The branch, master has been updated via 497658f s4-torture: fix compile of new NDR PAC tests with MIT Kerberos. via fe84f8b s4-torture: add new torture_assert_krb5_error_equal macro. via da47e13 s4: messaging: Remove bool auto_remove parameter from imessaging_init(). via 32b1c74 s3: smbd: vfs: Remove any stale xattr values during file/directory create in vfs_xattr_tdb() from 32a254d s4:dsdb/replicated_objects: don't skip notifications on resolved conflicts
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit 497658fede83571ae631aef4e9abdcfcaadd6982 Author: Günther Deschner <g...@samba.org> Date: Thu Jul 21 14:25:56 2016 +0200 s4-torture: fix compile of new NDR PAC tests with MIT Kerberos. Guenther Signed-off-by: Guenther Deschner <g...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> Autobuild-User(master): Andrew Bartlett <abart...@samba.org> Autobuild-Date(master): Sat Jul 23 09:50:46 CEST 2016 on sn-devel-144 commit fe84f8bab375ae038c1b9ef6785d238cd5d8b891 Author: Günther Deschner <g...@samba.org> Date: Thu Jul 21 14:26:45 2016 +0200 s4-torture: add new torture_assert_krb5_error_equal macro. Guenther Signed-off-by: Guenther Deschner <g...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit da47e133234a6095b08a99dc127fa3d2acaa8e9c Author: Jeremy Allison <j...@samba.org> Date: Fri Jul 22 11:17:24 2016 -0700 s4: messaging: Remove bool auto_remove parameter from imessaging_init(). With modern messaging this doesn't do anything (it's an empty destructor). Clean up so we can add a proper destructor in future. Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> commit 32b1c74c27d421b850393e332d06159abf13817c Author: Jeremy Allison <j...@samba.org> Date: Wed Jul 20 16:40:53 2016 -0700 s3: smbd: vfs: Remove any stale xattr values during file/directory create in vfs_xattr_tdb() Pair-programmed-with: Andrew Bartlett <abart...@samba.org> Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Andrew Bartlett <abart...@samba.org> ----------------------------------------------------------------------- Summary of changes: lib/krb5_wrap/krb5_samba.h | 8 +++ lib/torture/torture.h | 8 +++ source3/auth/auth_samba4.c | 4 +- source3/modules/vfs_xattr_tdb.c | 101 ++++++++++++++++++++++++++++++++ source3/winbindd/winbindd.c | 3 +- source4/lib/messaging/messaging.c | 15 +---- source4/lib/messaging/messaging.h | 3 +- source4/lib/messaging/pymessaging.c | 2 +- source4/lib/messaging/tests/irpc.c | 4 +- source4/lib/messaging/tests/messaging.c | 4 +- source4/smbd/server.c | 2 +- source4/smbd/service_stream.c | 2 +- source4/smbd/service_task.c | 2 +- source4/torture/ndr/krb5pac.c | 32 ++++++---- 14 files changed, 153 insertions(+), 37 deletions(-) Changeset truncated at 500 lines: diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h index 2b5e2bb..f988858 100644 --- a/lib/krb5_wrap/krb5_samba.h +++ b/lib/krb5_wrap/krb5_samba.h @@ -85,6 +85,14 @@ #define CKSUMTYPE_HMAC_SHA1_96_AES_256 CKSUMTYPE_HMAC_SHA1_96_AES256 #endif +/* + * KRB5_KU_OTHER_ENCRYPTED in Heimdal + * KRB5_KEYUSAGE_APP_DATA_ENCRYPT in MIT + */ +#if defined(KRB5_KEYUSAGE_APP_DATA_ENCRYPT) && !defined(KRB5_KU_OTHER_ENCRYPTED) +#define KRB5_KU_OTHER_ENCRYPTED KRB5_KEYUSAGE_APP_DATA_ENCRYPT +#endif + typedef struct { #if defined(HAVE_MAGIC_IN_KRB5_ADDRESS) && defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) /* MIT */ krb5_address **addrs; diff --git a/lib/torture/torture.h b/lib/torture/torture.h index 31c02f7..5b957fa 100644 --- a/lib/torture/torture.h +++ b/lib/torture/torture.h @@ -301,6 +301,14 @@ void torture_result(struct torture_context *test, } \ } while (0) +#define torture_assert_krb5_error_equal(torture_ctx, got, expected, cmt) \ + do { krb5_error_code __got = got, __expected = expected; \ + if (__got != __expected) { \ + torture_result(torture_ctx, TORTURE_FAIL, __location__": "#got" was %d (%s), expected %d (%s): %s", __got, error_message(__got), __expected, error_message(__expected), cmt); \ + return false; \ + } \ + } while (0) + #define torture_assert_casestr_equal(torture_ctx,got,expected,cmt) \ do { const char *__got = (got), *__expected = (expected); \ if (!strequal(__got, __expected)) { \ diff --git a/source3/auth/auth_samba4.c b/source3/auth/auth_samba4.c index 8ea05c6..a0d6afd3 100644 --- a/source3/auth/auth_samba4.c +++ b/source3/auth/auth_samba4.c @@ -231,7 +231,7 @@ static NTSTATUS prepare_gensec(const struct auth_context *auth_context, msg_ctx = imessaging_init(frame, lp_ctx, *server_id, - event_ctx, true); + event_ctx); if (msg_ctx == NULL) { DEBUG(1, ("imessaging_init failed\n")); TALLOC_FREE(frame); @@ -322,7 +322,7 @@ static NTSTATUS make_auth4_context_s4(const struct auth_context *auth_context, msg_ctx = imessaging_init(frame, lp_ctx, *server_id, - event_ctx, true); + event_ctx); if (msg_ctx == NULL) { DEBUG(1, ("imessaging_init failed\n")); TALLOC_FREE(frame); diff --git a/source3/modules/vfs_xattr_tdb.c b/source3/modules/vfs_xattr_tdb.c index c40f1e1..b32fbc1 100644 --- a/source3/modules/vfs_xattr_tdb.c +++ b/source3/modules/vfs_xattr_tdb.c @@ -338,6 +338,105 @@ static bool xattr_tdb_init(int snum, TALLOC_CTX *mem_ctx, struct db_context **p_ return true; } +static int xattr_tdb_open(vfs_handle_struct *handle, + struct smb_filename *smb_fname, + files_struct *fsp, + int flags, + mode_t mode) +{ + struct db_context *db = NULL; + TALLOC_CTX *frame = NULL; + int ret; + + fsp->fh->fd = SMB_VFS_NEXT_OPEN(handle, + smb_fname, fsp, + flags, + mode); + + if (fsp->fh->fd < 0) { + return fsp->fh->fd; + } + + if ((flags & (O_CREAT|O_EXCL)) != (O_CREAT|O_EXCL)) { + return fsp->fh->fd; + } + + /* + * We know we used O_CREAT|O_EXCL and it worked. + * We must have created the file. + */ + + ret = SMB_VFS_FSTAT(fsp, &smb_fname->st); + if (ret == -1) { + /* Can't happen... */ + DBG_WARNING("SMB_VFS_FSTAT failed on file %s (%s)\n", + smb_fname_str_dbg(smb_fname), + strerror(errno)); + return -1; + } + fsp->file_id = SMB_VFS_FILE_ID_CREATE(fsp->conn, &smb_fname->st); + + frame = talloc_stackframe(); + SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context, + if (!xattr_tdb_init(-1, frame, &db)) + { + TALLOC_FREE(frame); return -1; + }); + + xattr_tdb_remove_all_attrs(db, &fsp->file_id); + TALLOC_FREE(frame); + return fsp->fh->fd; +} + +static int xattr_tdb_mkdir(vfs_handle_struct *handle, + const struct smb_filename *smb_fname, + mode_t mode) +{ + struct db_context *db = NULL; + TALLOC_CTX *frame = NULL; + struct file_id fileid; + int ret; + struct smb_filename *smb_fname_tmp = NULL; + + ret = SMB_VFS_NEXT_MKDIR(handle, smb_fname, mode); + if (ret < 0) { + return ret; + } + + frame = talloc_stackframe(); + smb_fname_tmp = cp_smb_filename(frame, smb_fname); + if (smb_fname_tmp == NULL) { + TALLOC_FREE(frame); + errno = ENOMEM; + return -1; + } + + /* Always use LSTAT here - we just creaded the directory. */ + ret = SMB_VFS_LSTAT(handle->conn, smb_fname_tmp); + if (ret == -1) { + /* Rename race. Let upper level take care of it. */ + TALLOC_FREE(frame); + return -1; + } + if (!S_ISDIR(smb_fname_tmp->st.st_ex_mode)) { + /* Rename race. Let upper level take care of it. */ + TALLOC_FREE(frame); + return -1; + } + + fileid = SMB_VFS_FILE_ID_CREATE(handle->conn, &smb_fname_tmp->st); + + SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context, + if (!xattr_tdb_init(-1, frame, &db)) + { + TALLOC_FREE(frame); return -1; + }); + + xattr_tdb_remove_all_attrs(db, &fileid); + TALLOC_FREE(frame); + return 0; +} + /* * On unlink we need to delete the tdb record */ @@ -490,6 +589,8 @@ static struct vfs_fn_pointers vfs_xattr_tdb_fns = { .flistxattr_fn = xattr_tdb_flistxattr, .removexattr_fn = xattr_tdb_removexattr, .fremovexattr_fn = xattr_tdb_fremovexattr, + .open_fn = xattr_tdb_open, + .mkdir_fn = xattr_tdb_mkdir, .unlink_fn = xattr_tdb_unlink, .rmdir_fn = xattr_tdb_rmdir, .connect_fn = xattr_tdb_connect, diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c index 002ba3f..f79dc47 100644 --- a/source3/winbindd/winbindd.c +++ b/source3/winbindd/winbindd.c @@ -122,8 +122,7 @@ struct imessaging_context *winbind_imessaging_context(void) * Note we MUST use the NULL context here, not the autofree context, * to avoid side effects in forked children exiting. */ - msg = imessaging_init(NULL, lp_ctx, myself, winbind_event_context(), - false); + msg = imessaging_init(NULL, lp_ctx, myself, winbind_event_context()); talloc_unlink(NULL, lp_ctx); if (msg == NULL) { diff --git a/source4/lib/messaging/messaging.c b/source4/lib/messaging/messaging.c index 0fc180b..486d602 100644 --- a/source4/lib/messaging/messaging.c +++ b/source4/lib/messaging/messaging.c @@ -280,7 +280,6 @@ NTSTATUS imessaging_send_ptr(struct imessaging_context *msg, struct server_id se /* - remove our messaging socket and database entry */ int imessaging_cleanup(struct imessaging_context *msg) { @@ -296,17 +295,11 @@ static void imessaging_dgm_recv(const uint8_t *buf, size_t buf_len, /* create the listening socket and setup the dispatcher - - use auto_remove=true when you want a destructor to remove the - associated messaging socket and database entry on talloc free. Don't - use this in processes that may fork and a child may talloc free this - memory */ struct imessaging_context *imessaging_init(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx, struct server_id server_id, - struct tevent_context *ev, - bool auto_remove) + struct tevent_context *ev) { struct imessaging_context *msg; bool ok; @@ -376,10 +369,6 @@ struct imessaging_context *imessaging_init(TALLOC_CTX *mem_ctx, goto fail; } - if (auto_remove) { - talloc_set_destructor(msg, imessaging_cleanup); - } - imessaging_register(msg, NULL, MSG_PING, ping_message); imessaging_register(msg, NULL, MSG_REQ_POOL_USAGE, pool_message); imessaging_register(msg, NULL, MSG_IRPC, irpc_handler); @@ -452,7 +441,7 @@ struct imessaging_context *imessaging_client_init(TALLOC_CTX *mem_ctx, /* This is because we are not in the s3 serverid database */ id.unique_id = SERVERID_UNIQUE_ID_NOT_TO_VERIFY; - return imessaging_init(mem_ctx, lp_ctx, id, ev, true); + return imessaging_init(mem_ctx, lp_ctx, id, ev); } /* a list of registered irpc server functions diff --git a/source4/lib/messaging/messaging.h b/source4/lib/messaging/messaging.h index c3477f2..2efab94 100644 --- a/source4/lib/messaging/messaging.h +++ b/source4/lib/messaging/messaging.h @@ -43,8 +43,7 @@ NTSTATUS imessaging_register_tmp(struct imessaging_context *msg, void *private_d struct imessaging_context *imessaging_init(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx, struct server_id server_id, - struct tevent_context *ev, - bool auto_remove); + struct tevent_context *ev); int imessaging_cleanup(struct imessaging_context *msg); struct imessaging_context *imessaging_client_init(TALLOC_CTX *mem_ctx, struct loadparm_context *lp_ctx, diff --git a/source4/lib/messaging/pymessaging.c b/source4/lib/messaging/pymessaging.c index cef0703..f62354b 100644 --- a/source4/lib/messaging/pymessaging.c +++ b/source4/lib/messaging/pymessaging.c @@ -115,7 +115,7 @@ static PyObject *py_imessaging_connect(PyTypeObject *self, PyObject *args, PyObj ret->msg_ctx = imessaging_init(ret->mem_ctx, lp_ctx, server_id, - ev, true); + ev); } else { ret->msg_ctx = imessaging_client_init(ret->mem_ctx, lp_ctx, diff --git a/source4/lib/messaging/tests/irpc.c b/source4/lib/messaging/tests/irpc.c index 486420b..466b47f 100644 --- a/source4/lib/messaging/tests/irpc.c +++ b/source4/lib/messaging/tests/irpc.c @@ -261,14 +261,14 @@ static bool irpc_setup(struct torture_context *tctx, void **_data) imessaging_init(tctx, tctx->lp_ctx, cluster_id(0, MSG_ID1), - data->ev, true), + data->ev), "Failed to init first messaging context"); torture_assert(tctx, data->msg_ctx2 = imessaging_init(tctx, tctx->lp_ctx, cluster_id(0, MSG_ID2), - data->ev, true), + data->ev), "Failed to init second messaging context"); /* register the server side function */ diff --git a/source4/lib/messaging/tests/messaging.c b/source4/lib/messaging/tests/messaging.c index 2759703..51195a1 100644 --- a/source4/lib/messaging/tests/messaging.c +++ b/source4/lib/messaging/tests/messaging.c @@ -73,7 +73,7 @@ static bool test_ping_speed(struct torture_context *tctx) msg_server_ctx = imessaging_init(tctx, tctx->lp_ctx, cluster_id(0, 1), - ev, true); + ev); torture_assert(tctx, msg_server_ctx != NULL, "Failed to init ping messaging context"); @@ -83,7 +83,7 @@ static bool test_ping_speed(struct torture_context *tctx) msg_client_ctx = imessaging_init(tctx, tctx->lp_ctx, cluster_id(0, 2), - ev, true); + ev); torture_assert(tctx, msg_client_ctx != NULL, "msg_client_ctx imessaging_init() failed"); diff --git a/source4/smbd/server.c b/source4/smbd/server.c index 7dc7635..2399f4f 100644 --- a/source4/smbd/server.c +++ b/source4/smbd/server.c @@ -223,7 +223,7 @@ static NTSTATUS setup_parent_messaging(struct tevent_context *event_ctx, msg = imessaging_init(talloc_autofree_context(), lp_ctx, - cluster_id(0, SAMBA_PARENT_TASKID), event_ctx, false); + cluster_id(0, SAMBA_PARENT_TASKID), event_ctx); NT_STATUS_HAVE_NO_MEMORY(msg); status = irpc_add_name(msg, "samba"); diff --git a/source4/smbd/service_stream.c b/source4/smbd/service_stream.c index 9aca501..f0a379a 100644 --- a/source4/smbd/service_stream.c +++ b/source4/smbd/service_stream.c @@ -194,7 +194,7 @@ static void stream_new_connection(struct tevent_context *ev, /* setup to receive internal messages on this connection */ srv_conn->msg_ctx = imessaging_init(srv_conn, lp_ctx, - srv_conn->server_id, ev, false); + srv_conn->server_id, ev); if (!srv_conn->msg_ctx) { stream_terminate_connection(srv_conn, "imessaging_init() failed"); return; diff --git a/source4/smbd/service_task.c b/source4/smbd/service_task.c index 7422f2c..34f73d9 100644 --- a/source4/smbd/service_task.c +++ b/source4/smbd/service_task.c @@ -85,7 +85,7 @@ static void task_server_callback(struct tevent_context *event_ctx, task->msg_ctx = imessaging_init(task, task->lp_ctx, task->server_id, - task->event_ctx, false); + task->event_ctx); if (!task->msg_ctx) { task_server_terminate(task, "imessaging_init() failed", true); return; diff --git a/source4/torture/ndr/krb5pac.c b/source4/torture/ndr/krb5pac.c index 23a1214..1deac73 100644 --- a/source4/torture/ndr/krb5pac.c +++ b/source4/torture/ndr/krb5pac.c @@ -434,7 +434,7 @@ static bool PAC_DATA_pkinit(struct torture_context *tctx, DATA_BLOB reply_key_blob = data_blob_null; krb5_context ctx; krb5_keyblock reply_key; - krb5_crypto crypto; + krb5_enc_data input; krb5_data plain_data; DATA_BLOB plain_data_blob = data_blob_null; @@ -474,21 +474,33 @@ static bool PAC_DATA_pkinit(struct torture_context *tctx, reply_key_blob.data, reply_key_blob.length, &reply_key), 0, "smb_krb5_keyblock_init_contents"); - torture_assert_int_equal(tctx, krb5_crypto_init(ctx, - &reply_key, ETYPE_NULL, - &crypto), 0, - "krb5_crypto_init"); - torture_assert_int_equal(tctx, krb5_decrypt(ctx, crypto, + + ZERO_STRUCT(input); + + input.ciphertext.data = (char *)r->buffers[1].info->credential_info.encrypted_data.data; + input.ciphertext.length = r->buffers[1].info->credential_info.encrypted_data.length; + input.enctype = ENCTYPE_AES256_CTS_HMAC_SHA1_96; + + plain_data.data = malloc(r->buffers[1].info->credential_info.encrypted_data.length); + plain_data.length = r->buffers[1].info->credential_info.encrypted_data.length; + torture_assert(tctx, plain_data.data, "malloc failed"); + + torture_assert_krb5_error_equal(tctx, krb5_c_decrypt(ctx, +#ifdef SAMBA4_USES_HEIMDAL + reply_key, +#else + &reply_key, +#endif KRB5_KU_OTHER_ENCRYPTED, - r->buffers[1].info->credential_info.encrypted_data.data, - r->buffers[1].info->credential_info.encrypted_data.length, + NULL, + &input, &plain_data), 0, "krb5_decrypt"); + torture_assert_int_equal(tctx, plain_data.length, 112, "plain_data.length"); plain_data_blob = data_blob_talloc(tctx, plain_data.data, plain_data.length); torture_assert_int_equal(tctx, plain_data_blob.length, 112, "plain_data_blob.length"); - krb5_data_free(&plain_data); - krb5_crypto_destroy(ctx, crypto); + kerberos_free_data_contents(ctx, &plain_data); krb5_free_keyblock_contents(ctx, &reply_key); krb5_free_context(ctx); torture_assert_data_blob_equal(tctx, -- Samba Shared Repository