The branch, master has been updated via d333c56 source4: Change to use lib/util/access functions. via 584daf5 lib: util: Add allow_access_nolog(). via f128508 Move source3/lib/access.c to toplevel lib/util/access.c via 8e964cc s3: lib: Replace s3 strnequal with top level strncasecmp_m. via 0433700 s3: lib: Use top level function strequal_m not the s3 strequal via 29330d8 s3: lib: Change masked_match() from SMB_STRDUP macro to underlying smb_xstrdup function. via 828b60f lib/util: Move unix_wild_match() from source3/lib/util to lib/util/ via caadd8a s3: lib: Move from talloc_strdup then lower to strlower_talloc() via 076963c s3: util: Remove unneeded strequal() call. Convert to simple character check. via b7a4210 s3: lib - Fix formatting of unix_wild_match() sub-function to README.Coding standards. from 08d1ac0 nss_wins: Fix errno values for HOST_NOT_FOUND
https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log ----------------------------------------------------------------- commit d333c56700c17ff819aa784879081d847f00903c Author: Jeremy Allison <j...@samba.org> Date: Thu Nov 10 20:33:17 2016 -0800 source4: Change to use lib/util/access functions. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12419 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> Autobuild-User(master): Andreas Schneider <a...@cryptomilk.org> Autobuild-Date(master): Wed Nov 16 16:35:12 CET 2016 on sn-devel-144 commit 584daf551348815342442f5b3a0d3b8f9484c5bd Author: Jeremy Allison <j...@samba.org> Date: Mon Nov 14 11:48:32 2016 -0800 lib: util: Add allow_access_nolog(). Make allow_access() call allow_access_nolog(), then log. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12419 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit f1285082f943d55df14bc88234ba6c321459c7b8 Author: Jeremy Allison <j...@samba.org> Date: Thu Nov 10 17:15:20 2016 -0800 Move source3/lib/access.c to toplevel lib/util/access.c BUG: https://bugzilla.samba.org/show_bug.cgi?id=12419 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 8e964cc929728b6f622f557ad9a802f457250f15 Author: Jeremy Allison <j...@samba.org> Date: Thu Nov 10 17:09:33 2016 -0800 s3: lib: Replace s3 strnequal with top level strncasecmp_m. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12419 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 04337008d406894829b1ff2624818f9d8b0fc5aa Author: Jeremy Allison <j...@samba.org> Date: Thu Nov 10 17:07:11 2016 -0800 s3: lib: Use top level function strequal_m not the s3 strequal BUG: https://bugzilla.samba.org/show_bug.cgi?id=12419 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 29330d8d666848e56ac04f365f8370face0f7af3 Author: Jeremy Allison <j...@samba.org> Date: Thu Nov 10 17:02:08 2016 -0800 s3: lib: Change masked_match() from SMB_STRDUP macro to underlying smb_xstrdup function. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12419 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 828b60f30debce84a057dda2551f2fd494327872 Author: Jeremy Allison <j...@samba.org> Date: Fri Nov 11 10:35:01 2016 -0800 lib/util: Move unix_wild_match() from source3/lib/util to lib/util/ Use top-level functions instead of source3 specific ones. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12419 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit caadd8afe65cd17f47c737bb483ad05362071fb7 Author: Jeremy Allison <j...@samba.org> Date: Fri Nov 11 10:24:40 2016 -0800 s3: lib: Move from talloc_strdup then lower to strlower_talloc() Do things in one go. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12419 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit 076963c23efc901b5ee47e5ec3758117dcb37994 Author: Jeremy Allison <j...@samba.org> Date: Fri Nov 11 10:22:52 2016 -0800 s3: util: Remove unneeded strequal() call. Convert to simple character check. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12419 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> commit b7a4210e283fdadb46fa0d1142958d5e0f7fd2fa Author: Jeremy Allison <j...@samba.org> Date: Fri Nov 11 10:21:10 2016 -0800 s3: lib - Fix formatting of unix_wild_match() sub-function to README.Coding standards. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12419 Signed-off-by: Jeremy Allison <j...@samba.org> Reviewed-by: Andreas Schneider <a...@samba.org> ----------------------------------------------------------------------- Summary of changes: {source3/lib => lib/util}/access.c | 55 +++-- lib/util/access.h | 28 +++ lib/util/unix_match.c | 183 ++++++++++++++++ file_server/file_server.h => lib/util/unix_match.h | 16 +- lib/util/wscript_build | 7 +- source3/include/proto.h | 12 +- source3/lib/util.c | 146 ------------- source3/wscript_build | 3 +- source4/dsdb/common/util.c | 3 +- source4/lib/socket/access.c | 237 +-------------------- source4/lib/socket/socket.h | 3 - source4/lib/socket/wscript_build | 2 +- 12 files changed, 271 insertions(+), 424 deletions(-) rename {source3/lib => lib/util}/access.c (86%) create mode 100644 lib/util/access.h create mode 100644 lib/util/unix_match.c copy file_server/file_server.h => lib/util/unix_match.h (79%) Changeset truncated at 500 lines: diff --git a/source3/lib/access.c b/lib/util/access.c similarity index 86% rename from source3/lib/access.c rename to lib/util/access.c index ad868fa..859824c 100644 --- a/source3/lib/access.c +++ b/lib/util/access.c @@ -13,6 +13,12 @@ #include "includes.h" #include "../lib/util/memcache.h" #include "lib/socket/interfaces.h" +#include "lib/util/samba_util.h" +#include "lib/util/util_net.h" +#include "lib/util/samba_util.h" +#include "lib/util/memory.h" +#include "lib/util/access.h" +#include "lib/util/unix_match.h" #define NAME_INDEX 0 #define ADDR_INDEX 1 @@ -31,14 +37,14 @@ static bool masked_match(const char *tok, const char *slash, const char *s) if (*tok == '[') { /* IPv6 address - remove braces. */ - tok_copy = SMB_STRDUP(tok+1); + tok_copy = smb_xstrdup(tok+1); if (!tok_copy) { return false; } /* Remove the terminating ']' */ tok_copy[PTR_DIFF(slash,tok)-1] = '\0'; } else { - tok_copy = SMB_STRDUP(tok); + tok_copy = smb_xstrdup(tok); if (!tok_copy) { return false; } @@ -96,7 +102,7 @@ static bool string_match(const char *tok,const char *s) if (tok[0] == '.') { /* domain: match last fields */ if ((str_len = strlen(s)) > (tok_len = strlen(tok)) - && strequal(tok, s + str_len - tok_len)) { + && strequal_m(tok, s + str_len - tok_len)) { return true; } } else if (tok[0] == '@') { /* netgroup: look it up */ @@ -128,7 +134,7 @@ static bool string_match(const char *tok,const char *s) DEBUG(0,("Unable to get default yp domain. " "Try without it.\n")); } - if (!(hostname = SMB_STRDUP(s))) { + if (!(hostname = smb_xstrdup(s))) { DEBUG(1,("out of memory for strdup!\n")); return false; } @@ -149,15 +155,15 @@ static bool string_match(const char *tok,const char *s) DEBUG(0,("access: netgroup support is not configured\n")); return false; #endif - } else if (strequal(tok, "ALL")) { /* all: match any */ + } else if (strequal_m(tok, "ALL")) { /* all: match any */ return true; - } else if (strequal(tok, "FAIL")) { /* fail: match any */ + } else if (strequal_m(tok, "FAIL")) { /* fail: match any */ return true; - } else if (strequal(tok, "LOCAL")) { /* local: no dots */ - if (strchr_m(s, '.') == 0 && !strequal(s, "unknown")) { + } else if (strequal_m(tok, "LOCAL")) { /* local: no dots */ + if (strchr_m(s, '.') == 0 && !strequal_m(s, "unknown")) { return true; } - } else if (strequal(tok, s)) { /* match host name or address */ + } else if (strequal_m(tok, s)) { /* match host name or address */ return true; } else if (tok[(tok_len = strlen(tok)) - 1] == '.') { /* network */ if (strncmp(tok, s, tok_len) == 0) { @@ -191,11 +197,11 @@ bool client_match(const char *tok, const void *item) * Bug #5311 and #7383. */ - if (strnequal(tok_addr, "::ffff:",7)) { + if (strncasecmp_m(tok_addr, "::ffff:", 7) == 0) { tok_addr += 7; } - if (strnequal(cli_addr,"::ffff:",7)) { + if (strncasecmp_m(cli_addr, "::ffff:", 7) == 0) { cli_addr += 7; } @@ -235,7 +241,7 @@ bool list_match(const char **list,const void *item, */ for (; *list ; list++) { - if (strequal(*list, "EXCEPT")) { + if (strequal_m(*list, "EXCEPT")) { /* EXCEPT: give up */ break; } @@ -247,7 +253,7 @@ bool list_match(const char **list,const void *item, /* Process exceptions to true or FAIL matches. */ if (match != false) { - while (*list && !strequal(*list, "EXCEPT")) { + while (*list && !strequal_m(*list, "EXCEPT")) { list++; } @@ -321,8 +327,8 @@ static bool allow_access_internal(const char **deny_list, return true; } -/* return true if access should be allowed */ -bool allow_access(const char **deny_list, +/* return true if access should be allowed - doesn't print log message */ +bool allow_access_nolog(const char **deny_list, const char **allow_list, const char *cname, const char *caddr) @@ -333,11 +339,24 @@ bool allow_access(const char **deny_list, ret = allow_access_internal(deny_list, allow_list, nc_cname, nc_caddr); + SAFE_FREE(nc_cname); + SAFE_FREE(nc_caddr); + return ret; +} + +/* return true if access should be allowed - prints log message */ +bool allow_access(const char **deny_list, + const char **allow_list, + const char *cname, + const char *caddr) +{ + bool ret; + + ret = allow_access_nolog(deny_list, allow_list, cname, caddr); + DEBUG(ret ? 3 : 0, ("%s connection from %s (%s)\n", - ret ? "Allowed" : "Denied", nc_cname, nc_caddr)); + ret ? "Allowed" : "Denied", cname, caddr)); - SAFE_FREE(nc_cname); - SAFE_FREE(nc_caddr); return ret; } diff --git a/lib/util/access.h b/lib/util/access.h new file mode 100644 index 0000000..73f71b6 --- /dev/null +++ b/lib/util/access.h @@ -0,0 +1,28 @@ +/* + This module is an adaption of code from the tcpd-1.4 package written + by Wietse Venema, Eindhoven University of Technology, The Netherlands. + + The code is used here with permission. + + The code has been considerably changed from the original. Bug reports + should be sent to samba-techni...@lists.samba.org + + Updated for IPv6 by Jeremy Allison (C) 2007. +*/ + +#ifndef _UTIL_ACCESS_H_ +#define _UTIL_ACCESS_H_ + +bool client_match(const char *tok, const void *item); +bool list_match(const char **list,const void *item, + bool (*match_fn)(const char *, const void *)); +bool allow_access_nolog(const char **deny_list, + const char **allow_list, + const char *cname, + const char *caddr); +bool allow_access(const char **deny_list, + const char **allow_list, + const char *cname, + const char *caddr); + +#endif diff --git a/lib/util/unix_match.c b/lib/util/unix_match.c new file mode 100644 index 0000000..38edc18 --- /dev/null +++ b/lib/util/unix_match.c @@ -0,0 +1,183 @@ +/* + Unix SMB/CIFS implementation. + Samba utility functions + Copyright (C) Jeremy Allison 2001 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "replace.h" +#include <talloc.h> +#include "lib/util/talloc_stack.h" +#include "lib/util/charset/charset.h" +#include "lib/util/unix_match.h" + +/********************************************************* + Recursive routine that is called by unix_wild_match. +*********************************************************/ + +static bool unix_do_match(const char *regexp, const char *str) +{ + const char *p; + + for( p = regexp; *p && *str; ) { + + switch(*p) { + case '?': + str++; + p++; + break; + + case '*': + + /* + * Look for a character matching + * the one after the '*'. + */ + p++; + if(!*p) { + return true; /* Automatic match */ + } + while(*str) { + + while(*str && (*p != *str)) { + str++; + } + + /* + * Patch from wei...@multichart.de. + * In the case of the regexp + * '*XX*' we want to ensure there are + * at least 2 'X' characters in the + * string after the '*' for a match to + * be made. + */ + + { + int matchcount=0; + + /* + * Eat all the characters that + * match, but count how many + * there were. + */ + + while(*str && (*p == *str)) { + str++; + matchcount++; + } + + /* + * Now check that if the regexp + * had n identical characters + * that matchcount had at least + * that many matches. + */ + + while (*(p+1) && (*(p+1)==*p)) { + p++; + matchcount--; + } + + if ( matchcount <= 0 ) { + return false; + } + } + + /* + * We've eaten the match char + * after the '*' + */ + str--; + + if(unix_do_match(p, str)) { + return true; + } + + if(!*str) { + return false; + } else { + str++; + } + } + return false; + + default: + if(*str != *p) { + return false; + } + str++; + p++; + break; + } + } + + if(!*p && !*str) { + return true; + } + + if (!*p && str[0] == '.' && str[1] == 0) { + return true; + } + + if (!*str && *p == '?') { + while (*p == '?') { + p++; + } + return(!*p); + } + + if(!*str && (*p == '*' && p[1] == '\0')) { + return true; + } + + return false; +} + +/******************************************************************* + Simple case insensitive interface to a UNIX wildcard matcher. + Returns True if match, False if not. +*******************************************************************/ + +bool unix_wild_match(const char *pattern, const char *string) +{ + TALLOC_CTX *ctx = talloc_stackframe(); + char *p2; + char *s2; + char *p; + bool ret = false; + + p2 = strlower_talloc(ctx, pattern); + s2 = strlower_talloc(ctx, string); + if (!p2 || !s2) { + TALLOC_FREE(ctx); + return false; + } + + /* Remove any *? and ** from the pattern as they are meaningless */ + for(p = p2; *p; p++) { + while( *p == '*' && (p[1] == '?' ||p[1] == '*')) { + memmove(&p[1], &p[2], strlen(&p[2])+1); + } + } + + if (p2[0] == '*' && p2[1] == '\0') { + TALLOC_FREE(ctx); + return true; + } + + ret = unix_do_match(p2, s2); + TALLOC_FREE(ctx); + return ret; +} diff --git a/file_server/file_server.h b/lib/util/unix_match.h similarity index 79% copy from file_server/file_server.h copy to lib/util/unix_match.h index 7da9437..a7b6935 100644 --- a/file_server/file_server.h +++ b/lib/util/unix_match.h @@ -1,9 +1,7 @@ /* Unix SMB/CIFS implementation. - - run s3 file server within Samba4 - - Copyright (C) Andrew Tridgell 2011 + Utility functions for Samba + Copyright (C) Jeremy Allison 2001 This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by @@ -19,7 +17,9 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. */ -/* - open the s3 smb server sockets -*/ -void s3_smbd_task_init(struct task_server *task); +#ifndef _UNIX_MASK_H_ +#define _UNIX_MASK_H_ + +bool unix_wild_match(const char *pattern, const char *string); + +#endif diff --git a/lib/util/wscript_build b/lib/util/wscript_build index 6d2ab4a..9b51f0e 100755 --- a/lib/util/wscript_build +++ b/lib/util/wscript_build @@ -120,7 +120,7 @@ else: idtree_random.c base64.c util_str.c util_str_common.c ms_fnmatch.c server_id.c dprintf.c bitmap.c pidfile.c - tevent_debug.c memcache.c''', + tevent_debug.c memcache.c unix_match.c''', deps='samba-util-core DYNCONFIG close-low-fd tini tiniparser genrand', public_deps='talloc tevent execinfo pthread LIBCRYPTO charset util_setid systemd systemd-daemon', public_headers='debug.h attr.h byteorder.h data_blob.h memory.h safe_string.h time.h talloc_stack.h xfile.h string_wrappers.h idtree.h idtree_random.h blocking.h signal.h substitute.h fault.h genrand.h', @@ -199,3 +199,8 @@ else: deps='talloc tdb strv util_tdb tdb-wrap samba-util', local_include=False, private_library=True) + + bld.SAMBA_SUBSYSTEM('access', + source='access.c', + deps='interfaces samba-util', + local_include=False) diff --git a/source3/include/proto.h b/source3/include/proto.h index 0b0a2b5..33e3f6c 100644 --- a/source3/include/proto.h +++ b/source3/include/proto.h @@ -26,15 +26,7 @@ #include <sys/types.h> #include <regex.h> -/* The following definitions come from lib/access.c */ - -bool client_match(const char *tok, const void *item); -bool list_match(const char **list,const void *item, - bool (*match_fn)(const char *, const void *)); -bool allow_access(const char **deny_list, - const char **allow_list, - const char *cname, - const char *caddr); +#include "lib/util/access.h" /* The following definitions come from lib/adt_tree.c */ @@ -411,7 +403,7 @@ bool ms_has_wild_w(const smb_ucs2_t *s); bool mask_match(const char *string, const char *pattern, bool is_case_sensitive); bool mask_match_search(const char *string, const char *pattern, bool is_case_sensitive); bool mask_match_list(const char *string, char **list, int listLen, bool is_case_sensitive); -bool unix_wild_match(const char *pattern, const char *string); +#include "lib/util/unix_match.h" bool name_to_fqdn(fstring fqdn, const char *name); uint32_t map_share_mode_to_deny_mode(uint32_t share_access, uint32_t private_options); diff --git a/source3/lib/util.c b/source3/lib/util.c index bab3998..85cb9b3 100644 --- a/source3/lib/util.c +++ b/source3/lib/util.c @@ -1785,152 +1785,6 @@ bool mask_match_list(const char *string, char **list, int listLen, bool is_case_ return False; } -/********************************************************* - Recursive routine that is called by unix_wild_match. -*********************************************************/ - -static bool unix_do_match(const char *regexp, const char *str) -{ - const char *p; - - for( p = regexp; *p && *str; ) { - - switch(*p) { - case '?': - str++; - p++; - break; - - case '*': - - /* - * Look for a character matching - * the one after the '*'. - */ - p++; - if(!*p) - return true; /* Automatic match */ - while(*str) { - - while(*str && (*p != *str)) - str++; - - /* - * Patch from wei...@multichart.de. In the case of the regexp - * '*XX*' we want to ensure there are at least 2 'X' characters - * in the string after the '*' for a match to be made. - */ - - { -- Samba Shared Repository