[SCM] Samba Shared Repository - branch master updated

David Disseldorp ddiss at samba.org
Wed Mar 4 09:15:03 MST 2015


The branch, master has been updated
       via  40a317f rpc_server: Fix CID 1035535 Uninitialized scalar variable
       via  8f7bdc8 rpc_server: Fix CID 1035534 Uninitialized scalar variable
       via  4891a98 backupkey: Remove an unused variable
       via  969519b backupkey: Fix CID 1273293 Uninitialized scalar variable
       via  7e4daaa backupkey: Fix a memleak
       via  00e751d backupkey: Simplify get_lsa_secret
       via  5ea5d87 backupkey: Slightly simplify bkrp_do_retrieve_server_wrap_key
       via  8e195fb winbind: Fix CID 1273294 Uninitialized scalar variable
       via  25928b1 winbind: Fix CID 1273295 Uninitialized scalar variable
       via  706770d libads: Fix CID 1273305 Uninitialized scalar variable
       via  4a686c5 libads: Fix CID 1273306 Uninitialized scalar variable
       via  11a71d5 lib: Fix CID 1273292 Uninitialized pointer read
       via  f5c8e48 lib: Fix CID 1273056 Negative array index read
       via  6fdbf8d lib: Fix CID 1128561 Pointer to local outside scope
       via  569c870 Fix whitespace
       via  4dd7c84 lib: Fix CID 1128552 Buffer not null terminated
       via  1826f06 build:wafadmin: fix use of spaces instead of tabs.
      from  7a10e07 ctdb-build: Specify absolute path to libsocket-wrapper.so

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 40a317f092829aa78a35cc0421f524a4b0233f10
Author: Volker Lendecke <vl at samba.org>
Date:   Wed Mar 4 10:47:03 2015 +0100

    rpc_server: Fix CID 1035535 Uninitialized scalar variable
    
    I believe this can't happen, but better be safe than sorry
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: David Disseldorp <ddiss at samba.org>
    
    Autobuild-User(master): David Disseldorp <ddiss at samba.org>
    Autobuild-Date(master): Wed Mar  4 17:14:53 CET 2015 on sn-devel-104

commit 8f7bdc8194a6e666c795da0d27feb316b0a8dd37
Author: Volker Lendecke <vl at samba.org>
Date:   Wed Mar 4 10:47:03 2015 +0100

    rpc_server: Fix CID 1035534 Uninitialized scalar variable
    
    I believe this can't happen, but better be safe than sorry
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: David Disseldorp <ddiss at samba.org>

commit 4891a98e20d0719274f6685dfbc39413c9ab39d0
Author: Volker Lendecke <vl at samba.org>
Date:   Wed Mar 4 10:36:40 2015 +0100

    backupkey: Remove an unused variable
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: David Disseldorp <ddiss at samba.org>

commit 969519b3b53e1ba12a261764fc4d5785524a245f
Author: Volker Lendecke <vl at samba.org>
Date:   Wed Mar 4 10:35:47 2015 +0100

    backupkey: Fix CID 1273293 Uninitialized scalar variable
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: David Disseldorp <ddiss at samba.org>

commit 7e4daaacb6b256e08ac7491aa9e98d0dc56d137b
Author: Volker Lendecke <vl at samba.org>
Date:   Wed Mar 4 10:33:57 2015 +0100

    backupkey: Fix a memleak
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: David Disseldorp <ddiss at samba.org>

commit 00e751d2be80c555aca71724cfb6fdb4602c1131
Author: Volker Lendecke <vl at samba.org>
Date:   Wed Mar 4 10:33:38 2015 +0100

    backupkey: Simplify get_lsa_secret
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: David Disseldorp <ddiss at samba.org>

commit 5ea5d876bf9c33b1805109af79005e3437a656a1
Author: Volker Lendecke <vl at samba.org>
Date:   Wed Mar 4 10:29:53 2015 +0100

    backupkey: Slightly simplify bkrp_do_retrieve_server_wrap_key
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: David Disseldorp <ddiss at samba.org>

commit 8e195fb52ecfa3c263f68b74f989fb48a3c9116f
Author: Volker Lendecke <vl at samba.org>
Date:   Wed Mar 4 10:28:20 2015 +0100

    winbind: Fix CID 1273294 Uninitialized scalar variable
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: David Disseldorp <ddiss at samba.org>

commit 25928b1bcc031469c5321ab283a8d0c32dde2f4f
Author: Volker Lendecke <vl at samba.org>
Date:   Wed Mar 4 10:22:48 2015 +0100

    winbind: Fix CID 1273295 Uninitialized scalar variable
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: David Disseldorp <ddiss at samba.org>

commit 706770d7a8c4625ecb555db40c146126d2c160f0
Author: Volker Lendecke <vl at samba.org>
Date:   Wed Mar 4 10:09:51 2015 +0100

    libads: Fix CID 1273305 Uninitialized scalar variable
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: David Disseldorp <ddiss at samba.org>

commit 4a686c5b0bbcf0bdb089348403a3c35b8aff67e4
Author: Volker Lendecke <vl at samba.org>
Date:   Wed Mar 4 10:09:18 2015 +0100

    libads: Fix CID 1273306 Uninitialized scalar variable
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: David Disseldorp <ddiss at samba.org>

commit 11a71d562129e3b99482d329cf640fdb4a4cf9bf
Author: Volker Lendecke <vl at samba.org>
Date:   Wed Mar 4 10:00:29 2015 +0100

    lib: Fix CID 1273292 Uninitialized pointer read
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: David Disseldorp <ddiss at samba.org>

commit f5c8e489ad5b71f000be61384be93e2e348b373d
Author: Volker Lendecke <vl at samba.org>
Date:   Wed Mar 4 09:49:18 2015 +0100

    lib: Fix CID 1273056 Negative array index read
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: David Disseldorp <ddiss at samba.org>

commit 6fdbf8de87521ea6f08cda6edf7129bdb6987968
Author: Volker Lendecke <vl at samba.org>
Date:   Wed Mar 4 09:43:19 2015 +0100

    lib: Fix CID 1128561 Pointer to local outside scope
    
    This is not strictly a bug, but it is confusing enough to justify a small patch
    I guess.
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: David Disseldorp <ddiss at samba.org>

commit 569c8700d6394c88fd706b46248c08279fdfb203
Author: Volker Lendecke <vl at samba.org>
Date:   Wed Mar 4 09:43:09 2015 +0100

    Fix whitespace
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: David Disseldorp <ddiss at samba.org>

commit 4dd7c84167e99af62db465bd64d47b7228a60335
Author: Volker Lendecke <vl at samba.org>
Date:   Wed Mar 4 09:38:52 2015 +0100

    lib: Fix CID 1128552 Buffer not null terminated
    
    Signed-off-by: Volker Lendecke <vl at samba.org>
    Reviewed-by: David Disseldorp <ddiss at samba.org>

commit 1826f06be7b286c8e343f272766fdb81a930013f
Author: Michael Adam <obnox at samba.org>
Date:   Tue Mar 3 13:33:10 2015 +0100

    build:wafadmin: fix use of spaces instead of tabs.
    
    Indentation should not be a mixture of tabs and spaces.
    Waf uses tabs.
    
    Signed-off-by: Michael Adam <obnox at samba.org>
    Reviewed-by: David Disseldorp <ddiss at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 buildtools/wafadmin/Tools/ccroot.py             |   6 +-
 source3/lib/ctdb_conn.c                         |  14 +--
 source3/lib/ctdbd_conn.c                        |  15 ++--
 source3/lib/msghdr.c                            |   7 +-
 source3/libads/kerberos_keytab.c                |   4 +-
 source3/rpc_server/srv_pipe.c                   |   4 +-
 source3/winbindd/idmap.c                        |   3 +-
 source4/rpc_server/backupkey/dcesrv_backupkey.c | 110 ++++++++++++------------
 8 files changed, 87 insertions(+), 76 deletions(-)


Changeset truncated at 500 lines:

diff --git a/buildtools/wafadmin/Tools/ccroot.py b/buildtools/wafadmin/Tools/ccroot.py
index 12ef442..25c5179 100644
--- a/buildtools/wafadmin/Tools/ccroot.py
+++ b/buildtools/wafadmin/Tools/ccroot.py
@@ -184,9 +184,9 @@ def get_target_name(self):
 			# the import lib file name stays unversionned.
 			name = name + '-' + nums[0]
 		elif self.env.DEST_OS == 'openbsd':
-                        pattern = '%s.%s' % (pattern, nums[0])
-                        if len(nums) >= 2:
-                                pattern += '.%s' % nums[1]
+			pattern = '%s.%s' % (pattern, nums[0])
+			if len(nums) >= 2:
+				pattern += '.%s' % nums[1]
 
 	return os.path.join(dir, pattern % name)
 
diff --git a/source3/lib/ctdb_conn.c b/source3/lib/ctdb_conn.c
index a54e83d..4e1b3e5 100644
--- a/source3/lib/ctdb_conn.c
+++ b/source3/lib/ctdb_conn.c
@@ -58,6 +58,7 @@ struct tevent_req *ctdb_conn_init_send(TALLOC_CTX *mem_ctx,
 {
 	struct tevent_req *req, *subreq;
 	struct ctdb_conn_init_state *state;
+	size_t len;
 
 	req = tevent_req_create(mem_ctx, &state, struct ctdb_conn_init_state);
 	if (req == NULL) {
@@ -69,11 +70,6 @@ struct tevent_req *ctdb_conn_init_send(TALLOC_CTX *mem_ctx,
 		return tevent_req_post(req, ev);
 	}
 
-	if (strlen(sock) >= sizeof(state->addr.sun_path)) {
-		tevent_req_error(req, ENAMETOOLONG);
-		return tevent_req_post(req, ev);
-	}
-
 	state->conn = talloc(state, struct ctdb_conn);
 	if (tevent_req_nomem(state->conn, req)) {
 		return tevent_req_post(req, ev);
@@ -93,7 +89,13 @@ struct tevent_req *ctdb_conn_init_send(TALLOC_CTX *mem_ctx,
 	talloc_set_destructor(state->conn, ctdb_conn_destructor);
 
 	state->addr.sun_family = AF_UNIX;
-	strncpy(state->addr.sun_path, sock, sizeof(state->addr.sun_path));
+
+	len = strlcpy(state->addr.sun_path, sock,
+		      sizeof(state->addr.sun_path));
+	if (len >= sizeof(state->addr.sun_path)) {
+		tevent_req_error(req, ENAMETOOLONG);
+		return tevent_req_post(req, ev);
+	}
 
 	subreq = async_connect_send(state, ev, state->conn->fd,
 				    (struct sockaddr *)&state->addr,
diff --git a/source3/lib/ctdbd_conn.c b/source3/lib/ctdbd_conn.c
index 6e25769..18b877c 100644
--- a/source3/lib/ctdbd_conn.c
+++ b/source3/lib/ctdbd_conn.c
@@ -697,7 +697,7 @@ static NTSTATUS ctdb_handle_message(struct messaging_context *msg_ctx,
 	}
 
 	if (!ctdb_is_our_srvid(conn, msg->srvid)) {
-		DEBUG(0,("Got unexpected message with srvid=%llu\n", 
+		DEBUG(0,("Got unexpected message with srvid=%llu\n",
 			 (unsigned long long)msg->srvid));
 		return NT_STATUS_OK;
 	}
@@ -1222,7 +1222,7 @@ bool ctdb_serverids_exist(struct ctdbd_connection *conn,
 
 		if (hdr->operation != CTDB_REPLY_CONTROL) {
 			DEBUG(1, ("Received invalid reply %u\n",
-				  (unsigned)reply->hdr.operation));
+				  (unsigned)hdr->operation));
 			goto fail;
 		}
 		reply = (struct ctdb_reply_control *)hdr;
@@ -1304,20 +1304,21 @@ char *ctdbd_dbpath(struct ctdbd_connection *conn,
 {
 	NTSTATUS status;
 	TDB_DATA data;
+	TDB_DATA rdata = {0};
 	int32_t cstatus = 0;
 
 	data.dptr = (uint8_t*)&db_id;
 	data.dsize = sizeof(db_id);
 
 	status = ctdbd_control(conn, CTDB_CURRENT_NODE,
-			       CTDB_CONTROL_GETDBPATH, 0, 0, data, 
-			       mem_ctx, &data, &cstatus);
+			       CTDB_CONTROL_GETDBPATH, 0, 0, data,
+			       mem_ctx, &rdata, &cstatus);
 	if (!NT_STATUS_IS_OK(status) || cstatus != 0) {
 		DEBUG(0,(__location__ " ctdb_control for getdbpath failed\n"));
 		return NULL;
 	}
 
-	return (char *)data.dptr;
+	return (char *)rdata.dptr;
 }
 
 /*
@@ -1360,7 +1361,7 @@ NTSTATUS ctdbd_db_attach(struct ctdbd_connection *conn,
 	data.dsize = sizeof(*db_id);
 
 	status = ctdbd_control(conn, CTDB_CURRENT_NODE,
-			       CTDB_CONTROL_ENABLE_SEQNUM, 0, 0, data, 
+			       CTDB_CONTROL_ENABLE_SEQNUM, 0, 0, data,
 			       NULL, NULL, &cstatus);
 	if (!NT_STATUS_IS_OK(status) || cstatus != 0) {
 		DEBUG(0,(__location__ " ctdb_control for enable seqnum "
@@ -1703,7 +1704,7 @@ NTSTATUS ctdbd_register_ips(struct ctdbd_connection *conn,
 	 * can send an extra ack to trigger a reset for our client, so it
 	 * immediately reconnects
 	 */
-	return ctdbd_control(conn, CTDB_CURRENT_NODE, 
+	return ctdbd_control(conn, CTDB_CURRENT_NODE,
 			     CTDB_CONTROL_TCP_CLIENT, 0,
 			     CTDB_CTRL_FLAG_NOREPLY, data, NULL, NULL, NULL);
 }
diff --git a/source3/lib/msghdr.c b/source3/lib/msghdr.c
index 5d771e8..de0eed4 100644
--- a/source3/lib/msghdr.c
+++ b/source3/lib/msghdr.c
@@ -70,13 +70,18 @@ ssize_t msghdr_copy(struct msghdr_buf *msg, size_t msgsize,
 		    const struct iovec *iov, int iovcnt,
 		    const int *fds, size_t num_fds)
 {
-	size_t fd_len, iov_len, needed, bufsize;
+	ssize_t fd_len;
+	size_t iov_len, needed, bufsize;
 
 	bufsize = (msgsize > offsetof(struct msghdr_buf, buf)) ?
 		msgsize - offsetof(struct msghdr_buf, buf) : 0;
 
 	fd_len = msghdr_prep_fds(&msg->msg, msg->buf, bufsize, fds, num_fds);
 
+	if (fd_len == -1) {
+		return -1;
+	}
+
 	if (bufsize >= fd_len) {
 		bufsize -= fd_len;
 	} else {
diff --git a/source3/libads/kerberos_keytab.c b/source3/libads/kerberos_keytab.c
index ae3d80e39..bbd981c 100644
--- a/source3/libads/kerberos_keytab.c
+++ b/source3/libads/kerberos_keytab.c
@@ -507,8 +507,8 @@ int ads_keytab_create_default(ADS_STRUCT *ads)
 	krb5_error_code ret = 0;
 	krb5_context context = NULL;
 	krb5_keytab keytab = NULL;
-	krb5_kt_cursor cursor;
-	krb5_keytab_entry kt_entry;
+	krb5_kt_cursor cursor = {0};
+	krb5_keytab_entry kt_entry = {0};
 	krb5_kvno kvno;
 	size_t found = 0;
 	char *sam_account_name, *upn;
diff --git a/source3/rpc_server/srv_pipe.c b/source3/rpc_server/srv_pipe.c
index fecbae2..b2b7271 100644
--- a/source3/rpc_server/srv_pipe.c
+++ b/source3/rpc_server/srv_pipe.c
@@ -574,7 +574,7 @@ static NTSTATUS pipe_auth_verify_final(struct pipes_struct *p)
 static bool api_pipe_bind_req(struct pipes_struct *p,
 				struct ncacn_packet *pkt)
 {
-	struct dcerpc_auth auth_info;
+	struct dcerpc_auth auth_info = {0};
 	uint16 assoc_gid;
 	unsigned int auth_type = DCERPC_AUTH_TYPE_NONE;
 	NTSTATUS status;
@@ -937,7 +937,7 @@ err:
 static bool api_pipe_alter_context(struct pipes_struct *p,
 					struct ncacn_packet *pkt)
 {
-	struct dcerpc_auth auth_info;
+	struct dcerpc_auth auth_info = {0};
 	uint16 assoc_gid;
 	NTSTATUS status;
 	union dcerpc_payload u;
diff --git a/source3/winbindd/idmap.c b/source3/winbindd/idmap.c
index 841f710..1e2feb9 100644
--- a/source3/winbindd/idmap.c
+++ b/source3/winbindd/idmap.c
@@ -172,7 +172,8 @@ static struct idmap_domain *idmap_init_domain(TALLOC_CTX *mem_ctx,
 	NTSTATUS status;
 	char *config_option = NULL;
 	const char *range;
-	unsigned low_id, high_id;
+	unsigned low_id = 0;
+	unsigned high_id = 0;
 
 	result = talloc_zero(mem_ctx, struct idmap_domain);
 	if (result == NULL) {
diff --git a/source4/rpc_server/backupkey/dcesrv_backupkey.c b/source4/rpc_server/backupkey/dcesrv_backupkey.c
index 9dfd7a9..04308bc 100644
--- a/source4/rpc_server/backupkey/dcesrv_backupkey.c
+++ b/source4/rpc_server/backupkey/dcesrv_backupkey.c
@@ -219,9 +219,12 @@ static NTSTATUS get_lsa_secret(TALLOC_CTX *mem_ctx,
 	if (ret != LDB_SUCCESS) {
 		talloc_free(tmp_mem);
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
-	} else if (res->count == 0) {
+	}
+	if (res->count == 0) {
+		talloc_free(tmp_mem);
 		return NT_STATUS_RESOURCE_NAME_NOT_FOUND;
-	} else if (res->count > 1) {
+	}
+	if (res->count > 1) {
 		DEBUG(2, ("Secret %s collision\n", name));
 		talloc_free(tmp_mem);
 		return NT_STATUS_INTERNAL_DB_CORRUPTION;
@@ -397,7 +400,7 @@ static WERROR get_and_verify_access_check(TALLOC_CTX *sub_ctx,
 
 	struct dom_sid *access_sid = NULL;
 	struct dom_sid *caller_sid = NULL;
-	
+
 	/* This one should not be freed */
 	const AlgorithmIdentifier *alg;
 
@@ -532,16 +535,16 @@ static WERROR get_and_verify_access_check(TALLOC_CTX *sub_ctx,
 		/* Never reached normally as we filtered at the switch / case level */
 		return WERR_INVALID_DATA;
 	}
-	
+
 	caller_sid = &session_info->security_token->sids[PRIMARY_USER_SID_INDEX];
-	
+
 	if (!dom_sid_equal(caller_sid, access_sid)) {
 		return WERR_INVALID_ACCESS;
 	}
 	return WERR_OK;
 }
 
-/* 
+/*
  * We have some data, such as saved website or IMAP passwords that the
  * client has in profile on-disk.  This needs to be decrypted.  This
  * version gives the server the data over the network (protected by
@@ -572,7 +575,7 @@ static WERROR bkrp_client_wrap_decrypt_data(struct dcesrv_call_state *dce_call,
 	DATA_BLOB *uncrypted_data = NULL;
 	NTSTATUS status;
 	uint32_t requested_version;
-	
+
 	blob.data = r->in.data_in;
 	blob.length = r->in.data_in_len;
 
@@ -580,7 +583,7 @@ static WERROR bkrp_client_wrap_decrypt_data(struct dcesrv_call_state *dce_call,
 		return WERR_INVALID_PARAM;
 	}
 
-	/* 
+	/*
 	 * We check for the version here, so we can actually print the
 	 * message as we are unlikely to parse it with NDR.
 	 */
@@ -590,7 +593,7 @@ static WERROR bkrp_client_wrap_decrypt_data(struct dcesrv_call_state *dce_call,
 		DEBUG(1, ("Request for unknown BackupKey sub-protocol %d\n", requested_version));
 		return WERR_INVALID_PARAMETER;
 	}
-	
+
 	ndr_err = ndr_pull_struct_blob(&blob, mem_ctx, &uncrypt_request,
 				       (ndr_pull_flags_fn_t)ndr_pull_bkrp_client_side_wrapped);
 	if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
@@ -729,7 +732,7 @@ static WERROR bkrp_client_wrap_decrypt_data(struct dcesrv_call_state *dce_call,
 				return WERR_INVALID_DATA;
 			}
 
-			/* 
+			/*
 			 * Confirm that the caller is permitted to
 			 * read this particular data.  Because one key
 			 * pair is used per domain, the caller could
@@ -737,7 +740,7 @@ static WERROR bkrp_client_wrap_decrypt_data(struct dcesrv_call_state *dce_call,
 			 * would otherwise be able to read the
 			 * passwords.
 			 */
-			
+
 			werr = get_and_verify_access_check(mem_ctx, 3,
 							   uncrypted_secretv3.payload_key,
 							   uncrypt_request.access_check,
@@ -816,13 +819,13 @@ static WERROR create_heimdal_rsa_key(TALLOC_CTX *ctx, hx509_context *hctx,
 		return WERR_INTERNAL_ERROR;
 	}
 
-	/* 
+	/*
 	 * Unlike Heimdal's RSA_generate_key_ex(), this generates a
 	 * 2048 bit key 100% of the time.  The heimdal code had a ~1/8
 	 * chance of doing so, chewing vast quantities of computation
 	 * and entropy in the process.
 	 */
-	
+
 	ret = gnutls_x509_privkey_generate(gtls_key, GNUTLS_PK_RSA, bits, 0);
 	if (ret != 0) {
 		werr = WERR_INTERNAL_ERROR;
@@ -844,7 +847,7 @@ static WERROR create_heimdal_rsa_key(TALLOC_CTX *ctx, hx509_context *hctx,
 	}
 	p = p0;
 
-	/* 
+	/*
 	 * Only this GnuTLS export function correctly exports the key,
 	 * we can't use gnutls_rsa_params_export_raw() because while
 	 * it appears to be fixed in more recent versions, in the
@@ -852,7 +855,7 @@ static WERROR create_heimdal_rsa_key(TALLOC_CTX *ctx, hx509_context *hctx,
 	 * exports one of the key parameters (qInv).  Additionally, we
 	 * would have to work around subtle differences in big number
 	 * representations.
-	 * 
+	 *
 	 * We need access to the RSA parameters directly (in the
 	 * parameter RSA **rsa) as the caller has to manually encode
 	 * them in a non-standard data structure.
@@ -1267,7 +1270,7 @@ static WERROR bkrp_retrieve_client_wrap_key(struct dcesrv_call_state *dce_call,
 		struct loadparm_context *lp_ctx = dce_call->conn->dce_ctx->lp_ctx;
 		char *dn = talloc_asprintf(mem_ctx, "CN=%s",
 					   lpcfg_realm(lp_ctx));
-		
+
 		WERROR werr =  generate_bkrp_cert(mem_ctx, dce_call, ldb_ctx, dn);
 		if (!W_ERROR_IS_OK(werr)) {
 			return WERR_INVALID_PARAMETER;
@@ -1276,7 +1279,7 @@ static WERROR bkrp_retrieve_client_wrap_key(struct dcesrv_call_state *dce_call,
 					ldb_ctx,
 					"BCKUPKEY_PREFERRED",
 					&lsa_secret);
-		
+
 		if (!NT_STATUS_IS_OK(status)) {
 			/* Ok we really don't manage to get this certs ...*/
 			DEBUG(2, ("Unable to locate BCKUPKEY_PREFERRED after cert generation\n"));
@@ -1345,7 +1348,7 @@ static WERROR generate_bkrp_server_wrap_key(TALLOC_CTX *ctx, struct ldb_context
 	NTSTATUS status;
 	char *secret_name;
 	TALLOC_CTX *frame = talloc_stackframe();
-	
+
 	generate_random_buffer(wrap_key.key, sizeof(wrap_key.key));
 
 	ndr_err = ndr_push_struct_blob(&blob_wrap_key, ctx, &wrap_key, (ndr_push_flags_fn_t)ndr_push_bkrp_dc_serverwrap_key);
@@ -1366,20 +1369,20 @@ static WERROR generate_bkrp_server_wrap_key(TALLOC_CTX *ctx, struct ldb_context
 		TALLOC_FREE(frame);
 		return WERR_INTERNAL_ERROR;
 	}
-	
+
 	status = GUID_to_ndr_blob(&guid, frame, &guid_blob);
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(2, ("Failed to save the secret %s\n", secret_name));
 		TALLOC_FREE(frame);
 	}
-	
+
 	status = set_lsa_secret(frame, ldb_ctx, "BCKUPKEY_P", &guid_blob);
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(2, ("Failed to save the secret %s\n", secret_name));
 		TALLOC_FREE(frame);
 		return WERR_INTERNAL_ERROR;
 	}
-	
+
 	TALLOC_FREE(frame);
 
 	return WERR_OK;
@@ -1395,7 +1398,7 @@ static WERROR bkrp_do_retrieve_server_wrap_key(TALLOC_CTX *mem_ctx, struct ldb_c
 					       struct GUID *guid)
 {
 	NTSTATUS status;
-	DATA_BLOB guid_binary, lsa_secret;
+	DATA_BLOB lsa_secret;
 	char *secret_name;
 	char *guid_string;
 	enum ndr_err_code ndr_err;
@@ -1412,12 +1415,13 @@ static WERROR bkrp_do_retrieve_server_wrap_key(TALLOC_CTX *mem_ctx, struct ldb_c
 	if (secret_name == NULL) {
 		return WERR_NOMEM;
 	}
-	
+
 	status = get_lsa_secret(mem_ctx, ldb_ctx, secret_name, &lsa_secret);
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(10, ("Error while fetching secret %s\n", secret_name));
 		return WERR_INVALID_DATA;
-	} else if (guid_binary.length == 0) {
+	}
+	if (lsa_secret.length == 0) {
 		/* RODC case, we do not have secrets locally */
 		DEBUG(1, ("Unable to fetch value for secret %s, are we an undetected RODC?\n",
 			  secret_name));
@@ -1501,7 +1505,7 @@ static WERROR bkrp_server_wrap_decrypt_data(struct dcesrv_call_state *dce_call,
 	if (decrypt_request.magic != BACKUPKEY_SERVER_WRAP_VERSION) {
 		return WERR_INVALID_PARAM;
 	}
-	
+
 	werr = bkrp_do_retrieve_server_wrap_key(mem_ctx, ldb_ctx, &server_key,
 						&decrypt_request.guid);
 	if (!W_ERROR_IS_OK(werr)) {
@@ -1509,12 +1513,12 @@ static WERROR bkrp_server_wrap_decrypt_data(struct dcesrv_call_state *dce_call,
 	}
 
 	dump_data_pw("server_key: \n", server_key.key, sizeof(server_key.key));
-	
+
 	dump_data_pw("r2: \n", decrypt_request.r2, sizeof(decrypt_request.r2));
-	
+
 	/*
 	 * This is *not* the leading 64 bytes, as indicated in MS-BKRP 3.1.4.1.1
-	 * BACKUPKEY_BACKUP_GUID, it really is the whole key 
+	 * BACKUPKEY_BACKUP_GUID, it really is the whole key
 	 */
 	HMAC(EVP_sha1(), server_key.key, sizeof(server_key.key),
 	     decrypt_request.r2, sizeof(decrypt_request.r2),
@@ -1524,10 +1528,10 @@ static WERROR bkrp_server_wrap_decrypt_data(struct dcesrv_call_state *dce_call,
 
 	/* rc4 decrypt sid and secret using sym key */
 	symkey_blob = data_blob_const(symkey, sizeof(symkey));
-	
+
 	encrypted_blob = data_blob_const(decrypt_request.rc4encryptedpayload,
 					 decrypt_request.ciphertext_length);
-	
+
 	arcfour_crypt_blob(encrypted_blob.data, encrypted_blob.length, &symkey_blob);
 
 	ndr_err = ndr_pull_struct_blob(&encrypted_blob, mem_ctx, &rc4payload,
@@ -1539,12 +1543,12 @@ static WERROR bkrp_server_wrap_decrypt_data(struct dcesrv_call_state *dce_call,
 	if (decrypt_request.payload_length != rc4payload.secret_data.length) {
 		return WERR_INVALID_PARAM;
 	}
-	
+
 	dump_data_pw("r3: \n", rc4payload.r3, sizeof(rc4payload.r3));
 
 	/*
 	 * This is *not* the leading 64 bytes, as indicated in MS-BKRP 3.1.4.1.1
-	 * BACKUPKEY_BACKUP_GUID, it really is the whole key 
+	 * BACKUPKEY_BACKUP_GUID, it really is the whole key
 	 */
 	HMAC(EVP_sha1(), server_key.key, sizeof(server_key.key),
 	     rc4payload.r3, sizeof(rc4payload.r3),
@@ -1569,7 +1573,7 @@ static WERROR bkrp_server_wrap_decrypt_data(struct dcesrv_call_state *dce_call,
 
 	dump_data_pw("mac: \n", mac, sizeof(mac));
 	dump_data_pw("rc4payload.mac: \n", rc4payload.mac, sizeof(rc4payload.mac));
-	
+
 	if (memcmp(mac, rc4payload.mac, sizeof(mac)) != 0) {
 		return WERR_INVALID_ACCESS;
 	}
@@ -1582,14 +1586,14 @@ static WERROR bkrp_server_wrap_decrypt_data(struct dcesrv_call_state *dce_call,
 
 	*(r->out.data_out) = rc4payload.secret_data.data;
 	*(r->out.data_out_len) = rc4payload.secret_data.length;
-	
+
 	return WERR_OK;
 }
 
-/* 
+/*
  * For BACKUPKEY_RESTORE_GUID we need to check the first 4 bytes to
  * determine what type of restore is wanted.
- * 
+ *
  * See MS-BKRP 3.1.4.1.4 BACKUPKEY_RESTORE_GUID point 1.
  */
 
@@ -1603,11 +1607,11 @@ static WERROR bkrp_generic_decrypt_data(struct dcesrv_call_state *dce_call, TALL
 	if (IVAL(r->in.data_in, 0) == BACKUPKEY_SERVER_WRAP_VERSION) {
 		return bkrp_server_wrap_decrypt_data(dce_call, mem_ctx, r, ldb_ctx);
 	}
-	
+
 	return bkrp_client_wrap_decrypt_data(dce_call, mem_ctx, r, ldb_ctx);
 }
-	
-/* 
+
+/*
  * We have some data, such as saved website or IMAP passwords that the
  * client would like to put into the profile on-disk.  This needs to
  * be encrypted.  This version gives the server the data over the
@@ -1616,7 +1620,7 @@ static WERROR bkrp_generic_decrypt_data(struct dcesrv_call_state *dce_call, TALL
  *
  * The data is NOT stored in the LSA, but a key to encrypt the data
  * will be stored.  There is only one active encryption key per domain,
- * it is pointed at with G$BCKUPKEY_P in the LSA secrets store.  
+ * it is pointed at with G$BCKUPKEY_P in the LSA secrets store.


-- 
Samba Shared Repository


More information about the samba-cvs mailing list