The branch, v4-19-stable has been updated
       via  bce5c475d12 VERSION: Disable GIT_SNAPSHOT for the 4.19.7 release.
       via  e71f7441c9e WHATSNEW: Add release notes for Samba 4.19.7.
       via  6ca4df63741 BUG 15569 ldb: Release LDB 2.8.1
       via  d4f9272b7e9 s3:smbcacls: fix ace_compare
       via  123f458dda6 ldb:attrib_handlers: reduce non-transitive behaviour in 
ldb_comparison_fold
       via  00000382d17 ldb:attrib_handlers: use NUMERIC_CMP in 
ldb_comparison_fold
       via  ae8eb3d2b09 s4:dsdb:mod: repl_md: message sort uses NUMERIC_CMP()
       via  2a53574e07e s4:dsdb:mod: repl_md: make message_sort transitive
       via  92daa0a7801 ldb: avoid NULL deref in ldb_db_compare
       via  ca905ccbf1e ldb:attrib_handlers: make ldb_comparison_Boolean more 
consistent
       via  50bfb065e01 ldb-samba:ldif_handlers: dn_link_comparison: sort 
invalid DNs
       via  5c5c652db7c ldb-samba:ldif_handlers: dn_link_comparison leaks less
       via  96f3db39522 ldb-samba:ldif_handlers: dn_link_comparison correctly 
sorts deleted objects
       via  2b3416384ae ldb-samba:ldif_handlers: dn_link_comparison semi-sorts 
invalid DNs
       via  fae4e0b16aa ldb-samba:ldif_handlers: dn_link_comparison semi-sorts 
deleted objects
       via  108f687cf22 ldb-samba: ldif-handlers: make 
ldif_comparison_objectSid() accurate
       via  5bf176b5692 s4:rpcsrv:samr: improve a comment in compare_msgRid
       via  24d362e62d4 s4:rpcsrv:dnsserver: make dns_name_compare transitive 
with NULLs
       via  9314eaaba91 s3:libsmb:nmblib: use NUMERIC_CMP in status_compare
       via  f0f9598d5d1 lib/socket: rearrange iface_comp() to use NUMERIC_CMP
       via  c1819217c0a gensec: sort_gensec uses NUMERIC_CMP
       via  4066451f6e8 s3:rpc:wkssvc_nt: dom_user_cmp uses NUMERIC_CMP
       via  16288b40eb9 dsdb:schema: use NUMERIC_CMP in place of uint32_cmp
       via  069e651d4b8 s3:mod:vfs_vxfs: use NUMERIC_CMP in vxfs_ace_cmp
       via  f58d857d722 s3:mod:posixacl_xattr: use NUMERIC_CMP in 
posixacl_xattr_entry_compare
       via  13645e1131b s3:brlock: use NUMERIC_CMP in #ifdef-zeroed lock_compare
       via  aa255148bbb ldb:dn: make ldb_dn_compare() self-consistent
       via  867dce05d21 ldb:sort: generalise both-NULL check to equality check
       via  87a6fe0058a ldb:sort: check that elements have values
       via  71d2c9093cf ldb:mod:sort: rearrange NULL checks
       via  d4477eab44a s3:libsmb_xattr: ace_compare() uses NUMERIC_CMP()
       via  075aae1d1a0 s3:util:sharesec ace_compare() uses NUMERIC_CMP()
       via  32f4e0c7f5a s3:smbcacls: use NUMERIC_CMP in ace_compare
       via  26e08f8fc7d s3:util:net_registry: registry_value_cmp() uses 
NUMERIC_CMP()
       via  30f0a2fb131 s4:wins: use NUMERIC_CMP in 
nbtd_wins_randomize1Clist_sort()
       via  91dd5024010 s4:wins: winsdb_addr_sort_list() uses NUMERIC_CMP()
       via  0f8e25b897f s4:wins: use NUMERIC_CMP in winsdb_addr_sort_list()
       via  f14a1370f48 s4:dns_server: use NUMERIC_CMP in rec_cmp()
       via  622bf82fb32 s4:rpc_server: compare_SamEntry() uses NUMERIC_CMP()
       via  6b07ce82a58 s3:lib:util_tdb: use NUMERIC_CMP() in tdb_data_cmp()
       via  b7f581fb61f libcli/security: use NUMERIC_CMP in 
dom_sid_compare_auth()
       via  60c318fc66b libcli/security: use NUMERIC_CMP in dom_sid_compare()
       via  23d792875f9 ldb: reduce non-transitive comparisons in 
ldb_msg_element_compare()
       via  b2dbe57c977 ldb: avoid non-transitive comparison in ldb_val_cmp()
       via  fe804401b9b util:datablob: avoid non-transitive comparison in 
data_blob_cmp()
       via  ad50158af05 ldb:attrib_handlers: ldb_comparison_binary uses 
NUMERIC_CMP()
       via  9de4a5d3bbc ldb:attrib_handlers: ldb_comparison_Boolean uses 
NUMERIC_CMP()
       via  c85cb252af0 util: charset:util_str: use NUMERIC_CMP in 
strncasecmp_m_handle
       via  5847e53de2f lib/torture: add assert_int_{less,greater} macros
       via  12c6c305fb1 s3:libsmb:namequery: use NUMERIC_CMP in addr_compare
       via  74befdb1387 s3:libsmb:namequery: note intransitivity in 
addr_compare()
       via  2557ab23014 util:charset:codepoints: codepoint_cmpi warning about 
non-transitivity
       via  120479e4e02 util:charset:codepoints: condepoint_cmpi uses 
NUMERIC_CMP()
       via  388b11b6dc1 util:test: test_ms_fn_match_protocol_no_wildcard: allow 
-1
       via  59f6652aeee util:charset:util_str: use NUMERIC_CMP in 
strcasecmp_m_handle
       via  3f8063530d2 torture:charset: test more of strcasecmp_m
       via  6b08f2ed860 torture:charset: use < and > assertions for 
strncasecmp_m
       via  5082378df18 torture:charset: use < and > assertions for strcasecmp_m
       via  1a45f172070 util:binsearch: user NUMERIC_CMP()
       via  ea27699bcd2 s4: use numeric_cmp in dns_common_sort_zones()
       via  792f8d40e1c s4:dsdb:mod:operational: use NUMERIC_CMP in pso_compare
       via  25e97cd7dba s4:ntvfs: use NUMERIC_CMP in stream_name_cmp
       via  6c9119371cd ldb:ldb_dn: use safe NUMERIC_CMP in ldb_dn_compare()
       via  8a706fa32be ldb:ldb_dn: use safe NUMERIC_CMP in 
ldb_dn_compare_base()
       via  20a8eaa8b86 ldb: add NUMERIC_CMP macro to ldb.h
       via  d386c57d68b util:tsort.h: add a macro for safely comparing numbers
       via  22d8332e1b9 lib/fuzzing/decode_ndr_X_crash: guess the pipe from 
filename
       via  241ebc607b2 ldb: avoid out of bounds read and write in ldb_qsort()
       via  fab04efa325 s3:libads: avoid changing ADS->server.workgroup
       via  b6253028b30 s3:libsmb: allow store_cldap_reply() to work with a 
ipv6 response
       via  3b922dd5759 s4:dsdb/repl: let drepl_out_helpers.c always go via 
dreplsrv_out_drsuapi_send()
       via  92a0533a9ea s3:utils: let smbstatus report anonymous 
signing/encryption explicitly
       via  45b9b63283d s3:smbd: allow anonymous encryption after one 
authenticated session setup
       via  1925abda4c4 s3:utils: let smbstatus also report partial tcon 
signing/encryption
       via  70969d8da5a s3:utils: let smbstatus also report AES-256 encryption 
types for tcons
       via  8cc6ccb54a3 s3:utils: let connections_forall_read() report if the 
session was authenticated
       via  8b6b837eb7d s3:lib: let sessionid_traverse_read() report if the 
session was authenticated
       via  c9c83fb691f s3:utils: remove unused signing_flags in 
connections_forall()
       via  a6c549db3d8 s4:torture/smb2: add 
smb2.session.anon-{encryption{1,2,},signing{1,2}}
       via  3f476fd8bf3 s4:libcli/smb2: add hack to test anonymous signing and 
encryption
       via  7a75e6bdaf0 smbXcli_base: add hacks to test anonymous signing and 
encryption
       via  98adde991bf tests/ntacls: unblock failing gitlab pipelines because 
test_setntacl_forcenative
       via  11edf47d3c3 .gitlab-ci-main.yml: debug kernel details of the 
current runner
       via  5502aa893cc .gitlab-ci: Remove tags no longer provided by gitlab.com
       via  b00c09bee3b s3:utils: Fix Inherit-Only flag being automatically 
propagated to children
       via  e703c0c3914 python/samba/tests/blackbox: Add tests for Inherit-only 
flag propagation
       via  2930a1955bf libcli/http: Detect unsupported Transfer-encoding type
       via  65bb329e166 selftest: Add new test for testing non-chunk transfer 
encoding
       via  a269412c71e selftest: fix potential reference before assigned error
       via  cbd4a6633c6 libcli/http: Handle http chunked transfer encoding
       via  57757be4dfd tests: add test for chunked encoding with http cli 
library
       via  a05d96e4b96 libcli/http: Optimise reading for content-length
       via  c27ad381b39 selftest: Add basic content-lenght http tests
       via  6636ec3bb2a Add simple http_client for use in black box tests (in 
following commits)
       via  4b7785226ad VERSION: Bump version up to Samba 4.19.7...
      from  b400092dd0a VERSION: Disable GIT_SNAPSHOT for the 4.19.6 release.

https://git.samba.org/?p=samba.git;a=shortlog;h=v4-19-stable


- Log -----------------------------------------------------------------
-----------------------------------------------------------------------

Summary of changes:
 .gitlab-ci-coverage-runners.yml                    |   8 +-
 .gitlab-ci-default-runners.yml                     |  46 +-
 .gitlab-ci-main.yml                                |   6 +
 VERSION                                            |   2 +-
 WHATSNEW.txt                                       |  66 ++-
 auth/gensec/gensec_start.c                         |   2 +-
 lib/fuzzing/decode_ndr_X_crash                     |  12 +-
 lib/ldb-samba/ldif_handlers.c                      |  94 +--
 lib/ldb/ABI/{ldb-2.8.0.sigs => ldb-2.8.1.sigs}     |   0
 lib/ldb/common/attrib_handlers.c                   |  53 +-
 lib/ldb/common/ldb_dn.c                            |  30 +-
 lib/ldb/common/ldb_msg.c                           |  13 +-
 lib/ldb/common/qsort.c                             |   2 +-
 lib/ldb/include/ldb.h                              |  16 +
 lib/ldb/modules/sort.c                             |  19 +-
 lib/ldb/wscript                                    |   2 +-
 lib/socket/interfaces.c                            |  22 +-
 lib/torture/torture.h                              |  20 +
 lib/util/charset/codepoints.c                      |  15 +-
 lib/util/charset/tests/charset.c                   |  31 +-
 lib/util/charset/util_str.c                        |   9 +-
 lib/util/data_blob.c                               |   5 +-
 lib/util/tests/binsearch.c                         |   6 +-
 lib/util/tests/test_ms_fnmatch.c                   |   2 +-
 lib/util/tsort.h                                   |  19 +
 libcli/http/http.c                                 | 309 +++++++++-
 libcli/http/http_internal.h                        |   4 +
 libcli/security/dom_sid.c                          |  25 +-
 libcli/smb/smbXcli_base.c                          | 104 +++-
 libcli/smb/smbXcli_base.h                          |   5 +
 python/samba/tests/blackbox/http_chunk.py          | 129 +++++
 python/samba/tests/blackbox/http_content.py        |  95 ++++
 .../blackbox/smbcacls_propagate_inhertance.py      | 108 ++++
 python/samba/tests/ntacls.py                       |   2 +-
 selftest/flapping.d/gitlab-setxattr-security       |  18 +
 selftest/knownfail-32bit                           |   8 -
 selftest/knownfail.d/smbcacls                      |   0
 selftest/tests.py                                  |   2 +
 source3/include/session.h                          |   1 +
 source3/lib/sessionid_tdb.c                        |   8 +
 source3/lib/util_tdb.c                             |   4 +-
 source3/libads/ldap.c                              |  16 +-
 source3/librpc/idl/ads.idl                         |   1 +
 source3/libsmb/dsgetdcname.c                       |  24 +-
 source3/libsmb/libsmb_xattr.c                      |  14 +-
 source3/libsmb/namequery.c                         |  14 +-
 source3/libsmb/nmblib.c                            |   6 +-
 source3/locking/brlock.c                           |   7 +-
 source3/modules/posixacl_xattr.c                   |   6 +-
 source3/modules/vfs_vxfs.c                         |   6 +-
 source3/rpc_server/wkssvc/srv_wkssvc_nt.c          |   2 +-
 source3/smbd/globals.h                             |   5 +
 source3/smbd/smb2_server.c                         |  11 +
 source3/smbd/smb2_sesssetup.c                      |  18 +-
 source3/smbd/smb2_tcon.c                           |   4 +
 source3/utils/conn_tdb.c                           |  12 +-
 source3/utils/conn_tdb.h                           |   1 +
 source3/utils/net_ads.c                            |   6 +
 source3/utils/net_registry.c                       |   2 +-
 source3/utils/sharesec.c                           |   8 +-
 source3/utils/smbcacls.c                           |  19 +-
 source3/utils/status.c                             |  82 ++-
 source3/utils/status.h                             |   1 +
 source3/utils/status_json.c                        |   2 +
 source4/client/http_test.c                         | 401 +++++++++++++
 source4/dns_server/dnsserver_common.c              |   6 +-
 source4/dsdb/repl/drepl_out_helpers.c              |  26 +-
 source4/dsdb/samdb/ldb_modules/operational.c       |   2 +-
 source4/dsdb/samdb/ldb_modules/repl_meta_data.c    |  17 +-
 source4/dsdb/schema/schema_set.c                   |  14 +-
 source4/libcli/smb2/session.c                      |  16 +-
 source4/libcli/smb2/smb2.h                         |   2 +
 source4/nbt_server/wins/winsdb.c                   |   5 +-
 source4/nbt_server/wins/winsserver.c               |   3 +-
 source4/ntvfs/posix/pvfs_streams.c                 |   3 +-
 source4/rpc_server/dnsserver/dnsdata.c             |  16 +-
 source4/rpc_server/samr/dcesrv_samr.c              |   7 +-
 source4/torture/smb2/session.c                     | 629 +++++++++++++++++++++
 source4/wscript_build                              |   5 +
 79 files changed, 2469 insertions(+), 272 deletions(-)
 copy lib/ldb/ABI/{ldb-2.8.0.sigs => ldb-2.8.1.sigs} (100%)
 create mode 100644 python/samba/tests/blackbox/http_chunk.py
 create mode 100644 python/samba/tests/blackbox/http_content.py
 create mode 100644 selftest/flapping.d/gitlab-setxattr-security
 delete mode 100644 selftest/knownfail.d/smbcacls
 create mode 100644 source4/client/http_test.c


Changeset truncated at 500 lines:

diff --git a/.gitlab-ci-coverage-runners.yml b/.gitlab-ci-coverage-runners.yml
index 0f6b2ec1581..331c5d2399c 100644
--- a/.gitlab-ci-coverage-runners.yml
+++ b/.gitlab-ci-coverage-runners.yml
@@ -1,10 +1,4 @@
 include:
   - /.gitlab-ci-default-runners.yml
 
-.shared_runner_test:
-  # We need the more powerful n1-standard-2 runners
-  # in order to handle the lcov overhead.
-  #
-  # See .gitlab-ci-default-runners.yml for more details
-  tags:
-    - gitlab-org-docker
+# Currently we're happy with the defaults
diff --git a/.gitlab-ci-default-runners.yml b/.gitlab-ci-default-runners.yml
index 2dea6e82c49..bdc504aff21 100644
--- a/.gitlab-ci-default-runners.yml
+++ b/.gitlab-ci-default-runners.yml
@@ -1,48 +1,26 @@
-# From https://docs.gitlab.com/ee/user/gitlab_com/#shared-runners:
+# From https://docs.gitlab.com/ee/ci/runners/hosted_runners/linux.html
 #
 #   ...
 #
-#   All your CI/CD jobs run on n1-standard-1 instances with 3.75GB of RAM, 
CoreOS
-#   and the latest Docker Engine installed. Instances provide 1 vCPU and 25GB 
of
-#   HDD disk space. The default region of the VMs is US East1. Each instance is
-#   used only for one job, this ensures any sensitive data left on the system 
can’t
-#   be accessed by other people their CI jobs.
-#
-#   The gitlab-shared-runners-manager-X.gitlab.com fleet of runners are 
dedicated
-#   for GitLab projects as well as community forks of them. They use a slightly
-#   larger machine type (n1-standard-2) and have a bigger SSD disk size. They 
don’t
-#   run untagged jobs and unlike the general fleet of shared runners, the 
instances
-#   are re-used up to 40 times.
-#
-#   ...
-#
-# The n1-standard-1 runners seem to be tagged with 'docker' together with 
'gce'.
-#
-# The more powerful n1-standard-2 runners seem to be tagged with
-# 'gitlab-org-docker' or some with just 'gitlab-org'.
-#
+#   Runner Tag              vCPUs   Memory   Storage
+#   saas-linux-small-amd64  2       8 GB     25 GB
 #
 # Our current private runner 'docker', 'samba-ci-private', 'shared' and
-# 'ubuntu1804'. It runs with an ubuntu1804 kernel and privides an ext4 
filesystem
-# and similar RAM as the n1-standard-2 runners.
+# 'ubuntu2204'. It runs with an ubuntu2204 kernel (5.15) and provides an
+# ext4 filesystem, 2 CPU and 4 GB (shared tag) 8G (samba-ci-private tag) RAM.
 #
 
 .shared_runner_build:
-  # We use n1-standard-1 shared runners by default.
-  #
-  # There are currently 5 shared runners with 'docker' and 'gce',
-  # while there are only 2 provising 'docker' together with 'shared'.
+  # We use saas-linux-small-amd64 shared runners by default.
+  # We avoid adding explicit tags for them in order
+  # to work with potential changes in future
   #
-  # We used to fallback to our private runner if the docker+shared runners
-  # were busy, but now that we use the 5 docker+gce runners, we try to only
-  # use shared runners without a fallback to our private runner!
-  # Lets see how that will work out.
-  tags:
-    - docker
-    - gce
+  # In order to generate valid yaml, we define a dummy variable...
+  variables:
+    SAMBA_SHARED_RUNNER_BUILD_DUMMY_VARIABLE: shared_runner_build
 
 .shared_runner_test:
-  # Currently we're fine using the n1-standard-1 runners also for testing
+  # We use saas-linux-small-amd64 shared runners by default.
   extends: .shared_runner_build
 
 .private_runner_test:
diff --git a/.gitlab-ci-main.yml b/.gitlab-ci-main.yml
index 779eedb8255..4e4addf5d1a 100644
--- a/.gitlab-ci-main.yml
+++ b/.gitlab-ci-main.yml
@@ -112,8 +112,14 @@ include:
 
   before_script:
     - uname -a
+    - ls -l /sys/module/
+    - ls -l /sys/kernel/security/
+    - if [ -e /sys/kernel/security/lsm ]; then cat /sys/kernel/security/lsm ; 
echo; fi
+    - if [ -e /proc/config.gz ]; then sudo zcat /proc/config.gz; echo; fi
     - lsb_release -a
     - cat /etc/os-release
+    - id
+    - cat /proc/self/status
     - lscpu
     - cat /proc/cpuinfo
     - mount
diff --git a/VERSION b/VERSION
index 066af506941..44318cde503 100644
--- a/VERSION
+++ b/VERSION
@@ -27,7 +27,7 @@ SAMBA_COPYRIGHT_STRING="Copyright Andrew Tridgell and the 
Samba Team 1992-2023"
 ########################################################
 SAMBA_VERSION_MAJOR=4
 SAMBA_VERSION_MINOR=19
-SAMBA_VERSION_RELEASE=6
+SAMBA_VERSION_RELEASE=7
 
 ########################################################
 # If a official release has a serious bug              #
diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index be2edfb6ac4..fa27ad5083b 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,3 +1,66 @@
+                   ==============================
+                   Release Notes for Samba 4.19.7
+                           June 10, 2024
+                   ==============================
+
+
+This is the latest stable release of the Samba 4.19 release series.
+
+
+Changes since 4.19.6
+--------------------
+
+o  Douglas Bagnall <douglas.bagn...@catalyst.net.nz>
+   * BUG 15569: ldb qsort might r/w out of bounds with an intransitive compare
+     function (ldb 2.8.1 is already released).
+   * BUG 15625: Many qsort() comparison functions are non-transitive, which can
+     lead to out-of-bounds access in some circumstances (ldb 2.8.1 is already
+     released).
+
+o  Andrew Bartlett <abart...@samba.org>
+   * BUG 15638: Need to change gitlab-ci.yml tags in all branches to avoid CI
+     bill.
+
+o  Stefan Metzmacher <me...@samba.org>
+   * BUG 14981: netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with
+     SysvolReady=0.
+   * BUG 15412: Anonymous smb3 signing/encryption should be allowed (similar to
+     Windows Server 2022).
+   * BUG 15573: Panic in dreplsrv_op_pull_source_apply_changes_trigger.
+   * BUG 15642: winbindd, net ads join and other things don't work on an ipv6
+     only host.
+
+o  Anna Popova <popova.anna...@gmail.com>
+   * BUG 15636: Smbcacls incorrectly propagates inheritance with Inherit-Only
+     flag.
+
+o  Noel Power <noel.po...@suse.com>
+   * BUG 15611: http library doesn't support  'chunked transfer encoding'.
+
+
+#######################################
+Reporting bugs & Development Discussion
+#######################################
+
+Please discuss this release on the samba-technical mailing list or by
+joining the #samba-technical:matrix.org matrix room, or
+#samba-technical IRC channel on irc.libera.chat.
+
+If you do report problems then please try to send high quality
+feedback. If you don't provide vital information to help us track down
+the problem then you will probably be ignored.  All bug reports should
+be filed under the Samba 4.1 and newer product in the project's Bugzilla
+database (https://bugzilla.samba.org/).
+
+
+======================================================================
+== Our Code, Our Bugs, Our Responsibility.
+== The Samba Team
+======================================================================
+
+
+Release notes for older releases follow:
+----------------------------------------
                    ==============================
                    Release Notes for Samba 4.19.6
                            April 08, 2024
@@ -52,8 +115,7 @@ database (https://bugzilla.samba.org/).
 ======================================================================
 
 
-Release notes for older releases follow:
-----------------------------------------
+----------------------------------------------------------------------
                    ==============================
                    Release Notes for Samba 4.19.5
                          February 19, 2024
diff --git a/auth/gensec/gensec_start.c b/auth/gensec/gensec_start.c
index b6979812ac0..4511674c8eb 100644
--- a/auth/gensec/gensec_start.c
+++ b/auth/gensec/gensec_start.c
@@ -1103,7 +1103,7 @@ _PUBLIC_ const struct gensec_critical_sizes 
*gensec_interface_version(void)
 }
 
 static int sort_gensec(const struct gensec_security_ops **gs1, const struct 
gensec_security_ops **gs2) {
-       return (*gs2)->priority - (*gs1)->priority;
+       return NUMERIC_CMP((*gs2)->priority, (*gs1)->priority);
 }
 
 int gensec_setting_int(struct gensec_settings *settings, const char 
*mechanism, const char *name, int default_value)
diff --git a/lib/fuzzing/decode_ndr_X_crash b/lib/fuzzing/decode_ndr_X_crash
index 63c3cd747d7..d90e7efe122 100755
--- a/lib/fuzzing/decode_ndr_X_crash
+++ b/lib/fuzzing/decode_ndr_X_crash
@@ -61,8 +61,9 @@ def process_one_file(f):
 
 def main():
     parser = argparse.ArgumentParser()
-    parser.add_argument('-p', '--pipe', default='$PIPE',
-                        help='pipe name (for output command line)')
+    parser.add_argument('-p', '--pipe', default=None,
+                        help=('pipe name (for output command line, '
+                              'default is a guess or "$PIPE")'))
     parser.add_argument('-t', '--type', default=None, choices=TYPES,
                         help='restrict to this type')
     parser.add_argument('-o', '--opnum', default=None, type=int,
@@ -91,6 +92,13 @@ def main():
         sys.exit(1)
 
     for fn in args.FILES:
+        if pipe is None:
+            m = re.search(r'clusterfuzz-testcase.+-fuzz_ndr_([a-z]+)', fn)
+            if m is None:
+                pipe = '$PIPE'
+            else:
+                pipe = m.group(1)
+
         if args.crash_filter is not None:
             if not re.search(args.crash_filter, fn):
                 print_if_verbose(f"skipping {fn}")
diff --git a/lib/ldb-samba/ldif_handlers.c b/lib/ldb-samba/ldif_handlers.c
index f77a268c1a8..e339c1c8b10 100644
--- a/lib/ldb-samba/ldif_handlers.c
+++ b/lib/ldb-samba/ldif_handlers.c
@@ -150,36 +150,47 @@ bool ldif_comparision_objectSid_isString(const struct 
ldb_val *v)
 
 /*
   compare two objectSids
+
+  If the SIDs seem to be strings, they are converted to binary form.
 */
 static int ldif_comparison_objectSid(struct ldb_context *ldb, void *mem_ctx,
                                    const struct ldb_val *v1, const struct 
ldb_val *v2)
 {
-       if (ldif_comparision_objectSid_isString(v1) && 
ldif_comparision_objectSid_isString(v2)) {
-               return ldb_comparison_binary(ldb, mem_ctx, v1, v2);
-       } else if (ldif_comparision_objectSid_isString(v1)
-                  && !ldif_comparision_objectSid_isString(v2)) {
-               struct ldb_val v;
-               int ret;
-               if (ldif_read_objectSid(ldb, mem_ctx, v1, &v) != 0) {
-                       /* Perhaps not a string after all */
-                       return ldb_comparison_binary(ldb, mem_ctx, v1, v2);
+       bool v1_is_string = ldif_comparision_objectSid_isString(v1);
+       bool v2_is_string = ldif_comparision_objectSid_isString(v2);
+       struct ldb_val parsed_1 = {};
+       struct ldb_val parsed_2 = {};
+       int ret;
+       /*
+        * If the ldb_vals look like SID strings (i.e. start with "S-"
+        * or "s-"), we try to parse them as such. If that fails, we
+        * assume they are binary SIDs, even though that's not really
+        * possible -- the first two bytes of a struct dom_sid are the
+        * version (1), and the number of sub-auths (<= 15), neither
+        * of which are close to 'S' or '-'.
+        */
+       if (v1_is_string) {
+               int r = ldif_read_objectSid(ldb, mem_ctx, v1, &parsed_1);
+               if (r == 0) {
+                       v1 = &parsed_1;
                }
-               ret = ldb_comparison_binary(ldb, mem_ctx, &v, v2);
-               talloc_free(v.data);
-               return ret;
-       } else if (!ldif_comparision_objectSid_isString(v1)
-                  && ldif_comparision_objectSid_isString(v2)) {
-               struct ldb_val v;
-               int ret;
-               if (ldif_read_objectSid(ldb, mem_ctx, v2, &v) != 0) {
-                       /* Perhaps not a string after all */
-                       return ldb_comparison_binary(ldb, mem_ctx, v1, v2);
+       }
+       if (v2_is_string) {
+               int r = ldif_read_objectSid(ldb, mem_ctx, v2, &parsed_2);
+               if (r == 0) {
+                       v2 = &parsed_2;
                }
-               ret = ldb_comparison_binary(ldb, mem_ctx, v1, &v);
-               talloc_free(v.data);
-               return ret;
        }
-       return ldb_comparison_binary(ldb, mem_ctx, v1, v2);
+
+       ret = ldb_comparison_binary(ldb, mem_ctx, v1, v2);
+
+       if (v1_is_string) {
+               TALLOC_FREE(parsed_1.data);
+       }
+       if (v2_is_string) {
+               TALLOC_FREE(parsed_2.data);
+       }
+       return ret;
 }
 
 /*
@@ -1148,22 +1159,41 @@ static int samba_ldb_dn_link_comparison(struct 
ldb_context *ldb, void *mem_ctx,
        struct ldb_dn *dn1 = NULL, *dn2 = NULL;
        int ret;
 
+       /*
+        * In a sort context, Deleted DNs get shifted to the end.
+        * They never match in an equality
+        */
        if (dsdb_dn_is_deleted_val(v1)) {
-               /* If the DN is deleted, then we can't search for it */
-               return -1;
-       }
-
-       if (dsdb_dn_is_deleted_val(v2)) {
-               /* If the DN is deleted, then we can't search for it */
+               if (! dsdb_dn_is_deleted_val(v2)) {
+                       return 1;
+               }
+               /*
+                * They are both deleted!
+                *
+                * The soundest thing to do at this point is carry on
+                * and compare the DNs normally. This matches the
+                * behaviour of samba_dn_extended_match() below.
+                */
+       } else if (dsdb_dn_is_deleted_val(v2)) {
                return -1;
        }
 
        dn1 = ldb_dn_from_ldb_val(mem_ctx, ldb, v1);
-       if ( ! ldb_dn_validate(dn1)) return -1;
-
        dn2 = ldb_dn_from_ldb_val(mem_ctx, ldb, v2);
+
+       if ( ! ldb_dn_validate(dn1)) {
+               TALLOC_FREE(dn1);
+               if ( ! ldb_dn_validate(dn2)) {
+                       TALLOC_FREE(dn2);
+                       return 0;
+               }
+               TALLOC_FREE(dn2);
+               return 1;
+       }
+
        if ( ! ldb_dn_validate(dn2)) {
-               talloc_free(dn1);
+               TALLOC_FREE(dn1);
+               TALLOC_FREE(dn2);
                return -1;
        }
 
diff --git a/lib/ldb/ABI/ldb-2.8.0.sigs b/lib/ldb/ABI/ldb-2.8.1.sigs
similarity index 100%
copy from lib/ldb/ABI/ldb-2.8.0.sigs
copy to lib/ldb/ABI/ldb-2.8.1.sigs
diff --git a/lib/ldb/common/attrib_handlers.c b/lib/ldb/common/attrib_handlers.c
index 15470cfcc74..3d13e4bd9fd 100644
--- a/lib/ldb/common/attrib_handlers.c
+++ b/lib/ldb/common/attrib_handlers.c
@@ -281,15 +281,36 @@ static int ldb_canonicalise_Boolean(struct ldb_context 
*ldb, void *mem_ctx,
 }
 
 /*
-  compare two Booleans
-*/
+ * compare two Booleans.
+ *
+ * According to RFC4517 4.2.2, "the booleanMatch rule is an equality matching
+ * rule", meaning it isn't used for ordering.
+ *
+ * However, it seems conceivable that Samba could be coerced into sorting on a
+ * field with Boolean syntax, so we might as well have consistent behaviour in
+ * that case.
+ *
+ * The most probably values are {"FALSE", 5} and {"TRUE", 4}. To save time we
+ * compare first by length, which makes FALSE > TRUE. This is somewhat
+ * contrary to convention, but is how Samba has worked forever.
+ *
+ * If somehow we are comparing incompletely normalised values where the length
+ * is the same (for example {"false", 5} and {"TRUE\0", 5}), the length is the
+ * same, and we fall back to a strncasecmp. In this case, since "FALSE" is
+ * alphabetically lower, we swap the order, so that "TRUE\0" again comes
+ * before "FALSE".
+ *
+ * ldb_canonicalise_Boolean (just above) gives us a clue as to what we might
+ * expect to cope with by way of invalid values.
+ */
 static int ldb_comparison_Boolean(struct ldb_context *ldb, void *mem_ctx,
                           const struct ldb_val *v1, const struct ldb_val *v2)
 {
        if (v1->length != v2->length) {
-               return v1->length - v2->length;
+               return NUMERIC_CMP(v2->length, v1->length);
        }
-       return strncasecmp((char *)v1->data, (char *)v2->data, v1->length);
+       /* reversed, see long comment above */
+       return strncasecmp((char *)v2->data, (char *)v1->data, v1->length);
 }
 
 
@@ -300,7 +321,7 @@ int ldb_comparison_binary(struct ldb_context *ldb, void 
*mem_ctx,
                          const struct ldb_val *v1, const struct ldb_val *v2)
 {
        if (v1->length != v2->length) {
-               return v1->length - v2->length;
+               return NUMERIC_CMP(v1->length, v2->length);
        }
        return memcmp(v1->data, v2->data, v1->length);
 }
@@ -372,17 +393,27 @@ utf8str:
        b2 = ldb_casefold(ldb, mem_ctx, s2, n2);
 
        if (!b1 || !b2) {
-               /* One of the strings was not UTF8, so we have no
-                * options but to do a binary compare */
+               /*
+                * One of the strings was not UTF8, so we have no
+                * options but to do a binary compare.
+                */
                talloc_free(b1);
                talloc_free(b2);
                ret = memcmp(s1, s2, MIN(n1, n2));
                if (ret == 0) {
-                       if (n1 == n2) return 0;
+                       if (n1 == n2) {
+                               return 0;
+                       }
                        if (n1 > n2) {
-                               return (int)ldb_ascii_toupper(s1[n2]);
+                               if (s1[n2] == '\0') {
+                                       return 0;
+                               }
+                               return 1;
                        } else {
-                               return -(int)ldb_ascii_toupper(s2[n1]);
+                               if (s2[n1] == '\0') {
+                                       return 0;
+                               }
+                               return -1;
                        }
                }
                return ret;
@@ -404,7 +435,7 @@ utf8str:
                while (*u1 == ' ') u1++;
                while (*u2 == ' ') u2++;
        }
-       ret = (int)(*u1 - *u2);
+       ret = NUMERIC_CMP(*u1, *u2);
 
        talloc_free(b1);
        talloc_free(b2);
diff --git a/lib/ldb/common/ldb_dn.c b/lib/ldb/common/ldb_dn.c
index 601da57a1b1..8388fdb7318 100644
--- a/lib/ldb/common/ldb_dn.c
+++ b/lib/ldb/common/ldb_dn.c
@@ -1111,7 +1111,7 @@ int ldb_dn_compare_base(struct ldb_dn *base, struct 
ldb_dn *dn)
 
                /* compare attr.cf_value. */
                if (b_vlen != dn_vlen) {
-                       return b_vlen - dn_vlen;
+                       return NUMERIC_CMP(b_vlen, dn_vlen);
                }
                ret = strncmp(b_vdata, dn_vdata, b_vlen);
                if (ret != 0) return ret;
@@ -1132,8 +1132,32 @@ int ldb_dn_compare(struct ldb_dn *dn0, struct ldb_dn 
*dn1)
 {
        unsigned int i;
        int ret;
+       /*
+        * If used in sort, we shift NULL and invalid DNs to the end.
+        *
+        * If ldb_dn_casefold_internal() fails, that goes to the end too, so
+        * we end up with:
+        *
+        * | normal DNs, sorted | casefold failed DNs | invalid DNs | NULLs |
+        */
 
-       if (( ! dn0) || dn0->invalid || ! dn1 || dn1->invalid) {
+       if (dn0 == dn1) {
+               /* this includes the both-NULL case */
+               return 0;
+       }
+       if (dn0 == NULL) {
+               return 1;
+       }
+       if (dn1 == NULL) {
+               return -1;
+       }


-- 
Samba Shared Repository

Reply via email to