docs: Document new tdbdump -x option

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tdb: Add test for tdbdump -x

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tdb: Add tdbdump option to output all data as hex values

This can be useful for debugging tdb databases, the hex output of the
key can be used for "net tdb" or ctdb commands.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tdb: Add test for tdbdump command

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tdb: Return failure as exit status from test_tdbbackup.sh

When this test is called from wscript, only the exit code is checked.
Track failures and return as non-zero exit code.

Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3: winbindd: winbindd_pam: fix leak in extract_pac_vrfy_sigs

Add missing free for entry variable and its members : key and principal
Found definite memory leaks via valgrind as shown below.

Leak 1 :
==1686== 76,800 bytes in 2,400 blocks are definitely lost in loss record 432 of 433
==1686==    at 0x4C38185: malloc (vg_replace_malloc.c:431)
==1686==    by 0x79CBFED: krb5int_c_copy_keyblock_contents (keyblocks.c:101)
==1686==    by 0x621CFA3: krb5_mkt_get_next (kt_memory.c:500)
==1686==    by 0x141186: extract_pac_vrfy_sigs (winbindd_pam.c:3384)
==1686==    by 0x141186: winbindd_pam_auth_pac_verify (winbindd_pam.c:3434)
==1686==    by 0x17ED21: winbindd_pam_auth_crap_send (winbindd_pam_auth_crap.c:68)
==1686==    by 0x127F45: process_request_send (winbindd.c:502)
==1686==    by 0x127F45: winbind_client_request_read (winbindd.c:749)
==1686==    by 0x124AAF: wb_req_read_done (wb_reqtrans.c:126)
==1686==    by 0x66D4706: tevent_common_invoke_fd_handler (tevent_fd.c:142)
==1686==    by 0x66DAF4E: epoll_event_loop (tevent_epoll.c:737)
==1686==    by 0x66DAF4E: epoll_event_loop_once (tevent_epoll.c:938)
==1686==    by 0x66D8F5A: std_event_loop_once (tevent_standard.c:110)
==1686==    by 0x66D39B4: _tevent_loop_once (tevent.c:823)
==1686==    by 0x1232F3: main (winbindd.c:1718)

Leak 2 :
==1686==    at 0x4C38185: malloc (vg_replace_malloc.c:431)
==1686==    by 0x62255E4: krb5_copy_principal (copy_princ.c:38)
==1686==    by 0x621D003: krb5_mkt_get_next (kt_memory.c:503)
==1686==    by 0x141186: extract_pac_vrfy_sigs (winbindd_pam.c:3384)
==1686==    by 0x141186: winbindd_pam_auth_pac_verify (winbindd_pam.c:3434)
==1686==    by 0x17ED21: winbindd_pam_auth_crap_send (winbindd_pam_auth_crap.c:68)
==1686==    by 0x127F45: process_request_send (winbindd.c:502)
==1686==    by 0x127F45: winbind_client_request_read (winbindd.c:749)
==1686==    by 0x124AAF: wb_req_read_done (wb_reqtrans.c:126)
==1686==    by 0x66D4706: tevent_common_invoke_fd_handler (tevent_fd.c:142)
==1686==    by 0x66DAF4E: epoll_event_loop (tevent_epoll.c:737)
==1686==    by 0x66DAF4E: epoll_event_loop_once (tevent_epoll.c:938)
==1686==    by 0x66D8F5A: std_event_loop_once (tevent_standard.c:110)
==1686==    by 0x66D39B4: _tevent_loop_once (tevent.c:823)
==1686==    by 0x1232F3: main (winbindd.c:1718)

Signed-off-by: Shaleen Bathla <shaleen.bathla@oracle.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue Apr 16 10:22:51 UTC 2024 on atb-devel-224

s4:dsdb: Implement msDS-ManagedPassword attribute

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Apr 16 05:02:30 UTC 2024 on atb-devel-224

s4:dsdb: Add extra attrs to search request even if replacement attribute is NULL

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python:tests: Catch failures to authenticate with gMSA managed passwords

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

selftest: Expand out knownfails for gMSA getpassword tests

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dsdb: Set up passwords and password IDs of new gMSAs

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dsdb: Add functions for Group Managed Service Accounts implementation

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dsdb: Factor out a function to remove all password related attributes

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

lib:crypto: Reformat source code

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Add tests for gMSAs

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python:nt_time: Add NT_TIME_MAX constant

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python:gkdi: Reformat code with ‘ruff’

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python:gkdi: Add Gkdi.from_key_envelope() method

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python:gkdi: Add notes on GKDI time periods

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/gkdi: Change ‘current_gkid’ parameter to ‘current_time’

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/gkdi: Remove implicit clock skew offset

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/gkdi: Allow current time to be overridden

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Make use of ‘expect_edata’ parameter

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Remove unused variable

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Fix code spelling

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

tests/krb5: Remove unused import

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python:tests: Fix typo

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python:tests: Reformat code

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python:tests: Fix set declaration

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python:tests: Replace deprecated method assertRaisesRegexp()

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:ldap_server: Consider ldapi connections to be encrypted

Modifications to unicodePwd require an encrypted connection. This change
allows unicodePwd to be modified over an ldapi connection.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15634

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:ldap_server: Store whether an LDAP connection is over ldapi

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15634

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:ldap_server: Add copy of non‐privileged ops specifically for ldapi connections

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15634

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:ldap_server: Rename privileged ops to indicate they are used for ldapi

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15634

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:ldap_server: Fix code spelling

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15634

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:ldap_server: Remove trailing whitespace

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15634

Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

selftest: Move some KDS root key tests around to prepare for gMSA server side

Once we have a gMSA server side the impact of deleting root keys becomes real
and so we must do this in a quiet place where it can not impact on other things.

Likewise, we want the samba.tests.dsdb_quiet_provision_tests tests to run
somewhere that is not doing other things, so we can see what a bare provision
will do.  We must not allow test ordering inside the file to cause tests that
create root keys to run before checking if provision created a usable root key.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>

selftest: Remove duplicate setup of "spn/upn namespaces" in the customdc testenv

The call to $self->setup_namespaces() was allways in error, as the design
is to have the in the state that it was backed up in, but before commit
08be28241b808845c4b51a4c47765a9416ca3aa7 the error return was not
checked and so this was harmless.

The customdc environment is not tested in selftest currently, as
it is intended to be used for manual testing of domains from backup
files not as an automatically constructed environment.

This makes:
 BACKUP_FILE=samba-backup-2024-04-11T14-10-20.437096.tar.bz2 SELFTEST_TESTENV=customdc make testenv
work again.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>

s3:auth: Add support standalone server with MIT Keberos 1.21

This adds support for MIT Kerberos minimal PAC. Tickets from pure
Kerberos realms with MIT Kerberos 1.21 or newer will always include a
minimal PAC. The PAC include the checksum buffers and a logon_name PAC
buffer.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:auth: Split auth3_generate_session_info_pac() into functions

This gets rid of the multiple goto and just have a single destructor
goto.
Best view this commit with `git show -b <sha> --color-moved=zebra`

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:auth: Re-format auth3_generate_session_info_pac()

This is in preparation to split up the function into several functions.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:auth: Remove trailing spaces

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

smbdotconf: Enable "winbind debug traceid" by default

The traceid debug header field is a useful feature, let's make it
default.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15631

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Mon Apr 15 18:47:41 UTC 2024 on atb-devel-224

s3:libsmb: Fix panic in cliconnect.c

This command line panics:

$ bin/rpcclient ncacn_np: -c epmlookup

0  __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
1  0x00007ffff64ae8a3 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78
2  0x00007ffff645c8ee in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
3  0x00007ffff64448ff in __GI_abort () at abort.c:79
4  0x00007ffff7b01524 in tevent_req_is_nterror (req=0x555555728610, status=0x7fffffff9bb4) at ../../lib/util/tevent_ntstatus.c:66
5  0x00007ffff7b9fd91 in cli_connect_nb_recv (req=0x555555728610, pcli=0x5555556fcb18) at ../../source3/libsmb/cliconnect.c:2731
6  0x00007ffff7ba02a8 in cli_start_connection_connected (subreq=0x555555728610) at ../../source3/libsmb/cliconnect.c:2882
7  0x00007ffff7aecb1a in _tevent_req_notify_callback (req=0x555555728610, location=0x7ffff7bde0e0 "../../source3/libsmb/cliconnect.c:2686") at ../../lib/tevent/tevent_req.c:177
8  0x00007ffff7aeccab in tevent_req_finish (req=0x555555728610, state=TEVENT_REQ_USER_ERROR, location=0x7ffff7bde0e0 "../../source3/libsmb/cliconnect.c:2686") at ../../lib/tevent/tevent_req.c:234
9  0x00007ffff7aecdda in tevent_req_trigger (ev=0x5555557182e0, im=0x555555728720, private_data=0x555555728610) at ../../lib/tevent/tevent_req.c:291
10 0x00007ffff7aeb513 in tevent_common_invoke_immediate_handler (im=0x555555728720, removed=0x0) at ../../lib/tevent/tevent_immediate.c:190
11 0x00007ffff7aeb685 in tevent_common_loop_immediate (ev=0x5555557182e0) at ../../lib/tevent/tevent_immediate.c:236
12 0x00007ffff7af7502 in epoll_event_loop_once (ev=0x5555557182e0, location=0x7ffff7af8ac0 "../../lib/tevent/tevent_req.c:342") at ../../lib/tevent/tevent_epoll.c:905
13 0x00007ffff7af2d22 in std_event_loop_once (ev=0x5555557182e0, location=0x7ffff7af8ac0 "../../lib/tevent/tevent_req.c:342") at ../../lib/tevent/tevent_standard.c:110
14 0x00007ffff7ae93ab in _tevent_loop_once (ev=0x5555557182e0, location=0x7ffff7af8ac0 "../../lib/tevent/tevent_req.c:342") at ../../lib/tevent/tevent.c:820
15 0x00007ffff7aecf9e in tevent_req_poll (req=0x555555728290, ev=0x5555557182e0) at ../../lib/tevent/tevent_req.c:342
16 0x00007ffff7b01647 in tevent_req_poll_ntstatus (req=0x555555728290, ev=0x5555557182e0, status=0x7fffffff9f4c) at ../../lib/util/tevent_ntstatus.c:109
17 0x00007ffff7ba246a in cli_full_connection_creds (output_cli=0x7fffffffa220, my_name=0x555555701990 "CLUSTEREDMEMBER", dest_host=0x0, dest_ss=0x0, port=0, service=0x5555556981d1 "IPC$", service_type=0x5555556981d6 "IPC", creds=0x5555556fa410, flags=4096) at ../../source3/libsmb/cliconnect.c:3807
18 0x0000555555619ae9 in main (argc=4, argv=0x7fffffffa3e8) at ../../source3/rpcclient/rpcclient.c:1308

tevent_req_is_nterror() expects error set by tevent_req_nterror()
- to have TEVENT_NTERROR_MAGIC, otherwise it calls abort().

Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Mon Apr 15 14:55:21 UTC 2024 on atb-devel-224

s4:dns_server: less noisy, more informative debug messages

This shouldn't have been DBG_ERR, and it might as well say something
about the tombstone.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15630

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Apr 12 15:18:05 UTC 2024 on atb-devel-224

s3:libsmb_xattr: ace_compare() uses NUMERIC_CMP()

the access_mask is the easiest to overflow with subtraction -- other
fields are 8 or 16 bit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr 10 23:58:12 UTC 2024 on atb-devel-224

s3:util:sharesec ace_compare() uses NUMERIC_CMP()

ace->access_mask is uint32_t, so can overflow a signed int.
This would be easy to trigger, as it is a flags field rather than an
allocation count.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:smbcacls: use NUMERIC_CMP in ace_compare

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:util:net_registry: registry_value_cmp() uses NUMERIC_CMP()

v->type is an int-sized enum, so overflow might be possible if it could
be arbitrarily set.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:wins: use NUMERIC_CMP in nbtd_wins_randomize1Clist_sort()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:wins: winsdb_addr_sort_list() uses NUMERIC_CMP()

expire_time is time_t, which is at least int-sized, so overflow is
possible (if this code ever runs).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:wins: use NUMERIC_CMP in winsdb_addr_sort_list()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dns_server: use NUMERIC_CMP in rec_cmp()

dnsp_DnssrvRpcRecord.dwTimeStamp is uint32_t, making overflow possible.

dnsp_DnssrvRpcRecord.wType is an enum, which has the size of an int,
though it may be hard to set it to overflowing values.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:rpc_server: compare_SamEntry() uses NUMERIC_CMP()

SamEntry.idx is uint32_t.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:lib:util_tdb: use NUMERIC_CMP() in tdb_data_cmp()

Although these are size_t, in practice TDB data is limited to 32 bit.
Even so, overflow of a signed int is possible.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli/security: use NUMERIC_CMP in dom_sid_compare_auth()

These numbers are all 8 bit, so overflow is unlikely.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

libcli/security: use NUMERIC_CMP in dom_sid_compare()

sid->num_auths is always small (int8 < 16), so this is cosmetic only.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

ldb: reduce non-transitive comparisons in ldb_msg_element_compare()

We can still have inconsistent comparisons, because two elements with
the same number of values will always return -1 if they are unequal,
which means they will sort differently depending on the order in which
they are compared.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

ldb: avoid non-transitive comparison in ldb_val_cmp()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

util:datablob: avoid non-transitive comparison in data_blob_cmp()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

ldb:attrib_handlers: ldb_comparison_binary uses NUMERIC_CMP()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

ldb:attrib_handlers: ldb_comparison_Boolean uses NUMERIC_CMP()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

util: charset:util_str: use NUMERIC_CMP in strncasecmp_m_handle

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

lib/torture: add assert_int_{less,greater} macros

In some situations, like comparison functions for qsort, we don't care
about the actual value, just whethger it was greater or less than
zero.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:libsmb:namequery: use NUMERIC_CMP in addr_compare

This one was OK, as the numbers are tightly bound, but there is no
real reason not to do it safely.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s3:libsmb:namequery: note intransitivity in addr_compare()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

util:charset:codepoints: codepoint_cmpi warning about non-transitivity

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

util:charset:codepoints: condepoint_cmpi uses NUMERIC_CMP()

If these are truly unicode codepoints (< ~2m) there is no overflow,
but the type is defined as uint32_t.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

util:test: test_ms_fn_match_protocol_no_wildcard: allow -1

We have changed strcasecmp_m() to return -1 in a place where it used
to return -3. This upset a test, but it shouldn't have: the exact
value of the negative int is not guaranteed by the function.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

util:charset:util_str: use NUMERIC_CMP in strcasecmp_m_handle

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

torture:charset: test more of strcasecmp_m

We now test cases:

1. where the first string compares less
2. one of the strings ends before the other
3. the strings differ on a character other than the first.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

torture:charset: use < and > assertions for strncasecmp_m

strncasecmp_m is supposed to return a negative, zero, or positive
number, not necessarily the difference between the codepoints in
the first  character that differs, which we have been asserting up to
now.

This fixes a knownfail on 32 bit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

torture:charset: use < and > assertions for strcasecmp_m

strcasecmp_m is supposed to return a negative, zero, or positive
number, depending on whether the first argument is less than, equal to,
or greater than the second argument (respectively).

We have been asserting that it returns exactly the difference between
the codepoints in the first character that differs.

This fixes a knownfail on 32 bit.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

util:binsearch: user NUMERIC_CMP()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4: use numeric_cmp in dns_common_sort_zones()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:dsdb:mod:operational: use NUMERIC_CMP in pso_compare

prec_{1,2} are uint32_t, and if one is not set we are defaulting to
0xffffffff (a.k.a UINT32_MAX), so an overflow when cast to int seems
extremely likely.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:ntvfs: use NUMERIC_CMP in stream_name_cmp

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

ldb:ldb_dn: use safe NUMERIC_CMP in ldb_dn_compare()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

ldb:ldb_dn: use safe NUMERIC_CMP in ldb_dn_compare_base()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

ldb: add NUMERIC_CMP macro to ldb.h

In other places we tend to include tsort.h, which also has TYPESAFE_QSORT.

ldb.h already has TYPESAFE_QSORT, so it might as well have NUMERIC_CMP.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

util:tsort.h: add a macro for safely comparing numbers

In many places we use `return a - b;` in a comparison function. This can
be problematic if the comparison is used in a sort, as `a - b` is not
guaranteed to do what we expect. For example:

* if a and b are 2s-complement ints, a is INT_MIN and b is INT_MAX, then
  a - b = 1, which is wrong.

* if a and b are 64 bit pointers, a - b could wrap around many times in
  a cmp function returning 32 bit ints. (We do this often).

The issue is not just that a sort could go haywire.
Due to a bug in glibc, this could result in out-of-bounds access:

https://www.openwall.com/lists/oss-security/2024/01/30/7

(We have replicated this bug in ldb_qsort).

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

lib/fuzzing/decode_ndr_X_crash: guess the pipe from filename

Usually we are dealing with a filename that tells you what the pipe is,
and there is no reason for this debug helper not to be convenient

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

ldb: avoid out of bounds read and write in ldb_qsort()

If a compare function is non-transitive (for example, if it evaluates
A > B and B > C, but A < C), this implementation of qsort could access
out-of-bounds memory. This was found in glibc's qsort by Qualys, and
their write-up for OSS-Security explains it very well:

 https://www.openwall.com/lists/oss-security/2024/01/30/7

An example of a non-transitive compare is one in which does this

 int cmp(const void *_a, const void *_b)
 {
        int a = *(int *)_a;
        int b = *(int *)_b;
        return a - b;
 }

which does the right thing when the magnitude of the numbers is small,
but which will go wrong if a is INT_MIN and b is INT_MAX. Likewise, if
a and b are e.g. uint32_t, the value can wrap when cast to int.

We have functions that are non-transitive regardless of subtraction.
For example, here (which is not used with ldb_qsort):

 int codepoint_cmpi(codepoint_t c1, codepoint_t c2)
        if (c1 == c2 ||
            toupper_m(c1) == toupper_m(c2)) {
                return 0;
        }
        return c1 - c2;
 }

The toupper_m() is only called on equality case. Consider {'a', 'A', 'B'}.
     'a' == 'A'
     'a' >  'B'  (lowercase letters come after upper)
     'A' <  'B'

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15569
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

selftest: move some more expected failures to expectedfail.d

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr 10 06:15:46 UTC 2024 on atb-devel-224

ldb: Add more segfault tests DN handling

- from_dict DN use-after-free
- check for the same directly creating the ldb.Message

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>

pyldb: don't allow py_ldb_dn_copy() with the wrong pyldb

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

python:upgrade/upgradeprovision: use dn.copy to align ldbs

We need to do this when the dn is on a message from another ldb.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pyldb: add dn.copy() python method.

Sometimes you want to use a Dn object from one LDB with another LDB,
but this no longer works.

One way to do it is:

  new_dn = ldb.Dn(samdb, str(old_dn))

but with this, you can just:

  new_dn = old_dn.copy(samdb)

or, if you are putting it on a message which has a DN:

  msg.dn = old_dn.copy(msg.ldb)

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

s4:samba_upgradeprovision: align DN ownership

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pyldb: add Message.ldb accessor

See the last commit for comments about how this is useful for
debugging.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pyldb: add Dn.ldb accessor

This, and the next commit, might help in debugging when you see a
traceback that ends like this:

  File "/data/samba/samba/bin/samba_upgradeprovision", line 664, in add_missing_object
      delta.dn = dn
  RuntimeError: DN is from the wrong LDB

in this case you could force a solution with something like:

 delta.dn = ldb.dn(delta.ldb, str(dn))

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pyldb: add PyErr_internal_LDB_DN_OR_RAISE

This might be faster than the circuitous route.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pyldb: normalise name of pyldb_Message_Check

c.f. pyldb_MessageElement_Check, pyldb_Dn_Check.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

ldb:pyldb: reorder structs for possible type-punning

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pyldb: py_ldb_msg_set_dn checks dn ldb equality

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pyldb: py_ldb_msg_elements uses PyErr_LDB_MESSAGE_OR_RAISE

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pyldb: py_ldb_msg_items checks for more errors

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pldb: py_ldb_msg_items uses PyErr_LDB_MESSAGE_OR_RAISE

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pyldb: py_ldb_msg_contains() checks ldb equality

We can't use PyErr_LDB_MESSAGE_OR_RAISE() here, because the return type
is int, not PyObject*.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>

pyldb: py_ldb_msg_keys() uses PyErr_LDB_MESSAGE_OR_RAISE

We change the [unused, because it always cast] signature of
py_ldb_msg_iter() in the same commit, because that is just a wrapper
around _keys() and this maintains bisectability with the least fuss.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>