Jo Sutton [Tue, 19 Mar 2024 01:27:00 +0000 (14:27 +1300)]
tests/krb5: Make use of ‘expect_edata’ parameter
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Thu, 21 Mar 2024 23:32:46 +0000 (12:32 +1300)]
tests/krb5: Remove unused variable
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Thu, 21 Mar 2024 23:32:25 +0000 (12:32 +1300)]
tests/krb5: Fix code spelling
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Thu, 21 Mar 2024 23:31:38 +0000 (12:31 +1300)]
tests/krb5: Remove unused import
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Tue, 9 Apr 2024 02:15:51 +0000 (14:15 +1200)]
python:tests: Fix typo
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Mon, 4 Mar 2024 00:38:10 +0000 (13:38 +1300)]
python:tests: Reformat code
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Tue, 9 Apr 2024 03:39:43 +0000 (15:39 +1200)]
python:tests: Fix set declaration
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Tue, 9 Apr 2024 03:31:15 +0000 (15:31 +1200)]
python:tests: Replace deprecated method assertRaisesRegexp()
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Tue, 16 Apr 2024 02:28:43 +0000 (14:28 +1200)]
s4:ldap_server: Consider ldapi connections to be encrypted
Modifications to unicodePwd require an encrypted connection. This change
allows unicodePwd to be modified over an ldapi connection.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15634
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Tue, 16 Apr 2024 02:28:21 +0000 (14:28 +1200)]
s4:ldap_server: Store whether an LDAP connection is over ldapi
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15634
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Tue, 16 Apr 2024 02:27:41 +0000 (14:27 +1200)]
s4:ldap_server: Add copy of non‐privileged ops specifically for ldapi connections
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15634
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Tue, 16 Apr 2024 02:31:11 +0000 (14:31 +1200)]
s4:ldap_server: Rename privileged ops to indicate they are used for ldapi
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15634
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Tue, 16 Apr 2024 02:17:33 +0000 (14:17 +1200)]
s4:ldap_server: Fix code spelling
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15634
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Jo Sutton [Tue, 16 Apr 2024 02:17:02 +0000 (14:17 +1200)]
s4:ldap_server: Remove trailing whitespace
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15634
Signed-off-by: Jo Sutton <josutton@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Thu, 11 Apr 2024 04:26:49 +0000 (16:26 +1200)]
selftest: Move some KDS root key tests around to prepare for gMSA server side
Once we have a gMSA server side the impact of deleting root keys becomes real
and so we must do this in a quiet place where it can not impact on other things.
Likewise, we want the samba.tests.dsdb_quiet_provision_tests tests to run
somewhere that is not doing other things, so we can see what a bare provision
will do. We must not allow test ordering inside the file to cause tests that
create root keys to run before checking if provision created a usable root key.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Andrew Bartlett [Thu, 11 Apr 2024 02:33:16 +0000 (14:33 +1200)]
selftest: Remove duplicate setup of "spn/upn namespaces" in the customdc testenv
The call to $self->setup_namespaces() was allways in error, as the design
is to have the in the state that it was backed up in, but before commit
08be28241b808845c4b51a4c47765a9416ca3aa7 the error return was not
checked and so this was harmless.
The customdc environment is not tested in selftest currently, as
it is intended to be used for manual testing of domains from backup
files not as an automatically constructed environment.
This makes:
BACKUP_FILE=samba-backup-2024-04-11T14-10-20.437096.tar.bz2 SELFTEST_TESTENV=customdc make testenv
work again.
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
Andreas Schneider [Thu, 11 Apr 2024 08:29:18 +0000 (10:29 +0200)]
s3:auth: Add support standalone server with MIT Keberos 1.21
This adds support for MIT Kerberos minimal PAC. Tickets from pure
Kerberos realms with MIT Kerberos 1.21 or newer will always include a
minimal PAC. The PAC include the checksum buffers and a logon_name PAC
buffer.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Thu, 11 Apr 2024 08:21:16 +0000 (10:21 +0200)]
s3:auth: Split auth3_generate_session_info_pac() into functions
This gets rid of the multiple goto and just have a single destructor
goto.
Best view this commit with `git show -b <sha> --color-moved=zebra`
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 12 Apr 2024 12:36:32 +0000 (14:36 +0200)]
s3:auth: Re-format auth3_generate_session_info_pac()
This is in preparation to split up the function into several functions.
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andreas Schneider [Fri, 15 Mar 2024 11:41:19 +0000 (12:41 +0100)]
s3:auth: Remove trailing spaces
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Pavel Filipenský [Thu, 11 Apr 2024 11:01:28 +0000 (13:01 +0200)]
smbdotconf: Enable "winbind debug traceid" by default
The traceid debug header field is a useful feature, let's make it
default.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15631
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Mon Apr 15 18:47:41 UTC 2024 on atb-devel-224
Pavel Filipenský [Fri, 12 Apr 2024 12:57:11 +0000 (14:57 +0200)]
s3:libsmb: Fix panic in cliconnect.c
This command line panics:
$ bin/rpcclient ncacn_np: -c epmlookup
0 __pthread_kill_implementation (threadid=<optimized out>, signo=signo@entry=6, no_tid=no_tid@entry=0) at pthread_kill.c:44
1 0x00007ffff64ae8a3 in __pthread_kill_internal (signo=6, threadid=<optimized out>) at pthread_kill.c:78
2 0x00007ffff645c8ee in __GI_raise (sig=sig@entry=6) at ../sysdeps/posix/raise.c:26
3 0x00007ffff64448ff in __GI_abort () at abort.c:79
4 0x00007ffff7b01524 in tevent_req_is_nterror (req=0x555555728610, status=0x7fffffff9bb4) at ../../lib/util/tevent_ntstatus.c:66
5 0x00007ffff7b9fd91 in cli_connect_nb_recv (req=0x555555728610, pcli=0x5555556fcb18) at ../../source3/libsmb/cliconnect.c:2731
6 0x00007ffff7ba02a8 in cli_start_connection_connected (subreq=0x555555728610) at ../../source3/libsmb/cliconnect.c:2882
7 0x00007ffff7aecb1a in _tevent_req_notify_callback (req=0x555555728610, location=0x7ffff7bde0e0 "../../source3/libsmb/cliconnect.c:2686") at ../../lib/tevent/tevent_req.c:177
8 0x00007ffff7aeccab in tevent_req_finish (req=0x555555728610, state=TEVENT_REQ_USER_ERROR, location=0x7ffff7bde0e0 "../../source3/libsmb/cliconnect.c:2686") at ../../lib/tevent/tevent_req.c:234
9 0x00007ffff7aecdda in tevent_req_trigger (ev=0x5555557182e0, im=0x555555728720, private_data=0x555555728610) at ../../lib/tevent/tevent_req.c:291
10 0x00007ffff7aeb513 in tevent_common_invoke_immediate_handler (im=0x555555728720, removed=0x0) at ../../lib/tevent/tevent_immediate.c:190
11 0x00007ffff7aeb685 in tevent_common_loop_immediate (ev=0x5555557182e0) at ../../lib/tevent/tevent_immediate.c:236
12 0x00007ffff7af7502 in epoll_event_loop_once (ev=0x5555557182e0, location=0x7ffff7af8ac0 "../../lib/tevent/tevent_req.c:342") at ../../lib/tevent/tevent_epoll.c:905
13 0x00007ffff7af2d22 in std_event_loop_once (ev=0x5555557182e0, location=0x7ffff7af8ac0 "../../lib/tevent/tevent_req.c:342") at ../../lib/tevent/tevent_standard.c:110
14 0x00007ffff7ae93ab in _tevent_loop_once (ev=0x5555557182e0, location=0x7ffff7af8ac0 "../../lib/tevent/tevent_req.c:342") at ../../lib/tevent/tevent.c:820
15 0x00007ffff7aecf9e in tevent_req_poll (req=0x555555728290, ev=0x5555557182e0) at ../../lib/tevent/tevent_req.c:342
16 0x00007ffff7b01647 in tevent_req_poll_ntstatus (req=0x555555728290, ev=0x5555557182e0, status=0x7fffffff9f4c) at ../../lib/util/tevent_ntstatus.c:109
17 0x00007ffff7ba246a in cli_full_connection_creds (output_cli=0x7fffffffa220, my_name=0x555555701990 "CLUSTEREDMEMBER", dest_host=0x0, dest_ss=0x0, port=0, service=0x5555556981d1 "IPC$", service_type=0x5555556981d6 "IPC", creds=0x5555556fa410, flags=4096) at ../../source3/libsmb/cliconnect.c:3807
18 0x0000555555619ae9 in main (argc=4, argv=0x7fffffffa3e8) at ../../source3/rpcclient/rpcclient.c:1308
tevent_req_is_nterror() expects error set by tevent_req_nterror()
- to have TEVENT_NTERROR_MAGIC, otherwise it calls abort().
Signed-off-by: Pavel Filipenský <pfilipensky@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
Autobuild-User(master): Pavel Filipensky <pfilipensky@samba.org>
Autobuild-Date(master): Mon Apr 15 14:55:21 UTC 2024 on atb-devel-224
Douglas Bagnall [Wed, 10 Apr 2024 23:52:14 +0000 (11:52 +1200)]
s4:dns_server: less noisy, more informative debug messages
This shouldn't have been DBG_ERR, and it might as well say something
about the tombstone.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15630
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andreas Schneider <asn@samba.org>
Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri Apr 12 15:18:05 UTC 2024 on atb-devel-224
Douglas Bagnall [Thu, 4 Apr 2024 01:33:47 +0000 (14:33 +1300)]
s3:libsmb_xattr: ace_compare() uses NUMERIC_CMP()
the access_mask is the easiest to overflow with subtraction -- other
fields are 8 or 16 bit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr 10 23:58:12 UTC 2024 on atb-devel-224
Douglas Bagnall [Thu, 4 Apr 2024 01:08:02 +0000 (14:08 +1300)]
s3:util:sharesec ace_compare() uses NUMERIC_CMP()
ace->access_mask is uint32_t, so can overflow a signed int.
This would be easy to trigger, as it is a flags field rather than an
allocation count.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 2 Apr 2024 23:56:48 +0000 (12:56 +1300)]
s3:smbcacls: use NUMERIC_CMP in ace_compare
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 4 Apr 2024 01:25:54 +0000 (14:25 +1300)]
s3:util:net_registry: registry_value_cmp() uses NUMERIC_CMP()
v->type is an int-sized enum, so overflow might be possible if it could
be arbitrarily set.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 2 Apr 2024 23:53:32 +0000 (12:53 +1300)]
s4:wins: use NUMERIC_CMP in nbtd_wins_randomize1Clist_sort()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 4 Apr 2024 01:16:21 +0000 (14:16 +1300)]
s4:wins: winsdb_addr_sort_list() uses NUMERIC_CMP()
expire_time is time_t, which is at least int-sized, so overflow is
possible (if this code ever runs).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 2 Apr 2024 23:54:09 +0000 (12:54 +1300)]
s4:wins: use NUMERIC_CMP in winsdb_addr_sort_list()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 4 Apr 2024 01:22:24 +0000 (14:22 +1300)]
s4:dns_server: use NUMERIC_CMP in rec_cmp()
dnsp_DnssrvRpcRecord.dwTimeStamp is uint32_t, making overflow possible.
dnsp_DnssrvRpcRecord.wType is an enum, which has the size of an int,
though it may be hard to set it to overflowing values.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 4 Apr 2024 01:10:45 +0000 (14:10 +1300)]
s4:rpc_server: compare_SamEntry() uses NUMERIC_CMP()
SamEntry.idx is uint32_t.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 4 Apr 2024 01:01:24 +0000 (14:01 +1300)]
s3:lib:util_tdb: use NUMERIC_CMP() in tdb_data_cmp()
Although these are size_t, in practice TDB data is limited to 32 bit.
Even so, overflow of a signed int is possible.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 4 Apr 2024 00:53:58 +0000 (13:53 +1300)]
libcli/security: use NUMERIC_CMP in dom_sid_compare_auth()
These numbers are all 8 bit, so overflow is unlikely.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 4 Apr 2024 00:43:47 +0000 (13:43 +1300)]
libcli/security: use NUMERIC_CMP in dom_sid_compare()
sid->num_auths is always small (int8 < 16), so this is cosmetic only.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 3 Apr 2024 22:26:25 +0000 (11:26 +1300)]
ldb: reduce non-transitive comparisons in ldb_msg_element_compare()
We can still have inconsistent comparisons, because two elements with
the same number of values will always return -1 if they are unequal,
which means they will sort differently depending on the order in which
they are compared.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 3 Apr 2024 22:22:58 +0000 (11:22 +1300)]
ldb: avoid non-transitive comparison in ldb_val_cmp()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 3 Apr 2024 22:07:06 +0000 (11:07 +1300)]
util:datablob: avoid non-transitive comparison in data_blob_cmp()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 3 Apr 2024 04:43:03 +0000 (17:43 +1300)]
ldb:attrib_handlers: ldb_comparison_binary uses NUMERIC_CMP()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 3 Apr 2024 04:32:48 +0000 (17:32 +1300)]
ldb:attrib_handlers: ldb_comparison_Boolean uses NUMERIC_CMP()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 3 Apr 2024 03:16:44 +0000 (16:16 +1300)]
util: charset:util_str: use NUMERIC_CMP in strncasecmp_m_handle
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 5 Apr 2024 01:22:11 +0000 (14:22 +1300)]
lib/torture: add assert_int_{less,greater} macros
In some situations, like comparison functions for qsort, we don't care
about the actual value, just whethger it was greater or less than
zero.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 3 Apr 2024 03:13:07 +0000 (16:13 +1300)]
s3:libsmb:namequery: use NUMERIC_CMP in addr_compare
This one was OK, as the numbers are tightly bound, but there is no
real reason not to do it safely.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 3 Apr 2024 03:10:38 +0000 (16:10 +1300)]
s3:libsmb:namequery: note intransitivity in addr_compare()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 4 Apr 2024 01:56:16 +0000 (14:56 +1300)]
util:charset:codepoints: codepoint_cmpi warning about non-transitivity
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 3 Apr 2024 02:53:29 +0000 (15:53 +1300)]
util:charset:codepoints: condepoint_cmpi uses NUMERIC_CMP()
If these are truly unicode codepoints (< ~2m) there is no overflow,
but the type is defined as uint32_t.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 4 Apr 2024 04:23:15 +0000 (17:23 +1300)]
util:test: test_ms_fn_match_protocol_no_wildcard: allow -1
We have changed strcasecmp_m() to return -1 in a place where it used
to return -3. This upset a test, but it shouldn't have: the exact
value of the negative int is not guaranteed by the function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 3 Apr 2024 02:49:55 +0000 (15:49 +1300)]
util:charset:util_str: use NUMERIC_CMP in strcasecmp_m_handle
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 5 Apr 2024 01:46:48 +0000 (14:46 +1300)]
torture:charset: test more of strcasecmp_m
We now test cases:
1. where the first string compares less
2. one of the strings ends before the other
3. the strings differ on a character other than the first.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 5 Apr 2024 01:43:42 +0000 (14:43 +1300)]
torture:charset: use < and > assertions for strncasecmp_m
strncasecmp_m is supposed to return a negative, zero, or positive
number, not necessarily the difference between the codepoints in
the first character that differs, which we have been asserting up to
now.
This fixes a knownfail on 32 bit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 5 Apr 2024 00:14:38 +0000 (13:14 +1300)]
torture:charset: use < and > assertions for strcasecmp_m
strcasecmp_m is supposed to return a negative, zero, or positive
number, depending on whether the first argument is less than, equal to,
or greater than the second argument (respectively).
We have been asserting that it returns exactly the difference between
the codepoints in the first character that differs.
This fixes a knownfail on 32 bit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 3 Apr 2024 02:47:10 +0000 (15:47 +1300)]
util:binsearch: user NUMERIC_CMP()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 2 Apr 2024 23:55:54 +0000 (12:55 +1300)]
s4: use numeric_cmp in dns_common_sort_zones()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 2 Apr 2024 23:55:27 +0000 (12:55 +1300)]
s4:dsdb:mod:operational: use NUMERIC_CMP in pso_compare
prec_{1,2} are uint32_t, and if one is not set we are defaulting to
0xffffffff (a.k.a UINT32_MAX), so an overflow when cast to int seems
extremely likely.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 2 Apr 2024 23:52:50 +0000 (12:52 +1300)]
s4:ntvfs: use NUMERIC_CMP in stream_name_cmp
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 2 Apr 2024 23:51:04 +0000 (12:51 +1300)]
ldb:ldb_dn: use safe NUMERIC_CMP in ldb_dn_compare()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 2 Apr 2024 23:50:47 +0000 (12:50 +1300)]
ldb:ldb_dn: use safe NUMERIC_CMP in ldb_dn_compare_base()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 3 Apr 2024 04:53:39 +0000 (17:53 +1300)]
ldb: add NUMERIC_CMP macro to ldb.h
In other places we tend to include tsort.h, which also has TYPESAFE_QSORT.
ldb.h already has TYPESAFE_QSORT, so it might as well have NUMERIC_CMP.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 2 Apr 2024 23:43:27 +0000 (12:43 +1300)]
util:tsort.h: add a macro for safely comparing numbers
In many places we use `return a - b;` in a comparison function. This can
be problematic if the comparison is used in a sort, as `a - b` is not
guaranteed to do what we expect. For example:
* if a and b are 2s-complement ints, a is INT_MIN and b is INT_MAX, then
a - b = 1, which is wrong.
* if a and b are 64 bit pointers, a - b could wrap around many times in
a cmp function returning 32 bit ints. (We do this often).
The issue is not just that a sort could go haywire.
Due to a bug in glibc, this could result in out-of-bounds access:
https://www.openwall.com/lists/oss-security/2024/01/30/7
(We have replicated this bug in ldb_qsort).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 27 Mar 2024 23:57:54 +0000 (12:57 +1300)]
lib/fuzzing/decode_ndr_X_crash: guess the pipe from filename
Usually we are dealing with a filename that tells you what the pipe is,
and there is no reason for this debug helper not to be convenient
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 3 Apr 2024 22:06:00 +0000 (11:06 +1300)]
ldb: avoid out of bounds read and write in ldb_qsort()
If a compare function is non-transitive (for example, if it evaluates
A > B and B > C, but A < C), this implementation of qsort could access
out-of-bounds memory. This was found in glibc's qsort by Qualys, and
their write-up for OSS-Security explains it very well:
https://www.openwall.com/lists/oss-security/2024/01/30/7
An example of a non-transitive compare is one in which does this
int cmp(const void *_a, const void *_b)
{
int a = *(int *)_a;
int b = *(int *)_b;
return a - b;
}
which does the right thing when the magnitude of the numbers is small,
but which will go wrong if a is INT_MIN and b is INT_MAX. Likewise, if
a and b are e.g. uint32_t, the value can wrap when cast to int.
We have functions that are non-transitive regardless of subtraction.
For example, here (which is not used with ldb_qsort):
int codepoint_cmpi(codepoint_t c1, codepoint_t c2)
if (c1 == c2 ||
toupper_m(c1) == toupper_m(c2)) {
return 0;
}
return c1 - c2;
}
The toupper_m() is only called on equality case. Consider {'a', 'A', 'B'}.
'a' == 'A'
'a' > 'B' (lowercase letters come after upper)
'A' < 'B'
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15569
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15625
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 22 Mar 2024 03:20:18 +0000 (16:20 +1300)]
selftest: move some more expected failures to expectedfail.d
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Wed Apr 10 06:15:46 UTC 2024 on atb-devel-224
Andrew Bartlett [Mon, 25 Mar 2024 09:21:19 +0000 (22:21 +1300)]
ldb: Add more segfault tests DN handling
- from_dict DN use-after-free
- check for the same directly creating the ldb.Message
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Douglas Bagnall [Sun, 17 Mar 2024 23:24:53 +0000 (12:24 +1300)]
pyldb: don't allow py_ldb_dn_copy() with the wrong pyldb
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sun, 17 Mar 2024 05:07:44 +0000 (18:07 +1300)]
python:upgrade/upgradeprovision: use dn.copy to align ldbs
We need to do this when the dn is on a message from another ldb.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sun, 17 Mar 2024 04:56:09 +0000 (17:56 +1300)]
pyldb: add dn.copy() python method.
Sometimes you want to use a Dn object from one LDB with another LDB,
but this no longer works.
One way to do it is:
new_dn = ldb.Dn(samdb, str(old_dn))
but with this, you can just:
new_dn = old_dn.copy(samdb)
or, if you are putting it on a message which has a DN:
msg.dn = old_dn.copy(msg.ldb)
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sun, 17 Mar 2024 01:44:32 +0000 (14:44 +1300)]
s4:samba_upgradeprovision: align DN ownership
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sun, 17 Mar 2024 01:25:18 +0000 (14:25 +1300)]
pyldb: add Message.ldb accessor
See the last commit for comments about how this is useful for
debugging.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sun, 17 Mar 2024 01:24:03 +0000 (14:24 +1300)]
pyldb: add Dn.ldb accessor
This, and the next commit, might help in debugging when you see a
traceback that ends like this:
File "/data/samba/samba/bin/samba_upgradeprovision", line 664, in add_missing_object
delta.dn = dn
RuntimeError: DN is from the wrong LDB
in this case you could force a solution with something like:
delta.dn = ldb.dn(delta.ldb, str(dn))
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 13 Mar 2024 04:28:57 +0000 (17:28 +1300)]
pyldb: add PyErr_internal_LDB_DN_OR_RAISE
This might be faster than the circuitous route.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 13 Mar 2024 04:28:07 +0000 (17:28 +1300)]
pyldb: normalise name of pyldb_Message_Check
c.f. pyldb_MessageElement_Check, pyldb_Dn_Check.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 7 Mar 2024 21:42:06 +0000 (10:42 +1300)]
ldb:pyldb: reorder structs for possible type-punning
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 15 Mar 2024 04:17:25 +0000 (17:17 +1300)]
pyldb: py_ldb_msg_set_dn checks dn ldb equality
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 15 Mar 2024 04:16:34 +0000 (17:16 +1300)]
pyldb: py_ldb_msg_elements uses PyErr_LDB_MESSAGE_OR_RAISE
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 15 Mar 2024 22:15:31 +0000 (11:15 +1300)]
pyldb: py_ldb_msg_items checks for more errors
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 15 Mar 2024 04:15:28 +0000 (17:15 +1300)]
pldb: py_ldb_msg_items uses PyErr_LDB_MESSAGE_OR_RAISE
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 15 Mar 2024 04:09:53 +0000 (17:09 +1300)]
pyldb: py_ldb_msg_contains() checks ldb equality
We can't use PyErr_LDB_MESSAGE_OR_RAISE() here, because the return type
is int, not PyObject*.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 15 Mar 2024 00:50:40 +0000 (13:50 +1300)]
pyldb: py_ldb_msg_keys() uses PyErr_LDB_MESSAGE_OR_RAISE
We change the [unused, because it always cast] signature of
py_ldb_msg_iter() in the same commit, because that is just a wrapper
around _keys() and this maintains bisectability with the least fuss.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 15 Mar 2024 04:04:59 +0000 (17:04 +1300)]
pyldb: py_ldb_msg_richcmp() uses PyErr_LDB_MESSAGE_OR_RAISE()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 15 Mar 2024 00:08:03 +0000 (13:08 +1300)]
pyldb: use PyErr_LDB_MESSAGE_OR_RAISE() in various functions
In these simple cases, we are:
1. replacing the first argument `PyObject *` with `PyLdbMessageObject *`.
2. adding a `struct ldb_message *msg = NULL;` variable.
3. `PyErr_LDB_MESSAGE_OR_RAISE(self, msg);`.
4. changing the `self->msg` to `msg`.
5. adding { } to the `if (!PyArg_ParseTuple() return NULL;`.
6. replacing `self->pyldb` with `pyldb_Message_get_pyldb(self)`
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 14 Mar 2024 03:41:43 +0000 (16:41 +1300)]
pyldb: add PyErr_LDB_MESSAGE_OR_RAISE() macro
The Python level message has a reference to an LDB, which should be NULL,
or the same as the dn's LDB, lest one of them is freed early.
The message LDB will be NULL until a DN is set, and if the DN is replaced,
the LDB is also be replaced (see py_ldb_msg_set_dn), so it is *unlikely*
for these to get out of sync. In addition, fetching msg.dn via python
compares the LDBs at that point (py_ldb_msg_get_dn).
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 14 Mar 2024 04:32:51 +0000 (17:32 +1300)]
pyldb: catch up with README.Coding for some `PyArg_ParseTuple`s
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 14 Mar 2024 04:27:58 +0000 (17:27 +1300)]
pyldb: py_ldb_dn_concat() uses PyErr_LDB_DN_OR_RAISE
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 14 Mar 2024 04:26:38 +0000 (17:26 +1300)]
pyldb: py_ldb_dn_len checks dn and ldb validity
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 14 Mar 2024 23:38:00 +0000 (12:38 +1300)]
pyldb: make py_ldb_dn_add_base() a bit less leaky
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 14 Mar 2024 04:24:48 +0000 (17:24 +1300)]
pyldb: py_ldb_dn_add_base() uses PyErr_LDB_DN_OR_RAISE
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 14 Mar 2024 23:11:18 +0000 (12:11 +1300)]
pyldb: make py_ldb_dn_add_child() a bit less leaky
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 10 Apr 2024 02:41:09 +0000 (14:41 +1200)]
pyldb: py_ldb_dn_add_child() uses PyErr_LDB_DN_OR_RAISE
for self->dn only. The other dn is a different story, next commit.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 14 Mar 2024 04:21:34 +0000 (17:21 +1300)]
pyldb: py_ldb_dn_get_parent() uses PyErr_LDB_DN_OR_RAISE
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 14 Mar 2024 04:19:21 +0000 (17:19 +1300)]
pyldb: py_ldb_dn_richcmp() uses PyErr_LDB_DN_OR_RAISE
The `if (!pyldb_Dn_Check(pydn2))` might seem redundant, but we
need it to return Py_NotImplemented before the _OR_RAISE macro
raises TypeError.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 14 Mar 2024 04:10:17 +0000 (17:10 +1300)]
pyldb: py_ldb_dn_get_extended_component() uses PyErr_LDB_DN_OR_RAISE
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 14 Mar 2024 04:07:52 +0000 (17:07 +1300)]
pyldb: py_ldb_dn_extended_str() uses PyErr_LDB_DN_OR_RAISE()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 10 Apr 2024 02:40:42 +0000 (14:40 +1200)]
pyldb: py_ldb_dn_get_casefold() uses PyErr_LDB_DN_OR_RAISE()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
# Conflicts:
# selftest/knownfail.d/ldb-use-after-free-segfault
Douglas Bagnall [Thu, 14 Mar 2024 22:00:50 +0000 (11:00 +1300)]
pyldb: py_ldb_dn_get_extended_component uses PyErr_LDB_DN_OR_RAISE()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 14 Mar 2024 03:38:14 +0000 (16:38 +1300)]
pyldb: adapt some simple dn methods to use LDB_DN_OR_RAISE()
We treat self as PyObject, and only trust its DN once it has been
laundered by PyErr_LDB_DN_OR_RAISE().
There are more of these to come in the next few commits, but these are
the simplest ones (on a textual level -- the others are simple too, but
look different).
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 14 Mar 2024 02:10:07 +0000 (15:10 +1300)]
ldb:pyldb: PyErr_LDB_DN_OR_RAISE makes more rigourous checks
This changes what happens all over the place
(lib/ldb/pyldb.c, source4/dns_server/pydns.c, source4/dsdb/pydsdb.c),
but causes no problems because it just checks what we always assumed.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Wed, 13 Mar 2024 20:32:47 +0000 (09:32 +1300)]
pytest:segfault: some more ldb crashes
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 5 Dec 2023 23:38:54 +0000 (12:38 +1300)]
samba-tool domain backup: Use new ldb.disconnect() method to force-close files during backup
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Douglas Bagnall [Tue, 19 Mar 2024 22:31:23 +0000 (11:31 +1300)]
ldb:pytests: test ldb.connect() works after .disconnect()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Tue, 5 Dec 2023 22:18:27 +0000 (11:18 +1300)]
pyldb: Add ldb.disconnect() method to ensure DB handles are closed
This is vital in our backup code, which needs to actually close the
LMDB at the correct point.
The Python ldb object itself is left in more or less the same state as
one that has not connected to a server or database (it is a very
simple wrapper in itself), and can be reconnected using the .connect()
method.
Pair-programmed-with: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>