[SCM] Samba Shared Repository - branch v4-16-test updated
Jule Anger
janger at samba.org
Sun Jan 30 11:53:01 UTC 2022
The branch, v4-16-test has been updated
via 4d3054261df blackbox.ndrdump: fix test_ndrdump_fuzzed_NULL_struct_ntlmssp_CHALLENGE_MESSAGE test
via 7734584c4fd librpc/ndr: let ndr_push_string() let s_len == 0 result in d_len = 0
via 9be924f907c s4:torture/ndr: demonstrate the ndr_push_string(STR_NOTERM|REMAINING) of "" is wrong
via a55de23fb05 blackbox.ndrdump: adjust example files to the usage of dump_data_diff output.
via c1bd0f0d5e3 ndrdump: make use of dump_data_file_diff() in order to show differences
via 1538a574a22 lib/util: add dump_data_diff*() helpers
via f1cbfdc43c8 blackbox.ndrdump: adjust example files to changed dump_data() output.
via 8097c9b3885 lib/util: split out a dump_data_block16() helper
via c4132ef482b printing/bgqd: Disable systemd notifications
via 20f84f11651 dcesrv_core: wrap gensec_*() calls in [un]become_root() calls
from 3fdc553c981 VERSION: Bump version up to 4.16.0rc2...
https://git.samba.org/?p=samba.git;a=shortlog;h=v4-16-test
- Log -----------------------------------------------------------------
commit 4d3054261df3b8726a4db943b0734071ad151423
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jan 21 20:42:45 2022 +0100
blackbox.ndrdump: fix test_ndrdump_fuzzed_NULL_struct_ntlmssp_CHALLENGE_MESSAGE test
This actually reveals that ndr_push_string() for TargetName="" was
failing before because it resulted in 1 byte for a subcontext with
TargetLen=0.
This is fixed now and we no longer expect ndrdump to exit with 1.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Mon Jan 24 16:18:34 UTC 2022 on sn-devel-184
(cherry picked from commit 12464bd4c222d996aac6d6250b7945d63f20f4bc)
Autobuild-User(v4-16-test): Jule Anger <janger at samba.org>
Autobuild-Date(v4-16-test): Sun Jan 30 11:52:27 UTC 2022 on sn-devel-184
commit 7734584c4fd5bee49ed564771a16d63f2b005937
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 3 13:57:50 2021 +0100
librpc/ndr: let ndr_push_string() let s_len == 0 result in d_len = 0
convert_string_talloc_handle() tries to play an the safe side
and always returns a null terminated array.
But for NDR we need to be correct on the wire...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 43648e95a514020da4c7efa62df55d0882e3db85)
commit 9be924f907c5215d9452db1cb407c83f39df67a5
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jan 21 01:09:23 2022 +0100
s4:torture/ndr: demonstrate the ndr_push_string(STR_NOTERM|REMAINING) of "" is wrong
convert_string_talloc() never returns a string with len=0 and always
implies zero termination byte(s).
For ndr_push_string this is unexpected as we need to be compatible on
the wire and push 0 bytes for an empty string.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 8da26cb6725b5d853ab481a348a3a672966715b5)
commit a55de23fb057d1bf431f20225529e2eadbbccfdf
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jan 21 20:28:59 2022 +0100
blackbox.ndrdump: adjust example files to the usage of dump_data_diff output.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 1dc385cb648f0c37b04f4ede6b1c96916e379b23)
commit c1bd0f0d5e3cc6da66e9241832ae29048c4cda40
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 3 13:32:48 2021 +0100
ndrdump: make use of dump_data_file_diff() in order to show differences
This makes it much easier to detect differences in the given and
generated buffers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit d1a7f392a8ceef111a5d6c3d2a3bdb9dcb90db5e)
commit 1538a574a22c2762ed322ffbf34f63ca872f034b
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 3 11:40:13 2021 +0100
lib/util: add dump_data_diff*() helpers
That will make it easy to see the difference
between two memory buffers.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit b489b7feda19b3c0f0fe2300f2c76d416776355b)
commit f1cbfdc43c8e940c6d2667eccc7545e39be49468
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jan 21 20:06:40 2022 +0100
blackbox.ndrdump: adjust example files to changed dump_data() output.
The cleanup using dump_data_block16() fixed the space handling.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 9110a8854a518befa2908c26076e17a085c5ec48)
commit 8097c9b388531483e47defb0d5ebe31fb4cecc51
Author: Stefan Metzmacher <metze at samba.org>
Date: Wed Nov 3 11:05:52 2021 +0100
lib/util: split out a dump_data_block16() helper
This simplifies the logic a lot for me.
It also fixes some corner cases regarding whitespaces in the
output, that's why we have to mark a few tests as knownfail,
they will be fixed in the next commit.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14956
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 58b09e107cadd7fb8191822d4e7e42657b1ed4c7)
commit c4132ef482bc2a3a20742cfdc5b524bedc8c445b
Author: FeRD (Frank Dana) <ferdnyc at gmail.com>
Date: Mon Jan 24 22:14:31 2022 -0500
printing/bgqd: Disable systemd notifications
samba-bgqd daemon is started by existing Samba daemons. When running
under systemd, those daemons control systemd notifications and
samba-bgqd messages need to be silenced.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14947
Signed-off-by: FeRD (Frank Dana) <ferdnyc at gmail.com>
Reviewed-by: Alexander Bokovoy <ab at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 36c861e25b1d9c5ce44bfcb46247e7e4747930c5)
commit 20f84f11651e93c14818bcfcfe9b2fe259496ae3
Author: Stefan Metzmacher <metze at samba.org>
Date: Sat Jan 22 01:08:26 2022 +0100
dcesrv_core: wrap gensec_*() calls in [un]become_root() calls
This is important for the source3/rpc_server code as it might
be called embedded in smbd and may not run as root with access
to our private tdb/ldb files.
Note this is only really needed for 4.15 and older, as
we no longer run the rpc_server embedded in smbd,
but we better be consistent for now.
This should be able to fix the problem the printing no longer works
on Windows 7 with 2021-10 monthly rollup patch (KB5006743).
Windows uses NTLMSSP with privacy at the DCERPC layer on top
of NCACN_NP (smb).
BUG: https://bugzilla.samba.org/show_bug.cgi?id=14867
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
(cherry picked from commit 0651fa474cd68b18d8eb9bdc7c4ba5b847ba9ad9)
-----------------------------------------------------------------------
Summary of changes:
lib/util/util.c | 203 +++++++++-----
lib/util/util.h | 28 ++
librpc/ndr/ndr_string.c | 5 +-
librpc/rpc/dcesrv_auth.c | 5 +
librpc/rpc/dcesrv_core.c | 18 ++
librpc/rpc/dcesrv_core.h | 2 +
librpc/tools/ndrdump.c | 10 +
python/samba/tests/blackbox/ndrdump.py | 19 +-
source3/printing/samba-bgqd.c | 3 +
source3/rpc_server/rpc_config.c | 2 +
source3/rpc_server/rpc_worker.c | 2 +
source3/selftest/ktest-krb5_ccache-2.txt | 4 +-
source3/selftest/ktest-krb5_ccache-3.txt | 4 +-
.../tests/dns-decode_dns_name_packet-hex.txt | 2 +-
.../librpc/tests/fuzzed_drsuapi_DsAddEntry_1.txt | 297 ++++++++++++++++++++-
.../librpc/tests/fuzzed_drsuapi_DsGetNCChanges.txt | 2 +-
.../tests/fuzzed_drsuapi_DsReplicaAttribute.txt | 31 ++-
.../tests/fuzzed_ntlmssp-AUTHENTICATE_MESSAGE.txt | 33 +++
.../tests/fuzzed_ntlmssp-CHALLENGE_MESSAGE.txt | 52 +++-
source4/librpc/tests/krb5pac_upn_dns_info_ex.txt | 61 +++++
.../krb5pac_upn_dns_info_ex_not_supported.txt | 69 +++++
source4/rpc_server/service_rpc.c | 10 +
source4/torture/ndr/string.c | 30 ++-
23 files changed, 800 insertions(+), 92 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/util/util.c b/lib/util/util.c
index 7eee60b85cd..c066406d320 100644
--- a/lib/util/util.c
+++ b/lib/util/util.c
@@ -481,6 +481,48 @@ void print_asc(int level, const uint8_t *buf,int len)
print_asc_cb(buf, len, debugadd_cb, &level);
}
+static void dump_data_block16(const char *prefix, size_t idx,
+ const uint8_t *buf, size_t len,
+ void (*cb)(const char *buf, void *private_data),
+ void *private_data)
+{
+ char tmp[16];
+ size_t i;
+
+ SMB_ASSERT(len >= 0 && len <= 16);
+
+ snprintf(tmp, sizeof(tmp), "%s[%04zX]", prefix, idx);
+ cb(tmp, private_data);
+
+ for (i=0; i<16; i++) {
+ if (i == 8) {
+ cb(" ", private_data);
+ }
+ if (i < len) {
+ snprintf(tmp, sizeof(tmp), " %02X", (int)buf[i]);
+ } else {
+ snprintf(tmp, sizeof(tmp), " ");
+ }
+ cb(tmp, private_data);
+ }
+
+ cb(" ", private_data);
+
+ if (len == 0) {
+ cb("EMPTY BLOCK\n", private_data);
+ return;
+ }
+
+ for (i=0; i<len; i++) {
+ if (i == 8) {
+ cb(" ", private_data);
+ }
+ print_asc_cb(&buf[i], 1, cb, private_data);
+ }
+
+ cb("\n", private_data);
+}
+
/**
* Write dump of binary data to a callback
*/
@@ -491,73 +533,30 @@ void dump_data_cb(const uint8_t *buf, int len,
{
int i=0;
bool skipped = false;
- char tmp[16];
if (len<=0) return;
- for (i=0;i<len;) {
-
- if (i%16 == 0) {
- if ((omit_zero_bytes == true) &&
- (i > 0) &&
- (len > i+16) &&
- all_zero(&buf[i], 16))
- {
- i +=16;
- continue;
- }
-
- if (i<len) {
- snprintf(tmp, sizeof(tmp), "[%04X] ", i);
- cb(tmp, private_data);
+ for (i=0;i<len;i+=16) {
+ size_t remaining_len = len - i;
+ size_t this_len = MIN(remaining_len, 16);
+ const uint8_t *this_buf = &buf[i];
+
+ if ((omit_zero_bytes == true) &&
+ (i > 0) && (remaining_len > 16) &&
+ (this_len == 16) && all_zero(this_buf, 16))
+ {
+ if (!skipped) {
+ cb("skipping zero buffer bytes\n",
+ private_data);
+ skipped = true;
}
+ continue;
}
- snprintf(tmp, sizeof(tmp), "%02X ", (int)buf[i]);
- cb(tmp, private_data);
- i++;
- if (i%8 == 0) {
- cb(" ", private_data);
- }
- if (i%16 == 0) {
-
- print_asc_cb(&buf[i-16], 8, cb, private_data);
- cb(" ", private_data);
- print_asc_cb(&buf[i-8], 8, cb, private_data);
- cb("\n", private_data);
-
- if ((omit_zero_bytes == true) &&
- (len > i+16) &&
- all_zero(&buf[i], 16)) {
- if (!skipped) {
- cb("skipping zero buffer bytes\n",
- private_data);
- skipped = true;
- }
- }
- }
+ skipped = false;
+ dump_data_block16("", i, this_buf, this_len,
+ cb, private_data);
}
-
- if (i%16) {
- int n;
- n = 16 - (i%16);
- cb(" ", private_data);
- if (n>8) {
- cb(" ", private_data);
- }
- while (n--) {
- cb(" ", private_data);
- }
- n = MIN(8,i%16);
- print_asc_cb(&buf[i-(i%16)], n, cb, private_data);
- cb(" ", private_data);
- n = (i%16) - n;
- if (n>0) {
- print_asc_cb(&buf[i-n], n, cb, private_data);
- }
- cb("\n", private_data);
- }
-
}
/**
@@ -615,6 +614,90 @@ void dump_data_file(const uint8_t *buf, int len, bool omit_zero_bytes,
dump_data_cb(buf, len, omit_zero_bytes, fprintf_cb, f);
}
+/**
+ * Write dump of compared binary data to a callback
+ */
+void dump_data_diff_cb(const uint8_t *buf1, size_t len1,
+ const uint8_t *buf2, size_t len2,
+ bool omit_zero_bytes,
+ void (*cb)(const char *buf, void *private_data),
+ void *private_data)
+{
+ size_t len = MAX(len1, len2);
+ size_t i;
+ bool skipped = false;
+
+ for (i=0; i<len; i+=16) {
+ size_t remaining_len = len - i;
+ size_t remaining_len1 = 0;
+ size_t this_len1 = 0;
+ const uint8_t *this_buf1 = NULL;
+ size_t remaining_len2 = 0;
+ size_t this_len2 = 0;
+ const uint8_t *this_buf2 = NULL;
+
+ if (i < len1) {
+ remaining_len1 = len1 - i;
+ this_len1 = MIN(remaining_len1, 16);
+ this_buf1 = &buf1[i];
+ }
+ if (i < len2) {
+ remaining_len2 = len2 - i;
+ this_len2 = MIN(remaining_len2, 16);
+ this_buf2 = &buf2[i];
+ }
+
+ if ((omit_zero_bytes == true) &&
+ (i > 0) && (remaining_len > 16) &&
+ (this_len1 == 16) && all_zero(this_buf1, 16) &&
+ (this_len2 == 16) && all_zero(this_buf2, 16))
+ {
+ if (!skipped) {
+ cb("skipping zero buffer bytes\n",
+ private_data);
+ skipped = true;
+ }
+ continue;
+ }
+
+ skipped = false;
+
+ if ((this_len1 == this_len2) &&
+ (memcmp(this_buf1, this_buf2, this_len1) == 0))
+ {
+ dump_data_block16(" ", i, this_buf1, this_len1,
+ cb, private_data);
+ continue;
+ }
+
+ dump_data_block16("-", i, this_buf1, this_len1,
+ cb, private_data);
+ dump_data_block16("+", i, this_buf2, this_len2,
+ cb, private_data);
+ }
+}
+
+_PUBLIC_ void dump_data_diff(int dbgc_class, int level,
+ bool omit_zero_bytes,
+ const uint8_t *buf1, size_t len1,
+ const uint8_t *buf2, size_t len2)
+{
+ struct debug_channel_level dcl = { dbgc_class, level };
+
+ if (!DEBUGLVLC(dbgc_class, level)) {
+ return;
+ }
+ dump_data_diff_cb(buf1, len1, buf2, len2, true, debugadd_channel_cb, &dcl);
+}
+
+_PUBLIC_ void dump_data_file_diff(FILE *f,
+ bool omit_zero_bytes,
+ const uint8_t *buf1, size_t len1,
+ const uint8_t *buf2, size_t len2)
+{
+ dump_data_diff_cb(buf1, len1, buf2, len2, omit_zero_bytes, fprintf_cb, f);
+}
+
/**
malloc that aborts with smb_panic on fail or zero size.
**/
diff --git a/lib/util/util.h b/lib/util/util.h
index a7acad56880..072f0486234 100644
--- a/lib/util/util.h
+++ b/lib/util/util.h
@@ -51,4 +51,32 @@ _PUBLIC_ void dump_data(int level, const uint8_t *buf,int len);
*/
_PUBLIC_ void dump_data_dbgc(int dbgc_class, int level, const uint8_t *buf, int len);
+/**
+ * Write dump of compared binary data to a callback
+ */
+void dump_data_diff_cb(const uint8_t *buf1, size_t len1,
+ const uint8_t *buf2, size_t len2,
+ bool omit_zero_bytes,
+ void (*cb)(const char *buf, void *private_data),
+ void *private_data);
+
+/**
+ * Write dump of compared binary data to the log file.
+ *
+ * The data is only written if the log level is at least level for
+ * debug class dbgc_class.
+ */
+_PUBLIC_ void dump_data_diff(int dbgc_class, int level,
+ bool omit_zero_bytes,
+ const uint8_t *buf1, size_t len1,
+ const uint8_t *buf2, size_t len2);
+
+/**
+ * Write dump of compared binary data to the given file handle
+ */
+_PUBLIC_ void dump_data_file_diff(FILE *f,
+ bool omit_zero_bytes,
+ const uint8_t *buf1, size_t len1,
+ const uint8_t *buf2, size_t len2);
+
#endif
diff --git a/librpc/ndr/ndr_string.c b/librpc/ndr/ndr_string.c
index b5421e99ff5..95b0366b791 100644
--- a/librpc/ndr/ndr_string.c
+++ b/librpc/ndr/ndr_string.c
@@ -236,7 +236,10 @@ _PUBLIC_ enum ndr_err_code ndr_push_string(struct ndr_push *ndr, int ndr_flags,
s_len++;
}
- if (!do_convert) {
+ if (s_len == 0) {
+ d_len = 0;
+ dest = (uint8_t *)talloc_strdup(ndr, "");
+ } else if (!do_convert) {
d_len = s_len;
dest = (uint8_t *)talloc_strndup(ndr, s, s_len);
} else if (!convert_string_talloc(ndr, CH_UNIX, chset, s, s_len,
diff --git a/librpc/rpc/dcesrv_auth.c b/librpc/rpc/dcesrv_auth.c
index fec8df513a8..99d8e016216 100644
--- a/librpc/rpc/dcesrv_auth.c
+++ b/librpc/rpc/dcesrv_auth.c
@@ -130,11 +130,13 @@ static bool dcesrv_auth_prepare_gensec(struct dcesrv_call_state *call)
auth->auth_level = call->in_auth_info.auth_level;
auth->auth_context_id = call->in_auth_info.auth_context_id;
+ cb->auth.become_root();
status = cb->auth.gensec_prepare(
auth,
call,
&auth->gensec_security,
cb->auth.private_data);
+ cb->auth.unbecome_root();
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to call samba_server_gensec_start %s\n",
nt_errstr(status)));
@@ -329,6 +331,7 @@ bool dcesrv_auth_bind(struct dcesrv_call_state *call)
NTSTATUS dcesrv_auth_complete(struct dcesrv_call_state *call, NTSTATUS status)
{
struct dcesrv_auth *auth = call->auth_state;
+ struct dcesrv_context_callbacks *cb = call->conn->dce_ctx->callbacks;
const char *pdu = "<unknown>";
switch (call->pkt.ptype) {
@@ -359,9 +362,11 @@ NTSTATUS dcesrv_auth_complete(struct dcesrv_call_state *call, NTSTATUS status)
return status;
}
+ cb->auth.become_root();
status = gensec_session_info(auth->gensec_security,
auth,
&auth->session_info);
+ cb->auth.unbecome_root();
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Failed to establish session_info: %s\n",
nt_errstr(status)));
diff --git a/librpc/rpc/dcesrv_core.c b/librpc/rpc/dcesrv_core.c
index 015c7639a51..9fd71812905 100644
--- a/librpc/rpc/dcesrv_core.c
+++ b/librpc/rpc/dcesrv_core.c
@@ -970,6 +970,7 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call)
struct dcerpc_binding *ep_2nd_description = NULL;
const char *endpoint = NULL;
struct dcesrv_auth *auth = call->auth_state;
+ struct dcesrv_context_callbacks *cb = call->conn->dce_ctx->callbacks;
struct dcerpc_ack_ctx *ack_ctx_list = NULL;
struct dcerpc_ack_ctx *ack_features = NULL;
struct tevent_req *subreq = NULL;
@@ -1175,9 +1176,11 @@ static NTSTATUS dcesrv_bind(struct dcesrv_call_state *call)
return dcesrv_auth_reply(call);
}
+ cb->auth.become_root();
subreq = gensec_update_send(call, call->event_ctx,
auth->gensec_security,
call->in_auth_info.credentials);
+ cb->auth.unbecome_root();
if (subreq == NULL) {
return NT_STATUS_NO_MEMORY;
}
@@ -1192,10 +1195,13 @@ static void dcesrv_bind_done(struct tevent_req *subreq)
tevent_req_callback_data(subreq,
struct dcesrv_call_state);
struct dcesrv_connection *conn = call->conn;
+ struct dcesrv_context_callbacks *cb = call->conn->dce_ctx->callbacks;
NTSTATUS status;
+ cb->auth.become_root();
status = gensec_update_recv(subreq, call,
&call->out_auth_info->credentials);
+ cb->auth.unbecome_root();
TALLOC_FREE(subreq);
status = dcesrv_auth_complete(call, status);
@@ -1253,6 +1259,7 @@ static NTSTATUS dcesrv_auth3(struct dcesrv_call_state *call)
{
struct dcesrv_connection *conn = call->conn;
struct dcesrv_auth *auth = call->auth_state;
+ struct dcesrv_context_callbacks *cb = call->conn->dce_ctx->callbacks;
struct tevent_req *subreq = NULL;
NTSTATUS status;
@@ -1297,9 +1304,11 @@ static NTSTATUS dcesrv_auth3(struct dcesrv_call_state *call)
return NT_STATUS_OK;
}
+ cb->auth.become_root();
subreq = gensec_update_send(call, call->event_ctx,
auth->gensec_security,
call->in_auth_info.credentials);
+ cb->auth.unbecome_root();
if (subreq == NULL) {
return NT_STATUS_NO_MEMORY;
}
@@ -1315,10 +1324,13 @@ static void dcesrv_auth3_done(struct tevent_req *subreq)
struct dcesrv_call_state);
struct dcesrv_connection *conn = call->conn;
struct dcesrv_auth *auth = call->auth_state;
+ struct dcesrv_context_callbacks *cb = call->conn->dce_ctx->callbacks;
NTSTATUS status;
+ cb->auth.become_root();
status = gensec_update_recv(subreq, call,
&call->out_auth_info->credentials);
+ cb->auth.unbecome_root();
TALLOC_FREE(subreq);
status = dcesrv_auth_complete(call, status);
@@ -1587,6 +1599,7 @@ static NTSTATUS dcesrv_alter(struct dcesrv_call_state *call)
struct ncacn_packet *pkt = &call->ack_pkt;
uint32_t extra_flags = 0;
struct dcesrv_auth *auth = call->auth_state;
+ struct dcesrv_context_callbacks *cb = call->conn->dce_ctx->callbacks;
struct dcerpc_ack_ctx *ack_ctx_list = NULL;
struct tevent_req *subreq = NULL;
size_t i;
@@ -1698,9 +1711,11 @@ static NTSTATUS dcesrv_alter(struct dcesrv_call_state *call)
return dcesrv_auth_reply(call);
}
+ cb->auth.become_root();
subreq = gensec_update_send(call, call->event_ctx,
auth->gensec_security,
call->in_auth_info.credentials);
+ cb->auth.unbecome_root();
if (subreq == NULL) {
return NT_STATUS_NO_MEMORY;
}
@@ -1715,10 +1730,13 @@ static void dcesrv_alter_done(struct tevent_req *subreq)
tevent_req_callback_data(subreq,
struct dcesrv_call_state);
struct dcesrv_connection *conn = call->conn;
+ struct dcesrv_context_callbacks *cb = call->conn->dce_ctx->callbacks;
NTSTATUS status;
+ cb->auth.become_root();
status = gensec_update_recv(subreq, call,
&call->out_auth_info->credentials);
+ cb->auth.unbecome_root();
TALLOC_FREE(subreq);
status = dcesrv_auth_complete(call, status);
diff --git a/librpc/rpc/dcesrv_core.h b/librpc/rpc/dcesrv_core.h
index e8e87bcce94..69815b71f3d 100644
--- a/librpc/rpc/dcesrv_core.h
+++ b/librpc/rpc/dcesrv_core.h
@@ -392,6 +392,8 @@ struct dcesrv_context_callbacks {
struct gensec_security **out,
void *private_data);
void *private_data;
+ void (*become_root)(void);
+ void (*unbecome_root)(void);
} auth;
struct {
NTSTATUS (*find)(
diff --git a/librpc/tools/ndrdump.c b/librpc/tools/ndrdump.c
index ed9198f145d..b5d7f4fa3f6 100644
--- a/librpc/tools/ndrdump.c
+++ b/librpc/tools/ndrdump.c
@@ -189,6 +189,13 @@ static void ndrdump_data(uint8_t *d, uint32_t l, bool force)
dump_data_file(d, l, !force, stdout);
}
+static void ndrdump_data_diff(const uint8_t *d1, size_t l1,
+ const uint8_t *d2, size_t l2,
+ bool force)
+{
+ dump_data_file_diff(stdout, !force, d1, l1, d2, l2);
+}
+
static NTSTATUS ndrdump_pull_and_print_pipes(const char *function,
struct ndr_pull *ndr_pull,
struct ndr_print *ndr_print,
@@ -772,6 +779,9 @@ static void ndr_print_dummy(struct ndr_print *ndr, const char *format, ...)
printf("WARNING! orig and validated differ at byte 0x%02X (%u)\n", i, i);
printf("WARNING! orig byte[0x%02X] = 0x%02X validated byte[0x%02X] = 0x%02X\n",
i, byte_a, i, byte_b);
+ ndrdump_data_diff(blob.data, blob.length,
+ v_blob.data, v_blob.length,
+ dumpdata);
}
}
diff --git a/python/samba/tests/blackbox/ndrdump.py b/python/samba/tests/blackbox/ndrdump.py
index ace56d3edf6..11d9441e51a 100644
--- a/python/samba/tests/blackbox/ndrdump.py
+++ b/python/samba/tests/blackbox/ndrdump.py
@@ -170,7 +170,7 @@ dump OK
def test_ndrdump_input_cmdline_short_struct_name_dump(self):
expected = '''pull returned Buffer Size Error
6 bytes consumed
-[0000] 61 62 63 64 65 66 67 abcdefg ''' \
+[0000] 61 62 63 64 65 66 67 abcdefg''' \
'''
'''
try:
@@ -186,10 +186,10 @@ dump OK
def test_ndrdump_input_cmdline_short_struct_name_print_fail(self):
expected = '''pull returned Buffer Size Error
6 bytes consumed
-[0000] 61 62 63 64 65 66 67 abcdefg ''' \
+[0000] 61 62 63 64 65 66 67 abcdefg''' \
'''
WARNING! 1 unread bytes
-[0000] 67 g ''' \
+[0000] 67 g''' \
'''
WARNING: pull of GUID was incomplete, therefore the parse below may SEGFAULT
GUID : 64636261-6665-0000-0000-000000000000
@@ -211,7 +211,7 @@ WARNING! 53 unread bytes
--
Samba Shared Repository
More information about the samba-cvs
mailing list