The branch, master has been updated
via 90737fb printing: handle "printcap cache time" change on HUP
via b27c976 printing: use housekeeping period that matches cache time
via 03e8152 s4:libcli:smb2: Use constant time memcmp() to verify the
signature
via 5035f1a libcli:smb2: Use constant time memcmp() to verify the
signature
via ba6e390 util: Add memcmp_const_time()
from fec698d tests/passwords: fix a typo
https://git.samba.org/?p=samba.git;a=shortlog;h=master
- Log -----------------------------------------------------------------
commit 90737fb2e2b96f2b45e33ef2a30e6c7da70843d2
Author: David Disseldorp <[email protected]>
Date: Mon Apr 18 18:48:43 2016 +0200
printing: handle "printcap cache time" change on HUP
Reschedule the housekeeping event on SIGHUP and conf reload.
Signed-off-by: David Disseldorp <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
Autobuild-User(master): Andreas Schneider <[email protected]>
Autobuild-Date(master): Tue Apr 19 13:14:20 CEST 2016 on sn-devel-144
commit b27c976e2e958998bb17f9b443de3962276bbd4e
Author: David Disseldorp <[email protected]>
Date: Mon Apr 18 18:48:42 2016 +0200
printing: use housekeeping period that matches cache time
The printcap housekeeping callback is scheduled to run every 60 seconds,
and invokes pcap_cache_reload() to reload of the printcap cache *if* the
"printcap cache time" period has expired.
Given that pcap_cache_reload() invocation is the only job of the
housekeeping callback, it makes much more sense to schedule it every
"printcap cache time" seconds, rather than every 60 seconds.
Signed-off-by: David Disseldorp <[email protected]>
Reviewed-by: Andreas Schneider <[email protected]>
commit 03e8152e39f2e0f931e9fd73f9e6a83d3a92fc1e
Author: Andreas Schneider <[email protected]>
Date: Fri Apr 1 10:16:25 2016 +0200
s4:libcli:smb2: Use constant time memcmp() to verify the signature
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
commit 5035f1afa9b9f34e68b6743f3f4a66b9377dedab
Author: Andreas Schneider <[email protected]>
Date: Fri Apr 1 10:15:39 2016 +0200
libcli:smb2: Use constant time memcmp() to verify the signature
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
commit ba6e39076bdc5222f77c4d7615e44db0aac14e91
Author: Andreas Schneider <[email protected]>
Date: Fri Apr 1 10:09:45 2016 +0200
util: Add memcmp_const_time()
Signed-off-by: Andreas Schneider <[email protected]>
Reviewed-by: Jeremy Allison <[email protected]>
-----------------------------------------------------------------------
Summary of changes:
lib/util/samba_util.h | 13 ++++++
lib/util/util_str.c | 12 +++++
libcli/smb/smb2_signing.c | 2 +-
source3/printing/queue_process.c | 98 ++++++++++++++++++++++------------------
source3/smbd/globals.c | 1 -
source4/libcli/smb2/signing.c | 2 +-
6 files changed, 80 insertions(+), 48 deletions(-)
Changeset truncated at 500 lines:
diff --git a/lib/util/samba_util.h b/lib/util/samba_util.h
index 9d6f0d8..387e957 100644
--- a/lib/util/samba_util.h
+++ b/lib/util/samba_util.h
@@ -280,6 +280,19 @@ _PUBLIC_ size_t utf16_len_n(const void *src, size_t n);
_PUBLIC_ size_t ucs2_align(const void *base_ptr, const void *p, int flags);
/**
+ * @brief Constant time compare to memory regions.
+ *
+ * @param[in] s1 The first memory region to compare.
+ *
+ * @param[in] s2 The second memory region to compare.
+ *
+ * @param[in] n The length of the memory to comapre.
+ *
+ * @return 0 when the memory regions are equal, 0 if not.
+ */
+_PUBLIC_ int memcmp_const_time(const void *s1, const void *s2, size_t n);
+
+/**
Do a case-insensitive, whitespace-ignoring string compare.
**/
_PUBLIC_ int strwicmp(const char *psz1, const char *psz2);
diff --git a/lib/util/util_str.c b/lib/util/util_str.c
index 673fbc7..c7d91ca 100644
--- a/lib/util/util_str.c
+++ b/lib/util/util_str.c
@@ -333,3 +333,15 @@ _PUBLIC_ size_t utf16_len_n(const void *src, size_t n)
return len;
}
+
+_PUBLIC_ int memcmp_const_time(const void *s1, const void *s2, size_t n)
+{
+ const uint8_t *p1 = s1, *p2 = s2;
+ size_t i, sum = 0;
+
+ for (i = 0; i < n; i++) {
+ sum |= (p1[i] ^ p2[i]);
+ }
+
+ return sum != 0;
+}
diff --git a/libcli/smb/smb2_signing.c b/libcli/smb/smb2_signing.c
index b723554..90d80cc 100644
--- a/libcli/smb/smb2_signing.c
+++ b/libcli/smb/smb2_signing.c
@@ -167,7 +167,7 @@ NTSTATUS smb2_signing_check_pdu(DATA_BLOB signing_key,
memcpy(res, digest, 16);
}
- if (memcmp(res, sig, 16) != 0) {
+ if (memcmp_const_time(res, sig, 16) != 0) {
DEBUG(0,("Bad SMB2 signature for message\n"));
dump_data(0, sig, 16);
dump_data(0, res, 16);
diff --git a/source3/printing/queue_process.c b/source3/printing/queue_process.c
index c9e5522..e07aca0 100644
--- a/source3/printing/queue_process.c
+++ b/source3/printing/queue_process.c
@@ -147,52 +147,41 @@ static void reload_pcap_change_notify(struct
tevent_context *ev,
message_send_all(msg_ctx, MSG_PRINTER_PCAP, NULL, 0, NULL);
}
-struct printing_queue_housekeeping_state {
+struct bq_state {
struct tevent_context *ev;
struct messaging_context *msg;
+ struct idle_event *housekeep;
};
static bool print_queue_housekeeping(const struct timeval *now, void *pvt)
{
- struct printing_queue_housekeeping_state *state =
- talloc_get_type_abort(pvt,
- struct printing_queue_housekeeping_state);
- time_t printcap_cache_time = (time_t)lp_printcap_cache_time();
- time_t t = time_mono(NULL);
+ struct bq_state *state;
- DEBUG(5, ("print queue housekeeping\n"));
+ state = talloc_get_type_abort(pvt, struct bq_state);
- /* if periodic printcap rescan is enabled,
- * see if it's time to reload */
- if ((printcap_cache_time != 0) &&
- (t >= (last_printer_reload_time + printcap_cache_time))) {
- DEBUG( 3,( "Printcap cache time expired.\n"));
- pcap_cache_reload(state->ev, state->msg,
- &reload_pcap_change_notify);
- last_printer_reload_time = t;
- }
+ DEBUG(5, ("print queue housekeeping\n"));
+ pcap_cache_reload(state->ev, state->msg, &reload_pcap_change_notify);
return true;
}
-static bool printing_subsystem_queue_tasks(struct tevent_context *ev_ctx,
- struct messaging_context *msg_ctx)
+static bool printing_subsystem_queue_tasks(struct bq_state *state)
{
- struct printing_queue_housekeeping_state *state;
+ uint32_t housekeeping_period = lp_printcap_cache_time();
- state = talloc_zero(ev_ctx, struct printing_queue_housekeeping_state);
- if (state == NULL) {
- DEBUG(0,("Could not talloc
printing_queue_housekeeping_state\n"));
- return false;
+ /* cancel any existing housekeeping event */
+ TALLOC_FREE(state->housekeep);
+
+ if (housekeeping_period == 0) {
+ DEBUG(4, ("background print queue housekeeping disabled\n"));
+ return true;
}
- state->ev = ev_ctx;
- state->msg = msg_ctx;
-
- if (!(event_add_idle(ev_ctx, NULL,
- timeval_set(SMBD_HOUSEKEEPING_INTERVAL, 0),
- "print_queue_housekeeping",
- print_queue_housekeeping,
- state))) {
+
+ state->housekeep = event_add_idle(state->ev, NULL,
+ timeval_set(housekeeping_period, 0),
+ "print_queue_housekeeping",
+ print_queue_housekeeping, state);
+ if (state->housekeep == NULL) {
DEBUG(0,("Could not add print_queue_housekeeping event\n"));
return false;
}
@@ -239,23 +228,24 @@ static void bq_sig_hup_handler(struct tevent_context *ev,
void *siginfo,
void *pvt)
{
- struct messaging_context *msg_ctx;
+ struct bq_state *state;
- msg_ctx = talloc_get_type_abort(pvt, struct messaging_context);
+ state = talloc_get_type_abort(pvt, struct bq_state);
change_to_root_user();
DEBUG(1, ("Reloading pcap cache after SIGHUP\n"));
- pcap_cache_reload(ev, msg_ctx, &reload_pcap_change_notify);
+ pcap_cache_reload(state->ev, state->msg,
+ &reload_pcap_change_notify);
+ printing_subsystem_queue_tasks(state);
bq_reopen_logs(NULL);
}
-static void bq_setup_sig_hup_handler(struct tevent_context *ev,
- struct messaging_context *msg_ctx)
+static void bq_setup_sig_hup_handler(struct bq_state *state)
{
struct tevent_signal *se;
- se = tevent_add_signal(ev, ev, SIGHUP, 0, bq_sig_hup_handler,
- msg_ctx);
+ se = tevent_add_signal(state->ev, state->ev, SIGHUP, 0,
+ bq_sig_hup_handler, state);
if (!se) {
exit_server("failed to setup SIGHUP handler");
}
@@ -296,13 +286,15 @@ static void bq_smb_conf_updated(struct messaging_context
*msg_ctx,
struct server_id server_id,
DATA_BLOB *data)
{
- struct tevent_context *ev_ctx =
- talloc_get_type_abort(private_data, struct tevent_context);
+ struct bq_state *state;
+
+ state = talloc_get_type_abort(private_data, struct bq_state);
DEBUG(10,("smb_conf_updated: Got message saying smb.conf was "
"updated. Reloading.\n"));
change_to_root_user();
- pcap_cache_reload(ev_ctx, msg_ctx, &reload_pcap_change_notify);
+ pcap_cache_reload(state->ev, msg_ctx, &reload_pcap_change_notify);
+ printing_subsystem_queue_tasks(state);
}
static void printing_pause_fd_handler(struct tevent_context *ev,
@@ -325,6 +317,7 @@ pid_t start_background_queue(struct tevent_context *ev,
char *logfile)
{
pid_t pid;
+ struct bq_state *state;
/* Use local variables for this as we don't
* need to save the parent side of this, just
@@ -380,15 +373,22 @@ pid_t start_background_queue(struct tevent_context *ev,
smb_panic("reinit_after_fork() failed");
}
+ state = talloc_zero(NULL, struct bq_state);
+ if (state == NULL) {
+ exit(1);
+ }
+ state->ev = ev;
+ state->msg = msg_ctx;
+
bq_reopen_logs(logfile);
bq_setup_sig_term_handler();
- bq_setup_sig_hup_handler(ev, msg_ctx);
+ bq_setup_sig_hup_handler(state);
bq_setup_sig_chld_handler(ev);
BlockSignals(false, SIGTERM);
BlockSignals(false, SIGHUP);
- if (!printing_subsystem_queue_tasks(ev, msg_ctx)) {
+ if (!printing_subsystem_queue_tasks(state)) {
exit(1);
}
@@ -401,7 +401,7 @@ pid_t start_background_queue(struct tevent_context *ev,
if (!locking_init()) {
exit(1);
}
- messaging_register(msg_ctx, ev, MSG_SMB_CONF_UPDATED,
+ messaging_register(msg_ctx, state, MSG_SMB_CONF_UPDATED,
bq_smb_conf_updated);
messaging_register(msg_ctx, NULL, MSG_PRINTER_UPDATE,
print_queue_receive);
@@ -458,8 +458,16 @@ bool printing_subsystem_init(struct tevent_context *ev_ctx,
} else {
bool ret;
+ struct bq_state *state;
+
+ state = talloc_zero(NULL, struct bq_state);
+ if (state == NULL) {
+ exit(1);
+ }
+ state->ev = ev_ctx;
+ state->msg = msg_ctx;
- ret = printing_subsystem_queue_tasks(ev_ctx, msg_ctx);
+ ret = printing_subsystem_queue_tasks(state);
/* Publish nt printers, this requires a working winreg pipe */
pcap_cache_reload(ev_ctx, msg_ctx,
diff --git a/source3/smbd/globals.c b/source3/smbd/globals.c
index 70805a1..6bc448b9 100644
--- a/source3/smbd/globals.c
+++ b/source3/smbd/globals.c
@@ -46,7 +46,6 @@ unsigned mangle_prefix = 0;
bool logged_ioctl_message = false;
time_t last_smb_conf_reload_time = 0;
-time_t last_printer_reload_time = 0;
pid_t background_lpq_updater_pid = -1;
/****************************************************************************
diff --git a/source4/libcli/smb2/signing.c b/source4/libcli/smb2/signing.c
index 6af7a6d..8f8074b 100644
--- a/source4/libcli/smb2/signing.c
+++ b/source4/libcli/smb2/signing.c
@@ -111,7 +111,7 @@ NTSTATUS smb2_check_signature(struct smb2_request_buffer
*buf, DATA_BLOB session
memcpy(buf->hdr+SMB2_HDR_SIGNATURE, sig, 16);
- if (memcmp(res, sig, 16) != 0) {
+ if (memcmp_const_time(res, sig, 16) != 0) {
DEBUG(0,("Bad SMB2 signature for message of size %u\n",
(unsigned)buf->size-NBT_HDR_SIZE));
dump_data(0, sig, 16);
--
Samba Shared Repository
