The branch, v3-5-test has been updated
via a656083... Revert "pidl: Fix selftest after s3 code changed"
via a40c5ea... s3-kerberos: remove smb_krb5_get_tkt_from_creds().
via 07fd6cd... s3-kerberos: avoid using ERROR_TABLE_BASE_krb5 without
checking.
via 0f4674c... lib/util Fix comments in rfc1738.c.
via fa0f418... lib/util Use rfc1738.c from Squid for all our URL
encode/decode needs.
via 4e4c754... lib/util Add rfc1738 escape/unescape code from Squid
from 439050f... pidl: Fix selftest after s3 code changed (cherry picked
from commit e6df4c2bc28b9204cf0637575b0289657e604830)
http://gitweb.samba.org/?p=samba.git;a=shortlog;h=v3-5-test
- Log -----------------------------------------------------------------
commit a656083180683cf93bc4c1b9885d2749e5d238b2
Author: Jeremy Allison <[email protected]>
Date: Thu Nov 12 20:31:49 2009 -0800
Revert "pidl: Fix selftest after s3 code changed"
This reverts commit 439050fb40e5ce9c476924b01f2254b9aab35a3e.
Not needed in this branch (yet).
commit a40c5eadf6da1d7e8b193f0bfbc2a15fb592b585
Author: Günther Deschner <[email protected]>
Date: Thu Nov 12 15:42:03 2009 +0100
s3-kerberos: remove smb_krb5_get_tkt_from_creds().
Now that cli_krb5_get_ticket() already handles S4U2SELF impersonation,
remove
smb_krb5_get_tkt_from_creds() which is not required anymore.
Guenther
(cherry picked from commit 61f0b247633501d6bf4103ca8345048e537c043d)
commit 07fd6cd68951f88d4c8e12156167a18ee6972be5
Author: Günther Deschner <[email protected]>
Date: Thu Nov 12 15:40:42 2009 +0100
s3-kerberos: avoid using ERROR_TABLE_BASE_krb5 without checking.
Guenther
(cherry picked from commit 0f8bf47d949fbdf47bdb388ad584652202ce185b)
commit 0f4674c62cb5ed651221a06f05fe3985351e92db
Author: Andrew Bartlett <[email protected]>
Date: Mon Nov 2 16:39:31 2009 +1100
lib/util Fix comments in rfc1738.c.
The Samba version does not use static buffers
Andrew Bartlett
(cherry picked from commit 5a8f21cb88e7579c12b3d97299f355bb64957a87)
commit fa0f418baa628e63cf2b04e769c840eefa9aa61e
Author: Andrew Bartlett <[email protected]>
Date: Fri Oct 30 08:58:34 2009 +1100
lib/util Use rfc1738.c from Squid for all our URL encode/decode needs.
Andrew Bartlett
(cherry picked from commit 7a290130bdeb411625f16451af3f2cfd25eeaf00)
commit 4e4c75422f07447622d30192c93ffbd4a7874bc2
Author: Andrew Bartlett <[email protected]>
Date: Thu Oct 29 17:09:49 2009 +1100
lib/util Add rfc1738 escape/unescape code from Squid
This is intended to replace our rfc1738_unescape(), and give us an
rfc1738_escape implementation (and hopefully is better tested and more
secure).
Andrew Bartlett
(cherry picked from commit 87195f55de771546ea74c0ab06d882f900588099)
-----------------------------------------------------------------------
Summary of changes:
lib/util/config.mk | 1 +
lib/util/rfc1738.c | 225 +++++++++++++++++++++++++++++++++++++++++++++
lib/util/util.c | 40 --------
lib/util/util.h | 25 +++++
pidl/tests/samba3-cli.pl | 86 ++++++++++++------
source3/Makefile.in | 2 +-
source3/libads/authdata.c | 64 +------------
source3/libsmb/clikrb5.c | 4 +
8 files changed, 319 insertions(+), 128 deletions(-)
create mode 100644 lib/util/rfc1738.c
Changeset truncated at 500 lines:
diff --git a/lib/util/config.mk b/lib/util/config.mk
index 9f33b0f..b612556 100644
--- a/lib/util/config.mk
+++ b/lib/util/config.mk
@@ -17,6 +17,7 @@ LIBSAMBA-UTIL_OBJ_FILES = $(addprefix $(libutilsrcdir)/, \
genrand.o \
dprintf.o \
util_str.o \
+ rfc1738.o \
substitute.o \
util_strlist.o \
util_file.o \
diff --git a/lib/util/rfc1738.c b/lib/util/rfc1738.c
new file mode 100644
index 0000000..b45310a
--- /dev/null
+++ b/lib/util/rfc1738.c
@@ -0,0 +1,225 @@
+/*
+ * NOTE:
+ *
+ * This file imported from the Squid project. The licence below is
+ * reproduced intact, but refers to files in Squid's repository, not
+ * in Samba. See COPYING for the GPLv3 notice (being the later
+ * version mentioned below).
+ *
+ * This file has also been modified, in particular to use talloc to
+ * allocate in rfc1738_escape()
+ *
+ * - Andrew Bartlett Oct-2009
+ *
+ */
+
+
+/*
+ * $Id$
+ *
+ * DEBUG:
+ * AUTHOR: Harvest Derived
+ *
+ * SQUID Web Proxy Cache http://www.squid-cache.org/
+ * ----------------------------------------------------------
+ *
+ * Squid is the result of efforts by numerous individuals from
+ * the Internet community; see the CONTRIBUTORS file for full
+ * details. Many organizations have provided support for Squid's
+ * development; see the SPONSORS file for full details. Squid is
+ * Copyrighted (C) 2001 by the Regents of the University of
+ * California; see the COPYRIGHT file for full details. Squid
+ * incorporates software developed and/or copyrighted by other
+ * sources; see the CREDITS file for full details.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111, USA.
+ *
+ */
+
+#include "includes.h"
+
+#include "util.h"
+
+/*
+ * RFC 1738 defines that these characters should be escaped, as well
+ * any non-US-ASCII character or anything between 0x00 - 0x1F.
+ */
+static char rfc1738_unsafe_chars[] = {
+ (char) 0x3C, /* < */
+ (char) 0x3E, /* > */
+ (char) 0x22, /* " */
+ (char) 0x23, /* # */
+#if 0 /* done in code */
+ (char) 0x25, /* % */
+#endif
+ (char) 0x7B, /* { */
+ (char) 0x7D, /* } */
+ (char) 0x7C, /* | */
+ (char) 0x5C, /* \ */
+ (char) 0x5E, /* ^ */
+ (char) 0x7E, /* ~ */
+ (char) 0x5B, /* [ */
+ (char) 0x5D, /* ] */
+ (char) 0x60, /* ` */
+ (char) 0x27, /* ' */
+ (char) 0x20 /* space */
+};
+
+static char rfc1738_reserved_chars[] = {
+ (char) 0x3b, /* ; */
+ (char) 0x2f, /* / */
+ (char) 0x3f, /* ? */
+ (char) 0x3a, /* : */
+ (char) 0x40, /* @ */
+ (char) 0x3d, /* = */
+ (char) 0x26 /* & */
+};
+
+/*
+ * rfc1738_escape - Returns a static buffer contains the RFC 1738
+ * compliant, escaped version of the given url.
+ *
+ */
+static char *
+rfc1738_do_escape(TALLOC_CTX *mem_ctx, const char *url, int encode_reserved)
+{
+ size_t bufsize = 0;
+ const char *p;
+ char *buf;
+ char *q;
+ unsigned int i, do_escape;
+
+ bufsize = strlen(url) * 3 + 1;
+ buf = talloc_array(mem_ctx, char, bufsize);
+ if (!buf) {
+ return NULL;
+ }
+
+ talloc_set_name_const(buf, buf);
+ buf[0] = '\0';
+
+ for (p = url, q = buf; *p != '\0' && q < (buf + bufsize - 1); p++, q++) {
+ do_escape = 0;
+
+ /* RFC 1738 defines these chars as unsafe */
+ for (i = 0; i < sizeof(rfc1738_unsafe_chars); i++) {
+ if (*p == rfc1738_unsafe_chars[i]) {
+ do_escape = 1;
+ break;
+ }
+ }
+ /* Handle % separately */
+ if (encode_reserved >= 0 && *p == '%')
+ do_escape = 1;
+ /* RFC 1738 defines these chars as reserved */
+ for (i = 0; i < sizeof(rfc1738_reserved_chars) && encode_reserved > 0;
i++) {
+ if (*p == rfc1738_reserved_chars[i]) {
+ do_escape = 1;
+ break;
+ }
+ }
+ /* RFC 1738 says any control chars (0x00-0x1F) are encoded */
+ if ((unsigned char) *p <= (unsigned char) 0x1F) {
+ do_escape = 1;
+ }
+ /* RFC 1738 says 0x7f is encoded */
+ if (*p == (char) 0x7F) {
+ do_escape = 1;
+ }
+ /* RFC 1738 says any non-US-ASCII are encoded */
+ if (((unsigned char) *p >= (unsigned char) 0x80)) {
+ do_escape = 1;
+ }
+ /* Do the triplet encoding, or just copy the char */
+ /* note: while we do not need snprintf here as q is appropriately
+ * allocated, Samba does to avoid our macro banning it -- abartlet */
+
+ if (do_escape == 1) {
+ (void) snprintf(q, 4, "%%%02X", (unsigned char) *p);
+ q += sizeof(char) * 2;
+ } else {
+ *q = *p;
+ }
+ }
+ *q = '\0';
+ return (buf);
+}
+
+/*
+ * rfc1738_escape - Returns a buffer that contains the RFC
+ * 1738 compliant, escaped version of the given url. (escapes unsafe and %
characters)
+ */
+char *
+rfc1738_escape(TALLOC_CTX *mem_ctx, const char *url)
+{
+ return rfc1738_do_escape(mem_ctx, url, 0);
+}
+
+/*
+ * rfc1738_escape_unescaped - Returns a buffer that contains
+ * the RFC 1738 compliant, escaped version of the given url (escapes unsafe
chars only)
+ */
+char *
+rfc1738_escape_unescaped(TALLOC_CTX *mem_ctx, const char *url)
+{
+ return rfc1738_do_escape(mem_ctx, url, -1);
+}
+
+/*
+ * rfc1738_escape_part - Returns a buffer that contains the RFC
+ * 1738 compliant, escaped version of the given url segment. (escapes
+ * unsafe, reserved and % chars) It would mangle the :// in http://,
+ * and mangle paths (because of /).
+ */
+char *
+rfc1738_escape_part(TALLOC_CTX *mem_ctx, const char *url)
+{
+ return rfc1738_do_escape(mem_ctx, url, 1);
+}
+
+/*
+ * rfc1738_unescape() - Converts escaped characters (%xy numbers) in
+ * given the string. %% is a %. %ab is the 8-bit hexadecimal number "ab"
+ */
+_PUBLIC_ void
+rfc1738_unescape(char *s)
+{
+ char hexnum[3];
+ int i, j; /* i is write, j is read */
+ unsigned int x;
+ for (i = j = 0; s[j]; i++, j++) {
+ s[i] = s[j];
+ if (s[i] != '%')
+ continue;
+ if (s[j + 1] == '%') { /* %% case */
+ j++;
+ continue;
+ }
+ if (s[j + 1] && s[j + 2]) {
+ if (s[j + 1] == '0' && s[j + 2] == '0') { /* %00 case */
+ j += 2;
+ continue;
+ }
+ hexnum[0] = s[j + 1];
+ hexnum[1] = s[j + 2];
+ hexnum[2] = '\0';
+ if (1 == sscanf(hexnum, "%x", &x)) {
+ s[i] = (char) (0x0ff & x);
+ j += 2;
+ }
+ }
+ }
+ s[i] = '\0';
+}
diff --git a/lib/util/util.c b/lib/util/util.c
index 2a809d3..d1297a0 100644
--- a/lib/util/util.c
+++ b/lib/util/util.c
@@ -667,46 +667,6 @@ _PUBLIC_ char *hex_encode_talloc(TALLOC_CTX *mem_ctx,
const unsigned char *buff_
}
/**
- Unescape a URL encoded string, in place.
-**/
-
-_PUBLIC_ void rfc1738_unescape(char *buf)
-{
- char *p=buf;
-
- while ((p=strchr(p,'+')))
- *p = ' ';
-
- p = buf;
-
- while (p && *p && (p=strchr(p,'%'))) {
- int c1 = p[1];
- int c2 = p[2];
-
- if (c1 >= '0' && c1 <= '9')
- c1 = c1 - '0';
- else if (c1 >= 'A' && c1 <= 'F')
- c1 = 10 + c1 - 'A';
- else if (c1 >= 'a' && c1 <= 'f')
- c1 = 10 + c1 - 'a';
- else {p++; continue;}
-
- if (c2 >= '0' && c2 <= '9')
- c2 = c2 - '0';
- else if (c2 >= 'A' && c2 <= 'F')
- c2 = 10 + c2 - 'A';
- else if (c2 >= 'a' && c2 <= 'f')
- c2 = 10 + c2 - 'a';
- else {p++; continue;}
-
- *p = (c1<<4) | c2;
-
- memmove(p+1, p+3, strlen(p+3)+1);
- p++;
- }
-}
-
-/**
varient of strcmp() that handles NULL ptrs
**/
_PUBLIC_ int strcmp_safe(const char *s1, const char *s2)
diff --git a/lib/util/util.h b/lib/util/util.h
index c766e3d..159f812 100644
--- a/lib/util/util.h
+++ b/lib/util/util.h
@@ -307,6 +307,31 @@ _PUBLIC_ void all_string_sub(char *s,const char
*pattern,const char *insert, siz
**/
_PUBLIC_ void rfc1738_unescape(char *buf);
+
+/**
+ * rfc1738_escape
+ * Returns a static buffer that contains the RFC
+ * 1738 compliant, escaped version of the given url. (escapes unsafe and %
characters)
+ **/
+_PUBLIC_ char *rfc1738_escape(TALLOC_CTX *mem_ctx, const char *url);
+
+/**
+ * rfc1738_escape_unescaped
+ *
+ * Returns a static buffer that contains
+ * the RFC 1738 compliant, escaped version of the given url (escapes unsafe
chars only)
+ **/
+_PUBLIC_ char *rfc1738_escape_unescaped(TALLOC_CTX *mem_ctx, const char *url);
+
+/**
+ * rfc1738_escape_part
+ * Returns a static buffer that contains the RFC
+ * 1738 compliant, escaped version of the given url segment. (escapes
+ * unsafe, reserved and % chars) It would mangle the :// in http://,
+ * and mangle paths (because of /).
+ **/
+_PUBLIC_ char *rfc1738_escape_part(TALLOC_CTX *mem_ctx, const char *url);
+
/**
format a string into length-prefixed dotted domain format, as used in NBT
and in some ADS structures
diff --git a/pidl/tests/samba3-cli.pl b/pidl/tests/samba3-cli.pl
index 1820a69..be4bf0a 100755
--- a/pidl/tests/samba3-cli.pl
+++ b/pidl/tests/samba3-cli.pl
@@ -59,6 +59,10 @@ struct tevent_req *rpccli_bar_send(TALLOC_CTX *mem_ctx,
/* Out parameters */
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(bar, &state->orig);
+ }
+
/* make a temporary copy, that we pass to the dispatch function */
state->tmp = state->orig;
@@ -100,6 +104,10 @@ static void rpccli_bar_done(struct tevent_req *subreq)
/* Reset temporary structure */
ZERO_STRUCT(state->tmp);
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(bar, &state->orig);
+ }
+
tevent_req_done(req);
}
@@ -125,10 +133,14 @@ NTSTATUS rpccli_bar_recv(struct tevent_req *req,
NTSTATUS rpccli_bar(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx)
{
- struct bar r;
- NTSTATUS status;
+\tstruct bar r;
+\tNTSTATUS status;
- /* In parameters */
+\t/* In parameters */
+
+\tif (DEBUGLEVEL >= 10) {
+\t\tNDR_PRINT_IN_DEBUG(bar, &r);
+\t}
status = cli->dispatch(cli,
mem_ctx,
@@ -136,18 +148,22 @@ NTSTATUS rpccli_bar(struct rpc_pipe_client *cli,
NDR_BAR,
&r);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
+\tif (!NT_STATUS_IS_OK(status)) {
+\t\treturn status;
+\t}
- if (NT_STATUS_IS_ERR(status)) {
- return status;
- }
+\tif (DEBUGLEVEL >= 10) {
+\t\tNDR_PRINT_OUT_DEBUG(bar, &r);
+\t}
- /* Return variables */
+\tif (NT_STATUS_IS_ERR(status)) {
+\t\treturn status;
+\t}
- /* Return result */
- return NT_STATUS_OK;
+\t/* Return variables */
+
+\t/* Return result */
+\treturn NT_STATUS_OK;
}
");
@@ -189,6 +205,10 @@ struct tevent_req *rpccli_bar_send(TALLOC_CTX *mem_ctx,
/* Result */
ZERO_STRUCT(state->orig.out.result);
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_IN_DEBUG(bar, &state->orig);
+ }
+
/* make a temporary copy, that we pass to the dispatch function */
state->tmp = state->orig;
@@ -233,6 +253,10 @@ static void rpccli_bar_done(struct tevent_req *subreq)
/* Reset temporary structure */
ZERO_STRUCT(state->tmp);
+ if (DEBUGLEVEL >= 10) {
+ NDR_PRINT_OUT_DEBUG(bar, &state->orig);
+ }
+
tevent_req_done(req);
}
@@ -263,10 +287,14 @@ NTSTATUS rpccli_bar(struct rpc_pipe_client *cli,
TALLOC_CTX *mem_ctx,
WERROR *werror)
{
- struct bar r;
- NTSTATUS status;
+\tstruct bar r;
+\tNTSTATUS status;
- /* In parameters */
+\t/* In parameters */
+
+\tif (DEBUGLEVEL >= 10) {
+\t\tNDR_PRINT_IN_DEBUG(bar, &r);
+\t}
status = cli->dispatch(cli,
mem_ctx,
@@ -274,22 +302,26 @@ NTSTATUS rpccli_bar(struct rpc_pipe_client *cli,
NDR_BAR,
&r);
- if (!NT_STATUS_IS_OK(status)) {
- return status;
- }
+\tif (!NT_STATUS_IS_OK(status)) {
+\t\treturn status;
+\t}
- if (NT_STATUS_IS_ERR(status)) {
- return status;
- }
+\tif (DEBUGLEVEL >= 10) {
+\t\tNDR_PRINT_OUT_DEBUG(bar, &r);
+\t}
- /* Return variables */
+\tif (NT_STATUS_IS_ERR(status)) {
+\t\treturn status;
+\t}
- /* Return result */
- if (werror) {
- *werror = r.out.result;
- }
+\t/* Return variables */
+
+\t/* Return result */
+\tif (werror) {
+\t\t*werror = r.out.result;
+\t}
- return werror_to_ntstatus(r.out.result);
+\treturn werror_to_ntstatus(r.out.result);
}
");
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 74a6c0b..cb10a7c 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -371,7 +371,7 @@ UTIL_OBJ = ../lib/util/rbtree.o ../lib/util/signal.o
../lib/util/time.o \
../lib/util/become_daemon.o ../lib/util/system.o \
../lib/util/tevent_unix.o ../lib/util/tevent_ntstatus.o \
../lib/util/smb_threads.o ../lib/util/util_id.o \
- ../lib/util/blocking.o
+ ../lib/util/blocking.o ../lib/util/rfc1738.o
CRYPTO_OBJ = ../lib/crypto/crc32.o ../lib/crypto/md5.o \
../lib/crypto/hmacmd5.o ../lib/crypto/arcfour.o \
diff --git a/source3/libads/authdata.c b/source3/libads/authdata.c
index 2471cca..ef54006 100644
--
Samba Shared Repository
