[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Tue Jun 23 17:03:07 MDT 2015
The branch, master has been updated
via a924399 dsdb: Fix CID 1034902 Dereference before null check
via 8253549 dsdb: Fix CID 1034687 Logically dead code
via 7613174 dsdb: Fix CID 1034719 Evaluation order violation
via d09d428 dsdb: Fix CID 1034802 Dereference null return value
via 22d4d91 dsdb: Fix CID 1034742 Dereference after null check
via 5c30ed4 dsdb: Fix CID 1034743 Dereference after null check
via 77c6cdc dsdb: Fix CID 1034803 Dereference null return value
via 6ed5b4e dsdb: Fix CID 1034804 Dereference null return value
via 4b80851 dsdb: Fix CID 1034745 Dereference after null check
via 246cb19 smbd: Fix CID 1273096 Dereference before null check
via 6438339 lib: Remove unused functions
via e6564bf lib: Fix CID 1128556 Dereference after null check
via 252f813 lib: Fix CID 1272858 Copy-paste error
via ddd6112 lib: Fix CID 710685 Unchecked return value from library
via 1f99ba7 lib: Fix CID 1273234 Untrusted value as argument
via 4bd430e lib: Fix CID 1034723 Explicit null dereferenced
via 69160e5 lib: Fix CID 1272913 Calling risky function
via ea91956 lib: Make genrand independent
via a08dee1 lib: Make time-basic a library
via 30bfb8d lib: Fix deps for LIBCRYPTO
via a4d4cc2 lib: Simplify arcfour_crypt
via 0934134 lib: Streamline genrand.c includes
via 95cd4b1 lib: Fix whitespace
via 39a1894 lib: Strip genrand.c a bit
via 965d9ce s3:ntlm_auth: don't start gensec backend twice
via 2cd3e51 auth/gensec: remove unused gensec_[un]wrap_packets() hooks
via 37041e4 s4:auth/gensec: remove unused gensec_socket_init()
via 7943ffb s4:auth/gensec: remove unused include of lib/socket/socket.h
via beb84d0 s4:auth/gensec: remove unused and untested cyrus_sasl module
via 67c5d58 s4:libcli/ldap: conversion to tstream
via 6f2c29a s4:lib/tls: ignore non-existing ca and crl files in tstream_tls_params_client()
via 3d298b9 s4:lib/tls: fix tstream_tls_connect_send() define
via 8dbe9d7 s3:libads/sasl: use gensec_max_{input,wrapped}_size() in ads_sasl_spnego_ntlmssp_bind
via 7b916b5 s4:gensec/gssapi: make calculation of gensec_gssapi_sig_size() for aes keys more clear
via ac5283f s4:gensec/gssapi: use gensec_gssapi_max_{input,wrapped}_size() for all backends
from 6dd117b s4:selftest: also run rpc.winreg with kerberos and all possible auth options
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit a924399b91060969f67c9863e5dd9214f2fce677
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jun 23 14:58:11 2015 +0200
dsdb: Fix CID 1034902 Dereference before null check
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Wed Jun 24 01:02:22 CEST 2015 on sn-devel-104
commit 8253549264bab62fa29357401d99b9d994f12c8a
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jun 23 14:56:50 2015 +0200
dsdb: Fix CID 1034687 Logically dead code
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 7613174e7baf872513d44c88401d5ff872cc666f
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jun 23 14:53:39 2015 +0200
dsdb: Fix CID 1034719 Evaluation order violation
We assigned lp_ctx twice...
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit d09d428c5e226bf313e81159c9b98c8911a4064e
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jun 23 14:46:12 2015 +0200
dsdb: Fix CID 1034802 Dereference null return value
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 22d4d916496261826fff4a2edfacd46b65cdcd67
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jun 23 14:44:05 2015 +0200
dsdb: Fix CID 1034742 Dereference after null check
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 5c30ed470d010d9aedcfab81c24e6d56ec0f4fd3
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jun 23 14:42:06 2015 +0200
dsdb: Fix CID 1034743 Dereference after null check
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 77c6cdcbd596c3766c0eec16252aa0beb05697c1
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jun 23 14:40:42 2015 +0200
dsdb: Fix CID 1034803 Dereference null return value
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 6ed5b4ec8b7eddc32c187ef23e9c166383e012c0
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jun 23 14:39:58 2015 +0200
dsdb: Fix CID 1034804 Dereference null return value
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 4b80851568d62148427337f28e511cfa8a033d1d
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jun 23 12:48:13 2015 +0200
dsdb: Fix CID 1034745 Dereference after null check
This is a cut&paste error
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 246cb1961fb770d44a4b4f17b88943a3c00a8cce
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jun 23 12:02:06 2015 +0200
smbd: Fix CID 1273096 Dereference before null check
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 6438339b2a6ba8d5e70bbc7ad8bd65d2d1ed11a2
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jun 23 11:22:04 2015 +0200
lib: Remove unused functions
This fixes CID 1034629 Unchecked return value
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit e6564bf663ea8ff2a1701fdfe7a7c1f8cd61b246
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jun 23 11:06:02 2015 +0200
lib: Fix CID 1128556 Dereference after null check
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 252f8137d386d91ae425931b9da8c9a86689d860
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jun 23 11:03:47 2015 +0200
lib: Fix CID 1272858 Copy-paste error
Coverity is wrong here, but it's a good idea to consolidate the close-loop
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit ddd61126fb35d70e20b2d5007350e4327f470507
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jun 23 10:18:31 2015 +0200
lib: Fix CID 710685 Unchecked return value from library
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 1f99ba7749a766f733f381db2925076290836be2
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jun 23 10:12:15 2015 +0200
lib: Fix CID 1273234 Untrusted value as argument
buf->size has been sanitized in the checks done in talloc_array(). This makes
the "trust" flow more explicit.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 4bd430e05d4cef412a799cfbb60cc8339f2096c5
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jun 23 10:10:19 2015 +0200
lib: Fix CID 1034723 Explicit null dereferenced
Do an early return if there's nothing to receive
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 69160e55db06b0bf5987e3e39c9b584f19cb902f
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jun 23 10:02:17 2015 +0200
lib: Fix CID 1272913 Calling risky function
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit ea919567e95a9cdd12289fe52e746f3dea43ad8f
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jun 23 09:56:55 2015 +0200
lib: Make genrand independent
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit a08dee14aa28b6fccd1512d3ca95282d202ab8e5
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jun 23 10:40:33 2015 +0200
lib: Make time-basic a library
The next commit will make genrand depend on time-basic. Without this, we would
link in time-basic twice, from samba-debug and from genrand.
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 30bfb8d63804f0c98312fadaadcb104120dadafb
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jun 23 09:53:15 2015 +0200
lib: Fix deps for LIBCRYPTO
LIBCRYPTO itself does not depend on talloc
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit a4d4cc2550fec0343b8c46f591d5c3a05e70f87f
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jun 23 09:52:49 2015 +0200
lib: Simplify arcfour_crypt
We don't need a dependency on data_blob in crypto
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 0934134d2e367936d0d6d914b12f333accb98c50
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jun 23 09:28:28 2015 +0200
lib: Streamline genrand.c includes
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 95cd4b1708d64cbe510db29d4cd84e6a371a949b
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jun 23 09:05:56 2015 +0200
lib: Fix whitespace
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 39a1894bf46b6ca6796e496cad972759fe11d082
Author: Volker Lendecke <vl at samba.org>
Date: Tue Jun 23 09:02:46 2015 +0200
lib: Strip genrand.c a bit
This moves for example password complexity checks out of the core random
number generator
Signed-off-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 965d9ce5559f01bc8f2e0d5fc95547a9ea7d5078
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jun 20 16:54:33 2015 +0200
s3:ntlm_auth: don't start gensec backend twice
ntlm_auth_start_ntlmssp_server() was used in two cases
and both call gensec_start_mech_by_oid() again.
So we remove gensec_start_mech_by_oid() and rename the function
to ntlm_auth_prepare_gensec_server.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 2cd3e51e19c0ae851ea2f294125c387f72d4432c
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 19 12:47:10 2015 +0200
auth/gensec: remove unused gensec_[un]wrap_packets() hooks
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 37041e41589d529aedfeb0d39de2d542cd9c8798
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 19 12:46:27 2015 +0200
s4:auth/gensec: remove unused gensec_socket_init()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 7943ffbb77bd3ee3a47d20ccdcbbcfe0e2b74b1e
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 19 13:47:29 2015 +0200
s4:auth/gensec: remove unused include of lib/socket/socket.h
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit beb84d0c26305b80c8c56711782d62212e7abf86
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 19 13:30:54 2015 +0200
s4:auth/gensec: remove unused and untested cyrus_sasl module
There's not a high chance that this module worked at all.
Requesting SASL_SSF in order to get the max input length
is completely broken.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 67c5d5849efb6dc9ff04088e0599056bcfad1aee
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 19 12:26:06 2015 +0200
s4:libcli/ldap: conversion to tstream
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 6f2c29a13cfee0e816499f8aea4076aaee9e2f85
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 19 13:30:10 2015 +0200
s4:lib/tls: ignore non-existing ca and crl files in tstream_tls_params_client()
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 3d298b994d949786c0eda47ece4a2d7b1c6f3104
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 19 12:26:55 2015 +0200
s4:lib/tls: fix tstream_tls_connect_send() define
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 8dbe9d785bd3b3d7bdca1e9854dc0516047d5e5a
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 19 01:07:49 2015 +0200
s3:libads/sasl: use gensec_max_{input,wrapped}_size() in ads_sasl_spnego_ntlmssp_bind
gensec_sig_size() is for gensec_{sign,seal}_packet() instead of gensec_wrap().
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 7b916b5f9a3db5b268639d2d68cfa85e20a83266
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jun 18 21:07:58 2015 +0200
s4:gensec/gssapi: make calculation of gensec_gssapi_sig_size() for aes keys more clear
This way the result matches what gss_wrap_iov_length() would return.
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit ac5283f7888d3b0bbc4d3a53102cc47d32366d06
Author: Stefan Metzmacher <metze at samba.org>
Date: Thu Jun 18 23:18:58 2015 +0200
s4:gensec/gssapi: use gensec_gssapi_max_{input,wrapped}_size() for all backends
This avoids calls to gensec_gssapi_sig_size() as fallback in
gensec_max_input_size().
gensec_gssapi_sig_size() needs to report the sig size
gensec_{sign,seal}_packet(), which could be different to the
overhead produced by gensec_wrap().
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
-----------------------------------------------------------------------
Summary of changes:
auth/gensec/gensec.h | 21 --
auth/gensec/gensec_internal.h | 12 -
auth/gensec/gensec_util.c | 116 ------
auth/gensec/spnego.c | 56 ---
auth/gensec/wscript_build | 2 +-
lib/addns/dnsrecord.c | 3 +-
lib/addns/dnssock.c | 17 +-
lib/async_req/async_sock.c | 7 +-
lib/crypto/arcfour.c | 9 +-
lib/crypto/wscript_build | 4 +-
lib/util/genrand.c | 305 +--------------
lib/util/genrand.h | 44 +++
lib/util/{genrand.c => genrand_util.c} | 271 +-------------
lib/util/samba_util.h | 22 +-
lib/util/wscript_build | 21 +-
source3/lib/messages.c | 16 +-
source3/lib/messages_ctdbd.c | 1 +
source3/libads/sasl.c | 9 +-
source3/registry/reg_objects.c | 27 --
source3/registry/reg_objects.h | 2 -
source3/smbd/smb2_lock.c | 2 +-
source3/utils/ntlm_auth.c | 16 +-
source4/auth/gensec/cyrus_sasl.c | 454 -----------------------
source4/auth/gensec/gensec_gssapi.c | 13 +-
source4/auth/gensec/gensec_krb5.c | 1 -
source4/auth/gensec/gensec_socket.h | 28 --
source4/auth/gensec/socket.c | 435 ----------------------
source4/auth/gensec/wscript_build | 12 +-
source4/auth/wscript_configure | 4 -
source4/dsdb/samdb/ldb_modules/extended_dn_out.c | 2 +-
source4/dsdb/samdb/ldb_modules/operational.c | 3 -
source4/dsdb/samdb/ldb_modules/password_hash.c | 5 +-
source4/dsdb/samdb/ldb_modules/rootdse.c | 4 +
source4/dsdb/samdb/ldb_modules/schema_util.c | 2 +-
source4/dsdb/samdb/ldb_modules/simple_dn.c | 2 +-
source4/dsdb/samdb/ldb_modules/util.c | 6 +
source4/dsdb/schema/schema_syntax.c | 2 +-
source4/lib/tls/tls.h | 2 +-
source4/lib/tls/tls_tstream.c | 4 +-
source4/libcli/ldap/ldap_bind.c | 65 +++-
source4/libcli/ldap/ldap_client.c | 443 ++++++++++++++--------
source4/libcli/ldap/ldap_client.h | 17 +-
source4/libcli/ldap/wscript_build | 4 +-
43 files changed, 510 insertions(+), 1981 deletions(-)
create mode 100644 lib/util/genrand.h
copy lib/util/{genrand.c => genrand_util.c} (53%)
delete mode 100644 source4/auth/gensec/cyrus_sasl.c
delete mode 100644 source4/auth/gensec/gensec_socket.h
delete mode 100644 source4/auth/gensec/socket.c
Changeset truncated at 500 lines:
diff --git a/auth/gensec/gensec.h b/auth/gensec/gensec.h
index 0d3a29c..d09813e 100644
--- a/auth/gensec/gensec.h
+++ b/auth/gensec/gensec.h
@@ -107,30 +107,9 @@ const struct gensec_critical_sizes *gensec_interface_version(void);
/* Socket wrapper */
struct gensec_security;
-struct socket_context;
struct auth4_context;
struct auth_user_info_dc;
-/* These functions are for use here only (public because SPNEGO must
- * use them for recursion) */
-NTSTATUS gensec_wrap_packets(struct gensec_security *gensec_security,
- TALLOC_CTX *mem_ctx,
- const DATA_BLOB *in,
- DATA_BLOB *out,
- size_t *len_processed);
-/* These functions are for use here only (public because SPNEGO must
- * use them for recursion) */
-NTSTATUS gensec_unwrap_packets(struct gensec_security *gensec_security,
- TALLOC_CTX *mem_ctx,
- const DATA_BLOB *in,
- DATA_BLOB *out,
- size_t *len_processed);
-
-/* These functions are for use here only (public because SPNEGO must
- * use them for recursion) */
-NTSTATUS gensec_packet_full_request(struct gensec_security *gensec_security,
- DATA_BLOB blob, size_t *size);
-
struct loadparm_context;
NTSTATUS gensec_subcontext_start(TALLOC_CTX *mem_ctx,
diff --git a/auth/gensec/gensec_internal.h b/auth/gensec/gensec_internal.h
index c04164a..45a66f8 100644
--- a/auth/gensec/gensec_internal.h
+++ b/auth/gensec/gensec_internal.h
@@ -74,18 +74,6 @@ struct gensec_security_ops {
TALLOC_CTX *mem_ctx,
const DATA_BLOB *in,
DATA_BLOB *out);
- NTSTATUS (*wrap_packets)(struct gensec_security *gensec_security,
- TALLOC_CTX *mem_ctx,
- const DATA_BLOB *in,
- DATA_BLOB *out,
- size_t *len_processed);
- NTSTATUS (*unwrap_packets)(struct gensec_security *gensec_security,
- TALLOC_CTX *mem_ctx,
- const DATA_BLOB *in,
- DATA_BLOB *out,
- size_t *len_processed);
- NTSTATUS (*packet_full_request)(struct gensec_security *gensec_security,
- DATA_BLOB blob, size_t *size);
NTSTATUS (*session_key)(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx,
DATA_BLOB *session_key);
NTSTATUS (*session_info)(struct gensec_security *gensec_security, TALLOC_CTX *mem_ctx,
diff --git a/auth/gensec/gensec_util.c b/auth/gensec/gensec_util.c
index b8e38b7..8ef4b25 100644
--- a/auth/gensec/gensec_util.c
+++ b/auth/gensec/gensec_util.c
@@ -68,122 +68,6 @@ NTSTATUS gensec_generate_session_info_pac(TALLOC_CTX *mem_ctx,
}
/*
- * These functions are for use in the deprecated
- * gensec_socket code (public because SPNEGO must
- * use them for recursion)
- */
-_PUBLIC_ NTSTATUS gensec_wrap_packets(struct gensec_security *gensec_security,
- TALLOC_CTX *mem_ctx,
- const DATA_BLOB *in,
- DATA_BLOB *out,
- size_t *len_processed)
-{
- if (!gensec_security->ops->wrap_packets) {
- NTSTATUS nt_status;
- size_t max_input_size;
- DATA_BLOB unwrapped, wrapped;
- max_input_size = gensec_max_input_size(gensec_security);
- unwrapped = data_blob_const(in->data, MIN(max_input_size, (size_t)in->length));
-
- nt_status = gensec_wrap(gensec_security,
- mem_ctx,
- &unwrapped, &wrapped);
- if (!NT_STATUS_IS_OK(nt_status)) {
- return nt_status;
- }
-
- *out = data_blob_talloc(mem_ctx, NULL, 4);
- if (!out->data) {
- return NT_STATUS_NO_MEMORY;
- }
- RSIVAL(out->data, 0, wrapped.length);
-
- if (!data_blob_append(mem_ctx, out, wrapped.data, wrapped.length)) {
- return NT_STATUS_NO_MEMORY;
- }
- *len_processed = unwrapped.length;
- return NT_STATUS_OK;
- }
- return gensec_security->ops->wrap_packets(gensec_security, mem_ctx, in, out,
- len_processed);
-}
-
-/*
- * These functions are for use in the deprecated
- * gensec_socket code (public because SPNEGO must
- * use them for recursion)
- */
-NTSTATUS gensec_unwrap_packets(struct gensec_security *gensec_security,
- TALLOC_CTX *mem_ctx,
- const DATA_BLOB *in,
- DATA_BLOB *out,
- size_t *len_processed)
-{
- if (!gensec_security->ops->unwrap_packets) {
- DATA_BLOB wrapped;
- NTSTATUS nt_status;
- size_t packet_size;
- if (in->length < 4) {
- /* Missing the header we already had! */
- DEBUG(0, ("Asked to unwrap packet of bogus length! How did we get the short packet?!\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- packet_size = RIVAL(in->data, 0);
-
- wrapped = data_blob_const(in->data + 4, packet_size);
-
- if (wrapped.length > (in->length - 4)) {
- DEBUG(0, ("Asked to unwrap packed of bogus length %d > %d! How did we get this?!\n",
- (int)wrapped.length, (int)(in->length - 4)));
- return NT_STATUS_INTERNAL_ERROR;
- }
-
- nt_status = gensec_unwrap(gensec_security,
- mem_ctx,
- &wrapped, out);
- if (!NT_STATUS_IS_OK(nt_status)) {
- return nt_status;
- }
-
- *len_processed = packet_size + 4;
- return nt_status;
- }
- return gensec_security->ops->unwrap_packets(gensec_security, mem_ctx, in, out,
- len_processed);
-}
-
-/*
- * These functions are for use in the deprecated
- * gensec_socket code (public because SPNEGO must
- * use them for recursion)
- */
-NTSTATUS gensec_packet_full_request(struct gensec_security *gensec_security,
- DATA_BLOB blob, size_t *size)
-{
- if (gensec_security->ops->packet_full_request) {
- return gensec_security->ops->packet_full_request(gensec_security,
- blob, size);
- }
- if (gensec_security->ops->unwrap_packets) {
- if (blob.length) {
- *size = blob.length;
- return NT_STATUS_OK;
- }
- return STATUS_MORE_ENTRIES;
- }
-
- if (blob.length < 4) {
- return STATUS_MORE_ENTRIES;
- }
- *size = 4 + RIVAL(blob.data, 0);
- if (*size > blob.length) {
- return STATUS_MORE_ENTRIES;
- }
- return NT_STATUS_OK;
-}
-
-/*
magic check a GSS-API wrapper packet for an Kerberos OID
*/
static bool gensec_gssapi_check_oid(const DATA_BLOB *blob, const char *oid)
diff --git a/auth/gensec/spnego.c b/auth/gensec/spnego.c
index 20cacdb..85c70e1 100644
--- a/auth/gensec/spnego.c
+++ b/auth/gensec/spnego.c
@@ -221,59 +221,6 @@ static NTSTATUS gensec_spnego_unwrap(struct gensec_security *gensec_security,
mem_ctx, in, out);
}
-static NTSTATUS gensec_spnego_wrap_packets(struct gensec_security *gensec_security,
- TALLOC_CTX *mem_ctx,
- const DATA_BLOB *in,
- DATA_BLOB *out,
- size_t *len_processed)
-{
- struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data;
-
- if (spnego_state->state_position != SPNEGO_DONE
- && spnego_state->state_position != SPNEGO_FALLBACK) {
- DEBUG(1, ("gensec_spnego_wrap: wrong state for wrap\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- return gensec_wrap_packets(spnego_state->sub_sec_security,
- mem_ctx, in, out,
- len_processed);
-}
-
-static NTSTATUS gensec_spnego_packet_full_request(struct gensec_security *gensec_security,
- DATA_BLOB blob, size_t *size)
-{
- struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data;
-
- if (spnego_state->state_position != SPNEGO_DONE
- && spnego_state->state_position != SPNEGO_FALLBACK) {
- DEBUG(1, ("gensec_spnego_unwrap: wrong state for unwrap\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- return gensec_packet_full_request(spnego_state->sub_sec_security,
- blob, size);
-}
-
-static NTSTATUS gensec_spnego_unwrap_packets(struct gensec_security *gensec_security,
- TALLOC_CTX *mem_ctx,
- const DATA_BLOB *in,
- DATA_BLOB *out,
- size_t *len_processed)
-{
- struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data;
-
- if (spnego_state->state_position != SPNEGO_DONE
- && spnego_state->state_position != SPNEGO_FALLBACK) {
- DEBUG(1, ("gensec_spnego_unwrap: wrong state for unwrap\n"));
- return NT_STATUS_INVALID_PARAMETER;
- }
-
- return gensec_unwrap_packets(spnego_state->sub_sec_security,
- mem_ctx, in, out,
- len_processed);
-}
-
static size_t gensec_spnego_sig_size(struct gensec_security *gensec_security, size_t data_size)
{
struct spnego_state *spnego_state = (struct spnego_state *)gensec_security->private_data;
@@ -1384,11 +1331,8 @@ static const struct gensec_security_ops gensec_spnego_security_ops = {
.max_input_size = gensec_spnego_max_input_size,
.check_packet = gensec_spnego_check_packet,
.unseal_packet = gensec_spnego_unseal_packet,
- .packet_full_request = gensec_spnego_packet_full_request,
.wrap = gensec_spnego_wrap,
.unwrap = gensec_spnego_unwrap,
- .wrap_packets = gensec_spnego_wrap_packets,
- .unwrap_packets = gensec_spnego_unwrap_packets,
.session_key = gensec_spnego_session_key,
.session_info = gensec_spnego_session_info,
.want_feature = gensec_spnego_want_feature,
diff --git a/auth/gensec/wscript_build b/auth/gensec/wscript_build
index e6d179b..e4c4a08 100755
--- a/auth/gensec/wscript_build
+++ b/auth/gensec/wscript_build
@@ -3,7 +3,7 @@ bld.SAMBA_LIBRARY('gensec',
source='gensec.c gensec_start.c gensec_util.c',
pc_files='gensec.pc',
autoproto='gensec_toplevel_proto.h',
- public_deps='tevent-util samba-util errors LIBPACKET auth_system_session samba-modules gensec_util asn1util',
+ public_deps='tevent-util samba-util errors auth_system_session samba-modules gensec_util asn1util',
public_headers='gensec.h',
deps='com_err',
vnum='0.0.1'
diff --git a/lib/addns/dnsrecord.c b/lib/addns/dnsrecord.c
index 724d0df..0d14937 100644
--- a/lib/addns/dnsrecord.c
+++ b/lib/addns/dnsrecord.c
@@ -22,6 +22,7 @@
*/
#include "dns.h"
+#include "lib/util/genrand.h"
DNS_ERROR dns_create_query( TALLOC_CTX *mem_ctx, const char *name,
uint16_t q_type, uint16_t q_class,
@@ -39,7 +40,7 @@ DNS_ERROR dns_create_query( TALLOC_CTX *mem_ctx, const char *name,
return ERROR_DNS_NO_MEMORY;
}
- req->id = random();
+ generate_random_buffer((uint8_t *)&req->id, sizeof(req->id));
req->num_questions = 1;
q = req->questions[0];
diff --git a/lib/addns/dnssock.c b/lib/addns/dnssock.c
index b1d794d..a45e325 100644
--- a/lib/addns/dnssock.c
+++ b/lib/addns/dnssock.c
@@ -321,16 +321,17 @@ static DNS_ERROR dns_receive_tcp(TALLOC_CTX *mem_ctx,
buf->size = ntohs(len);
- if (buf->size) {
- if (!(buf->data = talloc_array(buf, uint8_t, buf->size))) {
- TALLOC_FREE(buf);
- return ERROR_DNS_NO_MEMORY;
- }
- } else {
- buf->data = NULL;
+ if (buf->size == 0) {
+ *presult = buf;
+ return ERROR_DNS_SUCCESS;
+ }
+
+ if (!(buf->data = talloc_array(buf, uint8_t, buf->size))) {
+ TALLOC_FREE(buf);
+ return ERROR_DNS_NO_MEMORY;
}
- err = read_all(conn->s, buf->data, buf->size);
+ err = read_all(conn->s, buf->data, talloc_get_size(buf->data));
if (!ERR_DNS_IS_OK(err)) {
TALLOC_FREE(buf);
return err;
diff --git a/lib/async_req/async_sock.c b/lib/async_req/async_sock.c
index e90f4e6..d2cda15 100644
--- a/lib/async_req/async_sock.c
+++ b/lib/async_req/async_sock.c
@@ -74,6 +74,7 @@ struct tevent_req *async_connect_send(
{
struct tevent_req *req;
struct async_connect_state *state;
+ int ret;
req = tevent_req_create(mem_ctx, &state, struct async_connect_state);
if (req == NULL) {
@@ -105,7 +106,11 @@ struct tevent_req *async_connect_send(
}
memcpy(&state->address, address, address_len);
- set_blocking(fd, false);
+ ret = set_blocking(fd, false);
+ if (ret == -1) {
+ tevent_req_error(req, errno);
+ return tevent_req_post(req, ev);
+ }
if (state->before_connect != NULL) {
state->before_connect(state->private_data);
diff --git a/lib/crypto/arcfour.c b/lib/crypto/arcfour.c
index 1afd659..d310649 100644
--- a/lib/crypto/arcfour.c
+++ b/lib/crypto/arcfour.c
@@ -81,11 +81,12 @@ _PUBLIC_ void arcfour_crypt_blob(uint8_t *data, int len, const DATA_BLOB *key)
*/
_PUBLIC_ void arcfour_crypt(uint8_t *data, const uint8_t keystr[16], int len)
{
- DATA_BLOB key = data_blob(keystr, 16);
-
- arcfour_crypt_blob(data, len, &key);
+ uint8_t keycopy[16];
+ DATA_BLOB key = { .data = keycopy, .length = sizeof(keycopy) };
- data_blob_free(&key);
+ memcpy(keycopy, keystr, sizeof(keycopy));
+
+ arcfour_crypt_blob(data, len, &key);
}
diff --git a/lib/crypto/wscript_build b/lib/crypto/wscript_build
index f2326a2..0224feb 100644
--- a/lib/crypto/wscript_build
+++ b/lib/crypto/wscript_build
@@ -15,12 +15,12 @@ bld.SAMBA_SUBSYSTEM('LIBCRYPTO',
source='''crc32.c hmacmd5.c md4.c arcfour.c sha256.c sha512.c hmacsha256.c
aes.c rijndael-alg-fst.c aes_cmac_128.c aes_ccm_128.c aes_gcm_128.c
''' + extra_source,
- deps='talloc' + extra_deps
+ deps=extra_deps
)
bld.SAMBA_SUBSYSTEM('TORTURE_LIBCRYPTO',
source='md4test.c md5test.c hmacmd5test.c aes_cmac_128_test.c aes_gcm_128_test.c',
autoproto='test_proto.h',
- deps='LIBCRYPTO'
+ deps='talloc LIBCRYPTO'
)
diff --git a/lib/util/genrand.c b/lib/util/genrand.c
index c0163f4..4473433 100644
--- a/lib/util/genrand.c
+++ b/lib/util/genrand.c
@@ -1,28 +1,31 @@
-/*
+/*
Unix SMB/CIFS implementation.
Functions to create reasonable random numbers for crypto use.
Copyright (C) Jeremy Allison 2001
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-#include "includes.h"
+#include "replace.h"
#include "system/filesys.h"
#include "../lib/crypto/crypto.h"
-#include "system/locale.h"
+#include "lib/util/genrand.h"
+#include "lib/util/blocking.h"
+#include "lib/util/time_basic.h"
+#include "lib/util/byteorder.h"
/**
* @file
@@ -69,7 +72,7 @@ static void get_rand_reseed_data(int *reseed_data)
}
}
-/****************************************************************
+/****************************************************************
Setup the seed.
*****************************************************************/
@@ -95,7 +98,7 @@ static void seed_random_stream(unsigned char *seedval, size_t seedlen)
hash[257] = 0;
}
-/****************************************************************
+/****************************************************************
Get datasize bytes worth of random data.
*****************************************************************/
@@ -125,7 +128,7 @@ static void get_random_stream(unsigned char *data, size_t datasize)
}
/****************************************************************
- Get a 16 byte hash from the contents of a file.
+ Get a 16 byte hash from the contents of a file.
Note that the hash is initialised, because the extra entropy is not
worth the valgrind pain.
@@ -226,7 +229,7 @@ _PUBLIC_ void generate_random_buffer(uint8_t *out, int len)
if(!done_reseed) {
bytes_since_reseed += len;
-
+
/* Magic constant to try and avoid reading 40 bytes
* and setting up the PRNG if the app only ever wants
* a few bytes */
@@ -280,286 +283,6 @@ _PUBLIC_ void generate_secret_buffer(uint8_t *out, int len)
if(urand_fd != -1 && (read(urand_fd, out, len) == len)) {
return;
}
-
- generate_random_buffer(out, len);
-}
-
-/**
- generate a single random uint32_t
-**/
-_PUBLIC_ uint32_t generate_random(void)
-{
- uint8_t v[4];
- generate_random_buffer(v, 4);
- return IVAL(v, 0);
-}
-
-
-/**
- Microsoft composed the following rules (among others) for quality
- checks. This is an abridgment from
- http://msdn.microsoft.com/en-us/subscriptions/cc786468%28v=ws.10%29.aspx:
-
- Passwords must contain characters from three of the following five
- categories:
-
- - Uppercase characters of European languages (A through Z, with
- diacritic marks, Greek and Cyrillic characters)
- - Lowercase characters of European languages (a through z, sharp-s,
- with diacritic marks, Greek and Cyrillic characters)
- - Base 10 digits (0 through 9)
--
Samba Shared Repository
More information about the samba-cvs
mailing list