[SCM] Samba Shared Repository - branch master updated
Jeremy Allison
jra at samba.org
Thu May 18 01:02:03 UTC 2017
The branch, master has been updated
via b691f6d s3: smbd: Fix open_files.idl to correctly ignore share_mode_lease *lease in share_mode_entry.
via 6f8f999 selftest: enable alternate streams for fs_specific share
via 9d30d47 s4/torture: vfs_fruit: test copy-chunk on streams
via b8a5152 s4/torture: vfs_fruit: add src and dst path args to test_setup_copy_chunk
via 6211eb1 s4/torture: smb2.ioctl: add copy-chunk test with stream to smb2.ioctl
via f9a61d7 s4/torture: smb2.ioctl: add src and dst path args to test_setup_copy_chunk
via 60747c1 lib/torture: add two more ndr assert macros
via 67b9d3c vfs_fruit: add pread_send/recv and pwrite_send/recv
via 22ea0c0 vfs_streams_xattr: add pread_send/recv and pwrite_send/recv
via ebc0497 lib: Update pam_wrapper to 1.0.4
via 2dbaade libads: abstract out SASL wrapping code
from 6fbff71 SMB_INFO_ALLOCATION: return with UINT32_MAX rather than cutting at 4 bytes
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit b691f6d32f79ef8427f567612243dd51ea8d5584
Author: Jeremy Allison <jra at samba.org>
Date: Tue May 16 16:12:19 2017 -0700
s3: smbd: Fix open_files.idl to correctly ignore share_mode_lease *lease in share_mode_entry.
This is currently marked 'skip', which means it isn't stored in the
db, but printed out in ndr dump. However, this pointer can be invalid
if the lease_idx is set to 0xFFFFFFFF (invalid).
This is fixed up inside parse_share_modes(), but not until after
ndr_pull_share_mode_data() is called. If lease_idx == 0xFFFFFFFF
then ndr_print_share_mode_lease() prints an invalid value and
crashes.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=12793
Signed-off-by: Jeremy Allison <jra at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Autobuild-User(master): Jeremy Allison <jra at samba.org>
Autobuild-Date(master): Thu May 18 03:01:40 CEST 2017 on sn-devel-144
commit 6f8f99917f896e7d631b80fedd09863acc85b1c5
Author: David Disseldorp <ddiss at samba.org>
Date: Wed May 17 12:54:15 2017 +0200
selftest: enable alternate streams for fs_specific share
This ensures that the new "smb2.ioctl.copy-chunk streams" test passes
when run under selftest atop Btrfs.
Signed-off-by: David Disseldorp <ddiss at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 9d30d47b1ec33c815d204198952bf597cd602b49
Author: Ralph Boehme <slow at samba.org>
Date: Fri May 12 17:10:07 2017 +0200
s4/torture: vfs_fruit: test copy-chunk on streams
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12787
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
commit b8a5152885e00b92406126dac5aecaa85908e4aa
Author: Ralph Boehme <slow at samba.org>
Date: Fri May 12 14:56:53 2017 +0200
s4/torture: vfs_fruit: add src and dst path args to test_setup_copy_chunk
Just let the caller pass in the paths, no change in behaviour. A new
test in a subsequent commit will use it to pass paths to streams.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12787
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
commit 6211eb14629bc53b5659d0f15d82d845b12280af
Author: Ralph Boehme <slow at samba.org>
Date: Tue May 16 13:14:16 2017 +0200
s4/torture: smb2.ioctl: add copy-chunk test with stream to smb2.ioctl
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12787
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
commit f9a61d790f166883c7f42494c3a060ba5b13d5e6
Author: Ralph Boehme <slow at samba.org>
Date: Tue May 16 13:13:08 2017 +0200
s4/torture: smb2.ioctl: add src and dst path args to test_setup_copy_chunk
Just let the caller pass in the paths, no change in behaviour. A new
test in a subsequent commit will use it to pass paths to streams.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12787
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
commit 60747c1be4d42c29fb81ab413b0bdabdaa22012a
Author: Ralph Boehme <slow at samba.org>
Date: Fri May 12 17:09:08 2017 +0200
lib/torture: add two more ndr assert macros
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12787
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
commit 67b9d3c0860fbb955969570a97495e555bd24779
Author: Ralph Boehme <slow at samba.org>
Date: Fri May 12 14:40:03 2017 +0200
vfs_fruit: add pread_send/recv and pwrite_send/recv
This is needed to support copy-chunk of streams. vfs_default issues
calls to async pread and pwrite (send/recv versions) since
commit60e45a2d25401eaf9a15a86d19114670ccfde259.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12787
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
commit 22ea0c04f4045f77bda10d317b5f891cdcce801d
Author: Ralph Boehme <slow at samba.org>
Date: Fri May 12 07:58:01 2017 +0200
vfs_streams_xattr: add pread_send/recv and pwrite_send/recv
This is needed to support copy-chunk of streams. vfs_default issues
calls to async pread and pwrite (send/recv versions) since commit
60e45a2d25401eaf9a15a86d19114670ccfde259.
Bug: https://bugzilla.samba.org/show_bug.cgi?id=12787
Signed-off-by: Ralph Boehme <slow at samba.org>
Reviewed-by: David Disseldorp <ddiss at samba.org>
commit ebc049777a417aa569cb0548ca78189838b60338
Author: Andreas Schneider <asn at samba.org>
Date: Mon May 15 17:25:27 2017 +0200
lib: Update pam_wrapper to 1.0.4
* Fix build on OpenBSD
* Fix a resource leak
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
commit 2dbaade13a3b5917e05a60b274827cdf38fd3ced
Author: Alexander Bokovoy <ab at samba.org>
Date: Fri May 5 15:37:20 2017 +0300
libads: abstract out SASL wrapping code
Prepare for rebasing libads on top of libsmbldap.
To make libads using 'struct smbldap_state' instead of direct LDAP
structure, we need to abstract out libads logic from connection
handling. SASL wrapping does not really depend on availability of LDAP
handle and does not need direct access to ADS_STRUCT. As result, we'll
be able to move SASL wrapping code under smbldap once the latter is able
to pass settings that libads passes to the SASL wrapping.
Signed-off-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Jeremy Allison <jra at samba.org>
-----------------------------------------------------------------------
Summary of changes:
lib/pam_wrapper/pam_wrapper.c | 5 +-
lib/pam_wrapper/wscript | 2 +-
lib/torture/torture.h | 12 ++
selftest/knownfail | 1 +
selftest/target/Samba3.pm | 2 +-
source3/include/ads.h | 68 ++++++-----
source3/libads/ads_proto.h | 8 +-
source3/libads/ldap.c | 17 +--
source3/libads/ndr.c | 26 +---
source3/libads/sasl.c | 126 ++++++++++---------
source3/libads/sasl_wrapping.c | 210 +++++++++++++++++++-------------
source3/librpc/idl/open_files.idl | 2 +-
source3/locking/share_mode_lock.c | 4 +-
source3/modules/vfs_fruit.c | 182 ++++++++++++++++++++++++++++
source3/modules/vfs_streams_xattr.c | 165 +++++++++++++++++++++++++
source4/torture/smb2/ioctl.c | 212 ++++++++++++++++++++++++++++++--
source4/torture/vfs/fruit.c | 235 +++++++++++++++++++++++++++++++++++-
17 files changed, 1045 insertions(+), 232 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/pam_wrapper/pam_wrapper.c b/lib/pam_wrapper/pam_wrapper.c
index d1ae075..4be8146 100644
--- a/lib/pam_wrapper/pam_wrapper.c
+++ b/lib/pam_wrapper/pam_wrapper.c
@@ -513,12 +513,14 @@ static void libpam_pam_vsyslog(const pam_handle_t *pamh,
const char *fmt,
va_list args)
{
+#ifdef HAVE_PAM_VSYSLOG
pwrap_bind_symbol_libpam(pam_vsyslog);
pwrap.libpam.symbols._libpam_pam_vsyslog.f(pamh,
priority,
fmt,
args);
+#endif
}
/*********************************************************
@@ -551,7 +553,8 @@ static int p_copy(const char *src, const char *dst, const char *pdir, mode_t mod
if (mode == 0) {
rc = fstat(srcfd, &sb);
if (rc != 0) {
- return -1;
+ rc = -1;
+ goto out;
}
mode = sb.st_mode;
}
diff --git a/lib/pam_wrapper/wscript b/lib/pam_wrapper/wscript
index aacd1d7..cfd8b4f 100644
--- a/lib/pam_wrapper/wscript
+++ b/lib/pam_wrapper/wscript
@@ -2,7 +2,7 @@
import os
-VERSION="1.0.3"
+VERSION="1.0.4"
def find_library(library_names, lookup_paths):
for directory in lookup_paths:
diff --git a/lib/torture/torture.h b/lib/torture/torture.h
index 668458a..6b373a9 100644
--- a/lib/torture/torture.h
+++ b/lib/torture/torture.h
@@ -293,6 +293,15 @@ void torture_result(struct torture_context *test,
}\
} while(0)
+#define torture_assert_ndr_err_equal_goto(torture_ctx,got,expected,ret,label,cmt) \
+ do { enum ndr_err_code __got = got, __expected = expected; \
+ if (__got != __expected) { \
+ torture_result(torture_ctx, TORTURE_FAIL, __location__": "#got" was %d (%s), expected %d (%s): %s", __got, ndr_errstr(__got), __expected, __STRING(expected), cmt); \
+ ret = false; \
+ goto label; \
+ }\
+ } while(0)
+
#define torture_assert_hresult_equal(torture_ctx, got, expected, cmt) \
do { HRESULT __got = got, __expected = expected; \
if (!HRES_IS_EQUAL(__got, __expected)) { \
@@ -647,6 +656,9 @@ static inline void torture_dump_data_str_cb(const char *buf, void *private_data)
#define torture_assert_ndr_success(torture_ctx,expr,cmt) \
torture_assert_ndr_err_equal(torture_ctx,expr,NDR_ERR_SUCCESS,cmt)
+#define torture_assert_ndr_success_goto(torture_ctx,expr,ret,label,cmt) \
+ torture_assert_ndr_err_equal_goto(torture_ctx,expr,NDR_ERR_SUCCESS,ret,label,cmt)
+
#define torture_assert_hresult_ok(torture_ctx,expr,cmt) \
torture_assert_hresult_equal(torture_ctx,expr,HRES_ERROR(0), cmt)
diff --git a/selftest/knownfail b/selftest/knownfail
index 2cc9c70..b16ff52 100644
--- a/selftest/knownfail
+++ b/selftest/knownfail
@@ -157,6 +157,7 @@
^samba3.smb2.durable-v2-open.reopen1a-lease\(ad_dc\)$
^samba4.smb2.ioctl.req_resume_key\(ad_dc_ntvfs\) # not supported by s4 ntvfs server
^samba4.smb2.ioctl.copy_chunk_\w*\(ad_dc_ntvfs\) # not supported by s4 ntvfs server
+^samba4.smb2.ioctl.copy-chunk streams\(ad_dc_ntvfs\) # not supported by s4 ntvfs server
^samba3.smb2.dir.one
^samba3.smb2.dir.modify
^samba3.smb2.oplock.batch20
diff --git a/selftest/target/Samba3.pm b/selftest/target/Samba3.pm
index 6d57584..0914aff 100755
--- a/selftest/target/Samba3.pm
+++ b/selftest/target/Samba3.pm
@@ -38,7 +38,7 @@ sub get_fs_specific_conf($$)
my $stat_out = `stat --file-system $path` or return "";
if ($stat_out =~ m/Type:\s+btrfs/) {
- $mods .= "btrfs ";
+ $mods .= "streams_xattr btrfs";
}
if ($mods) {
diff --git a/source3/include/ads.h b/source3/include/ads.h
index cacb25c..2b25c1c 100644
--- a/source3/include/ads.h
+++ b/source3/include/ads.h
@@ -9,13 +9,13 @@
#include "libads/ads_status.h"
#include "smb_ldap.h"
-struct ads_struct;
+struct ads_saslwrap;
struct ads_saslwrap_ops {
const char *name;
- ADS_STATUS (*wrap)(struct ads_struct *, uint8_t *buf, uint32_t len);
- ADS_STATUS (*unwrap)(struct ads_struct *);
- void (*disconnect)(struct ads_struct *);
+ ADS_STATUS (*wrap)(struct ads_saslwrap *, uint8_t *buf, uint32_t len);
+ ADS_STATUS (*unwrap)(struct ads_saslwrap *);
+ void (*disconnect)(struct ads_saslwrap *);
};
enum ads_saslwrap_type {
@@ -24,6 +24,37 @@ enum ads_saslwrap_type {
ADS_SASLWRAP_TYPE_SEAL = 4
};
+struct ads_saslwrap {
+ /* expected SASL wrapping type */
+ enum ads_saslwrap_type wrap_type;
+ /* SASL wrapping operations */
+ const struct ads_saslwrap_ops *wrap_ops;
+#ifdef HAVE_LDAP_SASL_WRAPPING
+ Sockbuf_IO_Desc *sbiod; /* lowlevel state for LDAP wrapping */
+#endif /* HAVE_LDAP_SASL_WRAPPING */
+ TALLOC_CTX *mem_ctx;
+ void *wrap_private_data;
+ struct {
+ uint32_t ofs;
+ uint32_t needed;
+ uint32_t left;
+#define ADS_SASL_WRAPPING_IN_MAX_WRAPPED 0x0FFFFFFF
+ uint32_t max_wrapped;
+ uint32_t min_wrapped;
+ uint32_t size;
+ uint8_t *buf;
+ } in;
+ struct {
+ uint32_t ofs;
+ uint32_t left;
+#define ADS_SASL_WRAPPING_OUT_MAX_WRAPPED 0x00A00000
+ uint32_t max_unwrapped;
+ uint32_t sig_size;
+ uint32_t size;
+ uint8_t *buf;
+ } out;
+};
+
typedef struct ads_struct {
int is_mine; /* do I own this structure's memory? */
@@ -65,39 +96,12 @@ typedef struct ads_struct {
/* info about the current LDAP connection */
#ifdef HAVE_LDAP
+ struct ads_saslwrap ldap_wrap_data;
struct {
LDAP *ld;
struct sockaddr_storage ss; /* the ip of the active connection, if any */
time_t last_attempt; /* last attempt to reconnect, monotonic clock */
int port;
-
- enum ads_saslwrap_type wrap_type;
-
-#ifdef HAVE_LDAP_SASL_WRAPPING
- Sockbuf_IO_Desc *sbiod; /* lowlevel state for LDAP wrapping */
-#endif /* HAVE_LDAP_SASL_WRAPPING */
- TALLOC_CTX *mem_ctx;
- const struct ads_saslwrap_ops *wrap_ops;
- void *wrap_private_data;
- struct {
- uint32_t ofs;
- uint32_t needed;
- uint32_t left;
-#define ADS_SASL_WRAPPING_IN_MAX_WRAPPED 0x0FFFFFFF
- uint32_t max_wrapped;
- uint32_t min_wrapped;
- uint32_t size;
- uint8_t *buf;
- } in;
- struct {
- uint32_t ofs;
- uint32_t left;
-#define ADS_SASL_WRAPPING_OUT_MAX_WRAPPED 0x00A00000
- uint32_t max_unwrapped;
- uint32_t sig_size;
- uint32_t size;
- uint8_t *buf;
- } out;
} ldap;
#endif /* HAVE_LDAP */
} ADS_STRUCT;
diff --git a/source3/libads/ads_proto.h b/source3/libads/ads_proto.h
index 425c352..b6d9d9b 100644
--- a/source3/libads/ads_proto.h
+++ b/source3/libads/ads_proto.h
@@ -182,12 +182,12 @@ ADS_STATUS ads_sasl_bind(ADS_STRUCT *ads);
/* The following definitions come from libads/sasl_wrapping.c */
-ADS_STATUS ads_setup_sasl_wrapping(ADS_STRUCT *ads,
- const struct ads_saslwrap_ops *ops,
- void *private_data);
-ADS_STATUS ads_setup_sasl_wrapping(ADS_STRUCT *ads,
+ADS_STATUS ads_setup_sasl_wrapping(struct ads_saslwrap *wrap, LDAP *ld,
const struct ads_saslwrap_ops *ops,
void *private_data);
+void ndr_print_ads_saslwrap_struct(struct ndr_print *ndr,
+ const char *name,
+ const struct ads_saslwrap *r);
/* The following definitions come from libads/util.c */
diff --git a/source3/libads/ldap.c b/source3/libads/ldap.c
index c70cdeb..fdb729e 100644
--- a/source3/libads/ldap.c
+++ b/source3/libads/ldap.c
@@ -566,8 +566,9 @@ ADS_STATUS ads_connect(ADS_STRUCT *ads)
char addr[INET6_ADDRSTRLEN];
ZERO_STRUCT(ads->ldap);
+ ZERO_STRUCT(ads->ldap_wrap_data);
ads->ldap.last_attempt = time_mono(NULL);
- ads->ldap.wrap_type = ADS_SASLWRAP_TYPE_PLAIN;
+ ads->ldap_wrap_data.wrap_type = ADS_SASLWRAP_TYPE_PLAIN;
/* try with a user specified server */
@@ -643,8 +644,8 @@ got_connection:
goto out;
}
- ads->ldap.mem_ctx = talloc_init("ads LDAP connection memory");
- if (!ads->ldap.mem_ctx) {
+ ads->ldap_wrap_data.mem_ctx = talloc_init("ads LDAP connection memory");
+ if (!ads->ldap_wrap_data.mem_ctx) {
status = ADS_ERROR_NT(NT_STATUS_NO_MEMORY);
goto out;
}
@@ -730,13 +731,15 @@ void ads_disconnect(ADS_STRUCT *ads)
ldap_unbind(ads->ldap.ld);
ads->ldap.ld = NULL;
}
- if (ads->ldap.wrap_ops && ads->ldap.wrap_ops->disconnect) {
- ads->ldap.wrap_ops->disconnect(ads);
+ if (ads->ldap_wrap_data.wrap_ops &&
+ ads->ldap_wrap_data.wrap_ops->disconnect) {
+ ads->ldap_wrap_data.wrap_ops->disconnect(&ads->ldap_wrap_data);
}
- if (ads->ldap.mem_ctx) {
- talloc_free(ads->ldap.mem_ctx);
+ if (ads->ldap_wrap_data.mem_ctx) {
+ talloc_free(ads->ldap_wrap_data.mem_ctx);
}
ZERO_STRUCT(ads->ldap);
+ ZERO_STRUCT(ads->ldap_wrap_data);
}
/*
diff --git a/source3/libads/ndr.c b/source3/libads/ndr.c
index 6cecbb0..1b586c3 100644
--- a/source3/libads/ndr.c
+++ b/source3/libads/ndr.c
@@ -87,31 +87,7 @@ void ndr_print_ads_struct(struct ndr_print *ndr, const char *name, const struct
ndr_print_sockaddr_storage(ndr, "ss", &r->ldap.ss);
ndr_print_time_t(ndr, "last_attempt", r->ldap.last_attempt);
ndr_print_uint32(ndr, "port", r->ldap.port);
- ndr_print_uint16(ndr, "wrap_type", r->ldap.wrap_type);
-#ifdef HAVE_LDAP_SASL_WRAPPING
- ndr_print_ptr(ndr, "sbiod", r->ldap.sbiod);
-#endif /* HAVE_LDAP_SASL_WRAPPING */
- ndr_print_ptr(ndr, "mem_ctx", r->ldap.mem_ctx);
- ndr_print_ptr(ndr, "wrap_ops", r->ldap.wrap_ops);
- ndr_print_ptr(ndr, "wrap_private_data", r->ldap.wrap_private_data);
- ndr_print_struct(ndr, name, "in");
- ndr->depth++;
- ndr_print_uint32(ndr, "ofs", r->ldap.in.ofs);
- ndr_print_uint32(ndr, "needed", r->ldap.in.needed);
- ndr_print_uint32(ndr, "left", r->ldap.in.left);
- ndr_print_uint32(ndr, "max_wrapped", r->ldap.in.max_wrapped);
- ndr_print_uint32(ndr, "min_wrapped", r->ldap.in.min_wrapped);
- ndr_print_uint32(ndr, "size", r->ldap.in.size);
- ndr_print_array_uint8(ndr, "buf", r->ldap.in.buf, r->ldap.in.size);
- ndr->depth--;
- ndr_print_struct(ndr, name, "out");
- ndr->depth++;
- ndr_print_uint32(ndr, "ofs", r->ldap.out.ofs);
- ndr_print_uint32(ndr, "left", r->ldap.out.left);
- ndr_print_uint32(ndr, "max_unwrapped", r->ldap.out.max_unwrapped);
- ndr_print_uint32(ndr, "sig_size", r->ldap.out.sig_size);
- ndr_print_uint32(ndr, "size", r->ldap.out.size);
- ndr_print_array_uint8(ndr, "buf", r->ldap.out.buf, r->ldap.out.size);
+ ndr_print_ads_saslwrap_struct(ndr, "saslwrap", &(r->ldap_wrap_data));
ndr->depth--;
ndr->depth--;
#endif /* HAVE_LDAP */
diff --git a/source3/libads/sasl.c b/source3/libads/sasl.c
index ab79f70..7f7b790 100644
--- a/source3/libads/sasl.c
+++ b/source3/libads/sasl.c
@@ -30,10 +30,11 @@
#ifdef HAVE_LDAP
-static ADS_STATUS ads_sasl_gensec_wrap(ADS_STRUCT *ads, uint8_t *buf, uint32_t len)
+static ADS_STATUS ads_sasl_gensec_wrap(struct ads_saslwrap *wrap,
+ uint8_t *buf, uint32_t len)
{
struct gensec_security *gensec_security =
- talloc_get_type_abort(ads->ldap.wrap_private_data,
+ talloc_get_type_abort(wrap->wrap_private_data,
struct gensec_security);
NTSTATUS nt_status;
DATA_BLOB unwrapped, wrapped;
@@ -47,32 +48,32 @@ static ADS_STATUS ads_sasl_gensec_wrap(ADS_STRUCT *ads, uint8_t *buf, uint32_t l
return ADS_ERROR_NT(nt_status);
}
- if ((ads->ldap.out.size - 4) < wrapped.length) {
+ if ((wrap->out.size - 4) < wrapped.length) {
TALLOC_FREE(frame);
return ADS_ERROR_NT(NT_STATUS_INTERNAL_ERROR);
}
/* copy the wrapped blob to the right location */
- memcpy(ads->ldap.out.buf + 4, wrapped.data, wrapped.length);
+ memcpy(wrap->out.buf + 4, wrapped.data, wrapped.length);
/* set how many bytes must be written to the underlying socket */
- ads->ldap.out.left = 4 + wrapped.length;
+ wrap->out.left = 4 + wrapped.length;
TALLOC_FREE(frame);
return ADS_SUCCESS;
}
-static ADS_STATUS ads_sasl_gensec_unwrap(ADS_STRUCT *ads)
+static ADS_STATUS ads_sasl_gensec_unwrap(struct ads_saslwrap *wrap)
{
struct gensec_security *gensec_security =
- talloc_get_type_abort(ads->ldap.wrap_private_data,
+ talloc_get_type_abort(wrap->wrap_private_data,
struct gensec_security);
NTSTATUS nt_status;
DATA_BLOB unwrapped, wrapped;
TALLOC_CTX *frame = talloc_stackframe();
- wrapped = data_blob_const(ads->ldap.in.buf + 4, ads->ldap.in.ofs - 4);
+ wrapped = data_blob_const(wrap->in.buf + 4, wrap->in.ofs - 4);
nt_status = gensec_unwrap(gensec_security, frame, &wrapped, &unwrapped);
if (!NT_STATUS_IS_OK(nt_status)) {
@@ -86,27 +87,27 @@ static ADS_STATUS ads_sasl_gensec_unwrap(ADS_STRUCT *ads)
}
/* copy the wrapped blob to the right location */
- memcpy(ads->ldap.in.buf + 4, unwrapped.data, unwrapped.length);
+ memcpy(wrap->in.buf + 4, unwrapped.data, unwrapped.length);
/* set how many bytes must be written to the underlying socket */
- ads->ldap.in.left = unwrapped.length;
- ads->ldap.in.ofs = 4;
+ wrap->in.left = unwrapped.length;
+ wrap->in.ofs = 4;
TALLOC_FREE(frame);
return ADS_SUCCESS;
}
-static void ads_sasl_gensec_disconnect(ADS_STRUCT *ads)
+static void ads_sasl_gensec_disconnect(struct ads_saslwrap *wrap)
{
struct gensec_security *gensec_security =
- talloc_get_type_abort(ads->ldap.wrap_private_data,
+ talloc_get_type_abort(wrap->wrap_private_data,
struct gensec_security);
TALLOC_FREE(gensec_security);
- ads->ldap.wrap_ops = NULL;
- ads->ldap.wrap_private_data = NULL;
+ wrap->wrap_ops = NULL;
+ wrap->wrap_private_data = NULL;
}
static const struct ads_saslwrap_ops ads_sasl_gensec_ops = {
@@ -136,6 +137,7 @@ static ADS_STATUS ads_sasl_spnego_gensec_bind(ADS_STRUCT *ads,
bool use_spnego_principal = lp_client_use_spnego_principal();
const char *sasl_list[] = { sasl, NULL };
NTTIME end_nt_time;
+ struct ads_saslwrap *wrap = &ads->ldap_wrap_data;
nt_status = auth_generic_client_prepare(NULL, &auth_generic_state);
if (!NT_STATUS_IS_OK(nt_status)) {
@@ -185,7 +187,7 @@ static ADS_STATUS ads_sasl_spnego_gensec_bind(ADS_STRUCT *ads,
use_spnego_principal = false;
}
- switch (ads->ldap.wrap_type) {
+ switch (wrap->wrap_type) {
case ADS_SASLWRAP_TYPE_SEAL:
gensec_want_feature(auth_generic_state->gensec_security, GENSEC_FEATURE_SIGN);
gensec_want_feature(auth_generic_state->gensec_security, GENSEC_FEATURE_SEAL);
@@ -278,7 +280,7 @@ static ADS_STATUS ads_sasl_spnego_gensec_bind(ADS_STRUCT *ads,
data_blob_free(&blob_in);
data_blob_free(&blob_out);
- if (ads->ldap.wrap_type >= ADS_SASLWRAP_TYPE_SEAL) {
+ if (wrap->wrap_type >= ADS_SASLWRAP_TYPE_SEAL) {
bool ok;
ok = gensec_have_feature(auth_generic_state->gensec_security,
@@ -297,7 +299,7 @@ static ADS_STATUS ads_sasl_spnego_gensec_bind(ADS_STRUCT *ads,
return ADS_ERROR_NT(NT_STATUS_INVALID_NETWORK_RESPONSE);
}
- } else if (ads->ldap.wrap_type >= ADS_SASLWRAP_TYPE_SIGN) {
+ } else if (wrap->wrap_type >= ADS_SASLWRAP_TYPE_SIGN) {
bool ok;
ok = gensec_have_feature(auth_generic_state->gensec_security,
@@ -317,20 +319,24 @@ static ADS_STATUS ads_sasl_spnego_gensec_bind(ADS_STRUCT *ads,
ads->auth.tgs_expire = tv.tv_sec;
}
- if (ads->ldap.wrap_type > ADS_SASLWRAP_TYPE_PLAIN) {
- size_t max_wrapped = gensec_max_wrapped_size(auth_generic_state->gensec_security);
- ads->ldap.out.max_unwrapped = gensec_max_input_size(auth_generic_state->gensec_security);
+ if (wrap->wrap_type > ADS_SASLWRAP_TYPE_PLAIN) {
+ size_t max_wrapped =
+ gensec_max_wrapped_size(auth_generic_state->gensec_security);
+ wrap->out.max_unwrapped =
+ gensec_max_input_size(auth_generic_state->gensec_security);
- ads->ldap.out.sig_size = max_wrapped - ads->ldap.out.max_unwrapped;
+ wrap->out.sig_size = max_wrapped - wrap->out.max_unwrapped;
/*
* Note that we have to truncate this to 0x2C
* (taken from a capture with LDAP unbind), as the
* signature size is not constant for Kerberos with
* arcfour-hmac-md5.
*/
- ads->ldap.in.min_wrapped = MIN(ads->ldap.out.sig_size, 0x2C);
- ads->ldap.in.max_wrapped = ADS_SASL_WRAPPING_IN_MAX_WRAPPED;
- status = ads_setup_sasl_wrapping(ads, &ads_sasl_gensec_ops, auth_generic_state->gensec_security);
+ wrap->in.min_wrapped = MIN(wrap->out.sig_size, 0x2C);
+ wrap->in.max_wrapped = ADS_SASL_WRAPPING_IN_MAX_WRAPPED;
+ status = ads_setup_sasl_wrapping(wrap, ads->ldap.ld,
+ &ads_sasl_gensec_ops,
+ auth_generic_state->gensec_security);
if (!ADS_ERR_OK(status)) {
DEBUG(0, ("ads_setup_sasl_wrapping() failed: %s\n",
ads_errstr(status)));
@@ -387,9 +393,9 @@ done:
return status;
}
-static ADS_STATUS ads_sasl_gssapi_wrap(ADS_STRUCT *ads, uint8_t *buf, uint32_t len)
+static ADS_STATUS ads_sasl_gssapi_wrap(struct ads_saslwrap *wrap, uint8_t *buf, uint32_t len)
{
- gss_ctx_id_t context_handle = (gss_ctx_id_t)ads->ldap.wrap_private_data;
+ gss_ctx_id_t context_handle = (gss_ctx_id_t)wrap->wrap_private_data;
ADS_STATUS status;
int gss_rc;
uint32_t minor_status;
@@ -400,7 +406,7 @@ static ADS_STATUS ads_sasl_gssapi_wrap(ADS_STRUCT *ads, uint8_t *buf, uint32_t l
unwrapped.length = len;
/* for now request sign and seal */
- conf_req_flag = (ads->ldap.wrap_type == ADS_SASLWRAP_TYPE_SEAL);
+ conf_req_flag = (wrap->wrap_type == ADS_SASLWRAP_TYPE_SEAL);
gss_rc = gss_wrap(&minor_status, context_handle,
conf_req_flag, GSS_C_QOP_DEFAULT,
@@ -413,32 +419,32 @@ static ADS_STATUS ads_sasl_gssapi_wrap(ADS_STRUCT *ads, uint8_t *buf, uint32_t l
return ADS_ERROR_NT(NT_STATUS_ACCESS_DENIED);
}
- if ((ads->ldap.out.size - 4) < wrapped.length) {
+ if ((wrap->out.size - 4) < wrapped.length) {
return ADS_ERROR_NT(NT_STATUS_INTERNAL_ERROR);
}
/* copy the wrapped blob to the right location */
- memcpy(ads->ldap.out.buf + 4, wrapped.value, wrapped.length);
+ memcpy(wrap->out.buf + 4, wrapped.value, wrapped.length);
/* set how many bytes must be written to the underlying socket */
- ads->ldap.out.left = 4 + wrapped.length;
+ wrap->out.left = 4 + wrapped.length;
gss_release_buffer(&minor_status, &wrapped);
--
Samba Shared Repository
More information about the samba-cvs
mailing list