libcli/security: conditional aces: don't allow U+0000 in unicode

Allowing this broke a round-trip decode-encode fuzz test. Credit to OSS-Fuzz.

REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=62742

(Comments are from an earlier commit by Douglas Bagnall <douglas.bagnall@catalyst.net.nz>)

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Nov 13 02:30:23 UTC 2023 on atb-devel-224

librpc/ndr: Add support for LIBNDR_FLAG_STR_NO_EMBEDDED_NUL

This requires that, other than termination, no NUL (\0) codepoints
exist in the input string, because bytes beyon that will be lost
in the output string.

This in turn causes trouble for round-trip testing, so it is easiest
to reject it upfront (on an opt-in basis).

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>

librpc/ndr: Remove confusing case where returned string pointer "as" could be NULL

The failure to talloc_strdup("") is just an error and all other cases set the
string or given an error.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Reviewed-by: Joseph Sutton <josephsutton@catalyst.net.nz>

torture3: Correct use of enum client_flavour defines

enum client_flavour does not define LINUX, it defines WINDOWS and
POSIX.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Nov 10 02:33:33 UTC 2023 on atb-devel-224

librpc: Fix the build on FreeBSD

ndr_wsp.h included standalone does not find struct timespec on FreeBSD

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

librpc: Fix #define header guard

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

third_party/heimdal: krb5: Try to decode e-data as KERB-ERROR-DATA (falling back to METHOD-DATA) (Import lorikeet-heimdal-202311092338 (commit 50996e5f0b0f22a4eb755a6f22cb7b4ecab2aeea))

Previously we tried to decode KERB-ERROR-DATA as METHOD-DATA,
resulting in a confusing error message. Now we just ignore it; but we
could also choose to set an error message containing the NTSTATUS code
in hexadecimal.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15514

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Nov 10 01:35:32 UTC 2023 on atb-devel-224

netcmd: Disallow device‐specific attributes and operators for allowed‐to‐authenticate‐from fields

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Nov  9 09:01:25 UTC 2023 on atb-devel-224

netcmd: Add ‘allow_device_in_sddl’ parameter to SDDLField()

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:librpc: Add ‘allow_device_in_sddl’ parameter to security.descriptor.from_sddl()

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli/security: Optionally disallow device‐specific attributes and operators where they are not applicable

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

netcmd:tests: Test authentication policies containing device‐specific attributes and operators

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli/security: Mark arrays ‘const’

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

ilbcli/security: Fix duplicated words

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli/security: Include missing headers

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli/security: Reassign flags

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:librpc: Fix leak

We should not leak error messages returned by sddl_decode_err_msg().

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:librpc: Remove trailing whitespace

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

third_party/heimdal: Import lorikeet-heimdal-202311082119 (commit 844610f06bac2b7b2a208cbabc7414bde23abac7)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Test Kerberos principal names containing non–BMP Unicode characters

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Add ‘expected_sname’ parameter to _fast_as_req()

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Encode KerberosString objects as UTF‐8

Windows treats Kerberos strings as UTF‐8, but by default, pyasn1 encodes
strings as ISO-8859-1. (There is a UTF8String type that gets encoded as
UTF‐8, but it has a different ASN.1 encoding from GeneralString, and so
can’t be used). asn1ate provides no way to override the encoding.
Except…

It turns out we can force UTF‐8 encoding by cunningly overriding
KerberosString.__getattribute__().

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Move ‘rfc4120_pyasn1’ to ‘rfc4120_pyasn1_generated’

‘rfc4120_pyasn1_generated’ is not to be used directly. Its contents are
now reexported from ‘rfc4120_pyasn1’, which becomes a simple wrapper.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

librpc: add missing service control defines

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4-torture: add test for svcctl_ControlServiceExW()

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

librpc: add svcctl_ServiceStopReason enums

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4-torture: add test for svcctl_QueryServiceConfigEx

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

librpc: use SERVICE_CONTROL enum in ControlService calls

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

librpc: add various new commands and types to SVCCTL IDL.

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

svcctl: rename SERVICE_FAILURE_ACTIONS to SERVICE_FAILURE_ACTIONSW

(there will be a SERVICE_FAILURE_ACTIONSA variant also)

Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

svcctl: unify operation names and always prefix with svcctl_

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

vfs_gpfs: Implement CAP_DAC_OVERRIDE for fstatat

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Wed Nov  8 18:42:13 UTC 2023 on atb-devel-224

vfs_gpfs: Implement CAP_DAC_OVERRIDE for fstat

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

vfs_gpfs: Move fstatat with DAC_CAP_OVERRIDE to helper function

Allow reuse of this code.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

vfs_gpfs: Use O_PATH for opening dirfd for stat with CAP_DAC_OVERRIDE

Use O_PATH when available; this avoids the need for READ/LIST access on
that directory. Keep using O_RDONLY if the system does not have O_PATH.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15507

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

s4:kdc: Don’t convey PAC buffers from an RODC‐issued PAC

Such buffers are not to be trusted.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Nov  7 22:54:42 UTC 2023 on atb-devel-224

s4:kdc: Move return code checks closer to where the return codes are set

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:auth: Add comment about claims going ignored for SamLogon

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:auth: Remove trailing whitespace

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Add tests for AllowedToAuthenticateTo with SamLogon

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Add test for an authentication policy that allows a specific account

This is a counterpart to ‘test_conditional_ace_allowed_from_user_deny’.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Correct authentication policy SDDL

There is no claim called ‘abc’, so the condition ‘(abc)’ is always going
to fail. Replace this with a condition using ‘Member_of’.

Furthermore, an ACL containing only Deny ACEs will only ever deny. Add a
trailing Allow ACE so that the ACL might allow other principals.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Remove unused parameter ‘expected_device_groups’

It was never passed in by any callers.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Remove unused parameter ‘expected_device_groups’

It was never passed in by any callers.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

smbd: Make get_real_filename_cache_key() static in files.c

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Nov  7 13:58:07 UTC 2023 on atb-devel-224

smbd: Simplify openat_pathref_fsp_case_insensitive()

This is more lines of code, but it's still a simplification. With this
patch we don't call the full openat_pathref_fsp() anymore when looking
up the last component in filename_convert_dirfsp(), instead we do the
direct SMB_VFS_OPENAT(). We don't need the whole complexity of
non_widelink_open() for this case, we do know that we have a real
non-cwd dirfsp.

The other big change that is not obvious just from looking at the
patch: This removes the special case for looking up posix
symlinks. Before this patch, filename_convert_dirfsp() returned a
proper smb_filename but without an attached fsp when a smb1 posix
client hits a symlink. This caused all sorts of special case code
everywhere. For example smbd_do_qfilepathinfo() needs to cover both
cases just for the smb1 posix symlink case. This special-case handling
can go now. We can do the path lookup in the smb1-only qpathinfo code
and call into the common code with a proper fsp.

When hitting a symlink and with O_PATH available, we'll get the
symlink opened with an O_PATH fd. Without O_PATH we obviously can't do
that, there we get fd=-1 and an indication that we don't have the
procfd fallback around.

Why all this?

I want to present FIFOs (and eventually symlinks) as reparse points as
the very next step. Without this patch, there is no real unified way
to get the file attributes from disk. Now we can use the proper logic
of fdos_mode() everywhere and not rely on special cases for fsp==NULL.

This patch also changes some error codes for smb1 posix extensions. I
chose to just change the test instead of going after each and every
change. As long as we do get an error, I'm willing to accept that we
slightly change error path behaviour for this deprecated code.

And, I tried to split this up into smaller patches but I failed.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

smbd: Make get_real_filename_cache_key() public

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

smbd: We want to delete symlinks as such in reply_unlink()

Even with "follow symlinks = yes" we don't want to delete the target
when being given a symlink name.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

smbd: Make create_open_symlink_err() public

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

smbd: Make in_create_options available in smbd_smb2_create_after_exec()

Enable NT_STATUS_IO_REPARSE_TAG_NOT_HANDLED and _STOPPED_ON_SYMLINK if
not opening with FILE_OPEN_REPARSE_POINT. We only know after all the
open logic what we have.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

smbd: Make a fake file's stat a valid regular file

We'll add strict checks to only open IFDIR and IFREG soon.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

smbd: Simplify fsp_fullbasepath()

Don't call snprintf() if not necessary.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

smbd: Correct PATH_ vs NAME_NOT_FOUND for not following lcomp

Right now this is handled in openat_pathref_fsp(), but this will
change soon.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

smbd: Return OBJECT_NAME_NOT_FOUND if lcomp points outside the share

filename_convert_dirfsp() is the only caller of
safe_symlink_target_path(). Right now this is not called with
"unparsed==0" because the last component is handled in
openat_pathref_fsp() and thus non_widelink_open(). I have code that
will change this, so that we can simplify
openat_pathref_fsp_case_insensitive() to directly call OPENAT, not
going through non_widelink_open. This will cause
safe_symlink_target_path() also be called for the last component,
which means it needs logic to distinguish between PATH_ and
NAME_NOT_FOUND.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

smbd: Return open_symlink_err from filename_convert_dirfsp_nosymlink()

Don't lose information returned from openat_pathref_fsp_nosymlink()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

libcli: Fix whitespace

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

smbd: We don't reopen anything but dirs and files

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

smbd: Remove a few pointless return; statements

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

smbd: Protect ea-reading on symlinks

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

smbd: Remove an assert that never triggers

We've checked that right above.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

librpc: Fix error path cleanups in start_rpc_host_send()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

CI: smb3unix.py: check more attributes of test files (and dirs) in test_posix_perm_files()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun Nov  5 19:35:51 UTC 2023 on atb-devel-224

smbtorture3: also check test file and it's attributes in two POSIX tests

Verifies that the correct DOS attribute, FILE_ATTRIBUTE_ARCHIVE in this case,
are returned over SMB1 with UNIX extensions.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: allow setting ARCHIVE bit in POSIX context with "store dos attributes"

Cf https://lists.samba.org/archive/samba-technical/2023-October/138504.html

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbtorture3: prepare POSIX tests for differentianting between client flavour in the list callback

No change in behaviour.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbtorture3: remove unused initializers

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: s/FILE_ATTRIBUTES_INVALID/FILE_ATTRIBUTE_INVALID/g

No idea what got me into having an "S" in the define when I added it.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbtorture3: reduce indentation in posix_ls_fn()

Prepares for adding more logic in a later commit.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: allow POSIX opens for file_set_dosmode() in rename_internals_fsp()

As this check was previously added to file_set_dosmode() this is not yet a
change in behaviour.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: allow POSIX opens for file_set_dosmode() in mkdir_internal()

As this check was previously added to file_set_dosmode() this is not yet a
change in behaviour.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: allow POSIX opens for file_set_dosmode() in mark_file_modified()

As this check was previously added to file_set_dosmode() this is not yet a
change in behaviour.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: move POSIX check from possibly_set_archive() to file_set_dosmode()

No change in behaviour. Move the check to the more low-level function
file_set_dosmode() to ensure all callers use this consistently.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: in file_set_dosmode() do an early exit if smb_fname->fsp is NULL

No change in behaviour. Simplifies coming changes.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: ignore symlinks in file_set_dosmode()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: add and use helper function possibly_set_archive()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: remove call to fdos_mode() when setting DOS attrs

This added in 49a754b82d33fb523cda4151a865584ae52a2e2f to work with stored
itime based File-Ids. Since switching back to purely inode based File-Ids we
can remove this call that primed itime from DOS xattr.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

third_party/heimdal: Import lorikeet-heimdal-202311030123 (commit 2346a67fe25cbf16128501665db41f6840546e15)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Nov  3 03:53:08 UTC 2023 on atb-devel-224

tests/krb5: Fix comments

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Nov  2 20:13:50 UTC 2023 on atb-devel-224

tests/krb5: Test RODC‐issued TGTs that already contain device info/claims

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Don’t reuse SID S-1-2-3-4

We’re already using it in ‘client_sids’ to work around a bug in Windows.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Test target authentication policies when the TGT already contains device info/claims

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Add tests for PACs containing extraneous buffers

Test that the KDC removes these buffers from RODC‐issued PACs.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Pass a list of PAC modification functions

This is simpler than chaining functions together.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Test performing a FAST‐armored TGS‐REQ when the TGT already contains device info/claims

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Add support to test framework for existing device info or claims buffers

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Always expect client claims

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Ensure that device SIDs and claims are present only if we expect them to be

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: No longer pass two‐component form of TGS principal

Samba now handles one‐component TGS principals more correctly.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Remove unused import

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

selftest/flapping: Mark smb2.multichannel.bugs.bug_15346(nt4_dc) flapping

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15498

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests: Convert the regression test for bug15505 to python

The shell version is flapping, but I can't really figure out
why. Maybe this version is not flapping, and it also shows the failure
if you revert 952d6c2cf48.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests: Make clean_file() handle directories

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests: Allow to specify share names in smb2symlink tests

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:rpc_server: Properly initialize ‘lsa_CreateTrustedDomainEx2’ structure (CID 1499404)

dcesrv_lsa_CreateTrustedDomain_base() invokes DCESRV_PULL_HANDLE(),
which invokes DCESRV_PULL_HANDLE_RETVAL(), which invokes
DCESRV_CHECK_HANDLE(), which might invoke DCESRV_FAULT(), which accesses
r2.out.result, which is uninitialized — invoking undefined behaviour.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu Nov  2 04:04:49 UTC 2023 on atb-devel-224

s4:rpc_server: Properly initialize ‘lsa_CreateTrustedDomainEx2’ structure (CID 1499407)

dcesrv_lsa_CreateTrustedDomain_base() invokes DCESRV_PULL_HANDLE(),
which invokes DCESRV_PULL_HANDLE_RETVAL(), which invokes
DCESRV_CHECK_HANDLE(), which might invoke DCESRV_FAULT(), which accesses
r2.out.result, which is uninitialized — invoking undefined behaviour.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:rpc_client: Add missing ‘break’ statement

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:rpc_client: Align integer types (CID 1548342)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:utils: Initialize flags (CID 1499396)

If ‘got_bcast’ is false and ‘give_flags’ is true, this variable will be
used uninitialized.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:utils: Avoid integer overflow (CID 1548343)

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:utils: Align integer type

If ‘count’ is larger than INT_MAX, ‘i’ might overflow in the loop and
lead to undefined behaviour.

See also CID 1548342.

Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>