[SCM] Samba Shared Repository - branch master updated
Stefan Metzmacher
metze at samba.org
Wed Jun 19 10:18:01 UTC 2024
The branch, master has been updated
via 5b40cdf6e88 auth/credentials: don't ignore "client use kerberos" and --use-kerberos for machine accounts
via eeb60574b6b auth/credentials: add tests for cli_credentials_get_kerberos_state[_obtained]()
via c715ac5e496 auth/credentials: add cli_credentials_get_kerberos_state_obtained() helper
via db2c576f329 testprogs/blackbox: add test_ldap_token.sh to test "client use kerberos" and --use-kerberos
via cda8beea453 testprogs/blackbox: let test_trust_token.sh check for S-1-18-1 with kerberos
via 53b72ea4d25 vfs_recycle: remember resolved config->repository in vfs_recycle_connect()
via c229a84b449 Revert "TMP-REPRODUCE: vfs_recycle: demonstrate memory corruption in recycle_unlink_internal()"
via 2175856fef1 vfs_recycle: fix memory hierarchy
via b38241da3dd vfs_recycle: use the correct return in SMB_VFS_HANDLE_GET_DATA()
via cf7a6b521ac vfs_recycle: use a talloc_stackframe() in recycle_unlink_internal()
via 220b0e977e2 vfs_recycle: directly allocate smb_fname_final->base_name
via 691564f6ca7 vfs_recycle: don't unlink on allocation failure
via 6467c47cbe5 TMP-REPRODUCE: vfs_recycle: demonstrate memory corruption in recycle_unlink_internal()
via 2916b6096e1 test_recycle.sh: make sure we don't see panics on the log files
from 462b74da79c vfs_default: also call vfs_offload_token_ctx_init in vfswrap_offload_write_send
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 5b40cdf6e8885c9db6c5ffa972112f3516e4130a
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jun 18 20:28:25 2024 +0200
auth/credentials: don't ignore "client use kerberos" and --use-kerberos for machine accounts
We only turn desired into off in the NT4 domain member case.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15666
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
Autobuild-User(master): Stefan Metzmacher <metze at samba.org>
Autobuild-Date(master): Wed Jun 19 10:17:28 UTC 2024 on atb-devel-224
commit eeb60574b6bf1a5209b85a8af843b93300550ba7
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jun 18 19:02:05 2024 +0200
auth/credentials: add tests for cli_credentials_get_kerberos_state[_obtained]()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15666
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit c715ac5e496ddde119212d3b880ff0e68c2da67b
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jun 18 18:53:48 2024 +0200
auth/credentials: add cli_credentials_get_kerberos_state_obtained() helper
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15666
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit db2c576f329675e8d66e19c336fe04ccba918b4a
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jun 18 19:34:30 2024 +0200
testprogs/blackbox: add test_ldap_token.sh to test "client use kerberos" and --use-kerberos
This shows that they are ignored for machine accounts as domain member.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15666
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit cda8beea45303a77080c64bb2391d22c59672deb
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jun 18 19:11:09 2024 +0200
testprogs/blackbox: let test_trust_token.sh check for S-1-18-1 with kerberos
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15666
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Andreas Schneider <asn at samba.org>
commit 53b72ea4d25d4aa6cf8de1c7555456d4cc03b809
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 14 10:07:02 2024 +0200
vfs_recycle: remember resolved config->repository in vfs_recycle_connect()
This should not change during the lifetime of the tcon.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15659
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit c229a84b449b8ba326ee0f6f702d91f101b99ee4
Author: Stefan Metzmacher <metze at samba.org>
Date: Tue Jun 18 14:18:17 2024 +0200
Revert "TMP-REPRODUCE: vfs_recycle: demonstrate memory corruption in recycle_unlink_internal()"
This was only added to demonstrate the problem more reliable.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15659
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 2175856fef17964cef7cf8618b39736168219eec
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 14 10:07:02 2024 +0200
vfs_recycle: fix memory hierarchy
If the configuration is reloaded strings and string lists
in recycle_config_data could become stale pointers
leading to segmentation faults...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15659
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit b38241da3dd73386c4f41a56d95d33d4e1e3d2de
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 14 10:07:02 2024 +0200
vfs_recycle: use the correct return in SMB_VFS_HANDLE_GET_DATA()
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15659
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit cf7a6b521ac0bb903dabbd1af208d1af4fbe9a8b
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 14 10:07:02 2024 +0200
vfs_recycle: use a talloc_stackframe() in recycle_unlink_internal()
That makes the cleanup more clear...
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15659
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 220b0e977e2e25f2033cfd62c17d998c750992fc
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 14 10:07:02 2024 +0200
vfs_recycle: directly allocate smb_fname_final->base_name
We can use talloc_asprintf() instead of asprintf() followed
by talloc_strdup().
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15659
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 691564f6ca7d206939558b8e69b5fb86a3e68650
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 14 10:07:02 2024 +0200
vfs_recycle: don't unlink on allocation failure
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15659
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 6467c47cbe562e99e970dbb895e1068f54e6295b
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 14 13:40:35 2024 +0200
TMP-REPRODUCE: vfs_recycle: demonstrate memory corruption in recycle_unlink_internal()
Forcing a reload of the smb.conf option values means the pointer learned
in vfs_recycle_connect() become stale.
This will be reverted at the end of the patset again.
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15659
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
commit 2916b6096e16fb44d659b7e60d3f3a569d037279
Author: Stefan Metzmacher <metze at samba.org>
Date: Fri Jun 14 13:40:35 2024 +0200
test_recycle.sh: make sure we don't see panics on the log files
BUG: https://bugzilla.samba.org/show_bug.cgi?id=15659
Signed-off-by: Stefan Metzmacher <metze at samba.org>
Reviewed-by: Martin Schwenke <martin at meltin.net>
Reviewed-by: Noel Power <noel.power at suse.com>
Reviewed-by: Volker Lendecke <vl at samba.org>
-----------------------------------------------------------------------
Summary of changes:
auth/credentials/credentials.c | 5 +
auth/credentials/credentials.h | 1 +
auth/credentials/credentials_secrets.c | 31 ++++--
auth/credentials/tests/test_creds.c | 37 +++++--
source3/modules/vfs_recycle.c | 176 ++++++++++++++++++++-------------
source3/script/tests/test_recycle.sh | 5 +
source4/selftest/tests.py | 5 +
testprogs/blackbox/test_ldap_token.sh | 115 +++++++++++++++++++++
testprogs/blackbox/test_trust_token.sh | 5 +-
9 files changed, 293 insertions(+), 87 deletions(-)
create mode 100755 testprogs/blackbox/test_ldap_token.sh
Changeset truncated at 500 lines:
diff --git a/auth/credentials/credentials.c b/auth/credentials/credentials.c
index 174858fb83a..d57096c5707 100644
--- a/auth/credentials/credentials.c
+++ b/auth/credentials/credentials.c
@@ -147,6 +147,11 @@ _PUBLIC_ enum credentials_use_kerberos cli_credentials_get_kerberos_state(struct
return creds->kerberos_state;
}
+_PUBLIC_ enum credentials_obtained cli_credentials_get_kerberos_state_obtained(struct cli_credentials *creds)
+{
+ return creds->kerberos_state_obtained;
+}
+
_PUBLIC_ const char *cli_credentials_get_forced_sasl_mech(struct cli_credentials *creds)
{
return creds->forced_sasl_mech;
diff --git a/auth/credentials/credentials.h b/auth/credentials/credentials.h
index 2b95b963766..8a6f26be31c 100644
--- a/auth/credentials/credentials.h
+++ b/auth/credentials/credentials.h
@@ -276,6 +276,7 @@ const char *cli_credentials_get_impersonate_principal(struct cli_credentials *cr
const char *cli_credentials_get_self_service(struct cli_credentials *cred);
const char *cli_credentials_get_target_service(struct cli_credentials *cred);
enum credentials_use_kerberos cli_credentials_get_kerberos_state(struct cli_credentials *creds);
+enum credentials_obtained cli_credentials_get_kerberos_state_obtained(struct cli_credentials *creds);
const char *cli_credentials_get_forced_sasl_mech(struct cli_credentials *cred);
enum credentials_krb_forwardable cli_credentials_get_krb_forwardable(struct cli_credentials *creds);
NTSTATUS cli_credentials_set_secrets(struct cli_credentials *cred,
diff --git a/auth/credentials/credentials_secrets.c b/auth/credentials/credentials_secrets.c
index 8469d6e116f..906f3ff1a21 100644
--- a/auth/credentials/credentials_secrets.c
+++ b/auth/credentials/credentials_secrets.c
@@ -370,13 +370,17 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account_db_ctx(struct cli_credenti
}
if (secrets_tdb_password_more_recent) {
- enum credentials_use_kerberos use_kerberos =
- CRED_USE_KERBEROS_DISABLED;
char *machine_account = talloc_asprintf(tmp_ctx, "%s$", lpcfg_netbios_name(lp_ctx));
cli_credentials_set_password(cred, secrets_tdb_password, CRED_SPECIFIED);
cli_credentials_set_old_password(cred, secrets_tdb_old_password, CRED_SPECIFIED);
cli_credentials_set_domain(cred, domain, CRED_SPECIFIED);
if (strequal(domain, lpcfg_workgroup(lp_ctx))) {
+ enum credentials_use_kerberos use_kerberos =
+ cli_credentials_get_kerberos_state(cred);
+ enum credentials_obtained use_kerberos_obtained =
+ cli_credentials_get_kerberos_state_obtained(cred);
+ bool is_ad = false;
+
cli_credentials_set_realm(cred, lpcfg_realm(lp_ctx), CRED_SPECIFIED);
switch (server_role) {
@@ -388,13 +392,28 @@ _PUBLIC_ NTSTATUS cli_credentials_set_machine_account_db_ctx(struct cli_credenti
FALL_THROUGH;
case ROLE_ACTIVE_DIRECTORY_DC:
case ROLE_IPA_DC:
- use_kerberos = CRED_USE_KERBEROS_DESIRED;
+ is_ad = true;
break;
}
+
+ if (use_kerberos != CRED_USE_KERBEROS_DESIRED || is_ad) {
+ /*
+ * Keep an explicit selection
+ *
+ * For AD domains we also keep
+ * CRED_USE_KERBEROS_DESIRED
+ */
+ } else if (use_kerberos_obtained <= CRED_SMB_CONF) {
+ /*
+ * Disable kerberos by default within
+ * an NT4 domain.
+ */
+ cli_credentials_set_kerberos_state(cred,
+ CRED_USE_KERBEROS_DISABLED,
+ CRED_SMB_CONF);
+ }
}
- cli_credentials_set_kerberos_state(cred,
- use_kerberos,
- CRED_SPECIFIED);
+
cli_credentials_set_username(cred, machine_account, CRED_SPECIFIED);
cli_credentials_set_password_last_changed_time(cred, secrets_tdb_lct);
cli_credentials_set_secure_channel_type(cred, secrets_tdb_secure_channel_type);
diff --git a/auth/credentials/tests/test_creds.c b/auth/credentials/tests/test_creds.c
index 054b7321ce4..fa8755e0a40 100644
--- a/auth/credentials/tests/test_creds.c
+++ b/auth/credentials/tests/test_creds.c
@@ -234,6 +234,8 @@ static void torture_creds_krb5_state(void **state)
TALLOC_CTX *mem_ctx = *state;
struct cli_credentials *creds = NULL;
struct loadparm_context *lp_ctx = NULL;
+ enum credentials_obtained kerberos_state_obtained;
+ enum credentials_use_kerberos kerberos_state;
bool ok;
lp_ctx = loadparm_init_global(true);
@@ -241,18 +243,27 @@ static void torture_creds_krb5_state(void **state)
creds = cli_credentials_init(mem_ctx);
assert_non_null(creds);
- assert_int_equal(creds->kerberos_state_obtained, CRED_UNINITIALISED);
- assert_int_equal(creds->kerberos_state, CRED_USE_KERBEROS_DESIRED);
+ kerberos_state_obtained =
+ cli_credentials_get_kerberos_state_obtained(creds);
+ kerberos_state = cli_credentials_get_kerberos_state(creds);
+ assert_int_equal(kerberos_state_obtained, CRED_UNINITIALISED);
+ assert_int_equal(kerberos_state, CRED_USE_KERBEROS_DESIRED);
ok = cli_credentials_set_conf(creds, lp_ctx);
assert_true(ok);
- assert_int_equal(creds->kerberos_state_obtained, CRED_SMB_CONF);
- assert_int_equal(creds->kerberos_state, CRED_USE_KERBEROS_DESIRED);
+ kerberos_state_obtained =
+ cli_credentials_get_kerberos_state_obtained(creds);
+ kerberos_state = cli_credentials_get_kerberos_state(creds);
+ assert_int_equal(kerberos_state_obtained, CRED_SMB_CONF);
+ assert_int_equal(kerberos_state, CRED_USE_KERBEROS_DESIRED);
ok = cli_credentials_guess(creds, lp_ctx);
assert_true(ok);
- assert_int_equal(creds->kerberos_state_obtained, CRED_SMB_CONF);
- assert_int_equal(creds->kerberos_state, CRED_USE_KERBEROS_DESIRED);
+ kerberos_state_obtained =
+ cli_credentials_get_kerberos_state_obtained(creds);
+ kerberos_state = cli_credentials_get_kerberos_state(creds);
+ assert_int_equal(kerberos_state_obtained, CRED_SMB_CONF);
+ assert_int_equal(kerberos_state, CRED_USE_KERBEROS_DESIRED);
assert_int_equal(creds->ccache_obtained, CRED_GUESS_FILE);
assert_non_null(creds->ccache);
@@ -260,15 +271,21 @@ static void torture_creds_krb5_state(void **state)
CRED_USE_KERBEROS_REQUIRED,
CRED_SPECIFIED);
assert_true(ok);
- assert_int_equal(creds->kerberos_state_obtained, CRED_SPECIFIED);
- assert_int_equal(creds->kerberos_state, CRED_USE_KERBEROS_REQUIRED);
+ kerberos_state_obtained =
+ cli_credentials_get_kerberos_state_obtained(creds);
+ kerberos_state = cli_credentials_get_kerberos_state(creds);
+ assert_int_equal(kerberos_state_obtained, CRED_SPECIFIED);
+ assert_int_equal(kerberos_state, CRED_USE_KERBEROS_REQUIRED);
ok = cli_credentials_set_kerberos_state(creds,
CRED_USE_KERBEROS_DISABLED,
CRED_SMB_CONF);
assert_false(ok);
- assert_int_equal(creds->kerberos_state_obtained, CRED_SPECIFIED);
- assert_int_equal(creds->kerberos_state, CRED_USE_KERBEROS_REQUIRED);
+ kerberos_state_obtained =
+ cli_credentials_get_kerberos_state_obtained(creds);
+ kerberos_state = cli_credentials_get_kerberos_state(creds);
+ assert_int_equal(kerberos_state_obtained, CRED_SPECIFIED);
+ assert_int_equal(kerberos_state, CRED_USE_KERBEROS_REQUIRED);
}
diff --git a/source3/modules/vfs_recycle.c b/source3/modules/vfs_recycle.c
index 327a7eea06e..ea0417d9649 100644
--- a/source3/modules/vfs_recycle.c
+++ b/source3/modules/vfs_recycle.c
@@ -55,10 +55,14 @@ static int vfs_recycle_connect(struct vfs_handle_struct *handle,
const char *service,
const char *user)
{
+ const struct loadparm_substitution *lp_sub =
+ loadparm_s3_global_substitution();
struct recycle_config_data *config = NULL;
int ret;
int t;
- const char *buff;
+ const char *buff = NULL;
+ const char **tmplist = NULL;
+ char *repository = NULL;
ret = SMB_VFS_NEXT_CONNECT(handle, service, user);
if (ret < 0) {
@@ -75,10 +79,30 @@ static int vfs_recycle_connect(struct vfs_handle_struct *handle,
errno = ENOMEM;
return -1;
}
- config->repository = lp_parm_const_string(SNUM(handle->conn),
- "recycle",
- "repository",
- ".recycle");
+ buff = lp_parm_const_string(SNUM(handle->conn),
+ "recycle",
+ "repository",
+ ".recycle");
+ repository = talloc_sub_full(
+ config,
+ lp_servicename(talloc_tos(), lp_sub, SNUM(handle->conn)),
+ handle->conn->session_info->unix_info->unix_name,
+ handle->conn->connectpath,
+ handle->conn->session_info->unix_token->gid,
+ handle->conn->session_info->unix_info->sanitized_username,
+ handle->conn->session_info->info->domain_name,
+ buff);
+ if (repository == NULL) {
+ DBG_ERR("talloc_sub_full() failed\n");
+ TALLOC_FREE(config);
+ errno = ENOMEM;
+ return -1;
+ }
+ /* shouldn't we allow absolute path names here? --metze */
+ /* Yes :-). JRA. */
+ trim_char(repository, '\0', '/');
+ config->repository = repository;
+
config->keeptree = lp_parm_bool(SNUM(handle->conn),
"recycle",
"keeptree",
@@ -95,18 +119,48 @@ static int vfs_recycle_connect(struct vfs_handle_struct *handle,
"recycle",
"touch_mtime",
False);
- config->exclude = lp_parm_string_list(SNUM(handle->conn),
- "recycle",
- "exclude",
- NULL);
- config->exclude_dir = lp_parm_string_list(SNUM(handle->conn),
- "recycle",
- "exclude_dir",
- NULL);
- config->noversions = lp_parm_string_list(SNUM(handle->conn),
- "recycle",
- "noversions",
- NULL);
+ tmplist = lp_parm_string_list(SNUM(handle->conn),
+ "recycle",
+ "exclude",
+ NULL);
+ if (tmplist != NULL) {
+ char **tmpcpy = str_list_copy(config, tmplist);
+ if (tmpcpy == NULL) {
+ DBG_ERR("str_list_copy() failed\n");
+ TALLOC_FREE(config);
+ errno = ENOMEM;
+ return -1;
+ }
+ config->exclude = discard_const_p(const char *, tmpcpy);
+ }
+ tmplist = lp_parm_string_list(SNUM(handle->conn),
+ "recycle",
+ "exclude_dir",
+ NULL);
+ if (tmplist != NULL) {
+ char **tmpcpy = str_list_copy(config, tmplist);
+ if (tmpcpy == NULL) {
+ DBG_ERR("str_list_copy() failed\n");
+ TALLOC_FREE(config);
+ errno = ENOMEM;
+ return -1;
+ }
+ config->exclude_dir = discard_const_p(const char *, tmpcpy);
+ }
+ tmplist = lp_parm_string_list(SNUM(handle->conn),
+ "recycle",
+ "noversions",
+ NULL);
+ if (tmplist != NULL) {
+ char **tmpcpy = str_list_copy(config, tmplist);
+ if (tmpcpy == NULL) {
+ DBG_ERR("str_list_copy() failed\n");
+ TALLOC_FREE(config);
+ errno = ENOMEM;
+ return -1;
+ }
+ config->noversions = discard_const_p(const char *, tmpcpy);
+ }
config->minsize = conv_str_size(lp_parm_const_string(
SNUM(handle->conn), "recycle", "minsize", NULL));
config->maxsize = conv_str_size(lp_parm_const_string(
@@ -421,42 +475,27 @@ static int recycle_unlink_internal(vfs_handle_struct *handle,
const struct smb_filename *smb_fname,
int flags)
{
- const struct loadparm_substitution *lp_sub =
- loadparm_s3_global_substitution();
- connection_struct *conn = handle->conn;
+ TALLOC_CTX *frame = NULL;
struct smb_filename *full_fname = NULL;
char *path_name = NULL;
- char *temp_name = NULL;
- char *final_name = NULL;
+ const char *temp_name = NULL;
+ const char *final_name = NULL;
struct smb_filename *smb_fname_final = NULL;
- const char *base;
- char *repository = NULL;
+ const char *base = NULL;
int i = 1;
off_t file_size; /* space_avail; */
bool exist;
int rc = -1;
- struct recycle_config_data *config;
+ struct recycle_config_data *config = NULL;
SMB_VFS_HANDLE_GET_DATA(handle,
config,
struct recycle_config_data,
- return true);
+ return -1);
- repository = talloc_sub_full(
- NULL,
- lp_servicename(talloc_tos(), lp_sub, SNUM(conn)),
- conn->session_info->unix_info->unix_name,
- conn->connectpath,
- conn->session_info->unix_token->gid,
- conn->session_info->unix_info->sanitized_username,
- conn->session_info->info->domain_name,
- config->repository);
- ALLOC_CHECK(repository, done);
- /* shouldn't we allow absolute path names here? --metze */
- /* Yes :-). JRA. */
- trim_char(repository, '\0', '/');
+ frame = talloc_stackframe();
- if(!repository || *(repository) == '\0') {
+ if (config->repository[0] == '\0') {
DEBUG(3, ("recycle: repository path not set, purging %s...\n",
smb_fname_str_dbg(smb_fname)));
rc = SMB_VFS_NEXT_UNLINKAT(handle,
@@ -466,16 +505,18 @@ static int recycle_unlink_internal(vfs_handle_struct *handle,
goto done;
}
- full_fname = full_path_from_dirfsp_atname(talloc_tos(),
+ full_fname = full_path_from_dirfsp_atname(frame,
dirfsp,
smb_fname);
if (full_fname == NULL) {
- return -1;
+ rc = -1;
+ errno = ENOMEM;
+ goto done;
}
/* we don't recycle the recycle bin... */
- if (strncmp(full_fname->base_name, repository,
- strlen(repository)) == 0) {
+ if (strncmp(full_fname->base_name, config->repository,
+ strlen(config->repository)) == 0) {
DEBUG(3, ("recycle: File is within recycling bin, unlinking ...\n"));
rc = SMB_VFS_NEXT_UNLINKAT(handle,
dirfsp,
@@ -539,7 +580,7 @@ static int recycle_unlink_internal(vfs_handle_struct *handle,
*/
/* extract filename and path */
- if (!parent_dirname(talloc_tos(), full_fname->base_name, &path_name, &base)) {
+ if (!parent_dirname(frame, full_fname->base_name, &path_name, &base)) {
rc = -1;
errno = ENOMEM;
goto done;
@@ -571,13 +612,16 @@ static int recycle_unlink_internal(vfs_handle_struct *handle,
}
if (config->keeptree) {
- if (asprintf(&temp_name, "%s/%s", repository, path_name) == -1) {
- ALLOC_CHECK(temp_name, done);
+ temp_name = talloc_asprintf(frame, "%s/%s",
+ config->repository,
+ path_name);
+ if (temp_name == NULL) {
+ rc = -1;
+ goto done;
}
} else {
- temp_name = SMB_STRDUP(repository);
+ temp_name = config->repository;
}
- ALLOC_CHECK(temp_name, done);
exist = recycle_directory_exist(handle, temp_name);
if (exist) {
@@ -600,12 +644,15 @@ static int recycle_unlink_internal(vfs_handle_struct *handle,
}
}
- if (asprintf(&final_name, "%s/%s", temp_name, base) == -1) {
- ALLOC_CHECK(final_name, done);
+ final_name = talloc_asprintf(frame, "%s/%s",
+ temp_name, base);
+ if (final_name == NULL) {
+ rc = -1;
+ goto done;
}
/* Create smb_fname with final base name and orig stream name. */
- smb_fname_final = synthetic_smb_fname(talloc_tos(),
+ smb_fname_final = synthetic_smb_fname(frame,
final_name,
full_fname->stream_name,
NULL,
@@ -641,20 +688,16 @@ static int recycle_unlink_internal(vfs_handle_struct *handle,
/* rename file we move to recycle bin */
i = 1;
while (recycle_file_exist(handle, smb_fname_final)) {
- SAFE_FREE(final_name);
- if (asprintf(&final_name, "%s/Copy #%d of %s", temp_name, i++, base) == -1) {
- ALLOC_CHECK(final_name, done);
- }
+ char *copy = NULL;
+
TALLOC_FREE(smb_fname_final->base_name);
- smb_fname_final->base_name = talloc_strdup(smb_fname_final,
- final_name);
- if (smb_fname_final->base_name == NULL) {
- rc = SMB_VFS_NEXT_UNLINKAT(handle,
- dirfsp,
- smb_fname,
- flags);
+ copy = talloc_asprintf(smb_fname_final, "%s/Copy #%d of %s",
+ temp_name, i++, base);
+ if (copy == NULL) {
+ rc = -1;
goto done;
}
+ smb_fname_final->base_name = copy;
}
DEBUG(10, ("recycle: Moving %s to %s\n", smb_fname_str_dbg(full_fname),
@@ -681,12 +724,7 @@ static int recycle_unlink_internal(vfs_handle_struct *handle,
recycle_do_touch(handle, smb_fname_final, config->touch_mtime);
done:
- TALLOC_FREE(path_name);
- SAFE_FREE(temp_name);
- SAFE_FREE(final_name);
- TALLOC_FREE(full_fname);
- TALLOC_FREE(smb_fname_final);
- TALLOC_FREE(repository);
+ TALLOC_FREE(frame);
return rc;
}
diff --git a/source3/script/tests/test_recycle.sh b/source3/script/tests/test_recycle.sh
index 8c9291feb92..ba1d0a598b1 100755
--- a/source3/script/tests/test_recycle.sh
+++ b/source3/script/tests/test_recycle.sh
@@ -90,11 +90,16 @@ quit
return 0
}
+panic_count_0=$(grep -c PANIC $SMBD_TEST_LOG)
testit "recycle" \
test_recycle ||
failed=$((failed + 1))
+panic_count_1=$(grep -c PANIC $SMBD_TEST_LOG)
+
+testit "check_panic" test $panic_count_0 -eq $panic_count_1 || failed=$(expr $failed + 1)
+
#
# Cleanup.
do_cleanup
diff --git a/source4/selftest/tests.py b/source4/selftest/tests.py
index bd385bb474d..62f2bec10b6 100755
--- a/source4/selftest/tests.py
+++ b/source4/selftest/tests.py
@@ -851,6 +851,11 @@ plantestsuite("samba4.blackbox.trust_ntlm", "fl2000dc:local", [os.path.join(bbdi
plantestsuite("samba4.blackbox.trust_ntlm", "ad_member:local", [os.path.join(bbdir, "test_trust_ntlm.sh"), '$SERVER_IP', '$USERNAME', '$PASSWORD', '$SERVER', '$SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$REALM', '$DOMAIN', 'member', 'auto', 'NT_STATUS_LOGON_FAILURE'])
plantestsuite("samba4.blackbox.trust_ntlm", "nt4_member:local", [os.path.join(bbdir, "test_trust_ntlm.sh"), '$SERVER_IP', '$USERNAME', '$PASSWORD', '$SERVER', '$SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$DOMAIN', '$DOMAIN', 'member', 'auto', 'NT_STATUS_LOGON_FAILURE'])
+plantestsuite("samba4.blackbox.ldap_token", "fl2008r2dc:local", [os.path.join(bbdir, "test_ldap_token.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$DOMSID'])
+plantestsuite("samba4.blackbox.ldap_token", "fl2003dc:local", [os.path.join(bbdir, "test_ldap_token.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$DOMSID'])
+plantestsuite("samba4.blackbox.ldap_token", "fl2000dc:local", [os.path.join(bbdir, "test_ldap_token.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$DOMSID'])
+plantestsuite("samba4.blackbox.ldap_token", "ad_member:local", [os.path.join(bbdir, "test_ldap_token.sh"), '$DC_SERVER', '$DC_USERNAME', '$DC_PASSWORD', '$REALM', '$DOMAIN', '$DOMSID'])
+
plantestsuite("samba4.blackbox.trust_utils(fl2008r2dc:local)", "fl2008r2dc:local", [os.path.join(bbdir, "test_trust_utils.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "forest"])
plantestsuite("samba4.blackbox.trust_utils(fl2003dc:local)", "fl2003dc:local", [os.path.join(bbdir, "test_trust_utils.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "external"])
plantestsuite("samba4.blackbox.trust_utils(fl2000dc:local)", "fl2000dc:local", [os.path.join(bbdir, "test_trust_utils.sh"), '$SERVER', '$USERNAME', '$PASSWORD', '$REALM', '$DOMAIN', '$TRUST_SERVER', '$TRUST_USERNAME', '$TRUST_PASSWORD', '$TRUST_REALM', '$TRUST_DOMAIN', '$PREFIX', "external"])
diff --git a/testprogs/blackbox/test_ldap_token.sh b/testprogs/blackbox/test_ldap_token.sh
new file mode 100755
index 00000000000..5965590b351
--- /dev/null
+++ b/testprogs/blackbox/test_ldap_token.sh
@@ -0,0 +1,115 @@
+#!/bin/bash
+# Copyright (C) 2017 Stefan Metzmacher <metze at samba.org>
+
+if [ $# -lt 6 ]; then
+ cat <<EOF
+Usage: $# test_ldap_token.sh SERVER USERNAME PASSWORD REALM DOMAIN DOMSID
+EOF
+ exit 1
+fi
+
+SERVER=$1
+shift 1
+USERNAME=$1
+PASSWORD=$2
+REALM=$3
+DOMAIN=$4
+DOMSID=$5
+shift 5
--
Samba Shared Repository
More information about the samba-cvs
mailing list