git.samba.org - samba.git/log

lib/compression: add simple python bindings

There are four functions, allowing compression and decompression in
the two formats we support so far. The functions will accept bytes or
unicode strings which are treated as utf-8.

The LZ77+Huffman decompression algorithm requires an exact target
length to decompress, so this is mandatory.

The plain decompression algorithm does not need an exact length, but
you can provide one to help it know how much space to allocate. As
currently written, you can provide a short length and it will often
succeed in decompressing to a different shorter string.

These bindings are intended to make ad-hoc investigation easier, not
for production use. This is reflected in the guesses about output size
that plain_decompress() makes if you don't supply one -- either they
are stupidly wasteful or ridiculously insufficient, depending on
whether or not you were trying to decompress a 20MB string.

>>> a = '12345678'
>>> import compression
>>> b = compression.huffman_compress(a)
>>> b
b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00  #....
>>> len(b)
262
>>> c = compression.huffman_decompress(b, len(a))
>>> c
b'12345678'                                   # note, c is bytes, a is str
>>> a
'12345678'
>>> d = compression.plain_compress(a)
>>> d
b'\xff\xff\xff\x0012345678'
>>> compression.plain_decompress(d)           # no size specified, guesses
b'12345678'
>>> compression.plain_decompress(d,5)
b'12345'
>>> compression.plain_decompress(d,0)         # 0 for auto
b'12345678'
>>> compression.plain_decompress(d,1)
b'1'
>>> compression.plain_decompress(a,444)
Traceback (most recent call last):
   compression.CompressionError: unable to decompress data into a buffer of 444 bytes.
>>> compression.plain_decompress(b,444)
b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00 #...

That last one decompresses the Huffman compressed file with the plain
compressor; pretty much any string is valid for plain decompression.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>

s3:client: Fix a use-after-free issue in smbclient

Detected by

make test TESTS="samba3.blackbox.chdir-cache"

with an optimized build or with AddressSanitizer.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15268

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Thu Dec 22 10:52:31 UTC 2022 on sn-devel-184

s3:script: Improve test_chdir_cache.sh

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15268

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

autobuild: Don't use deprecated distutils

The distutils package was deprecated in Python 3.10 by PEP 632.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

third_party: Update resolv_wrapper to version 1.1.8

res_randomid() is marked as deprecated in newer glibc.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Dec 21 21:28:42 UTC 2022 on sn-devel-184

CI: add a test for wbinfo --change-secret-at=DC

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Dec 21 20:05:59 UTC 2022 on sn-devel-184

CI: join ad_member_s3_join to vampire_dc

Currently ad_member_s3_join is only used for testing samba-tool join and that'll
work just fine being joined to vampire_dc instead of ad_dc.

vampire_dc is an additional DC in the SAMBADOMAIN "started" by ad_dc_ntvfs, so
by joining ad_member_s3_join to the SAMBADOMAIN, it is member of a domain with
more then one DC.

Subsequently I'll add a test that needs such an environment.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

wbinfo: Add --change-secret-at=dcname

Add WHATSNEW.txt entry and update wbinfo man page.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libwbclient: add wbc[Ctx]ChangeTrustCredentialsAt()

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

winbindd: add dcname arg to ChangeMachineAccount request

Existing callers will pass an empty string, later a new caller will pass an
explicit DC name taken from the wbinfo command line.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

winbindd: Add force_dc to bypass cached connection and DC lookup

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

winbindd: More simplification of cm_open_connection()

This basically moves the functionality to connect the socket to the currently
preferred DC to a new helper function connect_preferred_dc() that is called from
the renamed function find_new_dc().

find_dc() now either returns a connected to the preferred DC or a new DC until
all possible DCs are exhausted and cm_open_connection() can just call find_dc()
to get a connected socket and pass it to cm_prepare_connection().

While at it reorder the args of find_dc() and make the only real out arg "fd"
the last one.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

winbindd: simplify cm_open_connection()

Simplify to retry logic: if cm_prepare_connection() succeeded just exit the
retry loop, only if it failed check the "retry" variable.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

winbindd: simplify find_new_dc()

Remove the dcname and pss args from find_new_dc(). The caller passes in the
domain anyway, so let's fill in domain->dcname and domain->dcaddr directly.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

winbindd: do an early exit in cm_open_connection()

Best viewed with git show -w. No change in behaviour.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

gp: Don't hide managed/recommended directories

Making these variables hidden prevents the parent
class gp_chromium_ext from reading them when
subclassed in gp_chrome_ext. This caused the
chrome policies to be installed in the chromium
directories.

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Dec 21 03:05:46 UTC 2022 on sn-devel-184

gp: Ensure rsop is tested for every CSE

A bug cropped up in the rsop that was causing a
crash because this wasn't being tested.

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

gp: Fix rsop when final value isn't a str

The output must be a string value, or it will
crash. Chromium policies output integers, which
was causing the parser to crash.

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

gp: Enable gpupdate output when testing

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

gp: Ensure policy changes don't leave files behind

This test exercises the gp_file_applier and
ensures that when a policy is modified, no old
policy is left behind.

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

gp: Re-create files if manually removed

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

gp: Test that files are re-created if manually removed

Currently applied files which are manually
removed do not get re-applied.

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

gp: Modify Chromium CSE to use new files applier

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

gp: Modify Cert Auto Enroll CSE to use new applier

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

gp: Modify Centrify Crontab compatible CSE to use new files applier

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

gp: Modify Startup Scripts CSE to use new files applier

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

gp: Modify GNOME Settings CSE to use new files applier

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

gp: Modify Machine Scripts CSE to use new files applier

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

gp: Modify Files CSE to use new files applier

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

gp: Modify Sudoers CSEs to use new files applier

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

gp: Modify OpenSSH CSE to use new files applier

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

gp: Modify PAM Access CSE to use new files applier

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

gp: Modify Symlink CSE to use new files applier

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

gp: Implement appliers for monitoring policy changes

This is currently a significant drawback of Samba
Group Policy. CSEs MUST be aware of policy changes
such as modification, removal, etc. This is a
complex process, and is easy to mess up. Here I
add 'appliers' (the first being for files), which
handle the complexty transparently to ensure this
is done correctly.

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s3:params:lp_do_section - protect against NULL deref

iServiceIndex may indicate an empty slot in the ServicePtrs
array. In this case, lpcfg_serivce_ok(ServicePtrs[iServiceIndex])
may trigger a NULL deref and crash. Skipping the check
here will cause a scan of the array in add_a_service() and the
NULL slot will be used safely.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15267

Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Dec 20 18:49:54 UTC 2022 on sn-devel-184

s4:torture: Fix stack variable used out of scope in test_devicemode_full()

==17828==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7ffc37790230 at pc 0x7fc37e2a3a11 bp 0x7ffc3778fec0 sp 0x7ffc3778feb8
READ of size 16 at 0x7ffc37790230 thread T0
    #0 0x7fc37e2a3a10 in ndr_push_spoolss_GetPrinter librpc/gen_ndr/ndr_spoolss.c:27123
    #1 0x7fc380629b30 in dcerpc_binding_handle_call_send ../../librpc/rpc/binding_handle.c:416
    #2 0x7fc38062a132 in dcerpc_binding_handle_call ../../librpc/rpc/binding_handle.c:553
    #3 0x7fc37ed113c9 in dcerpc_spoolss_GetPrinter_r librpc/gen_ndr/ndr_spoolss_c.c:1947
    #4 0x5570ba6c4d03 in test_devicemode_full ../../source4/torture/rpc/spoolss.c:2249
    #5 0x5570ba6e61ea in test_PrinterInfo_DevModes ../../source4/torture/rpc/spoolss.c:2384
    #6 0x5570ba6e61ea in test_PrinterInfo_DevMode ../../source4/torture/rpc/spoolss.c:2488
    #7 0x5570ba6e61ea in test_printer_dm ../../source4/torture/rpc/spoolss.c:9082
    #8 0x7fc37fc7b67d in wrap_test_with_simple_test ../../lib/torture/torture.c:808
    #9 0x7fc37fc7d40b in internal_torture_run_test ../../lib/torture/torture.c:516
    #10 0x7fc37fc7d87c in torture_run_tcase_restricted ../../lib/torture/torture.c:581
    #11 0x7fc37fc7deb2 in torture_run_suite_restricted ../../lib/torture/torture.c:435
    #12 0x5570ba89a65d in run_matching ../../source4/torture/smbtorture.c:95
    #13 0x5570ba89a6e4 in run_matching ../../source4/torture/smbtorture.c:105
    #14 0x5570ba89a6e4 in run_matching ../../source4/torture/smbtorture.c:105
    #15 0x5570ba89b3e4 in torture_run_named_tests ../../source4/torture/smbtorture.c:172
    #16 0x5570ba89f3e0 in main ../../source4/torture/smbtorture.c:750
    #17 0x7fc37c62c5af in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #18 0x7fc37c62c678 in __libc_start_main_impl ../csu/libc-start.c:381
    #19 0x5570ba49e824 in _start ../sysdeps/x86_64/start.S:115

Address 0x7ffc37790230 is located in stack of thread T0 at offset 160 in frame
    #0 0x5570ba6c4562 in test_devicemode_full ../../source4/torture/rpc/spoolss.c:2186

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Dec 20 06:55:45 UTC 2022 on sn-devel-184

s4:torture: Pass the dcerpc struct 's' for SetPrinter down to the macro

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s4:torture: Pass the dcerpc struct 'q' for GetPrinter down to the macro

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s4:torture: Fix stack variable used out of scope in test_devmode_set_level()

==12122==ERROR: AddressSanitizer: stack-use-after-scope on address 0x7fff494dd900 at pc 0x7fdaebea71e3 bp 0x7fff494dd430 sp 0x7fff494dd428
READ of size 4 at 0x7fff494dd900 thread T0
    #0 0x7fdaebea71e2 in ndr_push_spoolss_SetPrinterInfo8 librpc/gen_ndr/ndr_spoolss.c:8618
    #1 0x7fdaebea71e2 in ndr_push_spoolss_SetPrinterInfo librpc/gen_ndr/ndr_spoolss.c:8796
    #2 0x7fdaebea7482 in ndr_push_spoolss_SetPrinterInfoCtr librpc/gen_ndr/ndr_spoolss.c:9163
    #3 0x7fdaebea7580 in ndr_push_spoolss_SetPrinter librpc/gen_ndr/ndr_spoolss.c:27000
    #4 0x7fdaee3e1b30 in dcerpc_binding_handle_call_send ../../librpc/rpc/binding_handle.c:416
    #5 0x7fdaee3e2132 in dcerpc_binding_handle_call ../../librpc/rpc/binding_handle.c:553
    #6 0x7fdaecb103fd in dcerpc_spoolss_SetPrinter_r librpc/gen_ndr/ndr_spoolss_c.c:1722
    #7 0x559a7294c2f1 in test_SetPrinter ../../source4/torture/rpc/spoolss.c:1293
    #8 0x559a7297b4d4 in test_devmode_set_level ../../source4/torture/rpc/spoolss.c:2126
    #9 0x559a7299cfa1 in test_PrinterInfo_DevModes ../../source4/torture/rpc/spoolss.c:2344
    #10 0x559a7299cfa1 in test_PrinterInfo_DevMode ../../source4/torture/rpc/spoolss.c:2489
    #11 0x559a7299cfa1 in test_printer_dm ../../source4/torture/rpc/spoolss.c:9083
    #12 0x7fdaeda9867d in wrap_test_with_simple_test ../../lib/torture/torture.c:808
    #13 0x7fdaeda9a40b in internal_torture_run_test ../../lib/torture/torture.c:516
    #14 0x7fdaeda9a87c in torture_run_tcase_restricted ../../lib/torture/torture.c:581
    #15 0x7fdaeda9aeb2 in torture_run_suite_restricted ../../lib/torture/torture.c:435
    #16 0x559a72b51668 in run_matching ../../source4/torture/smbtorture.c:95
    #17 0x559a72b516ef in run_matching ../../source4/torture/smbtorture.c:105
    #18 0x559a72b516ef in run_matching ../../source4/torture/smbtorture.c:105
    #19 0x559a72b523ef in torture_run_named_tests ../../source4/torture/smbtorture.c:172
    #20 0x559a72b563eb in main ../../source4/torture/smbtorture.c:750
    #21 0x7fdaea42c5af in __libc_start_call_main ../sysdeps/nptl/libc_start_call_main.h:58
    #22 0x7fdaea42c678 in __libc_start_main_impl ../csu/libc-start.c:381
    #23 0x559a72755824 in _start ../sysdeps/x86_64/start.S:115

Address 0x7fff494dd900 is located in stack of thread T0 at offset 32 in frame
    #0 0x559a7297b111 in test_devmode_set_level ../../source4/torture/rpc/spoolss.c:2090

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

tests: add a Python test for case insensitive access

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Dec 20 01:32:07 UTC 2022 on sn-devel-184

compression/huffman: debug function bails upon disaster (CID 1517261)

We shouldn't get a node with a zero code, and there's probably nothing
to do but stop.

   CID 1517261 (#1-2 of 2): Bad bit shift operation
   (BAD_SHIFT)11. negative_shift: In expression j >> offset - k,
   shifting by a negative amount has undefined behavior. The shift
   amount, offset - k, is -3.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Dec 19 23:29:04 UTC 2022 on sn-devel-184

compression/huffman: double check distance in matches (CID 1517278)

Because we just wrote the intermediate representation to have no zero
distances, we can be sure it doesn't, but Coverity doesn't know. If
distance is zero, `bitlen_nonzero_16(distance)` would be bad.

   CID 1517278 (#1 of 1): Bad bit shift operation
   (BAD_SHIFT)41. large_shift: In expression 1 << code_dist, left
   shifting by more than 31 bits has undefined behavior. The shift
   amount, code_dist, is 65535.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>

compression: fix sign extension of long matches (CID 1517275)

Very long matches would be written instead as very very long matches.

We can't in fact hit this because we have a MAX_MATCH_LENGTH defined
as 64M, but if we could, it might make certain 2GB+ strings impossible
to compress.

  CID 1517275 (#1 of 1): Unintended sign extension
  (SIGN_EXTENSION)sign_extension: Suspicious implicit sign extension:
  intermediate[i + 2UL] with type uint16_t (16 bits, unsigned) is
  promoted in intermediate[i + 2UL] << 16 to type int (32 bits, signed),
  then sign-extended to type unsigned long (64 bits, unsigned). If
  intermediate[i + 2UL] << 16 is greater than 0x7FFFFFFF, the upper bits
  of the result will all be 1.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>

compression tests: avoid div by zero in failure (CID 1517297)

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>

compression/tests: calm the static analysts (CID: numerous)

None of our test vectors are 18446744073709551615 bytes long, which
means we can know an `expected_length == returned_length` check will
catch the case where the compression function returns -1 for error. We
know that, but Coverity doesn't.

It's the same thing over and over again, in two different patterns:

>>>     CID 1517301:  Memory - corruptions  (OVERRUN)
>>>     Calling "memcmp" with "original.data" and "original.length" is
suspicious because of the very large index, 18446744073709551615. The index
may be due to a negative parameter being interpreted as unsigned.
393      if (original.length != decomp_written ||
394          memcmp(decompressed.data,
395         original.data,
396         original.length) != 0) {
397      debug_message("\033[1;31mgot %zd, expected %zu\033[0m\n",
398            decomp_written,

*** CID 1517299:  Memory - corruptions  (OVERRUN)
/lib/compression/tests/test_lzxpress_plain.c: 296 in
test_lzxpress_plain_decompress_more_compressed_files()
290      debug_start_timer();
291      written = lzxpress_decompress(p.compressed.data,
292            p.compressed.length,
293            dest,
294            p.decompressed.length);
295      debug_end_timer("decompress", p.decompressed.length);
>>>     CID 1517299:  Memory - corruptions  (OVERRUN)
>>>     Calling "memcmp" with "p.decompressed.data" and
"p.decompressed.length" is suspicious because of the very large index,
18446744073709551615. The index may be due to a negative parameter being
interpreted as unsigned.
296      if (written == p.decompressed.length &&
297          memcmp(dest, p.decompressed.data, p.decompressed.length)
== 0) {
298      debug_message("\033[1;32mdecompressed %s!

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>

compression/huffman: check again for invalid codes (CID 1517302)

We know that code is non-zero, because it comes from the combination of
the intermediate representation and the symbol tables that were generated
at the same time. But Coverity doesn't know that, and it thinks we could
be doing undefined things in the subsequent shift.

CID 1517302: Integer handling issues (BAD_SHIFT)
In expression "1 << code_bit_len", shifting by a negative amount has

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>

compression/huffman: tighten bit_len checks (fix SUSE -O3 build)

The struct write_context bit_len attribute is always between 0 and 31,
but if the next patches are applied without this, SUSE GCC -O3 will
worry thusly:

../../lib/compression/lzxpress_huffman.c: In function
  ‘lzxpress_huffman_compress’:
../../lib/compression/lzxpress_huffman.c:953:5: error: assuming signed
  overflow does not occur when simplifying conditional to constant
  [-Werror=strict-overflow]
   if (wc->bit_len > 16) {
         ^
         cc1: all warnings being treated as errors

Inspection tell us that the invariant holds. Nevertheless, we can
safely use an unsigned type and insist that over- or under- flow is
bad.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>

fuzz: fix lzxpress plain round-trip fuzzer

The 'compressed' string can be about 9/8 the size of the decompressed
string, but we didn't allow enough memory in the fuzz target for that.
Then when it failed, we didn't check.

Credit to OSSFuzz.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Jeremy Allison <jra@samba.org>

compression/huffman: avoid semi-defined behaviour in decompress

We had

output[output_pos - distance];

where output_pos and distance are size_t and distance can be greater
than output_pos (because it refers to a place in the previous block).

The underflow is defined, leading to a big number, and when
sizeof(size_t) == sizeof(*uint8_t) the subsequent overflow works as
expected. But if size_t is smaller than a pointer, bad things will
happen.

This was found by OSSFuzz with
'UBSAN_OPTIONS=print_stacktrace=1:silence_unsigned_overflow=1'.

Credit to OSSFuzz.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

rpc_server:srvsvc - retrieve share ACL via root context

share_info.tdb has permissions of 0o600 and so we need
to become_root() prior to retrieving the security info.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15265

Signed-off-by: Andrew Walker <awalker@ixsystems.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon Dec 19 20:41:15 UTC 2022 on sn-devel-184

smbd/locking: make use of the same tdb hash_size and flags for all SMB related tdb's

It's good to have a consistent set of hash_size/flags for all aspects of
an open file handle. Currently we're using 4 databases:
smbXsrv_open_global.tdb, leases.tdb, locking.tdb and brlock.tdb.

While at it also crank up the hashsize if the smbXsrv_tcon and smbXsrv_session
TDBs. The default TDB hash size is insanely small and disk space is cheap these
days, by going with the much larger hash size we get O(1) lookup instead of O(n)
for moderate to large loads with a few thousand objects.

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Dec 19 16:40:15 UTC 2022 on sn-devel-184

s4-auth: fix sam test binary ntstatus include path

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri Dec 16 21:35:45 UTC 2022 on sn-devel-184

s3-librpc: use nbt_server_type in ads.idl

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s3-librpc: add ads.idl and convert ads_struct to talloc.

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: Simplify clistr_is_previous_version_path()

Nobody looks at the out params anymore

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Fri Dec 16 08:42:18 UTC 2022 on sn-devel-184

libsmb: Slightly simplify cli_smb2_create_fnum_send()

We can now write to fname directly.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: Use clistr_smb2_extract_snapshot_token() in cli_smb2_create_fnum_send()

Now that fname is writable, we can avoid a bit of complexity with
clistr_smb2_extract_snapshot_token()

Signed-off-by: Volker Lendecke <vl@samba.org>
Signed-off-by: Jeremy Allison <jra@samba.org>

s3: lib: Add new clistr_smb2_extract_snapshot_token() function.

Strips @GMT from client pathnames for SMB2 (uses '\\' separator).

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

s3: smbd: Make extract_snapshot_token() a wrapper for extract_snapshot_token_internal().

Allows us to pass in path separator from a new function without
changing existing calling code.

Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

libsmb: Make a r/w copy of fname in cli_smb2_create_fnum_send()

We're messing with this in 2 places in this routine and have to make a
copy in both places. Make this writable, so we don't have to make a
copy further down.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

build: Convert winexe to use enabled= in wscript

This also allows --without-winexe to stop building the .exe files even if
the compilers are present on the system.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15264

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Dec 16 07:41:38 UTC 2022 on sn-devel-184

lib: Move 448 bytes from R/W data segment to R/O text

The linker has to relocate the pointers in the array at startup, save
that. I know we have bigger .data blobs, but every bit counts :-)

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Dec 15 22:51:06 UTC 2022 on sn-devel-184

lib: Avoid an includes.h

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

lib: Align an integer type

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

tdb: Move 160 bytes from R/W data segment to R/O text

The linker has to relocate the pointers in the array at startup, save
that. I know we have bigger .data blobs, but every bit counts :-)

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Remove a pointless NULL check from readlink_talloc()

We should never call this without the place to put the target in.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Use direct struct initialization, avoid explicit ZERO_STRUCT()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Fix a debug message

This used to be openat_pathref_nostream() at some point back

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libsmb: Don't mess up pathnames in cli_smb2_create_fnum_send()

Master-only bug introduced with dd9cdfb3b14: smb2_dfs_share_path() can
change the length of fname, and if it happens that the original length
hits a \ in the enlarged filename, we cut it off.

Found by accident, this really made me scratch my head when looking at
traces :-)

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Add "posix" flag to openat_pathref_dirfsp_nosymlink()

Don't do the get_real_filename() retry if we're in posix context of if
the connection is case sensitive.

The whole concept of case sensivity blows my brain. In SMB1 without
posix extensions it's a per-request thing. In SMB2 without posix
extensions this should just depend on "case sensitive = yes/no", and
in future SMB2 posix extensions this will become a per-request thing
again, depending on the existence of the posix create context.

Then there are other semantics that are attached to posix-ness, which
have nothing to do with case sensivity. See for example merge request
2819 and bug 8776, or commit f0e1137425f. Also see
check_path_syntax_internal().

This patch uses the same flags as openat_pathref_fsp_case_insensitive()
does, but I am 100% certain this is wrong in a subtle way.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Thu Dec 15 11:30:04 UTC 2022 on sn-devel-184

tests: Show that in smb1 posix we don't treat dirs as case sensitive

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

testprogs: Use new kerberos options for samba-tool in test_kpasswd_mit.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Dec 14 23:56:50 UTC 2022 on sn-devel-184

testprogs: Use new kerberos options for samba-tool in test_export_keytab_mit.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

testprogs: Use new kerberos options for ldb and samba-tool in test_kinit_mit.sh

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

gp: Fix GNOME Settings writing unreadable user profile

This file must be readable by all users,
otherwise the policy doesn't get read or applied.

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

gp: Fix Firewalld RSoP output skipping Zones

Signed-off-by: David Mulder <dmulder@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Remove source3/smbd/statcache.c

After I found that nobody calls stat_cache_add() anymore, there was no
reason to keep the rest of statcache.c.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

vfs: Fix whitespace

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Slightly simplify set_current_case_sensitive()

Remove a global cache of calculating case sensivity. The calculation
is really simple: It only references a bool per-share parameter and a
global variable. I really doubt there is any measurable benefit from
this cache, and if there was, I don't care if SMB1 gets a tiny bit
slower in response to reduced global state.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Slightly simplify set_current_case_sensitive()

Assert this isn't called from SMB2

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: Make set_current_case_sensitive() static

This is a SMB1-only thing

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

s4:libnet: correctly handle gnutls_pbkdf2() errors

We should not ignore the error nor should we map
GNUTLS_E_UNWANTED_ALGORITHM to NT_STATUS_WRONG_PASSWORD,
instead we use NT_STATUS_CRYPTO_SYSTEM_INVALID as in most other places
in the same file.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15206

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Baumbach <bbaumbach@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Dec 14 13:35:20 UTC 2022 on sn-devel-184

s4:libnet: fix error string for failing samr_ChangePasswordUser4()

BUG: https://bugzilla.samba.org/show_bug.cgi?id=15206

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Björn Baumbach <bbaumbach@samba.org>

libads: Save intermediate NULL checks with talloc_asprintf_addbuf()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Dec 14 05:29:51 UTC 2022 on sn-devel-184

lib: Save intermediate NULL checks with talloc_asprintf_addbuf()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

winbind: Save lines with talloc_asprintf_addbuf()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

winbind: Save an intermediate NULL check with talloc_asprintf_addbuf()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

auth4: Save lines with talloc_asprintf_addbuf() in authsam_domain_group_filter()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

libcldap: Save lines in cldap_netlogon_create_filter() with talloc_asprintf_addbuf()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

dns_server: Use talloc_asprintf_addbuf() in b9_format()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

lib: Use talloc_asprintf_addbuf() in rdn_name_add()

Add implicit NULL checks

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

lib: Use talloc_asprintf_addbuf() in ldb_module_call_chain()

This was exactly what talloc_asprintf_addbuf() does.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

lib: Use talloc_asprintf_addbuf() in print_socket_options()

With the proper NULL checks we don't need the stackframe,
use a passed in context instead.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

lib: Use talloc_asprintf_addbuf() in ldif_write_prefixMap()

The first call of talloc_asprintf_append() did not have a NULL check.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

lib: Use talloc_asprintf_addbuf() in str_list_join_shell()

This adds proper NULL checks via talloc_asprintf_addbuf()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

lib: Use talloc_asprintf_addbuf() in str_list_join()

This adds intermediate NULL checks via talloc_asprintf_addbuf()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

lib: Use talloc_asprintf_addbuf() in debug.c

Slightly simplify debug_list_class_names_and_levels()

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

lib: Move talloc_asprintf_addbuf() to talloc

I wanted to use this in debug.c, but this would have meant to pollute
debug's deps with a lot of stuff. Also, looking through uses of
talloc_asprint_append(), very many of those don't do NULL checks
properly and could benefit from the _addbuf() flavor. We can add a
vasprintf variant later if the need shows up.

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

lib: Fix whitespace

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

smbd: set long process name of smbd child processes to "smbd: <CLIENT IP>"

The resulting process listings, depending on the format chosen for the process
name, show the relevant smbd processes like this:

$ ps faxo pid,uid,comm | egrep "\_.*smbd" | grep -v grep
1690322     0  \_ smbd
1690326     0      \_ smbd-notifyd
1690327     0      \_ smbd-cleanupd
1690337     0      \_ smbd[::1]

$ ps faxo pid,uid,args | egrep "\_.*smbd" | grep -v grep
1690322     0  \_ ./bin/smbd -D
1690326     0      \_ smbd: notifyd
1690327     0      \_ smbd: cleanupd
1690337     0      \_ smbd: client [::1]

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Dec 14 02:47:24 UTC 2022 on sn-devel-184