vfs_gpfs: Implement CAP_DAC_OVERRIDE for fstatat

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Nov  8 18:42:13 UTC 2023 on atb-devel-224

vfs_gpfs: Implement CAP_DAC_OVERRIDE for fstat

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

vfs_gpfs: Move fstatat with DAC_CAP_OVERRIDE to helper function

Allow reuse of this code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

vfs_gpfs: Use O_PATH for opening dirfd for stat with CAP_DAC_OVERRIDE

Use O_PATH when available; this avoids the need for READ/LIST access on
that directory. Keep using O_RDONLY if the system does not have O_PATH.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s4:kdc: Don’t convey PAC buffers from an RODC‐issued PAC

Such buffers are not to be trusted.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Nov  7 22:54:42 UTC 2023 on atb-devel-224

s4:kdc: Move return code checks closer to where the return codes are set

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:auth: Add comment about claims going ignored for SamLogon

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:auth: Remove trailing whitespace

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Add tests for AllowedToAuthenticateTo with SamLogon

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Add test for an authentication policy that allows a specific account

This is a counterpart to ‘test_conditional_ace_allowed_from_user_deny’.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Correct authentication policy SDDL

There is no claim called ‘abc’, so the condition ‘(abc)’ is always going
to fail. Replace this with a condition using ‘Member_of’.

Furthermore, an ACL containing only Deny ACEs will only ever deny. Add a
trailing Allow ACE so that the ACL might allow other principals.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Remove unused parameter ‘expected_device_groups’

It was never passed in by any callers.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Remove unused parameter ‘expected_device_groups’

It was never passed in by any callers.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

smbd: Make get_real_filename_cache_key() static in files.c

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Nov  7 13:58:07 UTC 2023 on atb-devel-224

smbd: Simplify openat_pathref_fsp_case_insensitive()

This is more lines of code, but it's still a simplification. With this
patch we don't call the full openat_pathref_fsp() anymore when looking
up the last component in filename_convert_dirfsp(), instead we do the
direct SMB_VFS_OPENAT(). We don't need the whole complexity of
non_widelink_open() for this case, we do know that we have a real
non-cwd dirfsp.

The other big change that is not obvious just from looking at the
patch: This removes the special case for looking up posix
symlinks. Before this patch, filename_convert_dirfsp() returned a
proper smb_filename but without an attached fsp when a smb1 posix
client hits a symlink. This caused all sorts of special case code
everywhere. For example smbd_do_qfilepathinfo() needs to cover both
cases just for the smb1 posix symlink case. This special-case handling
can go now. We can do the path lookup in the smb1-only qpathinfo code
and call into the common code with a proper fsp.

When hitting a symlink and with O_PATH available, we'll get the
symlink opened with an O_PATH fd. Without O_PATH we obviously can't do
that, there we get fd=-1 and an indication that we don't have the
procfd fallback around.

Why all this?

I want to present FIFOs (and eventually symlinks) as reparse points as
the very next step. Without this patch, there is no real unified way
to get the file attributes from disk. Now we can use the proper logic
of fdos_mode() everywhere and not rely on special cases for fsp==NULL.

This patch also changes some error codes for smb1 posix extensions. I
chose to just change the test instead of going after each and every
change. As long as we do get an error, I'm willing to accept that we
slightly change error path behaviour for this deprecated code.

And, I tried to split this up into smaller patches but I failed.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

smbd: Make get_real_filename_cache_key() public

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

smbd: We want to delete symlinks as such in reply_unlink()

Even with "follow symlinks = yes" we don't want to delete the target
when being given a symlink name.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

smbd: Make create_open_symlink_err() public

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

smbd: Make in_create_options available in smbd_smb2_create_after_exec()

Enable NT_STATUS_IO_REPARSE_TAG_NOT_HANDLED and _STOPPED_ON_SYMLINK if
not opening with FILE_OPEN_REPARSE_POINT. We only know after all the
open logic what we have.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

smbd: Make a fake file's stat a valid regular file

We'll add strict checks to only open IFDIR and IFREG soon.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

smbd: Simplify fsp_fullbasepath()

Don't call snprintf() if not necessary.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

smbd: Correct PATH_ vs NAME_NOT_FOUND for not following lcomp

Right now this is handled in openat_pathref_fsp(), but this will
change soon.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

smbd: Return OBJECT_NAME_NOT_FOUND if lcomp points outside the share

filename_convert_dirfsp() is the only caller of
safe_symlink_target_path(). Right now this is not called with
"unparsed==0" because the last component is handled in
openat_pathref_fsp() and thus non_widelink_open(). I have code that
will change this, so that we can simplify
openat_pathref_fsp_case_insensitive() to directly call OPENAT, not
going through non_widelink_open. This will cause
safe_symlink_target_path() also be called for the last component,
which means it needs logic to distinguish between PATH_ and
NAME_NOT_FOUND.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

smbd: Return open_symlink_err from filename_convert_dirfsp_nosymlink()

Don't lose information returned from openat_pathref_fsp_nosymlink()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

libcli: Fix whitespace

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

smbd: We don't reopen anything but dirs and files

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

smbd: Remove a few pointless return; statements

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

smbd: Protect ea-reading on symlinks

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

smbd: Remove an assert that never triggers

We've checked that right above.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

librpc: Fix error path cleanups in start_rpc_host_send()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

CI: smb3unix.py: check more attributes of test files (and dirs) in test_posix_perm_files()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Nov  5 19:35:51 UTC 2023 on atb-devel-224

smbtorture3: also check test file and it's attributes in two POSIX tests

Verifies that the correct DOS attribute, FILE_ATTRIBUTE_ARCHIVE in this case,
are returned over SMB1 with UNIX extensions.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: allow setting ARCHIVE bit in POSIX context with "store dos attributes"

Cf https://lists.samba.org/archive/samba-technical/2023-October/138504.html

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbtorture3: prepare POSIX tests for differentianting between client flavour in the list callback

No change in behaviour.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbtorture3: remove unused initializers

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: s/FILE_ATTRIBUTES_INVALID/FILE_ATTRIBUTE_INVALID/g

No idea what got me into having an "S" in the define when I added it.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbtorture3: reduce indentation in posix_ls_fn()

Prepares for adding more logic in a later commit.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: allow POSIX opens for file_set_dosmode() in rename_internals_fsp()

As this check was previously added to file_set_dosmode() this is not yet a
change in behaviour.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: allow POSIX opens for file_set_dosmode() in mkdir_internal()

As this check was previously added to file_set_dosmode() this is not yet a
change in behaviour.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: allow POSIX opens for file_set_dosmode() in mark_file_modified()

As this check was previously added to file_set_dosmode() this is not yet a
change in behaviour.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: move POSIX check from possibly_set_archive() to file_set_dosmode()

No change in behaviour. Move the check to the more low-level function
file_set_dosmode() to ensure all callers use this consistently.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: in file_set_dosmode() do an early exit if smb_fname->fsp is NULL

No change in behaviour. Simplifies coming changes.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: ignore symlinks in file_set_dosmode()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: add and use helper function possibly_set_archive()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: remove call to fdos_mode() when setting DOS attrs

This added in 49a754b82d33fb523cda4151a865584ae52a2e2f to work with stored
itime based File-Ids. Since switching back to purely inode based File-Ids we
can remove this call that primed itime from DOS xattr.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

third_party/heimdal: Import lorikeet-heimdal-202311030123 (commit 2346a67fe25cbf16128501665db41f6840546e15)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Nov  3 03:53:08 UTC 2023 on atb-devel-224

tests/krb5: Fix comments

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Nov  2 20:13:50 UTC 2023 on atb-devel-224

tests/krb5: Test RODC‐issued TGTs that already contain device info/claims

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Don’t reuse SID S-1-2-3-4

We’re already using it in ‘client_sids’ to work around a bug in Windows.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Test target authentication policies when the TGT already contains device info/claims

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Add tests for PACs containing extraneous buffers

Test that the KDC removes these buffers from RODC‐issued PACs.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Pass a list of PAC modification functions

This is simpler than chaining functions together.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Test performing a FAST‐armored TGS‐REQ when the TGT already contains device info/claims

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Add support to test framework for existing device info or claims buffers

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Always expect client claims

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Ensure that device SIDs and claims are present only if we expect them to be

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: No longer pass two‐component form of TGS principal

Samba now handles one‐component TGS principals more correctly.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Remove unused import

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

selftest/flapping: Mark smb2.multichannel.bugs.bug_15346(nt4_dc) flapping

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15498

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests: Convert the regression test for bug15505 to python

The shell version is flapping, but I can't really figure out
why. Maybe this version is not flapping, and it also shows the failure
if you revert 952d6c2cf48.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests: Make clean_file() handle directories

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests: Allow to specify share names in smb2symlink tests

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:rpc_server: Properly initialize ‘lsa_CreateTrustedDomainEx2’ structure (CID 1499404)

dcesrv_lsa_CreateTrustedDomain_base() invokes DCESRV_PULL_HANDLE(),
which invokes DCESRV_PULL_HANDLE_RETVAL(), which invokes
DCESRV_CHECK_HANDLE(), which might invoke DCESRV_FAULT(), which accesses
r2.out.result, which is uninitialized — invoking undefined behaviour.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Nov  2 04:04:49 UTC 2023 on atb-devel-224

s4:rpc_server: Properly initialize ‘lsa_CreateTrustedDomainEx2’ structure (CID 1499407)

dcesrv_lsa_CreateTrustedDomain_base() invokes DCESRV_PULL_HANDLE(),
which invokes DCESRV_PULL_HANDLE_RETVAL(), which invokes
DCESRV_CHECK_HANDLE(), which might invoke DCESRV_FAULT(), which accesses
r2.out.result, which is uninitialized — invoking undefined behaviour.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:rpc_client: Add missing ‘break’ statement

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:rpc_client: Align integer types (CID 1548342)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:utils: Initialize flags (CID 1499396)

If ‘got_bcast’ is false and ‘give_flags’ is true, this variable will be
used uninitialized.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:utils: Avoid integer overflow (CID 1548343)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:utils: Align integer type

If ‘count’ is larger than INT_MAX, ‘i’ might overflow in the loop and
lead to undefined behaviour.

See also CID 1548342.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:utils: Remove condition that cannot be true (CID 1548341)

‘limit’ is an unsigned integer, and thus will never be less than zero.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:utils: Check return value of samba_cmdline_init() (CID 1548345)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:utils: Fix code spelling

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:utils: Remove unused‐but‐set variable

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:smbd: Remove unreachable code (CID 710840)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Test conditional ACE expressions with empty composite literals

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

selftest: Sort conditional ACE knownfails

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli/security: Allow empty composites and resource attribute lists

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli/security: Remove reference to conditional ACE recursive composites

These have been unsupported since commit
3b6c1f1a9c47d8d76a7cd946468c1c42e4fb097a.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

third_party/heimdal: Import lorikeet-heimdal-202311012221 (commit 87159bd32148be80a0d9bfc984db481e4a0f2831)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pytest:samba-tool domain test policy: test SDDL diagnostics

The existing 'bad SDDL' test has SDDL so bad that the diagnostics
are not exercised.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Nov  1 21:12:33 UTC 2023 on atb-devel-224

pytest: samba_tool domain auth policy fix for SDDL err msg

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

samba-tool: try to present diagnostics for SDDL errors.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pytest:sddl: assert SDDLValueError values make sense

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4/librpc/py_security: use SDDLValueError for better error messages

The aim is to allow samba-tool to tell users where their SDDL went
wrong.

Some tests would turn into errors (not knownfail-able failures)
if they were not changed at the same time, so they are changed too.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pytest:sddl: handle SDDLValueError

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pytest:security_descriptors: handle SDDLValueError

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pytest: sid_strings: handle SDDLValueError

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4/librpc/py_security: add SDDLValueError

This will soon be raised for SDDL parsing errors.

It would have been nice to have it as a subclass of
ValueError, meaning that all existing callers would
continue to catch this error as before, but it turns
out that that is quite difficult.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

ndr/py_security: mod patch reports errors

We can, so we might as well.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

lib/ldb: pyldb search iterator avoids exception leak

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

lib/ldb: py LDBError avoids leak and checks for alloc failure

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli/security: conditional ace err messages don't hardcode offset

Usually the conditions are embedded in part of some SDDL, and the
offset from the beginning of the condtions is a bit useless and
confusing. Callers of sddl_decode_err_msg get the offset from the
beginning of the SDDL which is a different and more useful number.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli/security: sddl: guard against inconsistent msg pointers

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli/security: sddl: remove unreachable debug

As it stands, ace_conditions_compile_sddl() won't produce a message when
it succeeds (i.e. return non-NULL), so this debug is just clutter.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli/security: sddl_decode_ace/acl pass through messages

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli/security: add sddl_decode_err_msg()

This will return an error message, if it can, along with an indicative
position.

For conditional ACEs the message might be accurate, and the position
fine-grained. For example, you might be able to construct the message
like this:

D:(XA;;CC;;;S-1-2-3;(@User.Title == !(@User.Title)))
                                    ^
 16: unexpected operator

For non-conditional ACEs, the position typically points to the beginning
of the ACE, like this:

D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A; OICI; GRGWGX;;;AU)
                                  ^
 unknown error

Here the error is in the spaces either side of " OICI; ", but the pointer
points to the beginning of the ACE.

The old sddl_decode() function becomes a wrapper around the new function,
which inherits the guts of the old function.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli/security: sddl_conditional_ace: ensure message is talloced

It is simpler for the message to have consistent parentage; it
is easier to drop one message we'll never see than to talloc it.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli/security: sddl: check a talloc_zero

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli/security: SDDL accepts lowercase "s-" in SIDs

This is what Windows does, and it removes a couple of knownfails.

We can change it here cheaply without affecting the core dom_sid code,
which is good because there seem to be other places where we need the
uppercase S (for example in ldap search <SID=> queries).

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

librpc:ndr: Increase size of ‘libndr_flags’ type to 64 bits

This gives us thirty‐two new LIBNDR_ flags to play with.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>