The branch, master has been updated
via 193b44466ba nsswitch pam_winbind: Fix Asan use after free
via e129d4ea3e0 selftest: Utils.cmd_output returns byte string
via 63ae5e5f82b s4 heimdal_build: disable leak checks for asn1 compiler
via 3e5a2749db9 s4/scripting/bin Remove unecessary scripts
from 71cc89833f2 libnet: Remove unused
source4/libnet/libnet_sam{dump,sync}:
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 193b44466ba05deba8f2b1fdc16ab55c102e82ad
Author: Gary Lockyer <g...@catalyst.net.nz>
Date: Thu Apr 18 09:29:28 2019 +1200
nsswitch pam_winbind: Fix Asan use after free
Fix use after free condition detected by Address Sanitizer triggered by
wbcLogonUserInfoDestructor, wbcFreeMemory has code to detect and prevent a
double free. This patch prevents the Address Sanitizer error, allowing
tests to be run with Address Sanitizer enabled.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=13927
Signed-off-by: Gary Lockyer <g...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
Autobuild-User(master): Andrew Bartlett <abart...@samba.org>
Autobuild-Date(master): Mon May 6 08:55:22 UTC 2019 on sn-devel-184
commit e129d4ea3e0f6455d1eb6d5df7118e31fcb1670e
Author: Gary Lockyer <g...@catalyst.net.nz>
Date: Mon May 6 13:14:37 2019 +1200
selftest: Utils.cmd_output returns byte string
Convert the returned byte string into a string.
Signed-off-by: Gary Lockyer <g...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 63ae5e5f82bcc8f7f2c345f8b78170c5d2139684
Author: Gary Lockyer <g...@catalyst.net.nz>
Date: Mon May 6 13:12:33 2019 +1200
s4 heimdal_build: disable leak checks for asn1 compiler
Disable Address Sanitizer leak checking for the heimdal asn1 compiler, this
allows a samba build with Address Sanitizer enabled.
Signed-off-by: Gary Lockyer <g...@catalyst.net.nz>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
commit 3e5a2749db94930d06bf63b62136ecf49ac09e9c
Author: Noel Power <noel.po...@suse.com>
Date: Tue Apr 30 12:24:11 2019 +0100
s4/scripting/bin Remove unecessary scripts
Apparently we get official schema from MS these days
Signed-off-by: Noel Power <noel.po...@suse.com>
Reviewed-by: Andrew Bartlett <abart...@samba.org>
-----------------------------------------------------------------------
Summary of changes:
nsswitch/pam_winbind.c | 5 +
selftest/wscript | 1 +
source4/heimdal_build/wscript_build | 11 +-
source4/scripting/bin/fullschema | 184 ------------
source4/scripting/bin/minschema | 569 ------------------------------------
5 files changed, 16 insertions(+), 754 deletions(-)
delete mode 100755 source4/scripting/bin/fullschema
delete mode 100755 source4/scripting/bin/minschema
Changeset truncated at 500 lines:
diff --git a/nsswitch/pam_winbind.c b/nsswitch/pam_winbind.c
index 757fdae6e3c..0ba1955f007 100644
--- a/nsswitch/pam_winbind.c
+++ b/nsswitch/pam_winbind.c
@@ -1931,6 +1931,11 @@ static int winbind_auth_request(struct pwb_context *ctx,
wbcFreeMemory(logon.blobs);
if (info && info->blobs && !p_info) {
wbcFreeMemory(info->blobs);
+ /*
+ * We set blobs to NULL to prevent a use after free in the
+ * in the wbcLogonUserInfoDestructor
+ */
+ info->blobs = NULL;
}
if (error && !p_error) {
wbcFreeMemory(error);
diff --git a/selftest/wscript b/selftest/wscript
index 2fd38e20a4a..44455480eb1 100644
--- a/selftest/wscript
+++ b/selftest/wscript
@@ -276,6 +276,7 @@ def cmd_testonly(opt):
# We try to find the correct libasan automatically
libasan = Utils.cmd_output('ldd bin/texpect | grep libasan| cut -f 3
-d \ ',
silent=True).strip()
+ libasan = libasan.decode('utf8')
# Have the selftest.pl LD_PRELOAD libasan in the right spot
env.OPTIONS += " --asan_so_path=" + libasan
diff --git a/source4/heimdal_build/wscript_build
b/source4/heimdal_build/wscript_build
index 871db6b37fb..bedc130e07a 100644
--- a/source4/heimdal_build/wscript_build
+++ b/source4/heimdal_build/wscript_build
@@ -4,6 +4,7 @@ import os
from waflib import Context
from samba_utils import SET_TARGET_TYPE
from samba_autoconf import CURRENT_CFLAGS
+from samba_utils import LOAD_ENVIRONMENT
def to_list(str):
'''Split a list, preserving quoted strings and existing lists'''
@@ -57,7 +58,15 @@ def HEIMDAL_ASN1(name, source,
# source file. Note that in the case of a option_file, we have more than
# one source file
cd_rule = 'cd "${TGT[0].parent.abspath(env)}"'
- asn1_rule = cd_rule + ' && "${ASN1_COMPILE}" ${OPTION_FILE} ${ASN1OPTIONS}
--one-code-file "${SRC[0].abspath(env)}" ${ASN1NAME}'
+ env = LOAD_ENVIRONMENT()
+ if env.ADDRESS_SANITIZER:
+ # If address sanitizer is enabled, we need to suppress leak checking
+ # in the asn1 tool.
+ no_leak_check = " && export ASAN_OPTIONS=detect_leaks=0"
+ else:
+ no_leak_check = ""
+
+ asn1_rule = cd_rule + no_leak_check + ' && "${ASN1_COMPILE}"
${OPTION_FILE} ${ASN1OPTIONS} --one-code-file "${SRC[0].abspath(env)}"
${ASN1NAME}'
source = to_list(source)
diff --git a/source4/scripting/bin/fullschema b/source4/scripting/bin/fullschema
deleted file mode 100755
index 26e33d8059f..00000000000
--- a/source4/scripting/bin/fullschema
+++ /dev/null
@@ -1,184 +0,0 @@
-#!/usr/bin/env python3
-#
-# Works out the full schema
-#
-from __future__ import print_function
-
-import base64
-import optparse
-import sys
-
-# Find right directory when running from source tree
-sys.path.insert(0, "bin/python")
-
-import samba
-from samba import getopt as options, Ldb
-from ldb import SCOPE_SUBTREE, SCOPE_BASE
-import sys
-
-parser = optparse.OptionParser("fullschema <URL>")
-sambaopts = options.SambaOptions(parser)
-parser.add_option_group(sambaopts)
-credopts = options.CredentialsOptions(parser)
-parser.add_option_group(credopts)
-parser.add_option_group(options.VersionOptions(parser))
-parser.add_option("--dump-classes", action="store_true")
-parser.add_option("--dump-attributes", action="store_true")
-
-opts, args = parser.parse_args()
-opts.dump_all = True
-
-if opts.dump_classes:
- opts.dump_all = False
-if opts.dump_attributes:
- opts.dump_all = False
-if opts.dump_all:
- opts.dump_classes = True
- opts.dump_attributes = True
-
-if len(args) != 1:
- parser.print_usage()
- sys.exit(1)
-
-url = args[0]
-
-lp_ctx = sambaopts.get_loadparm()
-
-creds = credopts.get_credentials(lp_ctx)
-ldb = Ldb(url, credentials=creds, lp=lp_ctx,
options=["modules:paged_searches"])
-
-# the attributes we need for objectclasses
-class_attrs = ["objectClass",
- "cn",
- "subClassOf",
- "governsID",
- "possSuperiors",
- "possibleInferiors",
- "mayContain",
- "mustContain",
- "auxiliaryClass",
- "rDNAttID",
- "adminDisplayName",
- "adminDescription",
- "objectClassCategory",
- "lDAPDisplayName",
- "schemaIDGUID",
- "systemOnly",
- "systemPossSuperiors",
- "systemMayContain",
- "systemMustContain",
- "systemAuxiliaryClass",
- "defaultSecurityDescriptor",
- "systemFlags",
- "defaultHidingValue",
- "defaultObjectCategory",
-
- # this attributes are not used by w2k3
- "schemaFlagsEx",
- "msDs-IntId",
- "msDs-Schema-Extensions",
- "classDisplayName",
- "isDefunct"]
-
-attrib_attrs = ["objectClass",
- "cn",
- "attributeID",
- "attributeSyntax",
- "isSingleValued",
- "rangeLower",
- "rangeUpper",
- "mAPIID",
- "linkID",
- "adminDisplayName",
- "oMObjectClass",
- "adminDescription",
- "oMSyntax",
- "searchFlags",
- "extendedCharsAllowed",
- "lDAPDisplayName",
- "schemaIDGUID",
- "attributeSecurityGUID",
- "systemOnly",
- "systemFlags",
- "isMemberOfPartialAttributeSet",
-
- # this attributes are not used by w2k3
- "schemaFlagsEx",
- "msDs-IntId",
- "msDs-Schema-Extensions",
- "classDisplayName",
- "isEphemeral",
- "isDefunct"]
-
-class Objectclass(dict):
-
- def __init__(self, ldb, name):
- """create an objectclass object"""
- self.name = name
-
-
-class Attribute(dict):
-
- def __init__(self, ldb, name):
- """create an attribute object"""
- self.name = name
- self["cn"] = get_object_cn(ldb, name)
-
-
-
-def fix_dn(dn):
- """fix a string DN to use ${SCHEMADN}"""
- return dn.replace(rootDse["schemaNamingContext"][0], "${SCHEMADN}")
-
-
-def write_ldif_one(o, attrs):
- """dump an object as ldif"""
- print("dn: CN=%s,${SCHEMADN}" % o["cn"])
- for a in attrs:
- if not o.has_key(a):
- continue
- # special case for oMObjectClass, which is a binary object
- v = o[a]
- list = []
- for j in v:
- value = fix_dn(j)
- list.append(value)
- list.sort()
- for j in list:
- value = fix_dn(j)
- if a != "cn":
- if a == "oMObjectClass":
- print("%s:: %s" % (a,
base64.b64encode(value)).decode('utf8'))
- elif a.endswith("GUID"):
- print("%s: %s" % (a, ldb.schema_format_value(a, value)))
- else:
- print("%s: %s" % (a, value))
- print()
-
-
-# get the rootDSE
-res = ldb.search(base="", expression="", scope=SCOPE_BASE,
attrs=["schemaNamingContext"])
-rootDse = res[0]
-
-if opts.dump_attributes:
- res = ldb.search(expression="objectClass=attributeSchema",
- base=rootDse["schemaNamingContext"][0],
scope=SCOPE_SUBTREE,attrs=attrib_attrs,
- controls=["server_sort:1:0:cn"])
-
- for msg in res:
- o = Objectclass(ldb, msg["ldapDisplayName"])
- for a in msg:
- o[a] = msg[a]
- write_ldif_one(o, attrib_attrs)
-
-if opts.dump_classes:
- res = ldb.search(expression="objectClass=classSchema",
- base=rootDse["schemaNamingContext"][0],
scope=SCOPE_SUBTREE,attrs=class_attrs,
- controls=["server_sort:1:0:cn"])
-
- for msg in res:
- o = Objectclass(ldb, msg["ldapDisplayName"])
- for a in msg:
- o[a] = msg[a]
- write_ldif_one(o, class_attrs)
-
diff --git a/source4/scripting/bin/minschema b/source4/scripting/bin/minschema
deleted file mode 100755
index f0e532ec9bb..00000000000
--- a/source4/scripting/bin/minschema
+++ /dev/null
@@ -1,569 +0,0 @@
-#!/usr/bin/env python3
-#
-# Works out the minimal schema for a set of objectclasses
-#
-from __future__ import print_function
-import base64
-import optparse
-import sys
-
-# Find right directory when running from source tree
-sys.path.insert(0, "bin/python")
-
-import samba
-from samba import getopt as options, Ldb
-from ldb import SCOPE_SUBTREE, SCOPE_BASE, LdbError
-import sys
-
-parser = optparse.OptionParser("minschema <URL> <classfile>")
-sambaopts = options.SambaOptions(parser)
-parser.add_option_group(sambaopts)
-credopts = options.CredentialsOptions(parser)
-parser.add_option_group(credopts)
-parser.add_option_group(options.VersionOptions(parser))
-parser.add_option("--verbose", help="Be verbose", action="store_true")
-parser.add_option("--dump-classes", action="store_true")
-parser.add_option("--dump-attributes", action="store_true")
-parser.add_option("--dump-subschema", action="store_true")
-parser.add_option("--dump-subschema-auto", action="store_true")
-
-opts, args = parser.parse_args()
-opts.dump_all = True
-
-if opts.dump_classes:
- opts.dump_all = False
-if opts.dump_attributes:
- opts.dump_all = False
-if opts.dump_subschema:
- opts.dump_all = False
-if opts.dump_subschema_auto:
- opts.dump_all = False
- opts.dump_subschema = True
-if opts.dump_all:
- opts.dump_classes = True
- opts.dump_attributes = True
- opts.dump_subschema = True
- opts.dump_subschema_auto = True
-
-if len(args) != 2:
- parser.print_usage()
- sys.exit(1)
-
-(url, classfile) = args
-
-lp_ctx = sambaopts.get_loadparm()
-
-creds = credopts.get_credentials(lp_ctx)
-ldb = Ldb(url, credentials=creds, lp=lp_ctx)
-
-objectclasses = {}
-attributes = {}
-
-objectclasses_expanded = set()
-
-# the attributes we need for objectclasses
-class_attrs = ["objectClass",
- "subClassOf",
- "governsID",
- "possSuperiors",
- "possibleInferiors",
- "mayContain",
- "mustContain",
- "auxiliaryClass",
- "rDNAttID",
- "adminDisplayName",
- "adminDescription",
- "objectClassCategory",
- "lDAPDisplayName",
- "schemaIDGUID",
- "systemOnly",
- "systemPossSuperiors",
- "systemMayContain",
- "systemMustContain",
- "systemAuxiliaryClass",
- "defaultSecurityDescriptor",
- "systemFlags",
- "defaultHidingValue",
- "objectCategory",
- "defaultObjectCategory",
-
- # this attributes are not used by w2k3
- "schemaFlagsEx",
- "msDs-IntId",
- "msDs-Schema-Extensions",
- "classDisplayName",
- "isDefunct"]
-
-attrib_attrs = ["objectClass",
- "attributeID",
- "attributeSyntax",
- "isSingleValued",
- "rangeLower",
- "rangeUpper",
- "mAPIID",
- "linkID",
- "adminDisplayName",
- "oMObjectClass",
- "adminDescription",
- "oMSyntax",
- "searchFlags",
- "extendedCharsAllowed",
- "lDAPDisplayName",
- "schemaIDGUID",
- "attributeSecurityGUID",
- "systemOnly",
- "systemFlags",
- "isMemberOfPartialAttributeSet",
- "objectCategory",
-
- # this attributes are not used by w2k3
- "schemaFlagsEx",
- "msDs-IntId",
- "msDs-Schema-Extensions",
- "classDisplayName",
- "isEphemeral",
- "isDefunct"]
-
-#
-# notes:
-#
-# objectClassCategory
-# 1: structural
-# 2: abstract
-# 3: auxiliary
-
-def get_object_cn(ldb, name):
- attrs = ["cn"]
- res = ldb.search(expression="(ldapDisplayName=%s)" % name,
base=rootDse["schemaNamingContext"][0], scope=SCOPE_SUBTREE, attrs=attrs)
- assert len(res) == 1
- return res[0]["cn"]
-
-
-class Objectclass(dict):
-
- def __init__(self, ldb, name):
- """create an objectclass object"""
- self.name = name
- self["cn"] = get_object_cn(ldb, name)
-
-
-class Attribute(dict):
-
- def __init__(self, ldb, name):
- """create an attribute object"""
- self.name = name
- self["cn"] = get_object_cn(ldb, name)
-
-
-syntaxmap = dict()
-
-syntaxmap['2.5.5.1'] = '1.3.6.1.4.1.1466.115.121.1.12'
-syntaxmap['2.5.5.2'] = '1.3.6.1.4.1.1466.115.121.1.38'
-syntaxmap['2.5.5.3'] = '1.2.840.113556.1.4.1362'
-syntaxmap['2.5.5.4'] = '1.2.840.113556.1.4.905'
-syntaxmap['2.5.5.5'] = '1.3.6.1.4.1.1466.115.121.1.26'
-syntaxmap['2.5.5.6'] = '1.3.6.1.4.1.1466.115.121.1.36'
-syntaxmap['2.5.5.7'] = '1.2.840.113556.1.4.903'
-syntaxmap['2.5.5.8'] = '1.3.6.1.4.1.1466.115.121.1.7'
-syntaxmap['2.5.5.9'] = '1.3.6.1.4.1.1466.115.121.1.27'
-syntaxmap['2.5.5.10'] = '1.3.6.1.4.1.1466.115.121.1.40'
-syntaxmap['2.5.5.11'] = '1.3.6.1.4.1.1466.115.121.1.24'
-syntaxmap['2.5.5.12'] = '1.3.6.1.4.1.1466.115.121.1.15'
-syntaxmap['2.5.5.13'] = '1.3.6.1.4.1.1466.115.121.1.43'
-syntaxmap['2.5.5.14'] = '1.2.840.113556.1.4.904'
-syntaxmap['2.5.5.15'] = '1.2.840.113556.1.4.907'
-syntaxmap['2.5.5.16'] = '1.2.840.113556.1.4.906'
-syntaxmap['2.5.5.17'] = '1.3.6.1.4.1.1466.115.121.1.40'
-
-
-def map_attribute_syntax(s):
- """map some attribute syntaxes from some apparently MS specific
- syntaxes to the standard syntaxes"""
- if s in list(syntaxmap):
- return syntaxmap[s]
- return s
-
-
-def fix_dn(dn):
- """fix a string DN to use ${SCHEMADN}"""
- return dn.replace(rootDse["schemaNamingContext"][0], "${SCHEMADN}")
-
-
-def write_ldif_one(o, attrs):
- """dump an object as ldif"""
- print("dn: CN=%s,${SCHEMADN}" % o["cn"])
- for a in attrs:
- if not o.has_key(a):
- continue
- # special case for oMObjectClass, which is a binary object
- v = o[a]
- for j in v:
- value = fix_dn(j)
- if a == "oMObjectClass":
- print("%s:: %s" % (a, base64.b64encode(value).decode('utf8')))
- elif a.endswith("GUID"):
- print("%s: %s" % (a, ldb.schema_format_value(a, value)))
- else:
- print("%s: %s" % (a, value))
- print()
-
-
-def write_ldif(o, attrs):
- """dump an array of objects as ldif"""
- for n, i in o.items():
- write_ldif_one(i, attrs)
-
-
-def create_testdn(exampleDN):
- """create a testDN based an an example DN
- the idea is to ensure we obey any structural rules"""
- a = exampleDN.split(",")
- a[0] = "CN=TestDN"
- return ",".join(a)
-
-
-def find_objectclass_properties(ldb, o):
- """the properties of an objectclass"""
- res = ldb.search(
- expression="(ldapDisplayName=%s)" % o.name,
- base=rootDse["schemaNamingContext"][0], scope=SCOPE_SUBTREE,
attrs=class_attrs)
- assert(len(res) == 1)
- msg = res[0]
- for a in msg:
- o[a] = msg[a]
-
-def find_attribute_properties(ldb, o):
- """find the properties of an attribute"""
- res = ldb.search(
- expression="(ldapDisplayName=%s)" % o.name,
- base=rootDse["schemaNamingContext"][0], scope=SCOPE_SUBTREE,
- attrs=attrib_attrs)
- assert(len(res) == 1)
- msg = res[0]
- for a in msg:
- o[a] = msg[a]
-
-
-def find_objectclass_auto(ldb, o):
--
Samba Shared Repository
