errno will not be restored.

Fix this by introducing a new variable, ret2, for calling functions in
the cleanup phase.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-01-10 20:22:32 +00:00
Joseph Sutton
01bd234f6a lib/talloc: Zero-initialise chunk pointers
Ensuring pointers are always initialised avoids compilation errors with
FORTIFY_SOURCE=2.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-01-10 20:22:32 +00:00
Volker Lendecke
b73ecb28a7 lib: Remove idtree from samba_util.h
No need to recompile the world when only a few files need this.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-01-10 00:28:37 +00:00
Volker Lendecke
43f041de65 lib: Add "starting_id" to idr_get_new_random()
To be used in smbXsrv_open.c, for this we need a lower bound.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-01-10 00:28:37 +00:00
Ralph Boehme
29a99e5e12 libreplace: require TLS support if pthread support is available
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-01-05 11:33:37 +00:00
Ralph Boehme
73e7d3731d libreplace: update comment on __thread support
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-01-05 11:33:37 +00:00
Andrew Walker
01cdc5e00b lib/replace - add extra check to bsd_attr_list
The FreeBSD extattr API may return success and truncated
namelist. We need to check for this in bsd_attr_list to
ensure that we don't accidentally read off the end of the
buffer. In the case of a truncated value, the pascal
strings for attr names will reflect the lengths as if
the value were not truncated. For example:
`58DosStrea`

In case of short read we now set error to ERANGE and
fail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15271

Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Jan  2 14:27:23 UTC 2023 on sn-devel-184
2023-01-02 14:27:23 +00:00
Andreas Schneider
0c931fb301 waf: Run python tests also with tr_TR locale
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15248

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Dec 23 14:17:31 UTC 2022 on sn-devel-184
2022-12-23 14:17:31 +00:00
Andreas Schneider
24275cd800 lib:ldb: Use ldb_ascii_toupper() for case folding
For example there are at least two locales (tr_TR and az_AZ) in glibc
having dotless i transformation different from Latin scripts and GUID
versus Guid comparison would be different there (attribute name would
not match in the test).

See also
https://en.wikipedia.org/wiki/Dotted_and_dotless_I
https://lists.samba.org/archive/samba-technical/2019-December/134659.html

This fixes: LC_ALL=tr_TR.UTF-8 make test

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15248

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-12-23 13:23:29 +00:00
Andreas Schneider
a8f6fa03ef lib:ldb: Add ldb_ascii_toupper()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15248

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-12-23 13:23:29 +00:00
Andreas Schneider
78ca66a1a5 lib:ldb: Remove trailing white spaces in ldb_private.h
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15248

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-12-23 13:23:29 +00:00
Andreas Schneider
c8e3873e7e lib:ldb: Fix trailing whitespaces in common/ldb_utf8.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15248

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-12-23 13:23:29 +00:00
Andreas Schneider
14751e91a5 lib:ldb: Fix trailing whitespaces in common/attrib_handlers.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15248

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-12-23 13:23:29 +00:00
Douglas Bagnall
41249302a3 lib/compression: add simple python bindings
There are four functions, allowing compression and decompression in
the two formats we support so far. The functions will accept bytes or
unicode strings which are treated as utf-8.

The LZ77+Huffman decompression algorithm requires an exact target
length to decompress, so this is mandatory.

The plain decompression algorithm does not need an exact length, but
you can provide one to help it know how much space to allocate. As
currently written, you can provide a short length and it will often
succeed in decompressing to a different shorter string.

These bindings are intended to make ad-hoc investigation easier, not
for production use. This is reflected in the guesses about output size
that plain_decompress() makes if you don't supply one -- either they
are stupidly wasteful or ridiculously insufficient, depending on
whether or not you were trying to decompress a 20MB string.

>>> a = '12345678'
>>> import compression
>>> b = compression.huffman_compress(a)
>>> b
b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00  #....
>>> len(b)
262
>>> c = compression.huffman_decompress(b, len(a))
>>> c
b'12345678'                                   # note, c is bytes, a is str
>>> a
'12345678'
>>> d = compression.plain_compress(a)
>>> d
b'\xff\xff\xff\x0012345678'
>>> compression.plain_decompress(d)           # no size specified, guesses
b'12345678'
>>> compression.plain_decompress(d,5)
b'12345'
>>> compression.plain_decompress(d,0)         # 0 for auto
b'12345678'
>>> compression.plain_decompress(d,1)
b'1'
>>> compression.plain_decompress(a,444)
Traceback (most recent call last):
   compression.CompressionError: unable to decompress data into a buffer of 444 bytes.
>>> compression.plain_decompress(b,444)
b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 #...

That last one decompresses the Huffman compressed file with the plain
compressor; pretty much any string is valid for plain decompression.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-22 19:50:33 +00:00
Douglas Bagnall
44a44005a6 compression/huffman: debug function bails upon disaster (CID 1517261)
We shouldn't get a node with a zero code, and there's probably nothing
to do but stop.

   CID 1517261 (#1-2 of 2): Bad bit shift operation
   (BAD_SHIFT)11. negative_shift: In expression j >> offset - k,
   shifting by a negative amount has undefined behavior. The shift
   amount, offset - k, is -3.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Dec 19 23:29:04 UTC 2022 on sn-devel-184
2022-12-19 23:29:04 +00:00
Douglas Bagnall
628f14c149 compression/huffman: double check distance in matches (CID 1517278)
Because we just wrote the intermediate representation to have no zero
distances, we can be sure it doesn't, but Coverity doesn't know. If
distance is zero, `bitlen_nonzero_16(distance)` would be bad.

   CID 1517278 (#1 of 1): Bad bit shift operation
   (BAD_SHIFT)41. large_shift: In expression 1 << code_dist, left
   shifting by more than 31 bits has undefined behavior. The shift
   amount, code_dist, is 65535.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-19 22:32:35 +00:00
Douglas Bagnall
6b4d94c987 compression: fix sign extension of long matches (CID 1517275)
Very long matches would be written instead as very very long matches.

We can't in fact hit this because we have a MAX_MATCH_LENGTH defined
as 64M, but if we could, it might make certain 2GB+ strings impossible
to compress.

  CID 1517275 (#1 of 1): Unintended sign extension
  (SIGN_EXTENSION)sign_extension: Suspicious implicit sign extension:
  intermediate[i + 2UL] with type uint16_t (16 bits, unsigned) is
  promoted in intermediate[i + 2UL] << 16 to type int (32 bits, signed),
  then sign-extended to type unsigned long (64 bits, unsigned). If
  intermediate[i + 2UL] << 16 is greater than 0x7FFFFFFF, the upper bits
  of the result will all be 1.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-19 22:32:35 +00:00
Douglas Bagnall
baba440ffa compression tests: avoid div by zero in failure (CID 1517297)
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-19 22:32:35 +00:00
Douglas Bagnall
b99e0e9301 compression/tests: calm the static analysts (CID: numerous)
None of our test vectors are 18446744073709551615 bytes long, which
means we can know an `expected_length == returned_length` check will
catch the case where the compression function returns -1 for error. We
know that, but Coverity doesn't.

It's the same thing over and over again, in two different patterns:

>>>     CID 1517301:  Memory - corruptions  (OVERRUN)
>>>     Calling "memcmp" with "original.data" and "original.length" is
suspicious because of the very large index, 18446744073709551615. The index
may be due to a negative parameter being interpreted as unsigned.
393     	if (original.length != decomp_written ||
394     	    memcmp(decompressed.data,
395     		   original.data,
396     		   original.length) != 0) {
397     		debug_message("\033[1;31mgot %zd, expected %zu\033[0m\n",
398     			      decomp_written,

*** CID 1517299:  Memory - corruptions  (OVERRUN)
/lib/compression/tests/test_lzxpress_plain.c: 296 in
test_lzxpress_plain_decompress_more_compressed_files()
290     		debug_start_timer();
291     		written = lzxpress_decompress(p.compressed.data,
292     					      p.compressed.length,
293     					      dest,
294     					      p.decompressed.length);
295     		debug_end_timer("decompress", p.decompressed.length);
>>>     CID 1517299:  Memory - corruptions  (OVERRUN)
>>>     Calling "memcmp" with "p.decompressed.data" and
"p.decompressed.length" is suspicious because of the very large index,
18446744073709551615. The index may be due to a negative parameter being
interpreted as unsigned.
296     		if (written == p.decompressed.length &&
297     		    memcmp(dest, p.decompressed.data, p.decompressed.length)
== 0) {
298     			debug_message("\033[1;32mdecompressed %s!

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-19 22:32:35 +00:00
Douglas Bagnall
d6a67908e1 compression/huffman: check again for invalid codes (CID 1517302)
We know that code is non-zero, because it comes from the combination of
the intermediate representation and the symbol tables that were generated
at the same time. But Coverity doesn't know that, and it thinks we could
be doing undefined things in the subsequent shift.

    CID 1517302:  Integer handling issues  (BAD_SHIFT)
    In expression "1 << code_bit_len", shifting by a negative amount has

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-19 22:32:35 +00:00
Douglas Bagnall
27af27f901 compression/huffman: tighten bit_len checks (fix SUSE -O3 build)
The struct write_context bit_len attribute is always between 0 and 31,
but if the next patches are applied without this, SUSE GCC -O3 will
worry thusly:

 ../../lib/compression/lzxpress_huffman.c: In function
  ‘lzxpress_huffman_compress’:
 ../../lib/compression/lzxpress_huffman.c:953:5: error: assuming signed
  overflow does not occur when simplifying conditional to constant
  [-Werror=strict-overflow]
   if (wc->bit_len > 16) {
         ^
         cc1: all warnings being treated as errors

Inspection tell us that the invariant holds. Nevertheless, we can
safely use an unsigned type and insist that over- or under- flow is
bad.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-19 22:32:35 +00:00
Douglas Bagnall
e7489be7be fuzz: fix lzxpress plain round-trip fuzzer
The 'compressed' string can be about 9/8 the size of the decompressed
string, but we didn't allow enough memory in the fuzz target for that.
Then when it failed, we didn't check.

Credit to OSSFuzz.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-19 22:32:35 +00:00
Douglas Bagnall
6f77b376d4 compression/huffman: avoid semi-defined behaviour in decompress
We had

               output[output_pos - distance];

where output_pos and distance are size_t and distance can be greater
than output_pos (because it refers to a place in the previous block).

The underflow is defined, leading to a big number, and when
sizeof(size_t) == sizeof(*uint8_t) the subsequent overflow works as
expected. But if size_t is smaller than a pointer, bad things will
happen.

This was found by OSSFuzz with
'UBSAN_OPTIONS=print_stacktrace=1:silence_unsigned_overflow=1'.

Credit to OSSFuzz.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-19 22:32:35 +00:00
Günther Deschner
39e8489dfc s3-librpc: add ads.idl and convert ads_struct to talloc.
Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-16 20:38:32 +00:00
Volker Lendecke
bb94ec2655 tdb: Move 160 bytes from R/W data segment to R/O text
The linker has to relocate the pointers in the array at startup, save
that. I know we have bigger .data blobs, but every bit counts :-)

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-15 21:52:34 +00:00
Volker Lendecke
300ad4ff12 lib: Save intermediate NULL checks with talloc_asprintf_addbuf()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-14 04:32:34 +00:00
Volker Lendecke
cbcf7f0d21 lib: Use talloc_asprintf_addbuf() in rdn_name_add()
Add implicit NULL checks

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-14 04:32:34 +00:00
Volker Lendecke
ffba59b5c0 lib: Use talloc_asprintf_addbuf() in ldb_module_call_chain()
This was exactly what talloc_asprintf_addbuf() does.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-14 04:32:34 +00:00
Volker Lendecke
fe8895c83c lib: Use talloc_asprintf_addbuf() in print_socket_options()
With the proper NULL checks we don't need the stackframe,
use a passed in context instead.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-14 04:32:34 +00:00
Volker Lendecke
bcdbe6ef6b lib: Use talloc_asprintf_addbuf() in ldif_write_prefixMap()
The first call of talloc_asprintf_append() did not have a NULL check.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-14 04:32:34 +00:00
Volker Lendecke
c692b5c95b lib: Use talloc_asprintf_addbuf() in str_list_join_shell()
This adds proper NULL checks via talloc_asprintf_addbuf()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-14 04:32:34 +00:00
Volker Lendecke
2c7766c28f lib: Use talloc_asprintf_addbuf() in str_list_join()
This adds intermediate NULL checks via talloc_asprintf_addbuf()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-14 04:32:34 +00:00
Volker Lendecke
101396ab76 lib: Use talloc_asprintf_addbuf() in debug.c
Slightly simplify debug_list_class_names_and_levels()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-14 04:32:34 +00:00
Volker Lendecke
ccb5bafe93 lib: Move talloc_asprintf_addbuf() to talloc
I wanted to use this in debug.c, but this would have meant to pollute
debug's deps with a lot of stuff. Also, looking through uses of
talloc_asprint_append(), very many of those don't do NULL checks
properly and could benefit from the _addbuf() flavor. We can add a
vasprintf variant later if the need shows up.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-14 04:32:34 +00:00
Volker Lendecke
7870e82cb4 lib: Fix whitespace
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-14 04:32:34 +00:00
Ralph Boehme
969e062724 lib/util: use process_set_title() in tfork()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-14 01:38:29 +00:00
Ralph Boehme
19c82c19c0 lib/util: add process_set_title()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-14 01:38:29 +00:00
Stefan Metzmacher
36d0a49515 CVE-2022-37966 param: Add support for new option "kdc supported enctypes"
This allows admins to disable enctypes completely if required.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-13 13:07:30 +00:00
Stefan Metzmacher
fa64f8fa8d CVE-2022-37966 param: let "kdc default domain supportedenctypes = 0" mean the default
In order to allow better upgrades we need the default value for smb.conf to the
same even if the effective default value of the software changes in future.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-13 13:07:30 +00:00
Stefan Metzmacher
7504a4d6fe CVE-2022-37966 param: don't explicitly initialize "kdc force enable rc4 weak session keys" to false/"no"
This is not squashed in order to allow easier backports...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-13 13:07:30 +00:00
Stefan Metzmacher
16b805c8f3 CVE-2022-37966 lib/krb5_wrap: no longer reference des encryption types
We no longer have support for des encryption types in the kerberos
libraries anyway.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-13 13:07:30 +00:00
Stefan Metzmacher
c9b10ee32c CVE-2022-37966 lib/krb5_wrap: remove unused ifdef HAVE_ENCTYPE_AES*
aes encryption types are always supported.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-12-13 13:07:30 +00:00
Andrew Bartlett
ee18bc29b8 CVE-2022-37966 param: Add support for new option "kdc force enable rc4 weak session keys"
Pair-Programmed-With: Joseph Sutton <josephsutton@catalyst.net.nz>

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-12-13 13:07:29 +00:00
Joseph Sutton
d861d4eb28 CVE-2022-37966 param: Add support for new option "kdc default domain supportedenctypes"
This matches the Windows registry key

HKEY_LOCAL_MACHINE\System\CurrentControlSet\services\KDC\DefaultDomainSupportedEncTypes

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15237

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-12-13 13:07:29 +00:00
Stefan Metzmacher
7732a4b0bd CVE-2022-38023 docs-xml/smbdotconf: add "server schannel require seal[:COMPUTERACCOUNT]" options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-12-13 13:07:29 +00:00
Stefan Metzmacher
c8e53394b9 CVE-2022-38023 docs-xml/smbdotconf: change 'reject md5 clients' default to yes
AES is supported by Windows Server >= 2008R2, Windows (Client) >= 7 and Samba >= 4.0,
so there's no reason to allow md5 clients by default.
However some third party domain members may need it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-12-13 13:07:29 +00:00
Stefan Metzmacher
1c6c112990 CVE-2022-38023 docs-xml/smbdotconf: change 'reject md5 servers' default to yes
AES is supported by Windows >= 2008R2 and Samba >= 4.0 so there's no
reason to allow md5 servers by default.

Note the change in netlogon_creds_cli_context_global() is only cosmetic,
but avoids confusion while reading the code. Check with:

 git show -U35 libcli/auth/netlogon_creds_cli.c

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15240

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-12-13 13:07:29 +00:00
Volker Lendecke
1625dc4b56 tsocket: Fix the build on FreeBSD
FreeBSD does not have TCP_USER_TIMEOUT

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-12 21:16:33 +00:00
Ralph Boehme
8d58174cdd lib/torture: fix tctx arg usage in torture_assert_nttime_equal() macro
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-09 23:11:38 +00:00
Ralph Boehme
8a2c763d26 lib/cmdline/tests: add missing includes
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-12-09 23:11:38 +00:00
Anoop C S
0c2146eb00 lib/compression: Include missing stat header file
<sys/stat.h> was missing from compression library tests which resulted
in the following compile time error:

../../lib/compression/tests/test_lzx_huffman.c: In function
                                                   ‘datablob_from_file’:
../../lib/compression/tests/test_lzx_huffman.c:383:21: error:
                                         storage size of ‘s’ isn’t known
  383 |         struct stat s;
      |                     ^
../../lib/compression/tests/test_lzx_huffman.c:389:15: warning:
    implicit declaration of function ‘fstat’ [-Wimplicit-function-declaration]
  389 |         ret = fstat(fileno(fh), &s);
      |               ^~~~~

Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Dec  6 11:39:16 UTC 2022 on sn-devel-184
2022-12-06 11:39:16 +00:00
Andreas Schneider
a451fa5ef9 lib:compression: Initialize variables
lib/compression/tests/test_lzx_huffman.c: In function ‘test_lzxpress_huffman_overlong_matches’:
lib/compression/tests/test_lzx_huffman.c:1013:35: error: ‘j’ may be used uninitialized [-Werror=maybe-uninitialized]
 1013 |         assert_int_equal(score, i * j);
      |                                   ^
lib/compression/tests/test_lzx_huffman.c:979:19: note: ‘j’ was declared here
  979 |         size_t i, j;
      |                   ^
lib/compression/tests/test_lzx_huffman.c: In function ‘test_lzxpress_huffman_overlong_matches_abc’:
lib/compression/tests/test_lzx_huffman.c:1059:39: error: ‘k’ may be used uninitialized [-Werror=maybe-uninitialized]
 1059 |         assert_int_equal(score, i * j * k);
      |                                       ^
lib/compression/tests/test_lzx_huffman.c:1020:22: note: ‘k’ was declared here
 1020 |         size_t i, j, k;
      |                      ^
lib/compression/tests/test_lzx_huffman.c:1059:35: error: ‘j’ may be used uninitialized [-Werror=maybe-uninitialized]
 1059 |         assert_int_equal(score, i * j * k);
      |                                   ^
lib/compression/tests/test_lzx_huffman.c:1020:19: note: ‘j’ was declared here
 1020 |         size_t i, j, k;
      |                   ^

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Sun Dec  4 09:12:30 UTC 2022 on sn-devel-184
2022-12-04 09:12:30 +00:00
Douglas Bagnall
d9c192546f lib/compression/lzxpress: fix our slow compression
This uses the same hash table method as lzxpress_huffman, though the
code can't be directly reused as the sizes of the offsets is
different, and there is not a block processing step here.

This will worsen the compression ratio compared to the exhaustive
search we previously used, though we still perform better than
Windows. To put numbers on it, the test files used to compress to 0.91
of Windows' compression size, and now they compress to 0.96.

On the other hand this is many orders of magnitude faster. It is
difficult to say exactly how much faster -- while the testsuite time
has only improved 200-fold (from 7 minutes to 2 seconds), most of the
remaining 2 seconds is used in data generation and management, not
compression. OSSFuzz consistently finds new vectors that time out
after a minute; on these we'll see nearly an order of magnitude of
orders of magnitude inprovement.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>

Autobuild-User(master): Joseph Sutton <jsutton@samba.org>
Autobuild-Date(master): Fri Dec  2 00:00:04 UTC 2022 on sn-devel-184
2022-12-02 00:00:04 +00:00
Douglas Bagnall
caa643e36e lib/compression/lzxpress: shift encoding into helper functions
This makes it easier to rework the encoding decision to depend on a
hash table match rather than the current exhaustive search.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-12-01 22:56:40 +00:00
Douglas Bagnall
fb35cf29a4 lib/compression/lzxpress compression: use a write context struct
This will make it possible to move encoding operations into helper
functions, which will make it easier to restructure the code to use a
hash table for faster matching.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-12-01 22:56:40 +00:00
Douglas Bagnall
e4066b2be6 lib/compression: more tests for lzxpress plain compression
These are based on (i.e. copied and pasted from) the LZ77 + Huffman
tests.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-12-01 22:56:40 +00:00
Douglas Bagnall
ce7ea07d07 testdata: move compression examples to re-use with lzxpress plain
Everything that is in testdata/compression/lzxpress-huffman/ can also
be used for lzxpress plain tests, which is something we really need.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-12-01 22:56:40 +00:00
Douglas Bagnall
9589f5282b lib/compression/lzx-plain: relax size requirements on long file
We are going to change from a slow exact match algorithm to a fast
heuristic search that will not always get the same results as the
exhaustive search.

To be precise, a million zeros will compress to 112 rather than 93 bytes.

We don't insist on an exact size, because that is not an issue here.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-12-01 22:56:39 +00:00
Douglas Bagnall
c2db7fda4e lib/comression: convert test_lzxpress_plain to cmocka
Mainly so I can go

 make bin/test_lzxpress_plain && bin/test_lzxpress_plain
 valgrind bin/test_lzxpress_plain
 rr bin/test_lzxpress_plain
 rr replay

in a tight loop.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-12-01 22:56:39 +00:00
Douglas Bagnall
e5f9deed0d lib/compression: add test scripts README
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-12-01 22:56:39 +00:00
Douglas Bagnall
1a3d8da731 lib/compression: test util to generate fuzzing seeds
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-12-01 22:56:39 +00:00
Douglas Bagnall
6a7c0ca23c lib/compression: Windows utility to generate test vectors
If compiled on Windows using Cygwin, MSYS2, or similar, this will output
compressed versions of files exactly as specified by MZ-XCA, if the
following conditions are met:

1. The file > 300 bytes.
2. The compressed file is smaller than the decompressed file.

Otherwise it returns the data unchanged. Without warning; that's just
how the API works.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-12-01 22:56:39 +00:00
Douglas Bagnall
7804570a37 lib/compression: script to test 3 byte hash
Compression uses a 3 byte hash remember LZ77 matches in a 14-bit table.
This script runs the hash over all 16M combinations, then again over
all ASCII combinations, counting collisions to find hot-spots.

If you think you have a better hash, you are probably right, but you
should try it here -- alter h() -- before committing to it. This one is
literally the first one I thought of.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-12-01 22:56:39 +00:00
Douglas Bagnall
dadecede54 lib/compression: helper script to make unbalanced data
Huffman tree re-quantisation and perhaps other code paths are only
triggered by pathological data like this.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-12-01 22:56:39 +00:00
Douglas Bagnall
bce33816ec lib/compression: add a debug script to describe headers
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-12-01 22:56:39 +00:00
Douglas Bagnall
e58e993504 fuzz: add fuzz_lzxpress_huffman_round_trip
This compresses some data, decompresses it, and asserts that the
result is identical to the original string.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-12-01 22:56:39 +00:00
Douglas Bagnall
307aded670 fuzz: add fuzz_lzxpress_huffman_compress
This differs from fuzz_lzxpress_huffman_round_trip (next commit) in
that the output buffer might be too small for the compressed data, in
which case we want to see an error and not a crash.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-12-01 22:56:39 +00:00
Douglas Bagnall
cda3c1a227 fuzz: add fuzz_lzxpress_huffman_decompress
Most strings will not successfully decompress, which is OK. What we
care about of course is memory safety.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-12-01 22:56:39 +00:00
Douglas Bagnall
e795985067 lib/compression/tests: add lzhuffman timer functions
With LZXHUFF_DEBUG_VERBOSE set, we measure the compression and
decompression rate relative to the decompressed size.

On reasonably long strings on my laptop, compiled with -O0, it turns
out to between 20 and 500 MB/s, both ways, depending on the complexity
of the string. Very short strings are of course dominated by overhead.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-12-01 22:56:39 +00:00
Douglas Bagnall
77048aaa61 lib/compression: debug routines for lzxpress-huffman
If you need to see a Huffman tree (and sometimes you do), set
DEBUG_HUFFMAN_TREE to true at the top of lzxpress_huffman.c, and run:

  make bin/test_lzx_huffman && bin/test_lzx_huffman

Actually, that will show you hundreds of trees, and you'll be glad of
that if you are ever trying to understand this.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-12-01 22:56:39 +00:00
Douglas Bagnall
955214ef6e lib/compression/lzhuff: add debug flag to skip LZ77
Encoding without LZ77 matches is valid, and it is useful for isolating
bugs.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-12-01 22:56:39 +00:00
Douglas Bagnall
d4e3f0c88e lib/compression: LZ77 + Huffman compression
This compresses files as described in MS-XCA 2.2, and as decompressed
by the decompressor in the previous commit.

As with the decompressor, there are two public functions -- one that
uses a talloc context, and one that uses pre-allocated memory. The
compressor requires a tightly bound amount of auxillary memory
(>220kB) in a few different buffers, which is all gathered together in
the public struct lzxhuff_compressor_mem. An instantiated but not
initialised copy of this struct is required by the non-talloc
function; it can be used over and over again.

Our compression speed is about the same as the decompression speed
(between 20 and 500 MB/s on this laptop, depending on the data), and
our compression ratio is very similar to that of Windows.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-12-01 22:56:39 +00:00
Douglas Bagnall
f86035c65b lib/compression: add LZ77 + Huffman decompression
This format is described in [MS-XCA] 2.1 and 2.2, with exegesis in
many posts on the cifs-protocol list[1].

The two public functions are:

ssize_t lzxpress_huffman_decompress(const uint8_t *input,
				    size_t input_size,
				    uint8_t *output,
				    size_t output_size);

uint8_t *lzxpress_huffman_decompress_talloc(TALLOC_CTX *mem_ctx,
					    const uint8_t *input_bytes,
					    size_t input_size,
					    size_t output_size);

In both cases the caller needs to know the *exact* decompressed size,
which is essential for decompression. The _talloc version allocates
the buffer for you, and uses the talloc context to allocate a 128k
working buffer. THe non-talloc function will allocate the working
buffer on the stack.

This compression format gives better compression for messages of
several kilobytes than the "plain" LXZPRESS compression, but is
probably a bit slower to decompress and is certainly worse for very
short messages, having a fixed 256 byte overhead for the first Huffman
table.

Experiments show decompression rates between 20 and 500 MB per second,
depending on the compression ratio and data size, on an i5-1135G7 with
no compiler optimisations.

This compression format is used in AD claims and in SMB, but that
doesn't happen with this commit.

I will not try to describe LZ77 or Huffman encoding here. Don't expect
an answer in MS-XCA either; instead read the code and/or Wikipedia.

[1] Much of that starts here:

https://lists.samba.org/archive/cifs-protocol/2022-October/

but there's more earlier, particularly in June/July 2020, when
Aurélien Aptel was working on an implementation that ended up in
Wireshark.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pair-programmed-with: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-12-01 22:56:39 +00:00
Douglas Bagnall
f6cda06dfb lib/compression: move lzxpress_plain test into tests/
We are going to add more tests for lib/compression, and they can't all
be called "testsuite.c".

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-12-01 22:56:39 +00:00
Douglas Bagnall
e24efb88ef fuzz: add fuzzers for stable_sort
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-12-01 22:56:39 +00:00
Douglas Bagnall
4e18e92399 util: add stable sort functions
Sometimes (e.g. in lzxpress Huffman encoding, and in some of our
tests: c.f. https://lists.samba.org/archive/samba-technical/2018-March/126010.html)
we want a stable sort algorithm (meaning one that retains the previous
order of items that compare equal).

The GNU libc qsort() is *usually* stable, in that it first tries to
use a mergesort but reverts to quicksort if the necessary allocations
fail. That has led Samba developers to unthinkingly assume qsort() is
stable which is not the case on many platforms, and might not always
be on GNU/Linuxes either.

This adds four functions. stable_sort() sorts an array, and requires
an auxiliary working array of the same size. stable_sort_talloc()
takes a talloc context so it ca create a working array and call
stable_sort(). stable_sort_r() takes an opaque context blob that gets
passed to the compare function, like qsort_r() and ldb_qsort(). And
stable_sort_talloc_r() rounds out the quadrant.

These are LGPL so that the can be used in ldb, which has problems with
unstable sort.

The tests are borrowed and extended from test_ldb_qsort.c.

When sorting non-trivial structs this is roughly as fast as GNU qsort,
but GNU qsort has optimisations for small items, using direct
assignments of rather than memcpy where the size allows the item to be
cast as some kind of int.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2022-12-01 22:56:39 +00:00
Stefan Metzmacher
6dddb268df lib/replace: let rep_openat2() inject O_LARGEFILE as needed
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15251

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-11-24 11:01:37 +00:00
Volker Lendecke
b7d4b8eaac lib: Whitespace fixes
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-11-22 18:27:33 +00:00
Volker Lendecke
9dddb9a2fc lib: Make lib/util/iov_buf.h self-contained
We need "struct iovec", which comes in via sys/uio.h, incuded by
system/filesys.h

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-11-22 18:27:33 +00:00
Stefan Metzmacher
76adda9d2f lib/replace: fix memory leak in snprintf replacements
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15230

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Nov  9 11:18:02 UTC 2022 on sn-devel-184
2022-11-09 11:18:02 +00:00
Joseph Sutton
7d3416e8cb krb5: Detect support for krb5_const_pac type
We can't unconditionally assume (as we did in
third_party/heimdal_build/wscript_configure) that Heimdal has this type,
since we may have an older system Heimdal that lacks it. We must also
check whether krb5_pac_get_buffer() is usable with krb5_const_pac, and
declare krb5_const_pac as a non-const typedef if not.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-11-08 02:39:37 +00:00
Stefan Metzmacher
956c6562eb lib/krb5_wrap: add explicit keep_old_kvno/enctype_only args to smb_krb5_kt_seek_and_delete_old_entries()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-10-27 21:14:43 +00:00
Stefan Metzmacher
173b6f6e60 lib/krb5_wrap: document the enctype argument of smb_krb5_kt_seek_and_delete_old_entries()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-10-27 21:14:43 +00:00
Stefan Metzmacher
7958e18b8a lib/krb5_wrap: remove unused keep_old_entries argument from smb_krb5_kt_seek_and_delete_old_entries()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-10-27 21:14:43 +00:00
Stefan Metzmacher
b7ea69bdff lib/krb5_wrap: remove unused keep_old_entries argument from smb_krb5_kt_add_entry()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-10-27 21:14:43 +00:00
Andreas Schneider
6f1a9ef207 lib:replace: Require bool from C99
https://fedoraproject.org/wiki/Changes/PortingToModernC

We define True to true from stdbool.h and the same for false. So we
don't have to do a cleanup now.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Oct 27 19:11:30 UTC 2022 on sn-devel-184
2022-10-27 19:11:30 +00:00
Andreas Schneider
ae86c620aa lib:replace: Fix trailing whitespace in wscript
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-10-27 18:18:36 +00:00
Joseph Sutton
19895c9389 ldb: don't call comparison() directly in LDB_TYPESAFE_QSORT
The result is not used, it is only part of the macro to gain
type-checking.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2022-10-21 03:57:33 +00:00
Joseph Sutton
ed35f40d75 krb5: Add compatability for krb5_const_pac type
This allows this type to be used in Samba in the future for
both Kerberos implementations

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2022-10-21 03:57:33 +00:00
Stefan Metzmacher
e232ba946f lib/tsocket: avoid endless cpu-spinning in tstream_bsd_fde_handler()
There were some reports that strace output an LDAP server socket is in
CLOSE_WAIT state, returning EAGAIN for writev over and over (after a call to
epoll() each time).

In the tstream_bsd code the problem happens when we have a pending
writev_send, while there's no readv_send pending. In that case
we still ask for TEVENT_FD_READ in order to notice connection errors
early, so we try to call writev even if the socket doesn't report TEVENT_FD_WRITE.
And there are situations where we do that over and over again.

It happens like this with a Linux kernel:

    tcp_fin() has this:
        struct tcp_sock *tp = tcp_sk(sk);

        inet_csk_schedule_ack(sk);

        sk->sk_shutdown |= RCV_SHUTDOWN;
        sock_set_flag(sk, SOCK_DONE);

        switch (sk->sk_state) {
        case TCP_SYN_RECV:
        case TCP_ESTABLISHED:
                /* Move to CLOSE_WAIT */
                tcp_set_state(sk, TCP_CLOSE_WAIT);
                inet_csk_enter_pingpong_mode(sk);
                break;

It means RCV_SHUTDOWN gets set as well as TCP_CLOSE_WAIT, but
sk->sk_err is not changed to indicate an error.

    tcp_sendmsg_locked has this:
    ...
        err = -EPIPE;
        if (sk->sk_err || (sk->sk_shutdown & SEND_SHUTDOWN))
                goto do_error;

        while (msg_data_left(msg)) {
                int copy = 0;

                skb = tcp_write_queue_tail(sk);
                if (skb)
                        copy = size_goal - skb->len;

                if (copy <= 0 || !tcp_skb_can_collapse_to(skb)) {
                        bool first_skb;

    new_segment:
                        if (!sk_stream_memory_free(sk))
                                goto wait_for_space;

    ...

    wait_for_space:
                set_bit(SOCK_NOSPACE, &sk->sk_socket->flags);
                if (copied)
                        tcp_push(sk, flags & ~MSG_MORE, mss_now,
                                 TCP_NAGLE_PUSH, size_goal);

                err = sk_stream_wait_memory(sk, &timeo);
                if (err != 0)
                        goto do_error;

It means if (sk->sk_err || (sk->sk_shutdown & SEND_SHUTDOWN)) doesn't
hit as we only have RCV_SHUTDOWN and sk_stream_wait_memory returns
-EAGAIN.

    tcp_poll has this:

        if (sk->sk_shutdown & RCV_SHUTDOWN)
                mask |= EPOLLIN | EPOLLRDNORM | EPOLLRDHUP;

So we'll get EPOLLIN | EPOLLRDNORM | EPOLLRDHUP triggering
TEVENT_FD_READ and writev/sendmsg keeps getting EAGAIN.

So we need to always clear TEVENT_FD_READ if we don't
have readable handler in order to avoid burning cpu.
But we turn it on again after a timeout of 1 second
in order to monitor the error state of the connection.

And now that our tsocket_bsd_error() helper checks for POLLRDHUP,
we can check if the socket is in an error state before calling the
writable handler when TEVENT_FD_READ was reported.
Only on error we'll call the writable handler, which will pick
the error without calling writev().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15202

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-10-19 16:14:36 +00:00
Stefan Metzmacher
4c7e2b9b60 lib/tsocket: remember the first error as tstream_bsd->error
If we found that the connection is broken, there's no point
in trying to use it anymore, so just return the first error we detected.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15202

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-10-19 16:14:36 +00:00
Stefan Metzmacher
29a65da63d lib/tsocket: check for errors indicated by poll() before getsockopt(fd, SOL_SOCKET, SO_ERROR)
This also returns an error if we got TCP_FIN from the peer,
which is only reported by an explicit POLLRDHUP check.

Also on FreeBSD getsockopt(fd, SOL_SOCKET, SO_ERROR) fetches
and resets the error, so a 2nd call no longer returns an error.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15202

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-10-19 16:14:36 +00:00
Stefan Metzmacher
9950efd83e lib/tsocket: split out tsocket_bsd_error() from tsocket_bsd_pending()
This will be used on its own soon.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15202

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-10-19 16:14:36 +00:00
Andrew Bartlett
f0fb8b9508 lib/tsocket: Add tests for loop on EAGAIN
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15202

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2022-10-19 16:14:36 +00:00
Joseph Sutton
3ad0fa6925 pyldb: Fix typos in function names
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Oct  5 05:23:50 UTC 2022 on sn-devel-184
2022-10-05 05:23:50 +00:00
Joseph Sutton
8479622096 lib:krb5_wrap: Add helper functions to make krb5_data structure
These will be used in following commits.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-10-05 04:23:33 +00:00
Joseph Sutton
352064979b pyldb: Fix tests going unused
These tests are redeclared later and so are never used. Give them new
names so that they will be run again.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-10-05 04:23:32 +00:00
Joseph Sutton
c52f5ee84b lib:crypto: Change error return to SMB_ASSERT()
Getting an HMAC too long to fit our array is a programming error. It
should always be 64 bytes exactly.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-10-05 04:23:32 +00:00
Joseph Sutton
01b6c87c4f lib:krb5_wrap: Use case-sensitive comparison against 'krbtgt'
This matches the other comparisons against krbtgt, kadmin, etc., which
are all case-sensitive.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-10-05 04:23:32 +00:00
Joseph Sutton
a68428a951 pyldb: Have functions operating on DNs raise LdbError
The return codes of these functions are not often checked. Throwing an
exception ensures we won't continue blindly on if DN manipulation fails.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-10-05 04:23:32 +00:00
Joseph Sutton
a91fa70ad5 tevent: Fix flag clearing
We presumably meant to clear this bit, rather than clearing all bits
other than it.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Oct  3 21:05:31 UTC 2022 on sn-devel-184
2022-10-03 21:05:31 +00:00
Stefan Metzmacher
3c26ee84ce lib/dbwrap: allow dbwrap_merge_dbufs() to update an existing buffer
This will be useful in future...

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-09-20 00:34:35 +00:00
Douglas Bagnall
53f6dbe03f ldb: ldb_build_search_req() check for a talloc failure
The failure in question would have to be a `talloc_strdup(dn, "")` in
ldb_dn_from_ldb_val().

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-09-16 05:46:35 +00:00
Douglas Bagnall
1f60e88197 libaddns: remove duplicate declaration
Also declared on line 257, exactly the same.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-09-16 05:46:35 +00:00
Joseph Sutton
03a50d8f7d lib:util: Check memset_s() error code in talloc_keep_secret_destructor()
Panic if memset_s() fails.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-09-12 23:07:38 +00:00
Joseph Sutton
4bb9d85fed CVE-2021-20251 lib:crypto: Add Python functions for AES SAMR password change
These functions allow us to perform key derivation and AES256 encryption
in Python. They will be used in a following commit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-09-12 23:07:37 +00:00
Joseph Sutton
17b8d164f6 CVE-2021-20251 lib:crypto: Add md4_hash_blob() for hashing data with MD4
This lets us access MD4, which might not be available in hashlib, from
Python. This function is used in a following commit for hashing a
password to obtain the verifier for a SAMR password change.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-09-12 23:07:37 +00:00
Joseph Sutton
b27a67af02 CVE-2021-20251 lib:crypto: Add des_crypt_blob_16() for encrypting data with DES
This lets us access single-DES from Python. This function is used in a
following commit for encrypting an NT hash to obtain the verifier for a
SAMR password change.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=14611

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-09-12 23:07:37 +00:00
Joseph Sutton
121e439e24 lib:crypto: Use constant time memory comparison to check HMAC
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-09-12 23:07:37 +00:00
Joseph Sutton
cec59b82f7 lib:crypto: Check for overflow before filling pauth_tag array
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-09-12 23:07:37 +00:00
Joseph Sutton
f9850c776f lib:crypto: Zero auth_tag array in encryption test
If samba_gnutls_aead_aes_256_cbc_hmac_sha512_encrypt() does not fill the
array completely, we may be comparing uninitialised bytes.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2022-09-12 23:07:37 +00:00
Volker Lendecke
47e2df56f6 ldb: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-09-07 18:40:28 +00:00
Volker Lendecke
9aca11a71a ldb: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-09-07 18:40:28 +00:00
Volker Lendecke
7fe12e79f9 lib: Fix a typo
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-08-26 18:54:37 +00:00
Pavel Filipenský
28a3d5119a lib:krb5: Change memset() to BURN_PTR_SIZE()
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2022-08-26 07:59:32 +00:00
Pavel Filipenský
8de685741b lib:util: Zero memory in generate_random_machine_password()
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2022-08-26 07:59:32 +00:00
Pavel Filipenský
8564380346 lib:replace: Add macro BURN_STR() to zero memory of a string
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2022-08-26 07:59:32 +00:00
Pavel Filipenský
fa29eed681 lib:util: Add BURN_FREE() and BURN_FREE_STR()
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2022-08-26 07:59:32 +00:00
Stefan Metzmacher
bf1dd1a188 lib/util: add unlikely() to SMB_ASSERT()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15125

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-08-19 18:41:34 +00:00
Andreas Schneider
233a0cd6de lib:fuzzing: Fix shellcheck errors in build_samba.sh
lib/fuzzing/oss-fuzz/build_samba.sh:24:27: error: Double quote array
expansions to avoid re-splitting elements. [SC2068]

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2022-08-17 10:08:35 +00:00
Stefan Metzmacher
ae1a84f731 lib/replace: let DISABLE_OPATH also undef __NR_openat2
The reason for DISABLE_OPATH is to simulate a non-linux
system, so we should not use openat2() either.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2022-08-15 15:03:37 +00:00
Stefan Metzmacher
f7618dd31a lib/replace: add fallback defines for __NR_openat2
sys/syscall.h might be older than the runtime kernel.

If the kernel has support for openat2() we should
try to use if anyway.

The callers have to deal with ENOSYS anyway,
so there's no difference if we get that from syscall(__NR_openat2)
or directly from rep_openat2().

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2022-08-15 15:03:37 +00:00
Stefan Metzmacher
b89001e922 lib/replace: use syscall(__NR_openat2) if available
There's no glibc wrapper for openat2() yet, so we need
to use syscall(__NR_openat2) ourself.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2022-08-15 15:03:37 +00:00
Stefan Metzmacher
37ba6df174 lib/replace: always include <sys/syscall.h> in replace.c if available
It will be used for openat2() soon.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2022-08-15 15:03:37 +00:00
Stefan Metzmacher
ce804b7816 lib/replace: add a replacement for openat2() that returns ENOSYS
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2022-08-15 15:03:36 +00:00
Jule Anger
751b2b853b ldb: change the version to 2.7.0 for Samba 4.18
Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Jule Anger <janger@samba.org>
Autobuild-Date(master): Mon Aug  8 15:51:44 UTC 2022 on sn-devel-184
2022-08-08 15:51:44 +00:00
Jule Anger
4ef2d36615 audit_logging: add method to replace the object for a given key with a new object
Signed-off-by: Jule Anger <janger@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-08-08 12:56:28 +00:00
listout
fb937ddc83 lib/util/access: source3/auth/user_util: Check for INNETGR
Checking for presence of both netgroup and innetgr. INNETGR is not
defined on libc's such as musl so not checking results in a build error.

Signed-off-by: listout <brahmajit.xyz@gmail.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Aug  8 07:28:31 UTC 2022 on sn-devel-184
2022-08-08 07:28:31 +00:00
Volker Lendecke
c89ae5f0f6 lib: Align an integer type
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2022-08-04 20:44:32 +00:00
Andreas Schneider
766151bf5b lib:replace: Only include <sys/mount.h> on non-Linux systems
Details at:
https://sourceware.org/glibc/wiki/Release/2.36#Usage_of_.3Clinux.2Fmount.h.3E_and_.3Csys.2Fmount.h.3E

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15132

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Aug  2 11:05:14 UTC 2022 on sn-devel-184
2022-08-02 11:05:14 +00:00
Andreas Schneider
9459f85511 Revert "lib:replace: Remove <sys/mount.h> from filesys.h"
This reverts commit 7a6bd22798.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15132

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2022-08-02 10:11:35 +00:00
Andreas Schneider
7a6bd22798 lib:replace: Remove <sys/mount.h> from filesys.h
You need to be careful if you include <sys/mount.h> or <linux/mount.h>
at least since glibc 2.36.

Details at:
https://sourceware.org/glibc/wiki/Release/2.36#Usage_of_.3Clinux.2Fmount.h.3E_and_.3Csys.2Fmount.h.3E

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15132

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Guenther Deschner <gd@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jul 29 13:08:36 UTC 2022 on sn-devel-184
2022-07-29 13:08:36 +00:00
Andreas Schneider
cc1cac9423 lib:util: Add generate_random_u64_range()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-07-28 11:51:29 +00:00
Andreas Schneider
9fcd1b7498 lib:util: Remove trailing whitespaces in samba_util.h
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-07-28 11:51:29 +00:00
Andreas Schneider
3d6b9ca852 lib:crypto: Add test for pbkdf2
This is just that we use the right parameters for gnutls_pbkdf2() and
reach the values from Windows.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-07-28 11:51:29 +00:00