Pavel Filipenský [Thu, 11 Apr 2024 11:01:28 +0000 (13:01 +0200)]
smbdotconf: Enable "winbind debug traceid" by default
The traceid debug header field is a useful feature, let's make it
default.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15631
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Douglas Bagnall [Wed, 10 Apr 2024 23:52:14 +0000 (11:52 +1200)]
s4:dns_server: less noisy, more informative debug messages
This shouldn't have been DBG_ERR, and it might as well say something
about the tombstone.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15630
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Apr 12 15:18:05 UTC 2024 on atb-devel-224
Douglas Bagnall [Thu, 4 Apr 2024 01:33:47 +0000 (14:33 +1300)]
s3:libsmb_xattr: ace_compare() uses NUMERIC_CMP()
the access_mask is the easiest to overflow with subtraction -- other
fields are 8 or 16 bit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr 10 23:58:12 UTC 2024 on atb-devel-224
Douglas Bagnall [Thu, 4 Apr 2024 01:08:02 +0000 (14:08 +1300)]
s3:util:sharesec ace_compare() uses NUMERIC_CMP()
ace->access_mask is uint32_t, so can overflow a signed int.
This would be easy to trigger, as it is a flags field rather than an
allocation count.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 2 Apr 2024 23:56:48 +0000 (12:56 +1300)]
s3:smbcacls: use NUMERIC_CMP in ace_compare
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 4 Apr 2024 01:25:54 +0000 (14:25 +1300)]
s3:util:net_registry: registry_value_cmp() uses NUMERIC_CMP()
v->type is an int-sized enum, so overflow might be possible if it could
be arbitrarily set.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 2 Apr 2024 23:53:32 +0000 (12:53 +1300)]
s4:wins: use NUMERIC_CMP in nbtd_wins_randomize1Clist_sort()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 4 Apr 2024 01:16:21 +0000 (14:16 +1300)]
s4:wins: winsdb_addr_sort_list() uses NUMERIC_CMP()
expire_time is time_t, which is at least int-sized, so overflow is
possible (if this code ever runs).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 2 Apr 2024 23:54:09 +0000 (12:54 +1300)]
s4:wins: use NUMERIC_CMP in winsdb_addr_sort_list()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 4 Apr 2024 01:22:24 +0000 (14:22 +1300)]
s4:dns_server: use NUMERIC_CMP in rec_cmp()
dnsp_DnssrvRpcRecord.dwTimeStamp is uint32_t, making overflow possible.
dnsp_DnssrvRpcRecord.wType is an enum, which has the size of an int,
though it may be hard to set it to overflowing values.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 4 Apr 2024 01:10:45 +0000 (14:10 +1300)]
s4:rpc_server: compare_SamEntry() uses NUMERIC_CMP()
SamEntry.idx is uint32_t.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 4 Apr 2024 01:01:24 +0000 (14:01 +1300)]
s3:lib:util_tdb: use NUMERIC_CMP() in tdb_data_cmp()
Although these are size_t, in practice TDB data is limited to 32 bit.
Even so, overflow of a signed int is possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 4 Apr 2024 00:53:58 +0000 (13:53 +1300)]
libcli/security: use NUMERIC_CMP in dom_sid_compare_auth()
These numbers are all 8 bit, so overflow is unlikely.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 4 Apr 2024 00:43:47 +0000 (13:43 +1300)]
libcli/security: use NUMERIC_CMP in dom_sid_compare()
sid->num_auths is always small (int8 < 16), so this is cosmetic only.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 3 Apr 2024 22:26:25 +0000 (11:26 +1300)]
ldb: reduce non-transitive comparisons in ldb_msg_element_compare()
We can still have inconsistent comparisons, because two elements with
the same number of values will always return -1 if they are unequal,
which means they will sort differently depending on the order in which
they are compared.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 3 Apr 2024 22:22:58 +0000 (11:22 +1300)]
ldb: avoid non-transitive comparison in ldb_val_cmp()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 3 Apr 2024 22:07:06 +0000 (11:07 +1300)]
util:datablob: avoid non-transitive comparison in data_blob_cmp()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 3 Apr 2024 04:43:03 +0000 (17:43 +1300)]
ldb:attrib_handlers: ldb_comparison_binary uses NUMERIC_CMP()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 3 Apr 2024 04:32:48 +0000 (17:32 +1300)]
ldb:attrib_handlers: ldb_comparison_Boolean uses NUMERIC_CMP()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 3 Apr 2024 03:16:44 +0000 (16:16 +1300)]
util: charset:util_str: use NUMERIC_CMP in strncasecmp_m_handle
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 5 Apr 2024 01:22:11 +0000 (14:22 +1300)]
lib/torture: add assert_int_{less,greater} macros
In some situations, like comparison functions for qsort, we don't care
about the actual value, just whethger it was greater or less than
zero.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 3 Apr 2024 03:13:07 +0000 (16:13 +1300)]
s3:libsmb:namequery: use NUMERIC_CMP in addr_compare
This one was OK, as the numbers are tightly bound, but there is no
real reason not to do it safely.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 3 Apr 2024 03:10:38 +0000 (16:10 +1300)]
s3:libsmb:namequery: note intransitivity in addr_compare()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 4 Apr 2024 01:56:16 +0000 (14:56 +1300)]
util:charset:codepoints: codepoint_cmpi warning about non-transitivity
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 3 Apr 2024 02:53:29 +0000 (15:53 +1300)]
util:charset:codepoints: condepoint_cmpi uses NUMERIC_CMP()
If these are truly unicode codepoints (< ~2m) there is no overflow,
but the type is defined as uint32_t.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 4 Apr 2024 04:23:15 +0000 (17:23 +1300)]
util:test: test_ms_fn_match_protocol_no_wildcard: allow -1
We have changed strcasecmp_m() to return -1 in a place where it used
to return -3. This upset a test, but it shouldn't have: the exact
value of the negative int is not guaranteed by the function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 3 Apr 2024 02:49:55 +0000 (15:49 +1300)]
util:charset:util_str: use NUMERIC_CMP in strcasecmp_m_handle
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 5 Apr 2024 01:46:48 +0000 (14:46 +1300)]
torture:charset: test more of strcasecmp_m
We now test cases:
1. where the first string compares less
2. one of the strings ends before the other
3. the strings differ on a character other than the first.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 5 Apr 2024 01:43:42 +0000 (14:43 +1300)]
torture:charset: use < and > assertions for strncasecmp_m
strncasecmp_m is supposed to return a negative, zero, or positive
number, not necessarily the difference between the codepoints in
the first character that differs, which we have been asserting up to
now.
This fixes a knownfail on 32 bit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 5 Apr 2024 00:14:38 +0000 (13:14 +1300)]
torture:charset: use < and > assertions for strcasecmp_m
strcasecmp_m is supposed to return a negative, zero, or positive
number, depending on whether the first argument is less than, equal to,
or greater than the second argument (respectively).
We have been asserting that it returns exactly the difference between
the codepoints in the first character that differs.
This fixes a knownfail on 32 bit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 3 Apr 2024 02:47:10 +0000 (15:47 +1300)]
util:binsearch: user NUMERIC_CMP()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 2 Apr 2024 23:55:54 +0000 (12:55 +1300)]
s4: use numeric_cmp in dns_common_sort_zones()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 2 Apr 2024 23:55:27 +0000 (12:55 +1300)]
s4:dsdb:mod:operational: use NUMERIC_CMP in pso_compare
prec_{1,2} are uint32_t, and if one is not set we are defaulting to
0xffffffff (a.k.a UINT32_MAX), so an overflow when cast to int seems
extremely likely.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 2 Apr 2024 23:52:50 +0000 (12:52 +1300)]
s4:ntvfs: use NUMERIC_CMP in stream_name_cmp
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 2 Apr 2024 23:51:04 +0000 (12:51 +1300)]
ldb:ldb_dn: use safe NUMERIC_CMP in ldb_dn_compare()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 2 Apr 2024 23:50:47 +0000 (12:50 +1300)]
ldb:ldb_dn: use safe NUMERIC_CMP in ldb_dn_compare_base()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 3 Apr 2024 04:53:39 +0000 (17:53 +1300)]
ldb: add NUMERIC_CMP macro to ldb.h
In other places we tend to include tsort.h, which also has TYPESAFE_QSORT.
ldb.h already has TYPESAFE_QSORT, so it might as well have NUMERIC_CMP.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 2 Apr 2024 23:43:27 +0000 (12:43 +1300)]
util:tsort.h: add a macro for safely comparing numbers
In many places we use `return a - b;` in a comparison function. This can
be problematic if the comparison is used in a sort, as `a - b` is not
guaranteed to do what we expect. For example:
* if a and b are 2s-complement ints, a is INT_MIN and b is INT_MAX, then
a - b = 1, which is wrong.
* if a and b are 64 bit pointers, a - b could wrap around many times in
a cmp function returning 32 bit ints. (We do this often).
The issue is not just that a sort could go haywire.
Due to a bug in glibc, this could result in out-of-bounds access:
https://www.openwall.com/lists/oss-security/2024/01/30/7
(We have replicated this bug in ldb_qsort).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 27 Mar 2024 23:57:54 +0000 (12:57 +1300)]
lib/fuzzing/decode_ndr_X_crash: guess the pipe from filename
Usually we are dealing with a filename that tells you what the pipe is,
and there is no reason for this debug helper not to be convenient
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 3 Apr 2024 22:06:00 +0000 (11:06 +1300)]
ldb: avoid out of bounds read and write in ldb_qsort()
If a compare function is non-transitive (for example, if it evaluates
A > B and B > C, but A < C), this implementation of qsort could access
out-of-bounds memory. This was found in glibc's qsort by Qualys, and
their write-up for OSS-Security explains it very well:
https://www.openwall.com/lists/oss-security/2024/01/30/7
An example of a non-transitive compare is one in which does this
int cmp(const void *_a, const void *_b)
{
int a = *(int *)_a;
int b = *(int *)_b;
return a - b;
}
which does the right thing when the magnitude of the numbers is small,
but which will go wrong if a is INT_MIN and b is INT_MAX. Likewise, if
a and b are e.g. uint32_t, the value can wrap when cast to int.
We have functions that are non-transitive regardless of subtraction.
For example, here (which is not used with ldb_qsort):
int codepoint_cmpi(codepoint_t c1, codepoint_t c2)
if (c1 == c2 ||
toupper_m(c1) == toupper_m(c2)) {
return 0;
}
return c1 - c2;
}
The toupper_m() is only called on equality case. Consider {'a', 'A', 'B'}.
'a' == 'A'
'a' > 'B' (lowercase letters come after upper)
'A' < 'B'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15569
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 22 Mar 2024 03:20:18 +0000 (16:20 +1300)]
selftest: move some more expected failures to expectedfail.d
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr 10 06:15:46 UTC 2024 on atb-devel-224
Andrew Bartlett [Mon, 25 Mar 2024 09:21:19 +0000 (22:21 +1300)]
ldb: Add more segfault tests DN handling
- from_dict DN use-after-free
- check for the same directly creating the ldb.Message
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Douglas Bagnall [Sun, 17 Mar 2024 23:24:53 +0000 (12:24 +1300)]
pyldb: don't allow py_ldb_dn_copy() with the wrong pyldb
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sun, 17 Mar 2024 05:07:44 +0000 (18:07 +1300)]
python:upgrade/upgradeprovision: use dn.copy to align ldbs
We need to do this when the dn is on a message from another ldb.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sun, 17 Mar 2024 04:56:09 +0000 (17:56 +1300)]
pyldb: add dn.copy() python method.
Sometimes you want to use a Dn object from one LDB with another LDB,
but this no longer works.
One way to do it is:
new_dn = ldb.Dn(samdb, str(old_dn))
but with this, you can just:
new_dn = old_dn.copy(samdb)
or, if you are putting it on a message which has a DN:
msg.dn = old_dn.copy(msg.ldb)
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sun, 17 Mar 2024 01:44:32 +0000 (14:44 +1300)]
s4:samba_upgradeprovision: align DN ownership
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sun, 17 Mar 2024 01:25:18 +0000 (14:25 +1300)]
pyldb: add Message.ldb accessor
See the last commit for comments about how this is useful for
debugging.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sun, 17 Mar 2024 01:24:03 +0000 (14:24 +1300)]
pyldb: add Dn.ldb accessor
This, and the next commit, might help in debugging when you see a
traceback that ends like this:
File "/data/samba/samba/bin/samba_upgradeprovision", line 664, in add_missing_object
delta.dn = dn
RuntimeError: DN is from the wrong LDB
in this case you could force a solution with something like:
delta.dn = ldb.dn(delta.ldb, str(dn))
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 13 Mar 2024 04:28:57 +0000 (17:28 +1300)]
pyldb: add PyErr_internal_LDB_DN_OR_RAISE
This might be faster than the circuitous route.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 13 Mar 2024 04:28:07 +0000 (17:28 +1300)]
pyldb: normalise name of pyldb_Message_Check
c.f. pyldb_MessageElement_Check, pyldb_Dn_Check.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 7 Mar 2024 21:42:06 +0000 (10:42 +1300)]
ldb:pyldb: reorder structs for possible type-punning
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 15 Mar 2024 04:17:25 +0000 (17:17 +1300)]
pyldb: py_ldb_msg_set_dn checks dn ldb equality
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 15 Mar 2024 04:16:34 +0000 (17:16 +1300)]
pyldb: py_ldb_msg_elements uses PyErr_LDB_MESSAGE_OR_RAISE
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 15 Mar 2024 22:15:31 +0000 (11:15 +1300)]
pyldb: py_ldb_msg_items checks for more errors
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 15 Mar 2024 04:15:28 +0000 (17:15 +1300)]
pldb: py_ldb_msg_items uses PyErr_LDB_MESSAGE_OR_RAISE
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 15 Mar 2024 04:09:53 +0000 (17:09 +1300)]
pyldb: py_ldb_msg_contains() checks ldb equality
We can't use PyErr_LDB_MESSAGE_OR_RAISE() here, because the return type
is int, not PyObject*.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 15 Mar 2024 00:50:40 +0000 (13:50 +1300)]
pyldb: py_ldb_msg_keys() uses PyErr_LDB_MESSAGE_OR_RAISE
We change the [unused, because it always cast] signature of
py_ldb_msg_iter() in the same commit, because that is just a wrapper
around _keys() and this maintains bisectability with the least fuss.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 15 Mar 2024 04:04:59 +0000 (17:04 +1300)]
pyldb: py_ldb_msg_richcmp() uses PyErr_LDB_MESSAGE_OR_RAISE()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 15 Mar 2024 00:08:03 +0000 (13:08 +1300)]
pyldb: use PyErr_LDB_MESSAGE_OR_RAISE() in various functions
In these simple cases, we are:
1. replacing the first argument `PyObject *` with `PyLdbMessageObject *`.
2. adding a `struct ldb_message *msg = NULL;` variable.
3. `PyErr_LDB_MESSAGE_OR_RAISE(self, msg);`.
4. changing the `self->msg` to `msg`.
5. adding { } to the `if (!PyArg_ParseTuple() return NULL;`.
6. replacing `self->pyldb` with `pyldb_Message_get_pyldb(self)`
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 14 Mar 2024 03:41:43 +0000 (16:41 +1300)]
pyldb: add PyErr_LDB_MESSAGE_OR_RAISE() macro
The Python level message has a reference to an LDB, which should be NULL,
or the same as the dn's LDB, lest one of them is freed early.
The message LDB will be NULL until a DN is set, and if the DN is replaced,
the LDB is also be replaced (see py_ldb_msg_set_dn), so it is *unlikely*
for these to get out of sync. In addition, fetching msg.dn via python
compares the LDBs at that point (py_ldb_msg_get_dn).
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 14 Mar 2024 04:32:51 +0000 (17:32 +1300)]
pyldb: catch up with README.Coding for some `PyArg_ParseTuple`s
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 14 Mar 2024 04:27:58 +0000 (17:27 +1300)]
pyldb: py_ldb_dn_concat() uses PyErr_LDB_DN_OR_RAISE
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 14 Mar 2024 04:26:38 +0000 (17:26 +1300)]
pyldb: py_ldb_dn_len checks dn and ldb validity
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 14 Mar 2024 23:38:00 +0000 (12:38 +1300)]
pyldb: make py_ldb_dn_add_base() a bit less leaky
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 14 Mar 2024 04:24:48 +0000 (17:24 +1300)]
pyldb: py_ldb_dn_add_base() uses PyErr_LDB_DN_OR_RAISE
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 14 Mar 2024 23:11:18 +0000 (12:11 +1300)]
pyldb: make py_ldb_dn_add_child() a bit less leaky
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 10 Apr 2024 02:41:09 +0000 (14:41 +1200)]
pyldb: py_ldb_dn_add_child() uses PyErr_LDB_DN_OR_RAISE
for self->dn only. The other dn is a different story, next commit.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 14 Mar 2024 04:21:34 +0000 (17:21 +1300)]
pyldb: py_ldb_dn_get_parent() uses PyErr_LDB_DN_OR_RAISE
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 14 Mar 2024 04:19:21 +0000 (17:19 +1300)]
pyldb: py_ldb_dn_richcmp() uses PyErr_LDB_DN_OR_RAISE
The `if (!pyldb_Dn_Check(pydn2))` might seem redundant, but we
need it to return Py_NotImplemented before the _OR_RAISE macro
raises TypeError.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 14 Mar 2024 04:10:17 +0000 (17:10 +1300)]
pyldb: py_ldb_dn_get_extended_component() uses PyErr_LDB_DN_OR_RAISE
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 14 Mar 2024 04:07:52 +0000 (17:07 +1300)]
pyldb: py_ldb_dn_extended_str() uses PyErr_LDB_DN_OR_RAISE()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 10 Apr 2024 02:40:42 +0000 (14:40 +1200)]
pyldb: py_ldb_dn_get_casefold() uses PyErr_LDB_DN_OR_RAISE()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
# Conflicts:
# selftest/knownfail.d/ldb-use-after-free-segfault
Douglas Bagnall [Thu, 14 Mar 2024 22:00:50 +0000 (11:00 +1300)]
pyldb: py_ldb_dn_get_extended_component uses PyErr_LDB_DN_OR_RAISE()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 14 Mar 2024 03:38:14 +0000 (16:38 +1300)]
pyldb: adapt some simple dn methods to use LDB_DN_OR_RAISE()
We treat self as PyObject, and only trust its DN once it has been
laundered by PyErr_LDB_DN_OR_RAISE().
There are more of these to come in the next few commits, but these are
the simplest ones (on a textual level -- the others are simple too, but
look different).
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 14 Mar 2024 02:10:07 +0000 (15:10 +1300)]
ldb:pyldb: PyErr_LDB_DN_OR_RAISE makes more rigourous checks
This changes what happens all over the place
(lib/ldb/pyldb.c, source4/dns_server/pydns.c, source4/dsdb/pydsdb.c),
but causes no problems because it just checks what we always assumed.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 13 Mar 2024 20:32:47 +0000 (09:32 +1300)]
pytest:segfault: some more ldb crashes
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 5 Dec 2023 23:38:54 +0000 (12:38 +1300)]
samba-tool domain backup: Use new ldb.disconnect() method to force-close files during backup
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Douglas Bagnall [Tue, 19 Mar 2024 22:31:23 +0000 (11:31 +1300)]
ldb:pytests: test ldb.connect() works after .disconnect()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 5 Dec 2023 22:18:27 +0000 (11:18 +1300)]
pyldb: Add ldb.disconnect() method to ensure DB handles are closed
This is vital in our backup code, which needs to actually close the
LMDB at the correct point.
The Python ldb object itself is left in more or less the same state as
one that has not connected to a server or database (it is a very
simple wrapper in itself), and can be reconnected using the .connect()
method.
Pair-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Tue, 7 Nov 2023 21:43:38 +0000 (10:43 +1300)]
pyldb: Include a reference to the Ldb in objects that use
This will help avoid use-after-free of the internally cached ldb within
struct ldb_dn by ensuring that it lives as long.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andrew Bartlett [Sun, 3 Dec 2023 23:00:12 +0000 (12:00 +1300)]
selftest: Add tests that demonstrate the issues with ldb use after free
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Douglas Bagnall [Thu, 14 Mar 2024 00:25:48 +0000 (13:25 +1300)]
pytest:krb5/lockout: associate user DN with the ldb it is used with
LDB is soon going to object strongly to Python DNs that don't come from
the ldb that they are being used with, for memory safety reasons.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 9 Apr 2024 04:11:16 +0000 (16:11 +1200)]
auth/credentials: Read managed_password.passwords.query_interval only after parsing
The code previously read the uninitialised stack not the parsed
structure, and so could segfault if the stack was not zero.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Tue Apr 9 23:59:54 UTC 2024 on atb-devel-224
Volker Lendecke [Fri, 9 Feb 2024 11:37:53 +0000 (12:37 +0100)]
smbd: Simplify an if-condition
current_sid == NULL is true if and only if we could not assign current_sid
because num_sids was too small. Make that more explicit.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Fri, 9 Feb 2024 11:47:48 +0000 (12:47 +0100)]
smbd: Save 3 lines
Just cosmetic
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Thu, 8 Feb 2024 17:16:39 +0000 (18:16 +0100)]
smbd: Remove an obsolete comment
This looks like a cut&paste from other smbXsrv files.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Thu, 8 Feb 2024 11:51:32 +0000 (12:51 +0100)]
smbXsrv_session: Remove a "can't happen" NULL check
This should really not happen, crashing would be the right
response. Align with
fdca0558efa.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Thu, 8 Feb 2024 11:47:07 +0000 (12:47 +0100)]
smbXsrv_session: Use talloc_tos() for pushing smbXsrv_session_globalB
Use the toplevel talloc pool, align with
0c709cb6b70.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Thu, 8 Feb 2024 11:23:21 +0000 (12:23 +0100)]
smbXsrv_session: Remove two implicit NULL initializations
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Volker Lendecke [Thu, 8 Feb 2024 10:50:42 +0000 (11:50 +0100)]
smbXsrv_session: Use struct initialization
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 9 Apr 2024 21:53:00 +0000 (09:53 +1200)]
python/samba/tests: Fix gMSA blackbox test to expect failure to get password after membership change
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Andreas Schneider [Mon, 4 Mar 2024 15:08:46 +0000 (16:08 +0100)]
s3:rpc_server: Implement _lsa_CreateTrustedDomainEx3()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 29 Feb 2024 09:02:16 +0000 (10:02 +0100)]
s3:rpc_server: Implement lsa_CreateTrustedDomain_common()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 5 Jan 2024 10:16:58 +0000 (11:16 +0100)]
s3:rpc_server: Implement and use lsa_CreateTrustedDomain_precheck()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Wed, 28 Feb 2024 13:50:19 +0000 (14:50 +0100)]
s3:rpc_server: Log error in _lsa_CreateTrustedDomainEx2()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 29 Feb 2024 08:34:10 +0000 (09:34 +0100)]
s3:rpc_client: Implement createtrustdomex3 command
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 27 Feb 2024 08:08:28 +0000 (09:08 +0100)]
s3:rpc_client: Implement createtrustdomex2 command
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 27 Feb 2024 08:24:52 +0000 (09:24 +0100)]
s3:rpc_client: Implement rpc_lsa_encrypt_trustdom_info_aes()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Tue, 28 Nov 2023 14:46:54 +0000 (15:46 +0100)]
s4:torture: Add test for lsa_CreateTrustedDomainEx3
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 21 Dec 2023 10:51:02 +0000 (11:51 +0100)]
s4:rpc_server: Enable AES in dcesrv_lsa_OpenPolicy3()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
git.samba.org / pfilipensky / samba-autobuild / .git / log