[SCM] Samba Shared Repository - branch master updated
Andrew Bartlett
abartlet at samba.org
Thu Oct 26 02:27:02 UTC 2023
The branch, master has been updated
via d57f3bdcd33 s4:kdc: Simplify principal_comp_strcmp_int() to handle only equality
via ea6d2ddb66e s4:kdc: Check for overflow before calling smb_krb5_princ_component()
via 12211735772 s4:kdc: Have principal_comp_strcmp_int() properly indicate an error
via ddef0e5e1f6 s4:kdc: Consider a single‐component krbtgt principal to be the TGS
via 7b68f751be1 third_party/heimdal: Import lorikeet-heimdal-202309250010 (commit b73ae22b9b1c6fc06d0d79afe55517367a5f9670)
via 6d7a05bf780 s4:kdc: Make use of smb_krb5_principal_is_tgs()
via 865e4f0f8cb s4:kdc: Change signature of is_kadmin_changepw() to accommodate failure cases
via 9a0c5ee4aef s4:kdc: Have smb_krb5_principal_get_comp_string() properly indicate an error
via 2944bc1e02a s4:dsdb: Initialize pointers to NULL
via 800f3203b1d lib/krb5_wrap: Check return value of krb5_principal_get_comp_string()
via 3917a1995c3 tests/krb5: Add tests for single‐component krbtgt principals
via f266f5c670b tests/krb5: Also consider single‐component krbtgt principals to be TGS principals
via 3960eabca78 libutil/iconv: avoid overflow in surrogate pairs
via 949fe570777 libutil/iconv: don't allow wtf-8 surrogate pairs
via d7481f94e0f util/charset/torture: test convert_string_talloc with emptyish strings
via 58011bc64a8 s4/torture/gentest: explain seemingly redundant initialisation
via b5a728e81e8 util/convert string: remove inaccurate misspelt comment
via 7f870211fbf s4/torture/gentest: remove redundant op entry
via 15b7508babf docs/manpages: fix links to mod_ntlm_winbind and squid
via ffdd9ddeaea s4:dns_server: loudly warn when a tombstone record has other records
via 78658eee76b s4/dsdb: try not to leak on access check failure
via acb0a299172 librpc/ndr_basic: attempt only IPv4 addresses in push_ipv4
via 44ce1ad5c8b idl/spoolss: fix spelling of UTF16 charset
via df8ab7edfa2 util/charset: disambiguate docs for convert_string twins
via 7cf4efe7684 lib/util/charset: @param typos
from 704a615521c docs-xml: add manpage for wspsearch cli client
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit d57f3bdcd3374b9661571e5e815be93c666a47cf
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Sep 21 11:37:30 2023 +1200
s4:kdc: Simplify principal_comp_strcmp_int() to handle only equality
We only ever use the principal comparison functions to check equality.
Having these functions only handle equality simplifies their
implementation and makes them a bit easier to use.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet at samba.org>
Autobuild-Date(master): Thu Oct 26 02:26:02 UTC 2023 on atb-devel-224
commit ea6d2ddb66ec28097c1fe47e2d0a9ab8c1f3e7c6
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Sep 21 12:01:27 2023 +1200
s4:kdc: Check for overflow before calling smb_krb5_princ_component()
smb_krb5_princ_component() takes its component index parameter as ‘int’,
not ‘unsigned int’.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 122117357722445526124ec5ecf9e152bc8e2c87
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Sep 21 11:22:51 2023 +1200
s4:kdc: Have principal_comp_strcmp_int() properly indicate an error
We should return error codes rather than silently mask failures.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ddef0e5e1f63775cd22ee3b3febc6f765abbebf8
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Sep 21 11:14:36 2023 +1200
s4:kdc: Consider a single‐component krbtgt principal to be the TGS
This matches the behaviour of Windows.
NOTE: This commit finally works again!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 7b68f751be14cfbbab49ffa0084cc72e41d0a3f5
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Sep 25 13:16:43 2023 +1300
third_party/heimdal: Import lorikeet-heimdal-202309250010 (commit b73ae22b9b1c6fc06d0d79afe55517367a5f9670)
NOTE: THIS COMMIT WON’T COMPILE/WORK ON ITS OWN!
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 6d7a05bf780481a2792ff87ae635fb91e1f0c640
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Sep 21 11:22:47 2023 +1200
s4:kdc: Make use of smb_krb5_principal_is_tgs()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 865e4f0f8cb0f15da5d5cf8cc62d6bf7c57a8d1c
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Sep 21 11:21:28 2023 +1200
s4:kdc: Change signature of is_kadmin_changepw() to accommodate failure cases
principal_comp_strcmp() cannot yet indicate a failure case, but it will
soon be changed to do so.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 9a0c5ee4aefac943ee21e93af643b44e336c3563
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Sep 21 10:41:05 2023 +1200
s4:kdc: Have smb_krb5_principal_get_comp_string() properly indicate an error
The existing implementation did not differentiate between the case where
the relevant component was not present, and that where talloc_strndup()
failed. To correct this situation, put the result into an out parameter
on success and return an error on failure.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 2944bc1e02a279771a4514a09d1b92ef29d7a07d
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Sep 25 14:40:50 2023 +1300
s4:dsdb: Initialize pointers to NULL
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 800f3203b1dd61531e7b861738558e751e45f8af
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Thu Sep 21 11:02:38 2023 +1200
lib/krb5_wrap: Check return value of krb5_principal_get_comp_string()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 3917a1995c319a70828b7b29866a6db1fb42e637
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Sep 25 13:26:07 2023 +1300
tests/krb5: Add tests for single‐component krbtgt principals
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit f266f5c670b4338e38ed42adc8aa81e5fa580ec1
Author: Joseph Sutton <josephsutton at catalyst.net.nz>
Date: Mon Sep 25 13:21:08 2023 +1300
tests/krb5: Also consider single‐component krbtgt principals to be TGS principals
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482
Signed-off-by: Joseph Sutton <josephsutton at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 3960eabca781e892eb8fb12cde5bb3272f0ba366
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Jul 5 14:32:05 2023 +1200
libutil/iconv: avoid overflow in surrogate pairs
Consider the non-conforment utf-8 sequence "\xf5\x80\x80\x80", which
would encode 0x140000. We would set the high byte of the first
surrogate to 0xd8 | (0x130000 >> 18), or 0xdc, which is an invalid
start for a high surrogate, making the sequence as a whole invalid (as
you would expect -- the Unicode range was set precisely to that
covered by utf-16 surrogates).
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 949fe5707774fdc655b8430b0de805aa21004622
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Jul 5 13:26:12 2023 +1200
libutil/iconv: don't allow wtf-8 surrogate pairs
At present, if we meet a string like "hello \xed\xa7\x96 world", the
bytes in the middle will be converted into half of a surrogate pair,
and the UTF-16 will be invalid. It is better to error out immediately,
because the UTF-8 string is already invalid.
https://learn.microsoft.com/en-us/windows/win32/api/Stringapiset/nf-stringapiset-widechartomultibyte#remarks
is a citation for the statement about this being a pre-Vista
problem.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit d7481f94e0fa0708250e9ab761559c28f83ecade
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Jun 29 20:45:34 2023 +1200
util/charset/torture: test convert_string_talloc with emptyish strings
because it wasn't entirely obvious (a zero length string returns a
length 1 result).
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 58011bc64a8967b95c7880f07d3aedcb82123563
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Jul 12 18:34:49 2023 +1200
s4/torture/gentest: explain seemingly redundant initialisation
It seems silly, but it confused me.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit b5a728e81e8a746a2d5397f9b3c519bf89ad0248
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Jun 29 18:23:55 2023 +1200
util/convert string: remove inaccurate misspelt comment
Previous commit to the "embarrassing" line was ce10a7a673e8adf "Fix
typo in comment", which did not completely fix the typo in the
comment.
But there are no gotos anymore, so no embarrassment, however spelt.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 7f870211fbff1fab7923b30cfbb263d2df1ce3ad
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Jan 11 12:41:35 2023 +1300
s4/torture/gentest: remove redundant op entry
Also on line 2994.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 15b7508babf208279058ea5e7c4d1e7c564523e4
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Thu Jul 20 14:25:51 2023 +1200
docs/manpages: fix links to mod_ntlm_winbind and squid
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit ffdd9ddeaeada92fec3baf2046a4e03810f26286
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Sat May 13 19:29:48 2023 +1200
s4:dns_server: loudly warn when a tombstone record has other records
This shouldn't happen -- that is, there should never be non-tombstone
records in conjunction with a tombstone record -- and if it does, the
situation should resolve itself here. But the flow is confusing and
strange things sometimes happen often enough that it would be helpful
to know if this ever occurs.
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 78658eee76bdc6e7e0c2a0f4126634ef68b50454
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Jun 7 14:35:30 2023 +1200
s4/dsdb: try not to leak on access check failure
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit acb0a2991724ebf56274583ff11a1c402b1570b2
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Sun Jun 18 11:38:48 2023 +1200
librpc/ndr_basic: attempt only IPv4 addresses in push_ipv4
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 44ce1ad5c8bfce821f9a353a29e2b1e6077bd918
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Sat Jun 17 14:22:05 2023 +1200
idl/spoolss: fix spelling of UTF16 charset
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit df8ab7edfa2536c0d567ac7a6016d8d3ef50db91
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Jun 28 16:02:38 2023 +1200
util/charset: disambiguate docs for convert_string twins
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
commit 7cf4efe76846f6b92396fe07bafe4174cf0c1ad1
Author: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Date: Wed Mar 1 14:59:55 2023 +1300
lib/util/charset: @param typos
Signed-off-by: Douglas Bagnall <douglas.bagnall at catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
docs-xml/manpages/ntlm_auth.1.xml | 4 +-
lib/krb5_wrap/krb5_samba.c | 50 ++--
lib/krb5_wrap/krb5_samba.h | 9 +-
lib/util/charset/convert_string.c | 12 +-
lib/util/charset/iconv.c | 43 ++++
lib/util/charset/pull_push.c | 8 +-
lib/util/charset/tests/convert_string.c | 160 +++++++++++++
librpc/idl/spoolss.idl | 8 +-
librpc/ndr/ndr_basic.c | 2 +-
python/samba/tests/krb5/as_req_tests.py | 17 ++
python/samba/tests/krb5/kdc_base_test.py | 14 +-
python/samba/tests/krb5/kdc_tgs_tests.py | 114 +++++++++
python/samba/tests/krb5/kpasswd_tests.py | 37 +++
python/samba/tests/krb5/raw_testcase.py | 7 +-
selftest/knownfail_mit_kdc_1_20 | 6 +
source4/dns_server/dnsserver_common.c | 5 +
source4/dsdb/common/dsdb_access.c | 5 +
source4/dsdb/samdb/ldb_modules/acl.c | 33 +--
source4/kdc/db-glue.c | 256 ++++++++++++++-------
source4/torture/gentest.c | 6 +-
third_party/heimdal/kcm/protocol.c | 4 +-
third_party/heimdal/kdc/krb5tgs.c | 16 +-
third_party/heimdal/lib/hdb/common.c | 2 +-
.../heimdal/lib/krb5/libkrb5-exports.def.in | 1 +
third_party/heimdal/lib/krb5/principal.c | 17 +-
third_party/heimdal/lib/krb5/test_pac.c | 15 +-
third_party/heimdal/lib/krb5/version-script.map | 1 +
27 files changed, 690 insertions(+), 162 deletions(-)
Changeset truncated at 500 lines:
diff --git a/docs-xml/manpages/ntlm_auth.1.xml b/docs-xml/manpages/ntlm_auth.1.xml
index c257d1d617a..c7f810e3f22 100644
--- a/docs-xml/manpages/ntlm_auth.1.xml
+++ b/docs-xml/manpages/ntlm_auth.1.xml
@@ -33,8 +33,8 @@
successfully and 1 if access was denied. ntlm_auth uses winbind to access
the user and authentication data for a domain. This utility
is only intended to be used by other programs (currently
- <ulink url="http://www.squid-cache.org/">Squid</ulink>
- and <ulink url="http://download.samba.org/ftp/unpacked/lorikeet/trunk/mod_ntlm_winbind/">mod_ntlm_winbind</ulink>)
+ <ulink url="https://www.squid-cache.org/">Squid</ulink>
+ and <ulink url="https://www.samba.org/ftp/unpacked/lorikeet/mod_auth_ntlm_winbind/">mod_ntlm_winbind</ulink>).
</para>
</refsect1>
diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c
index 1d19e477743..116f916234d 100644
--- a/lib/krb5_wrap/krb5_samba.c
+++ b/lib/krb5_wrap/krb5_samba.c
@@ -1047,32 +1047,50 @@ done:
* @param[in] context The krb5_context
* @param[in] principal The principal
* @param[in] component The component
- * @return string component
+ * @param[out] out The output string
+ * @return krb5_error_code
*
* Caller must talloc_free if the return value is not NULL.
*
*/
-char *smb_krb5_principal_get_comp_string(TALLOC_CTX *mem_ctx,
- krb5_context context,
- krb5_const_principal principal,
- unsigned int component)
+krb5_error_code smb_krb5_principal_get_comp_string(TALLOC_CTX *mem_ctx,
+ krb5_context context,
+ krb5_const_principal principal,
+ unsigned int component,
+ char **out)
{
+ char *out_str = NULL;
#if defined(HAVE_KRB5_PRINCIPAL_GET_COMP_STRING)
- return talloc_strdup(mem_ctx, krb5_principal_get_comp_string(context, principal, component));
+ const char *str = NULL;
+
+ str = krb5_principal_get_comp_string(context, principal, component);
+ if (str == NULL) {
+ return ENOENT;
+ }
+
+ out_str = talloc_strdup(mem_ctx, str);
+ if (out_str == NULL) {
+ return ENOMEM;
+ }
#else
krb5_data *data;
if (component >= krb5_princ_size(context, principal)) {
- return NULL;
+ return ENOENT;
}
data = krb5_princ_component(context, principal, component);
if (data == NULL) {
- return NULL;
+ return ENOENT;
}
- return talloc_strndup(mem_ctx, data->data, data->length);
+ out_str = talloc_strndup(mem_ctx, data->data, data->length);
+ if (out_str == NULL) {
+ return ENOMEM;
+ }
#endif
+ *out = out_str;
+ return 0;
}
/**
@@ -3434,14 +3452,20 @@ int smb_krb5_principal_is_tgs(krb5_context context,
{
char *p = NULL;
int eq = 1;
+ krb5_error_code ret = 0;
- p = smb_krb5_principal_get_comp_string(NULL, context, principal, 0);
- if (p == NULL) {
+ if (krb5_princ_size(context, principal) > 2) {
+ return 0;
+ }
+
+ ret = smb_krb5_principal_get_comp_string(NULL, context, principal, 0, &p);
+ if (ret == ENOENT) {
+ return 0;
+ } else if (ret) {
return -1;
}
- eq = krb5_princ_size(context, principal) == 2 &&
- (strcmp(p, KRB5_TGS_NAME) == 0);
+ eq = strcmp(p, KRB5_TGS_NAME) == 0;
talloc_free(p);
diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h
index 7b9d8fd145c..e158a404dea 100644
--- a/lib/krb5_wrap/krb5_samba.h
+++ b/lib/krb5_wrap/krb5_samba.h
@@ -400,10 +400,11 @@ int smb_krb5_create_key_from_string(krb5_context context,
#endif
#endif
-char *smb_krb5_principal_get_comp_string(TALLOC_CTX *mem_ctx,
- krb5_context context,
- krb5_const_principal principal,
- unsigned int component);
+krb5_error_code smb_krb5_principal_get_comp_string(TALLOC_CTX *mem_ctx,
+ krb5_context context,
+ krb5_const_principal principal,
+ unsigned int component,
+ char **out);
krb5_error_code smb_krb5_copy_data_contents(krb5_data *p,
const void *data,
diff --git a/lib/util/charset/convert_string.c b/lib/util/charset/convert_string.c
index 88b128be547..9fa721b6d12 100644
--- a/lib/util/charset/convert_string.c
+++ b/lib/util/charset/convert_string.c
@@ -334,7 +334,7 @@ bool convert_string_handle(struct smb_iconv_handle *ic,
*
* @param srclen length of source buffer.
* @param dest always set at least to NULL
- * @parm converted_size set to the number of bytes occupied by the string in
+ * @param converted_size set to the number of bytes occupied by the string in
* the destination on success.
* @note -1 is not accepted for srclen.
*
@@ -342,9 +342,6 @@ bool convert_string_handle(struct smb_iconv_handle *ic,
* converted.
*
* Ensure the srclen contains the terminating zero.
- *
- * I hate the goto's in this function. It's emberrassing.....
- * There has to be a cleaner way to do this. JRA.
*/
bool convert_string_talloc_handle(TALLOC_CTX *ctx, struct smb_iconv_handle *ic,
charset_t from, charset_t to,
@@ -493,7 +490,9 @@ bool convert_string_talloc_handle(TALLOC_CTX *ctx, struct smb_iconv_handle *ic,
}
/**
- * Convert string from one encoding to another, making error checking etc
+ * Convert string from one encoding to another, with error checking.
+ * This version produces more logging information than
+ * convert_string_error(), but is otherwise functionally identical.
*
* @param src pointer to source string (multibyte or singlebyte)
* @param srclen length of the source string in bytes
@@ -514,7 +513,8 @@ _PUBLIC_ bool convert_string(charset_t from, charset_t to,
}
/**
- * Convert string from one encoding to another, making error checking etc
+ * Convert string from one encoding to another, with error checking.
+ * This version is less verbose than convert_string().
*
* @param src pointer to source string (multibyte or singlebyte)
* @param srclen length of the source string in bytes
diff --git a/lib/util/charset/iconv.c b/lib/util/charset/iconv.c
index 30e705ee119..131df640986 100644
--- a/lib/util/charset/iconv.c
+++ b/lib/util/charset/iconv.c
@@ -861,6 +861,39 @@ static size_t utf8_pull(void *cd, const char **inbuf, size_t *inbytesleft,
errno = EILSEQ;
goto error;
}
+ if (codepoint >= 0xd800 && codepoint <= 0xdfff) {
+ /*
+ * This is an invalid codepoint, per
+ * RFC3629, as it encodes part of a
+ * UTF-16 surrogate pair for a
+ * character over U+10000, which ought
+ * to have been encoded as a four byte
+ * utf-8 sequence.
+ *
+ * Prior to Vista, Windows might
+ * sometimes produce invalid strings
+ * where a utf-16 sequence containing
+ * surrogate pairs was converted
+ * "verbatim" into utf-8, instead of
+ * encoding the actual codepoint. This
+ * format is sometimes called "WTF-8".
+ *
+ * If we were to support that, we'd
+ * have a branch here for the case
+ * where the codepoint is between
+ * 0xd800 and 0xdbff (a "high
+ * surrogate"), and read a *six*
+ * character sequence from there which
+ * would include a low surrogate. But
+ * that would undermine the
+ * hard-learnt principle that each
+ * character should only have one
+ * encoding.
+ */
+ errno = EILSEQ;
+ goto error;
+ }
+
uc[0] = codepoint & 0xff;
uc[1] = codepoint >> 8;
c += 3;
@@ -890,6 +923,16 @@ static size_t utf8_pull(void *cd, const char **inbuf, size_t *inbytesleft,
errno = EILSEQ;
goto error;
}
+ if (codepoint > 0x10ffff) {
+ /*
+ * Unicode stops at 0x10ffff, and if
+ * we ignore that, we'll end up
+ * encoding the wrong characters in
+ * the surrogate pair.
+ */
+ errno = EILSEQ;
+ goto error;
+ }
codepoint -= 0x10000;
diff --git a/lib/util/charset/pull_push.c b/lib/util/charset/pull_push.c
index c5ab2ac85c0..8ec64989e2a 100644
--- a/lib/util/charset/pull_push.c
+++ b/lib/util/charset/pull_push.c
@@ -30,7 +30,7 @@
* allocating a buffer using talloc().
*
* @param dest always set at least to NULL
- * @parm converted_size set to the number of bytes occupied by the string in
+ * @param converted_size set to the number of bytes occupied by the string in
* the destination on success.
*
* @return true if new buffer was correctly allocated, and string was
@@ -98,7 +98,7 @@ bool push_ascii_talloc(TALLOC_CTX *mem_ctx, char **dest, const char *src, size_t
* Copy a string from a UCS2 src to a unix char * destination, allocating a buffer using talloc
*
* @param dest always set at least to NULL
- * @parm converted_size set to the number of bytes occupied by the string in
+ * @param converted_size set to the number of bytes occupied by the string in
* the destination on success.
*
* @return true if new buffer was correctly allocated, and string was
@@ -120,7 +120,7 @@ bool pull_ucs2_talloc(TALLOC_CTX *ctx, char **dest, const smb_ucs2_t *src,
* Copy a string from a UTF-8 src to a unix char * destination, allocating a buffer using talloc
*
* @param dest always set at least to NULL
- * @parm converted_size set to the number of bytes occupied by the string in
+ * @param converted_size set to the number of bytes occupied by the string in
* the destination on success.
*
* @return true if new buffer was correctly allocated, and string was
@@ -142,7 +142,7 @@ bool pull_utf8_talloc(TALLOC_CTX *ctx, char **dest, const char *src,
* Copy a string from a DOS src to a unix char * destination, allocating a buffer using talloc
*
* @param dest always set at least to NULL
- * @parm converted_size set to the number of bytes occupied by the string in
+ * @param converted_size set to the number of bytes occupied by the string in
* the destination on success.
*
* @return true if new buffer was correctly allocated, and string was
diff --git a/lib/util/charset/tests/convert_string.c b/lib/util/charset/tests/convert_string.c
index 3c15cdc1d04..6400ce15625 100644
--- a/lib/util/charset/tests/convert_string.c
+++ b/lib/util/charset/tests/convert_string.c
@@ -1847,6 +1847,165 @@ static bool test_plato(struct torture_context *tctx)
return true;
}
+
+
+static bool test_short_strings(struct torture_context *tctx)
+{
+ char zeros[6] = {0};
+ char s[6] = {'s'};
+ bool ok;
+ char *out;
+ size_t out_len;
+
+ ok = convert_string_talloc(tctx,
+ CH_UTF8, CH_UTF16LE,
+ zeros, 0,
+ &out, &out_len);
+ torture_assert(tctx, ok, "{\"\", 0} to utf16 failed");
+ torture_assert(tctx, out_len == 2, "{\"\", 0} length is two");
+ torture_assert(tctx, out[0] == 0 && out[1] == 0, "{\"\", 0} utf16 is zero");
+ TALLOC_FREE(out);
+
+ ok = convert_string_talloc(tctx,
+ CH_UTF8, CH_UTF16LE,
+ zeros, 1,
+ &out, &out_len);
+ torture_assert(tctx, ok, "{\"\\0\", 1} to utf16 failed");
+ torture_assert(tctx, out_len == 2, "{\"\\0\", 1} length is two");
+ torture_assert(tctx, out[0] == 0 && out[1] == 0, "{\"\\0\", 1} utf16 is zero");
+ TALLOC_FREE(out);
+
+ ok = convert_string_talloc(tctx,
+ CH_UTF8, CH_UTF16LE,
+ zeros, 2,
+ &out, &out_len);
+ torture_assert(tctx, ok, "{\"\\0\\0\", 2} to utf16 failed");
+ torture_assert(tctx, out_len == 4, "{\"\\0\\0\", 2} length is four");
+ torture_assert(tctx, out[0] == 0 && out[1] == 0, "{\"\\0\\0\", 2} utf16 is zero");
+ TALLOC_FREE(out);
+
+ ok = convert_string_talloc(tctx,
+ CH_UTF8, CH_UTF16LE,
+ s, 0,
+ &out, &out_len);
+ torture_assert(tctx, ok, "{\"s\", 0} to utf16 failed");
+ torture_assert(tctx, out_len == 2, "{\"s\", 0} length is two");
+ torture_assert(tctx, out[0] == 0 && out[1] == 0,
+ "{\"s\", 0} utf16 is zero");
+ TALLOC_FREE(out);
+
+ ok = convert_string_talloc(tctx,
+ CH_UTF8, CH_UTF16LE,
+ s, 1,
+ &out, &out_len);
+ torture_assert(tctx, ok, "{\"s\", 1} to utf16 failed");
+ torture_assert(tctx, out_len == 2, "{\"s\", 1} length is two");
+ torture_assert(tctx, out[0] == 's' && out[1] == 0,
+ "{\"s\", 1} utf16 is s");
+ TALLOC_FREE(out);
+
+ ok = convert_string_talloc(tctx,
+ CH_UTF8, CH_UTF16LE,
+ s, 2,
+ &out, &out_len);
+ torture_assert(tctx, ok, "{\"s\\0\", 2} to utf16 failed");
+ torture_assert(tctx, out_len == 4, "{\"s\\0\", 2} length is four");
+ torture_assert(tctx, out[0] == 's' && out[1] == 0,
+ "{\"s\\0\", 0} utf16 is s");
+ TALLOC_FREE(out);
+
+
+ /* going to utf8 */
+ ok = convert_string_talloc(tctx,
+ CH_UTF16LE, CH_UTF8,
+ zeros, 0,
+ &out, &out_len);
+ torture_assert(tctx, ok, "{\"\", 0} to utf8 failed");
+ torture_assert(tctx, out_len == 1, "{\"\", 0} length is one");
+ torture_assert(tctx, out[0] == 0, "{\"\", 0} utf8[0] is zero");
+ TALLOC_FREE(out);
+
+ ok = convert_string_talloc(tctx,
+ CH_UTF16LE, CH_UTF8,
+ zeros, 2,
+ &out, &out_len);
+ torture_assert(tctx, ok, "{\"\\0\", 1} to utf8 failed");
+ torture_assert(tctx, out_len == 1, "{\"\\0\", 1} length is one");
+ torture_assert(tctx, out[0] == 0 && out[1] == 0,
+ "{\"\\0\", 1} utf8 is zero");
+ TALLOC_FREE(out);
+
+ ok = convert_string_talloc(tctx,
+ CH_UTF16LE, CH_UTF8,
+ zeros, 4,
+ &out, &out_len);
+ torture_assert(tctx, ok, "{\"\\0\\0\\0\\0\", 4} to utf8 failed");
+ torture_assert(tctx, out_len == 2, "{\"\\0\\0\\0\\0\", 4} length is two");
+ torture_assert(tctx, out[0] == 0 && out[1] == 0,
+ "{\"\\0\\0\\0\\0\", 4} utf8 is zero");
+ TALLOC_FREE(out);
+
+ ok = convert_string_talloc(tctx,
+ CH_UTF16LE, CH_UTF8,
+ s, 0,
+ &out, &out_len);
+ torture_assert(tctx, ok, "{\"s\", 0} to utf8 failed");
+ torture_assert(tctx, out_len == 1, "{\"s\", 0} length is one");
+ torture_assert(tctx, out[0] == 0, "{\"s\", 0} utf8 is zero");
+ TALLOC_FREE(out);
+
+ ok = convert_string_talloc(tctx,
+ CH_UTF16LE, CH_UTF8,
+ s, 2,
+ &out, &out_len);
+ torture_assert(tctx, ok, "{\"s\\0\", 2} to utf8 failed");
+ torture_assert(tctx, out_len == 1, "{\"s\\0\", 2} length is one");
+ torture_assert(tctx, out[0] == 's' && out[1] == 0,
+ "{\"s\\0\", 2} utf8 is s");
+ TALLOC_FREE(out);
+
+
+ ok = convert_string_talloc(tctx,
+ CH_UTF16LE, CH_UTF8,
+ s, 4,
+ &out, &out_len);
+ torture_assert(tctx, ok, "{\"s\\0\\0\\0\", 4} utf8 failed");
+ torture_assert(tctx, out_len == 2, "\"s\\0\\0\\0\", 4} utf8 length is two");
+ torture_assert(tctx, out[0] == 's' && out[1] == 0,
+ "{\"s\\0\\0\\0\", 4} utf8 is s");
+ TALLOC_FREE(out);
+
+ /* odd numbers of bytes from UTF-16 should fail */
+ ok = convert_string_talloc(tctx,
+ CH_UTF16LE, CH_UTF8,
+ s, 1,
+ &out, &out_len);
+ torture_assert(tctx, ! ok, "{\"s\", 1} to utf8 should have failed");
+
+ ok = convert_string_talloc(tctx,
+ CH_UTF16LE, CH_UTF8,
+ s, 3,
+ &out, &out_len);
+ torture_assert(tctx, ! ok, "{\"s\\0\\0\", 3} to utf8 should have failed");
+
+ ok = convert_string_talloc(tctx,
+ CH_UTF16LE, CH_UTF8,
+ zeros, 1,
+ &out, &out_len);
+ torture_assert(tctx, ! ok,
+ "{\"\\0\", 1} to utf8 should have failed");
+
+ ok = convert_string_talloc(tctx,
+ CH_UTF16LE, CH_UTF8,
+ zeros, 5,
+ &out, &out_len);
+ torture_assert(tctx, ! ok,
+ "{\"\\0\\0\\0\\0\", 5} to utf8 should have failed");
+
+ return true;
+}
+
+
static bool test_plato_latin(struct torture_context *tctx)
{
DATA_BLOB plato_latin_utf8 = base64_decode_data_blob(plato_latin_utf8_base64);
@@ -2020,6 +2179,7 @@ struct torture_suite *torture_local_convert_string(TALLOC_CTX *mem_ctx)
{
struct torture_suite *suite = torture_suite_create(mem_ctx, "convert_string");
+ torture_suite_add_simple_test(suite, "short_strings", test_short_strings);
torture_suite_add_simple_test(suite, "gd", test_gd);
torture_suite_add_simple_test(suite, "plato", test_plato);
torture_suite_add_simple_test(suite, "plato_latin", test_plato_latin);
diff --git a/librpc/idl/spoolss.idl b/librpc/idl/spoolss.idl
index 14489534c83..81605879d3c 100644
--- a/librpc/idl/spoolss.idl
+++ b/librpc/idl/spoolss.idl
@@ -2403,13 +2403,13 @@ cpp_quote("#define spoolss_security_descriptor security_descriptor")
/* Function: 0x2e */
typedef struct {
- [string,charset(URF16)] uint16 *monitor_name;
+ [string,charset(UTF16)] uint16 *monitor_name;
} spoolss_AddMonitorInfo1;
typedef struct {
- [string,charset(URF16)] uint16 *monitor_name;
- [string,charset(URF16)] uint16 *environment;
- [string,charset(URF16)] uint16 *dll_name;
+ [string,charset(UTF16)] uint16 *monitor_name;
+ [string,charset(UTF16)] uint16 *environment;
+ [string,charset(UTF16)] uint16 *dll_name;
} spoolss_AddMonitorInfo2;
typedef [ms_union,switch_type(uint32)] union {
diff --git a/librpc/ndr/ndr_basic.c b/librpc/ndr/ndr_basic.c
index 8820c0f5cec..350020d7788 100644
--- a/librpc/ndr/ndr_basic.c
+++ b/librpc/ndr/ndr_basic.c
@@ -1025,7 +1025,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_ipv4address(struct ndr_pull *ndr, int ndr_fl
_PUBLIC_ enum ndr_err_code ndr_push_ipv4address(struct ndr_push *ndr, int ndr_flags, const char *address)
{
uint32_t addr;
- if (!is_ipaddress(address)) {
+ if (!is_ipaddress_v4(address)) {
return ndr_push_error(ndr, NDR_ERR_IPV4ADDRESS,
"Invalid IPv4 address: '%s'",
address);
diff --git a/python/samba/tests/krb5/as_req_tests.py b/python/samba/tests/krb5/as_req_tests.py
index eb5e16e539e..c185c393cf6 100755
--- a/python/samba/tests/krb5/as_req_tests.py
+++ b/python/samba/tests/krb5/as_req_tests.py
@@ -529,6 +529,23 @@ class AsReqKerberosTests(AsReqBaseTest):
sname=wrong_krbtgt_princ,
expected_error=KDC_ERR_S_PRINCIPAL_UNKNOWN)
+ def test_krbtgt_single_component_krbtgt(self):
+ """Test that we can make a request to the single‐component krbtgt
+ principal."""
+
+ client_creds = self.get_client_creds()
+
+ # Create a krbtgt principal with a single component.
+ single_component_krbtgt_principal = self.PrincipalName_create(
+ name_type=NT_SRV_INST,
+ names=['krbtgt'])
--
Samba Shared Repository
More information about the samba-cvs
mailing list