IF YOU WOULD LIKE TO GET AN ACCOUNT, please write an
email to Administrator. User accounts are meant only to access repo
and report issues and/or generate pull requests.
This is a purpose-specific Git hosting for
BaseALT
projects. Thank you for your understanding!
Только зарегистрированные пользователи имеют доступ к сервису!
Для получения аккаунта, обратитесь к администратору.
We need to detach dcesrv_iface_state from dcesrv_assoc_group,
if dcesrv_assoc_group is free'ed first.
==381007==ERROR: AddressSanitizer: heap-use-after-free on address 0x50d000004f80 at pc 0x7f15fc12e0ac bp 0x7ffe43267780 sp 0x7ffe43267778
READ of size 8 at 0x50d000004f80 thread T0
#0 0x7f15fc12e0ab in dcesrv_iface_state_destructor ../../librpc/rpc/dcesrv_handles.c:166
#1 0x7f15fc0f7d76 in _tc_free_internal ../../lib/talloc/talloc.c:1158
#2 0x7f15fc0f7acd in _tc_free_children_internal ../../lib/talloc/talloc.c:1669
#3 0x7f15fc0f7acd in _tc_free_internal ../../lib/talloc/talloc.c:1184
#4 0x7f15fc0f7acd in _tc_free_children_internal ../../lib/talloc/talloc.c:1669
#5 0x7f15fc0f7acd in _tc_free_internal ../../lib/talloc/talloc.c:1184
#6 0x7f15fc0f7acd in _tc_free_children_internal ../../lib/talloc/talloc.c:1669
#7 0x7f15fc0f7acd in _tc_free_internal ../../lib/talloc/talloc.c:1184
#8 0x7f15fc0f924c in _talloc_free_internal ../../lib/talloc/talloc.c:1248
#9 0x7f15fc0f924c in _talloc_free ../../lib/talloc/talloc.c:1792
#10 0x7f15fadac024 in ncacn_terminate_connection ../../source3/rpc_server/rpc_server.c:263
#11 0x7f15fadac024 in dcesrv_transport_terminate_connection ../../source3/rpc_server/rpc_server.c:251
#12 0x7f15fc11e5ef in dcesrv_terminate_connection ../../librpc/rpc/dcesrv_core.c:2968
#13 0x7f15fc125446 in dcesrv_read_fragment_done ../../librpc/rpc/dcesrv_core.c:3196
#14 0x7f15fb7dcae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#15 0x7f15fb7dcd1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#16 0x7f15fb7dcdb7 in _tevent_req_error ../../lib/tevent/tevent_req.c:252
#17 0x7f15fb4f69a1 in _tevent_req_nterror ../../lib/util/tevent_ntstatus.c:46
#18 0x7f15fabda2f4 in dcerpc_read_ncacn_packet_done ../../librpc/rpc/dcerpc_util.c:612
#19 0x7f15fb7dcae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#20 0x7f15fb7dcd1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#21 0x7f15fb7dcdb7 in _tevent_req_error ../../lib/tevent/tevent_req.c:252
#22 0x7f15fbff4228 in tstream_readv_pdu_readv_done ../../lib/tsocket/tsocket_helpers.c:313
#23 0x7f15fb7dcae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#24 0x7f15fb7dcd1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#25 0x7f15fb7dcdb7 in _tevent_req_error ../../lib/tevent/tevent_req.c:252
#26 0x7f15fbff1800 in tstream_readv_done ../../lib/tsocket/tsocket.c:593
#27 0x7f15fb7dcae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#28 0x7f15fb7dcd1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#29 0x7f15fb7dcdb7 in _tevent_req_error ../../lib/tevent/tevent_req.c:252
#30 0x7f15fadbc1a3 in tstream_npa_readv_msg_mode_handler ../../libcli/named_pipe_auth/npa_tstream.c:697
#31 0x7f15fb7dcae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#32 0x7f15fb7dcd1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#33 0x7f15fb7dcdb7 in _tevent_req_error ../../lib/tevent/tevent_req.c:252
#34 0x7f15fbff4228 in tstream_readv_pdu_readv_done ../../lib/tsocket/tsocket_helpers.c:313
#35 0x7f15fb7dcae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#36 0x7f15fb7dcd1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#37 0x7f15fb7dcdb7 in _tevent_req_error ../../lib/tevent/tevent_req.c:252
#38 0x7f15fbff1800 in tstream_readv_done ../../lib/tsocket/tsocket.c:593
#39 0x7f15fb7dcae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#40 0x7f15fb7dcd1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#41 0x7f15fb7dcdb7 in _tevent_req_error ../../lib/tevent/tevent_req.c:252
#42 0x7f15fbff9691 in tstream_bsd_readv_handler ../../lib/tsocket/tsocket_bsd.c:2080
#43 0x7f15fbff6f85 in tstream_bsd_fde_handler ../../lib/tsocket/tsocket_bsd.c:1764
#44 0x7f15fb7d9ac1 in tevent_common_invoke_fd_handler ../../lib/tevent/tevent_fd.c:174
#45 0x7f15fb7ef185 in epoll_event_loop ../../lib/tevent/tevent_epoll.c:696
#46 0x7f15fb7ef185 in epoll_event_loop_once ../../lib/tevent/tevent_epoll.c:926
#47 0x7f15fb7e77b8 in std_event_loop_once ../../lib/tevent/tevent_standard.c:110
#48 0x7f15fb7d7549 in _tevent_loop_once ../../lib/tevent/tevent.c:820
#49 0x7f15fc936b7c in rpc_worker_main ../../source3/rpc_server/rpc_worker.c:1249
#50 0x5632ae1e1ec3 in main ../../source3/rpc_server/rpcd_lsad.c:132
#51 0x7f15f7c2a2ad in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
#52 0x7f15f7c2a378 in __libc_start_main_impl ../csu/libc-start.c:360
#53 0x5632ae162e64 in _start ../sysdeps/x86_64/start.S:115
0x50d000004f80 is located 112 bytes inside of 136-byte region [0x50d000004f10,0x50d000004f98)
freed by thread T0 here:
#0 0x7f15fcefb418 in free ../../../../libsanitizer/asan/asan_malloc_linux.cpp:52
#1 0x7f15fc0f857d in _tc_free_internal ../../lib/talloc/talloc.c:1222
#2 0x7f15fc0f8d0f in _talloc_free_internal ../../lib/talloc/talloc.c:1248
#3 0x7f15fc0f8d0f in talloc_unlink ../../lib/talloc/talloc.c:1473
#4 0x7f15fc934580 in rpc_worker_connection_terminated ../../source3/rpc_server/rpc_worker.c:143
#5 0x7f15fc9310bd in dcesrv_connection_destructor ../../source3/rpc_server/rpc_worker.c:175
#6 0x7f15fc0f7d76 in _tc_free_internal ../../lib/talloc/talloc.c:1158
#7 0x7f15fc0f7acd in _tc_free_children_internal ../../lib/talloc/talloc.c:1669
#8 0x7f15fc0f7acd in _tc_free_internal ../../lib/talloc/talloc.c:1184
#9 0x7f15fc0f924c in _talloc_free_internal ../../lib/talloc/talloc.c:1248
#10 0x7f15fc0f924c in _talloc_free ../../lib/talloc/talloc.c:1792
#11 0x7f15fadac024 in ncacn_terminate_connection ../../source3/rpc_server/rpc_server.c:263
#12 0x7f15fadac024 in dcesrv_transport_terminate_connection ../../source3/rpc_server/rpc_server.c:251
#13 0x7f15fc11e5ef in dcesrv_terminate_connection ../../librpc/rpc/dcesrv_core.c:2968
#14 0x7f15fc125446 in dcesrv_read_fragment_done ../../librpc/rpc/dcesrv_core.c:3196
#15 0x7f15fb7dcae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#16 0x7f15fb7dcd1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#17 0x7f15fb7dcdb7 in _tevent_req_error ../../lib/tevent/tevent_req.c:252
#18 0x7f15fb4f69a1 in _tevent_req_nterror ../../lib/util/tevent_ntstatus.c:46
#19 0x7f15fabda2f4 in dcerpc_read_ncacn_packet_done ../../librpc/rpc/dcerpc_util.c:612
#20 0x7f15fb7dcae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#21 0x7f15fb7dcd1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#22 0x7f15fb7dcdb7 in _tevent_req_error ../../lib/tevent/tevent_req.c:252
#23 0x7f15fbff4228 in tstream_readv_pdu_readv_done ../../lib/tsocket/tsocket_helpers.c:313
#24 0x7f15fb7dcae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#25 0x7f15fb7dcd1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#26 0x7f15fb7dcdb7 in _tevent_req_error ../../lib/tevent/tevent_req.c:252
#27 0x7f15fbff1800 in tstream_readv_done ../../lib/tsocket/tsocket.c:593
#28 0x7f15fb7dcae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#29 0x7f15fb7dcd1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
#30 0x7f15fb7dcdb7 in _tevent_req_error ../../lib/tevent/tevent_req.c:252
#31 0x7f15fadbc1a3 in tstream_npa_readv_msg_mode_handler ../../libcli/named_pipe_auth/npa_tstream.c:697
#32 0x7f15fb7dcae5 in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
#33 0x7f15fb7dcd1c in tevent_req_finish ../../lib/tevent/tevent_req.c:234
previously allocated by thread T0 here:
#0 0x7f15fcefc777 in malloc ../../../../libsanitizer/asan/asan_malloc_linux.cpp:69
#1 0x7f15fc0fbc57 in __talloc_with_prefix ../../lib/talloc/talloc.c:783
#2 0x7f15fc0fd8cf in __talloc ../../lib/talloc/talloc.c:825
#3 0x7f15fc0fd8cf in _talloc_named_const ../../lib/talloc/talloc.c:982
#4 0x7f15fc0fd8cf in _talloc_zero ../../lib/talloc/talloc.c:2421
#5 0x7f15fc93156e in rpc_worker_assoc_group_new ../../source3/rpc_server/rpc_worker.c:681
#6 0x7f15fc93156e in rpc_worker_assoc_group_find ../../source3/rpc_server/rpc_worker.c:730
#7 0x7f15fc120a18 in dcesrv_bind ../../librpc/rpc/dcesrv_core.c:1158
#8 0x7f15fc120a18 in dcesrv_process_ncacn_packet ../../librpc/rpc/dcesrv_core.c:2324
#9 0x7f15fc120a18 in dcesrv_loop_next_packet ../../librpc/rpc/dcesrv_core.c:3222
#10 0x7f15fc933722 in rpc_worker_new_client ../../source3/rpc_server/rpc_worker.c:489
#11 0x7f15fc933722 in rpc_worker_new_client_filter ../../source3/rpc_server/rpc_worker.c:558
#12 0x7f15fbef95ca in messaging_dispatch_waiters ../../source3/lib/messages.c:1343
#13 0x7f15fbefb589 in messaging_dispatch_rec ../../source3/lib/messages.c:1371
#14 0x7f15fbefb589 in messaging_recv_cb ../../source3/lib/messages.c:431
#15 0x7f15faddba9e in msg_dgm_ref_recv ../../lib/messaging/messages_dgm_ref.c:144
#16 0x7f15fadd6cc3 in messaging_dgm_recv ../../lib/messaging/messages_dgm.c:1426
#17 0x7f15fadd7618 in messaging_dgm_read_handler ../../lib/messaging/messages_dgm.c:1316
#18 0x7f15fb7d9ac1 in tevent_common_invoke_fd_handler ../../lib/tevent/tevent_fd.c:174
#19 0x7f15fb7ef185 in epoll_event_loop ../../lib/tevent/tevent_epoll.c:696
#20 0x7f15fb7ef185 in epoll_event_loop_once ../../lib/tevent/tevent_epoll.c:926
#21 0x7f15fb7e77b8 in std_event_loop_once ../../lib/tevent/tevent_standard.c:110
#22 0x7f15fb7d7549 in _tevent_loop_once ../../lib/tevent/tevent.c:820
#23 0x7f15fc936b7c in rpc_worker_main ../../source3/rpc_server/rpc_worker.c:1249
#24 0x5632ae1e1ec3 in main ../../source3/rpc_server/rpcd_lsad.c:132
#25 0x7f15f7c2a2ad in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15765
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 5b929860e269e2968a0ec3759a6125ae990b43c3)
This will make it easier to implement netr_ServerAuthenticateKerberos() later...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 7b02fb50143ba5044605ec67ed41180391835dcb)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit de8de55a5fee573d0718fa8dd13168a4f0a14614)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 01577b93cbb0a26aba3209cde69475be2e1c5fb8)
Before storing the structure into a ctdb managed volatile database
we check against netlogon_creds_CredentialState_legacy (the structure
used before recent changes). This makes sure unpatched cluster nodes
would not get a parsing error.
We'll remove this again in master when we try to implement
netr_ServerAuthenticateKerberos() and the related changes
to netlogon_creds_CredentialState, which will break the compat...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 3792fe372884aad6ea2893f2e62629dd1cddc129)
In order to allow backports and cluster updates we simulate a
dom_sid, so that the old code is able to parse the blob.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 8b972fea0978101575f847eac33b09d2fd8d02e7)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit dfbc5e5a19420311eac3db5ede1c665a9198395d)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit a9308c490cb5ec8908a3e4c13e2ce8a08b9027e9)
creds->sid will be removed soon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 453587fbc1ef74a3b997235e84040553261fa13e)
As server we are free to change the netlogon_creds_CredentialState
database record format at will as it uses CLEAR_IF_FIRST.
For now that format doesn't really changes, because we
only move dom_sid into a wrapper structure.
In order to avoid changing all callers in this commit,
we maintain creds->sid as in memory pointer.
In the following patches we'll also use it in order
to store client related information...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 518f57b93bdb84900d3b58cd94bdf1046f82a5a6)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15425
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
(cherry picked from commit 86176598eee4c83dc63a9dac163f32c886477129)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Oct 10 15:17:46 UTC 2024 on atb-devel-224
(cherry picked from commit 9263ce5752063235836d5f77220b0151df6c9408)
I know finding any real logic in reading the patch,
doesn't really show what's going on. I tried hard
to simplify it, but this is the only way I found
that fixed the test_auth_pad_ntlm_2889_auth3 test
without breaking other tests...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 8b8e4ff1b19ba06821d774d0e1a8b1cad7f06120)
We should use DCERPC_FAULT_ACCESS_DENIED as default for
gensec status results of e.g. NT_STATUS_LOGON_FAILURE or
NT_STATUS_INVALID_PARAMTER.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 31a422b7e58d7a670ebedb7c91f240a3134a9624)
We already report that for gensec_start_mech_by_authtype() failures,
but we also need to do that for any invalid authentication.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 97545873ebc2daf9c3daee914a90687625a08225)
Sometimes Windows sends 3 presentation contexts (NDR32, NDR64,
BindTimeFeatureNegotiation) in the first BIND of an association.
Binding an additional connection to the association seems to
reuse the BIND buffer and just changes the num_contexts field from
3 to 2 and leaves the BindTimeFeatureNegotiation context as padding
in places.
Note, the auth_pad_length field is send as 0 in that case,
which means we need to ignore it completely, as well as any
padding before the auth header.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 85b2dcd93848a590727dac243e8eb3614be75fad)
If dcerpc_pull_auth_trailer() returns NT_STATUS_RPC_PROTOCOL_ERROR
it will return the BIND reject code in auth->auth_context_id.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 7a6a1aae6fa74ab0f55c1160aedd2d79c9a44a90)
That what Windows also asserts.
It also makes sure that ndr_pull_dcerpc_auth() will
start with ndr->offset = 0 and don't tries to eat
possible padding.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 890fff1ca0c4e1eb8ef26c4f88aa18aeda3afc4f)
The max fragment size depends on the transport.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 09e8dd23ce0c08c5c04bd74121f3664f420af877)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit ac5818f2dd348e61b4be35505bee00b330ec4450)
This will be used in the dcerpc.raw_protocol test.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 0acbbeab4db0c8bc8ff655d652e249fecb3c4ef9)
This is how Windows 2022 (and 2025 preview) behaves...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit be02d4077db1d6c35b2e480937a04b5e70545a6d)
This is the error Windows 2022 (and 2025 preview) return.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 8e6696b2ac6990f3d6bac804c9a0f1a2b8f0ada0)
Without an auth context using DCERPC_AUTH_LEVEL_PACKET or higher
the fault to reject requests with an invalid auth level
should trigger a disconnect after sending the fault to
the client.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14356
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
(cherry picked from commit 31c2f35bba003daee39756e83def0f3d45c19c6b)
Give debug.c the chance to use just one write call (right now it
doesn't yet)
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
'privileges' is a word, but the ldb referred to is privilege.ldb
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
We were skipping the pull in cases where the coda size was calculated
to be zero. This has the right result for empty conditional ACEs, but
not for Resource Attribute ACEs where the
CLAIM_SECURITY_ATTRIBUTE_RELATIVE_V1 coda was not intialised.
The situation is made a bit worse, because the function that
calculates the coda size (ndr_subcontext_size_of_ace_coda()) can
return zero in conditions that are not exactly errors, but in which
the would-be calculated value makes so little sense that zero is
thought to be a safer default.
Credit to OSS-Fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66577
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15613
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Mar 25 06:00:21 UTC 2024 on atb-devel-224
The whole point of struct GUID_ndr_buf is that this never fails.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This allows an ACL level check (rather than only an all-or-nothing KDC configuration)
that PKINIT freshness was used during the AS-REQ.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
The ccache file format version is checked by the switch in OPTIONAL_HEADER.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
This will let us examine keytab entries exported for gMSA accounts and
ensure they are the values we expect. This will in particular help
test our KDC via the "samba-tool domain exportkeytab" as this is a thin
wrapper around the relevant code.
Additionally, we can use this to test the new client-side keytab generation
in "samba-tool domain exportkeytab" for gMSA accounts.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
This is required that we can use it with ndrdump or in python to decode
a NETLOGON_SAM_LOGON_RESPONSE_EX ldap response.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15588
Signed-off-by: Andreas Schneider <asn@samba.org>
Pair-Programmed-With: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
This returns the behaviour with ordinary ACEs to where it was with 4.19.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
When an ACE is not an object ACE, which is common, setting the switch
value and attempting the object ACE GUID pull is just going to do
nothing, and we know that ahead of time. By noticing that we can save
a bit of time on a common operation.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
From 1e80221b2340de5ef5e2a17f10511bbc2c041163 (2008) until
c73034cf7c4392f5d3505319948bc84634c20fa5 (conditional ACEs, etc, 2023)
we had a manual ndr_pull_security_ace() that would discard trailing
bytes, which are those bytes that we now call the coda. The ACE types
that we handled then are those that end up with a coda.ignored data
blob.
With this we effectively restore the long-standing behaviour in the
event that we push and pull an ACE -- though now we discard the
ignored bytes on push rather than pull.
This change is not because the trailing bytes caused any problems (as
far as is known), but because it is much faster to not do the push.
It may be that such ACEs no longer occur.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
This might have little effect, but sometimes we see primatives like
ndr_pull_uint32() taking a few percent of the CPU time, and this is in
all those functions.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
We don't expect an ordinary ACE to have a non-empty coda, and we don't
really want to push it if it does, but for this patch we still will.
This will not change the data on the wire.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
This will allow some optimisations; in this commit we just copy the
code.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
The overwhelmingly common case is that there are no bytes left, and
regardless of the ACE type we want to store an empty blob.
We know the blob will be empty if there are no bytes, so we don't need
to allocate a sub-ndr and tokens list and so forth.
This can save almost half the time of a security descriptor pull.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15574
