The branch, master has been updated via d57f3bdcd33 s4:kdc: Simplify principal_comp_strcmp_int() to handle only equality via ea6d2ddb66e s4:kdc: Check for overflow before calling smb_krb5_princ_component() via 12211735772 s4:kdc: Have principal_comp_strcmp_int() properly indicate an error via ddef0e5e1f6 s4:kdc: Consider a single‐component krbtgt principal to be the TGS via 7b68f751be1 third_party/heimdal: Import lorikeet-heimdal-202309250010 (commit b73ae22b9b1c6fc06d0d79afe55517367a5f9670) via 6d7a05bf780 s4:kdc: Make use of smb_krb5_principal_is_tgs() via 865e4f0f8cb s4:kdc: Change signature of is_kadmin_changepw() to accommodate failure cases via 9a0c5ee4aef s4:kdc: Have smb_krb5_principal_get_comp_string() properly indicate an error via 2944bc1e02a s4:dsdb: Initialize pointers to NULL via 800f3203b1d lib/krb5_wrap: Check return value of krb5_principal_get_comp_string() via 3917a1995c3 tests/krb5: Add tests for single‐component krbtgt principals via f266f5c670b tests/krb5: Also consider single‐component krbtgt principals to be TGS principals via 3960eabca78 libutil/iconv: avoid overflow in surrogate pairs via 949fe570777 libutil/iconv: don't allow wtf-8 surrogate pairs via d7481f94e0f util/charset/torture: test convert_string_talloc with emptyish strings via 58011bc64a8 s4/torture/gentest: explain seemingly redundant initialisation via b5a728e81e8 util/convert string: remove inaccurate misspelt comment via 7f870211fbf s4/torture/gentest: remove redundant op entry via 15b7508babf docs/manpages: fix links to mod_ntlm_winbind and squid via ffdd9ddeaea s4:dns_server: loudly warn when a tombstone record has other records via 78658eee76b s4/dsdb: try not to leak on access check failure via acb0a299172 librpc/ndr_basic: attempt only IPv4 addresses in push_ipv4 via 44ce1ad5c8b idl/spoolss: fix spelling of UTF16 charset via df8ab7edfa2 util/charset: disambiguate docs for convert_string twins via 7cf4efe7684 lib/util/charset: @param typos from 704a615521c docs-xml: add manpage for wspsearch cli client
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit d57f3bdcd3374b9661571e5e815be93c666a47cf Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu Sep 21 11:37:30 2023 +1200 s4:kdc: Simplify principal_comp_strcmp_int() to handle only equality We only ever use the principal comparison functions to check equality. Having these functions only handle equality simplifies their implementation and makes them a bit easier to use. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> Autobuild-User(master): Andrew Bartlett <abart...@samba.org> Autobuild-Date(master): Thu Oct 26 02:26:02 UTC 2023 on atb-devel-224 commit ea6d2ddb66ec28097c1fe47e2d0a9ab8c1f3e7c6 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu Sep 21 12:01:27 2023 +1200 s4:kdc: Check for overflow before calling smb_krb5_princ_component() smb_krb5_princ_component() takes its component index parameter as ‘int’, not ‘unsigned int’. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 122117357722445526124ec5ecf9e152bc8e2c87 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu Sep 21 11:22:51 2023 +1200 s4:kdc: Have principal_comp_strcmp_int() properly indicate an error We should return error codes rather than silently mask failures. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit ddef0e5e1f63775cd22ee3b3febc6f765abbebf8 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu Sep 21 11:14:36 2023 +1200 s4:kdc: Consider a single‐component krbtgt principal to be the TGS This matches the behaviour of Windows. NOTE: This commit finally works again! BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 7b68f751be14cfbbab49ffa0084cc72e41d0a3f5 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Mon Sep 25 13:16:43 2023 +1300 third_party/heimdal: Import lorikeet-heimdal-202309250010 (commit b73ae22b9b1c6fc06d0d79afe55517367a5f9670) NOTE: THIS COMMIT WON’T COMPILE/WORK ON ITS OWN! BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 6d7a05bf780481a2792ff87ae635fb91e1f0c640 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu Sep 21 11:22:47 2023 +1200 s4:kdc: Make use of smb_krb5_principal_is_tgs() BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 865e4f0f8cb0f15da5d5cf8cc62d6bf7c57a8d1c Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu Sep 21 11:21:28 2023 +1200 s4:kdc: Change signature of is_kadmin_changepw() to accommodate failure cases principal_comp_strcmp() cannot yet indicate a failure case, but it will soon be changed to do so. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 9a0c5ee4aefac943ee21e93af643b44e336c3563 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu Sep 21 10:41:05 2023 +1200 s4:kdc: Have smb_krb5_principal_get_comp_string() properly indicate an error The existing implementation did not differentiate between the case where the relevant component was not present, and that where talloc_strndup() failed. To correct this situation, put the result into an out parameter on success and return an error on failure. BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 2944bc1e02a279771a4514a09d1b92ef29d7a07d Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Mon Sep 25 14:40:50 2023 +1300 s4:dsdb: Initialize pointers to NULL Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 800f3203b1dd61531e7b861738558e751e45f8af Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Thu Sep 21 11:02:38 2023 +1200 lib/krb5_wrap: Check return value of krb5_principal_get_comp_string() BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 3917a1995c319a70828b7b29866a6db1fb42e637 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Mon Sep 25 13:26:07 2023 +1300 tests/krb5: Add tests for single‐component krbtgt principals BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit f266f5c670b4338e38ed42adc8aa81e5fa580ec1 Author: Joseph Sutton <josephsut...@catalyst.net.nz> Date: Mon Sep 25 13:21:08 2023 +1300 tests/krb5: Also consider single‐component krbtgt principals to be TGS principals BUG: https://bugzilla.samba.org/show_bug.cgi?id=15482 Signed-off-by: Joseph Sutton <josephsut...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 3960eabca781e892eb8fb12cde5bb3272f0ba366 Author: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Date: Wed Jul 5 14:32:05 2023 +1200 libutil/iconv: avoid overflow in surrogate pairs Consider the non-conforment utf-8 sequence "\xf5\x80\x80\x80", which would encode 0x140000. We would set the high byte of the first surrogate to 0xd8 | (0x130000 >> 18), or 0xdc, which is an invalid start for a high surrogate, making the sequence as a whole invalid (as you would expect -- the Unicode range was set precisely to that covered by utf-16 surrogates). Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 949fe5707774fdc655b8430b0de805aa21004622 Author: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Date: Wed Jul 5 13:26:12 2023 +1200 libutil/iconv: don't allow wtf-8 surrogate pairs At present, if we meet a string like "hello \xed\xa7\x96 world", the bytes in the middle will be converted into half of a surrogate pair, and the UTF-16 will be invalid. It is better to error out immediately, because the UTF-8 string is already invalid. https://learn.microsoft.com/en-us/windows/win32/api/Stringapiset/nf-stringapiset-widechartomultibyte#remarks is a citation for the statement about this being a pre-Vista problem. Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit d7481f94e0fa0708250e9ab761559c28f83ecade Author: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Date: Thu Jun 29 20:45:34 2023 +1200 util/charset/torture: test convert_string_talloc with emptyish strings because it wasn't entirely obvious (a zero length string returns a length 1 result). Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 58011bc64a8967b95c7880f07d3aedcb82123563 Author: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Date: Wed Jul 12 18:34:49 2023 +1200 s4/torture/gentest: explain seemingly redundant initialisation It seems silly, but it confused me. Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit b5a728e81e8a746a2d5397f9b3c519bf89ad0248 Author: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Date: Thu Jun 29 18:23:55 2023 +1200 util/convert string: remove inaccurate misspelt comment Previous commit to the "embarrassing" line was ce10a7a673e8adf "Fix typo in comment", which did not completely fix the typo in the comment. But there are no gotos anymore, so no embarrassment, however spelt. Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 7f870211fbff1fab7923b30cfbb263d2df1ce3ad Author: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Date: Wed Jan 11 12:41:35 2023 +1300 s4/torture/gentest: remove redundant op entry Also on line 2994. Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 15b7508babf208279058ea5e7c4d1e7c564523e4 Author: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Date: Thu Jul 20 14:25:51 2023 +1200 docs/manpages: fix links to mod_ntlm_winbind and squid Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit ffdd9ddeaeada92fec3baf2046a4e03810f26286 Author: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Date: Sat May 13 19:29:48 2023 +1200 s4:dns_server: loudly warn when a tombstone record has other records This shouldn't happen -- that is, there should never be non-tombstone records in conjunction with a tombstone record -- and if it does, the situation should resolve itself here. But the flow is confusing and strange things sometimes happen often enough that it would be helpful to know if this ever occurs. Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 78658eee76bdc6e7e0c2a0f4126634ef68b50454 Author: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Date: Wed Jun 7 14:35:30 2023 +1200 s4/dsdb: try not to leak on access check failure Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit acb0a2991724ebf56274583ff11a1c402b1570b2 Author: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Date: Sun Jun 18 11:38:48 2023 +1200 librpc/ndr_basic: attempt only IPv4 addresses in push_ipv4 Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 44ce1ad5c8bfce821f9a353a29e2b1e6077bd918 Author: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Date: Sat Jun 17 14:22:05 2023 +1200 idl/spoolss: fix spelling of UTF16 charset Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit df8ab7edfa2536c0d567ac7a6016d8d3ef50db91 Author: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Date: Wed Jun 28 16:02:38 2023 +1200 util/charset: disambiguate docs for convert_string twins Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 7cf4efe76846f6b92396fe07bafe4174cf0c1ad1 Author: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Date: Wed Mar 1 14:59:55 2023 +1300 lib/util/charset: @param typos Signed-off-by: Douglas Bagnall <douglas.bagn...@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abart...@samba.org> ----------------------------------------------------------------------- Summary of changes: docs-xml/manpages/ntlm_auth.1.xml | 4 +- lib/krb5_wrap/krb5_samba.c | 50 ++-- lib/krb5_wrap/krb5_samba.h | 9 +- lib/util/charset/convert_string.c | 12 +- lib/util/charset/iconv.c | 43 ++++ lib/util/charset/pull_push.c | 8 +- lib/util/charset/tests/convert_string.c | 160 +++++++++++++ librpc/idl/spoolss.idl | 8 +- librpc/ndr/ndr_basic.c | 2 +- python/samba/tests/krb5/as_req_tests.py | 17 ++ python/samba/tests/krb5/kdc_base_test.py | 14 +- python/samba/tests/krb5/kdc_tgs_tests.py | 114 +++++++++ python/samba/tests/krb5/kpasswd_tests.py | 37 +++ python/samba/tests/krb5/raw_testcase.py | 7 +- selftest/knownfail_mit_kdc_1_20 | 6 + source4/dns_server/dnsserver_common.c | 5 + source4/dsdb/common/dsdb_access.c | 5 + source4/dsdb/samdb/ldb_modules/acl.c | 33 +-- source4/kdc/db-glue.c | 256 ++++++++++++++------- source4/torture/gentest.c | 6 +- third_party/heimdal/kcm/protocol.c | 4 +- third_party/heimdal/kdc/krb5tgs.c | 16 +- third_party/heimdal/lib/hdb/common.c | 2 +- .../heimdal/lib/krb5/libkrb5-exports.def.in | 1 + third_party/heimdal/lib/krb5/principal.c | 17 +- third_party/heimdal/lib/krb5/test_pac.c | 15 +- third_party/heimdal/lib/krb5/version-script.map | 1 + 27 files changed, 690 insertions(+), 162 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages/ntlm_auth.1.xml b/docs-xml/manpages/ntlm_auth.1.xml index c257d1d617a..c7f810e3f22 100644 --- a/docs-xml/manpages/ntlm_auth.1.xml +++ b/docs-xml/manpages/ntlm_auth.1.xml @@ -33,8 +33,8 @@ successfully and 1 if access was denied. ntlm_auth uses winbind to access the user and authentication data for a domain. This utility is only intended to be used by other programs (currently - <ulink url="http://www.squid-cache.org/">Squid</ulink> - and <ulink url="http://download.samba.org/ftp/unpacked/lorikeet/trunk/mod_ntlm_winbind/">mod_ntlm_winbind</ulink>) + <ulink url="https://www.squid-cache.org/">Squid</ulink> + and <ulink url="https://www.samba.org/ftp/unpacked/lorikeet/mod_auth_ntlm_winbind/">mod_ntlm_winbind</ulink>). </para> </refsect1> diff --git a/lib/krb5_wrap/krb5_samba.c b/lib/krb5_wrap/krb5_samba.c index 1d19e477743..116f916234d 100644 --- a/lib/krb5_wrap/krb5_samba.c +++ b/lib/krb5_wrap/krb5_samba.c @@ -1047,32 +1047,50 @@ done: * @param[in] context The krb5_context * @param[in] principal The principal * @param[in] component The component - * @return string component + * @param[out] out The output string + * @return krb5_error_code * * Caller must talloc_free if the return value is not NULL. * */ -char *smb_krb5_principal_get_comp_string(TALLOC_CTX *mem_ctx, - krb5_context context, - krb5_const_principal principal, - unsigned int component) +krb5_error_code smb_krb5_principal_get_comp_string(TALLOC_CTX *mem_ctx, + krb5_context context, + krb5_const_principal principal, + unsigned int component, + char **out) { + char *out_str = NULL; #if defined(HAVE_KRB5_PRINCIPAL_GET_COMP_STRING) - return talloc_strdup(mem_ctx, krb5_principal_get_comp_string(context, principal, component)); + const char *str = NULL; + + str = krb5_principal_get_comp_string(context, principal, component); + if (str == NULL) { + return ENOENT; + } + + out_str = talloc_strdup(mem_ctx, str); + if (out_str == NULL) { + return ENOMEM; + } #else krb5_data *data; if (component >= krb5_princ_size(context, principal)) { - return NULL; + return ENOENT; } data = krb5_princ_component(context, principal, component); if (data == NULL) { - return NULL; + return ENOENT; } - return talloc_strndup(mem_ctx, data->data, data->length); + out_str = talloc_strndup(mem_ctx, data->data, data->length); + if (out_str == NULL) { + return ENOMEM; + } #endif + *out = out_str; + return 0; } /** @@ -3434,14 +3452,20 @@ int smb_krb5_principal_is_tgs(krb5_context context, { char *p = NULL; int eq = 1; + krb5_error_code ret = 0; - p = smb_krb5_principal_get_comp_string(NULL, context, principal, 0); - if (p == NULL) { + if (krb5_princ_size(context, principal) > 2) { + return 0; + } + + ret = smb_krb5_principal_get_comp_string(NULL, context, principal, 0, &p); + if (ret == ENOENT) { + return 0; + } else if (ret) { return -1; } - eq = krb5_princ_size(context, principal) == 2 && - (strcmp(p, KRB5_TGS_NAME) == 0); + eq = strcmp(p, KRB5_TGS_NAME) == 0; talloc_free(p); diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h index 7b9d8fd145c..e158a404dea 100644 --- a/lib/krb5_wrap/krb5_samba.h +++ b/lib/krb5_wrap/krb5_samba.h @@ -400,10 +400,11 @@ int smb_krb5_create_key_from_string(krb5_context context, #endif #endif -char *smb_krb5_principal_get_comp_string(TALLOC_CTX *mem_ctx, - krb5_context context, - krb5_const_principal principal, - unsigned int component); +krb5_error_code smb_krb5_principal_get_comp_string(TALLOC_CTX *mem_ctx, + krb5_context context, + krb5_const_principal principal, + unsigned int component, + char **out); krb5_error_code smb_krb5_copy_data_contents(krb5_data *p, const void *data, diff --git a/lib/util/charset/convert_string.c b/lib/util/charset/convert_string.c index 88b128be547..9fa721b6d12 100644 --- a/lib/util/charset/convert_string.c +++ b/lib/util/charset/convert_string.c @@ -334,7 +334,7 @@ bool convert_string_handle(struct smb_iconv_handle *ic, * * @param srclen length of source buffer. * @param dest always set at least to NULL - * @parm converted_size set to the number of bytes occupied by the string in + * @param converted_size set to the number of bytes occupied by the string in * the destination on success. * @note -1 is not accepted for srclen. * @@ -342,9 +342,6 @@ bool convert_string_handle(struct smb_iconv_handle *ic, * converted. * * Ensure the srclen contains the terminating zero. - * - * I hate the goto's in this function. It's emberrassing..... - * There has to be a cleaner way to do this. JRA. */ bool convert_string_talloc_handle(TALLOC_CTX *ctx, struct smb_iconv_handle *ic, charset_t from, charset_t to, @@ -493,7 +490,9 @@ bool convert_string_talloc_handle(TALLOC_CTX *ctx, struct smb_iconv_handle *ic, } /** - * Convert string from one encoding to another, making error checking etc + * Convert string from one encoding to another, with error checking. + * This version produces more logging information than + * convert_string_error(), but is otherwise functionally identical. * * @param src pointer to source string (multibyte or singlebyte) * @param srclen length of the source string in bytes @@ -514,7 +513,8 @@ _PUBLIC_ bool convert_string(charset_t from, charset_t to, } /** - * Convert string from one encoding to another, making error checking etc + * Convert string from one encoding to another, with error checking. + * This version is less verbose than convert_string(). * * @param src pointer to source string (multibyte or singlebyte) * @param srclen length of the source string in bytes diff --git a/lib/util/charset/iconv.c b/lib/util/charset/iconv.c index 30e705ee119..131df640986 100644 --- a/lib/util/charset/iconv.c +++ b/lib/util/charset/iconv.c @@ -861,6 +861,39 @@ static size_t utf8_pull(void *cd, const char **inbuf, size_t *inbytesleft, errno = EILSEQ; goto error; } + if (codepoint >= 0xd800 && codepoint <= 0xdfff) { + /* + * This is an invalid codepoint, per + * RFC3629, as it encodes part of a + * UTF-16 surrogate pair for a + * character over U+10000, which ought + * to have been encoded as a four byte + * utf-8 sequence. + * + * Prior to Vista, Windows might + * sometimes produce invalid strings + * where a utf-16 sequence containing + * surrogate pairs was converted + * "verbatim" into utf-8, instead of + * encoding the actual codepoint. This + * format is sometimes called "WTF-8". + * + * If we were to support that, we'd + * have a branch here for the case + * where the codepoint is between + * 0xd800 and 0xdbff (a "high + * surrogate"), and read a *six* + * character sequence from there which + * would include a low surrogate. But + * that would undermine the + * hard-learnt principle that each + * character should only have one + * encoding. + */ + errno = EILSEQ; + goto error; + } + uc[0] = codepoint & 0xff; uc[1] = codepoint >> 8; c += 3; @@ -890,6 +923,16 @@ static size_t utf8_pull(void *cd, const char **inbuf, size_t *inbytesleft, errno = EILSEQ; goto error; } + if (codepoint > 0x10ffff) { + /* + * Unicode stops at 0x10ffff, and if + * we ignore that, we'll end up + * encoding the wrong characters in + * the surrogate pair. + */ + errno = EILSEQ; + goto error; + } codepoint -= 0x10000; diff --git a/lib/util/charset/pull_push.c b/lib/util/charset/pull_push.c index c5ab2ac85c0..8ec64989e2a 100644 --- a/lib/util/charset/pull_push.c +++ b/lib/util/charset/pull_push.c @@ -30,7 +30,7 @@ * allocating a buffer using talloc(). * * @param dest always set at least to NULL - * @parm converted_size set to the number of bytes occupied by the string in + * @param converted_size set to the number of bytes occupied by the string in * the destination on success. * * @return true if new buffer was correctly allocated, and string was @@ -98,7 +98,7 @@ bool push_ascii_talloc(TALLOC_CTX *mem_ctx, char **dest, const char *src, size_t * Copy a string from a UCS2 src to a unix char * destination, allocating a buffer using talloc * * @param dest always set at least to NULL - * @parm converted_size set to the number of bytes occupied by the string in + * @param converted_size set to the number of bytes occupied by the string in * the destination on success. * * @return true if new buffer was correctly allocated, and string was @@ -120,7 +120,7 @@ bool pull_ucs2_talloc(TALLOC_CTX *ctx, char **dest, const smb_ucs2_t *src, * Copy a string from a UTF-8 src to a unix char * destination, allocating a buffer using talloc * * @param dest always set at least to NULL - * @parm converted_size set to the number of bytes occupied by the string in + * @param converted_size set to the number of bytes occupied by the string in * the destination on success. * * @return true if new buffer was correctly allocated, and string was @@ -142,7 +142,7 @@ bool pull_utf8_talloc(TALLOC_CTX *ctx, char **dest, const char *src, * Copy a string from a DOS src to a unix char * destination, allocating a buffer using talloc * * @param dest always set at least to NULL - * @parm converted_size set to the number of bytes occupied by the string in + * @param converted_size set to the number of bytes occupied by the string in * the destination on success. * * @return true if new buffer was correctly allocated, and string was diff --git a/lib/util/charset/tests/convert_string.c b/lib/util/charset/tests/convert_string.c index 3c15cdc1d04..6400ce15625 100644 --- a/lib/util/charset/tests/convert_string.c +++ b/lib/util/charset/tests/convert_string.c @@ -1847,6 +1847,165 @@ static bool test_plato(struct torture_context *tctx) return true; } + + +static bool test_short_strings(struct torture_context *tctx) +{ + char zeros[6] = {0}; + char s[6] = {'s'}; + bool ok; + char *out; + size_t out_len; + + ok = convert_string_talloc(tctx, + CH_UTF8, CH_UTF16LE, + zeros, 0, + &out, &out_len); + torture_assert(tctx, ok, "{\"\", 0} to utf16 failed"); + torture_assert(tctx, out_len == 2, "{\"\", 0} length is two"); + torture_assert(tctx, out[0] == 0 && out[1] == 0, "{\"\", 0} utf16 is zero"); + TALLOC_FREE(out); + + ok = convert_string_talloc(tctx, + CH_UTF8, CH_UTF16LE, + zeros, 1, + &out, &out_len); + torture_assert(tctx, ok, "{\"\\0\", 1} to utf16 failed"); + torture_assert(tctx, out_len == 2, "{\"\\0\", 1} length is two"); + torture_assert(tctx, out[0] == 0 && out[1] == 0, "{\"\\0\", 1} utf16 is zero"); + TALLOC_FREE(out); + + ok = convert_string_talloc(tctx, + CH_UTF8, CH_UTF16LE, + zeros, 2, + &out, &out_len); + torture_assert(tctx, ok, "{\"\\0\\0\", 2} to utf16 failed"); + torture_assert(tctx, out_len == 4, "{\"\\0\\0\", 2} length is four"); + torture_assert(tctx, out[0] == 0 && out[1] == 0, "{\"\\0\\0\", 2} utf16 is zero"); + TALLOC_FREE(out); + + ok = convert_string_talloc(tctx, + CH_UTF8, CH_UTF16LE, + s, 0, + &out, &out_len); + torture_assert(tctx, ok, "{\"s\", 0} to utf16 failed"); + torture_assert(tctx, out_len == 2, "{\"s\", 0} length is two"); + torture_assert(tctx, out[0] == 0 && out[1] == 0, + "{\"s\", 0} utf16 is zero"); + TALLOC_FREE(out); + + ok = convert_string_talloc(tctx, + CH_UTF8, CH_UTF16LE, + s, 1, + &out, &out_len); + torture_assert(tctx, ok, "{\"s\", 1} to utf16 failed"); + torture_assert(tctx, out_len == 2, "{\"s\", 1} length is two"); + torture_assert(tctx, out[0] == 's' && out[1] == 0, + "{\"s\", 1} utf16 is s"); + TALLOC_FREE(out); + + ok = convert_string_talloc(tctx, + CH_UTF8, CH_UTF16LE, + s, 2, + &out, &out_len); + torture_assert(tctx, ok, "{\"s\\0\", 2} to utf16 failed"); + torture_assert(tctx, out_len == 4, "{\"s\\0\", 2} length is four"); + torture_assert(tctx, out[0] == 's' && out[1] == 0, + "{\"s\\0\", 0} utf16 is s"); + TALLOC_FREE(out); + + + /* going to utf8 */ + ok = convert_string_talloc(tctx, + CH_UTF16LE, CH_UTF8, + zeros, 0, + &out, &out_len); + torture_assert(tctx, ok, "{\"\", 0} to utf8 failed"); + torture_assert(tctx, out_len == 1, "{\"\", 0} length is one"); + torture_assert(tctx, out[0] == 0, "{\"\", 0} utf8[0] is zero"); + TALLOC_FREE(out); + + ok = convert_string_talloc(tctx, + CH_UTF16LE, CH_UTF8, + zeros, 2, + &out, &out_len); + torture_assert(tctx, ok, "{\"\\0\", 1} to utf8 failed"); + torture_assert(tctx, out_len == 1, "{\"\\0\", 1} length is one"); + torture_assert(tctx, out[0] == 0 && out[1] == 0, + "{\"\\0\", 1} utf8 is zero"); + TALLOC_FREE(out); + + ok = convert_string_talloc(tctx, + CH_UTF16LE, CH_UTF8, + zeros, 4, + &out, &out_len); + torture_assert(tctx, ok, "{\"\\0\\0\\0\\0\", 4} to utf8 failed"); + torture_assert(tctx, out_len == 2, "{\"\\0\\0\\0\\0\", 4} length is two"); + torture_assert(tctx, out[0] == 0 && out[1] == 0, + "{\"\\0\\0\\0\\0\", 4} utf8 is zero"); + TALLOC_FREE(out); + + ok = convert_string_talloc(tctx, + CH_UTF16LE, CH_UTF8, + s, 0, + &out, &out_len); + torture_assert(tctx, ok, "{\"s\", 0} to utf8 failed"); + torture_assert(tctx, out_len == 1, "{\"s\", 0} length is one"); + torture_assert(tctx, out[0] == 0, "{\"s\", 0} utf8 is zero"); + TALLOC_FREE(out); + + ok = convert_string_talloc(tctx, + CH_UTF16LE, CH_UTF8, + s, 2, + &out, &out_len); + torture_assert(tctx, ok, "{\"s\\0\", 2} to utf8 failed"); + torture_assert(tctx, out_len == 1, "{\"s\\0\", 2} length is one"); + torture_assert(tctx, out[0] == 's' && out[1] == 0, + "{\"s\\0\", 2} utf8 is s"); + TALLOC_FREE(out); + + + ok = convert_string_talloc(tctx, + CH_UTF16LE, CH_UTF8, + s, 4, + &out, &out_len); + torture_assert(tctx, ok, "{\"s\\0\\0\\0\", 4} utf8 failed"); + torture_assert(tctx, out_len == 2, "\"s\\0\\0\\0\", 4} utf8 length is two"); + torture_assert(tctx, out[0] == 's' && out[1] == 0, + "{\"s\\0\\0\\0\", 4} utf8 is s"); + TALLOC_FREE(out); + + /* odd numbers of bytes from UTF-16 should fail */ + ok = convert_string_talloc(tctx, + CH_UTF16LE, CH_UTF8, + s, 1, + &out, &out_len); + torture_assert(tctx, ! ok, "{\"s\", 1} to utf8 should have failed"); + + ok = convert_string_talloc(tctx, + CH_UTF16LE, CH_UTF8, + s, 3, + &out, &out_len); + torture_assert(tctx, ! ok, "{\"s\\0\\0\", 3} to utf8 should have failed"); + + ok = convert_string_talloc(tctx, + CH_UTF16LE, CH_UTF8, + zeros, 1, + &out, &out_len); + torture_assert(tctx, ! ok, + "{\"\\0\", 1} to utf8 should have failed"); + + ok = convert_string_talloc(tctx, + CH_UTF16LE, CH_UTF8, + zeros, 5, + &out, &out_len); + torture_assert(tctx, ! ok, + "{\"\\0\\0\\0\\0\", 5} to utf8 should have failed"); + + return true; +} + + static bool test_plato_latin(struct torture_context *tctx) { DATA_BLOB plato_latin_utf8 = base64_decode_data_blob(plato_latin_utf8_base64); @@ -2020,6 +2179,7 @@ struct torture_suite *torture_local_convert_string(TALLOC_CTX *mem_ctx) { struct torture_suite *suite = torture_suite_create(mem_ctx, "convert_string"); + torture_suite_add_simple_test(suite, "short_strings", test_short_strings); torture_suite_add_simple_test(suite, "gd", test_gd); torture_suite_add_simple_test(suite, "plato", test_plato); torture_suite_add_simple_test(suite, "plato_latin", test_plato_latin); diff --git a/librpc/idl/spoolss.idl b/librpc/idl/spoolss.idl index 14489534c83..81605879d3c 100644 --- a/librpc/idl/spoolss.idl +++ b/librpc/idl/spoolss.idl @@ -2403,13 +2403,13 @@ cpp_quote("#define spoolss_security_descriptor security_descriptor") /* Function: 0x2e */ typedef struct { - [string,charset(URF16)] uint16 *monitor_name; + [string,charset(UTF16)] uint16 *monitor_name; } spoolss_AddMonitorInfo1; typedef struct { - [string,charset(URF16)] uint16 *monitor_name; - [string,charset(URF16)] uint16 *environment; - [string,charset(URF16)] uint16 *dll_name; + [string,charset(UTF16)] uint16 *monitor_name; + [string,charset(UTF16)] uint16 *environment; + [string,charset(UTF16)] uint16 *dll_name; } spoolss_AddMonitorInfo2; typedef [ms_union,switch_type(uint32)] union { diff --git a/librpc/ndr/ndr_basic.c b/librpc/ndr/ndr_basic.c index 8820c0f5cec..350020d7788 100644 --- a/librpc/ndr/ndr_basic.c +++ b/librpc/ndr/ndr_basic.c @@ -1025,7 +1025,7 @@ _PUBLIC_ enum ndr_err_code ndr_pull_ipv4address(struct ndr_pull *ndr, int ndr_fl _PUBLIC_ enum ndr_err_code ndr_push_ipv4address(struct ndr_push *ndr, int ndr_flags, const char *address) { uint32_t addr; - if (!is_ipaddress(address)) { + if (!is_ipaddress_v4(address)) { return ndr_push_error(ndr, NDR_ERR_IPV4ADDRESS, "Invalid IPv4 address: '%s'", address); diff --git a/python/samba/tests/krb5/as_req_tests.py b/python/samba/tests/krb5/as_req_tests.py index eb5e16e539e..c185c393cf6 100755 --- a/python/samba/tests/krb5/as_req_tests.py +++ b/python/samba/tests/krb5/as_req_tests.py @@ -529,6 +529,23 @@ class AsReqKerberosTests(AsReqBaseTest): sname=wrong_krbtgt_princ, expected_error=KDC_ERR_S_PRINCIPAL_UNKNOWN) + def test_krbtgt_single_component_krbtgt(self): + """Test that we can make a request to the single‐component krbtgt + principal.""" + + client_creds = self.get_client_creds() + + # Create a krbtgt principal with a single component. + single_component_krbtgt_principal = self.PrincipalName_create( + name_type=NT_SRV_INST, + names=['krbtgt']) -- Samba Shared Repository