ldb-samba: ldif_read_objectSid avoids VLA

I don't think this variable length array is any trouble, but people
complain about them (e.g. https://nullprogram.com/blog/2019/10/27/)
because they make things more complex at run-time, and this is a
somewhat performance sensitive path.

DOM_SID_STR_BUFLEN + 1 is 191 -- if that stack allocation is going to
cause trouble, then so was the VLA <= that.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed May  8 00:26:42 UTC 2024 on atb-devel-224

ldb-samba: ldif_read_objectSid() short-circuits without 'S'

This avoids a memcpy, and level 3 debug verbosity from
dom_sid_parse_endp().

In other places we have something like `|| in->data[1] != '-'`, but
that is not useful here -- the value is either a string SID, or a
binary SID that starts with '\1', or some awful value that we *do*
want to get messages about.

This replaces the work of ldif_comparision_objectSid_isString().

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10763

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

lib/fuzzing: add fuzz_stable_sort_r_unstable

This should find out how well stable_sort copes with an unstable
non-transitive comparison function.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

ldb: note a transitivity problem in ldb_comparison_fold

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

ldb:attrib_handlers: reduce non-transitive behaviour in ldb_comparison_fold

If two strings are invalid UTF-8, the string is first compared with
memcmp(), which compares as unsigned char.

If the strings are of different lengths and one is a substring of the
other, the memcmp() returns 0 and a second comparison is made which
assumes the next character in the shorter string is '\0' -- but this
comparison was done using SIGNED chars (on most systems). That leads
to non-transitive comparisons.

Consider the strings {"a\xff", "a", "ab\xff"} under that system.

   "a\xff"  < "a",      because (char)0xff == -1.

   "ab\xff" > "a",     because  'b' == 98.

   "ab\xff" < "a\xff", because memcmp("ab\xff", "a\xff", 2) avoiding the
                       signed char tiebreaker.

(Before c49c48afe09a1a78989628bbffd49dd3efc154dd, the final character
might br arbitrarily cast into another character -- in latin-1, for
example, the 0xff here would have been seen as 'ÿ', which would be
uppercased to 'Ÿ', which is U+0178, which would be truncated to
'\x78', a positive char.

On the other hand e.g. 0xfe, 'þ', would have mapped to 0xde, 'Þ',
remaining negative).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

ldb:attrib_handlers: use NUMERIC_CMP in ldb_comparison_fold

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

ldb-samba: remove unused ldif_comparision_objectSid_isString()

This is unused because it does things badly, by just guessing and
not allowing valid sids that start with "s-". All the places that used
to use it were calling ldif_read_objectSid() or similar which correctly
check for string SIDs by actually trying to parse them. That begins
with looking for the "S-"/"s-", so this shortcut is not saving any real
work.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10763

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

ldb-samba: simplify extended_dn_read_SID()

This will allow the reading of SIDs that start with "s-", which
Windows allows, and we allow elsewhere.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10763

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

ldb-samba: simplify ldif_canonicalise_objectSid()

ldif_comparision_objectSid_isString() is doing not useful or accurate,
and ldif_read_objectSid() checks properly.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10763

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

ldb-samba: simplify ldif_comparison_objectSid()

The ldif_comparision_objectSid_isString() call is both wrong
(disallowing "s-") and redundant, because ldif_read_objectSid() calls
dom_sid_parse(), which does the check properly.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10763

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pytest: sid_strings: Samba DN object refuses sub-auth overflow

We were mistakenly asserting something that did not happen with
Windows, because Samba already won't parse the DN string.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10763

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pytest: sid_strings: adjust to match Windows 2016

9 hex-digit subauths like '0xABCDef123' will not fit in 32 bits, so
should be rejected on parsing.

In other situations, such as defaultSecurityDescriptor, overflowing
SID subauths on Windows will saturate to 0xffffffff, resulting in a
valid but probably meaningless SID. It is possible that in previous
testing we saw that here, but it is more likely I got confused. In any
case, now I see them being rejected, and that is good.

The saturating defaultSecurityDescriptor case is tested in
SidStringBehavioursThatWindowsAllows.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10763

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pytest: sid_strings: Windows does allow lowercase s-1-... SIDs

And so should we.

Right now, these tests won't pass against Windows because they rely on
ldb pre-parsing of the SIDs, so they fail before Windows gets to see
them. Running them against Windows looks something like this, BTW:

    SAMBA_SID_STRINGS_SKIP_LOCAL=1  \
    SMB_CONF_PATH=st/ad_dc/etc/smb.conf \
    PYTHONPATH=bin/default/python \
    DC_SERVER=192.168.122.126 \
    DC_USERNAME=Administrator DC_PASSWORD='xxx' \
    python3 python/samba/tests/sid_strings.py

When things are right, the only failing tests should be from the
SidStringBehavioursThatSambaPrefers suite.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10763

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pytest: sid_strings: use more reliable well known SID

It seems as if the well-known SID S-1-5-32-579
(DOMAIN_ALIAS_RID_ACCESS_CONTROL_ASSISTANCE_OPS) is
not always present -- specifically, it was not there on the
Windows machine used to develop these tests, but it is there on
the one I am now using.

S-1-5-32-545 (DOMAIN_ALIAS_RID_USERS) is surely going to exist,
so we use that instead.

That changes some of the assertions, making some NO_SUCH_OBJECTs
into successes.

For these tests we are only interested in the parsing of the SIDs, not
their meaning, so it's OK to change it.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10763

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

ldb-samba: ldif_write_schemaInfo() uses correct size

repsFromToBlob is much bigger, so this only meant we briefly allocated
more than we needed.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=10763

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

lib:util: codepoint_cmpi: be transitive and case-insensitive

the less/greater conparisons were not case-sensitive, which made the whole
function non-transitive.

I think codepoint_cmpi() is currently only used for equality tests, so
nothing will change.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

lib:util:tests: more tests for codepoint_cmpi

is codepoint_cmpi as case-insensitive as it claims when it comes to
inequalities? (no, it is not!).

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dsdb:mod: repl_md: message sort uses NUMERIC_CMP()

No change at all in the result, just saving lines and branches.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:rpc_srv:getncchanges: USN sort uses qsort() instead of ldb_qsort()

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:rpc_srv:getncchanges: 4.5 anc emulation uses qsort(), not ldb_qsort()

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dsdb:mod: repl_md: make message_sort transitive

Before we had (with a TODO of regret):

       if (!a1 || !a2) {
               return strcasecmp(e1->name, e2->name);
       }

so, given {name:"A", id 2}, {name:"B", NO id}, {name:"C", id 1},

 A < B by name
 B < C by name
 A > C by id

Now the sort order is always A > C > B.

This sort could have caused mysterious crashes in repl_meta_data if
the schema is out of sync.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

ldb:tools: ldbsearch doesn't need ldb_qsort()

When the opaque context blob is not used, we might as well
use a real qsort().

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dsdb:util_trusts: simplify the NULL case in dns_cmp

In this comparison function a NULL string is treated as the ancestor
of all names, but you need to look hard to see that.

By pulling the logic for NULLs to the front, hopefully we have to look
less hard.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dsdb:util_trusts: describe dns_cmp return values

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

ldb:tests: add a test for dotted i uppercase

This didn't fail in the tr_TR locale before recent changes for
https://bugzilla.samba.org/show_bug.cgi?id=15637, because this is a
different casefold codepath. But it could fail if that other path goes
wrong, so we might as well have the test.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

ldb: avoid NULL deref in ldb_db_compare

This also sorts NULLs after invalid DNs, which matches the comment
above.

CID 1596622.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

.gitlab-ci: Remove tags no longer provided by gitlab.com

GitLab.com removed a number of tags from their hosted
runners and this meant our CI was being redirected to
our private runners at a larger cost to the Samba Team.

The new infrastructure is much larger than when we last
selected runners so we can just use the default, even for
the code coverage build.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15638

Pair-Programmed-With: Stefan Metzmacher <metze@samba.org>

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue May  7 13:40:55 UTC 2024 on atb-devel-224

s3:libsmb: let cli_session_creds_init() keep the value from 'client use kerberos'

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Tue May  7 12:33:29 UTC 2024 on atb-devel-224

s3:winbindd: pass a NULL ccache to kerberos_return_pac() for a MEMORY ccache

It means kerberos_return_pac() will use smb_krb5_cc_new_unique_memory().

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:libads: use smb_krb5_cc_new_unique_memory() in kerberos_return_pac()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

auth/credentials: use smb_krb5_cc_new_unique_memory() in cli_credentials_new_ccache()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

auth/credentials: use smb_krb5_cc_new_unique_memory() in cli_credentials_shallow_ccache()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

auth/credentials: use smb_krb5_cc_new_unique_memory() in smb_gss_krb5_copy_ccache()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

auth/credentials: use smb_krb5_cc_new_unique_memory() in krb5_cc_remove_cred_wrap()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

lib/krb5_wrap: make use of smb_krb5_cc_new_unique_memory() in smb_krb5_kinit_s4u2_ccache()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

lib/krb5_wrap: add smb_krb5_cc_new_unique_memory()

This generates a memory credential cache that is
not visible to a (the default) credential cache collection.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:gse: don't call krb5_cc_resolve() as server

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:gse: avoid prompting for a password that we don't use in the end

Currently we rely on a valid default credential cache being available
and don't make use of the password.

In future we'll do a kinit on demand, but that's for another day.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:gse: make use of gensec_kerberos_possible()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s4:gensec_gssapi: make use of gensec_kerberos_possible()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

auth/gensec: add gensec_get_unparsed_target_principal() helper

This will be useful for debugging.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

auth/gensec: add gensec_kerberos_possible() helper

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

s3:client: avoid cli_credentials_get_password() to check for a specified password

Using cli_credentials_get_password_obtained() is more lightweight as
it avoids a possible password prompt.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

auth:creds: Add test for cli_credentials_get_username_obtained()

Signed-off-by: Andreas Schneider <asn@samba.org>

auth/credentials: add cli_credentials_get_username_obtained()

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

auth:creds: Add test for cli_credentials_get_password_obtained()

Signed-off-by: Andreas Schneider <asn@samba.org>

auth/credentials: add cli_credentials_get_password_obtained()

It's often useful to know if a password was already explicitly
specified without triggering the password callback function.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

lib/cmdline: skip the password prompt if we have a valid krb5 ccache

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15018

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

auth/credentials: add cli_credentials_get_ccache_name_obtained()

It's often good to know if a credential structure already has
a valid kerberos credential cache attached, without the side
effect of doing a kinit and prompt for a password.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15018

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

auth:creds: Add test for cli_credentials_get_principal_obtained()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15018

Signed-off-by: Andreas Schneider <asn@samba.org>

auth/credentials: add cli_credentials_get_principal_obtained()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15018

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

smbd: Implement FSCTL_DELETE_REPARSE_POINT

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon May  6 21:55:03 UTC 2024 on atb-devel-224

tests: Test FSCTL_DELETE_REPARSE_POINT

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

tests: Run reparse tests

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

tests: Expected failures in reparse point tests should not be errors

We need to put them into knownfail.d individually

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Implement fsctl_set_reparse_point

Store the data in the "user.SmbReparse" xattr. Only allow this on
regular files. Windows does it for directories too, but we can not
allow this: Setting a symlink reparse point in a xattr on a directory
would go unnoticed by our openat2-optimization. If someone really
needs this, we could have a VFS module disallowing openat2 and doing
the appropriate checks on every openat-call.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Implement fsctl_get_reparse_point

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

tests: Clean up behind ourselves in test_create_reparse

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

tests: Codify IO_REPARSE_TAG_MISMATCH behaviour

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

tests: Clarify a reparse point test

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s3: smbd: smb2-posix: Add SAMBA_XATTR_REPARSE_ATTRIB "user.SmbReparse" name.

Ensure it's prohibited for normal user access.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

selftest: Default to "tmp" share in reparsepoints.py

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Use reparse_buffer_check() in fsctl_set_reparse_point()

check_reparse_data_buffer() was duplicated code

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Prepare to return the reparse tag from fsctl_get_reparse_point

We'll need this in many places, for example when listing directories

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Change the output of fsctl_get_reparse_point to uint8

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

reparse: Tighten reparse point length check

test_create_reparse shows that the length checks need to be precise,
not just checking for overflow.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Return FILE_ATTRIBUTE_REPARSE_POINT from "user.DOSATTRIB"

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s4:dsdb: Fix stack use after scope in gkdi_create_root_key()

==20978==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7f4f91ff51a0 at pc 0x7f4f94cf93d6 bp 0x7ffdb90fc510 sp 0x7ffdb90fbcd0
READ of size 64 at 0x7f4f91ff51a0 thread T0
    #0 0x7f4f94cf93d5 in memcpy ../../../../libsanitizer/sanitizer_common/sanitizer_common_interceptors_memintrinsics.inc:115
    #1 0x7f4f933bdb67 in ldb_val_dup ../../lib/ldb/common/ldb_msg.c:325
    #2 0x7f4f933c11d1 in ldb_msg_copy ../../lib/ldb/common/ldb_msg.c:1182
    #3 0x7f4f933c13d2 in ldb_msg_normalize ../../lib/ldb/common/ldb_msg.c:1235
    #4 0x7f4f933ab556 in ldb_request ../../lib/ldb/common/ldb.c:1196
    #5 0x7f4f8e82b1d4 in dsdb_autotransaction_request ../../source4/dsdb/common/util.c:1220
    #6 0x7f4f8e831c8a in dsdb_add ../../source4/dsdb/common/util.c:5354
    #7 0x7f4f8e853a01 in gkdi_create_root_key ../../source4/dsdb/gmsa/gkdi.c:493
    #8 0x7f4f8e853a01 in gkdi_new_root_key ../../source4/dsdb/gmsa/gkdi.c:551
    #9 0x7f4f8cd4ca52 in py_dsdb_create_gkdi_root_key ../../source4/dsdb/pydsdb.c:1388
    #10 0x7f4f947ce01c  (/lib64/libpython3.11.so.1.0+0x1ce01c) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #11 0x7f4f947de4c0 in _PyObject_Call (/lib64/libpython3.11.so.1.0+0x1de4c0) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #12 0x7f4f947be6ca in _PyEval_EvalFrameDefault (/lib64/libpython3.11.so.1.0+0x1be6ca) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #13 0x7f4f947b6e79  (/lib64/libpython3.11.so.1.0+0x1b6e79) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #14 0x7f4f947de5d8  (/lib64/libpython3.11.so.1.0+0x1de5d8) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #15 0x7f4f947be6ca in _PyEval_EvalFrameDefault (/lib64/libpython3.11.so.1.0+0x1be6ca) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #16 0x7f4f947b6e79  (/lib64/libpython3.11.so.1.0+0x1b6e79) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #17 0x7f4f947edabb  (/lib64/libpython3.11.so.1.0+0x1edabb) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #18 0x7f4f947de5d8  (/lib64/libpython3.11.so.1.0+0x1de5d8) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #19 0x7f4f947be6ca in _PyEval_EvalFrameDefault (/lib64/libpython3.11.so.1.0+0x1be6ca) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #20 0x7f4f947b6e79  (/lib64/libpython3.11.so.1.0+0x1b6e79) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #21 0x7f4f947ed9fb  (/lib64/libpython3.11.so.1.0+0x1ed9fb) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #22 0x7f4f947be6ca in _PyEval_EvalFrameDefault (/lib64/libpython3.11.so.1.0+0x1be6ca) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #23 0x7f4f947b6e79  (/lib64/libpython3.11.so.1.0+0x1b6e79) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #24 0x7f4f947be6ca in _PyEval_EvalFrameDefault (/lib64/libpython3.11.so.1.0+0x1be6ca) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #25 0x7f4f947b6e79  (/lib64/libpython3.11.so.1.0+0x1b6e79) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #26 0x7f4f94839997 in PyEval_EvalCode (/lib64/libpython3.11.so.1.0+0x239997) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #27 0x7f4f94856862  (/lib64/libpython3.11.so.1.0+0x256862) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #28 0x7f4f94852e59  (/lib64/libpython3.11.so.1.0+0x252e59) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #29 0x7f4f94868fb1  (/lib64/libpython3.11.so.1.0+0x268fb1) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #30 0x7f4f948687a3 in _PyRun_SimpleFileObject (/lib64/libpython3.11.so.1.0+0x2687a3) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #31 0x7f4f94868453 in _PyRun_AnyFileObject (/lib64/libpython3.11.so.1.0+0x268453) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #32 0x7f4f94861c53 in Py_RunMain (/lib64/libpython3.11.so.1.0+0x261c53) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #33 0x7f4f94829996 in Py_BytesMain (/lib64/libpython3.11.so.1.0+0x229996) (BuildId: 170cbf941d17f6c2ac4f784129b31ebaa10c44a7)
    #34 0x7f4f9422a1ef in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #35 0x7f4f9422a2b8 in __libc_start_main_impl ../csu/libc-start.c:360
    #36 0x5604497e3084 in _start (/usr/bin/python3.11+0x1084) (BuildId: f5d6e3bdbf9098a6ddde0b7f2e07ffc9ad1b1dc3)

Address 0x7f4f91ff51a0 is located in stack of thread T0 at offset 416 in frame
    #0 0x7f4f8e852b37 in gkdi_new_root_key ../../source4/dsdb/gmsa/gkdi.c:537

  This frame has 12 object(s):
    [32, 40) 'root_key_dn' (line 539)
    [64, 72) 'res' (line 540)
    [96, 104) 'server_config_res' (line 118)
    [128, 136) 'kdf_algorithm' (line 128)
    [160, 168) 'domain_dn' (line 388)
    [192, 208) 'kdf_parameters_blob' (line 129)
    [224, 240) 'root_key_data_blob' (line 353)
    [256, 272) 'guid_blob' (line 467)
    [288, 312) 'kdf_parameters' (line 226)
    [352, 368) 'root_key_id' (line 116)
    [384, 400) 'guid_buf' (line 466)
    [416, 480) 'root_key_data' (line 352) <== Memory access at offset 416 is inside this variable

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Joseph Sutton <jsutton@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri May  3 12:20:55 UTC 2024 on atb-devel-224

smbd: Remove unused [push_pull]_file_id_24

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 30 23:48:21 UTC 2024 on atb-devel-224

smbd: Use struct oplock_break_message for MSG_SMB_KERNEL_BREAK

Signed-off-by: Volker Lendecke <vl@samba.org>

smbd: Remove message_to_share_mode_entry and vice versa

Used only for closing files from rpc srvsvc these days

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Use struct oplock_break_message for MSG_CLOSE_FILE

We only need to transmit the file_id and share_file_id. Next patch
will show why :-)

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Fix a typo

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Simplify sending oplock_break_message

This is fixed length of 33 bytes, no need to talloc

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

lib: Convert push_file_id_16 to take uint8_t instead of char

All callers had a cast from uint8_t to char, avoid those.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs: Convert return_data from char * to uint8_t

Prepares for a small simplification in the next patch

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

passdb: Use getline(3) to read our old machine sid

Don't read the whole file.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

pylibsmb: Avoid talloc()

dom_sid_string() does an implicit talloc_strdup() which is not
necessary here.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

pylibsmb: clang-format for the calls to Py_BuildValue()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

pylibsmb: Return reparse_tag from directory listing

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: Slightly simplify py_cli_list()

We don't need an & to take a function pointer

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Fix a copy&paste error in smbXsrv_client_remove()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Use direct struct initialization in smbXsrv_client

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Save a few lines in smbXsrv_client_global_init()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Do an early TALLOC_FREE in smbXsrv_client_global_init()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Simplify smbXsrv_open_clear_replay_cache()

GUID_buf_string() is designed to never fail

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Simplify smbXsrv_open_purge_replay_cache()

GUID_buf_string is supposed to never fail except if the guid passed in
is NULL. Our only current caller already checks
that. dbwrap_purge_bystring() could actually fail, so put the result
into a variable for the debugger.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Simplify an if-condition

(state->current_sid == NULL) is true if and only if we could not
assign state->current_sid because num_sids was too small. Make that
more explicit.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Some README.Coding in smbXsrv_session

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

lib: Fix whitespace

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: Remove unused setup_stat_from_stat_ex()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Save a few bytes of .text

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

lib:ldb: Use correct integer types for sizes

Error: INTEGER_OVERFLOW (CWE-190):
ldb-2.9.0/common/ldb_ldif.c:84: tainted_data_return: Called function "read(f, buf, size)", and a possible return value may be less than zero.
ldb-2.9.0/common/ldb_ldif.c:84: cast_overflow: An assign that casts to a different type, which might trigger an overflow.
ldb-2.9.0/common/ldb_ldif.c:92: overflow: The expression "size" is considered to have possibly overflowed.
ldb-2.9.0/common/ldb_ldif.c:84: overflow_sink: "size", which might be negative, is passed to "read(f, buf, size)". [Note: The source code implementation of the function has been overridden by a builtin model.]
    82|           buf = (char *)value->data;
    83|           while (count < statbuf.st_size) {
    84|->                 bytes = read(f, buf, size);
    85|                   if (bytes == -1) {
    86|                           talloc_free(value->data);

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Apr 30 15:33:32 UTC 2024 on atb-devel-224

lib:ldb: Add missing overflow check in ldb_msg_normalize()

Error: INTEGER_OVERFLOW (CWE-190):
ldb-2.9.0/common/ldb_msg.c:1235: tainted_data_argument: The check "i < msg2->num_elements" contains the tainted expression "i" which causes "msg2->num_elements" to be considered tainted.
ldb-2.9.0/common/ldb_msg.c:1253: overflow: The expression "msg2->num_elements - (i + 1U)" is deemed underflowed because at least one of its arguments has underflowed.
ldb-2.9.0/common/ldb_msg.c:1253: overflow: The expression "32UL * (msg2->num_elements - (i + 1U))" is deemed underflowed because at least one of its arguments has underflowed.
ldb-2.9.0/common/ldb_msg.c:1253: overflow_sink: "32UL * (msg2->num_elements - (i + 1U))", which might have underflowed, is passed to "memmove(el2, el2 + 1, 32UL * (msg2->num_elements - (i + 1U)))". [Note: The source code implementation of the function has been overridden by a builtin model.]
  1251|                           talloc_free(discard_const_p(char, el2->name));
  1252|                           if ((i+1) < msg2->num_elements) {
  1253|->                                 memmove(el2, el2+1, sizeof(struct ldb_message_element) *
  1254|                                           (msg2->num_elements - (i+1)));
  1255|                           }

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

lib:tdb: Add missing overflow check for num_values in pytdb.c

Error: INTEGER_OVERFLOW (CWE-190):
tdb-1.4.10/pytdb.c:401: cast_overflow: Truncation due to cast operation on "num_values" from 64 to 32 bits.
tdb-1.4.10/pytdb.c:401: overflow_sink: "num_values", which might have overflowed, is passed to "tdb_storev(self->ctx, key, values, num_values, flag)".
  399|           }
  400|
  401|->         ret = tdb_storev(self->ctx, key, values, num_values, flag);
  402|           free(values);
  403|           PyErr_TDB_ERROR_IS_ERR_RAISE(ret, self->ctx);

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

lib:tdb: Remove trailing spaces from pytdb.c

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

s3:utils: Fix Inherit-Only flag being automatically propagated to children

Inherit-only flag applies only to the container it was set to and it
shouldn't be automatically propagated to children.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15636

Signed-off-by: Anna Popova <popova.anna235@gmail.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Apr 29 10:56:48 UTC 2024 on atb-devel-224

python/samba/tests/blackbox: Add tests for Inherit-only flag propagation

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15636

Signed-off-by: Anna Popova <popova.anna235@gmail.com>
Reviewed-by: Noel Power <noel.power@suse.com>
Reviewed-by: Ralph Boehme <slow@samba.org>

s3:libsmb: Pass a memory context to get_ipc_connect()

Indirect leak of 792 byte(s) in 1 object(s) allocated from:                                                                                                                              #0 0x7f261b8dc03f in malloc (/lib64/libasan.so.8+0xdc03f) (BuildId: 3e1694ad218c99a8b1b69231666a27df63cf19d0)
    #1 0x7f261b2c2bc2 in __talloc_with_prefix ../../lib/talloc/talloc.c:783                                                                                                              #2 0x7f261b2c473d in __talloc ../../lib/talloc/talloc.c:825
    #3 0x7f261b2c473d in _talloc_named_const ../../lib/talloc/talloc.c:982
    #4 0x7f261b2c473d in _talloc_zero ../../lib/talloc/talloc.c:2421                                                                                                                     #5 0x7f2618cb42bc in smbXcli_conn_create ../../libcli/smb/smbXcli_base.c:350
    #6 0x7f261a74acd3 in cli_state_create ../../source3/libsmb/clientgen.c:196                                                                                                           #7 0x7f261a751f0d in cli_connect_nb_done ../../source3/libsmb/cliconnect.c:2715
    #8 0x7f261a69bacf in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177                                                                                                   #9 0x7f261a69bd06 in tevent_req_finish ../../lib/tevent/tevent_req.c:234
    #10 0x7f261a69bd6e in _tevent_req_done ../../lib/tevent/tevent_req.c:240                                                                                                             #11 0x7f261a752dde in cli_connect_sock_done ../../source3/libsmb/cliconnect.c:2624
    #12 0x7f261a69bacf in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
    #13 0x7f261a69bd06 in tevent_req_finish ../../lib/tevent/tevent_req.c:234
    #14 0x7f261a69bd6e in _tevent_req_done ../../lib/tevent/tevent_req.c:240
    #15 0x7f261a7ba2c4 in smbsock_any_connect_connected ../../source3/libsmb/smbsock_connect.c:788
    #16 0x7f261a69bacf in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
    #17 0x7f261a69bd06 in tevent_req_finish ../../lib/tevent/tevent_req.c:234
    #18 0x7f261a69bd6e in _tevent_req_done ../../lib/tevent/tevent_req.c:240
    #19 0x7f261a7b75ad in smbsock_connect_connected ../../source3/libsmb/smbsock_connect.c:524
    #20 0x7f261a69bacf in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
    #21 0x7f261a69bd06 in tevent_req_finish ../../lib/tevent/tevent_req.c:234
    #22 0x7f261a69bd6e in _tevent_req_done ../../lib/tevent/tevent_req.c:240
    #23 0x7f261b4b400a in open_socket_out_connected ../../source3/lib/util_sock.c:484
    #24 0x7f261a69bacf in _tevent_req_notify_callback ../../lib/tevent/tevent_req.c:177
    #25 0x7f261a69bd06 in tevent_req_finish ../../lib/tevent/tevent_req.c:234
    #26 0x7f261a69be3e in tevent_req_trigger ../../lib/tevent/tevent_req.c:291
    #27 0x7f261a699df4 in tevent_common_invoke_immediate_handler ../../lib/tevent/tevent_immediate.c:190
    #28 0x7f261a699e31 in tevent_common_loop_immediate ../../lib/tevent/tevent_immediate.c:236
    #29 0x7f261a6ad3ec in epoll_event_loop_once ../../lib/tevent/tevent_epoll.c:905
    #30 0x7f261a6a679e in std_event_loop_once ../../lib/tevent/tevent_standard.c:110
    #31 0x7f261a696538 in _tevent_loop_once ../../lib/tevent/tevent.c:820

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Mon Apr 29 09:48:47 UTC 2024 on atb-devel-224

s3:libsmb: Make get_ipc_connect() static

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>