[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Fri Mar 31 02:51:01 UTC 2023
The branch, master has been updated
via ea4be00361e selftest: Add test parsing krb5 PAC claims via ndrdump
via f951c3b35dc sefltest: Extend python NDR parsing tests to compressed and uncompressed claims
via 2d2f68236e6 librpc/ndr: Use libndr compression for claims
via c6981f60549 librpc/ndr: Make ndr_push_compression_state_free() a talloc destructor
via 0ef71cf1524 pidl: Automatically manage creating and freeing the compression state in generated code
via 327c84cf870 librpc/ndr: Implement lzxpress_huffman() compression in libndr for Kerberos Claims
via c85cadf1952 librpc/ndr: Add a "NONE" compression format to libndr
via b95117dc56e libndr/ndr: Remove unused argument from ndr_push_compression_{start,end}()
via 8c58da347c2 libndr/ndr: Add NDR_COMPRESSION_INVALID
via 937bf4b8365 librpc/ndr: Unimplement DRSUAPI_COMPRESSION_TYPE_XPRESS and rename
via 1dedffab8b7 librpc/ndr: Remove incorrect comment that ndr_compression.h is autogenerated
via 4e32ea15199 librpc: Remove incorrect NDR_COMPRESSION dependency from NDR_KRB5CCACHE
via 053aa516538 ndrdump: Allow a long string of hexidecimal digits as well as a hex dump for --hex-input
via e37f20fb36a lib/compression: Fix documentation of lzxpress_huffman_compress()
via 0ab5552c8c3 lib/compression: Add helper function lzxpress_huffman_max_compressed_size()
via 976dfc7585f pidl: Allow variable expansion (eg of a value() attribute) in compression_alg argument
via 2cba54ba30e selftest: Add python test that verifies that we can parse a PAC
via 03d9b7b8b64 librpc/idl: Explain why PAC_TYPE_CLIENT_CLAIMS_INFO is not directly decoded
via 6bd3b4528d4 s4:kdc: Split verifying a PAC out of updating it
via c0a2e8db677 third_party/heimdal_build: Remove MD2
via a87aae5292d third_party/heimdal: Import lorikeet-heimdal-202303200103 (commit 2ee541b5e963f7cffb1ec4acd1a8cc45426a9f28)
from f448a1649cf pyldb: Fix a copy&paste error, CID 1524512 DEADCODE
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit ea4be00361e5e532f6dfcbf46d90378995cb62d8
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Mar 29 15:01:15 2023 +1300
selftest: Add test parsing krb5 PAC claims via ndrdump
Including
* compressed claims
* plain (uncompressed) claims
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Fri Mar 31 02:50:30 UTC 2023 on atb-devel-224
commit f951c3b35dc048408ed72938db00eb157d5f7e57
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Mar 30 10:56:49 2023 +1300
sefltest: Extend python NDR parsing tests to compressed and uncompressed claims
This confirms that the compression is transparent and that the
values from a PAC with claims provided by MS Windows are parsed
correctly.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 2d2f68236e6d34d96dc6bdceb13ff54bedde46fb
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Mar 16 19:06:04 2023 +1300
librpc/ndr: Use libndr compression for claims
This ensures our python layer and C layer (in the KDC, when implementated)
use the same compression logic and so allows us to test the production
compression via the IDL-generated interfaces.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit c6981f60549c497d401c4c4173dc362f083791d7
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Mar 29 11:49:43 2023 +1300
librpc/ndr: Make ndr_push_compression_state_free() a talloc destructor
This means that the generic_mszip_free() will still be called on failure.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 0ef71cf1524e855b0ae17051b054ef27d1c95717
Author: Andrew Bartlett <abartlet at samba.org>
Date: Wed Mar 29 11:43:10 2023 +1300
pidl: Automatically manage creating and freeing the compression state in generated code
Manually written code will handle this differently, but for generated code
this will create and free the context.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 327c84cf8701437324410068ab8e9a6efba24345
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Mar 28 18:26:13 2023 +1300
librpc/ndr: Implement lzxpress_huffman() compression in libndr for Kerberos Claims
Rather than just pick the next value we re-arrange compression values
in libndr to be memnonic to values in MS Windows ntifs.h
This helps avoid confusing developers who compare these
algorithms with local the MS Windows interface.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit c85cadf195208adb9bc204fdbc15f665cdb3d65d
Author: Andrew Bartlett <abartlet at samba.org>
Date: Thu Mar 16 19:05:39 2023 +1300
librpc/ndr: Add a "NONE" compression format to libndr
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit b95117dc56e185c8825752b1129ac704f832ce04
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Mar 28 18:31:45 2023 +1300
libndr/ndr: Remove unused argument from ndr_push_compression_{start,end}()
Removing the unused arguments avoids thier value being calculated in the
PIDL generated code, which can be expensive.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 8c58da347c22eaceb95a3c4009bcdbccfd88fce0
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Mar 28 18:35:10 2023 +1300
libndr/ndr: Add NDR_COMPRESSION_INVALID
This will help make a mapping from wire-specified compression
algorithms to our available choices safer by allowing an invalid
choice to map to NDR_COMPRESSION_INVALID
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 937bf4b8365d6f99c34d83d11975d43d41ba5790
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Mar 17 13:10:09 2023 +1300
librpc/ndr: Unimplement DRSUAPI_COMPRESSION_TYPE_XPRESS and rename
DRSUAPI_COMPRESSION_TYPE_XPRESS is not MS-XCA nor is it implemented by
lzexpress_compress(), so disconnect from that algorithm.
This avoids someone fixing lzxpress_compress() to work for DRSUAPI
and breaking claims support.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 1dedffab8b7e57b611fca3be58b302846fb8e3a7
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Mar 24 14:59:55 2023 +1300
librpc/ndr: Remove incorrect comment that ndr_compression.h is autogenerated
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 4e32ea151999798297d36c86f19b674dae7f47af
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Mar 27 11:26:31 2023 +1300
librpc: Remove incorrect NDR_COMPRESSION dependency from NDR_KRB5CCACHE
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 053aa5165384e5f31a96a630bb28197661b39337
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Mar 28 11:38:15 2023 +1300
ndrdump: Allow a long string of hexidecimal digits as well as a hex dump for --hex-input
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit e37f20fb36a1bda3e121dba5d8042efeb84ed7e3
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Mar 28 15:10:39 2023 +1300
lib/compression: Fix documentation of lzxpress_huffman_compress()
The "inconvenience function" takes one type, and converts it to another
but the documentation was not updated.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 0ab5552c8c32e7d7196b5a33eaa5533ccac53d0e
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Mar 28 15:42:39 2023 +1300
lib/compression: Add helper function lzxpress_huffman_max_compressed_size()
This allows the calculation of the worst case to be shared with callers.
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 976dfc7585fcce594f5e77c8bb8ccc9644625f95
Author: Andrew Bartlett <abartlet at samba.org>
Date: Fri Mar 24 15:00:33 2023 +1300
pidl: Allow variable expansion (eg of a value() attribute) in compression_alg argument
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 2cba54ba30e96dafb5a49f11defdb08efcc19590
Author: Andrew Bartlett <abartlet at samba.org>
Date: Mon Mar 27 14:19:51 2023 +1300
selftest: Add python test that verifies that we can parse a PAC
This give us a building block to test the PAC claims format
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 03d9b7b8b64242511257feca2794fe19271e03d6
Author: Andrew Bartlett <abartlet at samba.org>
Date: Tue Mar 28 11:33:22 2023 +1300
librpc/idl: Explain why PAC_TYPE_CLIENT_CLAIMS_INFO is not directly decoded
Signed-off-by: Andrew Bartlett <abartlet at samba.org>
Reviewed-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
commit 6bd3b4528d4b33c8f7ae6341d166bea3a06cd971
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Mar 20 14:51:53 2023 +1300
s4:kdc: Split verifying a PAC out of updating it
This is to adapt to the changed Heimdal KDC plugin API.
When we add support for device claims, we want to be able to verify the
PAC of the armor ticket without modifying or updating it. Previously, we
couldn't do this as the two operations were tightly intertwined. Now the
parts that only perform verification are split out into a new function,
samba_kdc_verify_pac().
NOTE: This commit finally works again!
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit c0a2e8db6775c218f2d5bedd2fd248969f19c552
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Jan 9 16:13:33 2023 +1300
third_party/heimdal_build: Remove MD2
This is to adapt to Heimdal:
commit 3a5e91eca26284661fd2294dfc485305e5d5cc3d
Author: Nicolas Williams <nico at twosigma.com>
Date: Tue Oct 25 22:20:45 2022 -0500
hcrypto: Remove MD2 with prejudice
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit a87aae5292d1c43b987dcfa77a51b6aa5aa3e004
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Mar 9 09:00:02 2023 +1300
third_party/heimdal: Import lorikeet-heimdal-202303200103 (commit 2ee541b5e963f7cffb1ec4acd1a8cc45426a9f28)
NOTE: THIS COMMIT WON'T COMPILE/WORK ON ITS OWN!
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
lib/compression/lzxpress_huffman.c | 27 +-
lib/compression/lzxpress_huffman.h | 8 +
librpc/idl/claims.idl | 42 +-
librpc/idl/drsuapi.idl | 14 +-
librpc/idl/krb5pac.idl | 8 +
librpc/ndr/libndr.h | 22 +-
librpc/ndr/ndr_cab.c | 7 +-
librpc/ndr/ndr_claims.c | 84 ++++
librpc/ndr/{ndr_xattr.h => ndr_claims.h} | 25 +-
librpc/ndr/ndr_compression.c | 241 +++++++++-
librpc/ndr/ndr_compression.h | 9 +-
librpc/ndr/ndr_drsuapi.c | 36 +-
librpc/tools/ndrdump.c | 2 +
librpc/wscript_build | 6 +-
pidl/lib/Parse/Pidl/Samba4/NDR/Parser.pm | 22 +-
python/samba/tests/blackbox/ndrdump.py | 43 +-
python/samba/tests/krb5/claims_in_pac.py | 327 +++++++++++++
python/samba/tests/krb5/raw_testcase.py | 18 +-
python/samba/tests/usage.py | 1 +
source3/libnet/libnet_dssync.c | 2 +-
source3/rpcclient/cmd_drsuapi.c | 2 +-
source4/dsdb/repl/drepl_out_helpers.c | 2 +-
source4/kdc/mit_samba.c | 28 +-
source4/kdc/pac-glue.c | 304 +++++++-----
source4/kdc/pac-glue.h | 19 +-
source4/kdc/wdc-samba4.c | 137 ++++--
source4/libnet/libnet_become_dc.c | 2 +-
source4/librpc/tests/claims_CLAIMS_SET_NDR.dat | 23 +
source4/librpc/tests/claims_CLAIMS_SET_NDR.txt | 55 +++
source4/librpc/tests/compressed_claims.txt | 96 ++++
source4/librpc/tests/uncompressed_claims.txt | 66 +++
source4/selftest/tests.py | 1 +
source4/torture/drs/rpc/dssync.c | 2 +-
third_party/heimdal/.github/workflows/coverity.yml | 20 +-
.../workflows/{linux.yml => linux-mit-interop.yml} | 75 +--
.../.github/workflows/{linux.yml => ubsan.yml} | 37 +-
third_party/heimdal/NEWS | 342 ++++++++++++++
third_party/heimdal/admin/NTMakefile | 1 +
third_party/heimdal/admin/add.c | 2 +
third_party/heimdal/admin/get.c | 3 +-
third_party/heimdal/admin/list.c | 1 -
third_party/heimdal/appl/gssmask/common.c | 2 +-
third_party/heimdal/appl/test/gssapi_server.c | 3 +
third_party/heimdal/appl/test/http_client.c | 4 +
third_party/heimdal/cf/broken-realloc.m4 | 8 +-
third_party/heimdal/cf/crypto.m4 | 17 +
third_party/heimdal/cf/roken-frag.m4 | 16 +-
third_party/heimdal/cf/sunos.m4 | 1 +
third_party/heimdal/configure.ac | 7 +
third_party/heimdal/doc/Makefile.am | 4 +-
third_party/heimdal/doc/whatis.texi | 26 +-
third_party/heimdal/include/config.h.w32 | 4 +
third_party/heimdal/include/hcrypto/Makefile.am | 1 -
third_party/heimdal/kadmin/Makefile.am | 1 +
third_party/heimdal/kadmin/ank.c | 9 +-
third_party/heimdal/kadmin/cpw.c | 9 +-
third_party/heimdal/kadmin/get.c | 10 +-
third_party/heimdal/kadmin/kadmin.c | 7 +-
third_party/heimdal/kadmin/kadmind.c | 92 ++++
third_party/heimdal/kadmin/mod.c | 1 +
third_party/heimdal/kadmin/rpc.c | 1 +
third_party/heimdal/kdc/Makefile.am | 15 +-
third_party/heimdal/kdc/bx509d.c | 173 +++++--
third_party/heimdal/kdc/fast.c | 6 +-
third_party/heimdal/kdc/hpropd.c | 38 +-
third_party/heimdal/kdc/httpkadmind.c | 33 +-
third_party/heimdal/kdc/ipc_csr_authorizer.c | 291 ++++++++++--
third_party/heimdal/kdc/kdc-plugin.c | 66 ++-
third_party/heimdal/kdc/kdc-plugin.h | 28 +-
third_party/heimdal/kdc/kdc-tester.c | 7 +-
third_party/heimdal/kdc/kerberos5.c | 8 +-
third_party/heimdal/kdc/krb5tgs.c | 94 ++--
third_party/heimdal/kdc/misc.c | 2 +
third_party/heimdal/kdc/mit_dump.c | 4 +-
third_party/heimdal/kdc/mssfu.c | 20 +
third_party/heimdal/kdc/pkinit-ec.c | 350 +++++++++++---
third_party/heimdal/kdc/simple_csr_authorizer.c | 343 --------------
third_party/heimdal/kdc/test_csr_authorizer.c | 513 ++++++++++++++++++++-
third_party/heimdal/kdc/test_token_validator.c | 2 +-
third_party/heimdal/kpasswd/kpasswdd.c | 13 +-
third_party/heimdal/krb5.conf | 5 +
third_party/heimdal/kuser/NTMakefile | 1 +
third_party/heimdal/lib/asn1/asn1parse.y | 4 +-
third_party/heimdal/lib/asn1/check-der.c | 13 +-
third_party/heimdal/lib/asn1/check-gen.c | 59 +++
third_party/heimdal/lib/asn1/der.h | 2 +-
third_party/heimdal/lib/asn1/der_cmp.c | 156 +++++--
third_party/heimdal/lib/asn1/der_copy.c | 8 +-
third_party/heimdal/lib/asn1/der_get.c | 48 +-
third_party/heimdal/lib/asn1/der_length.c | 4 +-
third_party/heimdal/lib/asn1/der_print.c | 2 +-
third_party/heimdal/lib/asn1/der_put.c | 40 +-
third_party/heimdal/lib/asn1/gen.c | 48 +-
third_party/heimdal/lib/asn1/gen_free.c | 3 +-
third_party/heimdal/lib/asn1/gen_template.c | 2 +-
third_party/heimdal/lib/asn1/main.c | 2 +-
third_party/heimdal/lib/asn1/symbol.h | 1 +
third_party/heimdal/lib/asn1/template.c | 41 +-
third_party/heimdal/lib/base/Makefile.am | 2 +
third_party/heimdal/lib/base/context.c | 2 +-
third_party/heimdal/lib/base/db.c | 5 +-
third_party/heimdal/lib/base/dll.c | 14 +-
third_party/heimdal/lib/base/error.c | 3 +
third_party/heimdal/lib/base/heimbase-atomics.h | 247 +++++++---
third_party/heimdal/lib/base/heimbase.c | 75 +--
third_party/heimdal/lib/base/heimbase.h | 183 +-------
third_party/heimdal/lib/base/json.c | 2 +-
third_party/heimdal/lib/base/log.c | 10 +-
third_party/heimdal/lib/base/test_base.c | 80 ++++
third_party/heimdal/lib/base/version-script.map | 1 +
third_party/heimdal/lib/gssapi/gss-token.c | 8 +-
third_party/heimdal/lib/gssapi/krb5/8003.c | 60 +--
third_party/heimdal/lib/gssapi/krb5/arcfour.c | 12 +-
third_party/heimdal/lib/gssapi/krb5/cfx.c | 38 +-
third_party/heimdal/lib/gssapi/krb5/creds.c | 7 +-
.../heimdal/lib/gssapi/krb5/duplicate_cred.c | 11 +-
.../heimdal/lib/gssapi/krb5/init_sec_context.c | 11 +-
.../lib/gssapi/krb5/inquire_sec_context_by_oid.c | 14 +-
third_party/heimdal/lib/gssapi/krb5/prf.c | 2 +-
third_party/heimdal/lib/gssapi/krb5/unwrap.c | 4 +-
third_party/heimdal/lib/gssapi/krb5/verify_mic.c | 4 +-
.../lib/gssapi/mech/gss_accept_sec_context.c | 34 +-
third_party/heimdal/lib/gssapi/mech/gss_krb5.c | 19 +-
third_party/heimdal/lib/gssapi/mech/gss_mo.c | 6 +-
third_party/heimdal/lib/gssapi/mech/gss_utils.c | 59 ++-
third_party/heimdal/lib/gssapi/mech/mech_locl.h | 1 +
third_party/heimdal/lib/gssapi/mech/utils.h | 5 +
third_party/heimdal/lib/gssapi/ntlm/crypto.c | 55 +--
third_party/heimdal/lib/gssapi/ntlm/kdc.c | 2 +-
third_party/heimdal/lib/gssapi/ntlm/ntlm.h | 1 +
third_party/heimdal/lib/gssapi/sanon/export_cred.c | 40 +-
.../heimdal/lib/gssapi/spnego/context_storage.c | 14 +-
.../heimdal/lib/gssapi/spnego/negoex_util.c | 9 +-
third_party/heimdal/lib/gssapi/test_context.c | 28 +-
third_party/heimdal/lib/hcrypto/Makefile.am | 5 +-
third_party/heimdal/lib/hcrypto/NTMakefile | 2 -
third_party/heimdal/lib/hcrypto/des.c | 16 +-
third_party/heimdal/lib/hcrypto/engine.h | 2 +-
third_party/heimdal/lib/hcrypto/evp-cc.c | 26 --
third_party/heimdal/lib/hcrypto/evp-cc.h | 2 -
third_party/heimdal/lib/hcrypto/evp-hcrypto.c | 23 -
third_party/heimdal/lib/hcrypto/evp-hcrypto.h | 2 -
third_party/heimdal/lib/hcrypto/evp-openssl.c | 35 +-
third_party/heimdal/lib/hcrypto/evp-openssl.h | 2 -
third_party/heimdal/lib/hcrypto/evp-pkcs11.c | 1 -
third_party/heimdal/lib/hcrypto/evp-pkcs11.h | 4 -
third_party/heimdal/lib/hcrypto/evp-w32.c | 1 -
third_party/heimdal/lib/hcrypto/evp-w32.h | 2 -
third_party/heimdal/lib/hcrypto/evp-wincng.c | 2 -
third_party/heimdal/lib/hcrypto/evp-wincng.h | 2 -
third_party/heimdal/lib/hcrypto/evp.c | 103 +++--
third_party/heimdal/lib/hcrypto/evp.h | 4 +-
third_party/heimdal/lib/hcrypto/hmac.c | 5 +-
.../heimdal/lib/hcrypto/libhcrypto-exports.def | 9 -
.../heimdal/lib/hcrypto/libtommath/bn_mp_log_u32.c | 11 +
.../lib/hcrypto/libtommath/bn_mp_prime_rand.c | 2 +-
.../lib/hcrypto/libtommath/bn_mp_root_u32.c | 3 +
third_party/heimdal/lib/hcrypto/md2.c | 138 ------
third_party/heimdal/lib/hcrypto/md2.h | 63 ---
third_party/heimdal/lib/hcrypto/mdtest.c | 72 +--
third_party/heimdal/lib/hcrypto/pkcs5.c | 3 +-
third_party/heimdal/lib/hcrypto/rand-fortuna.c | 3 +-
third_party/heimdal/lib/hcrypto/rsa-ltm.c | 16 +-
third_party/heimdal/lib/hcrypto/test_bulk.c | 3 -
third_party/heimdal/lib/hcrypto/test_cipher.c | 6 -
third_party/heimdal/lib/hcrypto/test_crypto.in | 10 +-
third_party/heimdal/lib/hcrypto/undef.h | 2 -
third_party/heimdal/lib/hcrypto/version-script.map | 8 -
third_party/heimdal/lib/hdb/common.c | 1 +
third_party/heimdal/lib/hdb/hdb.c | 2 +-
third_party/heimdal/lib/hx509/ca.c | 4 +-
third_party/heimdal/lib/hx509/cert.c | 61 ++-
third_party/heimdal/lib/hx509/collector.c | 10 +
third_party/heimdal/lib/hx509/crypto-ec.c | 507 ++++++++++++++++----
third_party/heimdal/lib/hx509/crypto.c | 46 +-
third_party/heimdal/lib/hx509/hx509.h | 1 +
third_party/heimdal/lib/hx509/hxtool-commands.in | 15 +
third_party/heimdal/lib/hx509/hxtool.1 | 235 ++++++++--
third_party/heimdal/lib/hx509/hxtool.c | 61 ++-
third_party/heimdal/lib/hx509/ks_file.c | 8 +
third_party/heimdal/lib/hx509/ks_p12.c | 22 +-
third_party/heimdal/lib/hx509/libhx509-exports.def | 12 +
third_party/heimdal/lib/hx509/req.c | 8 +-
third_party/heimdal/lib/hx509/revoke.c | 9 +-
third_party/heimdal/lib/hx509/test_req.in | 30 +-
third_party/heimdal/lib/hx509/version-script.map | 8 +
third_party/heimdal/lib/ipc/Makefile.am | 4 +
third_party/heimdal/lib/ipc/server.c | 11 +-
third_party/heimdal/lib/kadm5/Makefile.am | 5 +-
third_party/heimdal/lib/kadm5/create_s.c | 6 +-
.../kadm5/fuzz-inputs-bin/test_marshall-ent0.bin | Bin 0 -> 191 bytes
.../kadm5/fuzz-inputs-bin/test_marshall-ent1.bin | Bin 0 -> 139 bytes
.../fuzz-inputs-packed/test_marshall-ent0.bin | Bin 0 -> 65 bytes
.../fuzz-inputs-packed/test_marshall-ent1.bin | Bin 0 -> 46 bytes
.../kadm5/fuzz-inputs-txt/test_marshall-ent0.txt | 101 ++++
.../kadm5/fuzz-inputs-txt/test_marshall-ent1.txt | 54 +++
third_party/heimdal/lib/kadm5/get_princs_c.c | 14 +-
third_party/heimdal/lib/kadm5/ipropd_master.c | 59 ++-
third_party/heimdal/lib/kadm5/log.c | 24 +-
third_party/heimdal/lib/kadm5/marshall.c | 492 +++++++++++++++++++-
.../heimdal/lib/kadm5/version-script-client.map | 3 +
third_party/heimdal/lib/krb5/aes-test.c | 6 +-
third_party/heimdal/lib/krb5/aname_to_localname.c | 3 +-
third_party/heimdal/lib/krb5/context.c | 2 +-
third_party/heimdal/lib/krb5/crypto-evp.c | 7 +-
third_party/heimdal/lib/krb5/dcache.c | 13 +-
third_party/heimdal/lib/krb5/fast.c | 13 +-
third_party/heimdal/lib/krb5/fcache.c | 2 +-
third_party/heimdal/lib/krb5/get_host_realm.c | 28 +-
third_party/heimdal/lib/krb5/init_creds_pw.c | 75 +--
third_party/heimdal/lib/krb5/kcm.c | 2 +-
third_party/heimdal/lib/krb5/krb5.conf.5 | 20 +-
third_party/heimdal/lib/krb5/krb5_locl.h | 1 +
third_party/heimdal/lib/krb5/krbhst.c | 9 +-
.../heimdal/lib/krb5/libkrb5-exports.def.in | 2 +
third_party/heimdal/lib/krb5/pac.c | 26 ++
third_party/heimdal/lib/krb5/pkinit-ec.c | 73 +++
third_party/heimdal/lib/krb5/pkinit.c | 75 ++-
third_party/heimdal/lib/krb5/principal.c | 12 +-
third_party/heimdal/lib/krb5/rd_req.c | 9 +-
third_party/heimdal/lib/krb5/recvauth.c | 5 +
third_party/heimdal/lib/krb5/salt-aes-sha2.c | 5 +-
third_party/heimdal/lib/krb5/salt-des.c | 3 +-
third_party/heimdal/lib/krb5/salt-des3.c | 3 +-
third_party/heimdal/lib/krb5/scache.c | 3 +
third_party/heimdal/lib/krb5/sendauth.c | 20 +-
third_party/heimdal/lib/krb5/store.c | 37 +-
third_party/heimdal/lib/krb5/store_emem.c | 20 +-
third_party/heimdal/lib/krb5/store_fd.c | 2 +-
third_party/heimdal/lib/krb5/store_mem.c | 4 +-
third_party/heimdal/lib/krb5/store_sock.c | 9 +-
third_party/heimdal/lib/krb5/store_stdio.c | 9 +-
third_party/heimdal/lib/krb5/version-script.map | 2 +
third_party/heimdal/lib/otp/otp_db.c | 2 +-
third_party/heimdal/lib/roken/Makefile.am | 3 +
third_party/heimdal/lib/roken/base32.c | 6 +-
third_party/heimdal/lib/roken/base64.c | 26 +-
third_party/heimdal/lib/roken/closefrom.c | 2 +-
third_party/heimdal/lib/roken/dumpdata.c | 157 ++++++-
third_party/heimdal/lib/roken/getauxval.c | 12 +-
third_party/heimdal/lib/roken/getifaddrs.c | 7 +-
third_party/heimdal/lib/roken/hex.c | 8 +-
third_party/heimdal/lib/roken/ifaddrs.hin | 4 +-
third_party/heimdal/lib/roken/issuid.c | 8 +-
third_party/heimdal/lib/roken/mergesort_r.c | 9 +-
third_party/heimdal/lib/roken/mkdtemp.c | 3 +-
third_party/heimdal/lib/roken/roken-common.h | 7 +-
third_party/heimdal/lib/roken/roken.awk | 8 +
third_party/heimdal/lib/roken/roken.h.in | 80 +++-
third_party/heimdal/lib/roken/snprintf.c | 36 +-
third_party/heimdal/lib/roken/socket.c | 5 +-
third_party/heimdal/lib/roken/test-auxval.c | 17 +-
third_party/heimdal/lib/roken/timeval.c | 4 +-
third_party/heimdal/lib/roken/version-script.map | 3 +
third_party/heimdal/lib/roken/write_pid.c | 14 +-
third_party/heimdal/lib/sl/sl.c | 39 +-
third_party/heimdal/lib/wind/idn-lookup.c | 17 +-
.../heimdal/packages/windows/sdk/NTMakefile | 1 -
third_party/heimdal/tests/bin/setup-env.in | 1 +
third_party/heimdal/tests/kdc/Makefile.am | 6 +-
third_party/heimdal/tests/kdc/check-bx509.in | 275 ++++++++---
third_party/heimdal/tests/kdc/check-fast.in | 12 +-
third_party/heimdal/tests/kdc/check-httpkadmind.in | 103 +++--
third_party/heimdal/tests/kdc/check-pkinit.in | 5 +
third_party/heimdal/tests/kdc/krb5-bx509.conf.in | 5 -
.../heimdal/tests/kdc/krb5-httpkadmind.conf.in | 4 -
third_party/heimdal/tests/kdc/krb5-pkinit.conf.in | 4 +-
third_party/heimdal/tests/plugin/kdc_test_plugin.c | 12 +-
third_party/heimdal_build/crypto-headers.h | 1 -
third_party/heimdal_build/wscript_build | 2 +-
270 files changed, 7170 insertions(+), 2537 deletions(-)
create mode 100644 librpc/ndr/ndr_claims.c
copy librpc/ndr/{ndr_xattr.h => ndr_claims.h} (53%)
create mode 100755 python/samba/tests/krb5/claims_in_pac.py
create mode 100644 source4/librpc/tests/claims_CLAIMS_SET_NDR.dat
create mode 100644 source4/librpc/tests/claims_CLAIMS_SET_NDR.txt
create mode 100644 source4/librpc/tests/compressed_claims.txt
create mode 100644 source4/librpc/tests/uncompressed_claims.txt
copy third_party/heimdal/.github/workflows/{linux.yml => linux-mit-interop.yml} (76%)
copy third_party/heimdal/.github/workflows/{linux.yml => ubsan.yml} (78%)
delete mode 100644 third_party/heimdal/kdc/simple_csr_authorizer.c
delete mode 100644 third_party/heimdal/lib/hcrypto/md2.c
delete mode 100644 third_party/heimdal/lib/hcrypto/md2.h
create mode 100644 third_party/heimdal/lib/kadm5/fuzz-inputs-bin/test_marshall-ent0.bin
create mode 100644 third_party/heimdal/lib/kadm5/fuzz-inputs-bin/test_marshall-ent1.bin
create mode 100644 third_party/heimdal/lib/kadm5/fuzz-inputs-packed/test_marshall-ent0.bin
create mode 100644 third_party/heimdal/lib/kadm5/fuzz-inputs-packed/test_marshall-ent1.bin
create mode 100644 third_party/heimdal/lib/kadm5/fuzz-inputs-txt/test_marshall-ent0.txt
create mode 100644 third_party/heimdal/lib/kadm5/fuzz-inputs-txt/test_marshall-ent1.txt
Changeset truncated at 500 lines:
diff --git a/lib/compression/lzxpress_huffman.c b/lib/compression/lzxpress_huffman.c
index 3eac8e3b2b6..ee0fa2c83e6 100644
--- a/lib/compression/lzxpress_huffman.c
+++ b/lib/compression/lzxpress_huffman.c
@@ -1210,6 +1210,21 @@ static ssize_t lzx_huffman_compress_block(struct lzxhuff_compressor_context *cmp
return bytes_written;
}
+/*
+ * lzxpress_huffman_max_compressed_size()
+ *
+ * Return the most bytes the compression can take, to allow
+ * pre-allocation.
+ */
+size_t lzxpress_huffman_max_compressed_size(size_t input_size)
+{
+ /*
+ * In the worst case, the output size should be about the same as the
+ * input size, plus the 256 byte header per 64k block. We aim for
+ * ample, but within the order of magnitude.
+ */
+ return input_size + (input_size / 8) + 270;
+}
/*
* lzxpress_huffman_compress_talloc()
@@ -1236,12 +1251,8 @@ ssize_t lzxpress_huffman_compress_talloc(TALLOC_CTX *mem_ctx,
uint8_t **output)
{
struct lzxhuff_compressor_mem *cmp = NULL;
- /*
- * In the worst case, the output size should be about the same as the
- * input size, plus the 256 byte header per 64k block. We aim for
- * ample, but within the order of magnitude.
- */
- size_t alloc_size = input_size + (input_size / 8) + 270;
+ size_t alloc_size = lzxpress_huffman_max_compressed_size(input_size);
+
ssize_t output_size;
*output = talloc_array(mem_ctx, uint8_t, alloc_size);
@@ -1283,11 +1294,11 @@ ssize_t lzxpress_huffman_compress_talloc(TALLOC_CTX *mem_ctx,
* lzxpress_huffman_compress_talloc().
*
* To use this, you need to have allocated (but not initialised) a `struct
- * lzxhuff_compressor_context`, and an output buffer. If the buffer is not big
+ * lzxhuff_compressor_mem`, and an output buffer. If the buffer is not big
* enough (per `output_size`), you'll get a negative return value, otherwise
* the number of bytes actually consumed, which will always be at least 260.
*
- * The `struct lzxhuff_compressor_context` is reusable -- it is basically a
+ * The `struct lzxhuff_compressor_mem` is reusable -- it is basically a
* collection of uninitialised memory buffers. The total size is less than
* 150k, so stack allocation is plausible.
*
diff --git a/lib/compression/lzxpress_huffman.h b/lib/compression/lzxpress_huffman.h
index 04de448bcce..232e58920f5 100644
--- a/lib/compression/lzxpress_huffman.h
+++ b/lib/compression/lzxpress_huffman.h
@@ -83,5 +83,13 @@ uint8_t *lzxpress_huffman_decompress_talloc(TALLOC_CTX *mem_ctx,
size_t input_size,
size_t output_size);
+/*
+ * lzxpress_huffman_max_compressed_size()
+ *
+ * Return the most bytes the compression can take, to allow
+ * pre-allocation.
+ */
+size_t lzxpress_huffman_max_compressed_size(size_t input_size);
+
#endif /* HAVE_LZXPRESS_HUFFMAN_H */
diff --git a/librpc/idl/claims.idl b/librpc/idl/claims.idl
index ed84cd772c1..388965a4239 100644
--- a/librpc/idl/claims.idl
+++ b/librpc/idl/claims.idl
@@ -19,13 +19,16 @@
uuid("bba9cb76-eb0c-462c-aa1b-5d8c34415701"),
version(1.0),
pointer_default(unique),
- helpstring("Active Directory Claims")
+ helpstring("Active Directory Claims"),
+ helper("../librpc/ndr/ndr_claims.h")
]
interface claims
{
#define wchar_t uint16
#define CLAIM_ID [string, charset(UTF16)] wchar_t *
+ const int CLAIM_MINIMUM_BYTES_TO_COMPRESS = 384;
+
typedef enum {
CLAIM_TYPE_INT64 = 1,
CLAIM_TYPE_UINT64 = 2,
@@ -98,7 +101,7 @@ interface claims
[size_is(reserved_field_size)] uint8 *reserved_field;
} CLAIMS_SET;
- typedef [public] struct {
+ typedef [public, gensize] struct {
[subcontext(0xFFFFFC01)] CLAIMS_SET_CTR claims;
} CLAIMS_SET_NDR;
@@ -107,10 +110,37 @@ interface claims
} CLAIMS_SET_METADATA_NDR;
typedef [public] struct {
- uint32 claims_set_size;
- [size_is(claims_set_size)] uint8 *claims_set;
- CLAIMS_COMPRESSION_FORMAT compression_format;
- uint32 uncompressed_claims_set_size;
+ [value(ndr_claims_compressed_size(claims_set,
+ r->compression_format,
+ ndr->flags))] uint32 claims_set_size;
+ [subcontext(4),
+ compression(ndr_claims_compression_alg(compression_format),
+ claims_set_size,
+ uncompressed_claims_set_size)
+ ] CLAIMS_SET_NDR *claims_set;
+ /*
+ * The second argument to
+ * ndr_claims_actual_wire_compression_alg() in the
+ * value() below should be
+ * uncompressed_claims_set_size but the value()
+ * handling isn't recursive (enough) so we have to
+ * specify that manually otherwise the
+ * compression_format in the above includes the struct
+ * member, not the value()
+ *
+ * The caller should set compression_format to
+ * CLAIMS_COMPRESSION_FORMAT_XPRESS_HUFF and this will
+ * be reset to CLAIMS_COMPRESSION_FORMAT_NONE if the
+ * buffer is not large enough to compress.
+ *
+ * Otherwise setting CLAIMS_COMPRESSION_FORMAT_NONE
+ * disabled compression entirely.
+ */
+ [value(ndr_claims_actual_wire_compression_alg(r->compression_format,
+ ndr_size_CLAIMS_SET_NDR(claims_set,
+ ndr->flags)))] CLAIMS_COMPRESSION_FORMAT compression_format;
+ [value(ndr_size_CLAIMS_SET_NDR(claims_set,
+ ndr->flags))] uint32 uncompressed_claims_set_size;
uint16 reserved_type;
uint32 reserved_field_size;
[size_is(reserved_field_size)] uint8 *reserved_field;
diff --git a/librpc/idl/drsuapi.idl b/librpc/idl/drsuapi.idl
index 59a795a74e3..a45855be12c 100644
--- a/librpc/idl/drsuapi.idl
+++ b/librpc/idl/drsuapi.idl
@@ -790,28 +790,28 @@ interface drsuapi
uint32 decompressed_length;
uint32 compressed_length;
[subcontext(4),subcontext_size(compressed_length),
- compression(NDR_COMPRESSION_XPRESS,compressed_length,decompressed_length)]
+ compression(NDR_COMPRESSION_WIN2K3_LZ77_DIRECT2,compressed_length,decompressed_length)]
drsuapi_DsGetNCChangesCtr1TS *ts;
- } drsuapi_DsGetNCChangesXPRESSCtr1;
+ } drsuapi_DsGetNCChangesWIN2K3_LZ77_DIRECT2Ctr1;
typedef [nopush] struct {
uint32 decompressed_length;
uint32 compressed_length;
[subcontext(4),subcontext_size(compressed_length),
- compression(NDR_COMPRESSION_XPRESS,compressed_length,decompressed_length)]
+ compression(NDR_COMPRESSION_WIN2K3_LZ77_DIRECT2,compressed_length,decompressed_length)]
drsuapi_DsGetNCChangesCtr6TS *ts;
- } drsuapi_DsGetNCChangesXPRESSCtr6;
+ } drsuapi_DsGetNCChangesWIN2K3_LZ77_DIRECT2Ctr6;
typedef [enum16bit] enum {
DRSUAPI_COMPRESSION_TYPE_MSZIP = 2,
- DRSUAPI_COMPRESSION_TYPE_XPRESS = 3
+ DRSUAPI_COMPRESSION_TYPE_WIN2K3_LZ77_DIRECT2 = 3 /* CompressOrDecompressWin2k3 DRS_COMP_ALG_WIN2K3 */
} drsuapi_DsGetNCChangesCompressionType;
typedef [nodiscriminant,flag(NDR_PAHEX)] union {
[case(1|(DRSUAPI_COMPRESSION_TYPE_MSZIP<<16))] drsuapi_DsGetNCChangesMSZIPCtr1 mszip1;
[case(6|(DRSUAPI_COMPRESSION_TYPE_MSZIP<<16))] drsuapi_DsGetNCChangesMSZIPCtr6 mszip6;
- [case(1|(DRSUAPI_COMPRESSION_TYPE_XPRESS<<16))] drsuapi_DsGetNCChangesXPRESSCtr1 xpress1;
- [case(6|(DRSUAPI_COMPRESSION_TYPE_XPRESS<<16))] drsuapi_DsGetNCChangesXPRESSCtr6 xpress6;
+ [case(1|(DRSUAPI_COMPRESSION_TYPE_WIN2K3_LZ77_DIRECT2<<16))] drsuapi_DsGetNCChangesWIN2K3_LZ77_DIRECT2Ctr1 xpress1;
+ [case(6|(DRSUAPI_COMPRESSION_TYPE_WIN2K3_LZ77_DIRECT2<<16))] drsuapi_DsGetNCChangesWIN2K3_LZ77_DIRECT2Ctr6 xpress6;
} drsuapi_DsGetNCChangesCompressedCtr;
typedef struct {
diff --git a/librpc/idl/krb5pac.idl b/librpc/idl/krb5pac.idl
index 6655e2ff5b7..77189bb929b 100644
--- a/librpc/idl/krb5pac.idl
+++ b/librpc/idl/krb5pac.idl
@@ -194,6 +194,14 @@ interface krb5pac
[case(PAC_TYPE_TICKET_CHECKSUM)] PAC_SIGNATURE_DATA ticket_checksum;
[case(PAC_TYPE_ATTRIBUTES_INFO)] PAC_ATTRIBUTES_INFO attributes_info;
[case(PAC_TYPE_REQUESTER_SID)] PAC_REQUESTER_SID requester_sid;
+ /*
+ * [subcontext(0)] and DATA_BLOB_REM is used as in
+ * PAC_TYPE_CLIENT_CLAIMS_INFO
+ * PAC_TYPE_DEVICE_CLAIMS_INFO as Windows will
+ * sometimes send an empty buffer (presumably to avoid
+ * the overhead of the header around the claims) if
+ * there are no claims to send
+ */
[case(PAC_TYPE_CLIENT_CLAIMS_INFO)][subcontext(0)] DATA_BLOB_REM client_claims_info;
[case(PAC_TYPE_DEVICE_INFO)][subcontext(0xFFFFFC01)] PAC_DEVICE_INFO_CTR device_info;
[case(PAC_TYPE_DEVICE_CLAIMS_INFO)][subcontext(0)] DATA_BLOB_REM device_claims_info;
diff --git a/librpc/ndr/libndr.h b/librpc/ndr/libndr.h
index 98f8ff870d2..556d17f68c7 100644
--- a/librpc/ndr/libndr.h
+++ b/librpc/ndr/libndr.h
@@ -289,10 +289,26 @@ enum ndr_err_code {
} \
} while (0)
+/*
+ * Values here are chosen to be distinct from but recognisable as the
+ * values in ntifs.h and claims.idl
+ */
enum ndr_compression_alg {
- NDR_COMPRESSION_MSZIP_CAB = 1,
- NDR_COMPRESSION_MSZIP = 2,
- NDR_COMPRESSION_XPRESS = 3
+ NDR_COMPRESSION_NONE = 0, /* 0x00 in ntifs.h */
+ NDR_COMPRESSION_XPRESS_LZNT1 = 102, /* MS-XCA 0x02 in ntifs.h
+ * (Unimplemented)
+ */
+ NDR_COMPRESSION_XPRESS_RAW = 103, /* MS-XCA 0x03 in ntifs.h
+ * (implemented in
+ * lib/compression but
+ * not connected to libndr)
+ */
+ NDR_COMPRESSION_XPRESS_HUFF_RAW = 104, /* MS-XCA 0x04 in ntifs.h */
+ NDR_COMPRESSION_MSZIP_CAB = 201,
+ NDR_COMPRESSION_MSZIP = 202,
+ NDR_COMPRESSION_XPRESS = 203,
+ NDR_COMPRESSION_WIN2K3_LZ77_DIRECT2 = 204, /* Unimplemented */
+ NDR_COMPRESSION_INVALID = 255,
};
/*
diff --git a/librpc/ndr/ndr_cab.c b/librpc/ndr/ndr_cab.c
index 476e21cd417..ac8565fd1e0 100644
--- a/librpc/ndr/ndr_cab.c
+++ b/librpc/ndr/ndr_cab.c
@@ -190,10 +190,10 @@ static enum ndr_err_code ndr_push_folder_cfdata(struct ndr_push *ndr,
/* compress via subcontext */
NDR_CHECK(ndr_push_subcontext_start(ndr, &push_sub, 0, -1));
push_sub->cstate = ndr->cstate;
- NDR_CHECK(ndr_push_compression_start(push_sub, &push_compress, ndr_ctype, -1));
+ NDR_CHECK(ndr_push_compression_start(push_sub, &push_compress, ndr_ctype));
ndr_set_flags(&push_compress->flags, LIBNDR_FLAG_REMAINING);
NDR_CHECK(ndr_push_DATA_BLOB(push_compress, NDR_SCALARS, r->ab));
- NDR_CHECK(ndr_push_compression_end(push_sub, push_compress, ndr_ctype, -1));
+ NDR_CHECK(ndr_push_compression_end(push_sub, push_compress, ndr_ctype));
NDR_CHECK(ndr_push_subcontext_end(ndr, push_sub, 0, -1));
compressed_length = push_sub->offset;
@@ -236,8 +236,7 @@ static enum ndr_err_code ndr_push_folder_cfdata(struct ndr_push *ndr,
SIVAL(ndr->data, csum_offset, csum);
}
- ndr_push_compression_state_free(ndr->cstate);
- ndr->cstate = NULL;
+ TALLOC_FREE(ndr->cstate);
return NDR_ERR_SUCCESS;
}
diff --git a/librpc/ndr/ndr_claims.c b/librpc/ndr/ndr_claims.c
new file mode 100644
index 00000000000..fbfe612fbf4
--- /dev/null
+++ b/librpc/ndr/ndr_claims.c
@@ -0,0 +1,84 @@
+#include "includes.h"
+#include "bin/default/librpc/gen_ndr/ndr_claims.h"
+#include "librpc/ndr/ndr_claims.h"
+
+#include "librpc/ndr/ndr_compression.h"
+#include "lib/compression/lzxpress_huffman.h"
+
+enum ndr_compression_alg ndr_claims_compression_alg(enum CLAIMS_COMPRESSION_FORMAT wire_alg)
+{
+ switch (wire_alg) {
+ case CLAIMS_COMPRESSION_FORMAT_NONE:
+ return NDR_COMPRESSION_NONE;
+
+ case CLAIMS_COMPRESSION_FORMAT_LZNT1:
+ return NDR_COMPRESSION_INVALID;
+
+ case CLAIMS_COMPRESSION_FORMAT_XPRESS:
+ return NDR_COMPRESSION_INVALID;
+
+ case CLAIMS_COMPRESSION_FORMAT_XPRESS_HUFF:
+ return NDR_COMPRESSION_XPRESS_HUFF_RAW;
+ }
+ return NDR_COMPRESSION_INVALID;
+}
+
+
+enum CLAIMS_COMPRESSION_FORMAT ndr_claims_actual_wire_compression_alg(enum CLAIMS_COMPRESSION_FORMAT specified_compression,
+ size_t uncompressed_claims_size) {
+ if (uncompressed_claims_size < CLAIM_MINIMUM_BYTES_TO_COMPRESS) {
+ return CLAIMS_COMPRESSION_FORMAT_NONE;
+ }
+
+ return specified_compression;
+}
+
+size_t ndr_claims_compressed_size(struct CLAIMS_SET_NDR *claims_set,
+ enum CLAIMS_COMPRESSION_FORMAT wire_alg,
+ int flags)
+{
+ TALLOC_CTX *frame = talloc_stackframe();
+ DATA_BLOB tmp_blob;
+ uint8_t * tmp_compressed;
+ ssize_t compressed_size;
+ enum ndr_err_code ndr_err;
+ enum CLAIMS_COMPRESSION_FORMAT actual_wire_alg;
+
+ ndr_err = ndr_push_struct_blob(&tmp_blob,
+ frame,
+ claims_set,
+ (ndr_push_flags_fn_t)ndr_push_CLAIMS_SET_NDR);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ DBG_ERR("Failed to push claims while determining compressed size");
+ TALLOC_FREE(frame);
+ return 0;
+ }
+
+ actual_wire_alg = ndr_claims_actual_wire_compression_alg(wire_alg,
+ tmp_blob.length);
+
+ switch (actual_wire_alg) {
+ case CLAIMS_COMPRESSION_FORMAT_NONE:
+ TALLOC_FREE(frame);
+ return tmp_blob.length;
+
+ case CLAIMS_COMPRESSION_FORMAT_XPRESS_HUFF:
+ compressed_size = lzxpress_huffman_compress_talloc(frame,
+ tmp_blob.data,
+ tmp_blob.length,
+ &tmp_compressed);
+
+ TALLOC_FREE(frame);
+
+ if (compressed_size < 0) {
+ DBG_ERR("Failed to compress claims (for determining compressed size)");
+ return 0;
+ }
+ return compressed_size;
+
+ default:
+ TALLOC_FREE(frame);
+ DBG_ERR("Invalid chosen compression algorithm while determining compressed claim size");
+ return 0;
+ }
+}
diff --git a/librpc/ndr/ndr_xattr.h b/librpc/ndr/ndr_claims.h
similarity index 53%
copy from librpc/ndr/ndr_xattr.h
copy to librpc/ndr/ndr_claims.h
index bdc530a0ae7..03f40466762 100644
--- a/librpc/ndr/ndr_xattr.h
+++ b/librpc/ndr/ndr_claims.h
@@ -1,9 +1,9 @@
/*
Unix SMB/CIFS implementation.
- helper routines for XATTR marshalling
+ routines for helping the compression in claims
- Copyright (C) Stefan (metze) Metzmacher 2009
+ Copyright (C) Andrew Bartlett 2023
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -19,19 +19,16 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-#ifndef _LIBRPC_NDR_NDR_XATTR_H
-#define _LIBRPC_NDR_NDR_XATTR_H
+#ifndef _LIBRPC_NDR_NDR_CLAIMS_H
+#define _LIBRPC_NDR_NDR_CLAIMS_H
-_PUBLIC_ enum ndr_err_code ndr_push_xattr_DOSATTRIB(struct ndr_push *ndr,
- int ndr_flags,
- const struct xattr_DOSATTRIB *r);
+enum ndr_compression_alg ndr_claims_compression_alg(enum CLAIMS_COMPRESSION_FORMAT wire_alg);
+enum CLAIMS_COMPRESSION_FORMAT ndr_claims_actual_wire_compression_alg(enum CLAIMS_COMPRESSION_FORMAT specified_compression,
+ size_t uncompressed_claims_size);
-_PUBLIC_ enum ndr_err_code ndr_pull_xattr_DOSATTRIB(struct ndr_pull *ndr,
- int ndr_flags,
- struct xattr_DOSATTRIB *r);
+size_t ndr_claims_compressed_size(struct CLAIMS_SET_NDR *claims_set,
+ enum CLAIMS_COMPRESSION_FORMAT wire_alg,
+ int flags);
-_PUBLIC_ void ndr_print_xattr_DOSATTRIB(struct ndr_print *ndr,
- const char *name,
- const struct xattr_DOSATTRIB *r);
-#endif /* _LIBRPC_NDR_NDR_XATTR_H */
+#endif /* _LIBRPC_NDR_NDR_CLAIMS_H */
diff --git a/librpc/ndr/ndr_compression.c b/librpc/ndr/ndr_compression.c
index 8838c2fad72..1133d5216db 100644
--- a/librpc/ndr/ndr_compression.c
+++ b/librpc/ndr/ndr_compression.c
@@ -22,6 +22,7 @@
#include "includes.h"
#include "../lib/compression/lzxpress.h"
+#include "../lib/compression/lzxpress_huffman.h"
#include "librpc/ndr/libndr.h"
#include "../librpc/ndr/ndr_compression.h"
#include <zlib.h>
@@ -34,6 +35,9 @@ struct ndr_compression_state {
uint8_t *dict;
size_t dict_size;
} mszip;
+ struct {
+ struct lzxhuff_compressor_mem *mem;
+ } lzxpress_huffman;
} alg;
};
@@ -646,6 +650,165 @@ static enum ndr_err_code ndr_push_compression_xpress_chunk(struct ndr_push *ndrp
return NDR_ERR_SUCCESS;
}
+static enum ndr_err_code ndr_pull_compression_none(struct ndr_pull *ndrpull,
+ struct ndr_push *ndrpush,
+ ssize_t decompressed_len,
+ ssize_t compressed_len)
+{
+ DATA_BLOB comp_chunk;
+ uint32_t comp_chunk_size = compressed_len;
+ uint32_t comp_chunk_offset;
+
+ if (decompressed_len != compressed_len) {
+ return ndr_pull_error(ndrpull, NDR_ERR_COMPRESSION,
+ "decompressed len %zd != compressed_len %zd in 'NONE' compression!",
+ decompressed_len,
+ compressed_len);
+ }
+
+ if (comp_chunk_size != compressed_len) {
+ return ndr_pull_error(ndrpull, NDR_ERR_COMPRESSION,
+ "compressed_len %zd overflows uint32_t in 'NONE' compression!",
+ compressed_len);
+ }
+
+ comp_chunk_offset = ndrpull->offset;
+ NDR_CHECK(ndr_pull_advance(ndrpull, comp_chunk_size));
+ comp_chunk.length = comp_chunk_size;
+ comp_chunk.data = ndrpull->data + comp_chunk_offset;
+
+ NDR_CHECK(ndr_push_array_uint8(ndrpush,
+ NDR_SCALARS,
+ comp_chunk.data,
+ comp_chunk.length));
+
+ return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_push_compression_none(struct ndr_push *ndrpush,
+ struct ndr_pull *ndrpull)
+{
+ DATA_BLOB plain_chunk;
+ uint32_t plain_chunk_size;
+ uint32_t plain_chunk_offset;
+
+ plain_chunk_size = ndrpull->data_size - ndrpull->offset;
+ plain_chunk_offset = ndrpull->offset;
+ NDR_CHECK(ndr_pull_advance(ndrpull, plain_chunk_size));
+
+ plain_chunk.data = ndrpull->data + plain_chunk_offset;
+ plain_chunk.length = plain_chunk_size;
+
+ NDR_CHECK(ndr_push_array_uint8(ndrpush,
+ NDR_SCALARS,
+ plain_chunk.data,
+ plain_chunk.length));
+ return NDR_ERR_SUCCESS;
+}
+
+static enum ndr_err_code ndr_pull_compression_xpress_huff_raw_chunk(struct ndr_pull *ndrpull,
+ struct ndr_push *ndrpush,
+ ssize_t decompressed_len,
+ ssize_t compressed_len)
+{
+ DATA_BLOB comp_chunk;
+ uint32_t comp_chunk_offset;
+ uint32_t comp_chunk_size;
+ DATA_BLOB plain_chunk;
+ uint32_t plain_chunk_offset;
+ uint32_t plain_chunk_size;
+ ssize_t ret;
+
+ plain_chunk_size = decompressed_len;
--
Samba Shared Repository
More information about the samba-cvs
mailing list