Christof Schmitt [Thu, 26 Oct 2023 22:51:02 +0000 (15:51 -0700)]
vfs_gpfs: Implement CAP_DAC_OVERRIDE for fstatat
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Nov 8 18:42:13 UTC 2023 on atb-devel-224
Christof Schmitt [Thu, 26 Oct 2023 21:45:34 +0000 (14:45 -0700)]
vfs_gpfs: Implement CAP_DAC_OVERRIDE for fstat
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Christof Schmitt [Thu, 26 Oct 2023 21:39:46 +0000 (14:39 -0700)]
vfs_gpfs: Move fstatat with DAC_CAP_OVERRIDE to helper function
Allow reuse of this code.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Christof Schmitt [Thu, 26 Oct 2023 21:37:15 +0000 (14:37 -0700)]
vfs_gpfs: Use O_PATH for opening dirfd for stat with CAP_DAC_OVERRIDE
Use O_PATH when available; this avoids the need for READ/LIST access on
that directory. Keep using O_RDONLY if the system does not have O_PATH.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Joseph Sutton [Tue, 7 Nov 2023 03:19:30 +0000 (16:19 +1300)]
s4:kdc: Don’t convey PAC buffers from an RODC‐issued PAC
Such buffers are not to be trusted.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Nov 7 22:54:42 UTC 2023 on atb-devel-224
Joseph Sutton [Tue, 7 Nov 2023 03:22:41 +0000 (16:22 +1300)]
s4:kdc: Move return code checks closer to where the return codes are set
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 6 Nov 2023 22:45:50 +0000 (11:45 +1300)]
s4:auth: Add comment about claims going ignored for SamLogon
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 6 Nov 2023 22:43:36 +0000 (11:43 +1300)]
s4:auth: Remove trailing whitespace
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 6 Nov 2023 22:10:59 +0000 (11:10 +1300)]
tests/krb5: Add tests for AllowedToAuthenticateTo with SamLogon
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 16 Oct 2023 23:01:34 +0000 (12:01 +1300)]
tests/krb5: Add test for an authentication policy that allows a specific account
This is a counterpart to ‘test_conditional_ace_allowed_from_user_deny’.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 3 Nov 2023 00:51:27 +0000 (13:51 +1300)]
tests/krb5: Correct authentication policy SDDL
There is no claim called ‘abc’, so the condition ‘(abc)’ is always going
to fail. Replace this with a condition using ‘Member_of’.
Furthermore, an ACL containing only Deny ACEs will only ever deny. Add a
trailing Allow ACE so that the ACL might allow other principals.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 2 Nov 2023 23:00:15 +0000 (12:00 +1300)]
tests/krb5: Remove unused parameter ‘expected_device_groups’
It was never passed in by any callers.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 2 Nov 2023 22:59:48 +0000 (11:59 +1300)]
tests/krb5: Remove unused parameter ‘expected_device_groups’
It was never passed in by any callers.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Sat, 4 Nov 2023 15:17:36 +0000 (16:17 +0100)]
smbd: Make get_real_filename_cache_key() static in files.c
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Nov 7 13:58:07 UTC 2023 on atb-devel-224
Volker Lendecke [Wed, 18 Oct 2023 09:50:20 +0000 (11:50 +0200)]
smbd: Simplify openat_pathref_fsp_case_insensitive()
This is more lines of code, but it's still a simplification. With this
patch we don't call the full openat_pathref_fsp() anymore when looking
up the last component in filename_convert_dirfsp(), instead we do the
direct SMB_VFS_OPENAT(). We don't need the whole complexity of
non_widelink_open() for this case, we do know that we have a real
non-cwd dirfsp.
The other big change that is not obvious just from looking at the
patch: This removes the special case for looking up posix
symlinks. Before this patch, filename_convert_dirfsp() returned a
proper smb_filename but without an attached fsp when a smb1 posix
client hits a symlink. This caused all sorts of special case code
everywhere. For example smbd_do_qfilepathinfo() needs to cover both
cases just for the smb1 posix symlink case. This special-case handling
can go now. We can do the path lookup in the smb1-only qpathinfo code
and call into the common code with a proper fsp.
When hitting a symlink and with O_PATH available, we'll get the
symlink opened with an O_PATH fd. Without O_PATH we obviously can't do
that, there we get fd=-1 and an indication that we don't have the
procfd fallback around.
Why all this?
I want to present FIFOs (and eventually symlinks) as reparse points as
the very next step. Without this patch, there is no real unified way
to get the file attributes from disk. Now we can use the proper logic
of fdos_mode() everywhere and not rely on special cases for fsp==NULL.
This patch also changes some error codes for smb1 posix extensions. I
chose to just change the test instead of going after each and every
change. As long as we do get an error, I'm willing to accept that we
slightly change error path behaviour for this deprecated code.
And, I tried to split this up into smaller patches but I failed.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Sat, 4 Nov 2023 14:41:40 +0000 (15:41 +0100)]
smbd: Make get_real_filename_cache_key() public
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Wed, 25 Oct 2023 16:58:34 +0000 (18:58 +0200)]
smbd: We want to delete symlinks as such in reply_unlink()
Even with "follow symlinks = yes" we don't want to delete the target
when being given a symlink name.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Mon, 23 Oct 2023 13:45:08 +0000 (15:45 +0200)]
smbd: Make create_open_symlink_err() public
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 1 Dec 2022 16:42:13 +0000 (17:42 +0100)]
smbd: Make in_create_options available in smbd_smb2_create_after_exec()
Enable NT_STATUS_IO_REPARSE_TAG_NOT_HANDLED and _STOPPED_ON_SYMLINK if
not opening with FILE_OPEN_REPARSE_POINT. We only know after all the
open logic what we have.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Mon, 23 Oct 2023 14:40:55 +0000 (16:40 +0200)]
smbd: Make a fake file's stat a valid regular file
We'll add strict checks to only open IFDIR and IFREG soon.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Sun, 29 Oct 2023 11:10:08 +0000 (12:10 +0100)]
smbd: Simplify fsp_fullbasepath()
Don't call snprintf() if not necessary.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Wed, 25 Oct 2023 17:22:11 +0000 (19:22 +0200)]
smbd: Correct PATH_ vs NAME_NOT_FOUND for not following lcomp
Right now this is handled in openat_pathref_fsp(), but this will
change soon.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Tue, 24 Oct 2023 16:47:59 +0000 (18:47 +0200)]
smbd: Return OBJECT_NAME_NOT_FOUND if lcomp points outside the share
filename_convert_dirfsp() is the only caller of
safe_symlink_target_path(). Right now this is not called with
"unparsed==0" because the last component is handled in
openat_pathref_fsp() and thus non_widelink_open(). I have code that
will change this, so that we can simplify
openat_pathref_fsp_case_insensitive() to directly call OPENAT, not
going through non_widelink_open. This will cause
safe_symlink_target_path() also be called for the last component,
which means it needs logic to distinguish between PATH_ and
NAME_NOT_FOUND.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Fri, 16 Dec 2022 15:35:00 +0000 (16:35 +0100)]
smbd: Return open_symlink_err from filename_convert_dirfsp_nosymlink()
Don't lose information returned from openat_pathref_fsp_nosymlink()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Tue, 31 Oct 2023 14:48:09 +0000 (15:48 +0100)]
libcli: Fix whitespace
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Sun, 15 Oct 2023 15:56:46 +0000 (17:56 +0200)]
smbd: We don't reopen anything but dirs and files
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Thu, 2 Nov 2023 12:35:19 +0000 (13:35 +0100)]
smbd: Remove a few pointless return; statements
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Tue, 31 Oct 2023 14:38:46 +0000 (15:38 +0100)]
smbd: Protect ea-reading on symlinks
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Tue, 31 Oct 2023 14:35:59 +0000 (15:35 +0100)]
smbd: Remove an assert that never triggers
We've checked that right above.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Volker Lendecke [Fri, 3 Nov 2023 15:02:32 +0000 (16:02 +0100)]
librpc: Fix error path cleanups in start_rpc_host_send()
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Ralph Boehme [Sun, 29 Oct 2023 17:08:22 +0000 (18:08 +0100)]
CI: smb3unix.py: check more attributes of test files (and dirs) in test_posix_perm_files()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Nov 5 19:35:51 UTC 2023 on atb-devel-224
Ralph Boehme [Fri, 3 Nov 2023 10:09:47 +0000 (11:09 +0100)]
smbtorture3: also check test file and it's attributes in two POSIX tests
Verifies that the correct DOS attribute, FILE_ATTRIBUTE_ARCHIVE in this case,
are returned over SMB1 with UNIX extensions.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 31 Oct 2023 11:25:38 +0000 (12:25 +0100)]
smbd: allow setting ARCHIVE bit in POSIX context with "store dos attributes"
Cf https://lists.samba.org/archive/samba-technical/2023-October/138504.html
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 31 Oct 2023 09:11:50 +0000 (10:11 +0100)]
smbtorture3: prepare POSIX tests for differentianting between client flavour in the list callback
No change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 31 Oct 2023 11:28:28 +0000 (12:28 +0100)]
smbtorture3: remove unused initializers
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 31 Oct 2023 09:05:30 +0000 (10:05 +0100)]
smbd: s/FILE_ATTRIBUTES_INVALID/FILE_ATTRIBUTE_INVALID/g
No idea what got me into having an "S" in the define when I added it.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 31 Oct 2023 05:05:25 +0000 (06:05 +0100)]
smbtorture3: reduce indentation in posix_ls_fn()
Prepares for adding more logic in a later commit.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 31 Oct 2023 11:24:35 +0000 (12:24 +0100)]
smbd: allow POSIX opens for file_set_dosmode() in rename_internals_fsp()
As this check was previously added to file_set_dosmode() this is not yet a
change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 31 Oct 2023 11:24:12 +0000 (12:24 +0100)]
smbd: allow POSIX opens for file_set_dosmode() in mkdir_internal()
As this check was previously added to file_set_dosmode() this is not yet a
change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 31 Oct 2023 11:23:44 +0000 (12:23 +0100)]
smbd: allow POSIX opens for file_set_dosmode() in mark_file_modified()
As this check was previously added to file_set_dosmode() this is not yet a
change in behaviour.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 31 Oct 2023 11:16:59 +0000 (12:16 +0100)]
smbd: move POSIX check from possibly_set_archive() to file_set_dosmode()
No change in behaviour. Move the check to the more low-level function
file_set_dosmode() to ensure all callers use this consistently.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 31 Oct 2023 11:10:17 +0000 (12:10 +0100)]
smbd: in file_set_dosmode() do an early exit if smb_fname->fsp is NULL
No change in behaviour. Simplifies coming changes.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Tue, 31 Oct 2023 09:06:38 +0000 (10:06 +0100)]
smbd: ignore symlinks in file_set_dosmode()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 30 Oct 2023 18:15:53 +0000 (19:15 +0100)]
smbd: add and use helper function possibly_set_archive()
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Ralph Boehme [Mon, 30 Oct 2023 18:04:56 +0000 (19:04 +0100)]
smbd: remove call to fdos_mode() when setting DOS attrs
This added in
49a754b82d33fb523cda4151a865584ae52a2e2f to work with stored
itime based File-Ids. Since switching back to purely inode based File-Ids we
can remove this call that primed itime from DOS xattr.
Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Joseph Sutton [Fri, 3 Nov 2023 01:27:52 +0000 (14:27 +1300)]
third_party/heimdal: Import lorikeet-heimdal-
202311030123 (commit
2346a67fe25cbf16128501665db41f6840546e15)
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Nov 3 03:53:08 UTC 2023 on atb-devel-224
Joseph Sutton [Tue, 31 Oct 2023 20:33:10 +0000 (09:33 +1300)]
tests/krb5: Fix comments
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Nov 2 20:13:50 UTC 2023 on atb-devel-224
Joseph Sutton [Thu, 2 Nov 2023 01:32:58 +0000 (14:32 +1300)]
tests/krb5: Test RODC‐issued TGTs that already contain device info/claims
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 2 Nov 2023 01:32:00 +0000 (14:32 +1300)]
tests/krb5: Don’t reuse SID S-1-2-3-4
We’re already using it in ‘client_sids’ to work around a bug in Windows.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 1 Nov 2023 03:59:21 +0000 (16:59 +1300)]
tests/krb5: Test target authentication policies when the TGT already contains device info/claims
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 2 Nov 2023 02:29:32 +0000 (15:29 +1300)]
tests/krb5: Add tests for PACs containing extraneous buffers
Test that the KDC removes these buffers from RODC‐issued PACs.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Thu, 2 Nov 2023 02:27:24 +0000 (15:27 +1300)]
tests/krb5: Pass a list of PAC modification functions
This is simpler than chaining functions together.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 1 Nov 2023 00:55:14 +0000 (13:55 +1300)]
tests/krb5: Test performing a FAST‐armored TGS‐REQ when the TGT already contains device info/claims
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 31 Oct 2023 21:16:57 +0000 (10:16 +1300)]
tests/krb5: Add support to test framework for existing device info or claims buffers
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 1 Nov 2023 00:39:28 +0000 (13:39 +1300)]
tests/krb5: Always expect client claims
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 1 Nov 2023 00:38:24 +0000 (13:38 +1300)]
tests/krb5: Ensure that device SIDs and claims are present only if we expect them to be
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 1 Nov 2023 00:07:54 +0000 (13:07 +1300)]
tests/krb5: No longer pass two‐component form of TGS principal
Samba now handles one‐component TGS principals more correctly.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 31 Oct 2023 23:05:50 +0000 (12:05 +1300)]
tests/krb5: Remove unused import
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 30 Oct 2023 18:29:57 +0000 (07:29 +1300)]
selftest/flapping: Mark smb2.multichannel.bugs.bug_15346(nt4_dc) flapping
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15498
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Wed, 1 Nov 2023 14:39:12 +0000 (15:39 +0100)]
tests: Convert the regression test for bug15505 to python
The shell version is flapping, but I can't really figure out
why. Maybe this version is not flapping, and it also shows the failure
if you revert
952d6c2cf48.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Wed, 1 Nov 2023 14:38:55 +0000 (15:38 +0100)]
tests: Make clean_file() handle directories
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Wed, 1 Nov 2023 13:22:09 +0000 (14:22 +0100)]
tests: Allow to specify share names in smb2symlink tests
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 30 Oct 2023 23:14:27 +0000 (12:14 +1300)]
s4:rpc_server: Properly initialize ‘lsa_CreateTrustedDomainEx2’ structure (CID
1499404)
dcesrv_lsa_CreateTrustedDomain_base() invokes DCESRV_PULL_HANDLE(),
which invokes DCESRV_PULL_HANDLE_RETVAL(), which invokes
DCESRV_CHECK_HANDLE(), which might invoke DCESRV_FAULT(), which accesses
r2.out.result, which is uninitialized — invoking undefined behaviour.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Nov 2 04:04:49 UTC 2023 on atb-devel-224
Joseph Sutton [Mon, 30 Oct 2023 23:11:37 +0000 (12:11 +1300)]
s4:rpc_server: Properly initialize ‘lsa_CreateTrustedDomainEx2’ structure (CID
1499407)
dcesrv_lsa_CreateTrustedDomain_base() invokes DCESRV_PULL_HANDLE(),
which invokes DCESRV_PULL_HANDLE_RETVAL(), which invokes
DCESRV_CHECK_HANDLE(), which might invoke DCESRV_FAULT(), which accesses
r2.out.result, which is uninitialized — invoking undefined behaviour.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 30 Oct 2023 23:21:26 +0000 (12:21 +1300)]
s3:rpc_client: Add missing ‘break’ statement
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 30 Oct 2023 22:39:09 +0000 (11:39 +1300)]
s3:rpc_client: Align integer types (CID
1548342)
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 30 Oct 2023 23:16:15 +0000 (12:16 +1300)]
s3:utils: Initialize flags (CID
1499396)
If ‘got_bcast’ is false and ‘give_flags’ is true, this variable will be
used uninitialized.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 30 Oct 2023 22:35:25 +0000 (11:35 +1300)]
s3:utils: Avoid integer overflow (CID
1548343)
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 30 Oct 2023 22:33:39 +0000 (11:33 +1300)]
s3:utils: Align integer type
If ‘count’ is larger than INT_MAX, ‘i’ might overflow in the loop and
lead to undefined behaviour.
See also CID
1548342.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 30 Oct 2023 22:30:27 +0000 (11:30 +1300)]
s3:utils: Remove condition that cannot be true (CID
1548341)
‘limit’ is an unsigned integer, and thus will never be less than zero.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 30 Oct 2023 22:20:05 +0000 (11:20 +1300)]
s3:utils: Check return value of samba_cmdline_init() (CID
1548345)
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 30 Oct 2023 22:18:15 +0000 (11:18 +1300)]
s3:utils: Fix code spelling
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 30 Oct 2023 22:17:55 +0000 (11:17 +1300)]
s3:utils: Remove unused‐but‐set variable
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Fri, 6 Oct 2023 01:02:42 +0000 (14:02 +1300)]
s3:smbd: Remove unreachable code (CID 710840)
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 30 Oct 2023 23:41:46 +0000 (12:41 +1300)]
tests/krb5: Test conditional ACE expressions with empty composite literals
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 30 Oct 2023 23:57:49 +0000 (12:57 +1300)]
selftest: Sort conditional ACE knownfails
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Tue, 1 Aug 2023 00:00:33 +0000 (12:00 +1200)]
libcli/security: Allow empty composites and resource attribute lists
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 1 Nov 2023 22:11:17 +0000 (11:11 +1300)]
libcli/security: Remove reference to conditional ACE recursive composites
These have been unsupported since commit
3b6c1f1a9c47d8d76a7cd946468c1c42e4fb097a.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Wed, 1 Nov 2023 22:24:35 +0000 (11:24 +1300)]
third_party/heimdal: Import lorikeet-heimdal-
202311012221 (commit
87159bd32148be80a0d9bfc984db481e4a0f2831)
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 27 Oct 2023 23:09:04 +0000 (12:09 +1300)]
pytest:samba-tool domain test policy: test SDDL diagnostics
The existing 'bad SDDL' test has SDDL so bad that the diagnostics
are not exercised.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Nov 1 21:12:33 UTC 2023 on atb-devel-224
Douglas Bagnall [Fri, 27 Oct 2023 03:14:04 +0000 (16:14 +1300)]
pytest: samba_tool domain auth policy fix for SDDL err msg
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 27 Oct 2023 00:16:56 +0000 (13:16 +1300)]
samba-tool: try to present diagnostics for SDDL errors.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 26 Oct 2023 03:31:40 +0000 (16:31 +1300)]
pytest:sddl: assert SDDLValueError values make sense
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 26 Oct 2023 04:46:35 +0000 (17:46 +1300)]
s4/librpc/py_security: use SDDLValueError for better error messages
The aim is to allow samba-tool to tell users where their SDDL went
wrong.
Some tests would turn into errors (not knownfail-able failures)
if they were not changed at the same time, so they are changed too.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 27 Oct 2023 22:39:17 +0000 (11:39 +1300)]
pytest:sddl: handle SDDLValueError
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 27 Oct 2023 00:21:24 +0000 (13:21 +1300)]
pytest:security_descriptors: handle SDDLValueError
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 27 Oct 2023 00:20:33 +0000 (13:20 +1300)]
pytest: sid_strings: handle SDDLValueError
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 25 Oct 2023 02:56:30 +0000 (15:56 +1300)]
s4/librpc/py_security: add SDDLValueError
This will soon be raised for SDDL parsing errors.
It would have been nice to have it as a subclass of
ValueError, meaning that all existing callers would
continue to catch this error as before, but it turns
out that that is quite difficult.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 27 Oct 2023 00:19:47 +0000 (13:19 +1300)]
ndr/py_security: mod patch reports errors
We can, so we might as well.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 25 Oct 2023 00:18:34 +0000 (13:18 +1300)]
lib/ldb: pyldb search iterator avoids exception leak
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 25 Oct 2023 00:15:36 +0000 (13:15 +1300)]
lib/ldb: py LDBError avoids leak and checks for alloc failure
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 31 Oct 2023 21:46:20 +0000 (10:46 +1300)]
libcli/security: conditional ace err messages don't hardcode offset
Usually the conditions are embedded in part of some SDDL, and the
offset from the beginning of the condtions is a bit useless and
confusing. Callers of sddl_decode_err_msg get the offset from the
beginning of the SDDL which is a different and more useful number.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 26 Oct 2023 04:28:44 +0000 (17:28 +1300)]
libcli/security: sddl: guard against inconsistent msg pointers
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 26 Oct 2023 04:25:43 +0000 (17:25 +1300)]
libcli/security: sddl: remove unreachable debug
As it stands, ace_conditions_compile_sddl() won't produce a message when
it succeeds (i.e. return non-NULL), so this debug is just clutter.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 26 Oct 2023 04:20:49 +0000 (17:20 +1300)]
libcli/security: sddl_decode_ace/acl pass through messages
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 26 Oct 2023 03:55:33 +0000 (16:55 +1300)]
libcli/security: add sddl_decode_err_msg()
This will return an error message, if it can, along with an indicative
position.
For conditional ACEs the message might be accurate, and the position
fine-grained. For example, you might be able to construct the message
like this:
D:(XA;;CC;;;S-1-2-3;(@User.Title == !(@User.Title)))
^
16: unexpected operator
For non-conditional ACEs, the position typically points to the beginning
of the ACE, like this:
D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A; OICI; GRGWGX;;;AU)
^
unknown error
Here the error is in the spaces either side of " OICI; ", but the pointer
points to the beginning of the ACE.
The old sddl_decode() function becomes a wrapper around the new function,
which inherits the guts of the old function.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 20 Oct 2023 23:56:24 +0000 (12:56 +1300)]
libcli/security: sddl_conditional_ace: ensure message is talloced
It is simpler for the message to have consistent parentage; it
is easier to drop one message we'll never see than to talloc it.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 20 Oct 2023 23:56:54 +0000 (12:56 +1300)]
libcli/security: sddl: check a talloc_zero
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 20 Oct 2023 23:47:33 +0000 (12:47 +1300)]
libcli/security: SDDL accepts lowercase "s-" in SIDs
This is what Windows does, and it removes a couple of knownfails.
We can change it here cheaply without affecting the core dom_sid code,
which is good because there seem to be other places where we need the
uppercase S (for example in ldap search <SID=> queries).
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Sun, 29 Oct 2023 22:08:49 +0000 (11:08 +1300)]
librpc:ndr: Increase size of ‘libndr_flags’ type to 64 bits
This gives us thirty‐two new LIBNDR_ flags to play with.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>