samba-mirror

mirror of https://github.com/samba-team/samba.git synced 2025-01-05 09:18:06 +03:00

Author	SHA1	Message	Date
Stefan Metzmacher	319836ce9e	lib/addns: remove unused kerberos/gssapi includes in dns.h Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-06-06 02:13:32 +00:00
Jo Sutton	38cfdb6623	ldb: Fix typo Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-06-04 19:49:36 +00:00
Volker Lendecke	6b3135078e	lib: Align an integer type Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Tue Jun 4 08:16:58 UTC 2024 on atb-devel-224	2024-06-04 08:16:58 +00:00
Volker Lendecke	5ae1605fc2	lib: Fix an error path memleak Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-06-04 07:11:35 +00:00
Volker Lendecke	0321f31a8e	lib: Use talloc_asprintf_addbufin _ber_read_OID_String_impl Just one NULL check required Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-06-04 07:11:35 +00:00
Volker Lendecke	4313add2bf	lib: Use unsigned long in ber_write_OID_String This is what smb_strtoul returns, so use it. Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-06-04 07:11:35 +00:00
Volker Lendecke	df30ec83c9	lib: Use cli_credentials_add_gensec_features in a few places Capture a common pattern Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-06-04 07:11:35 +00:00
Douglas Bagnall	98b443d903	fuzzing: fix fuzz_stable_sort_r_unstable comparison Credit to OSS-Fuzz. REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=69176 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Volker Lendecke <vl@samba.org> Autobuild-Date(master): Fri May 31 05:29:08 UTC 2024 on atb-devel-224	2024-05-31 05:29:08 +00:00
Douglas Bagnall	564b0a21ce	tdb:pytests: remove unused Py2 test branches Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-05-31 00:25:33 +00:00
Douglas Bagnall	037e7ae9c5	ldb-samba:pytest: remove unused variable Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-05-31 00:25:33 +00:00
Douglas Bagnall	0fcba46957	talloc:pytest: remove tests that only test Python 2 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-05-31 00:25:33 +00:00
Douglas Bagnall	a0a025d902	tdb:pytdb:_tdb_text: remove Py2 compatibility code Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-05-31 00:25:33 +00:00
Douglas Bagnall	d6581d213d	ldb: move struct ldb_debug_ops to ldb_private.h Only accessed through struct ldb_context -> debug_ops, which is already private. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Thu May 23 00:19:30 UTC 2024 on atb-devel-224	2024-05-23 00:19:30 +00:00
Douglas Bagnall	6dd68d8978	ldb: move struct ldb_utf8_fns to ldb_private.h It is only accessed via ldb functions that find it on the already-private struct ldb_context. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-05-22 23:12:32 +00:00
Douglas Bagnall	b6974030e6	lib/fuzzing: add fuzz_strncasecmp_ldb As well as checking for the usual overflows, this asserts that strncasecmp_ldb is always transitive, by splitting the input into 3 pieces and comparing all pairs. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-05-22 23:12:32 +00:00
Douglas Bagnall	b22e1d3207	ldb: don't cast to unsigned for ldb_ascii_toupper() Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-05-22 23:12:32 +00:00
Douglas Bagnall	e33a0dd70f	ldb: ldb_set_utf8_functions follows README.Coding Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-05-22 23:12:32 +00:00
Douglas Bagnall	4a6a1d1f0a	ldb: deprecate ldb_set_utf8_fns Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-05-22 23:12:32 +00:00
Douglas Bagnall	42ae85d70a	ldb: remove old ldb_comparison_fold_utf8_broken() There are no callers. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-05-22 23:12:32 +00:00
Douglas Bagnall	960724a06e	ldb: ldb_comparison_fold always uses the casecmp function Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-05-22 23:12:32 +00:00
Douglas Bagnall	edabb9f4cb	ldb-samba: use ldb_comparison_fold_utf8() This means ldb-samba/dsdb comparisons will be case-insensitive for non-ASCII UTF-8 characters (within the bounds of the 16-bit casefold table). And they will remain transitive. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-05-22 23:12:32 +00:00
Douglas Bagnall	0becc8a90c	ldb-samba: add ldb_comparison_fold_utf8, wrapping strncasecmp_ldb Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-05-22 23:12:32 +00:00
Douglas Bagnall	f9797950fd	util:charset: strncasecmp_ldb avoids iconv for ASCII This is a common case, and we can save a bit of work. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-05-22 23:12:32 +00:00
Douglas Bagnall	55397514db	util:charset: strncasecmp_ldb degrades to ASCII strncasecmp If strncasecmp_ldb() encounters invalid utf-8 bytes, it compares those as greater than any valid bytes (that is, it sorts them to the end of the list). If an invalid sequence is encountered in both strings at once, the rest of the strings are now compared using the default ldb_comparison_fold rules, as implemented in ldb_comparison_fold_ascii(). That is, each byte is compared individually, [a-z] are translated to [A-Z], and runs of spaces are collapsed into single spaces. There is no perfect answer in this case, but this solution is stable, fine-grained, and probably close to what is expected. This byte-by-byte comparison is equivalent to a utf-8 comparison without case-folding of multibyte codes. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-05-22 23:12:32 +00:00
Douglas Bagnall	eb91e3437b	util:charset: add strncasecmp_ldb() This is a function for comparing strings in a way that suits a case-insenstive syntaxes in LDB. We have it here, rahter than in LDB itself, because it needs the upcase table. By default uses ASCII-only comparisons. SSSD and OpenChange use it in that configuration, but Samba replaces the comparison and casefold functions with Unicode aware versions. Until now Samba has done that in a bad way; this will allow it to do better. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-05-22 23:12:32 +00:00
Douglas Bagnall	7cc3c56293	ldb: ldb_set_utf8_default() sets comparison function The default is ASCII only, which is used by SSSD and OpenChange. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-05-22 23:12:32 +00:00
Douglas Bagnall	6c27284f7e	ldb: ldb_comparison_fold_ascii sorts unsigned Typically in 8-bit character sets, those with the 0x80 bit set are seen as 288-255, not negative numbers. This will sort them after 'Z', not before 'A'. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-05-22 23:12:32 +00:00
Douglas Bagnall	92275e2794	ldb: add ldb_comparison_fold_ascii() for default comparisons This function is made from the ASCII-only bits of the old ldb_comparison_fold() -- that is, what you get if you never follow a `goto utf8str` jump. It comparse the bytes, but collapses spaces and maps [a-z] to [A-Z]. This does exactly what ldb_comparison_fold_utf8_broken() would do in situations where ldb_casfold() calls ldb_casefold_default(). That means SSSD. The comparison is probably using signed char, so high bytes are actually low bytes. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-05-22 23:12:32 +00:00
Douglas Bagnall	947f977acb	ldb: ldb_comparison_fold uses the utf-8 casecmp function But only if it is set, which it never is (so far). Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-05-22 23:12:32 +00:00
Douglas Bagnall	ae7ca36830	ldb: add ldb_set_utf8_functions() for setting casefold functions This replaces ldb_set_utf8_fns(), which will be deprecated really soon. The reason for this, as shown in surrounding commits, is that without an explicit case-insensitive comparison we need to rely on the casefold, and if the casefold can fail (because, e.g. bad utf-8) the comparison ends up being a bit chaotic. The strings being compared are generally user controlled, and a malicious user might find ways of hiding values or perhaps fooling a binary search. A case-insensitive comparisons that works gradually through the string without an all-at-once casefold is better placed to deal with problems where they happen, and we are able to separately specialise for the ASCII case (used by SSSD) and the UTF-8 case (Samba). Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-05-22 23:12:32 +00:00
Douglas Bagnall	1624ac7a98	ldb: move ldb_comparison_fold guts into a separate function We're going to make this use a configurable pointer. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-05-22 23:12:32 +00:00
Douglas Bagnall	278a3c7f7c	ldb: add a utf-8 comparison fold callback This isn't used yet, but it will allow library users to select a case-insensitive comparison function that matches their chosen casefold. This will allow the comparisons to be consistent when the strings are bad, whereas currently we kind of guess. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-05-22 23:12:32 +00:00
Douglas Bagnall	f9fbc7a506	lib/util/charset: be explicit about INVALID_CODEPOINT value Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-05-22 23:12:32 +00:00
Douglas Bagnall	023a7ce7d5	ldb: add test_ldb_comparison_fold Currently this fails like this: test_ldb_comparison_fold_default_common: 118 errors out of 256 test_ldb_comparison_fold_default_ascii: 32 errors out of 100 test_ldb_comparison_fold_utf8_common: 40 errors out of 256 test_ldb_comparison_fold_utf8: 28 errors out of 100 Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-05-22 23:12:32 +00:00
Andreas Schneider	758bb9aacd	docs-xml: Add smb.conf option 'dns hostname' Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-05-22 20:33:36 +00:00
Douglas Bagnall	c729955684	lib/fuzzing: fuzz_stable_sort_r_unstable tries to catch overrun Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-05-22 04:23:29 +00:00
Volker Lendecke	0fe1a6e9da	lib: Use struct initialization Make sure everything is initialized Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-05-22 04:23:29 +00:00
Jo Sutton	fbdeb4b0b4	lib:crypto: Add constant denoting maximum GKDI clock skew in minutes Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-05-16 02:11:36 +00:00
Jo Sutton	359b3b6321	lib:fuzzing: Fix undefined shift ../../lib/fuzzing/fuzz_stable_sort_r_unstable.c:47:22: runtime error: left shift of negative value -34 Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-05-16 02:11:36 +00:00
Jo Sutton	be076b3097	lib:fuzzing: Remove unused variable Signed-off-by: Jo Sutton <josutton@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>	2024-05-16 02:11:36 +00:00
Earl Chew	68a1200f66	Restore empty string default for conf.env['icu-libs'] The reworked ICU libraries configuration code used [] as default for conf.env['icu-libs']. This breaks dependency analysis in samba_deps.py because SAMBA_SUBSYSTEM() expects deps to be a string. Signed-off-by: Earl Chew <earl_chew@yahoo.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Volker Lendecke <vl@samba.org> Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org> Autobuild-Date(master): Tue May 14 14:44:06 UTC 2024 on atb-devel-224	2024-05-14 14:44:06 +00:00
Stefan Metzmacher	1ca6fb563b	lib/replace: make sure krb5_cc_default[_name]() is no longer used directly Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org> Autobuild-User(master): Stefan Metzmacher <metze@samba.org> Autobuild-Date(master): Tue May 14 11:22:28 UTC 2024 on atb-devel-224	2024-05-14 11:22:28 +00:00
Stefan Metzmacher	eb6dc35a70	krb5_wrap: let smb_krb5_renew_ticket() use smb_force_krb5_cc_default_name() Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2024-05-14 10:18:31 +00:00
Stefan Metzmacher	f850bcfc0b	krb5_wrap: add smb_force_krb5_cc_default[_name]() wrappers If we touch the global krb5_ccache we want to make that explicit, so calling krb5_cc_default[_name] will result in an error during the next patches. Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2024-05-14 10:18:31 +00:00
Stefan Metzmacher	70f9e3a056	krb5_wrap: let ads_krb5_cli_get_ticket() require an explicit krb5 ccache Reviewed-by: Andreas Schneider <asn@samba.org> Signed-off-by: Stefan Metzmacher <metze@samba.org>	2024-05-14 10:18:31 +00:00
Stefan Metzmacher	c95a2785e2	lib/addns: rewrite signed dns update code to use gensec instead of plain gssapi Signed-off-by: Stefan Metzmacher <metze@samba.org> Reviewed-by: Andreas Schneider <asn@samba.org>	2024-05-14 10:18:31 +00:00
Andreas Schneider	ca90f213a2	lib:krb5_wrap: Implement smb_gss_mech_import_cred() Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>	2024-05-14 10:18:31 +00:00
Earl Chew	05807488fd	Combine ICU libraries icu-i18n and icu-uc into a single dependency Rather than probing for icu-i18n, icu-uc, and icudata libraries separately, only probe for icu-i18n, and icu-uc, as direct dependencies This avoids overlinking with icudata, and allows the package to build even when ICU is not installed as a system library. RN: Only use icu-i18n and icu-uc to express ICU dependency BUG: https://bugzilla.samba.org/show_bug.cgi?id=15623 Signed-off-by: Earl Chew <earl_chew@yahoo.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>	2024-05-10 00:26:35 +00:00
Earl Chew	363c331857	Augment library_flags() to return libraries Extend library_flags() to return the libraries provided by pkg-config --libs. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15623 Signed-off-by: Earl Chew <earl_chew@yahoo.com> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>	2024-05-10 00:26:35 +00:00
Douglas Bagnall	9844ac289b	ldb-samba: ldif_read_objectSid avoids VLA I don't think this variable length array is any trouble, but people complain about them (e.g. https://nullprogram.com/blog/2019/10/27/) because they make things more complex at run-time, and this is a somewhat performance sensitive path. DOM_SID_STR_BUFLEN + 1 is 191 -- if that stack allocation is going to cause trouble, then so was the VLA <= that. Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Andrew Bartlett <abartlet@samba.org> Autobuild-Date(master): Wed May 8 00:26:42 UTC 2024 on atb-devel-224	2024-05-08 00:26:42 +00:00

1 2 3 4 5 ...

8775 Commits