[SCM] Samba Shared Repository - branch master updated
Andreas Schneider
asn at samba.org
Wed Apr 3 07:51:02 UTC 2019
The branch, master has been updated
via c7f403d3730 lib:util: Include talloc_keep_secret.h in samba_util.h
via c4baf2f6857 lib:util: Add test for talloc_keep_secret()
via b7f7e5a37b0 lib:util: Add support to keep talloc chunks secret
from 29d7c80ee4d oLschema2ldif: Resolve multiple parsing bugs
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit c7f403d373016374fc96b7fa113f4723a41788a0
Author: Andreas Schneider <asn at samba.org>
Date: Tue Mar 19 12:31:42 2019 +0100
lib:util: Include talloc_keep_secret.h in samba_util.h
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Wed Apr 3 07:50:03 UTC 2019 on sn-devel-144
commit c4baf2f6857718ea0d94b4134e8c12f0737a9e23
Author: Andreas Schneider <asn at samba.org>
Date: Tue Mar 19 11:18:47 2019 +0100
lib:util: Add test for talloc_keep_secret()
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
commit b7f7e5a37b0b0196e07a2829486f56ce32acdeff
Author: Andreas Schneider <asn at samba.org>
Date: Tue Mar 19 10:57:54 2019 +0100
lib:util: Add support to keep talloc chunks secret
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Andrew Bartlet <abartlet at samba.org>
-----------------------------------------------------------------------
Summary of changes:
lib/util/samba_util.h | 1 +
.../util/talloc_keep_secret.c | 44 +++++++---
lib/util/talloc_keep_secret.h | 42 ++++++++++
lib/util/tests/test_talloc_keep_secret.c | 94 ++++++++++++++++++++++
lib/util/wscript_build | 44 +++++++---
selftest/tests.py | 3 +
6 files changed, 207 insertions(+), 21 deletions(-)
copy third_party/pam_wrapper/pwrap_compat.h => lib/util/talloc_keep_secret.c (51%)
create mode 100644 lib/util/talloc_keep_secret.h
create mode 100644 lib/util/tests/test_talloc_keep_secret.c
Changeset truncated at 500 lines:
diff --git a/lib/util/samba_util.h b/lib/util/samba_util.h
index 20adae39bcf..0722426216e 100644
--- a/lib/util/samba_util.h
+++ b/lib/util/samba_util.h
@@ -48,6 +48,7 @@ extern const char *panic_action;
#include "lib/util/data_blob.h"
#include "lib/util/byteorder.h"
#include "lib/util/talloc_stack.h"
+#include "lib/util/talloc_keep_secret.h"
#ifndef ABS
#define ABS(a) ((a)>0?(a):(-(a)))
diff --git a/third_party/pam_wrapper/pwrap_compat.h b/lib/util/talloc_keep_secret.c
similarity index 51%
copy from third_party/pam_wrapper/pwrap_compat.h
copy to lib/util/talloc_keep_secret.c
index a30df15c61f..d6aa38265f6 100644
--- a/third_party/pam_wrapper/pwrap_compat.h
+++ b/lib/util/talloc_keep_secret.c
@@ -1,6 +1,5 @@
/*
- * Copyright (c) 2015 Andreas Schneider <asn at samba.org>
- * Copyright (c) 2015 Jakub Hrozek <jakub.hrozek at posteo.se>
+ * Copyright (c) 2019 Andreas Schneider <asn at samba.org>
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
@@ -16,15 +15,38 @@
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-#ifdef HAVE_OPENPAM
-#include <security/openpam.h>
-#endif
+#include "includes.h"
+#include "talloc_keep_secret.h"
+
+static int talloc_keep_secret_destructor(void *ptr)
+{
+ size_t size = talloc_get_size(ptr);
+
+ if (unlikely(size == 0)) {
+ return 0;
+ }
+
+ memset_s(ptr, size, 0, size);
-/* OpenPAM doesn't define PAM_BAD_ITEM */
-#ifndef PAM_BAD_ITEM
-#define PAM_BAD_ITEM PAM_SYSTEM_ERR
-#endif /* PAM_BAD_ITEM */
+ return 0;
+}
-#ifndef ENODATA
-#define ENODATA EPIPE
+void _talloc_keep_secret(void *ptr, const char *name)
+{
+ size_t size;
+
+ if (unlikely(ptr == NULL)) {
+#ifdef DEVELOPER
+ smb_panic("Invalid talloc pointer");
#endif
+ return;
+ }
+
+ size = talloc_get_size(ptr);
+ if (unlikely(size == 0)) {
+ return;
+ }
+
+ talloc_set_name_const(ptr, name);
+ talloc_set_destructor(ptr, talloc_keep_secret_destructor);
+}
diff --git a/lib/util/talloc_keep_secret.h b/lib/util/talloc_keep_secret.h
new file mode 100644
index 00000000000..44a26aef542
--- /dev/null
+++ b/lib/util/talloc_keep_secret.h
@@ -0,0 +1,42 @@
+/*
+ * Copyright (c) 2019 Andreas Schneider <asn at samba.org>
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _TALLOC_KEEP_SECRET_H
+#define _TALLOC_KEEP_SECRET_H
+
+#ifdef DOXYGEN
+/**
+ * @brief Keep the memory secret when freeing.
+ *
+ * This can be used to define memory as secret. For example memory which holds
+ * passwords or other secrets like session keys. The memory will be zeroed
+ * before is being freed.
+ *
+ * If you duplicate memory, e.g. using talloc_strdup() or talloc_asprintf() you
+ * need to call talloc_keep_secret() on the newly allocated memory too!
+ *
+ * @param[in] ptr The talloc chunk to mark as secure.
+ *
+ * @warning Do not use this in combination with talloc_realloc().
+ */
+void talloc_keep_secret(const void *ptr);
+#else
+#define talloc_keep_secret(ptr) _talloc_keep_secret(ptr, #ptr);
+void _talloc_keep_secret(void *ptr, const char *name);
+#endif
+
+#endif /* _TALLOC_KEEP_SECRET_H */
diff --git a/lib/util/tests/test_talloc_keep_secret.c b/lib/util/tests/test_talloc_keep_secret.c
new file mode 100644
index 00000000000..1462dabe956
--- /dev/null
+++ b/lib/util/tests/test_talloc_keep_secret.c
@@ -0,0 +1,94 @@
+#include <stdarg.h>
+#include <stddef.h>
+#include <stdint.h>
+#include <setjmp.h>
+#include <cmocka.h>
+
+#include <string.h>
+#include <talloc.h>
+#include "lib/util/talloc_keep_secret.h"
+
+int rep_memset_s(void *dest, size_t destsz, int ch, size_t count);
+
+int rep_memset_s(void *dest, size_t destsz, int ch, size_t count)
+{
+ check_expected_ptr(dest);
+ check_expected(destsz);
+ check_expected(ch);
+ check_expected(count);
+
+ return 0;
+}
+
+static void test_talloc_keep_secret(void ** state)
+{
+ TALLOC_CTX *pool = NULL;
+ char *ptr1 = NULL;
+ char *ptr2 = NULL;
+ const char *ptr1_talloc_name = NULL;
+ size_t ptr1_size;
+ size_t i;
+
+ pool = talloc_pool(NULL, 256);
+ assert_non_null(pool);
+
+ ptr1 = talloc_strdup(pool, "secret");
+ assert_non_null(ptr1);
+ assert_string_equal(ptr1, "secret");
+
+ talloc_keep_secret(ptr1);
+
+ ptr1_talloc_name = talloc_get_name(ptr1);
+ assert_string_equal(ptr1_talloc_name, "ptr1");
+
+ ptr1_size = talloc_get_size(ptr1);
+ assert_int_equal(ptr1_size, strlen(ptr1) + 1);
+
+ expect_string(rep_memset_s, dest, "secret");
+ expect_value(rep_memset_s, destsz, strlen(ptr1) + 1);
+ expect_value(rep_memset_s, ch, (int)'\0');
+ expect_value(rep_memset_s, count, strlen(ptr1) + 1);
+
+ talloc_free(ptr1);
+
+ ptr2 = talloc_size(pool, ptr1_size);
+ assert_ptr_equal(ptr1, ptr2);
+
+ for (i = 1; i < ptr1_size; i++) {
+ assert_int_not_equal(ptr2[0], ptr2[i]);
+ }
+
+ talloc_free(pool);
+}
+
+static void test_talloc_keep_secret_validate_memset(void **state)
+{
+ TALLOC_CTX *mem_ctx = NULL;
+ char *password = NULL;
+
+ mem_ctx = talloc_new(NULL);
+ assert_non_null(mem_ctx);
+
+ password = talloc_strdup(mem_ctx, "secret");
+ assert_non_null(password);
+ talloc_keep_secret(password);
+
+ expect_string(rep_memset_s, dest, "secret");
+ expect_value(rep_memset_s, destsz, strlen(password) + 1);
+ expect_value(rep_memset_s, ch, (int)'\0');
+ expect_value(rep_memset_s, count, strlen(password) + 1);
+
+ talloc_free(mem_ctx);
+}
+
+int main(void)
+{
+ const struct CMUnitTest tests[] = {
+ cmocka_unit_test(test_talloc_keep_secret),
+ cmocka_unit_test(test_talloc_keep_secret_validate_memset),
+ };
+
+ cmocka_set_message_output(CM_OUTPUT_SUBUNIT);
+
+ return cmocka_run_group_tests(tests, NULL, NULL);
+}
diff --git a/lib/util/wscript_build b/lib/util/wscript_build
index 5ca72c5c03c..9af1bb5d801 100644
--- a/lib/util/wscript_build
+++ b/lib/util/wscript_build
@@ -115,16 +115,34 @@ else:
install=False)
bld.SAMBA_LIBRARY('samba-util',
- source='''talloc_stack.c smb_threads.c
- rbtree.c rfc1738.c system.c getpass.c
- genrand_util.c fsusage.c
- params.c util_id.c util_net.c
- util_strlist_v3.c util_paths.c
- idtree_random.c base64.c
- util_str.c util_str_common.c ms_fnmatch.c
- server_id.c dprintf.c
- tevent_debug.c memcache.c unix_match.c tfork.c
- tftw.c''',
+ source='''
+ base64.c
+ dprintf.c
+ fsusage.c
+ genrand_util.c
+ getpass.c
+ idtree_random.c
+ memcache.c
+ ms_fnmatch.c
+ params.c
+ rbtree.c
+ rfc1738.c
+ server_id.c
+ smb_threads.c
+ system.c
+ talloc_keep_secret.c
+ talloc_stack.c
+ tevent_debug.c
+ tfork.c
+ tftw.c
+ unix_match.c
+ util_id.c
+ util_net.c
+ util_paths.c
+ util_str.c
+ util_str_common.c
+ util_strlist_v3.c
+ ''',
deps='samba-util-core DYNCONFIG close-low-fd tiniparser genrand util_str_hex',
public_deps='talloc tevent execinfo pthread LIBCRYPTO charset util_setid',
public_headers='''
@@ -251,3 +269,9 @@ else:
deps='cmocka replace samba-util',
local_include=False,
install=False)
+
+ bld.SAMBA_BINARY('test_talloc_keep_secret',
+ source='tests/test_talloc_keep_secret.c',
+ deps='cmocka replace samba-util',
+ local_include=False,
+ install=False)
diff --git a/selftest/tests.py b/selftest/tests.py
index 01afdaea2d0..133f227ab82 100644
--- a/selftest/tests.py
+++ b/selftest/tests.py
@@ -246,6 +246,9 @@ plantestsuite("samba.unittests.lib_util_modules", "none",
plantestsuite("samba.unittests.smb1cli_session", "none",
[os.path.join(bindir(), "default/libcli/smb/test_smb1cli_session")])
+plantestsuite("samba.unittests.talloc_keep_secret", "none",
+ [os.path.join(bindir(), "default/lib/util/test_talloc_keep_secret")])
+
plantestsuite("samba.unittests.tldap", "none",
[os.path.join(bindir(), "default/source3/test_tldap")])
plantestsuite("samba.unittests.rfc1738", "none",
--
Samba Shared Repository
More information about the samba-cvs
mailing list