Michael Tokarev [Tue, 24 May 2022 13:25:41 +0000 (16:25 +0300)]
s3/util/py_net.c: fix samba-tool domain join&leave segfault
We process python args using PyArg_ParseTupleAndKeywords(), and use "p"
type modifier there. According to documentation, this type modifier,
while works for a boolean type, expects an argument of type int. But in
py_net_join_member() and py_net_leave() we use argument of type uint8_t
(no_dns_update, keep_account, r->in.debug). So when PyArg_ParseTupleAndKeywords()
tries to assign a value to &no_dns_update, it updates subsequent, unrelated bytes
too, - which ones depends on the stack and structure layout used by the compiler.
Fix this by using int type for all relevant variables, and by introducing proxy
variable "debug" (of the same type) for r->in.debug.
While at it, also ensure all variables have sensible default values.
Signed-off-by: Michael Tokarev <mjt@tls.msk.ru>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed May 25 06:19:32 UTC 2022 on sn-devel-184
Noel Power [Mon, 23 May 2022 16:23:41 +0000 (17:23 +0100)]
s3/client: Restore '-E' handling
Sometimes we really do need to redirect output to stderr
e.g. when using the tar command to output the archive to stdout
we don't want debug or cmdline status messages straying into stdout.
was removed with commit:
e4474ac0a540c56548b4d15e38f2e234455e19b6
remove known fail for the test
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15075
Signed-off-by: Noel Power <noel.power@suse.com>
Autobuild-User(master): Noel Power <npower@samba.org>
Autobuild-Date(master): Tue May 24 10:29:27 UTC 2022 on sn-devel-184
Noel Power [Mon, 23 May 2022 19:11:13 +0000 (20:11 +0100)]
s3/script/tests: Test smbclient -E redirects output to stderr
Add new test to ensure smbclient is writing to stderr (with '-E')
Add knownfail for this test (will be removed when issue is fixed in
later commit)
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15075
Signed-off-by: Noel Power <noel.power@suse.com>
Samuel Cabrero [Mon, 23 May 2022 12:11:24 +0000 (14:11 +0200)]
s3:libads: Clear previous CLDAP ping flags when reusing the ADS_STRUCT
Before commit
1d066f37b9217a475b6b84a935ad51fbec88fe04, when the LDAP
connection wasn't established yet (ads->ldap.ld == NULL), the
ads_current_time() function always allocated and initialized a new
ADS_STRUCT even when ads->ldap.ss had a good address after having called
ads_find_dc().
After that commit, when the ADS_STRUCT is reused and passed to the
ads_connect() call, ads_try_connect() may fail depending on the
contacted DC because ads->config.flags field can contain the flags
returned by the previous CLDAP call. For example, when having 5 DCs:
* 192.168.101.31 has PDC FSMO role
* 192.168.101.32
* 192.168.101.33
* 192.168.101.34
* 192.168.101.35
$> net ads info -S 192.168.101.35
net_ads_info()
ads_startup_nobind()
ads_startup_int()
ads_init()
ads_connect()
ads_try_connect(192.168.101.35)
check_cldap_reply_required_flags(returned=0xF1FC, required=0x0)
ads_current_time()
ads_connect()
ads_try_connect(192.168.101.35)
check_cldap_reply_required_flags(returned=0xF1FC, required=0xF1FC)
The check_cldap_reply_required_flags() call fails because
ads->config.flags contain the flags returned by the previous CLDAP call,
even when the returned and required values match because they have
different semantics:
if (req_flags & DS_PDC_REQUIRED)
RETURN_ON_FALSE(ret_flags & NBT_SERVER_PDC);
translates to:
if (0xF1FC & 0x80)
RETURN_ON_FALSE(0xF1FC & 0x01);
which returns false because 192.168.101.35 has no PDC FSMO role.
The easiest fix for now is to reset ads->config.flags in
ads_current_time() when reusing an ADS_STRUCT before calling
ads_connect(), but we should consider storing the required and returned
flags in different fields or at least use the same bitmap for them
because check_cldap_reply_required_flags() is checking a
netr_DsRGetDCName_flags value using the nbt_server_type bitmap.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14674
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Mon May 23 19:18:38 UTC 2022 on sn-devel-184
Samuel Cabrero [Mon, 23 May 2022 09:51:32 +0000 (11:51 +0200)]
s3:libnet: Fix talloc frame not freed in order
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Mon, 23 May 2022 09:43:29 +0000 (11:43 +0200)]
s3:libads: Print 'gc' and 'no_fallback' fields in ndr_print_ads_struct()
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Pavel Filipenský [Mon, 23 May 2022 11:10:31 +0000 (13:10 +0200)]
python/gp_cert_auto_enroll: Fix bitwise test in expression
Found by covscan.
result_independent_of_operands: "(e.data & 4) == 1" is always false regardless of the values of its operands. This occurs as the operand of assignment.
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Pavel Filipenský [Mon, 23 May 2022 10:57:42 +0000 (12:57 +0200)]
s3:lib: Fix use_after_free: Using freed pointer "p"
Found by covscan.
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Mon, 23 May 2022 05:54:06 +0000 (07:54 +0200)]
third_party: Update waf to version 2.0.24
This fixes building of python libraries with Python 3.11!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15071
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon May 23 09:34:51 UTC 2022 on sn-devel-184
Douglas Bagnall [Wed, 23 Feb 2022 23:17:00 +0000 (12:17 +1300)]
s4/dlz: add support for bind 9.18
It seems nothing has changed since 9.16 for our purposes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14986
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andreas Hasenack <andreas@canonical.com>
Pair-programmed-with: Andreas Hasenack <andreas@canonical.com>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Mon May 23 00:53:09 UTC 2022 on sn-devel-184
Volker Lendecke [Sun, 15 May 2022 11:30:09 +0000 (13:30 +0200)]
srvsvcd: Silence a integer type warning
Okay because lp_csc_policy() is an enum with 4 choices
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Fri May 20 19:59:07 UTC 2022 on sn-devel-184
Volker Lendecke [Sun, 15 May 2022 11:20:34 +0000 (13:20 +0200)]
srvsvcd: Avoid an "else" due to the early return
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 15 May 2022 11:19:35 +0000 (13:19 +0200)]
srvsvcd: Directly initialize variables in count_for_all_fn()
Easier to read for me
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 15 May 2022 11:18:24 +0000 (13:18 +0200)]
srvsvcd: Align integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 15 May 2022 11:17:06 +0000 (13:17 +0200)]
srvsvcd: Fix shareinfo2 max_connections calculation
lp_max_connections() being an int could be >UINT32_MAX
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Sun, 15 May 2022 11:15:31 +0000 (13:15 +0200)]
srvsvcd: Use UINT32_MAX where appropriate
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 19 May 2022 18:10:52 +0000 (20:10 +0200)]
registry3: Align some integer types
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Fri, 20 May 2022 06:06:28 +0000 (08:06 +0200)]
smbd: Simplify copy_file()
Pass in new_create_disposition directly. We can also remove the
if-case (ofun & OPENX_FILE_EXISTS_OPEN) in copy_file, the two callers
don't use it.
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Thu, 19 May 2022 18:43:40 +0000 (20:43 +0200)]
smbd: Simplify copy_file()
The only two callers did not use "count" and "target_is_directory".
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Tue, 22 Jun 2021 08:44:53 +0000 (10:44 +0200)]
s3:winbind: Remove struct winbindd_child_dispatch_table
All parent-child communication is based in NDR and dispatched as a local
RPC call.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 19 18:50:24 UTC 2022 on sn-devel-184
Samuel Cabrero [Mon, 9 May 2022 15:31:53 +0000 (17:31 +0200)]
examples: Update winbind.stp
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Mon, 28 Feb 2022 16:16:23 +0000 (17:16 +0100)]
s3:winbind: Convert InitConnection from struct based to NDR based
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Thu, 3 Jun 2021 18:05:48 +0000 (20:05 +0200)]
s3:winbind: Create a binding handle for each child
Next commits will convert InitConnection from struct based to NDR based
and this call will be directly issued to a domain child so create a 'wbint'
binding handle for domain childs too.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Mon, 9 May 2022 14:59:21 +0000 (16:59 +0200)]
s3:winbind: Fix code format and use newer debug macros
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Mon, 9 May 2022 14:56:18 +0000 (16:56 +0200)]
s3:winbind: Move winbindd_dual_init_connection() function
It will be converted later to a local RPC call handler so it must be in
the file including ndr_winbind_scompat.c
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Mon, 9 May 2022 14:46:35 +0000 (16:46 +0200)]
examples: Update winbind.stp
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Tue, 22 Jun 2021 08:23:04 +0000 (10:23 +0200)]
s3:winbind: Convert winbindd_dual_pam_chauthtok() from struct based to NDR based
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Mon, 21 Jun 2021 15:25:50 +0000 (17:25 +0200)]
s3:winbind: Split getting and filling the password policy info
Next commits will convert from struct based to NDR based. The
samr_DomInfo1 struct will be returned by the child to the parent inside
the 'r' struct and the parent will just fill the winbindd_respone.
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Mon, 9 May 2022 14:22:33 +0000 (16:22 +0200)]
examples: Update winbind.stp
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Mon, 21 Jun 2021 11:51:53 +0000 (13:51 +0200)]
s3:winbind: Convert winbindd_dual_pam_chng_pswd_auth_crap() from struct based to NDR based
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Mon, 9 May 2022 14:12:41 +0000 (16:12 +0200)]
examples: Update winbind.stp
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Wed, 16 Jun 2021 15:39:02 +0000 (17:39 +0200)]
s3:winbind: Convert PamLogOff from struct based to ndr based
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Tue, 17 May 2022 16:25:38 +0000 (18:25 +0200)]
librpc:idl: Add NDR_SECRET flag for ntlm and challenge blobs
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Samuel Cabrero [Mon, 9 May 2022 14:27:13 +0000 (16:27 +0200)]
examples: Update winbind.stp, delete removed functions
Signed-off-by: Samuel Cabrero <scabrero@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 18 May 2022 14:01:08 +0000 (16:01 +0200)]
srvsvc: Announce [username] in NetShareEnum
This patch has two flaws: First, it does not cover api_RNetShareEnum()
for SMB1, and the second one is: To make this elegant, we would have
to restructure our share handling. It is really only listing shares
for which we have to pull in everything from smb.conf, registry,
usershares and potentially printers. What we should do is modify our
loadparm handling to only load share definitions on demand and for
listing shares handle all the potential sources specially. Add code
that walks the registry shares without adding them to our services
list and so on.
This patch is the quick&dirty way to fix the bug, the alternative
would be weeks or more. And hopefully nobody notices the SMB1
problem...
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15062
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed May 18 17:42:20 UTC 2022 on sn-devel-184
Volker Lendecke [Wed, 18 May 2022 13:39:23 +0000 (15:39 +0200)]
srvsvc: Add a central return point to init_srv_share_info_ctr()
Soon there will be cleanup work to do.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15062
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Volker Lendecke [Wed, 18 May 2022 14:40:49 +0000 (14:40 +0000)]
selftest: Test for bug 15062 -- list "username" in netshareenum
Bug: https://bugzilla.samba.org/show_bug.cgi?id=15062
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Andreas Schneider [Tue, 17 May 2022 08:08:35 +0000 (10:08 +0200)]
gitlab-ci: Update Fedora to version 36
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed May 18 07:56:52 UTC 2022 on sn-devel-184
Andreas Schneider [Tue, 17 May 2022 10:43:51 +0000 (12:43 +0200)]
lib:util: Do not error for array-bounds warning
This just prints a warning for:
ms_fnmatch.c:95:51: error: array subscript 0 is outside array bounds of
‘struct max_n[0]’ [-Werror=array-bounds]
95 | if (max_n != NULL && max_n->predot &&
|
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andreas Schneider [Tue, 17 May 2022 08:03:41 +0000 (10:03 +0200)]
gitlab-ci: Use openSUSE 15.3 for coverity
It provides gcc 10.3 and MIT krb5 1.19. The current coverity version
only supports gcc up to 11.1.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andreas Schneider [Fri, 22 Apr 2022 13:34:09 +0000 (15:34 +0200)]
s3:tests: Reformat test_local_s3.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andreas Schneider [Fri, 22 Apr 2022 13:34:09 +0000 (15:34 +0200)]
s3:tests: Reformat test_libwbclient_threads.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andreas Schneider [Fri, 22 Apr 2022 13:34:09 +0000 (15:34 +0200)]
s3:tests: Reformat test_large_acl.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andreas Schneider [Fri, 22 Apr 2022 13:34:09 +0000 (15:34 +0200)]
s3:tests: Reformat test_inherit_owner.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andreas Schneider [Fri, 22 Apr 2022 13:34:09 +0000 (15:34 +0200)]
s3:tests: Reformat test_homes.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andreas Schneider [Fri, 22 Apr 2022 13:34:09 +0000 (15:34 +0200)]
s3:tests: Reformat test_guest_auth.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andreas Schneider [Fri, 22 Apr 2022 13:34:09 +0000 (15:34 +0200)]
s3:tests: Reformat test_groupmap.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Andreas Schneider [Fri, 22 Apr 2022 13:34:09 +0000 (15:34 +0200)]
s3:tests: Reformat test_give_owner.sh
shfmt -f source3/script/| xargs shfmt -w -p -i 0 -fn
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Douglas Bagnall [Sun, 15 May 2022 00:28:32 +0000 (12:28 +1200)]
lzxpress: compress shortcut if we've reached maximum length
A simple degenerate case for our compressor has been a large number of
repeated bytes that will match the maximum length (~64k) at all 8192
search positions, 8191 of which searches are in vain because the
matches are not of greater length than the first one.
Here we recognise the inevitable and reduce runtime proportionately.
Credit to OSS-Fuzz.
REF: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=47428
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Douglas Bagnall <dbagnall@samba.org>
Autobuild-Date(master): Tue May 17 23:11:21 UTC 2022 on sn-devel-184
Douglas Bagnall [Sun, 15 May 2022 02:38:55 +0000 (14:38 +1200)]
lzxpress/test: time performance of long boring sequences
We get *very* slow when long runs of the bytes are the same. On this
laptop the test takes 18s; with the next commit it will be 0.006s.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Anoop C S [Fri, 13 May 2022 11:16:01 +0000 (16:46 +0530)]
vfs_glusterfs: Fix fdopendir implementation
Directory stream returned for fdopendir() within vfs_glusterfs doesn't
correctly point to required directory fd. Since GlusterFS still don't
support *at() variant syscalls we will have to rely on full path/name
constructed out of fsp.
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue May 17 20:20:05 UTC 2022 on sn-devel-184
Anoop C S [Mon, 2 May 2022 09:45:53 +0000 (15:15 +0530)]
vfs_glusterfs: Fix get_real_filename_at implementation
glfd(gluster fd) used in glfs_fgetxattr() for get_real_filename_at()
implementation doesn't correctly point to required directory fd. Since
GlusterFS still don't support *at() variant syscalls we will have to
rely on full path/name constructed out of dirfsp.
Signed-off-by: Anoop C S <anoopcs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Pavel Filipenský [Wed, 11 May 2022 12:20:34 +0000 (14:20 +0200)]
s3:smbd: Covscan: remove dead code
Covscan:
source3/smbd/files.c:575: check_after_deref: Null-checking "fsp" suggests that it
may be null, but it has already been dereferenced on all paths leading to the check.
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat May 14 04:41:57 UTC 2022 on sn-devel-184
Pavel Filipenský [Wed, 11 May 2022 12:19:44 +0000 (14:19 +0200)]
s3:smbd Fix trailing whitespace in files.c
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pavel Filipenský [Wed, 11 May 2022 08:14:53 +0000 (10:14 +0200)]
s3:libsmb: Covscan: unchecked return value for cli_credentials_set_smb_encryption()
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pavel Filipenský [Wed, 11 May 2022 10:11:21 +0000 (12:11 +0200)]
auth: Covscan: unchecked return value for cli_credentials_set_smb_encryption()
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pavel Filipenský [Wed, 11 May 2022 10:10:36 +0000 (12:10 +0200)]
auth: Fix trailing whitespace in pycredentials.c
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pavel Filipenský [Wed, 11 May 2022 10:06:22 +0000 (12:06 +0200)]
ctdb: Covscan: unchecked return value for trbt_traversearray32()
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pavel Filipenský [Wed, 11 May 2022 10:04:34 +0000 (12:04 +0200)]
ctdb: Fix trailing whitespace in rb_tree.c
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pavel Filipenský [Wed, 11 May 2022 09:39:28 +0000 (11:39 +0200)]
s4:libcli: Covscan: unchecked return value for file_save()
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pavel Filipenský [Wed, 11 May 2022 09:38:45 +0000 (11:38 +0200)]
s4:libcli: Fix trailing whitespace in browse.c
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pavel Filipenský [Wed, 11 May 2022 09:36:48 +0000 (11:36 +0200)]
s4:libcli: Covscan: unchecked return value for file_save()
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pavel Filipenský [Wed, 11 May 2022 09:36:03 +0000 (11:36 +0200)]
s4:libcli: Fix trailing whitespace in netlogon.c
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pavel Filipenský [Wed, 11 May 2022 09:32:47 +0000 (11:32 +0200)]
libcli: Covscan: unchecked return value for file_save()
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Pavel Filipenský [Wed, 11 May 2022 09:31:52 +0000 (11:31 +0200)]
libcli: Fix trailing whitespace in netlogon.c
Signed-off-by: Pavel Filipenský <pfilipen@redhat.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
David Mulder [Thu, 12 May 2022 19:24:07 +0000 (13:24 -0600)]
gpo: Cert Auto Enroll use ldap trust cert if NDES disabled
If the CA does not have the Network Device
Enrollment Service enabled, we can still use the
certificate from the ldap request (unless this is
a complex request and ldap config isn't present).
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri May 13 15:38:53 UTC 2022 on sn-devel-184
David Mulder [Thu, 5 May 2022 13:30:16 +0000 (07:30 -0600)]
gpo: Fix Cert Auto Enroll docstrings
These were flagged by pydocstyle.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
David Mulder [Wed, 4 May 2022 21:01:22 +0000 (15:01 -0600)]
gpo: Remove sscep depends from Cert Auto Enroll
Certificate Auto Enrollment currently depends on
sscep to retrieve the root certificate chain.
This isn't necessary, since this can be
accomplished with a simple GET.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
David Mulder [Fri, 6 May 2022 15:06:23 +0000 (09:06 -0600)]
bootstrap: Add python3-requests dependency
Certificate Auto Enrollment will depend on
python3-requests in order to fetch the
root chain.
Signed-off-by: David Mulder <dmulder@suse.com>
Reviewed-by: Andreas Schneider <asn@samba.org>
David Mulder [Fri, 6 May 2022 15:46:44 +0000 (09:46 -0600)]
gpo: Halt Cert Auto Enroll process if data corrupted
If the CA URL cannot be processed, then halt
processing. Otherwise we'll end up in a broken
state later when trying to read from the end
points with missing data.
Signed-off-by: David Mulder <dmulder@suse.com>
Revewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May 12 18:45:41 UTC 2022 on sn-devel-184
David Mulder [Fri, 6 May 2022 15:41:19 +0000 (09:41 -0600)]
gpo: Supress error caused by ldap Cert Auto Enroll config
When the CA url specified on the SYSVOL is 'LDAP:'
this means that configuration should be fetched
from LDAP. This corrects an error message that
was being reported when the URL appeared improper
but really is not. This does not change the
code behavior (it was still working), but
removes the invalid error.
Signed-off-by: David Mulder <dmulder@suse.com>
Revewed-by: Andreas Schneider <asn@samba.org>
Andrew Bartlett [Wed, 11 May 2022 22:54:22 +0000 (10:54 +1200)]
s4-samr: Fix missing check for GnuTLS errors from E_old_pw_hash()
Not likely to be an issue in the real world as the earlier calls
will have failed if weak crypto was disabled, but this was missed
in
dce944e8a1119034f184336f6b71a28080152a0a.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Thu May 12 03:18:42 UTC 2022 on sn-devel-184
Douglas Bagnall [Wed, 11 May 2022 00:08:54 +0000 (12:08 +1200)]
fuzz: add lzxpress compress/decompress round-trip
We say it is an error to end up at a different result.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 11 May 2022 00:08:06 +0000 (12:08 +1200)]
fuzz: add fuzz_lzxpress_compress
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 11 May 2022 05:21:46 +0000 (17:21 +1200)]
compression:tests: align test names with functions
You'll thank me if you're ever debugging these and wondering why
'lzxpress4' calls 'lzxpress2' (or is it the other way round?).
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 11 May 2022 04:20:46 +0000 (16:20 +1200)]
compression: add a few comments, including MS-XCA pointers.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 10 May 2022 22:25:13 +0000 (10:25 +1200)]
compression: remove always false constant comparison
We set `uncompressed_pos = 0;` unconditionally, just ~10 lines up.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 11 May 2022 04:06:38 +0000 (16:06 +1200)]
compression: lzxpress decompress empty string as empty string
This mirrors the behaviour of lzxpress_compress, which "encodes" an
empty string as an empty string.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 11 May 2022 00:46:21 +0000 (12:46 +1200)]
compression: fix lzxpress decompress with trailing flags
Every so often, lzxpress adds a 32-bit block of indicator flags to
help decode the next clump of 32 code words. A naive compressor (such
as we have) might do this at the very end for flags that aren't
actually used because there are no more bytes to decompress. If that
happens we need to stop processing, or we'll come to worse outcome at
the next CHECK_INPUT_BYTES.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 11 May 2022 03:24:38 +0000 (15:24 +1200)]
compression:tests: test lzxpress in some edge cases
Empty strings and trailing flag blocks.
(found with Honggfuzz and a round-trip fuzzer that aborts if the
strings differ).
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 7 Mar 2022 23:27:10 +0000 (12:27 +1300)]
compression: Move maximum length calculation out of inner loop
This makes the code clearer.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Mon, 7 Mar 2022 23:25:59 +0000 (12:25 +1300)]
compression: Use correct values for max len and offset
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Mon, 7 Mar 2022 23:21:02 +0000 (12:21 +1300)]
compression: Replace divisions with shifts
This is more consistent with the compression code.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Mon, 7 Mar 2022 23:19:45 +0000 (12:19 +1300)]
compression: Remove unneeded loop variable
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 7 Mar 2022 23:17:15 +0000 (12:17 +1300)]
compression: Reduce scope of variables
This makes the code clearer.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 7 Mar 2022 23:13:12 +0000 (12:13 +1300)]
compression: Use PUSH_LE_U32 for first output buffer write
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 7 Mar 2022 23:11:51 +0000 (12:11 +1300)]
compression: Add bounds check for first output buffer write
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Mon, 7 Mar 2022 23:10:01 +0000 (12:10 +1300)]
compression: Remove helper variables str1 and str2
This simplifies the code and makes it clearer.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Mon, 7 Mar 2022 23:02:13 +0000 (12:02 +1300)]
compression: Fix writing output flags
If indic_bit == 0, the shift amount of 32 - indic_bit == 32 will equal
the width of a 32-bit integer type, and these shifts will invoke
undefined behaviour, which is likely to cause incorrect output. Fix this
by not shifting a 32-bit integer type by 32 bits or more.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Mon, 7 Mar 2022 07:33:45 +0000 (20:33 +1300)]
compression: Remove byte_left variable
We can simplify this code using the identity:
byte_left + uncompressed_pos = uncompressed_size
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Mon, 7 Mar 2022 07:31:33 +0000 (20:31 +1300)]
compression: Remove redundant bounds check
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Mon, 7 Mar 2022 07:30:42 +0000 (20:30 +1300)]
compression: Add range check for indic_pos
This now matches the other use of indic_pos.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Mon, 7 Mar 2022 07:28:05 +0000 (20:28 +1300)]
compression: Remove redundant nibble_index check
If nibble_index is non-zero, we have already written to it, and so don't
need to check again that it is in bounds.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Mon, 7 Mar 2022 07:24:48 +0000 (20:24 +1300)]
compression: Make use of PUSH_LE_Uxx macros
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Joseph Sutton [Mon, 7 Mar 2022 07:21:32 +0000 (20:21 +1300)]
compression: Simplify code by making indic_pos an index
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Mon, 7 Mar 2022 06:38:08 +0000 (19:38 +1300)]
compression: Make use of CHECK_{IN,OUT}PUT_BYTES macros
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Mon, 7 Mar 2022 07:12:46 +0000 (20:12 +1300)]
compression: Simplify code by removing metadata_size variable
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Mon, 7 Mar 2022 07:09:40 +0000 (20:09 +1300)]
compression: Use correct value for indic_pos
Previously, we were setting this to the wrong value and overwriting
existing output data.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Mon, 7 Mar 2022 07:09:40 +0000 (20:09 +1300)]
compression: Use correct value for nibble_index
Previously, we were setting this to the wrong value and overwriting
existing output data.
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Joseph Sutton [Mon, 7 Mar 2022 06:58:51 +0000 (19:58 +1300)]
compression: Simplify redundant branches
Signed-off-by: Joseph Sutton <josephsutton@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>