The branch, master has been updated
via 497658f s4-torture: fix compile of new NDR PAC tests with MIT
Kerberos.
via fe84f8b s4-torture: add new torture_assert_krb5_error_equal macro.
via da47e13 s4: messaging: Remove bool auto_remove parameter from
imessaging_init().
via 32b1c74 s3: smbd: vfs: Remove any stale xattr values during
file/directory create in vfs_xattr_tdb()
from 32a254d s4:dsdb/replicated_objects: don't skip notifications on
resolved conflicts
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 497658fede83571ae631aef4e9abdcfcaadd6982
Author: Günther Deschner <g...@samba.org>
Date: Thu Jul 21 14:25:56 2016 +0200
s4-torture: fix compile of new NDR PAC tests with MIT Kerberos.
Guenther
Signed-off-by: Guenther Deschner <g...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
Autobuild-User(master): Andrew Bartlett <abart...@samba.org>
Autobuild-Date(master): Sat Jul 23 09:50:46 CEST 2016 on sn-devel-144
commit fe84f8bab375ae038c1b9ef6785d238cd5d8b891
Author: Günther Deschner <g...@samba.org>
Date: Thu Jul 21 14:26:45 2016 +0200
s4-torture: add new torture_assert_krb5_error_equal macro.
Guenther
Signed-off-by: Guenther Deschner <g...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit da47e133234a6095b08a99dc127fa3d2acaa8e9c
Author: Jeremy Allison <j...@samba.org>
Date: Fri Jul 22 11:17:24 2016 -0700
s4: messaging: Remove bool auto_remove parameter from imessaging_init().
With modern messaging this doesn't do anything (it's an
empty destructor). Clean up so we can add a proper destructor
in future.
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 32b1c74c27d421b850393e332d06159abf13817c
Author: Jeremy Allison <j...@samba.org>
Date: Wed Jul 20 16:40:53 2016 -0700
s3: smbd: vfs: Remove any stale xattr values during file/directory create
in vfs_xattr_tdb()
Pair-programmed-with: Andrew Bartlett <abart...@samba.org>
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
lib/krb5_wrap/krb5_samba.h | 8 +++
lib/torture/torture.h | 8 +++
source3/auth/auth_samba4.c | 4 +-
source3/modules/vfs_xattr_tdb.c | 101 ++++++++++++++++++++++++++++++++
source3/winbindd/winbindd.c | 3 +-
source4/lib/messaging/messaging.c | 15 +----
source4/lib/messaging/messaging.h | 3 +-
source4/lib/messaging/pymessaging.c | 2 +-
source4/lib/messaging/tests/irpc.c | 4 +-
source4/lib/messaging/tests/messaging.c | 4 +-
source4/smbd/server.c | 2 +-
source4/smbd/service_stream.c | 2 +-
source4/smbd/service_task.c | 2 +-
source4/torture/ndr/krb5pac.c | 32 ++++++----
14 files changed, 153 insertions(+), 37 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/krb5_wrap/krb5_samba.h b/lib/krb5_wrap/krb5_samba.h
index 2b5e2bb..f988858 100644
--- a/lib/krb5_wrap/krb5_samba.h
+++ b/lib/krb5_wrap/krb5_samba.h
@@ -85,6 +85,14 @@
#define CKSUMTYPE_HMAC_SHA1_96_AES_256 CKSUMTYPE_HMAC_SHA1_96_AES256
#endif
+/*
+ * KRB5_KU_OTHER_ENCRYPTED in Heimdal
+ * KRB5_KEYUSAGE_APP_DATA_ENCRYPT in MIT
+ */
+#if defined(KRB5_KEYUSAGE_APP_DATA_ENCRYPT) &&
!defined(KRB5_KU_OTHER_ENCRYPTED)
+#define KRB5_KU_OTHER_ENCRYPTED KRB5_KEYUSAGE_APP_DATA_ENCRYPT
+#endif
+
typedef struct {
#if defined(HAVE_MAGIC_IN_KRB5_ADDRESS) &&
defined(HAVE_ADDRTYPE_IN_KRB5_ADDRESS) /* MIT */
krb5_address **addrs;
diff --git a/lib/torture/torture.h b/lib/torture/torture.h
index 31c02f7..5b957fa 100644
--- a/lib/torture/torture.h
+++ b/lib/torture/torture.h
@@ -301,6 +301,14 @@ void torture_result(struct torture_context *test,
} \
} while (0)
+#define torture_assert_krb5_error_equal(torture_ctx, got, expected, cmt) \
+ do { krb5_error_code __got = got, __expected = expected; \
+ if (__got != __expected) { \
+ torture_result(torture_ctx, TORTURE_FAIL, __location__": "#got"
was %d (%s), expected %d (%s): %s", __got, error_message(__got), __expected,
error_message(__expected), cmt); \
+ return false; \
+ } \
+ } while (0)
+
#define torture_assert_casestr_equal(torture_ctx,got,expected,cmt) \
do { const char *__got = (got), *__expected = (expected); \
if (!strequal(__got, __expected)) { \
diff --git a/source3/auth/auth_samba4.c b/source3/auth/auth_samba4.c
index 8ea05c6..a0d6afd3 100644
--- a/source3/auth/auth_samba4.c
+++ b/source3/auth/auth_samba4.c
@@ -231,7 +231,7 @@ static NTSTATUS prepare_gensec(const struct auth_context
*auth_context,
msg_ctx = imessaging_init(frame,
lp_ctx,
*server_id,
- event_ctx, true);
+ event_ctx);
if (msg_ctx == NULL) {
DEBUG(1, ("imessaging_init failed\n"));
TALLOC_FREE(frame);
@@ -322,7 +322,7 @@ static NTSTATUS make_auth4_context_s4(const struct
auth_context *auth_context,
msg_ctx = imessaging_init(frame,
lp_ctx,
*server_id,
- event_ctx, true);
+ event_ctx);
if (msg_ctx == NULL) {
DEBUG(1, ("imessaging_init failed\n"));
TALLOC_FREE(frame);
diff --git a/source3/modules/vfs_xattr_tdb.c b/source3/modules/vfs_xattr_tdb.c
index c40f1e1..b32fbc1 100644
--- a/source3/modules/vfs_xattr_tdb.c
+++ b/source3/modules/vfs_xattr_tdb.c
@@ -338,6 +338,105 @@ static bool xattr_tdb_init(int snum, TALLOC_CTX *mem_ctx,
struct db_context **p_
return true;
}
+static int xattr_tdb_open(vfs_handle_struct *handle,
+ struct smb_filename *smb_fname,
+ files_struct *fsp,
+ int flags,
+ mode_t mode)
+{
+ struct db_context *db = NULL;
+ TALLOC_CTX *frame = NULL;
+ int ret;
+
+ fsp->fh->fd = SMB_VFS_NEXT_OPEN(handle,
+ smb_fname, fsp,
+ flags,
+ mode);
+
+ if (fsp->fh->fd < 0) {
+ return fsp->fh->fd;
+ }
+
+ if ((flags & (O_CREAT|O_EXCL)) != (O_CREAT|O_EXCL)) {
+ return fsp->fh->fd;
+ }
+
+ /*
+ * We know we used O_CREAT|O_EXCL and it worked.
+ * We must have created the file.
+ */
+
+ ret = SMB_VFS_FSTAT(fsp, &smb_fname->st);
+ if (ret == -1) {
+ /* Can't happen... */
+ DBG_WARNING("SMB_VFS_FSTAT failed on file %s (%s)\n",
+ smb_fname_str_dbg(smb_fname),
+ strerror(errno));
+ return -1;
+ }
+ fsp->file_id = SMB_VFS_FILE_ID_CREATE(fsp->conn, &smb_fname->st);
+
+ frame = talloc_stackframe();
+ SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context,
+ if (!xattr_tdb_init(-1, frame, &db))
+ {
+ TALLOC_FREE(frame); return -1;
+ });
+
+ xattr_tdb_remove_all_attrs(db, &fsp->file_id);
+ TALLOC_FREE(frame);
+ return fsp->fh->fd;
+}
+
+static int xattr_tdb_mkdir(vfs_handle_struct *handle,
+ const struct smb_filename *smb_fname,
+ mode_t mode)
+{
+ struct db_context *db = NULL;
+ TALLOC_CTX *frame = NULL;
+ struct file_id fileid;
+ int ret;
+ struct smb_filename *smb_fname_tmp = NULL;
+
+ ret = SMB_VFS_NEXT_MKDIR(handle, smb_fname, mode);
+ if (ret < 0) {
+ return ret;
+ }
+
+ frame = talloc_stackframe();
+ smb_fname_tmp = cp_smb_filename(frame, smb_fname);
+ if (smb_fname_tmp == NULL) {
+ TALLOC_FREE(frame);
+ errno = ENOMEM;
+ return -1;
+ }
+
+ /* Always use LSTAT here - we just creaded the directory. */
+ ret = SMB_VFS_LSTAT(handle->conn, smb_fname_tmp);
+ if (ret == -1) {
+ /* Rename race. Let upper level take care of it. */
+ TALLOC_FREE(frame);
+ return -1;
+ }
+ if (!S_ISDIR(smb_fname_tmp->st.st_ex_mode)) {
+ /* Rename race. Let upper level take care of it. */
+ TALLOC_FREE(frame);
+ return -1;
+ }
+
+ fileid = SMB_VFS_FILE_ID_CREATE(handle->conn, &smb_fname_tmp->st);
+
+ SMB_VFS_HANDLE_GET_DATA(handle, db, struct db_context,
+ if (!xattr_tdb_init(-1, frame, &db))
+ {
+ TALLOC_FREE(frame); return -1;
+ });
+
+ xattr_tdb_remove_all_attrs(db, &fileid);
+ TALLOC_FREE(frame);
+ return 0;
+}
+
/*
* On unlink we need to delete the tdb record
*/
@@ -490,6 +589,8 @@ static struct vfs_fn_pointers vfs_xattr_tdb_fns = {
.flistxattr_fn = xattr_tdb_flistxattr,
.removexattr_fn = xattr_tdb_removexattr,
.fremovexattr_fn = xattr_tdb_fremovexattr,
+ .open_fn = xattr_tdb_open,
+ .mkdir_fn = xattr_tdb_mkdir,
.unlink_fn = xattr_tdb_unlink,
.rmdir_fn = xattr_tdb_rmdir,
.connect_fn = xattr_tdb_connect,
diff --git a/source3/winbindd/winbindd.c b/source3/winbindd/winbindd.c
index 002ba3f..f79dc47 100644
--- a/source3/winbindd/winbindd.c
+++ b/source3/winbindd/winbindd.c
@@ -122,8 +122,7 @@ struct imessaging_context *winbind_imessaging_context(void)
* Note we MUST use the NULL context here, not the autofree context,
* to avoid side effects in forked children exiting.
*/
- msg = imessaging_init(NULL, lp_ctx, myself, winbind_event_context(),
- false);
+ msg = imessaging_init(NULL, lp_ctx, myself, winbind_event_context());
talloc_unlink(NULL, lp_ctx);
if (msg == NULL) {
diff --git a/source4/lib/messaging/messaging.c
b/source4/lib/messaging/messaging.c
index 0fc180b..486d602 100644
--- a/source4/lib/messaging/messaging.c
+++ b/source4/lib/messaging/messaging.c
@@ -280,7 +280,6 @@ NTSTATUS imessaging_send_ptr(struct imessaging_context
*msg, struct server_id se
/*
- remove our messaging socket and database entry
*/
int imessaging_cleanup(struct imessaging_context *msg)
{
@@ -296,17 +295,11 @@ static void imessaging_dgm_recv(const uint8_t *buf,
size_t buf_len,
/*
create the listening socket and setup the dispatcher
-
- use auto_remove=true when you want a destructor to remove the
- associated messaging socket and database entry on talloc free. Don't
- use this in processes that may fork and a child may talloc free this
- memory
*/
struct imessaging_context *imessaging_init(TALLOC_CTX *mem_ctx,
struct loadparm_context *lp_ctx,
struct server_id server_id,
- struct tevent_context *ev,
- bool auto_remove)
+ struct tevent_context *ev)
{
struct imessaging_context *msg;
bool ok;
@@ -376,10 +369,6 @@ struct imessaging_context *imessaging_init(TALLOC_CTX
*mem_ctx,
goto fail;
}
- if (auto_remove) {
- talloc_set_destructor(msg, imessaging_cleanup);
- }
-
imessaging_register(msg, NULL, MSG_PING, ping_message);
imessaging_register(msg, NULL, MSG_REQ_POOL_USAGE, pool_message);
imessaging_register(msg, NULL, MSG_IRPC, irpc_handler);
@@ -452,7 +441,7 @@ struct imessaging_context
*imessaging_client_init(TALLOC_CTX *mem_ctx,
/* This is because we are not in the s3 serverid database */
id.unique_id = SERVERID_UNIQUE_ID_NOT_TO_VERIFY;
- return imessaging_init(mem_ctx, lp_ctx, id, ev, true);
+ return imessaging_init(mem_ctx, lp_ctx, id, ev);
}
/*
a list of registered irpc server functions
diff --git a/source4/lib/messaging/messaging.h
b/source4/lib/messaging/messaging.h
index c3477f2..2efab94 100644
--- a/source4/lib/messaging/messaging.h
+++ b/source4/lib/messaging/messaging.h
@@ -43,8 +43,7 @@ NTSTATUS imessaging_register_tmp(struct imessaging_context
*msg, void *private_d
struct imessaging_context *imessaging_init(TALLOC_CTX *mem_ctx,
struct loadparm_context *lp_ctx,
struct server_id server_id,
- struct tevent_context *ev,
- bool auto_remove);
+ struct tevent_context *ev);
int imessaging_cleanup(struct imessaging_context *msg);
struct imessaging_context *imessaging_client_init(TALLOC_CTX *mem_ctx,
struct loadparm_context *lp_ctx,
diff --git a/source4/lib/messaging/pymessaging.c
b/source4/lib/messaging/pymessaging.c
index cef0703..f62354b 100644
--- a/source4/lib/messaging/pymessaging.c
+++ b/source4/lib/messaging/pymessaging.c
@@ -115,7 +115,7 @@ static PyObject *py_imessaging_connect(PyTypeObject *self,
PyObject *args, PyObj
ret->msg_ctx = imessaging_init(ret->mem_ctx,
lp_ctx,
server_id,
- ev, true);
+ ev);
} else {
ret->msg_ctx = imessaging_client_init(ret->mem_ctx,
lp_ctx,
diff --git a/source4/lib/messaging/tests/irpc.c
b/source4/lib/messaging/tests/irpc.c
index 486420b..466b47f 100644
--- a/source4/lib/messaging/tests/irpc.c
+++ b/source4/lib/messaging/tests/irpc.c
@@ -261,14 +261,14 @@ static bool irpc_setup(struct torture_context *tctx, void
**_data)
imessaging_init(tctx,
tctx->lp_ctx,
cluster_id(0, MSG_ID1),
- data->ev, true),
+ data->ev),
"Failed to init first messaging context");
torture_assert(tctx, data->msg_ctx2 =
imessaging_init(tctx,
tctx->lp_ctx,
cluster_id(0, MSG_ID2),
- data->ev, true),
+ data->ev),
"Failed to init second messaging context");
/* register the server side function */
diff --git a/source4/lib/messaging/tests/messaging.c
b/source4/lib/messaging/tests/messaging.c
index 2759703..51195a1 100644
--- a/source4/lib/messaging/tests/messaging.c
+++ b/source4/lib/messaging/tests/messaging.c
@@ -73,7 +73,7 @@ static bool test_ping_speed(struct torture_context *tctx)
msg_server_ctx = imessaging_init(tctx,
tctx->lp_ctx, cluster_id(0, 1),
- ev, true);
+ ev);
torture_assert(tctx, msg_server_ctx != NULL, "Failed to init ping
messaging context");
@@ -83,7 +83,7 @@ static bool test_ping_speed(struct torture_context *tctx)
msg_client_ctx = imessaging_init(tctx,
tctx->lp_ctx,
cluster_id(0, 2),
- ev, true);
+ ev);
torture_assert(tctx, msg_client_ctx != NULL,
"msg_client_ctx imessaging_init() failed");
diff --git a/source4/smbd/server.c b/source4/smbd/server.c
index 7dc7635..2399f4f 100644
--- a/source4/smbd/server.c
+++ b/source4/smbd/server.c
@@ -223,7 +223,7 @@ static NTSTATUS setup_parent_messaging(struct
tevent_context *event_ctx,
msg = imessaging_init(talloc_autofree_context(),
lp_ctx,
- cluster_id(0, SAMBA_PARENT_TASKID), event_ctx,
false);
+ cluster_id(0, SAMBA_PARENT_TASKID), event_ctx);
NT_STATUS_HAVE_NO_MEMORY(msg);
status = irpc_add_name(msg, "samba");
diff --git a/source4/smbd/service_stream.c b/source4/smbd/service_stream.c
index 9aca501..f0a379a 100644
--- a/source4/smbd/service_stream.c
+++ b/source4/smbd/service_stream.c
@@ -194,7 +194,7 @@ static void stream_new_connection(struct tevent_context *ev,
/* setup to receive internal messages on this connection */
srv_conn->msg_ctx = imessaging_init(srv_conn,
lp_ctx,
- srv_conn->server_id, ev, false);
+ srv_conn->server_id, ev);
if (!srv_conn->msg_ctx) {
stream_terminate_connection(srv_conn, "imessaging_init()
failed");
return;
diff --git a/source4/smbd/service_task.c b/source4/smbd/service_task.c
index 7422f2c..34f73d9 100644
--- a/source4/smbd/service_task.c
+++ b/source4/smbd/service_task.c
@@ -85,7 +85,7 @@ static void task_server_callback(struct tevent_context
*event_ctx,
task->msg_ctx = imessaging_init(task,
task->lp_ctx,
task->server_id,
- task->event_ctx, false);
+ task->event_ctx);
if (!task->msg_ctx) {
task_server_terminate(task, "imessaging_init() failed", true);
return;
diff --git a/source4/torture/ndr/krb5pac.c b/source4/torture/ndr/krb5pac.c
index 23a1214..1deac73 100644
--- a/source4/torture/ndr/krb5pac.c
+++ b/source4/torture/ndr/krb5pac.c
@@ -434,7 +434,7 @@ static bool PAC_DATA_pkinit(struct torture_context *tctx,
DATA_BLOB reply_key_blob = data_blob_null;
krb5_context ctx;
krb5_keyblock reply_key;
- krb5_crypto crypto;
+ krb5_enc_data input;
krb5_data plain_data;
DATA_BLOB plain_data_blob = data_blob_null;
@@ -474,21 +474,33 @@ static bool PAC_DATA_pkinit(struct torture_context *tctx,
reply_key_blob.data,
reply_key_blob.length,
&reply_key), 0,
"smb_krb5_keyblock_init_contents");
- torture_assert_int_equal(tctx, krb5_crypto_init(ctx,
- &reply_key, ETYPE_NULL,
- &crypto), 0,
- "krb5_crypto_init");
- torture_assert_int_equal(tctx, krb5_decrypt(ctx, crypto,
+
+ ZERO_STRUCT(input);
+
+ input.ciphertext.data = (char
*)r->buffers[1].info->credential_info.encrypted_data.data;
+ input.ciphertext.length =
r->buffers[1].info->credential_info.encrypted_data.length;
+ input.enctype = ENCTYPE_AES256_CTS_HMAC_SHA1_96;
+
+ plain_data.data =
malloc(r->buffers[1].info->credential_info.encrypted_data.length);
+ plain_data.length =
r->buffers[1].info->credential_info.encrypted_data.length;
+ torture_assert(tctx, plain_data.data, "malloc failed");
+
+ torture_assert_krb5_error_equal(tctx, krb5_c_decrypt(ctx,
+#ifdef SAMBA4_USES_HEIMDAL
+ reply_key,
+#else
+ &reply_key,
+#endif
KRB5_KU_OTHER_ENCRYPTED,
-
r->buffers[1].info->credential_info.encrypted_data.data,
-
r->buffers[1].info->credential_info.encrypted_data.length,
+ NULL,
+ &input,
&plain_data), 0,
"krb5_decrypt");
+
torture_assert_int_equal(tctx, plain_data.length, 112,
"plain_data.length");
plain_data_blob = data_blob_talloc(tctx, plain_data.data,
plain_data.length);
torture_assert_int_equal(tctx, plain_data_blob.length, 112,
"plain_data_blob.length");
- krb5_data_free(&plain_data);
- krb5_crypto_destroy(ctx, crypto);
+ kerberos_free_data_contents(ctx, &plain_data);
krb5_free_keyblock_contents(ctx, &reply_key);
krb5_free_context(ctx);
torture_assert_data_blob_equal(tctx,
--
Samba Shared Repository
