1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
Commit Graph

8539 Commits

Author SHA1 Message Date
Douglas Bagnall
5c007600dc util/base64: add a note about zero length strings
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:38 +00:00
Douglas Bagnall
c3ded9d934 lib/fuzzing:fuzz_sddl_access_check fix nul-term check
We were wanting to ensure the string contains a zero byte, but
instead were checking for a non-zero byte.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:38 +00:00
Douglas Bagnall
5c81f34935 lib/fuzzing: LLVMFuzzerTestOneInput() takes const uint8_t*
We have been using `uint8_t *`, which works fine as far as
linking goes, but leads fuzz target developers to sometimes
forget why they can't just modify the passed in string instead of
copying it for modification (e.g. to NUL-terminate).

REF: https://llvm.org/docs/LibFuzzer.html#fuzz-target

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:38 +00:00
Joseph Sutton
8ff5c51419 lib/util: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:37 +00:00
Joseph Sutton
6ee008d2d9 lib:socket: Add missing newlines to logging messages
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:37 +00:00
Joseph Sutton
ea888d6901 lib:mscat: Add missing newlines to logging messages
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:37 +00:00
Joseph Sutton
f14d5a0187 talloc: Fix typo
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:37 +00:00
Joseph Sutton
355fd3c7bf lib:charset: Update NUM_CHARSETS to reflect true value
CH_DISPLAY was removed in commit
125a2ff262, but NUM_CHARSETS was not
updated to match.

By assigning to NUM_CHARSETS the last enumeration value in charset_t, we
guard against its falling out of sync again.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:37 +00:00
Joseph Sutton
150d457b55 ldb: Work around inconsistent behaviour in PyObject_AsMessageElement()
PyObject_AsMessageElement() has ‘flags’ and ‘attr_name’ parameters to
set properties of the returned MessageElement, but they apply only
*sometimes*.

‘attr_name’ not being set can result in cryptic and misleading error
messages from various ldb operations.

Changing the function’s behaviour to be more consistent could break
existing code, so we work around the issue instead.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:37 +00:00
Joseph Sutton
d278f97d5e ldb: Clarify documentation for PyObject_AsMessageElement()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:37 +00:00
Joseph Sutton
77015f3ca0 ldb: Don’t leak ‘el’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:37 +00:00
Joseph Sutton
229d270deb ldb: Check talloc_zero_array() return value
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:37 +00:00
Joseph Sutton
dc89fabbb5 ldb: Don’t leak ‘msg’
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:37 +00:00
Joseph Sutton
5820558592 ldb: Check talloc_strdup() return value
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:37 +00:00
Joseph Sutton
41e0951d91 ldb: Don’t decrement reference count until object is no longer needed
If ‘tmp’ happens to be garbage-collected, ‘name’ will become invalid.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:37 +00:00
Joseph Sutton
1cb91c6a78 ldb: Fix leaks
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:37 +00:00
Joseph Sutton
d5c309a547 ldb: Account for ‘name’ possibly being NULL
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:37 +00:00
Joseph Sutton
6ce9c6a306 ldb: Don’t pass NULL pointer into strcasecmp()
Doing so is undefined behaviour.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:37 +00:00
Joseph Sutton
f47aef7743 python: Use correct function signatures
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:37 +00:00
Joseph Sutton
8090e59541 lib/ldb-samba: Add missing newline to logging message
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:36 +00:00
Joseph Sutton
5c67b45221 lib/util: Add missing newlines to logging messages
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:36 +00:00
Joseph Sutton
aa9ca51946 lib/replace: Const-qualify sys_errlist
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:36 +00:00
Joseph Sutton
8ed6955365 lib:dbwrap: Remove unneeded space in debug message
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-08-08 04:39:36 +00:00
Andreas Schneider
edcebcd48a lib:tevent: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-08-03 14:31:34 +00:00
Andreas Schneider
d0b2c27d2f lib:fuzzing: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-08-03 14:31:34 +00:00
Andrew Bartlett
5cc861603a lib/util: Move DEBUG() calls in gendb_search_v to common levels and new DBG_*() pattern
This moves success logs 6 -> 10, failure logs 4 -> 5.

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2023-07-31 10:56:54 +00:00
Pavel Filipenský
c58a714232 lib:krb5_wrap: Fix resource leak in smb_krb5_kt_seek_and_delete_old_entries
Reported by Red Hat internal covscan
leaked_storage: Variable "cursor" going out of scope leaks the storage it points to.

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-07-31 10:56:54 +00:00
Jule Anger
7319c7596e ldb: change the version to 2.9.0 for Samba 4.20
Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Fri Jul 28 11:49:02 UTC 2023 on atb-devel-224
2023-07-28 11:49:02 +00:00
Jule Anger
94f11c3c21 ldb: release 2.8.0 for use in Samba 4.19.x
* CVE-2023-0614 Not-secret but access controlled LDAP attributes can be discovered (bug 15270)
* pyldb: Raise an exception if ldb_dn_get_parent() fails
* Implement ldap_whoami in pyldb and add the RFC4532 LDB_EXTENDED_WHOAMI_OID definition
* Documentation and spelling fixes
* Add ldb_val -> bool,uint64,int64 parsing functions
* Split out ldb_val_as_dn() helper function
* add LDB_CHANGETYPE_MODRDN support to ldb_ldif_to_pyobject()
* add LDB_CHANGETYPE_DELETE support to ldb_ldif_to_pyobject()
* let ldb_ldif_parse_modrdn() handle names without 'rdn_name=' prefix
* Don't create error string if there is no error
* Avoid allocation and memcpy() for every wildcard match candidate
* Make ldb_msg_remove_attr O(n)
* pyldb: Throw error on invalid controls
* pyldb: remove py2 ifdefs
* Call tevent_set_max_debug_level(TEVENT_DEBUG_TRACE)

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Jule Anger <janger@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
2023-07-28 10:48:33 +00:00
Andrew Bartlett
e36a4149d8 librpc/idl: Remove DCOM and WMI IDL
As hinted in f2416493c0 the DCOM and WMI
IDL is now unused.  These generate code with PIDL, costing a small
amount of build time but more importantly are fuzzed, which costs an
ongoing amount of CPU time as oss-fuzz tries to find parsing issues.

We do not need to continue this waste, and these can be restored
if this effort is ever to start again.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-07-28 10:48:32 +00:00
Pavel Filipenský
c5778a0fbd krb5_wrap: add krb5_free_string()
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-07-28 10:48:32 +00:00
Pavel Filipenský
75139445c2 krb5_wrap: add krb5_free_enctypes()
MIT Kerberos implements krb5_free_enctypes(), Heimdal is missing it and
offers krb5_xfree() instead.
This introduces a wrapper krb5_free_enctypes() around krb5_xfree() for
Heimdal.

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-07-28 10:48:32 +00:00
Andrew Bartlett
76ad44f446 lib/cmdline: Also redact --newpassword in samba_cmdline_burn()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15289

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jul 21 06:16:30 UTC 2023 on atb-devel-224
2023-07-21 06:16:30 +00:00
Andrew Bartlett
414b3803bb lib/cmdline: Also burn the --password2 parameter if given
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15289

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-07-21 05:23:32 +00:00
Andrew Bartlett
848fea1a01 lib/cmdline: Return if the commandline was redacted in samba_cmdline_burn()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15289

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-07-21 05:23:32 +00:00
Andrew Bartlett
3109899299 lib/fault: During smb_panic() print process comment and setprocname() title
The purpose of this is to make it clear which part of the AD DC (in particular)
has faulted without having to deduce it from the stacktrace.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-07-21 01:25:37 +00:00
Stefan Metzmacher
24120728bb ldb: call tevent_set_max_debug_level(TEVENT_DEBUG_TRACE) together with ldb_tevent_debug()
This means ldb_tevent_debug() is only called for TEVENT_DEBUG_TRACE.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-07-19 08:02:33 +00:00
Stefan Metzmacher
0031a102c3 lib/util: call tevent_set_max_debug_level() in samba_tevent_set_debug()
This means samba_tevent_debug() is only called when needed.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-07-19 08:02:33 +00:00
Stefan Metzmacher
6a80d170bc tevent: version 0.15.0
- remove py2 ifdefs
- python: Safely clear structure members
- the tevent_thread_call_depth API is updated
  in order to allow better tracing.
- add tevent_set_max_debug_level() only and don't
  pass TEVENT_DEBUG_TRACE to tevent_debug() callbacks by default.
- Spelling fixes
- Make use of epoll_create1() for epoll backend
- Optimize overhead in the epoll backend

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-07-19 08:02:33 +00:00
Stefan Metzmacher
0ddf8b5645 tevent: add tevent_common_fd_str() helper
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-07-19 08:02:33 +00:00
Stefan Metzmacher
2645be60d7 tevent: avoid calling epoll_update_event() again if epoll_check_reopen() already did it
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-07-19 08:02:33 +00:00
Stefan Metzmacher
e9d9809734 tevent: let epoll_check_reopen() clear all events before reopening them
This is clearer for multiplexed fdes as it means both sides are
already cleared before we call epoll_update_event() again.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-07-19 08:02:33 +00:00
Stefan Metzmacher
3217d5dc1d tevent: avoid epoll_check_reopen() overhead unless required
The preparation, function call and cleanup for epoll_check_reopen()
is quite some overhead and not needed most of the time!

So check the pid in the caller avoids most of it.

Review with: git show -w

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-07-19 08:02:33 +00:00
Stefan Metzmacher
d94b9c8124 tevent: make use of TEVENT_DEBUG() when using TEVENT_DEBUG_TRACE
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-07-19 08:02:33 +00:00
Stefan Metzmacher
812313f1c8 tevent: add TEVENT_DEBUG() avoid argument overhead when log is not active...
It can be very costly to calculate the arguments passed to
tevent_debug(), just to drop the message within tevent_debug()
or the callback function.

So we add a way to avoid the overhead, it will be used in the
next commits.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-07-19 08:02:33 +00:00
Stefan Metzmacher
2c78a4f527 tevent: introduce tevent_set_max_debug_level() (default TEVENT_DEBUG_WARNING)
Allow an application to decide which log levels it wants to get
in the callback function passed to tevent_set_debug().

By default TEVENT_DEBUG_WARNING is the maximal reported level
and TEVENT_DEBUG_TRACE message no longer reach the callback function
by default.

It seems Samba is the only consumer of tevent_set_debug(), so it
should not be a huge problem, as Samba only reports TEVENT_DEBUG_TRACE
message with log level 50 anyway. And future Samba versions will
call tevent_set_max_debug_level() if needed.

Note the change to tevent-0.14.1.sigs will be reverted
with the release of tevent 0.15.0.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-07-19 08:02:33 +00:00
Stefan Metzmacher
86140d7c38 tevent: add fd_speed test
This is similar to the "context" test, but without signal handlers.

It also creates a constant load instead of being time limited,
which makes it useful to analyse using callgrind and other tools.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-07-19 08:02:33 +00:00
Pavel Filipenský
d7b29125c0 tevent: Flow: add tevent_thread_call_depth_set_callback()
Note the tevent-0.14.1.sigs changes will be reverted in
the 'tevent 0.15.0' commit.

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-07-19 08:02:33 +00:00
Stefan Metzmacher
0c4d6e630f tevent: Flow: store cleanup function name in tevent_req
Note the tevent-0.14.1.sigs changes will be reverted in
the 'tevent 0.15.0' commit.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2023-07-19 08:02:33 +00:00
Stefan Metzmacher
85e43e70b2 tevent: Flow: store cancel function name in tevent_req
Note the tevent-0.14.1.sigs changes will be reverted in
the 'tevent 0.15.0' commit.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Pavel Filipenský <pfilipensky@samba.org>
2023-07-19 08:02:33 +00:00
Pavel Filipenský
5e83691d1e tevent: Flow: store trigger function name in tevent_queue_entry
Note the tevent-0.14.1.sigs changes will be reverted in
the 'tevent 0.15.0' commit.

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-07-19 08:02:33 +00:00
Pavel Filipenský
deec9994eb tevent: Flow: store callback function name in tevent_req
Note the tevent-0.14.1.sigs changes will be reverted in
the 'tevent 0.15.0' commit.

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-07-19 08:02:33 +00:00
Pavel Filipenský
fb3a9cd732 tevent: Flow: pass function name to tevent_req_create()
Note the tevent-0.14.1.sigs changes will be reverted in
the 'tevent 0.15.0' commit.

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-07-19 08:02:33 +00:00
Pavel Filipenský
1c9e9f4604 tevent: Deprecate some tevent_thread_call_depth_*() functions
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-07-19 08:02:33 +00:00
Pavel Filipenský
e9f38f6e6d tevent: Move definition of _DEPRECATED_ to the top of tevent.h
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-07-19 08:02:33 +00:00
Stefan Metzmacher
c1124ec8e5 tevent: add tevent_dlinklist.h as copy from lib/util/dlinklist.h
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-07-19 08:02:33 +00:00
Stefan Metzmacher
e3c77030fe lib/util: dlinklist.h sync with LGPL copy from lib/ldb/include/dlinklist.h
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-07-19 08:02:33 +00:00
Stefan Metzmacher
8edb16a396 ldb: clarify LGPL scope of include/dlinklist.h
Removing the explicit notice about ldb in order to
have the same content in all copies of dlinklist.h
in the next commits.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-07-19 08:02:33 +00:00
Stefan Metzmacher
18e18006ad ldb: remove trailing whitespaces from include/dlinklist.h
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-07-19 08:02:33 +00:00
Dmitry Antipov
a665d44f22 tevent: rely on epoll_create1() for epoll interface
Prefer epoll_create1(2) over epoll_create(2) and
always require the former to use epoll(7) interface,
thus saving extra fcntl(2) call to set FD_CLOEXEC.

Signed-off-by: Dmitry Antipov <dantipov@cloudlinux.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-07-19 08:02:33 +00:00
Dmitry Antipov
0daa9ebc23 lib:replace: rely on epoll_create1() for epoll interface
Prefer epoll_create1(2) over epoll_create(2) and
always require the former to use epoll(7) interface.

Signed-off-by: Dmitry Antipov <dantipov@cloudlinux.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-07-19 08:02:33 +00:00
Stefan Metzmacher
b649c7d3c2 tdb: release 1.4.9
* Remove remaining, but broken python2 support
* Spelling fixes
* python: Safely clear structure members

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-07-19 08:02:33 +00:00
Stefan Metzmacher
791e2817e1 talloc: release 2.4.1
* Remove remaining, but broken python2 support
* Spelling fixes
* Remove unneeded va_copy()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-07-19 08:02:33 +00:00
Douglas Bagnall
f050124a96 lib/fuzzing: patch for collecting fuzz_security_token_vs_descriptor seeds
If this patch is applied, and an environment variable is set, all
access_check calls will be recorded as seeds for
fuzz_security_token_vs_descriptor. See the patch for details.

You probably will never want to apply this patch, but it is here just
in case.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-07-19 03:31:30 +00:00
Douglas Bagnall
9ea606dad1 lib/fuzzing: adapt fuzz_sddl_access_check for AD variant
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-07-19 03:31:30 +00:00
Douglas Bagnall
89b02bad3e lib/fuzzing: adapt fuzz_security_token_vs_descriptor for AD variant
This of course doesn't exercise the object tree or default SID code,
but it still covers a lot to the *_ds access_check functions.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-07-19 03:31:30 +00:00
Douglas Bagnall
eb2bed3899 lib/fuzzing: add fuzzer for arbitrary token/sd access checks
The token and descriptor are stored in NDR format; for this purpose we
add a new IDL struct containing this pair (along with a desired access
mask).

An upcoming commit will show how to collect seeds for this fuzzer.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-07-19 03:31:30 +00:00
Douglas Bagnall
5ad28bd760 lib/fuzzing: add fuzz_sddl_access_check
This fuzzer parses SDDL into a security descriptor and runs an access
check on it using a known security token. This is purely for crash
detection -- we don't know enough to assert whether the check should
succeed or not.

The seed strings used are compatible with those of fuzz_sddl_parse --
anything found by fuzz_sddl_parse is worth trying as a seed here, and
vice versa.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-07-19 03:31:30 +00:00
Douglas Bagnall
05e2ec1d8b configure: ensure sizeof(int) >= 4
There are multiple places we make this assumption. For example, in
source3/lib/tldap.c, we have this line

      if (ld->msgid == 2147483647) {

where ld->msgid is an int. And in librpc/idl/security.idl we have
several lines like:

      const int SEC_MASK_GENERIC        = 0xF0000000;

In lib/replace/inet_pton.c and inet_ntop.c we have

  /*
   * WARNING: Don't even consider trying to compile this on a system where
   * sizeof(int) < 4.  sizeof(int) > 4 is fine; all the world's not a VAX.
   */

but no attempt to enforce that as far as I can see, until now.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Jul 11 22:44:15 UTC 2023 on atb-devel-224
2023-07-11 22:44:15 +00:00
Andrew Bartlett
acd081a70d build: Remove unused check for SHA1_Update and SHA1_RENAME_NEEDED
I can not find the code that required this, even in the history.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jun 30 14:59:46 UTC 2023 on atb-devel-224
2023-06-30 14:59:46 +00:00
Andrew Bartlett
11b3c6826d Remove redundant check and fallback for AES CMAC 128 as we now require GnuTLS 3.6.13
This allows us to remove a lot of conditionally compiled code and so
know with more certainly that our tests are covering our code-paths.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-06-30 14:00:38 +00:00
Andrew Bartlett
95c843de92 crypto: Remove aesni-intel accelerated AES crypto functions
These will shortly be unused as we will rely on GnuTLS for all AES cryptography
now that we require GnuTLS 3.6.13

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-06-30 14:00:38 +00:00
Andrew Bartlett
055318d7e7 Remove rudundent check for gnutls_pkcs7_get_embedded_data_oid as we now require GnuTLS 3.6.13
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-06-30 14:00:38 +00:00
Andrew Bartlett
eda1022b59 crypto: Rely on GnuTLS 3.6.13 and gnutls_pbkdf2()
This removes a lot of inline #ifdef and means this feature is always tested.

We can do this as we have chosen GnuTLS 3.6.13 as the new minimum version.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-06-30 14:00:38 +00:00
Joseph Sutton
f9c55b84ef lib:audit_logging: Add function to return the JSON null object
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-25 23:29:32 +00:00
Christof Schmitt
34b9c54ff2 gpfswrap: Add wrapper for gpfs_register_cifs_export
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15381

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-06-25 15:09:34 +00:00
Stefan Metzmacher
48cc2862c2 docs-xml/smbdotconf: also allow 2012[_R2] for 'ad dc functional level'
We may not jump to 2016 directly...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-21 19:08:37 +00:00
Volker Lendecke
a4972336f1 lib: Add a few required #includes
You find them if you try to #include these files directly

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-06-16 16:14:30 +00:00
Joseph Sutton
9325c14b7e lib:audit_logging: Add function to create JSON object containing auditing information
This can be included in logged authentications and authorizations.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-15 05:29:28 +00:00
Joseph Sutton
f8f0ee5354 param: Remove reference to unrecognized parameter ‘directory name cache size’
This parameter was removed in commit
c37d6be2db.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-14 22:57:35 +00:00
Joseph Sutton
2eda24663f pyldb: Check for allocation failure in py_ldb_dn_get_parent()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-14 22:57:35 +00:00
Joseph Sutton
5905a63307 pyldb: Raise an exception if ldb_dn_get_parent() fails
Such a failure could be caused by situations other than memory errors,
but a simple indication of failure is all that ldb_dn_get_parent() gives
us to work with.

We keep the old behaviour of returning None if the DN has no components,
which an existing test (ldb.python.api.DnTests.test_parent_nonexistent)
expects.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-06-14 22:57:35 +00:00
Pavel Filipenský
d8f7d244f4 lib:dbwrap: Add dbwrap_merge_dbs()
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-06-13 12:15:32 +00:00
Pavel Filipenský
6bdd29a7a4 lib:dbwrap: Fix trailing whitespace in lib/dbwrap/dbwrap.h
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-06-13 12:15:32 +00:00
Stefan Metzmacher
77c925681d lib/replace: check for valgrind/callgrind.h
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2023-06-01 07:20:31 +00:00
Stefan Metzmacher
bfb1494e81 lib/util: use RUNNING_ON_VALGRIND to check if valgrind is used
We should not skip all of close_low_fd() just because we
detected valgrind headers at build time.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2023-06-01 07:20:31 +00:00
Joseph Sutton
c9e12a8d98 pyldb: Fix leak
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-05-24 00:50:31 +00:00
Joseph Sutton
3ce2803f6d lib:audit_logging:tests: Check return value of json_new_{object,array}()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-05-24 00:50:31 +00:00
Joseph Sutton
281b616ac7 lib:audit_logging: Check return value of json_new_object()
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-05-24 00:50:31 +00:00
Joseph Sutton
32b49d8a56 lib:audit_logging: Fix typo in log message
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-05-18 01:03:37 +00:00
Joseph Sutton
d7b68236ec lib:audit_logging: Add function to add a formatted time value to a JSON message
json_add_timestamp() is limited to adding a ‘timestamp’ field with the
current time. The new function can add an arbitrary timestamp with an
arbitrary field name.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-05-18 01:03:37 +00:00
Joseph Sutton
0080148483 lib:audit_logging: Add function to add an optional boolean value to a JSON message
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-05-18 01:03:37 +00:00
Joseph Sutton
4440f1db54 lib:audit_logging: Add function to add flags to a JSON message
This replaces a couple of calls to snprintf() in
log_authentication_event_json() and log_successful_authz_event_json()
respectively.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-05-18 01:03:37 +00:00
Joseph Sutton
f573177c35 python: Safely clear structure members
Using Py_CLEAR() ensures that these structures are observed in a
consistent state by any Python code that may run during deconstruction.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-05-16 23:29:32 +00:00
Dmitry Antipov
cea9b25571 lib:util: prefer size_t for random data generation functions
Prefer 'size_t' over 'int' in generate_random_buffer(),
generate_secret_buffer() and generate_nonce_buffer() to
match an underlying gnutls_rnd() calls.

Signed-off-by: Dmitry Antipov <dantipov@cloudlinux.com>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-05-16 23:29:32 +00:00
Andrew Bartlett
e5c3e076c8 param: Add new parameter "ad dc functional level"
This allows the new unsupported functional levels to be unlocked, but with an smb.conf
option that is easily seen.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-05-16 23:29:32 +00:00
Dmitry Antipov
46ae5568fa lib:ldb: do not offset against NULL pointer in ldb_ldif_read()
Fix the following error observed running samba.test.registry
compiled with clang-17 and UBsan:

lib/ldb/common/ldb_ldif.c:881:9: runtime error: applying non-zero offset 137438953440 to null pointer
    #0 0x7faa0eb3932f in ldb_ldif_read lib/ldb/common/ldb_ldif.c:881
    #1 0x7faa0eb3aec6 in ldb_ldif_read_string lib/ldb/common/ldb_ldif.c:1004
    #2 0x7faa077ed759 in dsdb_set_schema_from_ldif source4/dsdb/schema/schema_set.c:1113
    #3 0x7faa068fcbbf in py_dsdb_set_schema_from_ldif source4/dsdb/pydsdb.c:929
    #4 0x7faa1d1d4507 in cfunction_call (/lib64/libpython3.11.so.1.0+0x1d4507)
    [... a lot of Python calls skipped...]

I.e. number of elements should be checked against zero
before making an attempt to access an element by index.

Signed-off-by: Dmitry Antipov <dantipov@cloudlinux.com>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-05-09 01:59:32 +00:00
Joseph Sutton
2eb458118c lib:addns: Don’t call memcpy() with a NULL pointer
Doing so is undefined behaviour.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-05-05 02:54:31 +00:00
Joseph Sutton
443d70ee58 lib:util: Fix undefined bitshift
runtime error: left shift of 65535 by 16 places cannot be represented in type 'int'

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-05-05 02:54:31 +00:00
Douglas Bagnall
9ab0d65fc0 lib/fuzzing: add fuzzer for sddl_parse
Apart from catching crashes in the actual parsing, we abort if the SD
we end up with will not round trip back through SDDL to an identical
SD.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-28 02:15:36 +00:00
Andreas Schneider
3e6a6c00cc lib:krb5_wrap: Fix debug statements when princ_s is NULL
In file included from source4/include/includes.h:61,
                 from lib/krb5_wrap/krb5_samba.c:23:
lib/krb5_wrap/krb5_samba.c: In function ‘smb_krb5_kt_seek_and_delete_old_entries’:
lib/util/debug.h:200:12: error: ‘%s’ directive argument is null [-Werror=format-overflow=]
  200 |        && (dbgtext body) )
      |           ~^~~~~~~~~~~~~
lib/krb5_wrap/krb5_samba.c:1753:25: note: in expansion of macro ‘DEBUG’
 1753 |                         DEBUG(5, (__location__ ": Saving previous (kvno %d) "
      |                         ^~~~~
lib/util/debug.h:200:12: error: ‘%s’ directive argument is null [-Werror=format-overflow=]
  200 |        && (dbgtext body) )
      |           ~^~~~~~~~~~~~~
lib/krb5_wrap/krb5_samba.c:1763:25: note: in expansion of macro ‘DEBUG’
 1763 |                         DEBUG(5, (__location__ ": Saving entry with kvno [%d] "
      |                         ^~~~~
lib/util/debug.h:200:12: error: ‘%s’ directive argument is null [-Werror=format-overflow=]
  200 |        && (dbgtext body) )
      |           ~^~~~~~~~~~~~~
lib/krb5_wrap/krb5_samba.c:1769:17: note: in expansion of macro ‘DEBUG’
 1769 |                 DEBUG(5, (__location__ ": Found old entry for principal: %s "
      |                 ^~~~~
lib/util/debug.h:200:12: error: ‘%s’ directive argument is null [-Werror=format-overflow=]
  200 |        && (dbgtext body) )
      |           ~^~~~~~~~~~~~~
lib/krb5_wrap/krb5_samba.c:1787:17: note: in expansion of macro ‘DEBUG’
 1787 |                 DEBUG(5, (__location__ ": removed old entry for principal: "
      |                 ^~~~~

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-27 07:21:33 +00:00
Volker Lendecke
e88332cbe4 ldb: Implement ldap_whoami in pyldb
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-26 06:27:31 +00:00
Volker Lendecke
0575cc4b85 ldb: Allow extended operations through ildap
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-26 06:27:31 +00:00
Volker Lendecke
8aab8d6caf ldb: Add the RFC4532 LDB_EXTENDED_WHOAMI_OID definition
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-26 06:27:31 +00:00
Alexander Bokovoy
d5b8b804fe Add ROLE_IPA_DC into two more places
Missed two more places originally when introduced ROLE_IPA_DC.

Signed-off-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Alexander Bokovoy <ab@samba.org>
Autobuild-Date(master): Tue Apr 25 07:46:36 UTC 2023 on atb-devel-224
2023-04-25 07:46:36 +00:00
Christof Schmitt
45f026c45c debug: Only initialize gpfs wrapper when gpfs logging is enabled
This avoids unnecessary attempts to load libgpfs.so when it is not
needed.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Apr 14 12:28:23 UTC 2023 on atb-devel-224
2023-04-14 12:28:23 +00:00
Andreas Schneider
cfa53c8a80 lib:util: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-04-14 05:25:33 +00:00
Andreas Schneider
b327160377 lib:util: Remove trailing white spaces in byteorder.h
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-04-14 05:25:33 +00:00
Andreas Schneider
89d5c0dc5c lib:tsocket: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-04-14 05:25:33 +00:00
Andreas Schneider
6eed0c128c lib:tevent: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-04-14 05:25:33 +00:00
Andreas Schneider
2afd7b1bb8 lib:tdb: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-04-14 05:25:33 +00:00
Andreas Schneider
b6de03c74c lib:talloc: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-04-14 05:25:33 +00:00
Andreas Schneider
c6e1a94915 lib:socket: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-04-14 05:25:33 +00:00
Andreas Schneider
189f156c8c lib:smbconf: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-04-14 05:25:33 +00:00
Andreas Schneider
8d647f2f7c lib:replace: Fix code spelling
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-04-14 05:25:33 +00:00
Andreas Schneider
9d42ba7661 lib:replace: Remove trailing white spaces in xattr.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-04-14 05:25:33 +00:00
Joseph Sutton
44d03bf479 lib/torture: Don't overwrite test outcomes
If a test fails an assertion, and later calls torture_skip() to skip
part of the test, the TORTURE_SKIP result will overwrite the
TORTURE_FAIL result, and the overall outcome will be successful.

To avoid this, we now arrange possible outcomes in order of priority,
and ensure we always keep the higher priority one.

This reveals some failing tests.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-12 13:52:32 +00:00
Joseph Sutton
894500b670 pyldb: Handle allocation failure
If we don't check for NULL after each loop iteration, the failure could
be masked in the next iteration by talloc_asprintf_append() allocating
on the NULL context. That could result in values getting lost.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-12 13:52:31 +00:00
Joseph Sutton
6ef23456c3 ldb: Avoid undefined pointer arithmetic
Computing a pointer that points outside of an array, and not to one past
the last element, is undefined behaviour. To avoid this, do our
comparisons in terms of lengths, not pointers.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-12 13:52:31 +00:00
Joseph Sutton
aedbee5fd2 ldb: Fix function documentation to be consistent
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-12 13:52:31 +00:00
Joseph Sutton
0ff26aa0c5 ldb: Don't wrongly claim to return message elements
If the LDB_UNPACK_DATA_FLAG_NO_ATTRS flag is set, we don't return any
elements, so we should set num_elements accordingly. This ensures
callers don't try to access elements that aren't there.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-12 13:52:31 +00:00
Joseph Sutton
cb3c344a64 ldb: Remove misleading comment
That an attribute has been access checked doesn't mean that the user has
the right to view it.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-12 13:52:31 +00:00
Joseph Sutton
3d935fdcb9 ldb: Remove old misleading comments
Commit bed9efa6cd introduced
ldb_msg_add_linearized_dn() to replace ldb_msg_add_dn(), but retained
the now-incorrect associated comment. The comment later made its way
into a function added later by commit 'CVE-2022-32746 ldb: Add functions
for appending to an ldb_message'.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15008

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-12 13:52:31 +00:00
Joseph Sutton
064d8a3d12 talloc: Remove unneeded va_copy()
We don't use 'ap' again after this.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-12 13:52:31 +00:00
Joseph Sutton
90a042e9a9 talloc: Put comment back in appropriate place
This comment originally referred, not to a va_copy() call, but to the
use of &c with vsnprintf() rather than passing in NULL with a length of
zero.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-04-12 13:52:31 +00:00
Andreas Schneider
ad7418d23f lib:replace: Fix snprintf of rep_inet_ntop()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Apr 11 10:08:54 UTC 2023 on atb-devel-224
2023-04-11 10:08:54 +00:00
Andreas Schneider
f1209a7a15 lib:replace: Fix code spelling
Best reviewed with: `git show --word-diff`.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-04-11 09:06:36 +00:00
Andreas Schneider
8c32a475e4 lib:pthreadpool: Fix code spelling
Best reviewed with: `git show --word-diff`.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-04-11 09:06:36 +00:00
Andreas Schneider
25e1987e15 lib:param: Fix code spelling
Best reviewed with: `git show --word-diff`.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-04-11 09:06:36 +00:00
Andreas Schneider
4b12dc1fb5 lib:messaging: Fix code spelling
Best reviewed with: `git show --word-diff`.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-04-11 09:06:36 +00:00
Andreas Schneider
5e9bfcf4b2 lib:ldb: Fix code spelling
Best reviewed with: `git show --word-diff`.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-04-11 09:06:35 +00:00
Andrew Bartlett
83fe7a0316 lib/util: Add "debug syslog format = always", which logs to stdout in syslog style
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-04-06 12:51:30 +00:00
Andreas Schneider
e5ef368fb6 lib:ldb:tests: Fix signedness build error
lib/ldb/tests/ldb_filter_attrs_in_place_test.c:836:55: error: pointer
targets in passing argument 1 of ‘_assert_string_equal’ differ in
signedness [-Werror=pointer-sign]
  836 |         assert_string_equal(msg->elements[0].values[0].data,
      |                                                       ^
      |                                                       |
      |                                                       uint8_t * {aka unsigned char *}

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-04-06 12:51:30 +00:00
Rob van der Linde
b74b9f4b06 CVE-2023-0922 set default ldap client sasl wrapping to seal
This avoids sending new or reset passwords in the clear
(integrity protected only) from samba-tool in particular.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15315

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr  5 03:08:51 UTC 2023 on atb-devel-224
2023-04-05 03:08:51 +00:00
Joseph Sutton
d2bbb47a7c ldb: Use correct member of union
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 02:10:35 +00:00
Andrew Bartlett
dfe7b05730 CVE-2023-0614 lib/ldb-samba Ensure ACLs are evaluated on SAMBA_LDAP_MATCH_RULE_TRANSITIVE_EVAL / LDAP_MATCHING_RULE_IN_CHAIN
Setting the LDB_HANDLE_FLAG_UNTRUSTED tells the acl_read module to operate on this request.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-04-05 02:10:35 +00:00
Andrew Bartlett
9b8dd83fd0 CVE-2023-0614 lib/ldb-samba: Add test for SAMBA_LDAP_MATCH_RULE_TRANSITIVE_EVAL / LDAP_MATCHING_RULE_IN_CHAIN with and ACL hidden attributes
The chain for transitive evaluation does consider ACLs, avoiding the disclosure of
confidential information.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-04-05 02:10:35 +00:00
Andrew Bartlett
f6e93e2b3d CVE-2023-0614 dsdb: Add pre-cleanup and self.addCleanup() of OU created in match_rules tests
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-04-05 02:10:35 +00:00
Joseph Sutton
449c2e99e2 CVE-2023-0614 ldb: Filter on search base before redacting message
Redaction may be expensive if we end up needing to fetch a security
descriptor to verify rights to an attribute. Checking the search scope
is probably cheaper, so do that first.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 02:10:35 +00:00
Joseph Sutton
9f31e4139c CVE-2023-0614 ldb: Centralise checking for inaccessible matches
This makes it less likely that we forget to handle a case.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 02:10:35 +00:00
Joseph Sutton
d5d0e71279 CVE-2023-0614 ldb: Prevent disclosure of confidential attributes
Add a hook, acl_redact_msg_for_filter(), in the aclread module, that
marks inaccessible any message elements used by an LDAP search filter
that the user has no right to access. Make the various ldb_match_*()
functions check whether message elements are accessible, and refuse to
match any that are not. Remaining message elements, not mentioned in the
search filter, are checked in aclread_callback(), and any inaccessible
elements are removed at this point.

Certain attributes, namely objectClass, distinguishedName, name, and
objectGUID, are always present, and hence the presence of said
attributes is always allowed to be checked in a search filter. This
corresponds with the behaviour of Windows.

Further, we unconditionally allow the attributes isDeleted and
isRecycled in a check for presence or equality. Windows is not known to
make this special exception, but it seems mostly harmless, and should
mitigate the performance impact on searches made by the show_deleted
module.

As a result of all these changes, our behaviour regarding confidential
attributes happens to match Windows more closely. For the test in
confidential_attr.py, we can now model our attribute handling with
DC_MODE_RETURN_ALL, which corresponds to the behaviour exhibited by
Windows.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 02:10:35 +00:00
Joseph Sutton
fdeb6ea15c CVE-2023-0614 ldb: Add ldb_parse_tree_get_attr()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 02:10:35 +00:00
Joseph Sutton
fffea59001 CVE-2023-0614 ldb: Make use of ldb_filter_attrs_in_place()
Change all uses of ldb_kv_filter_attrs() to use
ldb_filter_attrs_in_place() instead. This function does less work than
its predecessor, and no longer requires the allocation of a second ldb
message. Some of the work is able to be split out into separate
functions that each accomplish a single task, with a purpose to make the
code clearer.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 02:10:35 +00:00
Joseph Sutton
f25b1756aa CVE-2023-0614 ldb: Make ldb_filter_attrs_in_place() work in place
ldb_filter_attrs() previously did too much. Now its replacement,
ldb_filter_attrs_in_place(), only does the actual filtering, while
taking ownership of each element's values is handled in a separate
function, ldb_msg_elements_take_ownership().

Also, ldb_filter_attrs_in_place() no longer adds the distinguishedName
to the message if it is missing. That is handled in another function,
ldb_msg_add_distinguished_name().

As we're now modifying the original message rather than copying it into
a new one, we no longer need the filtered_msg parameter.

We adapt a test, based on ldb_filter_attrs_test, to exercise the new
function.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 02:10:35 +00:00
Joseph Sutton
131d417604 CVE-2023-0614 ldb: Add function to filter message in place
At present this function is an exact duplicate of ldb_filter_attrs(),
but in the next commit we shall modify it to work in place, without the
need for the allocation of a second message.

The test is a near duplicate of the existing test for
ldb_filter_attrs().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 02:10:35 +00:00
Joseph Sutton
784a342785 CVE-2023-0614 ldb: Add function to add distinguishedName to message
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 02:10:35 +00:00
Joseph Sutton
721493f4bd CVE-2023-0614 ldb: Add function to remove excess capacity from an ldb message
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 02:10:35 +00:00
Joseph Sutton
b18ed9ae97 CVE-2023-0614 ldb: Add function to take ownership of an ldb message
Many places in Samba depend upon various components of an ldb message
being talloc allocated, and hence able to be used as talloc contexts.
The elements and values of an unpacked ldb message point to unowned data
inside the memory-mapped database, and this function ensures that such
messages have talloc ownership of said elements and values.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 02:10:35 +00:00
Joseph Sutton
294a4f6e28 CVE-2023-0614 ldb:tests: Ensure all tests are accounted for
Add ldb_filter_attrs_test to the list of tests so that it actually gets
run.

Remove a duplicate ldb_msg_test that was accidentally added in commit
5ca90e758a.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 02:10:35 +00:00
Joseph Sutton
1debb6584e CVE-2023-0614 ldb:tests: Ensure ldb_val data is zero-terminated
If the value of an ldb message element is not zero-terminated, calling
ldb_msg_find_attr_as_string() will cause the function to read off the
end of the buffer in an attempt to verify that the value is
zero-terminated. This can cause unexpected behaviour and make the test
randomly fail.

To avoid this, we must have a terminating null byte that is *not*
counted as part of the length, and so we must calculate the length with
strlen() rather than sizeof.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 02:10:35 +00:00
Joseph Sutton
ca9c467e41 CVE-2023-0614 ldb: Add functions for handling inaccessible message elements
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15270

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-05 02:10:35 +00:00
Andreas Schneider
925b026a23 lib:ldb:tests: Fix code spelling
Best reviewed with: `git show --word-diff`.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Apr  4 08:30:28 UTC 2023 on atb-devel-224
2023-04-04 08:30:28 +00:00
Andreas Schneider
a8c571e983 lib:ldb:nssldb: Fix code spelling
Best reviewed with: `git show --word-diff`.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-04 07:31:36 +00:00
Andreas Schneider
73d04200bc lib:ldb:ldb_sqlite3: Fix code spelling
Best reviewed with: `git show --word-diff`.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-04 07:31:36 +00:00
Andreas Schneider
4eac2614b3 lib:ldb:ldb_map: Fix code spelling
Best reviewed with: `git show --word-diff`.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-04 07:31:36 +00:00
Andreas Schneider
594d6ef444 lib:ldb:ldb_key_value: Fix code spelling
Best reviewed with: `git show --word-diff`.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-04 07:31:36 +00:00
Andreas Schneider
f75adc4871 lib:ldb:include: Fix code spelling
Best reviewed with: `git show --word-diff`.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-04 07:31:36 +00:00
Andreas Schneider
fc28daa6c7 lib:ldb:common: Fix code spelling
Best reviewed with: `git show --word-diff`.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-04 07:31:36 +00:00
Andreas Schneider
4b1d205138 lib:krb5_wrap: Fix code spelling
Best reviewed with: `git show --word-diff`.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Apr  3 04:53:05 UTC 2023 on atb-devel-224
2023-04-03 04:53:05 +00:00
Andreas Schneider
1bfa2c2938 lib:fuzzing: Fix code spelling
Best reviewed with: `git show --word-diff`.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-03 03:56:35 +00:00
Andreas Schneider
3289e7349a lib:dbwrap: Fix code spelling
Best reviewed with: `git show --word-diff`.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-03 03:56:35 +00:00
Andreas Schneider
2b712191a8 lib:crypto: Improve comment about weak crypto
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-03 03:56:35 +00:00
Andreas Schneider
3d409c16ee lib:compression: Fix code spelling
Best reviewed with: `git show --word-diff`.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-03 03:56:35 +00:00
Andreas Schneider
4d39558c71 lib:cmdline: Fix code spelling
Best reviewed with: `git show --word-diff`.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-03 03:56:35 +00:00
Andreas Schneider
8e3bac473f lib:audit_logging: Fix code spelling
Best reviewed with: `git show --word-diff`.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-03 03:56:35 +00:00
Andreas Schneider
1f2858eada lib:addns: Fix code spelling
Best reviewed with: `git show --word-diff`.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-03 03:56:35 +00:00
Andreas Schneider
f59e813c76 lib:addns: Rename additionals to additional
Fixes code spelling.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-04-03 03:56:35 +00:00
Joseph Sutton
f41f988038 ldb: Add ldb_val -> bool,uint64,int64 parsing functions
These functions allow us to parse any value of a message element, not
only the first. They also unambiguously indicate whether an error has
occurred.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-31 08:29:32 +00:00
Joseph Sutton
570a3ac866 ldb: Split out ldb_val_as_dn() helper function
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-31 08:29:32 +00:00
Andrew Bartlett
e37f20fb36 lib/compression: Fix documentation of lzxpress_huffman_compress()
The "inconvenience function" takes one type, and converts it to another
but the documentation was not updated.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-03-31 01:48:30 +00:00
Andrew Bartlett
0ab5552c8c lib/compression: Add helper function lzxpress_huffman_max_compressed_size()
This allows the calculation of the worst case to be shared with callers.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-03-31 01:48:30 +00:00
Volker Lendecke
f448a1649c pyldb: Fix a copy&paste error, CID 1524512 DEADCODE
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Mar 30 08:08:32 UTC 2023 on atb-devel-224
2023-03-30 08:08:32 +00:00
Andreas Schneider
5533ae3be0 lib:talloc: Move talloc_get_size() out of the talloc reference group
This is not specific to talloc references.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-30 07:12:31 +00:00
Stefan Metzmacher
167f023586 lib/ldb: add LDB_CHANGETYPE_MODRDN support to ldb_ldif_to_pyobject()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-22 22:10:32 +00:00
Stefan Metzmacher
7055ec0a0b lib/ldb: add LDB_CHANGETYPE_DELETE support to ldb_ldif_to_pyobject()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-22 22:10:32 +00:00
Stefan Metzmacher
e24e7b9633 lib/ldb: re-order code in ldb_ldif_to_pyobject()
We don't allow MODRDN and DELETE for now as they
don't work as is anyway. We'll add these in the next steps.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-22 22:10:32 +00:00
Stefan Metzmacher
cc5df80152 lib/ldb: let ldb_ldif_parse_modrdn() handle names without 'rdn_name=' prefix
This is needed in order to process schema updates.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-22 22:10:32 +00:00
Joseph Sutton
211d19a04c ldb: Don't create error string if there is no error
We should only do this in the LDB_ERR_NO_SUCH_ATTRIBUTE case.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-22 18:40:31 +00:00
Stefan Metzmacher
9d8ff0d1e0 replace: add ARRAY_INSERT_ELEMENT() helper
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-03-22 15:01:32 +00:00
Stefan Metzmacher
9053862b89 lib/ldb-samba: let ldif_read_ntSecurityDescriptor() only try sddl if isupper()
Trying ndr_pull_security_descriptor on SDDL produces just strange
debug messages, which can cause confusion.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-03-22 15:01:32 +00:00
Andreas Schneider
795bab5629 lib:ldb: Correctly cast pointers for assert_string_equal()
This is a change in cmocka to avoid hiding possible errors.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Mar 15 07:53:54 UTC 2023 on atb-devel-224
2023-03-15 07:53:54 +00:00
Andrew Bartlett
cad96f59a0 lib/ldb: Avoid allocation and memcpy() for every wildcard match candidate
The value can be quite large, the allocation will take much
longer than the actual match and is repeated per candidate
record.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15331

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-03-14 06:16:30 +00:00
Andrew Bartlett
5a7a28cc45 tsocket: Increase tcp_user_timeout max_loops
Often, on rackspace GitLab CI runners, we get:

UNEXPECTED(failure): samba.unittests.tsocket_tstream.test_tstream_more_tcp_user_timeout_spin(none)
REASON: Exception: Exception: 0xf == 0xf
../../lib/tsocket/tests/test_tstream.c:405: error: Failure!

This allows us more spins before we fail the test.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15328
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
2023-03-14 06:16:30 +00:00
Li Yuxuan
78635d55fb audit_logging: Use json_int_t instead of int for json_add_int value type
Functions like `add_lock_to_json` and `add_profile_item_to_json` pass
some values to `json_add_int` with `intmax_t` types. This may cause
arithmetic overflow when the value grows very fast, such as the
read_bytes profiling data.
Use `json_add_int` instead of `int` to avoid the overflow.

RN: Make json output show intmax_t value properly

Signed-off-by: Li Yuxuan <liyuxuan.darfux@bytedance.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Mar  9 21:33:43 UTC 2023 on atb-devel-224
2023-03-09 21:33:43 +00:00
Li Yuxuan
35aa7db641 audit_logging:tests: Add big_int test for json_add_int
Show that `json_add_int` can't handle value larger than int32 due to
overflow.

Add knownfail.

Signed-off-by: Li Yuxuan <liyuxuan.darfux@bytedance.com>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-09 20:38:31 +00:00
Dmitry Antipov
b3146763a4 lib:util: prefer mallinfo2() over mallinfo() if available
Prefer mallinfo2() with 'size_t' fields over deprecated
mallinfo() (with 'int' fields which may wrap around zero
and so be inaccurate on a 64-bit system) and move relevant
checks to lib/util/wscript_configure because mallinfo()
is not used beyond 'samba-util'.

Suggested-by: Andreas Schneider <asn@samba.org>
Signed-off-by: Dmitry Antipov <dantipov@cloudlinux.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-09 20:38:31 +00:00
Volker Lendecke
bbcc9b326e lib: Add dump_data_addbuf()
Helper function to build up debug strings

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-09 18:10:33 +00:00
Volker Lendecke
e5d1527f74 lib: Move the dump_data_pw() prototype to the other dump_data_* ones
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-09 18:10:33 +00:00
Volker Lendecke
2ac2c05561 lib: Fix whitespace
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-09 18:10:33 +00:00
Joseph Sutton
d5f053711b ldb: Make ldb_msg_remove_attr O(n)
Previously it was O(n²).

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-08 04:39:32 +00:00
Björn Baumbach
36ed126f4c net: add new --dns-ttl option to specify the ttl of dns records
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-03 11:58:34 +00:00
Joseph Sutton
d2063568ce lib:cmdline: Fix typo
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-03 01:07:36 +00:00
Joseph Sutton
474674ac7d lib:pyldb: Throw error on invalid controls
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-03 01:07:36 +00:00
Joseph Sutton
207a212948 lib:ldb: Fix typo
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-03-03 01:07:36 +00:00
Amir Goldstein
cb9df8181e lib: add NTTIME_[U|m]SEC macros
Signed-off-by: Amir Goldstein <amir@ctera.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-03-01 19:55:32 +00:00
Douglas Bagnall
0eb459edd8 talloc: remove Python 2 #if clauses
Also fix an obsolete related comment.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Feb 17 14:52:26 UTC 2023 on atb-devel-224
2023-02-17 14:52:26 +00:00
baixiangcpp
206dcf7d42 lib:util: File descriptor being closed repeatedly.
In file_load()/file_lines_load(), the file's fd is obtained using
open(), and in fd_load() the fd is converted to a FILE* using
fdopen(). However, after fclose(), the fd is closed again using
close().

Bug: https://bugzilla.samba.org/show_bug.cgi?id=15311
Signed-off-by: baixiangcpp baixiangcpp@gmail.com
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Thu Feb 16 12:13:05 UTC 2023 on atb-devel-224
2023-02-16 12:13:05 +00:00
Andreas Schneider
8441c03ccf lib:ldb: Print a debug message in case we have a corrupted MDB
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed Feb 15 09:05:56 UTC 2023 on atb-devel-224
2023-02-15 09:05:56 +00:00
Andreas Schneider
240c031e7f lib:ldb: Add the location to ldb_kv_parse_data_unpack() debug output
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2023-02-15 08:12:35 +00:00
Joseph Sutton
e20067c52d auth: Make more liberal use of SID index constants
Arrays of SIDs are handled not fully consistently throughout the
codebase. Sometimes SIDs in the first and second positions represent a
user and a primary group respectively; other times they don't mean
anything in particular. Using these index constants in situations of the
former sort can help to clarify our intent.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-08 00:03:39 +00:00
Andreas Schneider
ea723fb709 s3:modules: Ignore -Wunused-but-set-variable for autogenerated code
source3/modules/getdate.c:1192:9: error: variable 'yynerrs' set but not used
    [-Werror,-Wunused-but-set-variable]
    int yynerrs;
        ^

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-02-06 22:51:31 +00:00
Andreas Schneider
1379b0e13c lib:ldb-samba: Correctly handle search scope
lib/ldb-samba/ldb_ildap.c:482:47: error: implicit conversion from enumeration
    type 'enum ldb_scope' to different enumeration type 'enum ldap_scope'
    [-Werror,-Wenum-conversion]
                msg->r.SearchRequest.scope = req->op.search.scope;
                                           ~ ~~~~~~~~~~~~~~~^~~~~

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-02-06 22:51:31 +00:00
Douglas Bagnall
b2a2eeb6f9 tevent/pytevent: remove no-op define
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-03 02:27:32 +00:00
Douglas Bagnall
8f2f3b00c2 tevent/pytevent: remove py2 ifdefs
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-03 02:27:32 +00:00
Douglas Bagnall
c0ef6ca98b tdb/pytdb: remove useless HAVE_ITER non-flag
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-03 02:27:32 +00:00
Douglas Bagnall
f5555e0ee4 tdb/pytdb: remove py ifdefs
This already would not compile with Python 2, because Py_TPFLAGS_HAVE_ITER
is not defined

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-03 02:27:32 +00:00
Douglas Bagnall
38d0147f6a ldb/pyldb: remove py2 ifdefs
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2023-02-03 02:27:32 +00:00
Rob van der Linde
851127f5c9 Python: remove pydoctor
Removes:

* waf pydoctor
* waf wafdocs
* make pydoctor

There is no "make wafdocs" it only appears to be in wscript.

The reasoning being is these are broken and appear to not have been run for some time.

Signed-off-by: Rob van der Linde <rob@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Feb  2 21:15:54 UTC 2023 on atb-devel-224
2023-02-02 21:15:54 +00:00
Stefan Metzmacher
d80f28b081 tevent: version 0.14.1
- Build fix for GNU/Hurd
- Build fix for Solaris, after removal
  of ports backend (bug #15298)

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Feb  2 18:27:08 UTC 2023 on atb-devel-224
2023-02-02 18:27:08 +00:00
Stefan Metzmacher
ae77854a44 tevent: remove the already removed tevent_port.c also from the build
This fixes a regression introduced by 147a317b7b.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15298

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-02-02 17:30:39 +00:00
Stefan Metzmacher
488aa22758 replace: remove unused configure checks for port_create()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15298

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-02-02 17:30:39 +00:00
Samuel Thibault
15b1afc917 replace: provide PIPE_BUF on GNU/Hurd
There is no hardcoded PIPE_BUF pipe limitation on GNU/Hurd, but POSIX
provides a minimum value that we can use.

Signed-off-by: Samuel Thibault <samuel.thibault@ens-lyon.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-02-02 17:30:39 +00:00
Jeremy Allison
7e0eb0f31a s3:lib: Change file_modtime() to return an error code and a struct timespec.
Removes need for external stat() code when checking for timechange.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Jan 27 08:30:35 UTC 2023 on atb-devel-224
2023-01-27 08:30:35 +00:00
Michael Tokarev
96154a26fe spelling fixes for 4.18 (errror implemenation proces Controler)
One of changes is somewhat interesting, it is "tfork waiter proces"
process title in tfork.c. I wonder why no one noticed this before.
There's another similar process title in there, "tfork waiter process(%d)".
Hopefully no one does grep for "proces$" (and there's no reason to).

Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Rowland Penny <rpenny@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jan 26 20:46:11 UTC 2023 on atb-devel-224
2023-01-26 20:46:11 +00:00
Pavel Filipenský
3b1b37b1cf debug: Call depth: Indent the debug text
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15287

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-01-26 14:10:36 +00:00
Pavel Filipenský
7ba3b1b09d debug: Call depth: Print ", depth=..." in the debug header
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15287

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-01-26 14:10:36 +00:00
Pavel Filipenský
e3e687b659 debug: Call depth: Interface
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15287

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-01-26 14:10:36 +00:00
Pavel Filipenský
13d2db0397 debug: Fix whitespaces in debug.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15287

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2023-01-26 14:10:36 +00:00
Andreas Schneider
ac0e844ea8 param: Use a higher time resolution for lp_file_list_changed()
It is possible that in our test environment one of the config 'include' files
change more than once per second. To avoid missing a file update we use a
higher time resolution than seconds.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-01-26 12:15:33 +00:00
Andreas Schneider
9440cb7322 lib:param: Remove trailing whitespaces from loadparm.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-01-26 12:15:33 +00:00
Andreas Schneider
fcf05b1d23 lib:util: Print data in ISO 8601 format
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-01-26 12:15:33 +00:00
Andreas Schneider
55a49527d6 lib:util: Remove trailing whitespaces from time.c
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2023-01-26 12:15:33 +00:00
Stefan Metzmacher
84f56f2b98 ldb: change the version to 2.8.0 for Samba 4.19
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jule Anger <janger@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Jan 18 17:25:51 UTC 2023 on atb-devel-224
2023-01-18 17:25:51 +00:00
Stefan Metzmacher
f972b1ea06 ldb: version 2.7.0
* Support python 3.12
* Have python functions operating on DNs raise LdbError
* don't call comparison() directly in LDB_TYPESAFE_QSORT
* Use ldb_ascii_toupper() for case folding to support
  tr_TR.UTF-8 and other dotless i locales,
  see https://bugzilla.samba.org/show_bug.cgi?id=15248

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jule Anger <janger@samba.org>
2023-01-18 16:26:36 +00:00
Stefan Metzmacher
3c6d28ebae tevent: version 0.14.0
- Support python 3.12
- remove solaris port backend (it's not maintainable)
- make tevent_find_ops_byname() available for callers.
- allow the "standard" backend to be overloaded
- add interface for request/subrequest call depth tracking:
  - tevent_thread_call_depth_activate
  - tevent_thread_call_depth_deactivate
  - tevent_thread_call_depth_start
  - tevent_thread_call_depth_stop
  - tevent_thread_call_depth_reset_from_req

Note the changes to ABI/tevent-0.13.0.sigs only
revert the temporary changes made there...

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2023-01-18 16:26:36 +00:00
Pavel Filipenský
c5d5ebb60d tevent: Call depth tracking
The change to lib/tevent/ABI/tevent-0.13.0.sigs will be reverted
in the commit for the 0.14.0 release...

Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2023-01-18 16:26:36 +00:00
Stefan Metzmacher
07251f562c tevent: expose tevent_find_ops_byname() to callers
This makes it more flexible and allow a caller to overload
a tevent backend. Which will be used by Samba in order to
glue in io_uring support.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2023-01-18 16:26:36 +00:00
Stefan Metzmacher
ab49d9ee4e tevent: allow the "standard" backend to be overloaded
We'll export tevent_find_ops_byname() soon and will allow
the context_init() function of backends to find that standard ops
and hand over to standard_ops->context_init().

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2023-01-18 16:26:36 +00:00
Stefan Metzmacher
147a317b7b tevent: remove solaris port backend
There's no way to verify changes we would have to do tevent_port.c,
as we don't have access to a solaris build machine.

So better use the poll backend instead. In performance critical code
we typically don't deal with a lot of file descriptors so the impact
should be fairly minimal.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2023-01-18 16:26:36 +00:00
Stefan Metzmacher
620ad8af46 tevent: remove unused register_backend() from python bindings
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2023-01-18 16:26:36 +00:00
Stefan Metzmacher
eb05fe87bf tevent: remove unused tevent_liboop.c
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2023-01-18 16:26:36 +00:00
Pavel Filipenský
77c828e124 tevent: Fix trailing whitespaces in tevent.c
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2023-01-18 16:26:36 +00:00
Stefan Metzmacher
f6a6d917e1 tevent: use samba_tevent_set_debug() in testsuite.c
Note testsuite.c is only used in Samba's smbtorture as
'smbtorture //a/b local.event'

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2023-01-18 16:26:36 +00:00
Stefan Metzmacher
96e4be0a79 lib/util: install a tevent_abort callback using smb_panic()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2023-01-18 16:26:36 +00:00
Stefan Metzmacher
eab796a4f9 tdb: version 1.4.8
* Support python 3.12

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jule Anger <janger@samba.org>
2023-01-18 16:26:36 +00:00
Stefan Metzmacher
5224ed98ee talloc: version 2.4.0
* Add talloc_asprintf_addbuf()
* Support python 3.12

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Signed-off-by: Jule Anger <janger@samba.org>
2023-01-18 16:26:36 +00:00
Björn Baumbach
8fbadada8c lib/tsocket: fix a typo in the tsocket guide doc
Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Björn Baumbach <bb@sernet.de>
Autobuild-Date(master): Tue Jan 17 18:23:18 UTC 2023 on sn-devel-184
2023-01-17 18:23:18 +00:00
Joseph Sutton
ae6e76c082 lib/compression: Fix length check
Put the division on the correct side of the inequality.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-01-10 20:22:32 +00:00
Joseph Sutton
cbe6fb38ec lib/tfork: Don't overwrite 'ret' in cleanup phase
The cleanup phase of tfork_create() saves errno prior to calling
functions that might modify it, with the intention of restoring it
afterwards. However, the value of 'ret' is accidentally overwritten. It
will always be equal to 0, and hence errno will not be restored.

Fix this by introducing a new variable, ret2, for calling functions in
the cleanup phase.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-01-10 20:22:32 +00:00
Joseph Sutton
01bd234f6a lib/talloc: Zero-initialise chunk pointers
Ensuring pointers are always initialised avoids compilation errors with
FORTIFY_SOURCE=2.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-01-10 20:22:32 +00:00
Volker Lendecke
b73ecb28a7 lib: Remove idtree from samba_util.h
No need to recompile the world when only a few files need this.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-01-10 00:28:37 +00:00
Volker Lendecke
43f041de65 lib: Add "starting_id" to idr_get_new_random()
To be used in smbXsrv_open.c, for this we need a lower bound.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2023-01-10 00:28:37 +00:00
Ralph Boehme
29a99e5e12 libreplace: require TLS support if pthread support is available
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-01-05 11:33:37 +00:00
Ralph Boehme
73e7d3731d libreplace: update comment on __thread support
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2023-01-05 11:33:37 +00:00
Andrew Walker
01cdc5e00b lib/replace - add extra check to bsd_attr_list
The FreeBSD extattr API may return success and truncated
namelist. We need to check for this in bsd_attr_list to
ensure that we don't accidentally read off the end of the
buffer. In the case of a truncated value, the pascal
strings for attr names will reflect the lengths as if
the value were not truncated. For example:
`58DosStrea`

In case of short read we now set error to ERANGE and
fail.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15271

Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Jan  2 14:27:23 UTC 2023 on sn-devel-184
2023-01-02 14:27:23 +00:00
Andreas Schneider
0c931fb301 waf: Run python tests also with tr_TR locale
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15248

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Dec 23 14:17:31 UTC 2022 on sn-devel-184
2022-12-23 14:17:31 +00:00
Andreas Schneider
24275cd800 lib:ldb: Use ldb_ascii_toupper() for case folding
For example there are at least two locales (tr_TR and az_AZ) in glibc
having dotless i transformation different from Latin scripts and GUID
versus Guid comparison would be different there (attribute name would
not match in the test).

See also
https://en.wikipedia.org/wiki/Dotted_and_dotless_I
https://lists.samba.org/archive/samba-technical/2019-December/134659.html

This fixes: LC_ALL=tr_TR.UTF-8 make test

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15248

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-12-23 13:23:29 +00:00
Andreas Schneider
a8f6fa03ef lib:ldb: Add ldb_ascii_toupper()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15248

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-12-23 13:23:29 +00:00
Andreas Schneider
78ca66a1a5 lib:ldb: Remove trailing white spaces in ldb_private.h
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15248

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-12-23 13:23:29 +00:00
Andreas Schneider
c8e3873e7e lib:ldb: Fix trailing whitespaces in common/ldb_utf8.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15248

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2022-12-23 13:23:29 +00:00