Christof Schmitt [Tue, 11 Jun 2019 23:15:10 +0000 (16:15 -0700)]
nfs4_acls: Remove fsp from smbacl4_win2nfs4
Only the information whether the ACL is for a file or a directory is
required. Replacing the fsp with a flag is clearer and allows for unit
testing of the mapping functions.
That patch broke the case with ID_TYPE_BOTH where a file is owned by a
group (e.g. using autorid and having a file owned by
BUILTIN\Administrators). In this case, the ACE entry for the group gets
mapped a to a user ACL entry and the group no longer has access (as in
the user's token the group is not mapped to a uid).
Douglas Bagnall [Wed, 10 Jul 2019 04:24:46 +0000 (16:24 +1200)]
dcerpc: use anon creds for unknown transport
Otherwise we get a segfault when the NULL creds are dereferenced in cli_credentials_is_anonymous()
$ python3 -c"from samba.dcerpc.dnsserver import dnsserver; d = dnsserver('addc')"
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Autobuild-User(master): Andrew Bartlett <abartlet@samba.org>
Autobuild-Date(master): Mon Jul 22 23:37:57 UTC 2019 on sn-devel-184
Douglas Bagnall [Tue, 9 Jul 2019 10:52:33 +0000 (22:52 +1200)]
s4/auth/py: avoid null deref with bad python arguments
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 9 Jul 2019 10:52:19 +0000 (22:52 +1200)]
s4/gensec/py: avoid null deref with bad python arguments
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 9 Jul 2019 10:51:38 +0000 (22:51 +1200)]
s3/smbd/py: avoid null deref with bad python arguments
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 9 Jul 2019 10:51:18 +0000 (22:51 +1200)]
s3/libsmb/py: avoid null deref with bad python arguments
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sun, 7 Jul 2019 05:23:23 +0000 (17:23 +1200)]
s4/auth/pygensec: don't segfault when reporting bad types
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 9 Jul 2019 11:07:18 +0000 (23:07 +1200)]
auth/pycreds/encrypt_netr_crypt_password: don't pretend arg is optional
The "|O" signature is saying the password argument is optional, which
makes no sense in terms of the funxtion and immediately leads to a
TypeError (or until last commit, segfault). Removing the "|" leaves it
with a TypeError, but it is better worded and faster.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Non-talloc objects were treated as talloc objects, to no good effect
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sun, 7 Jul 2019 00:14:50 +0000 (12:14 +1200)]
pysecurity: use unsigned int, not int to approximate uint32_t
the "I" flag for unsigned int has been available since Python 2.3
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sat, 6 Jul 2019 07:09:57 +0000 (19:09 +1200)]
pycredentials.h: use import to ensure python type correctness
Because we include pyrpc_util.h, pycredentials doesn't need its own
PyStringFromStringOrNull().
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Sat, 6 Jul 2019 07:07:11 +0000 (19:07 +1200)]
auth/pycredentials: always check self is a Credentials object
This prevents a segfault with
credentials.Credentials.guess(x)
where x is not a Credentials object.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Fri, 5 Jul 2019 11:01:39 +0000 (23:01 +1200)]
s4/rpc/py_security: don't deref NULL for invalid values
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 4 Jul 2019 10:21:36 +0000 (22:21 +1200)]
s4/py_dsdb: avoid NULL deref in set_domain_sid()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 9 Jul 2019 09:45:03 +0000 (09:45 +0000)]
libcli/pysecurity: use pytalloc_get_name to avoid NULL deref
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Andrew Bartlett [Mon, 22 Jul 2019 01:42:37 +0000 (13:42 +1200)]
talloc: Release talloc 2.3.0
* add pytalloc_get_name() to safely access te talloc name in Python bindings
* Use a new minor version to allow talloc updates in the 4.11 release stream
Signed-off-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz
Douglas Bagnall [Sun, 7 Jul 2019 00:34:37 +0000 (12:34 +1200)]
talloc/py_util: remove tautologically dead code
Being careful is good and all, but if we don't trust the
static PyTypeObject *type = NULL;
two lines up, we need to reconsider our entire software universe.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
If the python object is not a talloc object, we will end up
with a NULL pointer. We weren't checking for that properly
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Tue, 9 Jul 2019 08:59:19 +0000 (08:59 +0000)]
talloc: add pytalloc_get_name() helper
In several places we go
talloc_get_name(pytalloc_get_ptr(py_obj))
which is a certain NULL derefernce if py_obj is not a talloc object.
This is a helper function that chooses to say "non-talloc object"
rather than crash.
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 4 Jul 2019 21:37:13 +0000 (09:37 +1200)]
tests/py-segfault: add messaging.deregister()
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Douglas Bagnall [Thu, 4 Jul 2019 10:19:55 +0000 (22:19 +1200)]
py segfault test: registry.open_hive
Signed-off-by: Douglas Bagnall <douglas.bagnall@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org>
Samuel Cabrero [Tue, 26 Feb 2019 12:38:40 +0000 (13:38 +0100)]
s3:rpc_server: Call server exit routines in sigterm handler
Signed-off-by: Samuel Cabrero <scabrero@suse.de> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Autobuild-User(master): Stefan Metzmacher <metze@samba.org>
Autobuild-Date(master): Mon Jul 22 18:04:53 UTC 2019 on sn-devel-184
Samuel Cabrero [Thu, 14 Feb 2019 13:22:49 +0000 (14:22 +0100)]
s3:rpc_server: Check pointer before dereference
The debug message dereference the pointer, but as close_policy_by_pipe
is called from pipes_struct destructor it may be not initialized yet if
an error occur in the initialization code.
Signed-off-by: Samuel Cabrero <scabrero@suse.de> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Samuel Cabrero [Mon, 18 Feb 2019 19:28:05 +0000 (20:28 +0100)]
s3:rpc_server: Unify RPC client disconnect and termination functions
These functions are used by endpoint mapper to delete the endpoints
when a NCALRPC connection from an external daemon is lost and by
preforked childs to accept the next client as soon as the current
connection terminates. We can use the same function for both purposes.
Signed-off-by: Samuel Cabrero <scabrero@suse.de> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Samuel Cabrero [Mon, 28 Jan 2019 09:57:53 +0000 (10:57 +0100)]
s3:prefork: Allow to associate private data with listening socket
Prepare for merger RPC server codebase, where it will be necessary to
stablish an association between the listening socket and the
dcesrv_endpoint that the socket is serving.
Signed-off-by: Samuel Cabrero <scabrero@suse.de> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Samuel Cabrero [Mon, 18 Feb 2019 18:24:54 +0000 (19:24 +0100)]
s3:rpc_server: Split dcerpc_ncacn_accept to deal with tstream_npa
In preparation to remove the named_pipe_client struct split the function
if two parts and build the tstream context as soon as possible, as it
will take care of closing the socket when the tstream_context is freed.
Signed-off-by: Samuel Cabrero <scabrero@suse.de> Reviewed-by: Andreas Schneider <asn@samba.org> Reviewed-by: Stefan Metzmacher <metze@samba.org>
Samuel Cabrero [Mon, 18 Feb 2019 17:48:57 +0000 (18:48 +0100)]
s3:rpc_server: Add termination function and data to dcerpc_ncacn_conn
In preparation to remove the named_pipe_client structure, this function
will be called from ncacn_conn destructor passing the private data pointer
as argument. It is mainly used by preforked childs in "process model" to
attend the next client as soon as the previous client ends the connection.
Signed-off-by: Samuel Cabrero <scabrero@suse.de> Reviewed-by: Andreas Schneider <asn@samba.org>
Samuel Cabrero [Mon, 18 Feb 2019 17:25:48 +0000 (18:25 +0100)]
s3:rpc_server: Move dcerpc_ncanc_conn to header file
Next commits will remove named_pipe_client and dcerpc_ncacn_connection
will be used in its place. It has to be moved to a header file as it
will be used by functions in rpc_server.c and rpc_ncacn_np.c.
Signed-off-by: Samuel Cabrero <scabrero@suse.de> Reviewed-by: Andreas Schneider <asn@samba.org>
[MS-GPSB] 2.2 Message Syntax says that you have to write a BOM which I
didn't do up until this patch. UTF-16 as input encoding was marked much
higher up in the inheritance tree, which got overriden with the Python 3
fixes. I've now marked the encoding much more obviously for this file.
Signed-off-by: Garming Sam <garming@catalyst.net.nz> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Fri Jul 19 02:20:47 UTC 2019 on sn-devel-184
lib:util: Use GnuTLS random number generator in genrand.c
FIPS requires that a random number generator from a certified crypto
library is used.
Signed-off-by: Andreas Schneider <asn@samba.org> Reviewed-by: Jeremy Allison <jra@samba.org>
Autobuild-User(master): Jeremy Allison <jra@samba.org>
Autobuild-Date(master): Thu Jul 18 01:30:20 UTC 2019 on sn-devel-184
Volker Lendecke [Wed, 1 May 2019 13:34:22 +0000 (15:34 +0200)]
lib: Optimize file_compare
Triggered by two coverity false positives. Loading both files into
talloc'ed memory seems inefficient to me. Rely on stdio to do proper
buffering. This removes the restriction from ae95d611: "It is meant for
small files".
This is more lines, but to me it has less implicit complexity.
Signed-off-by: Volker Lendecke <vl@samba.org> Reviewed-by: Uri Simchoni <uri@samba.org>
Autobuild-User(master): Uri Simchoni <uri@samba.org>
Autobuild-Date(master): Wed Jul 17 12:45:51 UTC 2019 on sn-devel-184
Signed-off-by: Aaron Haslett <aaronhaslett@catalyst.net.nz> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Reviewed-by: Garming Sam <garming@catalyst.net.nz>
Autobuild-User(master): Garming Sam <garming@samba.org>
Autobuild-Date(master): Wed Jul 17 06:17:10 UTC 2019 on sn-devel-184
Noel Power [Wed, 10 Jul 2019 11:50:18 +0000 (11:50 +0000)]
s3/lib/smbconf: clang: 'Value stored during its initialization is never read'
Fixes:
source3/lib/smbconf/smbconf_reg.c:123:9: warning: Value stored to 'werr' during its initialization is never read <--[clang]
WERROR werr = WERR_OK;
^~~~ ~~~~~~~
source3/lib/smbconf/smbconf_reg.c:178:9: warning: Value stored to 'werr' during its initialization is never read <--[clang]
WERROR werr = WERR_OK;
^~~~ ~~~~~~~
source3/lib/smbconf/smbconf_reg.c:444:9: warning: Value stored to 'werr' during its initialization is never read <--[clang]
WERROR werr = WERR_OK;
^~~~ ~~~~~~~
source3/lib/smbconf/smbconf_reg.c:583:9: warning: Value stored to 'werr' during its initialization is never read <--[clang]
WERROR werr = WERR_OK;
^~~~ ~~~~~~~
source3/lib/smbconf/smbconf_reg.c:712:9: warning: Value stored to 'werr' during its initialization is never read <--[clang]
WERROR werr = WERR_OK;
^~~~ ~~~~~~~
source3/lib/smbconf/smbconf_reg.c:995:9: warning: Value stored to 'werr' during its initialization is never read <--[clang]
WERROR werr = WERR_OK;
^~~~ ~~~~~~~
source3/lib/smbconf/smbconf_reg.c:1103:9: warning: Value stored to 'werr' during its initialization is never read <--[clang]
WERROR werr = WERR_OK;
^~~~ ~~~~~~~
7 warnings generated.
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Autobuild-User(master): Gary Lockyer <gary@samba.org>
Autobuild-Date(master): Wed Jul 17 00:07:48 UTC 2019 on sn-devel-184
Noel Power [Wed, 10 Jul 2019 11:35:35 +0000 (11:35 +0000)]
s3/registry: clang: Fix 'initialization value is never read'
Fixes:
source3/registry/reg_backend_db.c:853:9: warning: Value stored to 'result' during its initialization is never read <--[clang]
WERROR result = WERR_OK;
^~~~~~ ~~~~~~~
source3/registry/reg_backend_db.c:1677:2: warning: Value stored to 'len' is never read <--[clang]
len = 0;
^ ~
2 warnings generated.
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Noel Power [Wed, 10 Jul 2019 11:26:06 +0000 (11:26 +0000)]
s3/registry: clang: Fix 'initialization value is never read'
Fixes:
source3/registry/reg_api.c:139:14: warning: Value stored to 'result' during its initialization is never read <--[clang]
WERROR result = WERR_OK;
^~~~~~ ~~~~~~~
ource3/registry/reg_api.c:958:9: warning: Value stored to 'werr' during its initialization is never read <--[clang]
WERROR werr = WERR_OK;
^~~~ ~~~~~~~
2 warnings generated.
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Noel Power [Wed, 10 Jul 2019 10:46:44 +0000 (10:46 +0000)]
libcli/smb: clang: Fix ' 2nd function call argument is an uninitialized value'
Fixes:
/home/samba/samba/libcli/smb/smbXcli_base.c:5120:8: warning: 2nd function call argument is an uninitialized value <--[clang]
rc = gnutls_hash(hash_hnd,
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Noel Power [Thu, 11 Jul 2019 12:00:27 +0000 (12:00 +0000)]
s4/libcli/raw: Fix 'Value stored to 'p' is never read'
Fixes:
source4/libcli/raw/clitree.c:138:3: warning: Value stored to 'p' is never read <--[clang]
p += smbcli_req_pull_string(&req->in.bufinfo, mem_ctx, &parms->tconx.out.fs_type,
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Noel Power [Thu, 11 Jul 2019 11:36:46 +0000 (11:36 +0000)]
s3/param: clang: Fix 'Value stored to 'bRetval' is never read'
Fixes:
source3/param/loadparm.c:2770:2: warning: Value stored to 'bRetval' is never read <--[clang]
bRetval = false;
^ ~~~~~
source3/param/loadparm.c:3868:2: warning: Value stored to 'bRetval' is never read <--[clang]
bRetval = false;
^ ~~~~~
2 warnings generated.
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Noel Power [Thu, 11 Jul 2019 11:33:18 +0000 (11:33 +0000)]
s4/libcli/raw: clang: Fix 'initialization value is never read'
Fixes:
source4/libcli/raw/rawnegotiate.c:157:11: warning: Value stored to 'status' during its initialization is never read <--[clang]
NTSTATUS status = NT_STATUS_INTERNAL_ERROR;
^~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Noel Power [Thu, 11 Jul 2019 11:31:03 +0000 (11:31 +0000)]
s4/libcli: clang: Fix 'initialization value is never read'
Fixes:
source4/libcli/smb_composite/fetchfile.c:91:11: warning: Value stored to 'status' during its initialization is never read <--[clang]
NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
^~~~~~ ~~~~~~~~~~~~~~~~~~~~~~
1 warning generated.
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
Noel Power [Wed, 10 Jul 2019 15:34:56 +0000 (16:34 +0100)]
libcls/netlogon: clang: Fix 'initialization value is never read'
Fixes:
libcli/netlogon/netlogon.c:183:11: warning: Value stored to 'status' during its initialization is never read <--[clang]
NTSTATUS status = NT_STATUS_INVALID_NETWORK_RESPONSE;
^~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
libcli/netlogon/netlogon.c:224:11: warning: Value stored to 'status' during its initialization is never read <--[clang]
NTSTATUS status = NT_STATUS_INVALID_NETWORK_RESPONSE;
^~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2 warnings generated.
Note: although use of default seems unecessary but gcc
(with --picky-developer) detects the possibiliy still that status
may be undefined (presumably by a non enum value leaking
into the switch)
Signed-off-by: Noel Power <noel.power@suse.com> Reviewed-by: Gary Lockyer <gary@catalyst.net.nz>
projects / thirdparty / samba.git / log
