1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-25 23:21:54 +03:00
Commit Graph

5443 Commits

Author SHA1 Message Date
Andreas Schneider
8e88ab727a util: Fix a possible null pointer dereference
Found by cppcheck.

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-06-22 19:25:20 +02:00
Martin Schwenke
2513d5e11c lib/util: Optimise trim_string() to use a single memmove(3)
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Mon Jun 20 04:47:26 CEST 2016 on sn-devel-144
2016-06-20 04:47:26 +02:00
Martin Schwenke
92cfd1e9b8 torture: Add tests for trim_string()
Signed-off-by: Martin Schwenke <martin@meltin.net>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-06-20 00:47:30 +02:00
Andreas Schneider
8a0b058cee krb5_wrap: Add smb_krb5_mk_error()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-06-18 23:32:26 +02:00
Andrew Bartlett
61cb3a6a3b lib/ldb-samba: We can confirm a GUID is a GUID by length
The GUID_from_ndr_blob() is pointless and costly

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Fri Jun 17 18:13:56 CEST 2016 on sn-devel-144
2016-06-17 18:13:56 +02:00
Volker Lendecke
46916b24e9 lib: Add a little closefrom() test
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Mon Jun 13 14:11:11 CEST 2016 on sn-devel-144
2016-06-13 14:11:11 +02:00
Volker Lendecke
55529d0f85 libreplace: Add a closefrom() implementation
There is closefrom in some BSDs, but Linux ships this only as part
of libbsd.  Add a new implementation of it in libreplace. The one in
libbsd of jessie and upstream differ and it has for example optimizations
for FreeBSD, but it gets some of the array calculations slightly wrong
from my point of view. If you want those, use libbsd. This replacement
is optimized on Linux only looking at /proc/self/fd/, everything else
would do the OPEN_MAX brute force fallback.

Signed-off-by: Volker Lendecke <vl@samba.org>
2016-06-13 10:10:11 +02:00
Volker Lendecke
467ea855cc lib: Fix a signed/unsigned mixup
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-06-13 10:10:11 +02:00
Jeremy Allison
0e2711b2a0 lib: Fix uninitialized read in msghdr_copy
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jun  8 18:34:27 CEST 2016 on sn-devel-144
2016-06-08 18:34:27 +02:00
Amitay Isaacs
95c2cd10d7 lib/util: Add a generic definition for set_close_on_exec
Avoid changing function names to smb_set_close_on_exec in ctdb.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-06-08 10:33:19 +02:00
Andrew Bartlett
6888c172d3 build: Address may be used uninitialized in this function on Ubuntu 10.04
This is not found by modern compilers, but prevents the -Werror -O3 build on Ubuntu 10.04

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Jun  8 08:48:57 CEST 2016 on sn-devel-144
2016-06-08 08:48:57 +02:00
Andrew Bartlett
2a5183f49e build: Try to work around strict aliasing rules on Ubuntu 10.04
We get cc1: warnings being treated as errors
../lib/util/util_net.c: In function get_socket_port:
../lib/util/util_net.c:921: error: dereferencing pointer sa.106 does break strict-aliasing rules
../lib/util/util_net.c:921: note: initialized from here
../lib/util/util_net.c:925: error: dereferencing pointer sa.107 does break strict-aliasing rules
../lib/util/util_net.c:925: note: initialized from here

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>
2016-06-08 04:53:13 +02:00
Volker Lendecke
6d26d7253e lib: Add accept_send/recv
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-06-07 14:34:10 +02:00
Volker Lendecke
dd27469123 lib: Move poll_funcs to lib/
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-07 14:34:10 +02:00
Amitay Isaacs
2db6eb87b4 lib/util: Expose few more subsystems for standalone ctdb build
Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2016-06-07 14:34:10 +02:00
Volker Lendecke
6dcf81a202 lib: Move msghdr to lib/util/
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Amitay Isaacs <amitay@gmail.com>
2016-06-07 14:34:10 +02:00
Amitay Isaacs
2082c0c3b5 lib/util: Avoid splitting tevent-unix-util as public library
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11946

Commit 670db6ac1d split tevent-util public
library to create tevent-unix-util public library for standalone ctdb
use.  This created a public library dependency between samba and ctdb
for packaging.

Bundle tevent_unix.c in public library tevent-util as before.  However,
to avoid the dependencies for packaging, standalone ctdb build will
build tevent-util as a private library with only tevent_unix.c

This simplifies any new subsystems (or libraries) which need tevent-util
and are linked in both samba and ctdb.

Signed-off-by: Amitay Isaacs <amitay@gmail.com>
Reviewed-by: Volker Lendecke <vl@samba.org>
2016-06-06 12:26:19 +02:00
Bob Campbell
5c008e0216 samba_dnsupdate: do not interpret failure count as unix error code
Signed-off-by: Bob Campbell <bobcampbell@catalyst.net.nz>
Pair-programmed-with: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2016-06-03 07:27:22 +02:00
Lorinczy Zsigmond
8814b25565 lib: replace: snprintf - Fix length calculation for hex/octal 64-bit values.
Prevents truncation due to buffer size being too small.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11947

Signed-off-by: Lorinczy Zsigmond <lzsiga@freemail.c3.hu>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Michael Adam <obnox@samba.org>

Autobuild-User(master): Michael Adam <obnox@samba.org>
Autobuild-Date(master): Fri Jun  3 03:48:58 CEST 2016 on sn-devel-144
2016-06-03 03:48:58 +02:00
Ralph Boehme
e8c9e10dbb talloc: rename local timeval function copies
timeval_current() and timeval_elapsed() are public functions from
libsamba-util. Redeclaring them as static functions here triggers linker
error when building with gcc link-time-optimisation (LTO).

This shows the error after reverting this patch:
[slow@kazak lto]$ make -j
WAF_MAKE=1 python ./buildtools/bin/waf build
Waf: Entering directory `/home/slow/git/samba/lto/bin'
        Selected embedded Heimdal build
[ 174/4259] Generating ctdb-samba-version-header
[ 174/4259] Generating ctdb-samba-version-header
[ 521/4259] Generating source4/torture/local/proto.h
[2565/4259] Compiling lib/talloc/testsuite.c
[4125/4259] Linking default/source4/torture/smbtorture
/tmp/ccvL9UCe.ltrans3.ltrans.o:<artificial>:function smbsrv_accept.lto_priv.11: error: undefined reference to 'timeval_current.lto_priv.630'
/tmp/ccvL9UCe.ltrans4.ltrans.o:<artificial>:function smbsrv_recv_smb2_request: error: undefined reference to 'timeval_current.lto_priv.630'
/tmp/ccvL9UCe.ltrans4.ltrans.o:<artificial>:function smb2srv_negprot_backend: error: undefined reference to 'timeval_current.lto_priv.630'
/tmp/ccvL9UCe.ltrans4.ltrans.o:<artificial>:function smb2srv_negprot_backend: error: undefined reference to 'timeval_current.lto_priv.630'
/tmp/ccvL9UCe.ltrans9.ltrans.o:<artificial>:function test_smb2_oplock_batch22: error: undefined reference to 'timeval_elapsed.lto_priv.628'
/tmp/ccvL9UCe.ltrans9.ltrans.o:<artificial>:function test_smb2_bench_oplock: error: undefined reference to 'timeval_elapsed.lto_priv.628'
/tmp/ccvL9UCe.ltrans9.ltrans.o:<artificial>:function test_smb2_bench_oplock: error: undefined reference to 'timeval_elapsed.lto_priv.628'
/tmp/ccvL9UCe.ltrans9.ltrans.o:<artificial>:function test_smb2_bench_oplock: error: undefined reference to 'timeval_elapsed.lto_priv.628'
collect2: error: ld returned 1 exit status
...

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Wed Jun  1 21:09:16 CEST 2016 on sn-devel-144
2016-06-01 21:09:16 +02:00
Andreas Schneider
af6bd055d4 rwrap: Update resolve_wrapper to version 1.1.4
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Tue May 31 20:13:43 CEST 2016 on sn-devel-144
2016-05-31 20:13:43 +02:00
Jeremy Allison
3b5e3ef9f2 lib: tevent: Use struct sockaddr_storage to cope with IPv6.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sun May 29 09:13:30 CEST 2016 on sn-devel-144
2016-05-29 09:13:30 +02:00
Alexander Bokovoy
92b4b6b3c5 s3-smbd: Support systemd 230
systemd 230 version finally deprecated libsystemd-daemon/libsystemd-journal split
and put everything in libsystemd library.

Make sure HAVE_LIBSYSTEMD define is supported in the code (we already
have it defined by the waf).

Patch is based on the code proposed by Zbigniew Jędrzejewski-Szmek
from systemd project.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11936

Signed-off-by: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Wed May 25 20:25:44 CEST 2016 on sn-devel-144
2016-05-25 20:25:44 +02:00
Andreas Schneider
f85f4ce9cc swrap: Update to version 1.1.7
* Added support for accept4()
* Added support for OpenBSD
* Fixed sendto() with UDP and a connected socket
* Fixed AF_RAWLINK sockets

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Andreas Schneider <asn@cryptomilk.org>
Autobuild-Date(master): Fri May 20 13:58:37 CEST 2016 on sn-devel-144
2016-05-20 13:58:37 +02:00
Volker Lendecke
c4504bd7e3 lib: Fix some whitespace
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-05-16 19:52:22 +02:00
Volker Lendecke
8c332f46e4 lib: Fix a signed/unsigned mixup
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-05-16 19:52:22 +02:00
Michael Adam
258360f1eb lib: add sys_write_v - void variant of sys_write
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2016-05-13 00:16:15 +02:00
Michael Adam
4680fe047a lib: add sys_read_v - void variant of sys_read
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2016-05-13 00:16:15 +02:00
Michael Adam
af83bc3920 debug: fix -O3 warning - unused return code of write()
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2016-05-13 00:16:15 +02:00
Michael Adam
0e80775c1b tdb:torture: fix -O3 error unused result of write
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2016-05-13 00:16:15 +02:00
Michael Adam
a860245c4d tdb:torture: fix -O3 error unused result code of read
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2016-05-13 00:16:15 +02:00
Michael Adam
774087655d tevent:testsuite: fix O3 errors unused result of write
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2016-05-13 00:16:15 +02:00
Michael Adam
22918a033b tevent:testsuite: fix O3 errors unused result for read
Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2016-05-13 00:16:15 +02:00
Michael Adam
1521e688b6 tevent:signal: fix -O3 error unused result of read
some compilers don't tolerate void-casting for warn_unused_result

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2016-05-13 00:16:15 +02:00
Michael Adam
24b267eb86 tevent:signal: fix -O3 error unused result of write
some compilers don't tolerate void-casting for warn_unused_result

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2016-05-13 00:16:15 +02:00
Michael Adam
149fa72770 tevent:threads: fix -O3 error unused result of write
some compilers don't tolerate void-casting for warn_unused_result

Signed-off-by: Michael Adam <obnox@samba.org>
Reviewed-by: Christian Ambach <ambi@samba.org>
2016-05-13 00:16:14 +02:00
Andrew Bartlett
15f191a232 ldb-samba: Add "secret" as a value to hide in LDIF files
This is not secret or encrypted in LDAP, but is sensitive in secrets.ldb

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Wed May 11 07:17:38 CEST 2016 on sn-devel-144
2016-05-11 07:17:38 +02:00
Douglas Bagnall
2ba83ae49b pytalloc: avoid double 0x0x in repr strings
The %p format puts one in itself.

Before: <drsblobs.repsFromTo2 talloc based object at 0x0x1b551e0>
After:  <drsblobs.repsFromTo2 talloc based object at 0x1b551e0>

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-05-10 01:43:15 +02:00
Andrew Bartlett
2f44f370d8 ldb: Fix error string when renaming to an DN that already exists
We were printing the DN renamed from, not the DN being renamed to.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2016-05-10 01:43:14 +02:00
Garming Sam
38e08d7174 typo: mplementation => implementation
Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
2016-05-06 05:03:16 +02:00
Stefan Metzmacher
83b64ae64b talloc: version 2.1.7
* Fix memory leak when destructors reparent children. (bug #11901)

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May  5 22:33:04 CEST 2016 on sn-devel-144
2016-05-05 22:33:04 +02:00
Saji VR
d4d14b15b6 lib:talloc. Fix memory leak when destructors reparent children.
If a destructor reparents a child, we shouldn't exit the
loop freeing children as there may be others to process.

https://bugzilla.samba.org/show_bug.cgi?id=11901

Signed-off-by: Saji VR <saji.vr@nutanix.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Ira Cooper <ira@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu May  5 08:33:53 CEST 2016 on sn-devel-144
2016-05-05 08:33:53 +02:00
Volker Lendecke
87fa3c36f3 lib: Avoid includes.h in base64.c
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-05-04 01:28:23 +02:00
Volker Lendecke
93b982faad lib: Give base64.c its own .h
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-05-04 01:28:23 +02:00
Volker Lendecke
9ec3332349 lib: Remove SMB_ASSERT from base64_encode_data_blob
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-05-04 01:28:23 +02:00
Volker Lendecke
f457535e33 lib: =0 and |= is equivalent to =
Just a small simplication I thought might be nice

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-05-04 01:28:23 +02:00
Volker Lendecke
a5fd779aa1 lib: The base64 chars are by definition single-byte :-)
Remove a dependency on charcnv

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-05-04 01:28:22 +02:00
Andrew Bartlett
5359031e33 ldb-samba: Use ndr_pull_struct_blob_all_noalloc
This avoids pointless talloc() calls in a hot code path.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>

Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Tue May  3 11:43:15 CEST 2016 on sn-devel-144
2016-05-03 11:43:15 +02:00
Günther Deschner
95b8b02062 lib:krb5_wrap:krb5_samba: increase debug level for smb_krb5_get_default_realm_from_ccache().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11872

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-04-28 16:51:16 +02:00
Robin Hack
f4181f25b4 ldb-samba/ldb_matching_rules: Fix CID 1349424 - Uninitialized pointer read
Fix unitialized 'visited' value (pointer to pointer) in
ldb_eval_transitive_filter() which passes 'visited' value later to
ldb_eval_transitive_filter_helper().

Signed-off-by: Robin Hack <hack.robin@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Wed Apr 27 02:12:39 CEST 2016 on sn-devel-144
2016-04-27 02:12:39 +02:00
Robin Hack
b9ffb9322b talloc/testsuite: Fix CID 1291641 - Logically dead code
Add check for snprintf return code.

Signed-off-by: Robin Hack <hack.robin@gmail.com>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-04-26 22:48:21 +02:00
Petr Cech
32b1f78b23 LDB: Redudant test on NULL context remove
There is redudant test on NULL context in ldb_dn_new_fmt() function.
We use this (NULL) context in talloc_vasprintf() function which is
able to work with NULL at all. And at the end, we free this newly
created (by talloc_vasprintf) context. So it should be safe to remove
this check.

Signed-off-by: Petr Cech <pcech@redhat.com>
Reviewed-by: Simo Sorce <idra@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 26 08:09:25 CEST 2016 on sn-devel-144
2016-04-26 08:09:25 +02:00
Richard Sharpe
81ca7eac3d Refactor the dns_open_connection code so that duplicate code is removed and ensure that EINTR is handled in the UDP path.
Signed-off-by: Richard Sharpe <rsharpe@samba.org>
Reviewed-by: Volker Lendecke <vl@samba.org>
2016-04-26 01:20:25 +02:00
Jérémie Courrèges-Anglas
53e0860122 Fix CHECK_CODE usage in atomics builtin detection
CHECK_CODE already wraps the code with main().  Adding another layer
results in a nested function, eg

  int main(void) { int main(void) { __sync_fetch_and_add(); } }

Since the inner function isn't called it is optimized out at cc -O2,
thus the linker doesn't fail if __sync_fetch_and_add() isn't available.

Issue noticed on OpenBSD/hppa.

Signed-off-by: Jérémie Courrèges-Anglas <jca@wxcvbn.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Tue Apr 26 01:19:40 CEST 2016 on sn-devel-144
2016-04-26 01:19:40 +02:00
Ralph Boehme
35b2fb4ff3 krb5_wrap: fix keep_old_entries logic in smb_krb5_kt_seek_and_delete_old_entries()
This fixes an regression introduced in 5c5d586d3e at a higher level
in the caller smb_krb5_kt_add_entry(): calling smb_krb5_kt_add_entry
with keep_old_entries=false resulted in only one enctype per principal
remaining in the exported keytab.

The function smb_krb5_kt_seek_and_delete_old_entries() is called from
smb_krb5_kt_add_entry() when adding keys to a keytab. When the keytab
contains keys with the same kvno as the key to be added and
keep_old_entries is false, the key is deleted without checking the
encryption type of the key. This means that when adding keys for a
principal only the last enctype will be in the exported keytab.

Fix this by checking the encryption type and only treat a key as "old"
if keytab_key_kvno <= new_key_kvno and keytab_key_enctype ==
new_key_enctype.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-04-25 10:35:14 +02:00
Ralph Boehme
b26ae7fbf6 krb5_wrap: add enctype arg to smb_krb5_kt_seek_and_delete_old_entries()
Unused in this commit, the next commit will use it to avoid deleting
keys with the same kvno but a different enctype.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>
2016-04-25 10:35:14 +02:00
Jeremy Allison
d2e143708f lib: dns: Clean up allocated structure on error exit.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Richard Sharpe <rsharpe@samba.org>
2016-04-22 07:20:17 +02:00
Andreas Schneider
ba6e39076b util: Add memcmp_const_time()
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-04-19 09:37:14 +02:00
Stefan Metzmacher
f762be4343 CVE-2016-2118: docs-xml: default "allow dcerpc auth level connect" to "no"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-04-12 19:25:28 +02:00
Stefan Metzmacher
06b038c017 CVE-2016-2118: docs-xml: add "allow dcerpc auth level connect" defaulting to "yes"
We sadly need to allow this for now by default.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11616

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:27 +02:00
Stefan Metzmacher
c52097ae17 CVE-2016-2115: docs-xml: always default "client ipc signing" to "mandatory"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-04-12 19:25:27 +02:00
Ralph Boehme
b720575f16 CVE-2016-2115: s3:libsmb: add signing constant SMB_SIGNING_IPC_DEFAULT
SMB_SIGNING_IPC_DEFAULT must be used from s3 client code when opening
RPC connections.

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-04-12 19:25:26 +02:00
Stefan Metzmacher
f65f618e96 CVE-2016-2115: docs-xml: add "client ipc signing" option
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11756

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-04-12 19:25:26 +02:00
Stefan Metzmacher
8ff6a955f5 CVE-2016-2115: docs-xml: add "client ipc min protocol" and "client ipc max protocol" options
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11796

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>
2016-04-12 19:25:26 +02:00
Stefan Metzmacher
6ad9ba72a7 CVE-2016-2113: docs-xml: let "tls verify peer" default to "as_strict_as_possible"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-04-12 19:25:25 +02:00
Stefan Metzmacher
2362c0353b CVE-2016-2113: docs-xml: add "tls verify peer" option defaulting to "no_check"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11752

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:25 +02:00
Stefan Metzmacher
6e22abd977 CVE-2016-2112: docs-xml: change the default of "ldap server require strong auth" to "yes"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-04-12 19:25:25 +02:00
Stefan Metzmacher
0cd2acef79 CVE-2016-2112: docs-xml: add "ldap server require strong auth" option
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11644

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:25 +02:00
Stefan Metzmacher
1dc40a08f0 CVE-2016-2111: docs-xml/smbdotconf: default "raw NTLMv2 auth" to "no"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Alexander Bokovoy <ab@samba.org>
2016-04-12 19:25:24 +02:00
Stefan Metzmacher
a1900b5bd6 CVE-2016-2111: docs-xml: add "raw NTLMv2 auth" defaulting to "yes"
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11749

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
2016-04-12 19:25:24 +02:00
Volker Lendecke
e6ed803a3b tdb mutex check: Fix CID 1358473 Uninitialized scalar variable
This comes via a "goto cleanup" before suspend_mask is initialized

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Tue Apr 12 11:39:35 CEST 2016 on sn-devel-144
2016-04-12 11:39:34 +02:00
Stefan Metzmacher
acf6deb698 tdb: version 1.3.9
* avoid a race condition when checking for robust mutexes
  (bug #11808)
* Remove use of strcpy in tdb test.
* eliminate deprecation warnings in python tests
* Only set public headers field when installing as a public library.
* Refuse to load a database with hash size 0
* Fix various spelling errors

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Ralph Boehme <slow@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Mon Apr 11 18:48:26 CEST 2016 on sn-devel-144
2016-04-11 18:48:26 +02:00
Uri Simchoni
ef3d837040 tdb: rework cleanup logic in tdb_runtime_check_for_robust_mutexes()
The cleanup logic used six goto lables, at least I'm not able to make
sane modifications to such a beast.

By using state flags that track which objects are initialized and need
cleanup, we get rid of the goto labels. It comes at a cost though: you
have to be careful to correctly set the cleanup flags.

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-04-11 15:22:26 +02:00
Volker Lendecke
ff6b49beeb nwrap: Fix the build on Solaris
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11816

Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Andreas Schneider <asn@samba.org>

Autobuild-User(master): Volker Lendecke <vl@samba.org>
Autobuild-Date(master): Tue Apr  5 08:57:06 CEST 2016 on sn-devel-144
2016-04-05 08:57:06 +02:00
Jeremy Allison
0da76c9ab8 lib:replace: Missing semicolon on function definition.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>

Autobuild-User(master): Martin Schwenke <martins@samba.org>
Autobuild-Date(master): Sat Apr  2 06:04:13 CEST 2016 on sn-devel-144
2016-04-02 06:04:13 +02:00
Christof Schmitt
6a2d97b361 gpfswrap: Add wrapper for gpfs_set_winattrs
Signed-off-by: Christof Schmitt <cs@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-04-01 19:28:23 +02:00
Ralph Boehme
a7a77e2f43 tdb: avoid a race condition when checking for robust mutexes
This fixes a race between calling waitpid() in two places (SIGCHLD the
signal handler and the rendezvous code when waiting for the child to
terminate), by

- blocking SIGCHLD before installing our signal handler

- in the rendezvous code call sigssuspend() which unblocks SIGCHLD and
  suspends the thread and waits for signal delivery

BUG: https://bugzilla.samba.org/show_bug.cgi?id=11808

Signed-off-by: Ralph Boehme <slow@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>

Autobuild-User(master): Ralph Böhme <slow@samba.org>
Autobuild-Date(master): Tue Mar 29 16:04:19 CEST 2016 on sn-devel-144
2016-03-29 16:04:19 +02:00
Uri Simchoni
644e697fab lib/util: fix function comment
Signed-off-by: Uri Simchoni <uri@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-28 20:45:16 +02:00
Douglas Bagnall
a20ee62984 tevent.h: use HAVE___ATTRIBUTE__ instead of __GNUC__
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-03-24 15:13:15 +01:00
Douglas Bagnall
6ba2fe2e3f libreplace: use HAVE___ATTRIBUTE__ instead of __GNUC__
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-03-24 15:13:15 +01:00
Douglas Bagnall
88be24c279 util/attr.h: use HAVE___ATTRIBUTE__, not __GNUC__ comparisons
The comparisons that look like

    #if (__GNUC__ >= 3) && (__GNUC_MINOR__ >= 1 )

fail if __GNUC_MINOR__ is 0.  The intended comparison is something
more like

    #if __GNUC__ > 3 || (__GNUC__ == 3 && __GNUC_MINOR__ >= 1)

However, given that:

 * these checks are really trying to test the presence of
   __attribute__,

 * there are now credible compilers that are not GCC, which have
   __attribute__ but might not be good at emulating __GNUC__
   numbers, and

 * we really face little risk of running into GCC 2.95

 * we have a HAVE___ATTRIBUTE__ check in ./configure

let's not do the version comparisons.

(Untested on GCC 2.95, GCC 3.0 and GCC 3.1).

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Uri Simchoni <uri@samba.org>
2016-03-24 15:13:15 +01:00
Douglas Bagnall
5e4f39ad60 ldb_controls: avoid unnecessary unchecked talloc_asprintf()s
The error paths when a control doesn't parse involved a lot of
talloc_asprintf()s and talloc_asprintf_append()s but almost no actual
printf formatting. The return values were not checked. This replaces
them with constant strings.

The one case that did use formatting looked like this:

 "invalid %s control syntax\n",  LDB_CONTROL_DIRSYNC_EX_NAME

and that has been replaced with

  "invalid dirsync_ex control syntax\n"

in line with the way it is done elsewhere.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-22 08:00:32 +01:00
Douglas Bagnall
bd6a0220f4 ldb controls: allow paged_search to use a cookie
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-22 08:00:32 +01:00
Douglas Bagnall
7bd06613da ldb client controls: don't ignore failed memdup
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-22 08:00:31 +01:00
Douglas Bagnall
578643fb36 ldb controls: don't ignore memory allocation failure
Thanks to Jeremy Allison for noticing this.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Garming Sam <garming@catalyst.net.nz>
2016-03-22 08:00:31 +01:00
Garming Sam
cd594a3cb3 sort: enable custom behaviour on critical control
The sort module should simply return unsorted results when a sort is
unsupported but not critical. A similar custom behaviour should be
expected with VLV pagination when it is enabled.

Signed-off-by: Garming Sam <garming@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-22 08:00:31 +01:00
Jeremy Allison
a559ac31f7 lib:tdb: Remove use of strcpy in tdb test.
Signed-off-by: Jeremy Allison <jra@samba.org>
Reviewed-by: Martin Schwenke <martin@meltin.net>
2016-03-22 04:38:24 +01:00
Günther Deschner
c5c3f91c6f lib/torture: add torture_assert_u64_not_equal_goto macro
Guenther

Signed-off-by: Günther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-22 00:23:21 +01:00
Andreas Schneider
b9d93e7187 lib: Update nss_wrapper to version 1.1.3
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-22 00:23:20 +01:00
Andreas Schneider
9e8876a9d7 lib: Update uid_wrapper to version 1.2.1
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-22 00:23:20 +01:00
Andreas Schneider
092d6f9ec1 lib: Update socket_wrapper to version 1.1.6
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-22 00:23:20 +01:00
Douglas Bagnall
e806824fc8 ldb client controls: avoid talloc_memdup(x, y, (size_t)-1);
ldb_base64_decode() returns -1 if a string can't be parsed as base64,
and this is not the kind of value you want to use in talloc_memdup().

In these cases it can happen innocently if the strings are truncated
to fit in their buffers.

Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz>
Reviewed-by:  Volker Lendecke <Volker.Lendecke@SerNet.DE>
Reviewed-by: Jeremy Allison <jra@samba.org>

Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Sat Mar 19 00:56:42 CET 2016 on sn-devel-144
2016-03-19 00:56:42 +01:00
Volker Lendecke
a243a9012f lib: Fix CID 1356315 Dereference before null check
Signed-off-by: Volker Lendecke <vl@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-18 00:29:14 +01:00
Andreas Schneider
2467032a3e krb5-wrap: Use the principal returned by the KDC to create the ccache
We request a TGT in uppercase from the KDC. We turned on
canonicalization for that so the KDC returns the principal in lowercase
cause of this. As we use the uppercase prinicpal to create the ccache we
fail to find the tickets we need later because it is stored in the
incorrect case. You have to use the princial returned by the KDC here.

Signed-off-by: Andreas Schneider <asn@cryptomilk.org>
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-17 04:32:27 +01:00
Stefan Metzmacher
e55806e83e ldb-samba:wscript: python_samba__ldb depends on pyauth
BUG: https://bugzilla.samba.org/show_bug.cgi?id=11789

Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>

Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Wed Mar 16 01:34:29 CET 2016 on sn-devel-144
2016-03-16 01:34:29 +01:00
Günther Deschner
2e2f81134c lib/socket/interfaces: Fix some uninitialied bytes.
Valgrind reports the following:

==26599== Syscall param ioctl(SIOCETHTOOL) points to uninitialised byte(s)
==26599==    at 0x7014707: ioctl (in /usr/lib64/libc-2.22.so)
==26599==    by 0x79D1585: query_iface_speed_from_name (interfaces.c:152)
==26599==    by 0x79D1BBA: _get_interfaces (interfaces.c:277)
==26599==    by 0x79D1E80: get_interfaces (interfaces.c:368)
==26599==    by 0x508A7E3: load_interfaces (interface.c:612)
==26599==    by 0x150B30: main (net.c:963)
==26599==  Address 0xffefff0d8 is on thread 1's stack
==26599==  in frame #1, created by query_iface_speed_from_name
(interfaces.c:130)
==26599==
==26599== Syscall param ioctl(SIOCETHTOOL) points to uninitialised byte(s)
==26599==    at 0x7014707: ioctl (in /usr/lib64/libc-2.22.so)
==26599==    by 0x79D15CC: query_iface_speed_from_name (interfaces.c:164)
==26599==    by 0x79D1BBA: _get_interfaces (interfaces.c:277)
==26599==    by 0x79D1E80: get_interfaces (interfaces.c:368)
==26599==    by 0x508A7E3: load_interfaces (interface.c:612)
==26599==    by 0x150B30: main (net.c:963)
==26599==  Address 0xffefff0d8 is on thread 1's stack
==26599==  in frame #1, created by query_iface_speed_from_name
(interfaces.c:130)

Guenther

Signed-off-by: Guenther Deschner <gd@samba.org>
Reviewed-by: Jeremy Allison <jra@samba.org>
2016-03-12 06:24:24 +01:00
Stefan Metzmacher
6400bbb5ee lib/util_net: add support for .ipv6-literal.net
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-10 06:52:26 +01:00
Stefan Metzmacher
771042a238 lib/util_net: move ipv6 linklocal handling into interpret_string_addr_internal()
Signed-off-by: Stefan Metzmacher <metze@samba.org>
Reviewed-by: Günther Deschner <gd@samba.org>
Reviewed-by: Andrew Bartlett <abartlet@samba.org>
2016-03-10 06:52:26 +01:00
Andreas Schneider
c2f5c30bea krb5_wrap: Add smb_krb5_open_keytab_relative() function
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-03-10 06:52:25 +01:00
Andreas Schneider
4e367288a5 krb5_wrap: Move smb_krb5_kt_add_entry() to krb5_wrap
Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Stefan Metzmacher <metze@samba.org>
2016-03-10 06:52:25 +01:00