[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Thu Apr 28 22:13:05 UTC 2016
The branch, master has been updated
via f198abc Provide fallback code for non-portable clearenv(3)
via 90403de testsuit/manage-ca.sh: specify key size in CSRs
via b61658e winbindd/idmap_rfc2307: Fix CID 1273424 - Read from pointer after free
via 184e787 winbindd: check if dcinfo from genache is expired
from eee88e0 s3:selftest: add smbclient_ntlm tests
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit f198abcbb3f6e8b26c697d3ded2caa1076ae018b
Author: Jérémie Courrèges-Anglas <jca at wxcvbn.org>
Date: Wed Apr 27 18:01:51 2016 +0200
Provide fallback code for non-portable clearenv(3)
clearenv(3) is a GNU extension that was rejected twice by POSIX,
without an easy, portable alternative.
As the dovecot project notes,
"""
environ = NULL crashes on OSX - and OpenBSD < 6.0
*environ = NULL doesn't work on FreeBSD 7.0
environ = emptyenv doesn't work on Haiku OS
environ = calloc should work everywhere
"""
(source: http://hg.dovecot.org/dovecot-2.0/file/48f90e7e92dc/src/lib/env-util.c)
Bug: https://bugzilla.samba.org/show_bug.cgi?id=11864
Signed-off-by: Jérémie Courrèges-Anglas <jca at wxcvbn.org>
Reviewed-by: Volker Lendecke <vl at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Fri Apr 29 00:12:02 CEST 2016 on sn-devel-144
commit 90403de7acdfec2aa3c752f6add27bc6f0e9ac30
Author: Björn Jacke <bj at sernet.de>
Date: Wed Apr 27 16:57:36 2016 +0200
testsuit/manage-ca.sh: specify key size in CSRs
specifying the key size is required by some openssl versions
Signed-off-by: Bjoern Jacke <bj at sernet.de>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit b61658e721c922089bde4543ec8c445de6eb903c
Author: Robin Hack <hack.robin at gmail.com>
Date: Wed Apr 27 15:10:45 2016 +0200
winbindd/idmap_rfc2307: Fix CID 1273424 - Read from pointer after free
idmap_rfc2307_ads_search() calls ads_do_search_retry_internal() which
can deallocate ads param based on ads->is_mine boolean.
This approach is fragile so caller must properly check
return code before any pointer dereference.
Signed-off-by: Robin Hack <hack.robin at gmail.com>
Reviewed-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Christof Schmitt <cs at samba.org>
commit 184e7873cb4038e3e90028cb60443f5b2602a7ed
Author: Ralph Boehme <slow at samba.org>
Date: Tue Apr 26 08:43:26 2016 +0200
winbindd: check if dcinfo from genache is expired
The gencache parse function dcinfo_parser() used by
wb_dsgetdcname_gencache_get() misses a check for expired gencache
entries.
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
-----------------------------------------------------------------------
Summary of changes:
selftest/manage-ca/manage-ca.sh | 4 ++--
source3/client/smbspool_krb5_wrapper.c | 6 ++++++
source3/winbindd/idmap_rfc2307.c | 5 +++++
source3/winbindd/wb_dsgetdcname.c | 4 ++++
source3/wscript | 2 +-
5 files changed, 18 insertions(+), 3 deletions(-)
Changeset truncated at 500 lines:
diff --git a/selftest/manage-ca/manage-ca.sh b/selftest/manage-ca/manage-ca.sh
index ab796b7..8e09a93 100755
--- a/selftest/manage-ca/manage-ca.sh
+++ b/selftest/manage-ca/manage-ca.sh
@@ -234,7 +234,7 @@ create_dc)
"${OPENSSLCNF}" \
${DEFAULT_VARS} DC_DNS_NAME DC_OBJECTGUID_HEX
- openssl req -new -newkey rsa -keyout "${DCKEY_PEM}" -out "${DCREQ_PEM}" -config "${OPENSSLCNF}"
+ openssl req -new -newkey rsa:${DC_BITS} -keyout "${DCKEY_PEM}" -out "${DCREQ_PEM}" -config "${OPENSSLCNF}"
openssl rsa -in "${DCKEY_PEM}" -inform PEM -out "${DCKEY_PRIVATE_PEM}" -outform PEM
openssl ca -config "${OPENSSLCNF}" -in "${DCREQ_PEM}" -out "${DCCERT_PEM}"
ln -s "${DCKEY_PRIVATE_PEM_BASE}" "${DCKEY_PRIVATE_PEM_LINK}"
@@ -326,7 +326,7 @@ create_user)
"${OPENSSLCNF}" \
${DEFAULT_VARS} USER_PRINCIPAL_NAME
- openssl req -new -newkey rsa -keyout "${USERKEY_PEM}" -out "${USERREQ_PEM}" -config "${OPENSSLCNF}"
+ openssl req -new -newkey rsa:${USER_BITS} -keyout "${USERKEY_PEM}" -out "${USERREQ_PEM}" -config "${OPENSSLCNF}"
openssl rsa -in "${USERKEY_PEM}" -inform PEM -out "${USERKEY_PRIVATE_PEM}" -outform PEM
openssl ca -config "${OPENSSLCNF}" -in "${USERREQ_PEM}" -out "${USERCERT_PEM}"
ln -s "${USERKEY_PRIVATE_PEM_BASE}" "${USERKEY_PRIVATE_PEM_LINK}"
diff --git a/source3/client/smbspool_krb5_wrapper.c b/source3/client/smbspool_krb5_wrapper.c
index e19fd92..89db5e0 100644
--- a/source3/client/smbspool_krb5_wrapper.c
+++ b/source3/client/smbspool_krb5_wrapper.c
@@ -24,6 +24,7 @@
#include "system/passwd.h"
#include <errno.h>
+#include <stdlib.h>
#include <string.h>
#include <cups/backend.h>
@@ -195,7 +196,12 @@ int main(int argc, char *argv[])
* Make sure we do not have LD_PRELOAD or other security relevant
* environment variables set.
*/
+#ifdef HAVE_CLEARENV
clearenv();
+#else
+ extern char **environ;
+ environ = calloc(1, sizeof(*environ));
+#endif
CUPS_SMB_DEBUG("Setting KRB5CCNAME to '%s'", gen_cc);
setenv("KRB5CCNAME", gen_cc, 1);
diff --git a/source3/winbindd/idmap_rfc2307.c b/source3/winbindd/idmap_rfc2307.c
index 3ef10f6..1b5aad9 100644
--- a/source3/winbindd/idmap_rfc2307.c
+++ b/source3/winbindd/idmap_rfc2307.c
@@ -99,6 +99,11 @@ static NTSTATUS idmap_rfc2307_ads_search(struct idmap_rfc2307_context *ctx,
status = ads_do_search_retry(ctx->ads, bind_path,
LDAP_SCOPE_SUBTREE, expr, attrs, result);
+
+ if (!ADS_ERR_OK(status)) {
+ return ads_ntstatus(status);
+ }
+
ctx->ldap = ctx->ads->ldap.ld;
return ads_ntstatus(status);
}
diff --git a/source3/winbindd/wb_dsgetdcname.c b/source3/winbindd/wb_dsgetdcname.c
index 5aea7de..125e98a 100644
--- a/source3/winbindd/wb_dsgetdcname.c
+++ b/source3/winbindd/wb_dsgetdcname.c
@@ -176,6 +176,10 @@ static void dcinfo_parser(time_t timeout, DATA_BLOB blob, void *private_data)
struct dcinfo_parser_state *state = private_data;
enum ndr_err_code ndr_err;
+ if (timeout <= time(NULL)) {
+ return;
+ }
+
state->dcinfo = talloc(state->mem_ctx, struct netr_DsRGetDCNameInfo);
if (state->dcinfo == NULL) {
state->status = NT_STATUS_NO_MEMORY;
diff --git a/source3/wscript b/source3/wscript
index 3118e28..3b6f8a4 100644
--- a/source3/wscript
+++ b/source3/wscript
@@ -110,7 +110,7 @@ def configure(conf):
conf.CHECK_FUNCS('getpwnam', headers='sys/types.h pwd.h')
conf.CHECK_FUNCS('fdopendir')
conf.CHECK_FUNCS('fstatat')
- conf.CHECK_FUNCS('getpwent_r setenv strcasecmp fcvt fcvtl')
+ conf.CHECK_FUNCS('getpwent_r setenv clearenv strcasecmp fcvt fcvtl')
conf.CHECK_FUNCS('syslog vsyslog timegm setlocale')
conf.CHECK_FUNCS_IN('nanosleep', 'rt')
conf.CHECK_FUNCS('lutimes futimes utimensat futimens')
--
Samba Shared Repository
More information about the samba-cvs
mailing list