The branch, master has been updated
via d333c56 source4: Change to use lib/util/access functions.
via 584daf5 lib: util: Add allow_access_nolog().
via f128508 Move source3/lib/access.c to toplevel lib/util/access.c
via 8e964cc s3: lib: Replace s3 strnequal with top level strncasecmp_m.
via 0433700 s3: lib: Use top level function strequal_m not the s3
strequal
via 29330d8 s3: lib: Change masked_match() from SMB_STRDUP macro to
underlying smb_xstrdup function.
via 828b60f lib/util: Move unix_wild_match() from source3/lib/util to
lib/util/
via caadd8a s3: lib: Move from talloc_strdup then lower to
strlower_talloc()
via 076963c s3: util: Remove unneeded strequal() call. Convert to
simple character check.
via b7a4210 s3: lib - Fix formatting of unix_wild_match() sub-function
to README.Coding standards.
from 08d1ac0 nss_wins: Fix errno values for HOST_NOT_FOUND
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit d333c56700c17ff819aa784879081d847f00903c
Author: Jeremy Allison <j...@samba.org>
Date: Thu Nov 10 20:33:17 2016 -0800
source4: Change to use lib/util/access functions.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12419
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org>
Autobuild-Date(master): Wed Nov 16 16:35:12 CET 2016 on sn-devel-144
commit 584daf551348815342442f5b3a0d3b8f9484c5bd
Author: Jeremy Allison <j...@samba.org>
Date: Mon Nov 14 11:48:32 2016 -0800
lib: util: Add allow_access_nolog().
Make allow_access() call allow_access_nolog(), then log.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12419
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit f1285082f943d55df14bc88234ba6c321459c7b8
Author: Jeremy Allison <j...@samba.org>
Date: Thu Nov 10 17:15:20 2016 -0800
Move source3/lib/access.c to toplevel lib/util/access.c
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12419
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit 8e964cc929728b6f622f557ad9a802f457250f15
Author: Jeremy Allison <j...@samba.org>
Date: Thu Nov 10 17:09:33 2016 -0800
s3: lib: Replace s3 strnequal with top level strncasecmp_m.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12419
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit 04337008d406894829b1ff2624818f9d8b0fc5aa
Author: Jeremy Allison <j...@samba.org>
Date: Thu Nov 10 17:07:11 2016 -0800
s3: lib: Use top level function strequal_m not the s3 strequal
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12419
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit 29330d8d666848e56ac04f365f8370face0f7af3
Author: Jeremy Allison <j...@samba.org>
Date: Thu Nov 10 17:02:08 2016 -0800
s3: lib: Change masked_match() from SMB_STRDUP macro to underlying
smb_xstrdup function.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12419
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit 828b60f30debce84a057dda2551f2fd494327872
Author: Jeremy Allison <j...@samba.org>
Date: Fri Nov 11 10:35:01 2016 -0800
lib/util: Move unix_wild_match() from source3/lib/util to lib/util/
Use top-level functions instead of source3 specific ones.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12419
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit caadd8afe65cd17f47c737bb483ad05362071fb7
Author: Jeremy Allison <j...@samba.org>
Date: Fri Nov 11 10:24:40 2016 -0800
s3: lib: Move from talloc_strdup then lower to strlower_talloc()
Do things in one go.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12419
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit 076963c23efc901b5ee47e5ec3758117dcb37994
Author: Jeremy Allison <j...@samba.org>
Date: Fri Nov 11 10:22:52 2016 -0800
s3: util: Remove unneeded strequal() call. Convert to simple character
check.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12419
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
commit b7a4210e283fdadb46fa0d1142958d5e0f7fd2fa
Author: Jeremy Allison <j...@samba.org>
Date: Fri Nov 11 10:21:10 2016 -0800
s3: lib - Fix formatting of unix_wild_match() sub-function to README.Coding
standards.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12419
Signed-off-by: Jeremy Allison <j...@samba.org>
Reviewed-by: Andreas Schneider <a...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
{source3/lib => lib/util}/access.c | 55 +++--
lib/util/access.h | 28 +++
lib/util/unix_match.c | 183 ++++++++++++++++
file_server/file_server.h => lib/util/unix_match.h | 16 +-
lib/util/wscript_build | 7 +-
source3/include/proto.h | 12 +-
source3/lib/util.c | 146 -------------
source3/wscript_build | 3 +-
source4/dsdb/common/util.c | 3 +-
source4/lib/socket/access.c | 237 +--------------------
source4/lib/socket/socket.h | 3 -
source4/lib/socket/wscript_build | 2 +-
12 files changed, 271 insertions(+), 424 deletions(-)
rename {source3/lib => lib/util}/access.c (86%)
create mode 100644 lib/util/access.h
create mode 100644 lib/util/unix_match.c
copy file_server/file_server.h => lib/util/unix_match.h (79%)
Changeset truncated at 500 lines:
diff --git a/source3/lib/access.c b/lib/util/access.c
similarity index 86%
rename from source3/lib/access.c
rename to lib/util/access.c
index ad868fa..859824c 100644
--- a/source3/lib/access.c
+++ b/lib/util/access.c
@@ -13,6 +13,12 @@
#include "includes.h"
#include "../lib/util/memcache.h"
#include "lib/socket/interfaces.h"
+#include "lib/util/samba_util.h"
+#include "lib/util/util_net.h"
+#include "lib/util/samba_util.h"
+#include "lib/util/memory.h"
+#include "lib/util/access.h"
+#include "lib/util/unix_match.h"
#define NAME_INDEX 0
#define ADDR_INDEX 1
@@ -31,14 +37,14 @@ static bool masked_match(const char *tok, const char
*slash, const char *s)
if (*tok == '[') {
/* IPv6 address - remove braces. */
- tok_copy = SMB_STRDUP(tok+1);
+ tok_copy = smb_xstrdup(tok+1);
if (!tok_copy) {
return false;
}
/* Remove the terminating ']' */
tok_copy[PTR_DIFF(slash,tok)-1] = '\0';
} else {
- tok_copy = SMB_STRDUP(tok);
+ tok_copy = smb_xstrdup(tok);
if (!tok_copy) {
return false;
}
@@ -96,7 +102,7 @@ static bool string_match(const char *tok,const char *s)
if (tok[0] == '.') { /* domain: match last fields */
if ((str_len = strlen(s)) > (tok_len = strlen(tok))
- && strequal(tok, s + str_len - tok_len)) {
+ && strequal_m(tok, s + str_len - tok_len)) {
return true;
}
} else if (tok[0] == '@') { /* netgroup: look it up */
@@ -128,7 +134,7 @@ static bool string_match(const char *tok,const char *s)
DEBUG(0,("Unable to get default yp domain. "
"Try without it.\n"));
}
- if (!(hostname = SMB_STRDUP(s))) {
+ if (!(hostname = smb_xstrdup(s))) {
DEBUG(1,("out of memory for strdup!\n"));
return false;
}
@@ -149,15 +155,15 @@ static bool string_match(const char *tok,const char *s)
DEBUG(0,("access: netgroup support is not configured\n"));
return false;
#endif
- } else if (strequal(tok, "ALL")) { /* all: match any */
+ } else if (strequal_m(tok, "ALL")) { /* all: match any */
return true;
- } else if (strequal(tok, "FAIL")) { /* fail: match any */
+ } else if (strequal_m(tok, "FAIL")) { /* fail: match any */
return true;
- } else if (strequal(tok, "LOCAL")) { /* local: no dots */
- if (strchr_m(s, '.') == 0 && !strequal(s, "unknown")) {
+ } else if (strequal_m(tok, "LOCAL")) { /* local: no dots */
+ if (strchr_m(s, '.') == 0 && !strequal_m(s, "unknown")) {
return true;
}
- } else if (strequal(tok, s)) { /* match host name or address */
+ } else if (strequal_m(tok, s)) { /* match host name or address */
return true;
} else if (tok[(tok_len = strlen(tok)) - 1] == '.') { /* network */
if (strncmp(tok, s, tok_len) == 0) {
@@ -191,11 +197,11 @@ bool client_match(const char *tok, const void *item)
* Bug #5311 and #7383.
*/
- if (strnequal(tok_addr, "::ffff:",7)) {
+ if (strncasecmp_m(tok_addr, "::ffff:", 7) == 0) {
tok_addr += 7;
}
- if (strnequal(cli_addr,"::ffff:",7)) {
+ if (strncasecmp_m(cli_addr, "::ffff:", 7) == 0) {
cli_addr += 7;
}
@@ -235,7 +241,7 @@ bool list_match(const char **list,const void *item,
*/
for (; *list ; list++) {
- if (strequal(*list, "EXCEPT")) {
+ if (strequal_m(*list, "EXCEPT")) {
/* EXCEPT: give up */
break;
}
@@ -247,7 +253,7 @@ bool list_match(const char **list,const void *item,
/* Process exceptions to true or FAIL matches. */
if (match != false) {
- while (*list && !strequal(*list, "EXCEPT")) {
+ while (*list && !strequal_m(*list, "EXCEPT")) {
list++;
}
@@ -321,8 +327,8 @@ static bool allow_access_internal(const char **deny_list,
return true;
}
-/* return true if access should be allowed */
-bool allow_access(const char **deny_list,
+/* return true if access should be allowed - doesn't print log message */
+bool allow_access_nolog(const char **deny_list,
const char **allow_list,
const char *cname,
const char *caddr)
@@ -333,11 +339,24 @@ bool allow_access(const char **deny_list,
ret = allow_access_internal(deny_list, allow_list, nc_cname, nc_caddr);
+ SAFE_FREE(nc_cname);
+ SAFE_FREE(nc_caddr);
+ return ret;
+}
+
+/* return true if access should be allowed - prints log message */
+bool allow_access(const char **deny_list,
+ const char **allow_list,
+ const char *cname,
+ const char *caddr)
+{
+ bool ret;
+
+ ret = allow_access_nolog(deny_list, allow_list, cname, caddr);
+
DEBUG(ret ? 3 : 0,
("%s connection from %s (%s)\n",
- ret ? "Allowed" : "Denied", nc_cname, nc_caddr));
+ ret ? "Allowed" : "Denied", cname, caddr));
- SAFE_FREE(nc_cname);
- SAFE_FREE(nc_caddr);
return ret;
}
diff --git a/lib/util/access.h b/lib/util/access.h
new file mode 100644
index 0000000..73f71b6
--- /dev/null
+++ b/lib/util/access.h
@@ -0,0 +1,28 @@
+/*
+ This module is an adaption of code from the tcpd-1.4 package written
+ by Wietse Venema, Eindhoven University of Technology, The Netherlands.
+
+ The code is used here with permission.
+
+ The code has been considerably changed from the original. Bug reports
+ should be sent to samba-techni...@lists.samba.org
+
+ Updated for IPv6 by Jeremy Allison (C) 2007.
+*/
+
+#ifndef _UTIL_ACCESS_H_
+#define _UTIL_ACCESS_H_
+
+bool client_match(const char *tok, const void *item);
+bool list_match(const char **list,const void *item,
+ bool (*match_fn)(const char *, const void *));
+bool allow_access_nolog(const char **deny_list,
+ const char **allow_list,
+ const char *cname,
+ const char *caddr);
+bool allow_access(const char **deny_list,
+ const char **allow_list,
+ const char *cname,
+ const char *caddr);
+
+#endif
diff --git a/lib/util/unix_match.c b/lib/util/unix_match.c
new file mode 100644
index 0000000..38edc18
--- /dev/null
+++ b/lib/util/unix_match.c
@@ -0,0 +1,183 @@
+/*
+ Unix SMB/CIFS implementation.
+ Samba utility functions
+ Copyright (C) Jeremy Allison 2001
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "replace.h"
+#include <talloc.h>
+#include "lib/util/talloc_stack.h"
+#include "lib/util/charset/charset.h"
+#include "lib/util/unix_match.h"
+
+/*********************************************************
+ Recursive routine that is called by unix_wild_match.
+*********************************************************/
+
+static bool unix_do_match(const char *regexp, const char *str)
+{
+ const char *p;
+
+ for( p = regexp; *p && *str; ) {
+
+ switch(*p) {
+ case '?':
+ str++;
+ p++;
+ break;
+
+ case '*':
+
+ /*
+ * Look for a character matching
+ * the one after the '*'.
+ */
+ p++;
+ if(!*p) {
+ return true; /* Automatic match */
+ }
+ while(*str) {
+
+ while(*str && (*p != *str)) {
+ str++;
+ }
+
+ /*
+ * Patch from wei...@multichart.de.
+ * In the case of the regexp
+ * '*XX*' we want to ensure there are
+ * at least 2 'X' characters in the
+ * string after the '*' for a match to
+ * be made.
+ */
+
+ {
+ int matchcount=0;
+
+ /*
+ * Eat all the characters that
+ * match, but count how many
+ * there were.
+ */
+
+ while(*str && (*p == *str)) {
+ str++;
+ matchcount++;
+ }
+
+ /*
+ * Now check that if the regexp
+ * had n identical characters
+ * that matchcount had at least
+ * that many matches.
+ */
+
+ while (*(p+1) && (*(p+1)==*p)) {
+ p++;
+ matchcount--;
+ }
+
+ if ( matchcount <= 0 ) {
+ return false;
+ }
+ }
+
+ /*
+ * We've eaten the match char
+ * after the '*'
+ */
+ str--;
+
+ if(unix_do_match(p, str)) {
+ return true;
+ }
+
+ if(!*str) {
+ return false;
+ } else {
+ str++;
+ }
+ }
+ return false;
+
+ default:
+ if(*str != *p) {
+ return false;
+ }
+ str++;
+ p++;
+ break;
+ }
+ }
+
+ if(!*p && !*str) {
+ return true;
+ }
+
+ if (!*p && str[0] == '.' && str[1] == 0) {
+ return true;
+ }
+
+ if (!*str && *p == '?') {
+ while (*p == '?') {
+ p++;
+ }
+ return(!*p);
+ }
+
+ if(!*str && (*p == '*' && p[1] == '\0')) {
+ return true;
+ }
+
+ return false;
+}
+
+/*******************************************************************
+ Simple case insensitive interface to a UNIX wildcard matcher.
+ Returns True if match, False if not.
+*******************************************************************/
+
+bool unix_wild_match(const char *pattern, const char *string)
+{
+ TALLOC_CTX *ctx = talloc_stackframe();
+ char *p2;
+ char *s2;
+ char *p;
+ bool ret = false;
+
+ p2 = strlower_talloc(ctx, pattern);
+ s2 = strlower_talloc(ctx, string);
+ if (!p2 || !s2) {
+ TALLOC_FREE(ctx);
+ return false;
+ }
+
+ /* Remove any *? and ** from the pattern as they are meaningless */
+ for(p = p2; *p; p++) {
+ while( *p == '*' && (p[1] == '?' ||p[1] == '*')) {
+ memmove(&p[1], &p[2], strlen(&p[2])+1);
+ }
+ }
+
+ if (p2[0] == '*' && p2[1] == '\0') {
+ TALLOC_FREE(ctx);
+ return true;
+ }
+
+ ret = unix_do_match(p2, s2);
+ TALLOC_FREE(ctx);
+ return ret;
+}
diff --git a/file_server/file_server.h b/lib/util/unix_match.h
similarity index 79%
copy from file_server/file_server.h
copy to lib/util/unix_match.h
index 7da9437..a7b6935 100644
--- a/file_server/file_server.h
+++ b/lib/util/unix_match.h
@@ -1,9 +1,7 @@
/*
Unix SMB/CIFS implementation.
-
- run s3 file server within Samba4
-
- Copyright (C) Andrew Tridgell 2011
+ Utility functions for Samba
+ Copyright (C) Jeremy Allison 2001
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -19,7 +17,9 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-/*
- open the s3 smb server sockets
-*/
-void s3_smbd_task_init(struct task_server *task);
+#ifndef _UNIX_MASK_H_
+#define _UNIX_MASK_H_
+
+bool unix_wild_match(const char *pattern, const char *string);
+
+#endif
diff --git a/lib/util/wscript_build b/lib/util/wscript_build
index 6d2ab4a..9b51f0e 100755
--- a/lib/util/wscript_build
+++ b/lib/util/wscript_build
@@ -120,7 +120,7 @@ else:
idtree_random.c base64.c
util_str.c util_str_common.c ms_fnmatch.c
server_id.c dprintf.c bitmap.c pidfile.c
- tevent_debug.c memcache.c''',
+ tevent_debug.c memcache.c unix_match.c''',
deps='samba-util-core DYNCONFIG close-low-fd tini tiniparser
genrand',
public_deps='talloc tevent execinfo pthread LIBCRYPTO
charset util_setid systemd systemd-daemon',
public_headers='debug.h attr.h byteorder.h data_blob.h
memory.h safe_string.h time.h talloc_stack.h xfile.h string_wrappers.h idtree.h
idtree_random.h blocking.h signal.h substitute.h fault.h genrand.h',
@@ -199,3 +199,8 @@ else:
deps='talloc tdb strv util_tdb tdb-wrap samba-util',
local_include=False,
private_library=True)
+
+ bld.SAMBA_SUBSYSTEM('access',
+ source='access.c',
+ deps='interfaces samba-util',
+ local_include=False)
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 0b0a2b5..33e3f6c 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -26,15 +26,7 @@
#include <sys/types.h>
#include <regex.h>
-/* The following definitions come from lib/access.c */
-
-bool client_match(const char *tok, const void *item);
-bool list_match(const char **list,const void *item,
- bool (*match_fn)(const char *, const void *));
-bool allow_access(const char **deny_list,
- const char **allow_list,
- const char *cname,
- const char *caddr);
+#include "lib/util/access.h"
/* The following definitions come from lib/adt_tree.c */
@@ -411,7 +403,7 @@ bool ms_has_wild_w(const smb_ucs2_t *s);
bool mask_match(const char *string, const char *pattern, bool
is_case_sensitive);
bool mask_match_search(const char *string, const char *pattern, bool
is_case_sensitive);
bool mask_match_list(const char *string, char **list, int listLen, bool
is_case_sensitive);
-bool unix_wild_match(const char *pattern, const char *string);
+#include "lib/util/unix_match.h"
bool name_to_fqdn(fstring fqdn, const char *name);
uint32_t map_share_mode_to_deny_mode(uint32_t share_access, uint32_t
private_options);
diff --git a/source3/lib/util.c b/source3/lib/util.c
index bab3998..85cb9b3 100644
--- a/source3/lib/util.c
+++ b/source3/lib/util.c
@@ -1785,152 +1785,6 @@ bool mask_match_list(const char *string, char **list,
int listLen, bool is_case_
return False;
}
-/*********************************************************
- Recursive routine that is called by unix_wild_match.
-*********************************************************/
-
-static bool unix_do_match(const char *regexp, const char *str)
-{
- const char *p;
-
- for( p = regexp; *p && *str; ) {
-
- switch(*p) {
- case '?':
- str++;
- p++;
- break;
-
- case '*':
-
- /*
- * Look for a character matching
- * the one after the '*'.
- */
- p++;
- if(!*p)
- return true; /* Automatic match */
- while(*str) {
-
- while(*str && (*p != *str))
- str++;
-
- /*
- * Patch from wei...@multichart.de. In
the case of the regexp
- * '*XX*' we want to ensure there are
at least 2 'X' characters
- * in the string after the '*' for a
match to be made.
- */
-
- {
--
Samba Shared Repository
