[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via a52c7f4 torture3: Add test for smbd crash
via cf9acf9 smbd: Do an early exit on negprot failure
from 1e0c79d s3: smbd: Restart reading the incoming SMB2 fd when the
send queue is drained.
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit a52c7f4d52df6853f925e680eadefcdfdc7bea85
Author: Volker Lendecke
Date: Tue Feb 28 16:17:03 2017 +0100
torture3: Add test for smbd crash
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12610
Signed-off-by: Volker Lendecke
Reviewed-by: Ralph Böhme
Reviewed-by: Jeremy Allison
Autobuild-User(master): Jeremy Allison
Autobuild-Date(master): Fri Mar 3 06:20:50 CET 2017 on sn-devel-144
commit cf9acf9a3da932fca115967eb3d9d9ed48fcbbfc
Author: Volker Lendecke
Date: Tue Feb 28 15:03:45 2017 +
smbd: Do an early exit on negprot failure
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12610
Signed-off-by: Volker Lendecke
Reviewed-by: Ralph Böhme
Reviewed-by: Jeremy Allison
---
Summary of changes:
source3/smbd/negprot.c| 21 +
source3/torture/torture.c | 76 +++
2 files changed, 91 insertions(+), 6 deletions(-)
Changeset truncated at 500 lines:
diff --git a/source3/smbd/negprot.c b/source3/smbd/negprot.c
index cdde334..838ff45 100644
--- a/source3/smbd/negprot.c
+++ b/source3/smbd/negprot.c
@@ -723,17 +723,26 @@ void reply_negprot(struct smb_request *req)
break;
}
- if(choice != -1) {
- fstrcpy(remote_proto,supported_protocols[protocol].short_name);
- reload_services(sconn, conn_snum_used, true);
- supported_protocols[protocol].proto_reply_fn(req, choice);
- DEBUG(3,("Selected protocol
%s\n",supported_protocols[protocol].proto_name));
- } else {
+ if (choice == -1) {
+ bool ok;
+
DBG_NOTICE("No protocol supported !\n");
reply_outbuf(req, 1, 0);
SSVAL(req->outbuf, smb_vwv0, choice);
+
+ ok = srv_send_smb(xconn, (char *)req->outbuf,
+ false, 0, false, NULL);
+ if (!ok) {
+ DBG_NOTICE("srv_send_smb failed\n");
+ }
+ exit_server_cleanly("no protocol supported\n");
}
+ fstrcpy(remote_proto,supported_protocols[protocol].short_name);
+ reload_services(sconn, conn_snum_used, true);
+ supported_protocols[protocol].proto_reply_fn(req, choice);
+ DEBUG(3,("Selected protocol
%s\n",supported_protocols[protocol].proto_name));
+
DEBUG( 5, ( "negprot index=%d\n", choice ) );
/* We always have xconn->smb1.signing_state also for >= SMB2_02 */
diff --git a/source3/torture/torture.c b/source3/torture/torture.c
index 3062122..2c10ae8 100644
--- a/source3/torture/torture.c
+++ b/source3/torture/torture.c
@@ -11163,6 +11163,81 @@ static bool run_local_canonicalize_path(int dummy)
return true;
}
+static bool run_ign_bad_negprot(int dummy)
+{
+ struct tevent_context *ev;
+ struct tevent_req *req;
+ struct smbXcli_conn *conn;
+ struct sockaddr_storage ss;
+ NTSTATUS status;
+ int fd;
+ bool ok;
+
+ printf("starting ignore bad negprot\n");
+
+ ok = resolve_name(host, &ss, 0x20, true);
+ if (!ok) {
+ d_fprintf(stderr, "Could not resolve name %s\n", host);
+ return false;
+ }
+
+ status = open_socket_out(&ss, 445, 1, &fd);
+ if (!NT_STATUS_IS_OK(status)) {
+ d_fprintf(stderr, "open_socket_out failed: %s\n",
+ nt_errstr(status));
+ return false;
+ }
+
+ conn = smbXcli_conn_create(talloc_tos(), fd, host, SMB_SIGNING_OFF, 0,
+ NULL, 0);
+ if (conn == NULL) {
+ d_fprintf(stderr, "smbXcli_conn_create failed\n");
+ return false;
+ }
+
+ status = smbXcli_negprot(conn, 0, PROTOCOL_CORE, PROTOCOL_CORE);
+ if (NT_STATUS_IS_OK(status)) {
+ d_fprintf(stderr, "smbXcli_negprot succeeded!\n");
+ return false;
+ }
+
+ ev = samba_tevent_context_init(talloc_tos());
+ if (ev == NULL) {
+ d_fprintf(stderr, "samba_tevent_context_init failed\n");
+ return false;
+ }
+
+ req = smb1cli_session_setup_nt1_send(
+ ev, ev, conn, 0, getpid(), NULL, 65503, 2, 1, 0, "", "",
+ data_blob_null, data_blob_null, 0x40,
+ "Windows 2000 2195", "Windows 2000 5.0");
+ if (req == NULL) {
+ d_fprintf(stderr, "smb1cli_session_setup_nt1_send failed\n");
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated via 1e0c79d s3: smbd: Restart reading the incoming SMB2 fd when the send queue is drained. via 07af777 selftest: remove "ea support" from vfs_fruit-related setups. via cbab5c6 vfs_fruit: drop "ea support" from the manpage via 5ef7bd3 testparm: remove check for "ea support" in fruit shares via 4bfd27b smbd: remove coupling between get_ea_names_from_file() and "ea support" via fb95985 smbd: get_ea_list_from_file_path() - remove a duplicate statement via abd8450 smbd: refuse_symlink() - do not fail if the file does not exist from f9aaddc s3:winbindd: fix endless forest trust scan https://git.samba.org/?p=samba.git;a=shortlog;h=master - Log - commit 1e0c79ddb34be9a2b9fa92d35387c443c4a381ae Author: Jeremy Allison Date: Thu Mar 2 09:13:23 2017 -0800 s3: smbd: Restart reading the incoming SMB2 fd when the send queue is drained. When the send queue grows greater than xconn->smb2.credits.max/16, smbd_smb2_request_next_incoming() doesn't allocate a new request in state->req. After smbd_smb2_io_handler() is called, it marks the fd not readable as state->req == NULL, and never marks it readable again. Fix by calling smbd_smb2_request_next_incoming() to restart reads inside smbd_smb2_flush_send_queue() which drains the send queue. Reported by BUG: https://bugzilla.samba.org/show_bug.cgi?id=12608 Signed-off-by: Jeremy Allison Reviewed-by: Ralph Boehme Autobuild-User(master): Ralph Böhme Autobuild-Date(master): Fri Mar 3 02:23:20 CET 2017 on sn-devel-144 commit 07af7774f3bd3574be0632284a6ea220b5fb3c76 Author: Uri Simchoni Date: Thu Mar 2 13:02:25 2017 +0200 selftest: remove "ea support" from vfs_fruit-related setups. Signed-off-by: Uri Simchoni Reviewed-by: Ralph Boehme commit cbab5c64966cafbfdc6dfe539b3d1c7ba21a4aae Author: Uri Simchoni Date: Thu Mar 2 12:59:16 2017 +0200 vfs_fruit: drop "ea support" from the manpage Now that ea support is not required, drop that comment from the man page. Signed-off-by: Uri Simchoni Reviewed-by: Ralph Boehme commit 5ef7bd3b5b078702a9ef8ad92768c2d11b3214f5 Author: Uri Simchoni Date: Thu Mar 2 12:56:25 2017 +0200 testparm: remove check for "ea support" in fruit shares Now that ea support is not required for vfs_fruit, drop the check that it's enabled in shares using vfs_fruit. Signed-off-by: Uri Simchoni Reviewed-by: Ralph Boehme commit 4bfd27b077f0932c82cfe702bd4ba6628f75a526 Author: Uri Simchoni Date: Thu Mar 2 08:39:56 2017 +0200 smbd: remove coupling between get_ea_names_from_file() and "ea support" The "ea support" configuration variable determines whether smbd should attempt to manipulate extended attributes via SMB protocol. It does not pertain to the underlying storage and its support for extended attributes. get_ea_names_from_file() is being used also by vfs_streams_xattr - a module which has nothing to do with client-visible extended attributes. As such, vfs_streams_xattr should be able to operate irrespective of the value of "ea support". This patch moves the check for ea support to the callers. Signed-off-by: Uri Simchoni Reviewed-by: Ralph Boehme commit fb95985a0325c660dd964b4132e292b9230ee097 Author: Uri Simchoni Date: Thu Mar 2 08:49:54 2017 +0200 smbd: get_ea_list_from_file_path() - remove a duplicate statement Signed-off-by: Uri Simchoni Reviewed-by: Ralph Boehme commit abd845082e4d377231129339d713e1b62a88a8a7 Author: Uri Simchoni Date: Thu Mar 2 08:46:44 2017 +0200 smbd: refuse_symlink() - do not fail if the file does not exist If the file does not exist, it is not a symlink. Current callers use this function to see if extended attributes can be set / fetched. Allow them to try and leave the error code at the discretion of the VFS. Signed-off-by: Uri Simchoni Reviewed-by: Ralph Boehme --- Summary of changes: docs-xml/manpages/vfs_fruit.8.xml | 3 --- selftest/target/Samba3.pm | 5 - source3/smbd/nttrans.c| 30 ++ source3/smbd/smb2_server.c| 14 +- source3/smbd/trans2.c | 14 -- source3/utils/testparm.c | 6 -- 6 files changed, 39 insertions(+), 33 deletions(-) Changeset truncated at 500 lines: diff --git a/docs-xml/manpages/vfs_fruit.8.xml b/docs-xml/manpages/vfs_fruit.8.xml index d209a22..fbe30d3 100644 --- a/docs-xml/manpages/vfs_fruit.8.xml +++ b/docs-xml/manpages/vfs_fruit.8.xml @@ -45,8 +45,6 @@ vfs_streams_xattr which must be loaded together with vfs_fruit. -
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via f9aaddc s3:winbindd: fix endless forest trust scan
from ed42d6e s3:librpc: Handle gss_min in gse_get_client_auth_token()
correctly
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit f9aaddcdd8f9ea648c9c5ea804f56ee3ff6c4c67
Author: Stefan Metzmacher
Date: Thu Mar 2 08:13:57 2017 +0100
s3:winbindd: fix endless forest trust scan
Commit 0392ebcd1d48e9f472f2148b85316a77d9cc953b effectively
disabled the enumeration of trusts in other forests.
The fixes for https://bugzilla.samba.org/show_bug.cgi?id=11691
changed the way we fill domain->domain_flags for domains
in other forests.
Commit fffefe72fcc62d9688b45f53a5327667dc0b2fe6 readded the
ability to enumerate trusts of other forests again, in order to
fix https://bugzilla.samba.org/show_bug.cgi?id=11830
Now we have the problem that multiple domains
(even outside of our forest) are considert to be
our forest root, as they have the following flags:
NETR_TRUST_FLAG_TREEROOT and NETR_TRUST_FLAG_IN_FOREST.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12605
Signed-off-by: Stefan Metzmacher
Reviewed-by: Ralph Boehme
Autobuild-User(master): Ralph Böhme
Autobuild-Date(master): Thu Mar 2 17:53:14 CET 2017 on sn-devel-144
---
Summary of changes:
source3/winbindd/winbindd_ads.c | 8
source3/winbindd/winbindd_util.c | 22 ++
2 files changed, 30 insertions(+)
Changeset truncated at 500 lines:
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index 05ef2ec..cde9099 100644
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -1133,6 +1133,14 @@ static NTSTATUS trusted_domains(struct winbindd_domain
*domain,
}
TALLOC_FREE(parent);
+ /*
+* We need to pass the modified properties
+* to the caller.
+*/
+ trust->trust_flags = d.domain_flags;
+ trust->trust_type = d.domain_type;
+ trust->trust_attributes = d.domain_trust_attribs;
+
wcache_tdc_add_domain( &d );
ret_count++;
}
diff --git a/source3/winbindd/winbindd_util.c b/source3/winbindd/winbindd_util.c
index ffcb09d..ab6862d 100644
--- a/source3/winbindd/winbindd_util.c
+++ b/source3/winbindd/winbindd_util.c
@@ -342,6 +342,20 @@ static void trustdom_list_done(struct tevent_req *req)
char *p;
struct winbindd_tdc_domain trust_params = {0};
ptrdiff_t extra_len;
+ bool within_forest = false;
+
+ /*
+* Only when we enumerate our primary domain
+* or our forest root domain, we should keep
+* the NETR_TRUST_FLAG_IN_FOREST flag, in
+* all other cases we need to clear it as the domain
+* is not part of our forest.
+*/
+ if (state->domain->primary) {
+ within_forest = true;
+ } else if (domain_is_forest_root(state->domain)) {
+ within_forest = true;
+ }
res = wb_domain_request_recv(req, state, &response, &err);
if ((res == -1) || (response->result != WINBINDD_OK)) {
@@ -427,6 +441,14 @@ static void trustdom_list_done(struct tevent_req *req)
trust_params.trust_attribs = (uint32_t)strtoul(q, NULL, 10);
+ if (!within_forest) {
+ trust_params.trust_flags &= ~NETR_TRUST_FLAG_IN_FOREST;
+ }
+
+ if (!state->domain->primary) {
+ trust_params.trust_flags &= ~NETR_TRUST_FLAG_PRIMARY;
+ }
+
/*
* We always call add_trusted_domain() cause on an existing
* domain structure, it will update the SID if necessary.
--
Samba Shared Repository
autobuild[sn-devel-144]: intermittent test failure detected
The autobuild test system (on sn-devel-144) has detected an intermittent failing test in the current master tree. The autobuild log of the failure is available here: http://git.samba.org/autobuild.flakey.sn-devel-144/2017-03-02-1507/flakey.log The samba build logs are available here: http://git.samba.org/autobuild.flakey.sn-devel-144/2017-03-02-1507/samba.stderr http://git.samba.org/autobuild.flakey.sn-devel-144/2017-03-02-1507/samba.stdout The top commit at the time of the failure was: commit 70923b7521786d59b76e651d566bbd61fea024cc Author: Douglas Bagnall Date: Fri Feb 24 11:58:33 2017 +1300 ndr: Use resizing array instead of linked lists (breaking ABI) The ndr token code keeps a temporary store of tokens which are referred to a small number of times (often once) before being discarded. The access patterns are somewhat stack-like, with recently placed tokens being accessed most often. The old code kept these tokens in a linked list, which we replace with a self-resizing array. This keeps everything roughly the same in big-O terms, but makes it all faster in practice by vastly reducing the amount of tallocing and pointer-chasing. The peak memory use is strictly reduced. On a 64 bit machine each core token struct fits in 16 bytes (after padding) while the two pointers used by the DLIST add another 16 bytes, so the overall list allocation is the same as the peak 2n array allocation -- except in the list case it is dwarfed by the talloc and malloc metadata overhead. Before settling on the resized arrays, we tried red-black trees, which are bound to be better for large ndr structures. As it happens, we don't deal with large structures (the size of replication clumps is limited to 400 objects) and the asymptotic benefits of the trees are not realised in practice. With luck you should find graphs comparing the performance of these various techniques at: https://www.samba.org/~dbagnall/perf-tests/ndr-token/ This necessarily breaks the ABI because the linked list implementation was publicly exposed. Signed-off-by: Douglas Bagnall Reviewed-by: Andrew Bartlett Autobuild-User(master): Andrew Bartlett Autobuild-Date(master): Thu Mar 2 08:38:22 CET 2017 on sn-devel-144
[SCM] Samba Shared Repository - branch v4-6-test updated
The branch, v4-6-test has been updated via 7a29fe4 s3:winbind: work around coverity false positive. via d4ac505 ctdb: Fix posible NULL deref in logging_init() via 002bfb9 s3:librpc: Fix OM_uint32 comparsion in if-clause via 7dddc61 s3:librpc: Make sure kt_curser and kt_entry are initialized via 3e5207d pam_winbind: Return if we do not have a domain via efeb8b3 s3:lib: Do not segfault if username is NULL via 17463ee s3:torture: Fix uint64_t comparsion in if-clause via f34ff6a s4:torture: Make sure handles are initialized via 33fdd9f ndrdump: Fix a possible NULL pointer dereference via c240402 s3-vfs: Do not deref a NULL pointer in shadow_copy2_snapshot_to_gmt() via c563d22 s4-kcc: Do not dereference a NULL pointer via 2281afd s4-torture: Use the correct variable type in torture_smb2_maxfid() from f50fa9f VERSION: Bump version up to 4.6.0rc5... https://git.samba.org/?p=samba.git;a=shortlog;h=v4-6-test - Log - commit 7a29fe42da4365e54cb46c6b82eb936c1412d6f4 Author: Jeremy Allison Date: Thu Feb 23 09:41:03 2017 -0800 s3:winbind: work around coverity false positive. Signed-off-by: Jeremy Allison Reviewed-by: Andreas Schneider Autobuild-User(master): Jeremy Allison Autobuild-Date(master): Thu Feb 23 23:54:48 CET 2017 on sn-devel-144 (cherry picked from commit 2e09407c5b992db0da5ca3a6d1f38341dc42d070) Autobuild-User(v4-6-test): Karolin Seeger Autobuild-Date(v4-6-test): Thu Mar 2 13:06:40 CET 2017 on sn-devel-144 commit d4ac5058958cfdadfce9d298d201a0dcb66cd611 Author: Andreas Schneider Date: Thu Feb 16 17:38:41 2017 +0100 ctdb: Fix posible NULL deref in logging_init() Found by covscan. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592 Signed-off-by: Andreas Schneider Reviewed-by: Jeremy Allison (cherry picked from commit 08e03fa7f5fdc7f988fbbb26929e8c5727f36c2e) commit 002bfb9ec4d0103c1e8d7e0e3c976d326983e8be Author: Andreas Schneider Date: Fri Feb 17 09:49:39 2017 +0100 s3:librpc: Fix OM_uint32 comparsion in if-clause Found by covscan. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592 Signed-off-by: Andreas Schneider Reviewed-by: Jeremy Allison (cherry picked from commit 8ac43e0e6ef9236a5c6d2c27ebe24171582c1d49) commit 7dddc614fab21bd54214cada5320f899a26bd960 Author: Andreas Schneider Date: Thu Feb 16 17:42:53 2017 +0100 s3:librpc: Make sure kt_curser and kt_entry are initialized Found by covscan. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592 Signed-off-by: Andreas Schneider Reviewed-by: Jeremy Allison (cherry picked from commit 2f83cfdb90d687673cfc4be14cd66425fb7f3e76) commit 3e5207d9f1cb07e13fd6ade7f51e22d25bfe6c86 Author: Andreas Schneider Date: Fri Feb 17 11:53:52 2017 +0100 pam_winbind: Return if we do not have a domain Found by covscan. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592 Signed-off-by: Andreas Schneider Reviewed-by: Jeremy Allison (cherry picked from commit 1df1d873c849f68a91d067c7049dda12c22e98c5) commit efeb8b3a272c1b5190283682a0e74e426b7ccefd Author: Andreas Schneider Date: Fri Feb 17 10:08:17 2017 +0100 s3:lib: Do not segfault if username is NULL Found by covscan. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592 Signed-off-by: Andreas Schneider Reviewed-by: Jeremy Allison (cherry picked from commit 9297ac44f7e0455bb74ee77ad8b68f2e8c4a070d) commit 17463ee527cf1245704a448765f4bd89564ce961 Author: Andreas Schneider Date: Fri Feb 17 09:45:33 2017 +0100 s3:torture: Fix uint64_t comparsion in if-clause Found by covscan. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592 Signed-off-by: Andreas Schneider Reviewed-by: Jeremy Allison (cherry picked from commit 13690569ee5893e3dbd96f2b28a41a35e3da42ff) commit f34ff6ae9ef97ce9338ce192cc16753bdbdc503d Author: Andreas Schneider Date: Thu Feb 16 17:52:41 2017 +0100 s4:torture: Make sure handles are initialized The CHECK_STATUS macro might goto done which checks the values of the handle so they should be initialized in this case. Found by covscan. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592 Signed-off-by: Andreas Schneider Reviewed-by: Jeremy Allison (cherry picked from commit 8a1b998acb3592ad67bb72db79965bae436748ec) commit 33fdd9f52a4045347c273a0ce8ba1d207e06772a Author: Andreas Schneider Date: Thu Feb 16 17:34:07 2017 +0100 ndrdump: Fix a possible NULL pointer dereference Found by covscan. BUG: https://bugzilla.samba.org/show_bug.cgi?id=12592 Signed-off-by: Andreas Schneider Reviewed-by: Jeremy Allison (cherry p
[SCM] Samba Shared Repository - branch master updated
The branch, master has been updated
via ed42d6e s3:librpc: Handle gss_min in gse_get_client_auth_token()
correctly
via 4194a67 gensec:spnego: Add debug message for the failed principal
from 70923b7 ndr: Use resizing array instead of linked lists (breaking
ABI)
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -
commit ed42d6e81f6c7cf4ed78b2bc9fcdf6c9d970ca55
Author: Andreas Schneider
Date: Mon Feb 27 17:18:15 2017 +0100
s3:librpc: Handle gss_min in gse_get_client_auth_token() correctly
This will make sure we correctly fall back to NTLMSSP.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12557
Pair-Programmed-With: Stefan Metzmacher
Signed-off-by: Andreas Schneider
Signed-off-by: Stefan Metzmacher
Autobuild-User(master): Andreas Schneider
Autobuild-Date(master): Thu Mar 2 12:41:40 CET 2017 on sn-devel-144
commit 4194a67c7efcb58ef2bb7efa1d1556d5fa0ce2e0
Author: Stefan Metzmacher
Date: Fri Jan 20 17:15:49 2017 +0100
gensec:spnego: Add debug message for the failed principal
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12557
Signed-off-by: Stefan Metzmacher
Reviewed-by: Andreas Schneider
---
Summary of changes:
auth/gensec/spnego.c| 58 +
source3/librpc/crypto/gse.c | 46 ++-
2 files changed, 93 insertions(+), 11 deletions(-)
Changeset truncated at 500 lines:
diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c
index 4787892..f063f7b 100644
--- a/auth/gensec/spnego.c
+++ b/auth/gensec/spnego.c
@@ -511,10 +511,34 @@ static NTSTATUS gensec_spnego_parse_negTokenInit(struct
gensec_security *gensec_
NT_STATUS_EQUAL(nt_status,
NT_STATUS_NO_LOGON_SERVERS) ||
NT_STATUS_EQUAL(nt_status,
NT_STATUS_TIME_DIFFERENCE_AT_DC) ||
NT_STATUS_EQUAL(nt_status,
NT_STATUS_CANT_ACCESS_DOMAIN_INFO)) {
- /* Pretend we never started it (lets
the first run find some incompatible demand) */
+ const char *next = NULL;
+ const char *principal = NULL;
+ int dbg_level = DBGLVL_WARNING;
+
+ if (all_sec[i+1].op != NULL) {
+ next = all_sec[i+1].op->name;
+ dbg_level = DBGLVL_NOTICE;
+ }
+
+ if (gensec_security->target.principal
!= NULL) {
+ principal =
gensec_security->target.principal;
+ } else if
(gensec_security->target.service != NULL &&
+
gensec_security->target.hostname != NULL)
+ {
+ principal =
talloc_asprintf(spnego_state->sub_sec_security,
+
"%s/%s",
+
gensec_security->target.service,
+
gensec_security->target.hostname);
+ } else {
+ principal =
gensec_security->target.hostname;
+ }
+
+ DEBUG(dbg_level, ("SPNEGO(%s) creating
NEG_TOKEN_INIT for %s failed (next[%s]): %s\n",
+
spnego_state->sub_sec_security->ops->name,
+ principal,
+ next,
nt_errstr(nt_status)));
- DEBUG(3, ("SPNEGO(%s) NEG_TOKEN_INIT
failed: %s\n",
-
spnego_state->sub_sec_security->ops->name, nt_errstr(nt_status)));
+ /* Pretend we never started it (lets
the first run find some incompatible demand) */
talloc_free(spnego_state->sub_sec_security);
spnego_state->sub_sec_security = NULL;
continue;
@@ -619,8 +643,32 @@ static NTSTATUS gensec_spnego_create_negTokenInit(struct
gensec_security *gensec
if (!NT_STATUS_EQUAL(nt_status,
NT_STATUS_MORE_PROCESSING_REQUIRED)
&& !NT_STATUS_IS_OK(nt_status)
[SCM] Socket Wrapper Repository - branch master updated
The branch, master has been updated
via 6e1a3b5 swrap: use proper blocks for early returns
via 1de39d8 swrap: Add support for openat()
from 68e1cbf Increase wait time during echo_server's pid-file check
https://git.samba.org/?p=socket_wrapper.git;a=shortlog;h=master
- Log -
commit 6e1a3b50fb344107f7cfbcef35a4cf10c1e12113
Author: Michael Adam
Date: Fri Sep 23 16:33:52 2016 +0200
swrap: use proper blocks for early returns
This is better to read and might reduce the
diff of later patches.
Signed-off-by: Michael Adam
Reviewed-by: Andreas Schneider
commit 1de39d82428fc6559ea5ea2d35187808020be9bf
Author: Andreas Schneider
Date: Thu Mar 2 09:56:29 2017 +0100
swrap: Add support for openat()
---
Summary of changes:
src/socket_wrapper.c | 132 ---
1 file changed, 115 insertions(+), 17 deletions(-)
Changeset truncated at 500 lines:
diff --git a/src/socket_wrapper.c b/src/socket_wrapper.c
index 3d468c3..1d94a89 100644
--- a/src/socket_wrapper.c
+++ b/src/socket_wrapper.c
@@ -438,6 +438,7 @@ typedef int (*__libc_getsockopt)(int sockfd,
typedef int (*__libc_ioctl)(int d, unsigned long int request, ...);
typedef int (*__libc_listen)(int sockfd, int backlog);
typedef int (*__libc_open)(const char *pathname, int flags, mode_t mode);
+typedef int (*__libc_openat)(int dirfd, const char *path, int flags, ...);
typedef int (*__libc_pipe)(int pipefd[2]);
typedef int (*__libc_read)(int fd, void *buf, size_t count);
typedef ssize_t (*__libc_readv)(int fd, const struct iovec *iov, int iovcnt);
@@ -501,6 +502,7 @@ struct swrap_libc_symbols {
SWRAP_SYMBOL_ENTRY(ioctl);
SWRAP_SYMBOL_ENTRY(listen);
SWRAP_SYMBOL_ENTRY(open);
+ SWRAP_SYMBOL_ENTRY(openat);
SWRAP_SYMBOL_ENTRY(pipe);
SWRAP_SYMBOL_ENTRY(read);
SWRAP_SYMBOL_ENTRY(readv);
@@ -876,6 +878,34 @@ static int libc_open(const char *pathname, int flags, ...)
return fd;
}
+static int libc_vopenat(int dirfd, const char *path, int flags, va_list ap)
+{
+ long int mode = 0;
+ int fd;
+
+ swrap_bind_symbol_libc(openat);
+
+ mode = va_arg(ap, long int);
+
+ fd = swrap.libc.symbols._libc_openat.f(dirfd, path, flags,
(mode_t)mode);
+
+ return fd;
+}
+
+#if 0
+static int libc_openat(int dirfd, const char *path, int flags, ...)
+{
+ va_list ap;
+ int fd;
+
+ va_start(ap, flags);
+ fd = libc_vopenat(dirfd, path, flags, ap);
+ va_end(ap);
+
+ return fd;
+}
+#endif
+
static int libc_pipe(int pipefd[2])
{
swrap_bind_symbol_libsocket(pipe);
@@ -2279,7 +2309,9 @@ static int swrap_pcap_get_fd(const char *fname)
{
static int fd = -1;
- if (fd != -1) return fd;
+ if (fd != -1) {
+ return fd;
+ }
fd = libc_open(fname, O_WRONLY|O_CREAT|O_EXCL|O_APPEND, 0644);
if (fd != -1) {
@@ -2332,7 +2364,9 @@ static uint8_t *swrap_pcap_marshall_packet(struct
socket_info *si,
switch (type) {
case SWRAP_CONNECT_SEND:
- if (si->type != SOCK_STREAM) return NULL;
+ if (si->type != SOCK_STREAM) {
+ return NULL;
+ }
src_addr = &si->myname.sa.s;
dest_addr = addr;
@@ -2346,7 +2380,9 @@ static uint8_t *swrap_pcap_marshall_packet(struct
socket_info *si,
break;
case SWRAP_CONNECT_RECV:
- if (si->type != SOCK_STREAM) return NULL;
+ if (si->type != SOCK_STREAM) {
+ return NULL;
+ }
dest_addr = &si->myname.sa.s;
src_addr = addr;
@@ -2360,7 +2396,9 @@ static uint8_t *swrap_pcap_marshall_packet(struct
socket_info *si,
break;
case SWRAP_CONNECT_UNREACH:
- if (si->type != SOCK_STREAM) return NULL;
+ if (si->type != SOCK_STREAM) {
+ return NULL;
+ }
dest_addr = &si->myname.sa.s;
src_addr = addr;
@@ -2374,7 +2412,9 @@ static uint8_t *swrap_pcap_marshall_packet(struct
socket_info *si,
break;
case SWRAP_CONNECT_ACK:
- if (si->type != SOCK_STREAM) return NULL;
+ if (si->type != SOCK_STREAM) {
+ return NULL;
+ }
src_addr = &si->myname.sa.s;
dest_addr = addr;
@@ -2386,7 +2426,9 @@ static uint8_t *swrap_pcap_marshall_packet(struct
socket_info *si,
break;
case SWRAP_ACCEPT_SEND:
- if (si->type != SOCK_STREAM) return NULL;
+ if (si->type != SOCK_STREAM) {
+ return NULL;
+ }
dest_addr = &si-
