[SCM] Samba Shared Repository - branch master updated

Stefan Metzmacher metze at samba.org
Mon Jan 24 16:19:01 UTC 2022


The branch, master has been updated
       via  12464bd4c22 blackbox.ndrdump: fix test_ndrdump_fuzzed_NULL_struct_ntlmssp_CHALLENGE_MESSAGE test
       via  43648e95a51 librpc/ndr: let ndr_push_string() let s_len == 0 result in d_len = 0
       via  8da26cb6725 s4:torture/ndr: demonstrate the ndr_push_string(STR_NOTERM|REMAINING) of "" is wrong
       via  1dc385cb648 blackbox.ndrdump: adjust example files to the usage of dump_data_diff output.
       via  d1a7f392a8c ndrdump: make use of dump_data_file_diff() in order to show differences
       via  b489b7feda1 lib/util: add dump_data_diff*() helpers
       via  9110a8854a5 blackbox.ndrdump: adjust example files to changed dump_data() output.
       via  58b09e107ca lib/util: split out a dump_data_block16() helper
       via  0651fa474cd dcesrv_core: wrap gensec_*() calls in [un]become_root() calls
       via  be1935dac8a WHATSNEW: Start release notes for Samba 4.17.0pre1.
      from  d844bc6cbdb ldb: bump version to 2.6.0 for Samba 4.17.x releases

https://git.samba.org/?p=samba.git;a=shortlog;h=master


- Log -----------------------------------------------------------------
commit 12464bd4c222d996aac6d6250b7945d63f20f4bc
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Jan 21 20:42:45 2022 +0100

    blackbox.ndrdump: fix test_ndrdump_fuzzed_NULL_struct_ntlmssp_CHALLENGE_MESSAGE test
    
    This actually reveals that ndr_push_string() for TargetName="" was
    failing before because it resulted in 1 byte for a subcontext with
    TargetLen=0.
    
    This is fixed now and we no longer expect ndrdump to exit with 1.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>
    
    Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
    Autobuild-Date(master): Mon Jan 24 16:18:34 UTC 2022 on sn-devel-184

commit 43648e95a514020da4c7efa62df55d0882e3db85
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Nov 3 13:57:50 2021 +0100

    librpc/ndr: let ndr_push_string() let s_len == 0 result in d_len = 0
    
    convert_string_talloc_handle() tries to play an the safe side
    and always returns a null terminated array.
    
    But for NDR we need to be correct on the wire...
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 8da26cb6725b5d853ab481a348a3a672966715b5
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Jan 21 01:09:23 2022 +0100

    s4:torture/ndr: demonstrate the ndr_push_string(STR_NOTERM|REMAINING) of "" is wrong
    
    convert_string_talloc() never returns a string with len=0 and always
    implies zero termination byte(s).
    
    For ndr_push_string this is unexpected as we need to be compatible on
    the wire and push 0 bytes for an empty string.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 1dc385cb648f0c37b04f4ede6b1c96916e379b23
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Jan 21 20:28:59 2022 +0100

    blackbox.ndrdump: adjust example files to the usage of dump_data_diff output.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit d1a7f392a8ceef111a5d6c3d2a3bdb9dcb90db5e
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Nov 3 13:32:48 2021 +0100

    ndrdump: make use of dump_data_file_diff() in order to show differences
    
    This makes it much easier to detect differences in the given and
    generated buffers.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit b489b7feda19b3c0f0fe2300f2c76d416776355b
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Nov 3 11:40:13 2021 +0100

    lib/util: add dump_data_diff*() helpers
    
    That will make it easy to see the difference
    between two memory buffers.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 9110a8854a518befa2908c26076e17a085c5ec48
Author: Stefan Metzmacher <metze at samba.org>
Date:   Fri Jan 21 20:06:40 2022 +0100

    blackbox.ndrdump: adjust example files to changed dump_data() output.
    
    The cleanup using dump_data_block16() fixed the space handling.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 58b09e107cadd7fb8191822d4e7e42657b1ed4c7
Author: Stefan Metzmacher <metze at samba.org>
Date:   Wed Nov 3 11:05:52 2021 +0100

    lib/util: split out a dump_data_block16() helper
    
    This simplifies the logic a lot for me.
    
    It also fixes some corner cases regarding whitespaces in the
    output, that's why we have to mark a few tests as knownfail,
    they will be fixed in the next commit.
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit 0651fa474cd68b18d8eb9bdc7c4ba5b847ba9ad9
Author: Stefan Metzmacher <metze at samba.org>
Date:   Sat Jan 22 01:08:26 2022 +0100

    dcesrv_core: wrap gensec_*() calls in [un]become_root() calls
    
    This is important for the source3/rpc_server code as it might
    be called embedded in smbd and may not run as root with access
    to our private tdb/ldb files.
    
    Note this is only really needed for 4.15 and older, as
    we no longer run the rpc_server embedded in smbd,
    but we better be consistent for now.
    
    This should be able to fix the problem the printing no longer works
    on Windows 7 with 2021-10 monthly rollup patch (KB5006743).
    
    Windows uses NTLMSSP with privacy at the DCERPC layer on top
    of NCACN_NP (smb).
    
    BUG: https://bugzilla.samba.org/show_bug.cgi?id=14867
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>
    Reviewed-by: Andreas Schneider <asn at samba.org>

commit be1935dac8a188901ae0f13181b356b508c5be4f
Author: Stefan Metzmacher <metze at samba.org>
Date:   Mon Jan 24 15:57:50 2022 +0100

    WHATSNEW: Start release notes for Samba 4.17.0pre1.
    
    Signed-off-by: Stefan Metzmacher <metze at samba.org>

-----------------------------------------------------------------------

Summary of changes:
 WHATSNEW.txt                                       | 153 +----------
 lib/util/util.c                                    | 203 +++++++++-----
 lib/util/util.h                                    |  28 ++
 librpc/ndr/ndr_string.c                            |   5 +-
 librpc/rpc/dcesrv_auth.c                           |   5 +
 librpc/rpc/dcesrv_core.c                           |  18 ++
 librpc/rpc/dcesrv_core.h                           |   2 +
 librpc/tools/ndrdump.c                             |  10 +
 python/samba/tests/blackbox/ndrdump.py             |  19 +-
 source3/rpc_server/rpc_config.c                    |   2 +
 source3/rpc_server/rpc_worker.c                    |   2 +
 source3/selftest/ktest-krb5_ccache-2.txt           |   4 +-
 source3/selftest/ktest-krb5_ccache-3.txt           |   4 +-
 .../tests/dns-decode_dns_name_packet-hex.txt       |   2 +-
 .../librpc/tests/fuzzed_drsuapi_DsAddEntry_1.txt   | 297 ++++++++++++++++++++-
 .../librpc/tests/fuzzed_drsuapi_DsGetNCChanges.txt |   2 +-
 .../tests/fuzzed_drsuapi_DsReplicaAttribute.txt    |  31 ++-
 .../tests/fuzzed_ntlmssp-AUTHENTICATE_MESSAGE.txt  |  33 +++
 .../tests/fuzzed_ntlmssp-CHALLENGE_MESSAGE.txt     |  52 +++-
 source4/librpc/tests/krb5pac_upn_dns_info_ex.txt   |  61 +++++
 .../krb5pac_upn_dns_info_ex_not_supported.txt      |  69 +++++
 source4/rpc_server/service_rpc.c                   |  10 +
 source4/torture/ndr/string.c                       |  30 ++-
 23 files changed, 801 insertions(+), 241 deletions(-)


Changeset truncated at 500 lines:

diff --git a/WHATSNEW.txt b/WHATSNEW.txt
index 71a8d9a103e..6c7ab0407c8 100644
--- a/WHATSNEW.txt
+++ b/WHATSNEW.txt
@@ -1,12 +1,12 @@
 Release Announcements
 =====================
 
-This is the first release candidate of Samba 4.16.  This is *not*
+This is the first pre release of Samba 4.17.  This is *not*
 intended for production environments and is designed for testing
 purposes only.  Please report any defects via the Samba bug reporting
 system at https://bugzilla.samba.org/.
 
-Samba 4.16 will be the next version of the Samba suite.
+Samba 4.17 will be the next version of the Samba suite.
 
 
 UPGRADING
@@ -16,167 +16,22 @@ UPGRADING
 NEW FEATURES/CHANGES
 ====================
 
-New samba-dcerpcd binary to provide DCERPC in the member server setup
----------------------------------------------------------------------
-
-In order to make it much easier to break out the DCERPC services
-from smbd, a new samba-dcerpcd binary has been created.
-
-samba-dcerpcd can be used in two ways. In the normal case without
-startup script modification it is invoked on demand from smbd or
-winbind --np-helper to serve DCERPC over named pipes. Note that
-in order to run in this mode the smb.conf [global] section has
-a new parameter "rpc start on demand helpers = [true|false]".
-This parameter is set to "true" by default, meaning no changes to
-smb.conf files are needed to run samba-dcerpcd on demand as a named
-pipe helper.
-
-It can also be used in a standalone mode where it is started
-separately from smbd or winbind but this requires changes to system
-startup scripts, and in addition a change to smb.conf, setting the new
-[global] parameter "rpc start on demand helpers = false". If "rpc
-start on demand helpers" is not set to false, samba-dcerpcd will
-refuse to start in standalone mode.
-
-Note that when Samba is run in the Active Directory Domain Controller
-mode the samba binary that provides the AD code will still provide its
-normal DCERPC services whilst allowing samba-dcerpcd to provide
-services like SRVSVC in the same way that smbd used to in this
-configuration.
-
-The parameters that allowed some smbd-hosted services to be started
-externally are now gone (detailed below) as this is now the default
-setting.
-
-samba-dcerpcd can also be useful for use outside of the Samba
-framework, for example, use with the Linux kernel SMB2 server ksmbd or
-possibly other SMB2 server implementations.
-
-Certificate Auto Enrollment
----------------------------
-
-Certificate Auto Enrollment allows devices to enroll for certificates from
-Active Directory Certificate Services. It is enabled by Group Policy.
-To enable Certificate Auto Enrollment, Samba's group policy will need to be
-enabled by setting the smb.conf option `apply group policies` to Yes. Samba
-Certificate Auto Enrollment depends on certmonger, the cepces certmonger
-plugin, and sscep. Samba uses sscep to download the CA root chain, then uses
-certmonger paired with cepces to monitor the host certificate templates.
-Certificates are installed in /var/lib/samba/certs and private keys are
-installed in /var/lib/samba/private/certs.
-
-Ability to add ports to dns forwarder addresses in internal DNS backend
------------------------------------------------------------------------
-
-The internal DNS server of Samba forwards queries non-AD zones to one or more
-configured forwarders. Up until now it has been assumed that these forwarders
-listen on port 53. Starting with this version it is possible to configure the
-port using host:port notation. See smb.conf for more details. Existing setups
-are not affected, as the default port is 53.
-
-CTDB changes
-------------
-
-* The "recovery master" role has been renamed "leader"
-
-  Documentation and logs now refer to "leader".
-
-  The following ctdb tool command names have changed:
-
-    recmaster -> leader
-    setrecmasterrole -> setleaderrole
-
-  Command output has changed for the following commands:
-
-    status
-    getcapabilities
-
-  The "[legacy] -> recmaster capability" configuration option has been
-  renamed and moved to the cluster section, so this is now:
-
-    [cluster] -> leader capability
-
-* The "recovery lock" has been renamed "cluster lock"
-
-  Documentation and logs now refer to "cluster lock".
-
-  The "[cluster] -> recovery lock" configuration option has been
-  deprecated and will be removed in a future version.  Please use
-  "[cluster] -> cluster lock" instead.
-
-  If the cluster lock is enabled then traditional elections are not
-  done and leader elections use a race for the cluster lock.  This
-  avoids various conditions where a node is elected leader but can not
-  take the cluster lock.  Such conditions included:
-
-  - At startup, a node elects itself leader of its own cluster before
-    connecting to other nodes
-
-  - Cluster filesystem failover is slow
-
-  The abbreviation "reclock" is still used in many places, because a
-  better abbreviation eludes us (i.e. "clock" is obvious bad) and
-  changing all instances would require a lot of churn.  If the
-  abbreviation "reclock" for "cluster lock" is confusing, please
-  consider mentally prefixing it with "really excellent".
-
-* CTDB now uses leader broadcasts and an associated timeout to
-  determine if an election is required
-
-  The leader broadcast timeout can be configured via new configuration
-  option
-
-    [cluster] -> leader timeout
-
-  This specifies the number of seconds without leader broadcasts
-  before a node calls an election.  The default is 5.
-
 
 REMOVED FEATURES
 ================
 
-SMB1 CORE and LANMAN1 protocol wildcard copy, unlink and rename removed
-=======================================================================
-
-In preparation for the removal of the SMB1 server, the unused
-SMB1 command SMB_COM_COPY (SMB1 command number 0x29) has been
-removed from the Samba smbd server. In addition, the ability
-to process file name wildcards in requests using the SMB1 commands
-SMB_COM_COPY (SMB1 command number 0x2A), SMB_COM_RENAME (SMB1 command
-number 0x7), SMB_COM_NT_RENAME (SMB1 command number 0xA5) and
-SMB_COM_DELETE (SMB1 command number 0x6) have been removed.
-
-This only affects clients using MS-DOS based versions of
-SMB1, the last release of which was Windows 98. Users requiring
-support for these features will need to use older versions
-of Samba.
-
-No longer using Linux mandatory locks for sharemodes
-====================================================
-
-smbd mapped sharemodes to Linux mandatory locks. This code in the Linux kernel
-was broken for a long time, and is planned to be removed with Linux 5.15. This
-Samba release removes the usage of mandatory locks for sharemodes and the
-"kernel share modes" config parameter is changed to default to "no". The Samba
-VFS interface is kept, so that file-system specific VFS modules can still use
-private calls for enforcing sharemodes.
-
 
 smb.conf changes
 ================
 
   Parameter Name                          Description     Default
   --------------                          -----------     -------
-  kernel share modes                      New default     No
-  dns forwarder                           Changed
-  rpc_daemon                              Removed
-  rpc_server                              Removed
-  rpc start on demand helpers             Added           true
+
 
 KNOWN ISSUES
 ============
 
-https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.16#Release_blocking_bugs
+https://wiki.samba.org/index.php/Release_Planning_for_Samba_4.17#Release_blocking_bugs
 
 
 #######################################
diff --git a/lib/util/util.c b/lib/util/util.c
index 7eee60b85cd..c066406d320 100644
--- a/lib/util/util.c
+++ b/lib/util/util.c
@@ -481,6 +481,48 @@ void print_asc(int level, const uint8_t *buf,int len)
 	print_asc_cb(buf, len, debugadd_cb, &level);
 }
 
+static void dump_data_block16(const char *prefix, size_t idx,
+			      const uint8_t *buf, size_t len,
+			      void (*cb)(const char *buf, void *private_data),
+			      void *private_data)
+{
+	char tmp[16];
+	size_t i;
+
+	SMB_ASSERT(len >= 0 && len <= 16);
+
+	snprintf(tmp, sizeof(tmp), "%s[%04zX]", prefix, idx);
+	cb(tmp, private_data);
+
+	for (i=0; i<16; i++) {
+		if (i == 8) {
+			cb("  ", private_data);
+		}
+		if (i < len) {
+			snprintf(tmp, sizeof(tmp), " %02X", (int)buf[i]);
+		} else {
+			snprintf(tmp, sizeof(tmp), "   ");
+		}
+		cb(tmp, private_data);
+	}
+
+	cb("   ", private_data);
+
+	if (len == 0) {
+		cb("EMPTY   BLOCK\n", private_data);
+		return;
+	}
+
+	for (i=0; i<len; i++) {
+		if (i == 8) {
+			cb(" ", private_data);
+		}
+		print_asc_cb(&buf[i], 1, cb, private_data);
+	}
+
+	cb("\n", private_data);
+}
+
 /**
  * Write dump of binary data to a callback
  */
@@ -491,73 +533,30 @@ void dump_data_cb(const uint8_t *buf, int len,
 {
 	int i=0;
 	bool skipped = false;
-	char tmp[16];
 
 	if (len<=0) return;
 
-	for (i=0;i<len;) {
-
-		if (i%16 == 0) {
-			if ((omit_zero_bytes == true) &&
-			    (i > 0) &&
-			    (len > i+16) &&
-			    all_zero(&buf[i], 16))
-			{
-				i +=16;
-				continue;
-			}
-
-			if (i<len)  {
-				snprintf(tmp, sizeof(tmp), "[%04X] ", i);
-				cb(tmp, private_data);
+	for (i=0;i<len;i+=16) {
+		size_t remaining_len = len - i;
+		size_t this_len = MIN(remaining_len, 16);
+		const uint8_t *this_buf = &buf[i];
+
+		if ((omit_zero_bytes == true) &&
+		    (i > 0) && (remaining_len > 16) &&
+		    (this_len == 16) && all_zero(this_buf, 16))
+		{
+			if (!skipped) {
+				cb("skipping zero buffer bytes\n",
+				   private_data);
+				skipped = true;
 			}
+			continue;
 		}
 
-		snprintf(tmp, sizeof(tmp), "%02X ", (int)buf[i]);
-		cb(tmp, private_data);
-		i++;
-		if (i%8 == 0) {
-			cb("  ", private_data);
-		}
-		if (i%16 == 0) {
-
-			print_asc_cb(&buf[i-16], 8, cb, private_data);
-			cb(" ", private_data);
-			print_asc_cb(&buf[i-8], 8, cb, private_data);
-			cb("\n", private_data);
-
-			if ((omit_zero_bytes == true) &&
-			    (len > i+16) &&
-			    all_zero(&buf[i], 16)) {
-				if (!skipped) {
-					cb("skipping zero buffer bytes\n",
-					   private_data);
-					skipped = true;
-				}
-			}
-		}
+		skipped = false;
+		dump_data_block16("", i, this_buf, this_len,
+				  cb, private_data);
 	}
-
-	if (i%16) {
-		int n;
-		n = 16 - (i%16);
-		cb("  ", private_data);
-		if (n>8) {
-			cb(" ", private_data);
-		}
-		while (n--) {
-			cb("   ", private_data);
-		}
-		n = MIN(8,i%16);
-		print_asc_cb(&buf[i-(i%16)], n, cb, private_data);
-		cb(" ", private_data);
-		n = (i%16) - n;
-		if (n>0) {
-			print_asc_cb(&buf[i-n], n, cb, private_data);
-		}
-		cb("\n", private_data);
-	}
-
 }
 
 /**
@@ -615,6 +614,90 @@ void dump_data_file(const uint8_t *buf, int len, bool omit_zero_bytes,
 	dump_data_cb(buf, len, omit_zero_bytes, fprintf_cb, f);
 }
 
+/**
+ * Write dump of compared binary data to a callback
+ */
+void dump_data_diff_cb(const uint8_t *buf1, size_t len1,
+		       const uint8_t *buf2, size_t len2,
+		       bool omit_zero_bytes,
+		       void (*cb)(const char *buf, void *private_data),
+		       void *private_data)
+{
+	size_t len = MAX(len1, len2);
+	size_t i;
+	bool skipped = false;
+
+	for (i=0; i<len; i+=16) {
+		size_t remaining_len = len - i;
+		size_t remaining_len1 = 0;
+		size_t this_len1 = 0;
+		const uint8_t *this_buf1 = NULL;
+		size_t remaining_len2 = 0;
+		size_t this_len2 = 0;
+		const uint8_t *this_buf2 = NULL;
+
+		if (i < len1) {
+			remaining_len1 = len1 - i;
+			this_len1 = MIN(remaining_len1, 16);
+			this_buf1 = &buf1[i];
+		}
+		if (i < len2) {
+			remaining_len2 = len2 - i;
+			this_len2 = MIN(remaining_len2, 16);
+			this_buf2 = &buf2[i];
+		}
+
+		if ((omit_zero_bytes == true) &&
+		    (i > 0) && (remaining_len > 16) &&
+		    (this_len1 == 16) && all_zero(this_buf1, 16) &&
+		    (this_len2 == 16) && all_zero(this_buf2, 16))
+		{
+			if (!skipped) {
+				cb("skipping zero buffer bytes\n",
+				   private_data);
+				skipped = true;
+			}
+			continue;
+		}
+
+		skipped = false;
+
+		if ((this_len1 == this_len2) &&
+		    (memcmp(this_buf1, this_buf2, this_len1) == 0))
+		{
+			dump_data_block16(" ", i, this_buf1, this_len1,
+					  cb, private_data);
+			continue;
+		}
+
+		dump_data_block16("-", i, this_buf1, this_len1,
+				  cb, private_data);
+		dump_data_block16("+", i, this_buf2, this_len2,
+				  cb, private_data);
+	}
+}
+
+_PUBLIC_ void dump_data_diff(int dbgc_class, int level,
+			     bool omit_zero_bytes,
+			     const uint8_t *buf1, size_t len1,
+			     const uint8_t *buf2, size_t len2)
+{
+	struct debug_channel_level dcl = { dbgc_class, level };
+
+	if (!DEBUGLVLC(dbgc_class, level)) {
+		return;
+	}
+	dump_data_diff_cb(buf1, len1, buf2, len2, true, debugadd_channel_cb, &dcl);
+}
+
+_PUBLIC_ void dump_data_file_diff(FILE *f,
+			          bool omit_zero_bytes,
+			          const uint8_t *buf1, size_t len1,
+			          const uint8_t *buf2, size_t len2)
+{
+	dump_data_diff_cb(buf1, len1, buf2, len2, omit_zero_bytes, fprintf_cb, f);
+}
+
 /**
  malloc that aborts with smb_panic on fail or zero size.
 **/
diff --git a/lib/util/util.h b/lib/util/util.h
index a7acad56880..072f0486234 100644
--- a/lib/util/util.h
+++ b/lib/util/util.h
@@ -51,4 +51,32 @@ _PUBLIC_ void dump_data(int level, const uint8_t *buf,int len);
  */
 _PUBLIC_ void dump_data_dbgc(int dbgc_class, int level, const uint8_t *buf, int len);
 
+/**
+ * Write dump of compared binary data to a callback
+ */
+void dump_data_diff_cb(const uint8_t *buf1, size_t len1,
+		       const uint8_t *buf2, size_t len2,
+		       bool omit_zero_bytes,
+		       void (*cb)(const char *buf, void *private_data),
+		       void *private_data);
+
+/**
+ * Write dump of compared binary data to the log file.
+ *
+ * The data is only written if the log level is at least level for
+ * debug class dbgc_class.
+ */
+_PUBLIC_ void dump_data_diff(int dbgc_class, int level,
+			     bool omit_zero_bytes,
+			     const uint8_t *buf1, size_t len1,
+			     const uint8_t *buf2, size_t len2);
+
+/**
+ * Write dump of compared binary data to the given file handle
+ */
+_PUBLIC_ void dump_data_file_diff(FILE *f,
+				  bool omit_zero_bytes,
+				  const uint8_t *buf1, size_t len1,
+				  const uint8_t *buf2, size_t len2);
+
 #endif
diff --git a/librpc/ndr/ndr_string.c b/librpc/ndr/ndr_string.c
index b5421e99ff5..95b0366b791 100644
--- a/librpc/ndr/ndr_string.c
+++ b/librpc/ndr/ndr_string.c
@@ -236,7 +236,10 @@ _PUBLIC_ enum ndr_err_code ndr_push_string(struct ndr_push *ndr, int ndr_flags,
 		s_len++;
 	}
 
-	if (!do_convert) {
+	if (s_len == 0) {
+		d_len = 0;
+		dest = (uint8_t *)talloc_strdup(ndr, "");
+	} else if (!do_convert) {
 		d_len = s_len;
 		dest = (uint8_t *)talloc_strndup(ndr, s, s_len);
 	} else if (!convert_string_talloc(ndr, CH_UNIX, chset, s, s_len,
diff --git a/librpc/rpc/dcesrv_auth.c b/librpc/rpc/dcesrv_auth.c
index fec8df513a8..99d8e016216 100644
--- a/librpc/rpc/dcesrv_auth.c
+++ b/librpc/rpc/dcesrv_auth.c
@@ -130,11 +130,13 @@ static bool dcesrv_auth_prepare_gensec(struct dcesrv_call_state *call)
 	auth->auth_level = call->in_auth_info.auth_level;
 	auth->auth_context_id = call->in_auth_info.auth_context_id;
 
+	cb->auth.become_root();
 	status = cb->auth.gensec_prepare(
 		auth,
 		call,
 		&auth->gensec_security,
 		cb->auth.private_data);
+	cb->auth.unbecome_root();
 	if (!NT_STATUS_IS_OK(status)) {
 		DEBUG(1, ("Failed to call samba_server_gensec_start %s\n",
 			  nt_errstr(status)));
@@ -329,6 +331,7 @@ bool dcesrv_auth_bind(struct dcesrv_call_state *call)
 NTSTATUS dcesrv_auth_complete(struct dcesrv_call_state *call, NTSTATUS status)
 {
 	struct dcesrv_auth *auth = call->auth_state;
+	struct dcesrv_context_callbacks *cb = call->conn->dce_ctx->callbacks;


-- 
Samba Shared Repository



More information about the samba-cvs mailing list