[SCM] Samba Shared Repository - branch master updated
Andreas Schneider
asn at samba.org
Fri Mar 22 15:04:02 UTC 2019
The branch, master has been updated
via 63084375e3c docs: Update smbclient manpage for --max-protocol
via 5826b31f410 selftest: Do not include system krb5.conf in s4 test environments
via 0063aacbb02 selftests:password_hash: Raise SHA256 rounds to 5000
via e23425a03c8 s4:dsdb: Check errno to determine if crypt or crypt_r succeeded
via fc25fe80b4e selftest: Woraround uid wrapper issues when using bash shell
via 88804bc24c5 s4:torture: Initialize tm struct
via 4a526ec470d selftest: Increase nss_wrapper max host entries handling
via 55b217288b9 third_party: Update socket_wrapper to version 1.2.3
from eace58b539a s3:waf: Fix the detection of makdev() macro on Linux
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 63084375e3c536f22f65e7b7796d114fa8c804c9
Author: Andreas Schneider <asn at samba.org>
Date: Fri Mar 22 14:39:11 2019 +0100
docs: Update smbclient manpage for --max-protocol
We default to SMB3 now.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=13857
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
Autobuild-User(master): Andreas Schneider <asn at cryptomilk.org>
Autobuild-Date(master): Fri Mar 22 15:03:43 UTC 2019 on sn-devel-144
commit 5826b31f410d314eb00909183ea2d2fd8a744bbc
Author: Samuel Cabrero <scabrero at suse.de>
Date: Fri Mar 22 12:04:49 2019 +0100
selftest: Do not include system krb5.conf in s4 test environments
If built with system MIT krb5 and dns_lookup_kdc is set to false in
system krb5.conf tests fail because KDC is not found.
Pair-Programmed-With: Andreas Schneider <asn at samba.org>
Signed-off-by: Samuel Cabrero <scabrero at suse.de>
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 0063aacbb0241ea287d9fa03a0e41236fbdcbeef
Author: Samuel Cabrero <scabrero at suse.de>
Date: Thu Mar 14 19:14:25 2019 +0100
selftests:password_hash: Raise SHA256 rounds to 5000
Some crypt_r implementations like libxcrypt require a higher value.
Signed-off-by: Samuel Cabrero <scabrero at suse.de>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit e23425a03c802070c84c23cc544aab0e623487de
Author: Samuel Cabrero <scabrero at suse.de>
Date: Thu Mar 14 18:54:20 2019 +0100
s4:dsdb: Check errno to determine if crypt or crypt_r succeeded
The behavior of these functions upon errors depends on the implementation.
The GNU libc implementation seems to return a null hash, but others like
libxcrypt returns a invalid hash string '*0'.
Signed-off-by: Samuel Cabrero <scabrero at suse.de>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit fc25fe80b4edbca8bc985b6d94fc4ae6563a0cff
Author: Samuel Cabrero <scabrero at suse.de>
Date: Thu Mar 14 10:20:52 2019 +0100
selftest: Woraround uid wrapper issues when using bash shell
UID_WRAPPER_ROOT=1 is not working properly when tests run in bash shell
instead of dash. After some debugging the reason may be dash spawns a
subshell to run commands, but bash calls execve instead. Traces attached
as reference:
/bin/sh -> dash:
[2(2)/2 at 17s, 1 errors] samba.blackbox.pdbtest(nt4_dc)(nt4_dc:local)
UWRAP_DEBUG(3145) - uwrap_init: Initialize uid_wrapper
UWRAP_DEBUG(3145) - uwrap_init_env: uwrap_init_env
UWRAP_DEBUG(3145) - uwrap_init: Enabled uid_wrapper as root (real uid=1000)
UWRAP_DEBUG(3145) - uwrap_init: Successfully initialized uid_wrapper
UWRAP_DEBUG(3144) - uwrap_init: Initialize uid_wrapper
UWRAP_DEBUG(3144) - uwrap_init_env: uwrap_init_env
UWRAP_DEBUG(3144) - uwrap_init: Enabled uid_wrapper as root (real uid=1000)
UWRAP_DEBUG(3144) - uwrap_init: Successfully initialized uid_wrapper
/bin/sh -> bash:
[2(2)/2 at 17s, 1 errors] samba.blackbox.pdbtest(nt4_dc)(nt4_dc:local)
UWRAP_DEBUG(3352) - uwrap_export_ids: uwrap_export_ids
UWRAP_DEBUG(3354) - uwrap_export_ids: uwrap_export_ids
UWRAP_DEBUG(3354) - uwrap_init: Initialize uid_wrapper
UWRAP_DEBUG(3354) - uwrap_init_env: uwrap_init_env
UWRAP_DEBUG(3354) - uwrap_init_env: Initialize ruid with 1000
UWRAP_DEBUG(3354) - uwrap_init_env: Initalize euid with 1000
UWRAP_DEBUG(3354) - uwrap_init_env: Initalize suid with 1000
UWRAP_DEBUG(3354) - uwrap_init_env: Initialize ruid with 1000
UWRAP_DEBUG(3354) - uwrap_init_env: Initalize egid with 1000
UWRAP_DEBUG(3354) - uwrap_init_env: Initalize sgid with 1000
UWRAP_DEBUG(3354) - uwrap_init_env: Initalize groups with 4,24,27,30,46,108,1000
UWRAP_DEBUG(3354) - uwrap_init: Enabled uid_wrapper as user (real uid=1000)
UWRAP_DEBUG(3354) - uwrap_init: Successfully initialized uid_wrapper
UWRAP_DEBUG(3353) - uwrap_export_ids: uwrap_export_ids
UWRAP_DEBUG(3353) - uwrap_init: Initialize uid_wrapper
UWRAP_DEBUG(3353) - uwrap_init_env: uwrap_init_env
UWRAP_DEBUG(3353) - uwrap_init_env: Initialize ruid with 1000
UWRAP_DEBUG(3353) - uwrap_init_env: Initalize euid with 1000
UWRAP_DEBUG(3353) - uwrap_init_env: Initalize suid with 1000
UWRAP_DEBUG(3353) - uwrap_init_env: Initialize ruid with 1000
UWRAP_DEBUG(3353) - uwrap_init_env: Initalize egid with 1000
UWRAP_DEBUG(3353) - uwrap_init_env: Initalize sgid with 1000
UWRAP_DEBUG(3353) - uwrap_init_env: Initalize groups with 4,24,27,30,46,108,1000
UWRAP_DEBUG(3353) - uwrap_init: Enabled uid_wrapper as user (real uid=1000)
UWRAP_DEBUG(3353) - uwrap_init: Successfully initialized uid_wrapper
Signed-off-by: Samuel Cabrero <scabrero at suse.de>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 88804bc24c58d7da866c582ce639aa77af766b5a
Author: Samuel Cabrero <scabrero at suse.de>
Date: Wed Mar 13 10:46:36 2019 +0100
s4:torture: Initialize tm struct
The samba3.blackbox.shadow_copy_torture tests call to strptime passing
an uninitalized tm structure as an argument, but the strptime function
does not write the tm.tm_isdst field.
These tm structures are passed later as the mktime argument, which
produces different values depending on whether the arbitrary value
of the tm.tm_isdst field is lower or equal to zero or greather than
zero.
Signed-off-by: Samuel Cabrero <scabrero at suse.de>
Reviewed-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 4a526ec470df4b983745939fe86927a9ea66778c
Author: Andreas Schneider <asn at samba.org>
Date: Thu Mar 21 12:06:58 2019 +0100
selftest: Increase nss_wrapper max host entries handling
The logs are spammed with:
nwrap_ed_inventarize_add_new: Hash table is full (Cannot allocate memory)!
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
commit 55b217288b9763fe6a23ce519d4a106cc7dcf662
Author: Andreas Schneider <asn at samba.org>
Date: Thu Mar 21 10:02:54 2019 +0100
third_party: Update socket_wrapper to version 1.2.3
* Added environment variable to disable deep binding
* Fixed installation of socket_wrapper
* Fixed several small bugs
* Fixed missing NULL check for socket_wrapper_dir()
* Fixes building in Samba source tree
Signed-off-by: Andreas Schneider <asn at samba.org>
Reviewed-by: Ralph Boehme <slow at samba.org>
-----------------------------------------------------------------------
Summary of changes:
buildtools/wafsamba/samba_third_party.py | 2 +-
docs-xml/manpages/smbclient.1.xml | 6 +-
python/samba/tests/password_hash_fl2008.py | 4 +-
selftest/selftest.pl | 3 +
selftest/target/Samba4.pm | 1 +
source3/script/tests/test_net_rpc_oldjoin.sh | 23 ++-
source4/dsdb/samdb/ldb_modules/password_hash.c | 6 +-
source4/torture/smb2/create.c | 10 +
testprogs/blackbox/test_password_settings.sh | 35 +++-
testprogs/blackbox/test_pdbtest.sh | 37 +++-
third_party/socket_wrapper/socket_wrapper.c | 256 +++++++++++++++++--------
third_party/socket_wrapper/wscript | 2 +-
12 files changed, 276 insertions(+), 109 deletions(-)
Changeset truncated at 500 lines:
diff --git a/buildtools/wafsamba/samba_third_party.py b/buildtools/wafsamba/samba_third_party.py
index e0dd3e1b9a0..1fe91d51aad 100644
--- a/buildtools/wafsamba/samba_third_party.py
+++ b/buildtools/wafsamba/samba_third_party.py
@@ -42,7 +42,7 @@ Build.BuildContext.CHECK_CMOCKA = CHECK_CMOCKA
@conf
def CHECK_SOCKET_WRAPPER(conf):
- return conf.CHECK_BUNDLED_SYSTEM_PKG('socket_wrapper', minversion='1.2.1')
+ return conf.CHECK_BUNDLED_SYSTEM_PKG('socket_wrapper', minversion='1.2.3')
Build.BuildContext.CHECK_SOCKET_WRAPPER = CHECK_SOCKET_WRAPPER
@conf
diff --git a/docs-xml/manpages/smbclient.1.xml b/docs-xml/manpages/smbclient.1.xml
index e71a21a95e3..e25f7d3517b 100644
--- a/docs-xml/manpages/smbclient.1.xml
+++ b/docs-xml/manpages/smbclient.1.xml
@@ -261,9 +261,9 @@
<listitem><para>This allows the user to select the
highest SMB protocol level that smbclient will use to
connect to the server. By default this is set to
- NT1, which is the highest available SMB1 protocol.
- To connect using SMB2 or SMB3 protocol, use the
- strings SMB2 or SMB3 respectively. Note that to connect
+ highest available SMB3 protocol version.
+ To connect using SMB2 or SMB1 protocol, use the
+ strings SMB2 or NT1 respectively. Note that to connect
to a Windows 2012 server with encrypted transport selecting
a max-protocol of SMB3 is required.
</para></listitem>
diff --git a/python/samba/tests/password_hash_fl2008.py b/python/samba/tests/password_hash_fl2008.py
index 917e973cdbc..685c73edaf2 100644
--- a/python/samba/tests/password_hash_fl2008.py
+++ b/python/samba/tests/password_hash_fl2008.py
@@ -158,7 +158,7 @@ class PassWordHashFl2008Tests(PassWordHashTests):
def test_userPassword_cleartext_sha256(self):
self.add_user(clear_text=True,
options=[("password hash userPassword schemes",
- "CryptSHA256:rounds=100")])
+ "CryptSHA256:rounds=5000")])
sc = self.get_supplemental_creds()
@@ -206,5 +206,5 @@ class PassWordHashFl2008Tests(PassWordHashTests):
#
up = ndr_unpack(drsblobs.package_PrimaryUserPasswordBlob,
binascii.a2b_hex(up_package.data))
- self.checkUserPassword(up, [("{CRYPT}", "5", 100)])
+ self.checkUserPassword(up, [("{CRYPT}", "5", 5000)])
self.checkNtHash(USER_PASS, up.current_nt_hash.hash)
diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index 919a9d50177..52109e99b6f 100755
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -430,6 +430,9 @@ print "LD_PRELOAD=$ENV{LD_PRELOAD}\n";
# Enable uid_wrapper globally
$ENV{UID_WRAPPER} = 1;
+# We are already hitting the limit, so double it.
+$ENV{NSS_WRAPPER_MAX_HOSTENTS} = 200;
+
# Disable RTLD_DEEPBIND hack for Samba bind dlz module
#
# This is needed in order to allow the ldb_*ldap module
diff --git a/selftest/target/Samba4.pm b/selftest/target/Samba4.pm
index 50835ef5f6c..ec587aae3b4 100755
--- a/selftest/target/Samba4.pm
+++ b/selftest/target/Samba4.pm
@@ -830,6 +830,7 @@ sub provision_raw_step1($$)
winbind enum groups = yes
rpc server port:netlogon = 1026
+ include system krb5 conf = no
";
diff --git a/source3/script/tests/test_net_rpc_oldjoin.sh b/source3/script/tests/test_net_rpc_oldjoin.sh
index 070fcc1add7..97586874be9 100755
--- a/source3/script/tests/test_net_rpc_oldjoin.sh
+++ b/source3/script/tests/test_net_rpc_oldjoin.sh
@@ -22,8 +22,29 @@ export UID_WRAPPER_ROOT
OPTIONS="--configfile $SMB_CONF_PATH --option=netbiosname=$maccount --option=security=domain --option=domainlogons=no --option=privatedir=$privatedir"
+test_smbpasswd()
+{
+ account=$1
+
+ echo "set password with smbpasswd"
+
+ cmd='UID_WRAPPER_INITIAL_RUID=0 UID_WRAPPER_INITIAL_EUID=0 $VALGRIND $BINDIR/smbpasswd -L -c $SMB_CONF_PATH -a -m "$account"'
+ eval echo "$cmd"
+ out=$(eval $cmd)
+ ret=$?
+ rm -f $tmpfile
+
+ if [ $ret -ne 0 ]; then
+ echo "Failed to change user password $user"
+ return 1
+ fi
+}
+
+
testit "mkdir -p $privatedir" mkdir -p $privatedir || failed=`expr $failed + 1`
-testit "smbpasswd -a -m" $VALGRIND $BINDIR/smbpasswd -L -c $SMB_CONF_PATH -a -m "$maccount" || failed=`expr $failed + 1`
+testit "smbpasswd -a -m" \
+ test_smbpasswd $maccount \
+ || failed=$(expr $failed + 1)
testit "net_rpc_oldjoin" $VALGRIND $BINDIR/net rpc oldjoin -S $SERVER $OPTIONS || failed=`expr $failed + 1`
testit "net_rpc_testjoin1" $VALGRIND $BINDIR/net rpc testjoin -S $SERVER $OPTIONS || failed=`expr $failed + 1`
testit "net_rpc_changetrustpw" $VALGRIND $BINDIR/net rpc changetrustpw -S $SERVER $OPTIONS || failed=`expr $failed + 1`
diff --git a/source4/dsdb/samdb/ldb_modules/password_hash.c b/source4/dsdb/samdb/ldb_modules/password_hash.c
index 804be6a4307..a010d4b9026 100644
--- a/source4/dsdb/samdb/ldb_modules/password_hash.c
+++ b/source4/dsdb/samdb/ldb_modules/password_hash.c
@@ -1484,6 +1484,7 @@ static int setup_primary_userPassword_hash(
* Relies on the assertion that cleartext_utf8->data is a zero
* terminated UTF-8 string
*/
+ errno = 0;
#ifdef HAVE_CRYPT_R
hash = crypt_r((char *)io->n.cleartext_utf8->data, cmd, &crypt_data);
#else
@@ -1493,7 +1494,10 @@ static int setup_primary_userPassword_hash(
*/
hash = crypt((char *)io->n.cleartext_utf8->data, cmd);
#endif
- if (hash == NULL) {
+ /* crypt_r and crypt may return a null pointer upon error depending on
+ * how libcrypt was configured. POSIX specifies returning a null
+ * pointer and setting errno. */
+ if (hash == NULL || errno != 0) {
char buf[1024];
int err = strerror_r(errno, buf, sizeof(buf));
if (err != 0) {
diff --git a/source4/torture/smb2/create.c b/source4/torture/smb2/create.c
index 912efaac272..0ede6add54a 100644
--- a/source4/torture/smb2/create.c
+++ b/source4/torture/smb2/create.c
@@ -1759,6 +1759,11 @@ static bool test_twrp_write(struct torture_context *tctx, struct smb2_tree *tree
torture_comment(tctx, "Testing timewarp (%s) (%s)\n", file, snapshot);
setenv("TZ", "GMT", 1);
+
+ /* strptime does not set tm.tm_isdst but mktime assumes DST is in
+ * effect if it is greather than 1. */
+ ZERO_STRUCT(tm);
+
p = strptime(snapshot, "@GMT-%Y.%m.%d-%H.%M.%S", &tm);
torture_assert_goto(tctx, p != NULL, ret, done, "strptime\n");
torture_assert_goto(tctx, *p == '\0', ret, done, "strptime\n");
@@ -1858,6 +1863,11 @@ static bool test_twrp_stream(struct torture_context *tctx,
torture_assert_not_null_goto(tctx, buf, ret, done, "buf\n");
setenv("TZ", "GMT", 1);
+
+ /* strptime does not set tm.tm_isdst but mktime assumes DST is in
+ * effect if it is greather than 1. */
+ ZERO_STRUCT(tm);
+
p = strptime(snapshot, "@GMT-%Y.%m.%d-%H.%M.%S", &tm);
torture_assert_goto(tctx, p != NULL, ret, done, "strptime\n");
torture_assert_goto(tctx, *p == '\0', ret, done, "strptime\n");
diff --git a/testprogs/blackbox/test_password_settings.sh b/testprogs/blackbox/test_password_settings.sh
index 93e03770ed2..600bf0d0751 100755
--- a/testprogs/blackbox/test_password_settings.sh
+++ b/testprogs/blackbox/test_password_settings.sh
@@ -52,6 +52,31 @@ do_kinit() {
fi
}
+test_smbpasswd()
+{
+ user=$1
+ newpass=$2
+
+ tmpfile=$PREFIX/smbpasswd_change_password_script
+ cat > $tmpfile <<EOF
+expect New SMB password:
+send ${newpass}\n
+expect Retype new SMB password:
+send ${newpass}\n
+EOF
+
+ cmd='UID_WRAPPER_INITIAL_RUID=0 UID_WRAPPER_INITIAL_EUID=0 $texpect $tmpfile $smbpasswd -L -c $PREFIX/etc/smb.conf $user'
+ eval echo "$cmd"
+ out=$(eval $cmd)
+ ret=$?
+ rm -f $tmpfile
+
+ if [ $ret -ne 0 ]; then
+ echo "Failed to change user password $user"
+ return 1
+ fi
+}
+
UID_WRAPPER_ROOT=1
export UID_WRAPPER_ROOT
@@ -139,15 +164,9 @@ rm -f $KRB5CCNAME_PATH
### Set the password with smbpasswd
###########################################################
-cat > $PREFIX/tmpsmbpasswdscript <<EOF
-expect New SMB password:
-send ${TEST_PASSWORD_NEW}\n
-expect Retype new SMB password:
-send ${TEST_PASSWORD_NEW}\n
-EOF
-
testit "set user password with smbpasswd" \
- $texpect $PREFIX/tmpsmbpasswdscript $smbpasswd -L -c $PREFIX/etc/smb.conf $TEST_USERNAME || failed=`expr $failed + 1`
+ test_smbpasswd $TEST_USERNAME $TEST_PASSWORD_NEW \
+ || failed=$(expr $failed + 1)
TEST_PASSWORD=$TEST_PASSWORD_NEW
TEST_PASSWORD_NEW="testPaSS at 03%"
diff --git a/testprogs/blackbox/test_pdbtest.sh b/testprogs/blackbox/test_pdbtest.sh
index 02615094451..d5c37f0acc9 100755
--- a/testprogs/blackbox/test_pdbtest.sh
+++ b/testprogs/blackbox/test_pdbtest.sh
@@ -32,6 +32,32 @@ unc="//$SERVER/tmp"
UID_WRAPPER_ROOT=1
export UID_WRAPPER_ROOT
+test_smbpasswd()
+{
+ user=$1
+ newpass=$2
+
+ echo "set password with smbpasswd"
+ tmpfile=$PREFIX/smbpasswd_change_password_script
+ cat > $tmpfile <<EOF
+expect New SMB password:
+send ${newpass}\n
+expect Retype new SMB password:
+send ${newpass}\n
+EOF
+
+ cmd='UID_WRAPPER_INITIAL_RUID=0 UID_WRAPPER_INITIAL_EUID=0 $texpect $tmpfile $smbpasswd -L $user -c $SMB_CONF'
+ eval echo "$cmd"
+ out=$(eval $cmd)
+ ret=$?
+ rm -f $tmpfile
+
+ if [ $ret -ne 0 ]; then
+ echo "Failed to change user password $user"
+ return 1
+ fi
+}
+
testit "pdbtest" $VALGRIND $BINDIR/pdbtest -u $USER $@ || failed=`expr $failed + 1`
NEWUSERPASS=testPaSS at 01%
@@ -55,15 +81,10 @@ test_smbclient "Test login with user (ntlm)" 'ls' "$unc" -k no -U$USER%$NEWUSERP
NEWUSERPASS=testPaSS at 02%
-echo "set password with smbpasswd"
-cat > ./tmpsmbpasswdscript <<EOF
-expect New SMB password:
-send ${NEWUSERPASS}\n
-expect Retype new SMB password:
-send ${NEWUSERPASS}\n
-EOF
+testit "set user password with smbpasswd" \
+ test_smbpasswd $USER $NEWUSERPASS \
+ || failed=$(expr $failed + 1)
-testit "set user password with smbpasswd" $texpect ./tmpsmbpasswdscript $smbpasswd -L $USER -c $SMB_CONF || failed=`expr $failed + 1`
USERPASS=$NEWUSERPASS
test_smbclient "Test login with user (ntlm)" 'ls' "$unc" -k no -U$USER%$NEWUSERPASS $@|| failed=`expr $failed + 1`
diff --git a/third_party/socket_wrapper/socket_wrapper.c b/third_party/socket_wrapper/socket_wrapper.c
index df70df5008d..a9e2a756fde 100644
--- a/third_party/socket_wrapper/socket_wrapper.c
+++ b/third_party/socket_wrapper/socket_wrapper.c
@@ -555,7 +555,7 @@ struct swrap {
static struct swrap swrap;
/* prototypes */
-static const char *socket_wrapper_dir(void);
+static char *socket_wrapper_dir(void);
#define LIBC_NAME "libc.so"
@@ -587,20 +587,29 @@ static void *swrap_load_lib_handle(enum swrap_lib lib)
int i;
#ifdef RTLD_DEEPBIND
- const char *env = getenv("LD_PRELOAD");
+ const char *env_preload = getenv("LD_PRELOAD");
+ const char *env_deepbind = getenv("SOCKET_WRAPPER_DISABLE_DEEPBIND");
+ bool enable_deepbind = true;
/* Don't do a deepbind if we run with libasan */
- if (env != NULL && strlen(env) < 1024) {
- const char *p = strstr(env, "libasan.so");
- if (p == NULL) {
- flags |= RTLD_DEEPBIND;
+ if (env_preload != NULL && strlen(env_preload) < 1024) {
+ const char *p = strstr(env_preload, "libasan.so");
+ if (p != NULL) {
+ enable_deepbind = false;
}
}
+
+ if (env_deepbind != NULL && strlen(env_deepbind) >= 1) {
+ enable_deepbind = false;
+ }
+
+ if (enable_deepbind) {
+ flags |= RTLD_DEEPBIND;
+ }
#endif
switch (lib) {
case SWRAP_LIBNSL:
- FALL_THROUGH;
case SWRAP_LIBSOCKET:
#ifdef HAVE_LIBSOCKET
handle = swrap.libc.socket_handle;
@@ -619,7 +628,6 @@ static void *swrap_load_lib_handle(enum swrap_lib lib)
}
break;
#endif
- FALL_THROUGH;
case SWRAP_LIBC:
handle = swrap.libc.handle;
#ifdef LIBC_SO
@@ -1274,19 +1282,26 @@ static void swrap_set_next_free(struct socket_info *si, int next_free)
sic->meta.next_free = next_free;
}
-static const char *socket_wrapper_dir(void)
+static char *socket_wrapper_dir(void)
{
- const char *s = getenv("SOCKET_WRAPPER_DIR");
+ char *swrap_dir = NULL;
+ char *s = getenv("SOCKET_WRAPPER_DIR");
+
if (s == NULL) {
+ SWRAP_LOG(SWRAP_LOG_WARN, "SOCKET_WRAPPER_DIR not set\n");
return NULL;
}
- /* TODO use realpath(3) here, when we add support for threads */
- if (strncmp(s, "./", 2) == 0) {
- s += 2;
+
+ swrap_dir = realpath(s, NULL);
+ if (swrap_dir == NULL) {
+ SWRAP_LOG(SWRAP_LOG_ERROR,
+ "Unable to resolve socket_wrapper dir path: %s",
+ strerror(errno));
+ return NULL;
}
- SWRAP_LOG(SWRAP_LOG_TRACE, "socket_wrapper_dir: %s", s);
- return s;
+ SWRAP_LOG(SWRAP_LOG_TRACE, "socket_wrapper_dir: %s", swrap_dir);
+ return swrap_dir;
}
static unsigned int socket_wrapper_mtu(void)
@@ -1491,12 +1506,14 @@ done:
bool socket_wrapper_enabled(void)
{
- const char *s = socket_wrapper_dir();
+ char *s = socket_wrapper_dir();
if (s == NULL) {
return false;
}
+ SAFE_FREE(s);
+
socket_wrapper_init_sockets();
return true;
@@ -1702,6 +1719,7 @@ static int convert_in_un_remote(struct socket_info *si, const struct sockaddr *i
unsigned int prt;
unsigned int iface;
int is_bcast = 0;
+ char *swrap_dir = NULL;
if (bcast) *bcast = 0;
@@ -1800,18 +1818,27 @@ static int convert_in_un_remote(struct socket_info *si, const struct sockaddr *i
return -1;
}
+ swrap_dir = socket_wrapper_dir();
+ if (swrap_dir == NULL) {
+ errno = EINVAL;
+ return -1;
+ }
+
if (is_bcast) {
- snprintf(un->sun_path, sizeof(un->sun_path), "%s/EINVAL",
- socket_wrapper_dir());
+ snprintf(un->sun_path, sizeof(un->sun_path),
+ "%s/EINVAL", swrap_dir);
SWRAP_LOG(SWRAP_LOG_DEBUG, "un path [%s]", un->sun_path);
+ SAFE_FREE(swrap_dir);
/* the caller need to do more processing */
return 0;
}
snprintf(un->sun_path, sizeof(un->sun_path), "%s/"SOCKET_FORMAT,
- socket_wrapper_dir(), type, iface, prt);
+ swrap_dir, type, iface, prt);
SWRAP_LOG(SWRAP_LOG_DEBUG, "un path [%s]", un->sun_path);
+ SAFE_FREE(swrap_dir);
+
return 0;
}
@@ -1823,6 +1850,7 @@ static int convert_in_un_alloc(struct socket_info *si, const struct sockaddr *in
unsigned int iface;
struct stat st;
int is_bcast = 0;
+ char *swrap_dir = NULL;
if (bcast) *bcast = 0;
@@ -1964,11 +1992,17 @@ static int convert_in_un_alloc(struct socket_info *si, const struct sockaddr *in
return -1;
}
+ swrap_dir = socket_wrapper_dir();
+ if (swrap_dir == NULL) {
+ errno = EINVAL;
+ return -1;
+ }
+
if (prt == 0) {
/* handle auto-allocation of ephemeral ports */
for (prt = 5001; prt < 10000; prt++) {
snprintf(un->sun_path, sizeof(un->sun_path), "%s/"SOCKET_FORMAT,
- socket_wrapper_dir(), type, iface, prt);
+ swrap_dir, type, iface, prt);
if (stat(un->sun_path, &st) == 0) continue;
set_port(si->family, prt, &si->myname);
@@ -1976,15 +2010,20 @@ static int convert_in_un_alloc(struct socket_info *si, const struct sockaddr *in
break;
}
+
if (prt == 10000) {
errno = ENFILE;
+ SAFE_FREE(swrap_dir);
return -1;
}
}
snprintf(un->sun_path, sizeof(un->sun_path), "%s/"SOCKET_FORMAT,
- socket_wrapper_dir(), type, iface, prt);
+ swrap_dir, type, iface, prt);
SWRAP_LOG(SWRAP_LOG_DEBUG, "un path [%s]", un->sun_path);
+
+ SAFE_FREE(swrap_dir);
+
return 0;
}
@@ -2012,7 +2051,7 @@ static bool check_addr_port_in_use(const struct sockaddr *sa, socklen_t len)
return false;
}
break;
-#if HAVE_IPV6
+#ifdef HAVE_IPV6
case AF_INET6:
if (len < sizeof(struct sockaddr_in6)) {
return false;
@@ -2059,7 +2098,7 @@ static bool check_addr_port_in_use(const struct sockaddr *sa, socklen_t len)
return true;
break;
}
-#if HAVE_IPV6
+#ifdef HAVE_IPV6
case AF_INET6: {
struct sockaddr_in6 *sin1, *sin2;
@@ -2431,14 +2470,20 @@ static uint8_t *swrap_pcap_packet_init(struct timeval *tval,
int unreachable,
size_t *_packet_len)
{
- uint8_t *base;
- uint8_t *buf;
- struct swrap_packet_frame *frame;
- union swrap_packet_ip *ip;
+ uint8_t *base = NULL;
+ uint8_t *buf = NULL;
+ union {
+ uint8_t *ptr;
+ struct swrap_packet_frame *frame;
+ } f;
--
Samba Shared Repository
More information about the samba-cvs
mailing list